diff --git a/.buildbot.sh b/.buildbot.sh index 12317a6..8496b80 100644 --- a/.buildbot.sh +++ b/.buildbot.sh @@ -7,6 +7,11 @@ src_dir="$(pwd)" cheri_dir="$HOME/cheri/output" venv_dir="./buildbot-venv" +# Check `clang-format` has been applied +CLANG_FORMAT_BIN="$cheri_dir/morello-sdk/bin/clang-format" +CLANG_FORMAT_SOURCES=("$src_dir/src/*.c" "$src_dir/include/*.h" "$src_dir/tests/*.c") +${CLANG_FORMAT_BIN} --dry-run -Werror ${CLANG_FORMAT_SOURCES[*]} + # Update submodules git submodule update --init diff --git a/.clang-format b/.clang-format new file mode 100644 index 0000000..ed6402f --- /dev/null +++ b/.clang-format @@ -0,0 +1,9 @@ +--- +BasedOnStyle: WebKit +AlwaysBreakAfterReturnType: All +BreakBeforeBraces: Allman +ColumnLimit: 80 +IndentCaseLabels: true +PointerAlignment: Right +SeparateDefinitionBlocks: Always +SpaceAfterCStyleCast: true diff --git a/include/compartment.h b/include/compartment.h index fc9198d..7414398 100644 --- a/include/compartment.h +++ b/include/compartment.h @@ -26,21 +26,25 @@ #include #endif -#define align_down(x, align) __builtin_align_down(x, align) -#define align_up(x, align) __builtin_align_up(x, align) +#define align_down(x, align) __builtin_align_down(x, align) +#define align_up(x, align) __builtin_align_up(x, align) // TODO once things stabilize, recheck if all struct members are required // currently there's quite a bit of redundancy to make things easier to think // about -void compartment_transition_out(); -int64_t comp_exec_in(void*, void* __capability, void*, void*, size_t, - void* __capability); -void comp_exec_out(); +void +compartment_transition_out(); +int64_t +comp_exec_in( + void *, void *__capability, void *, void *, size_t, void *__capability); +void +comp_exec_out(); // Declare built-in function for cache synchronization: // https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/caches-and-self-modifying-code -extern void __clear_cache(void*, void*); +extern void +__clear_cache(void *, void *); // Number of instructions to inject at intercepted function call point // TODO ensure there is sufficient space for these, so we don't spill over @@ -49,8 +53,8 @@ extern void __clear_cache(void*, void*); // Number of instructions required by the transition function #define COMP_TRANS_FN_INSTR_CNT 4 -extern void* __capability sealed_redirect_cap; -extern void* __capability comp_return_caps[2]; +extern void *__capability sealed_redirect_cap; +extern void *__capability comp_return_caps[2]; /* For a function to be intercepted, information required to insert the * redirect code and perform redirection @@ -60,10 +64,10 @@ extern void* __capability comp_return_caps[2]; */ struct intercept_patch { - int* patch_addr; + int *patch_addr; int32_t instr[INTERCEPT_INSTR_COUNT]; uintptr_t comp_manager_cap_addr; - void* __capability manager_cap; + void *__capability manager_cap; }; // Maximum size of an argument, in bytes @@ -81,8 +85,8 @@ struct intercept_patch */ struct entry_point { - const char* fn_name; - void* fn_addr; + const char *fn_name; + void *fn_addr; }; /* Struct representing one segment of an ELF binary. @@ -90,8 +94,8 @@ struct entry_point * TODO expand */ struct SegmentMap { - void* mem_bot; - void* mem_top; + void *mem_bot; + void *mem_top; size_t offset; ptrdiff_t correction; size_t mem_sz; @@ -106,16 +110,16 @@ struct SegmentMap */ struct CompRelaMapping { - char* rela_name; - void* rela_address; // address of relocation in compartment - void* target_func_address; // address of actual function + char *rela_name; + void *rela_address; // address of relocation in compartment + void *target_func_address; // address of actual function }; /* Struct representing a symbol entry of a dependency library */ struct LibDependencySymbol { - char* sym_name; + char *sym_name; intptr_t sym_offset; }; @@ -123,14 +127,14 @@ struct LibDependencySymbol */ struct LibDependency { - char* lib_name; - char* lib_path; + char *lib_name; + char *lib_path; size_t lib_segs_count; size_t lib_segs_size; - void* lib_mem_base; - struct SegmentMap** lib_segs; + void *lib_mem_base; + struct SegmentMap **lib_segs; size_t lib_syms_count; - struct LibDependencySymbol* lib_syms; + struct LibDependencySymbol *lib_syms; }; /* Struct representing ELF data necessary to load and eventually execute a @@ -144,67 +148,82 @@ struct Compartment Elf64_Half elf_type; // Execution info Elf64_Half phdr; - void* __capability ddc; + void *__capability ddc; // ELF data size_t size; // size of compartment in memory - void* base; // address where to load compartment + void *base; // address where to load compartment size_t entry_point_count; - struct entry_point** comp_fns; - void* mem_top; + struct entry_point **comp_fns; + void *mem_top; bool mapped; bool mapped_full; // Segments data - struct SegmentMap** segs; + struct SegmentMap **segs; size_t seg_count; size_t segs_size; // Scratch memory - void* scratch_mem_base; + void *scratch_mem_base; size_t scratch_mem_size; size_t scratch_mem_alloc; size_t scratch_mem_heap_size; - void* scratch_mem_stack_top; + void *scratch_mem_stack_top; size_t scratch_mem_stack_size; - void* stack_pointer; - struct mem_alloc* alloc_head; + void *stack_pointer; + struct mem_alloc *alloc_head; - void* manager_caps; + void *manager_caps; size_t max_manager_caps_count; size_t active_manager_caps_count; - void* mng_trans_fn; + void *mng_trans_fn; size_t mng_trans_fn_sz; // Only for shared object compartments size_t rela_maps_count; - struct CompRelaMapping* rela_maps; + struct CompRelaMapping *rela_maps; size_t lib_deps_count; - struct LibDependency** lib_deps; + struct LibDependency **lib_deps; // Hardware info - maybe move size_t page_size; // Misc short curr_intercept_count; - struct intercept_patch* intercept_patches; + struct intercept_patch *intercept_patches; }; -int entry_point_cmp(const void*, const void*); -struct Compartment* comp_init(); -struct Compartment* comp_from_elf(char*, char**, size_t, char**, void**, size_t, void*); -void comp_add_intercept(struct Compartment*, uintptr_t, uintptr_t); -void comp_stack_push(struct Compartment*, const void*, size_t); -void comp_map(struct Compartment*); -void comp_map_full(struct Compartment*); -int64_t comp_exec(struct Compartment*, char*, void*, size_t); -void comp_clean(struct Compartment*); - -struct Compartment* find_comp(struct Compartment*); - -static ssize_t do_pread(int, void*, size_t, off_t); -static Elf64_Sym* find_symbols(const char**, size_t, bool, Elf64_Sym*, char*, size_t); -static char* find_in_dir(const char*, char*); -static void init_comp_scratch_mem(struct Compartment*); -static void init_lib_dep_info(struct LibDependency*, struct Compartment*); +int +entry_point_cmp(const void *, const void *); +struct Compartment * +comp_init(); +struct Compartment * +comp_from_elf(char *, char **, size_t, char **, void **, size_t, void *); +void +comp_add_intercept(struct Compartment *, uintptr_t, uintptr_t); +void +comp_stack_push(struct Compartment *, const void *, size_t); +void +comp_map(struct Compartment *); +void +comp_map_full(struct Compartment *); +int64_t +comp_exec(struct Compartment *, char *, void *, size_t); +void +comp_clean(struct Compartment *); + +struct Compartment * +find_comp(struct Compartment *); + +static ssize_t +do_pread(int, void *, size_t, off_t); +static Elf64_Sym * +find_symbols(const char **, size_t, bool, Elf64_Sym *, char *, size_t); +static char * +find_in_dir(const char *, char *); +static void +init_comp_scratch_mem(struct Compartment *); +static void +init_lib_dep_info(struct LibDependency *, struct Compartment *); #endif // _COMPARTMENT_H diff --git a/include/intercept.h b/include/intercept.h index 4ce7e7b..9599421 100644 --- a/include/intercept.h +++ b/include/intercept.h @@ -2,9 +2,9 @@ #define _INTERCEPT_H #include +#include #include #include -#include // vDSO wrapper needed includes #include @@ -15,29 +15,31 @@ // Forward declarations struct Compartment; -extern struct Compartment* loaded_comp; -int64_t exec_comp(struct Compartment*, char*, char**); -struct Compartment* manager_get_compartment_by_id(size_t); +extern struct Compartment *loaded_comp; +int64_t +exec_comp(struct Compartment *, char *, char **); +struct Compartment *manager_get_compartment_by_id(size_t); -extern void* __capability manager_ddc; +extern void *__capability manager_ddc; // Number of capabilities required to perform a transition #define COMP_RETURN_CAPS_COUNT 2 // Capabilities required to transition back into the manager once compartment // execution has finished -extern void* __capability comp_return_caps[COMP_RETURN_CAPS_COUNT]; +extern void *__capability comp_return_caps[COMP_RETURN_CAPS_COUNT]; // Capability used to point to pair of capabilities when transitioning out of a // compartment via an intercept -extern void* __capability sealed_redirect_cap; +extern void *__capability sealed_redirect_cap; /* Data required to perform the transition for an intercepted function */ -struct func_intercept { - char* func_name; - void* redirect_func; - void* __capability intercept_pcc; +struct func_intercept +{ + char *func_name; + void *redirect_func; + void *__capability intercept_pcc; }; /* This function expects the argument be passed in `x10`, rather than `x0`, as @@ -47,36 +49,51 @@ struct func_intercept { * functional. As such, it shouldn't be called from a C context, as that will * most likely break things. */ -void intercept_wrapper(); - -void setup_intercepts(); - -time_t intercepted_time(time_t*); -FILE* intercepted_fopen(const char*, const char*); -size_t intercepted_fread(void* __restrict, size_t, size_t, FILE* __restrict); -size_t intercepted_fwrite(void* __restrict, size_t, size_t, FILE* __restrict); -int intercepted_fclose(FILE*); -int intercepted_getc(FILE*); -int intercepted_fputc(int, FILE*); -int intercepted___srget(FILE*); - -void* my_realloc(void*, size_t); -void* my_malloc(size_t); -void my_free(void*); -int my_fprintf(FILE*, const char*, ...); - -size_t my_call_comp(size_t, char*, void*, size_t); +void +intercept_wrapper(); + +void +setup_intercepts(); + +time_t +intercepted_time(time_t *); +FILE * +intercepted_fopen(const char *, const char *); +size_t +intercepted_fread(void *__restrict, size_t, size_t, FILE *__restrict); +size_t +intercepted_fwrite(void *__restrict, size_t, size_t, FILE *__restrict); +int +intercepted_fclose(FILE *); +int +intercepted_getc(FILE *); +int +intercepted_fputc(int, FILE *); +int +intercepted___srget(FILE *); + +void * +my_realloc(void *, size_t); +void *my_malloc(size_t); +void +my_free(void *); +int +my_fprintf(FILE *, const char *, ...); + +size_t +my_call_comp(size_t, char *, void *, size_t); static const struct func_intercept to_intercept_funcs[] = { /* vDSO funcs */ - { "time" , (void*) intercepted_time }, + { "time", (void *) intercepted_time }, /* Mem funcs */ - { "malloc" , (void*) my_malloc }, - { "realloc" , (void*) my_realloc }, - { "free" , (void*) my_free }, + { "malloc", (void *) my_malloc }, + { "realloc", (void *) my_realloc }, + { "free", (void *) my_free }, }; // // Functions to be intercepted and associated data -#define INTERCEPT_FUNC_COUNT sizeof(to_intercept_funcs) / sizeof(to_intercept_funcs[0]) +#define INTERCEPT_FUNC_COUNT \ + sizeof(to_intercept_funcs) / sizeof(to_intercept_funcs[0]) extern struct func_intercept comp_intercept_funcs[INTERCEPT_FUNC_COUNT]; #endif // _INTERCEPT_H diff --git a/include/manager.h b/include/manager.h index 00036d0..bb11dc5 100644 --- a/include/manager.h +++ b/include/manager.h @@ -8,22 +8,21 @@ #include #include #include -#include #include #include // Third-party libraries #include "toml.h" -#include "intercept.h" #include "compartment.h" +#include "intercept.h" -#define align_down(x, align) __builtin_align_down(x, align) -#define align_up(x, align) __builtin_align_up(x, align) +#define align_down(x, align) __builtin_align_down(x, align) +#define align_up(x, align) __builtin_align_up(x, align) -extern void* __capability manager_ddc; -extern struct CompWithEntries** comps; -extern struct Compartment* loaded_comp; +extern void *__capability manager_ddc; +extern struct CompWithEntries **comps; +extern struct Compartment *loaded_comp; /******************************************************************************* * Utility Functions @@ -36,7 +35,7 @@ void print_full_cap(uintcap_t); ******************************************************************************/ // Compartment configuration file suffix -extern const char* comp_config_suffix; +extern const char *comp_config_suffix; /* Struct representing configuration data for one entry point; this is just * information that we expect to appear in the compartment, as given by its @@ -44,33 +43,40 @@ extern const char* comp_config_suffix; */ struct ConfigEntryPoint { - const char* name; + const char *name; size_t arg_count; - char** args_type; + char **args_type; }; struct CompWithEntries { - struct Compartment* comp; - struct ConfigEntryPoint* cep; + struct Compartment *comp; + struct ConfigEntryPoint *cep; }; -void* get_next_comp_addr(void); -struct Compartment* register_new_comp(char*, bool); -int64_t exec_comp(struct Compartment*, char*, char**); - -struct Compartment* manager_find_compartment_by_addr(void*); -struct Compartment* manager_find_compartment_by_ddc(void* __capability); -struct Compartment* manager_get_compartment_by_id(size_t); +void * +get_next_comp_addr(void); +struct Compartment * +register_new_comp(char *, bool); +int64_t +exec_comp(struct Compartment *, char *, char **); +struct Compartment * +manager_find_compartment_by_addr(void *); +struct Compartment * +manager_find_compartment_by_ddc(void *__capability); +struct Compartment *manager_get_compartment_by_id(size_t); // TODO stack setup when we transition into the compartment; unsure if needed, // but keep for now, just in case #define ENV_FIELDS_CNT 1 -extern const char* comp_env_fields[ENV_FIELDS_CNT]; -extern char** environ; -const char* get_env_str(const char*); -int manager___vdso_clock_gettime(clockid_t, struct timespec*); +extern const char *comp_env_fields[ENV_FIELDS_CNT]; +extern char **environ; +const char * +get_env_str(const char *); +int +manager___vdso_clock_gettime(clockid_t, struct timespec *); + // END TODO union arg_holder @@ -82,10 +88,14 @@ union arg_holder unsigned long long ull; }; -char* prep_config_filename(char*); -void clean_all_comps(); -void clean_comp(struct Compartment*); -void clean_compartment_config(struct ConfigEntryPoint*, size_t); +char * +prep_config_filename(char *); +void +clean_all_comps(); +void +clean_comp(struct Compartment *); +void +clean_compartment_config(struct ConfigEntryPoint *, size_t); /******************************************************************************* * Memory allocation diff --git a/include/mem_mng.h b/include/mem_mng.h index 6ac65cc..b6aeaf2 100644 --- a/include/mem_mng.h +++ b/include/mem_mng.h @@ -16,16 +16,20 @@ struct mem_alloc uintptr_t ptr; size_t size; - struct mem_alloc* prev_alloc; - struct mem_alloc* next_alloc; + struct mem_alloc *prev_alloc; + struct mem_alloc *next_alloc; }; extern size_t comp_mem_alloc; extern size_t comp_mem_max; -void* manager_register_mem_alloc(struct Compartment*, size_t); -void manager_insert_new_alloc(struct Compartment*, struct mem_alloc*); -size_t manager_free_mem_alloc(struct Compartment*, void*); -struct mem_alloc* get_alloc_struct_from_ptr(struct Compartment*, uintptr_t); +void * +manager_register_mem_alloc(struct Compartment *, size_t); +void +manager_insert_new_alloc(struct Compartment *, struct mem_alloc *); +size_t +manager_free_mem_alloc(struct Compartment *, void *); +struct mem_alloc * +get_alloc_struct_from_ptr(struct Compartment *, uintptr_t); #endif // MEM_MNG_H diff --git a/src/compartment.c b/src/compartment.c index 6aadb24..ecc5886 100644 --- a/src/compartment.c +++ b/src/compartment.c @@ -3,12 +3,12 @@ /* Initialize some values of the Compartment struct. The rest are expected to * be set in `comp_from_elf`. */ -struct Compartment* +struct Compartment * comp_init() { // TODO order - struct Compartment* new_comp = - (struct Compartment*) malloc(sizeof(struct Compartment)); + struct Compartment *new_comp + = (struct Compartment *) malloc(sizeof(struct Compartment)); new_comp->phdr = 0; new_comp->ddc = NULL; @@ -21,7 +21,8 @@ comp_init() new_comp->seg_count = 0; new_comp->segs_size = 0; - new_comp->mng_trans_fn_sz = sizeof(uint32_t) * COMP_TRANS_FN_INSTR_CNT; // TODO ptr arithmetic + new_comp->mng_trans_fn_sz + = sizeof(uint32_t) * COMP_TRANS_FN_INSTR_CNT; // TODO ptr arithmetic new_comp->phdr = 0; new_comp->alloc_head = NULL; @@ -40,23 +41,22 @@ comp_init() /* Comparison function for `struct entry_point` */ int -entry_point_cmp(const void* val1, const void* val2) +entry_point_cmp(const void *val1, const void *val2) { - struct entry_point* ep1 = *(struct entry_point**) val1; - struct entry_point* ep2 = *(struct entry_point**) val2; + struct entry_point *ep1 = *(struct entry_point **) val1; + struct entry_point *ep2 = *(struct entry_point **) val2; return strcmp(ep1->fn_name, ep2->fn_name); } /* Give a binary ELF file in `filename`, read the ELF data and store it within * a `struct Compartment`. At this point, we only read data. */ -struct Compartment* -comp_from_elf(char* filename, - char** entry_points, size_t entry_point_count, - char** intercepts, void** intercept_addrs, size_t intercept_count, - void* new_comp_base) +struct Compartment * +comp_from_elf(char *filename, char **entry_points, size_t entry_point_count, + char **intercepts, void **intercept_addrs, size_t intercept_count, + void *new_comp_base) { - struct Compartment* new_comp = comp_init(); + struct Compartment *new_comp = comp_init(); new_comp->fd = open(filename, O_RDONLY); if (new_comp->fd == -1) @@ -88,7 +88,7 @@ comp_from_elf(char* filename, for (size_t i = 0; i < comp_ehdr.e_phnum; ++i) { do_pread((int) new_comp->fd, &comp_phdr, sizeof(comp_phdr), - comp_ehdr.e_phoff + i * sizeof(comp_phdr)); + comp_ehdr.e_phoff + i * sizeof(comp_phdr)); // We only need to keep `PT_LOAD` segments, so we can map them later if (comp_phdr.p_type != PT_LOAD) @@ -101,37 +101,41 @@ comp_from_elf(char* filename, new_comp->base = new_comp_base; } // Compute loading address of compartment for static binary - // TODO empirically, the first `LOAD` program header seems to expect to be - // loaded at the lowest address; is this correct? + // TODO empirically, the first `LOAD` program header seems to expect to + // be loaded at the lowest address; is this correct? else if (first_load_header) { - void* new_comp_base = (void*) comp_phdr.p_vaddr; + void *new_comp_base = (void *) comp_phdr.p_vaddr; assert((uintptr_t) new_comp_base % new_comp->page_size == 0); new_comp->base = new_comp_base; first_load_header = false; } // Setup mapping info for the current segment - struct SegmentMap* this_seg = - (struct SegmentMap*) malloc(sizeof(struct SegmentMap)); + struct SegmentMap *this_seg + = (struct SegmentMap *) malloc(sizeof(struct SegmentMap)); assert(this_seg != NULL); - if (new_comp->elf_type == ET_DYN /*|| new_comp->elf_type == ET_EXEC*/) // TODO distinguish PIE exec vs non-PIE exec + if (new_comp->elf_type + == ET_DYN /*|| new_comp->elf_type == ET_EXEC*/) // TODO distinguish + // PIE exec vs + // non-PIE exec { - void* curr_seg_base = (char*) new_comp->base + comp_phdr.p_vaddr; + void *curr_seg_base = (char *) new_comp->base + comp_phdr.p_vaddr; this_seg->mem_bot = align_down(curr_seg_base, new_comp->page_size); - align_size_correction = (char*) curr_seg_base - (char*) this_seg->mem_bot; - this_seg->mem_top = (char*) curr_seg_base + comp_phdr.p_memsz; + align_size_correction + = (char *) curr_seg_base - (char *) this_seg->mem_bot; + this_seg->mem_top = (char *) curr_seg_base + comp_phdr.p_memsz; } else if (new_comp->elf_type == ET_EXEC) { // TODO maybe just remove this if if we don't want to support // static binaries anymore assert(false); - this_seg->mem_bot = - align_down((void*) comp_phdr.p_vaddr, new_comp->page_size); - align_size_correction = - (char*) comp_phdr.p_vaddr - (char*) this_seg->mem_bot; - this_seg->mem_top = (char*) comp_phdr.p_vaddr + comp_phdr.p_memsz; + this_seg->mem_bot + = align_down((void *) comp_phdr.p_vaddr, new_comp->page_size); + align_size_correction + = (char *) comp_phdr.p_vaddr - (char *) this_seg->mem_bot; + this_seg->mem_top = (char *) comp_phdr.p_vaddr + comp_phdr.p_memsz; } else { @@ -141,13 +145,12 @@ comp_from_elf(char* filename, this_seg->mem_sz = comp_phdr.p_memsz + align_size_correction; this_seg->file_sz = comp_phdr.p_filesz + align_size_correction; this_seg->correction = align_size_correction; - this_seg->prot_flags = (comp_phdr.p_flags & PF_R ? PROT_READ : 0) | - (comp_phdr.p_flags & PF_W ? PROT_WRITE : 0) | - (comp_phdr.p_flags & PF_X ? PROT_EXEC : 0); + this_seg->prot_flags = (comp_phdr.p_flags & PF_R ? PROT_READ : 0) + | (comp_phdr.p_flags & PF_W ? PROT_WRITE : 0) + | (comp_phdr.p_flags & PF_X ? PROT_EXEC : 0); - new_comp->segs = - realloc(new_comp->segs, - (new_comp->seg_count + 1) * sizeof(struct SegmentMap*)); + new_comp->segs = realloc(new_comp->segs, + (new_comp->seg_count + 1) * sizeof(struct SegmentMap *)); new_comp->segs[new_comp->seg_count] = this_seg; new_comp->seg_count += 1; new_comp->segs_size += align_up(this_seg->mem_sz, comp_phdr.p_align); @@ -156,10 +159,10 @@ comp_from_elf(char* filename, // Load `.shstr` section, so we can check section names Elf64_Shdr comp_sh_strtb_hdr; do_pread((int) new_comp->fd, &comp_sh_strtb_hdr, sizeof(Elf64_Shdr), - comp_ehdr.e_shoff + comp_ehdr.e_shstrndx * sizeof(Elf64_Shdr)); - char* comp_sh_strtb = malloc(comp_sh_strtb_hdr.sh_size); + comp_ehdr.e_shoff + comp_ehdr.e_shstrndx * sizeof(Elf64_Shdr)); + char *comp_sh_strtb = malloc(comp_sh_strtb_hdr.sh_size); do_pread((int) new_comp->fd, comp_sh_strtb, comp_sh_strtb_hdr.sh_size, - comp_sh_strtb_hdr.sh_offset); + comp_sh_strtb_hdr.sh_offset); init_comp_scratch_mem(new_comp); new_comp->mem_top = new_comp->scratch_mem_stack_top; @@ -174,7 +177,7 @@ comp_from_elf(char* filename, for (size_t i = 0; i < comp_ehdr.e_shnum; ++i) { do_pread((int) new_comp->fd, &curr_shdr, sizeof(Elf64_Shdr), - comp_ehdr.e_shoff + i * sizeof(Elf64_Shdr)); + comp_ehdr.e_shoff + i * sizeof(Elf64_Shdr)); if (curr_shdr.sh_type == SHT_SYMTAB) { @@ -182,8 +185,8 @@ comp_from_elf(char* filename, found_headers += 1; } // Lookup `.rela.plt` to eagerly load relocatable function addresses - else if (curr_shdr.sh_type == SHT_RELA && - !strcmp(&comp_sh_strtb[curr_shdr.sh_name], ".rela.plt")) + else if (curr_shdr.sh_type == SHT_RELA + && !strcmp(&comp_sh_strtb[curr_shdr.sh_name], ".rela.plt")) { comp_rela_plt_shdr = curr_shdr; found_headers += 1; @@ -206,28 +209,28 @@ comp_from_elf(char* filename, { // Traverse `.rela.plt`, so we can see which function addresses we need // to eagerly load - Elf64_Rela* comp_rela_plt = malloc(comp_rela_plt_shdr.sh_size); + Elf64_Rela *comp_rela_plt = malloc(comp_rela_plt_shdr.sh_size); do_pread((int) new_comp->fd, comp_rela_plt, comp_rela_plt_shdr.sh_size, - comp_rela_plt_shdr.sh_offset); + comp_rela_plt_shdr.sh_offset); size_t rela_count = comp_rela_plt_shdr.sh_size / sizeof(Elf64_Rela); Elf64_Shdr dyn_sym_hdr; - do_pread((int) new_comp->fd, &dyn_sym_hdr, - sizeof(Elf64_Shdr), - comp_ehdr.e_shoff + comp_rela_plt_shdr.sh_link * sizeof(Elf64_Shdr)); - Elf64_Sym* dyn_sym_tbl = malloc(dyn_sym_hdr.sh_size); + do_pread((int) new_comp->fd, &dyn_sym_hdr, sizeof(Elf64_Shdr), + comp_ehdr.e_shoff + + comp_rela_plt_shdr.sh_link * sizeof(Elf64_Shdr)); + Elf64_Sym *dyn_sym_tbl = malloc(dyn_sym_hdr.sh_size); do_pread((int) new_comp->fd, dyn_sym_tbl, dyn_sym_hdr.sh_size, - dyn_sym_hdr.sh_offset); + dyn_sym_hdr.sh_offset); Elf64_Shdr dyn_str_hdr; - do_pread((int) new_comp->fd, &dyn_str_hdr, - sizeof(Elf64_Shdr), - comp_ehdr.e_shoff + dyn_sym_hdr.sh_link * sizeof(Elf64_Shdr)); - char* dyn_str_tbl = malloc(dyn_str_hdr.sh_size); + do_pread((int) new_comp->fd, &dyn_str_hdr, sizeof(Elf64_Shdr), + comp_ehdr.e_shoff + dyn_sym_hdr.sh_link * sizeof(Elf64_Shdr)); + char *dyn_str_tbl = malloc(dyn_str_hdr.sh_size); do_pread((int) new_comp->fd, dyn_str_tbl, dyn_str_hdr.sh_size, - dyn_str_hdr.sh_offset); + dyn_str_hdr.sh_offset); - new_comp->rela_maps = calloc(rela_count, sizeof(struct CompRelaMapping)); + new_comp->rela_maps + = calloc(rela_count, sizeof(struct CompRelaMapping)); new_comp->rela_maps_count = rela_count; // Log symbols that will need to be relocated eagerly at maptime @@ -237,7 +240,8 @@ comp_from_elf(char* filename, curr_rela = comp_rela_plt[j]; size_t curr_rela_sym_idx = ELF64_R_SYM(curr_rela.r_info); Elf64_Sym curr_rela_sym = dyn_sym_tbl[curr_rela_sym_idx]; - char* curr_rela_name = malloc(strlen(&dyn_str_tbl[curr_rela_sym.st_name]) + 1); + char *curr_rela_name + = malloc(strlen(&dyn_str_tbl[curr_rela_sym.st_name]) + 1); strcpy(curr_rela_name, &dyn_str_tbl[curr_rela_sym.st_name]); if (ELF64_ST_BIND(curr_rela_sym.st_info) == STB_WEAK) { @@ -248,38 +252,32 @@ comp_from_elf(char* filename, continue; } // TODO collapse - struct CompRelaMapping crm = { - curr_rela_name, - curr_rela.r_offset + (char*) new_comp->base, - NULL }; + struct CompRelaMapping crm = { curr_rela_name, + curr_rela.r_offset + (char *) new_comp->base, NULL }; new_comp->rela_maps[j] = crm; } free(comp_rela_plt); free(dyn_sym_tbl); // Find additional library dependencies - Elf64_Dyn* comp_dyn_entries = malloc(comp_dynamic_shdr.sh_size); + Elf64_Dyn *comp_dyn_entries = malloc(comp_dynamic_shdr.sh_size); do_pread((int) new_comp->fd, comp_dyn_entries, - comp_dynamic_shdr.sh_size, comp_dynamic_shdr.sh_offset); + comp_dynamic_shdr.sh_size, comp_dynamic_shdr.sh_offset); - for (size_t i = 0; - i < comp_dynamic_shdr.sh_size / sizeof(Elf64_Dyn); + for (size_t i = 0; i < comp_dynamic_shdr.sh_size / sizeof(Elf64_Dyn); ++i) { if (comp_dyn_entries[i].d_tag == DT_NEEDED) { - struct LibDependency* new_lib_dep = - malloc(sizeof(struct LibDependency)); - new_lib_dep->lib_name = - malloc(strlen(&dyn_str_tbl[comp_dyn_entries[i].d_un.d_val]) + 1); - strcpy( - new_lib_dep->lib_name, + struct LibDependency *new_lib_dep + = malloc(sizeof(struct LibDependency)); + new_lib_dep->lib_name = malloc( + strlen(&dyn_str_tbl[comp_dyn_entries[i].d_un.d_val]) + 1); + strcpy(new_lib_dep->lib_name, &dyn_str_tbl[comp_dyn_entries[i].d_un.d_val]); new_comp->lib_deps_count += 1; - new_comp->lib_deps = - realloc(new_comp->lib_deps, - new_comp->lib_deps_count * - sizeof(struct LibDependency)); + new_comp->lib_deps = realloc(new_comp->lib_deps, + new_comp->lib_deps_count * sizeof(struct LibDependency)); new_comp->lib_deps[new_comp->lib_deps_count - 1] = new_lib_dep; } } @@ -291,21 +289,22 @@ comp_from_elf(char* filename, // Find library files in `COMP_LIBRARY_PATH` to fulfill dependencies for (size_t i = 0; i < new_comp->lib_deps_count; ++i) { - struct LibDependency* curr_dep = new_comp->lib_deps[i]; + struct LibDependency *curr_dep = new_comp->lib_deps[i]; // TODO move env var name to constant assert(getenv("COMP_LIBRARY_PATH")); - char* lib_path = - find_in_dir(curr_dep->lib_name, getenv("COMP_LIBRARY_PATH")); + char *lib_path + = find_in_dir(curr_dep->lib_name, getenv("COMP_LIBRARY_PATH")); if (!lib_path) { - errx(1, "Could not find file for dependency %s!\n", curr_dep->lib_name); + errx(1, "Could not find file for dependency %s!\n", + curr_dep->lib_name); } curr_dep->lib_path = malloc(strlen(lib_path)); strcpy(curr_dep->lib_path, lib_path); init_lib_dep_info(curr_dep, new_comp); - new_comp->mem_top = - (char*) curr_dep->lib_mem_base + - (uintptr_t) curr_dep->lib_segs[curr_dep->lib_segs_count - 1]->mem_top; + new_comp->mem_top = (char *) curr_dep->lib_mem_base + + (uintptr_t) curr_dep->lib_segs[curr_dep->lib_segs_count - 1] + ->mem_top; } // Find functions of interest, particularly entry points, and functions to @@ -318,30 +317,34 @@ comp_from_elf(char* filename, // variable-length strings. Then, symbol names are obtained by indexing at // the offset where the name for that symbol begins. Therefore, the type // `char*` for the string table makes sense. - char* comp_strtb = malloc(comp_strtb_hdr.sh_size); - do_pread((int) new_comp->fd, comp_strtb, comp_strtb_hdr.sh_size, comp_strtb_hdr.sh_offset); + char *comp_strtb = malloc(comp_strtb_hdr.sh_size); + do_pread((int) new_comp->fd, comp_strtb, comp_strtb_hdr.sh_size, + comp_strtb_hdr.sh_offset); - Elf64_Sym* comp_symtb = malloc(comp_symtb_shdr.sh_size); - do_pread((int) new_comp->fd, comp_symtb, comp_symtb_shdr.sh_size, comp_symtb_shdr.sh_offset); + Elf64_Sym *comp_symtb = malloc(comp_symtb_shdr.sh_size); + do_pread((int) new_comp->fd, comp_symtb, comp_symtb_shdr.sh_size, + comp_symtb_shdr.sh_offset); // Find symbols for entry_points - Elf64_Sym* ep_syms = - find_symbols((const char**) entry_points, entry_point_count, - true, comp_symtb, comp_strtb, comp_symtb_shdr.sh_size); + Elf64_Sym *ep_syms + = find_symbols((const char **) entry_points, entry_point_count, true, + comp_symtb, comp_strtb, comp_symtb_shdr.sh_size); for (size_t i = 0; i < entry_point_count; ++i) { - struct entry_point* new_entry_point = malloc(sizeof(struct entry_point)); + struct entry_point *new_entry_point + = malloc(sizeof(struct entry_point)); new_entry_point->fn_name = entry_points[i]; - switch(new_comp->elf_type) + switch (new_comp->elf_type) { case ET_DYN: { - new_entry_point->fn_addr = (char*) new_comp->base + ep_syms[i].st_value; + new_entry_point->fn_addr + = (char *) new_comp->base + ep_syms[i].st_value; break; } case ET_EXEC: { - new_entry_point->fn_addr = (void*) ep_syms[i].st_value; + new_entry_point->fn_addr = (void *) ep_syms[i].st_value; break; } default: @@ -353,13 +356,14 @@ comp_from_elf(char* filename, free(ep_syms); // Find symbols for intercepts - char** intercept_names = calloc(intercept_count, sizeof(char*)); - const char* so_plt_suffix = "@plt"; + char **intercept_names = calloc(intercept_count, sizeof(char *)); + const char *so_plt_suffix = "@plt"; for (size_t i = 0; i < intercept_count; ++i) { if (new_comp->elf_type == ET_DYN) { - size_t to_intercept_name_len = strlen(intercepts[i]) + strlen(so_plt_suffix) + 1; + size_t to_intercept_name_len + = strlen(intercepts[i]) + strlen(so_plt_suffix) + 1; intercept_names[i] = malloc(to_intercept_name_len); strcpy(intercept_names[i], intercepts[i]); strcat(intercept_names[i], so_plt_suffix); @@ -374,15 +378,16 @@ comp_from_elf(char* filename, errx(1, "Invalid ELF type"); } } - Elf64_Sym* intercept_syms = - find_symbols((const char**) intercept_names, intercept_count, false, - comp_symtb, comp_strtb, comp_symtb_shdr.sh_size); + Elf64_Sym *intercept_syms + = find_symbols((const char **) intercept_names, intercept_count, false, + comp_symtb, comp_strtb, comp_symtb_shdr.sh_size); for (size_t i = 0; i < intercept_count; ++i) { // TODO better way to check if we didn't find an intercept? if (intercept_syms[i].st_value != 0) { - comp_add_intercept(new_comp, intercept_syms[i].st_value, (uintptr_t) intercept_addrs[i]); + comp_add_intercept(new_comp, intercept_syms[i].st_value, + (uintptr_t) intercept_addrs[i]); } free(intercept_names[i]); } @@ -403,18 +408,18 @@ comp_from_elf(char* filename, for (size_t k = 0; k < new_comp->lib_deps[j]->lib_syms_count; ++k) { if (!strcmp(new_comp->rela_maps[i].rela_name, - new_comp->lib_deps[j]->lib_syms[k].sym_name)) + new_comp->lib_deps[j]->lib_syms[k].sym_name)) { - new_comp->rela_maps[i].target_func_address = - (char*) new_comp->lib_deps[j]->lib_mem_base + - new_comp->lib_deps[j]->lib_syms[k].sym_offset; + new_comp->rela_maps[i].target_func_address + = (char *) new_comp->lib_deps[j]->lib_mem_base + + new_comp->lib_deps[j]->lib_syms[k].sym_offset; goto found; } } } errx(1, "Did not find symbol %s!\n", new_comp->rela_maps[i].rela_name); - found: - (void) 0; + found: + (void) 0; } free(comp_symtb); @@ -431,14 +436,16 @@ comp_from_elf(char* filename, * to call the appropriate function with higher privileges. */ void -comp_add_intercept(struct Compartment* new_comp, uintptr_t intercept_target, uintptr_t redirect_addr) +comp_add_intercept(struct Compartment *new_comp, uintptr_t intercept_target, + uintptr_t redirect_addr) { - // TODO check whether negative values break anything in all these generated functions + // TODO check whether negative values break anything in all these generated + // functions int32_t new_instrs[INTERCEPT_INSTR_COUNT]; size_t new_instr_idx = 0; - const ptraddr_t comp_manager_cap_addr = - (ptraddr_t) new_comp->manager_caps + - new_comp->active_manager_caps_count * sizeof(void* __capability); // TODO + const ptraddr_t comp_manager_cap_addr = (ptraddr_t) new_comp->manager_caps + + new_comp->active_manager_caps_count + * sizeof(void *__capability); // TODO const int32_t arm_function_target_register = 0b01010; // use `x10` for now const int32_t arm_transition_target_register = 0b01011; // use `x11` for now @@ -452,10 +459,13 @@ comp_add_intercept(struct Compartment* new_comp, uintptr_t intercept_target, uin assert(intercept_target < ((ptraddr_t) 1 << 32)); const uint32_t arm_movz_instr_mask = 0b11010010100 << 21; const uint32_t arm_movk_instr_mask = 0b11110010101 << 21; - const ptraddr_t target_address_lo16 = (redirect_addr & ((1 << 16) - 1)) << 5; + const ptraddr_t target_address_lo16 = (redirect_addr & ((1 << 16) - 1)) + << 5; const ptraddr_t target_address_hi16 = (redirect_addr >> 16) << 5; - const int32_t arm_movz_intr = arm_movz_instr_mask | target_address_lo16 | arm_function_target_register; - const int32_t arm_movk_intr = arm_movk_instr_mask | target_address_hi16 | arm_function_target_register; + const int32_t arm_movz_intr = arm_movz_instr_mask | target_address_lo16 + | arm_function_target_register; + const int32_t arm_movk_intr = arm_movk_instr_mask | target_address_hi16 + | arm_function_target_register; new_instrs[new_instr_idx++] = arm_movz_intr; new_instrs[new_instr_idx++] = arm_movk_intr; @@ -465,31 +475,41 @@ comp_add_intercept(struct Compartment* new_comp, uintptr_t intercept_target, uin // Use `adrp` to get address close to address of manager capability required // adrp x11, $OFFSET const uint32_t arm_adrp_instr_mask = 0b10010000 << 24; - const ptraddr_t target_address = (comp_manager_cap_addr >> 12) - (intercept_target >> 12); + const ptraddr_t target_address + = (comp_manager_cap_addr >> 12) - (intercept_target >> 12); assert(target_address < ((ptraddr_t) 1 << 32)); const int32_t arm_adrp_immlo = (target_address & 0b11) << 29; - const int32_t arm_adrp_immhi = (target_address >> 2) << 5; - const int32_t arm_adrp_instr = arm_adrp_instr_mask | arm_adrp_immlo | arm_adrp_immhi | arm_transition_target_register; + const int32_t arm_adrp_immhi = (target_address >> 2) << 5; + const int32_t arm_adrp_instr = arm_adrp_instr_mask | arm_adrp_immlo + | arm_adrp_immhi | arm_transition_target_register; new_instrs[new_instr_idx++] = arm_adrp_instr; // `ldr` capability within compartment pointing to manager capabilities // ldr (unsigned offset, capability, normal base) // `ldr c11, [x11, $OFFSET]` - const uint32_t arm_ldr_instr_mask = 0b1100001001 << 22; // includes 0b00 bits for `op` field - ptraddr_t arm_ldr_pcc_offset = comp_manager_cap_addr; // offset within 4KB page + const uint32_t arm_ldr_instr_mask = 0b1100001001 + << 22; // includes 0b00 bits for `op` field + ptraddr_t arm_ldr_pcc_offset + = comp_manager_cap_addr; // offset within 4KB page ptraddr_t offset_correction = align_down(comp_manager_cap_addr, 1 << 12); arm_ldr_pcc_offset -= offset_correction; assert(arm_ldr_pcc_offset < 65520); // from ISA documentation assert(arm_ldr_pcc_offset % 16 == 0); arm_ldr_pcc_offset = arm_ldr_pcc_offset << 10; - const int32_t arm_ldr_base_register = arm_transition_target_register << 5; // use `x11` for now - const int32_t arm_ldr_dest_register = arm_transition_target_register; // use `c11` for now - const int32_t arm_ldr_instr = arm_ldr_instr_mask | arm_ldr_pcc_offset | arm_ldr_base_register | arm_ldr_dest_register; + const int32_t arm_ldr_base_register = arm_transition_target_register + << 5; // use `x11` for now + const int32_t arm_ldr_dest_register + = arm_transition_target_register; // use `c11` for now + const int32_t arm_ldr_instr = arm_ldr_instr_mask | arm_ldr_pcc_offset + | arm_ldr_base_register | arm_ldr_dest_register; new_instrs[new_instr_idx++] = arm_ldr_instr; // `b` instr generation - ptraddr_t arm_b_instr_offset = (((uintptr_t) new_comp->mng_trans_fn) - (intercept_target + new_instr_idx * sizeof(uint32_t))) / 4; + ptraddr_t arm_b_instr_offset + = (((uintptr_t) new_comp->mng_trans_fn) + - (intercept_target + new_instr_idx * sizeof(uint32_t))) + / 4; assert(arm_b_instr_offset < (1 << 27)); arm_b_instr_offset &= (1 << 26) - 1; const uint32_t arm_b_instr_mask = 0b101 << 26; @@ -498,54 +518,57 @@ comp_add_intercept(struct Compartment* new_comp, uintptr_t intercept_target, uin assert(new_instr_idx == INTERCEPT_INSTR_COUNT); struct intercept_patch new_patch; - new_patch.patch_addr = (void*) intercept_target; + new_patch.patch_addr = (void *) intercept_target; memcpy(new_patch.instr, new_instrs, sizeof(new_instrs)); __clear_cache(new_patch.instr, new_patch.instr + sizeof(new_instrs)); new_patch.comp_manager_cap_addr = comp_manager_cap_addr; new_patch.manager_cap = sealed_redirect_cap; new_comp->curr_intercept_count += 1; - new_comp->intercept_patches = realloc(new_comp->intercept_patches, new_comp->curr_intercept_count * sizeof(struct intercept_patch)); + new_comp->intercept_patches = realloc(new_comp->intercept_patches, + new_comp->curr_intercept_count * sizeof(struct intercept_patch)); new_comp->intercept_patches[new_comp->curr_intercept_count - 1] = new_patch; } void -comp_stack_push(struct Compartment* comp, const void* to_push, size_t to_push_sz) +comp_stack_push( + struct Compartment *comp, const void *to_push, size_t to_push_sz) { - comp->stack_pointer = (char*) comp->stack_pointer - to_push_sz; - memcpy((void*) comp->stack_pointer, to_push, to_push_sz); - assert(comp->stack_pointer > (void*) ((char*) comp->scratch_mem_stack_top - comp->scratch_mem_stack_size)); + comp->stack_pointer = (char *) comp->stack_pointer - to_push_sz; + memcpy((void *) comp->stack_pointer, to_push, to_push_sz); + assert(comp->stack_pointer > (void *) ((char *) comp->scratch_mem_stack_top + - comp->scratch_mem_stack_size)); } /* Map a struct Compartment into memory, making it ready for execution */ void -comp_map(struct Compartment* to_map) +comp_map(struct Compartment *to_map) { assert(!(to_map->mapped || to_map->mapped_full)); - struct SegmentMap* curr_seg; - void* map_result; + struct SegmentMap *curr_seg; + void *map_result; // Map compartment segments for (size_t i = 0; i < to_map->seg_count; ++i) { curr_seg = to_map->segs[i]; - map_result = mmap((void*) curr_seg->mem_bot, - curr_seg->mem_sz, - /*curr_seg->prot_flags,*/ // TODO currently need read/write to inject the intercepts, consider better option - PROT_READ | PROT_WRITE | PROT_EXEC, - MAP_PRIVATE | MAP_FIXED | MAP_ANONYMOUS, - -1, 0); + map_result = mmap((void *) curr_seg->mem_bot, curr_seg->mem_sz, + /*curr_seg->prot_flags,*/ // TODO currently need read/write to + // inject the intercepts, consider better + // option + PROT_READ | PROT_WRITE | PROT_EXEC, + MAP_PRIVATE | MAP_FIXED | MAP_ANONYMOUS, -1, 0); if (map_result == MAP_FAILED) { errx(1, "Error mapping comp segment idx %zu", i); } - do_pread(to_map->fd, (void*) curr_seg->mem_bot, curr_seg->file_sz, - curr_seg->offset); + do_pread(to_map->fd, (void *) curr_seg->mem_bot, curr_seg->file_sz, + curr_seg->offset); } // Map compartment library dependencies segments - struct LibDependency* lib_dep; - struct SegmentMap* lib_dep_seg; + struct LibDependency *lib_dep; + struct SegmentMap *lib_dep_seg; int lib_dep_fd; for (size_t i = 0; i < to_map->lib_deps_count; ++i) { @@ -554,36 +577,37 @@ comp_map(struct Compartment* to_map) for (size_t j = 0; j < lib_dep->lib_segs_count; ++j) { lib_dep_seg = lib_dep->lib_segs[j]; - map_result = mmap((char*) lib_dep->lib_mem_base + (uintptr_t) lib_dep_seg->mem_bot, - lib_dep_seg->mem_sz, - PROT_READ | PROT_WRITE | PROT_EXEC, // TODO fix - MAP_PRIVATE | MAP_FIXED | MAP_ANONYMOUS, - -1, 0); + map_result = mmap((char *) lib_dep->lib_mem_base + + (uintptr_t) lib_dep_seg->mem_bot, + lib_dep_seg->mem_sz, + PROT_READ | PROT_WRITE | PROT_EXEC, // TODO fix + MAP_PRIVATE | MAP_FIXED | MAP_ANONYMOUS, -1, 0); if (map_result == MAP_FAILED) { errx(1, "Error mapping library %s dependency segment idx %zu", - lib_dep->lib_name, j); + lib_dep->lib_name, j); } - do_pread(lib_dep_fd, (char*) lib_dep->lib_mem_base + (uintptr_t) lib_dep_seg->mem_bot, - lib_dep_seg->file_sz, lib_dep_seg->offset); + do_pread(lib_dep_fd, + (char *) lib_dep->lib_mem_base + + (uintptr_t) lib_dep_seg->mem_bot, + lib_dep_seg->file_sz, lib_dep_seg->offset); } close(lib_dep_fd); } // Map compartment scratch memory - map_result = mmap((void*) to_map->scratch_mem_base, - to_map->scratch_mem_size, - PROT_READ | PROT_WRITE | PROT_EXEC, // TODO Fix this - MAP_PRIVATE | MAP_FIXED | MAP_ANONYMOUS, - -1, 0); + map_result + = mmap((void *) to_map->scratch_mem_base, to_map->scratch_mem_size, + PROT_READ | PROT_WRITE | PROT_EXEC, // TODO Fix this + MAP_PRIVATE | MAP_FIXED | MAP_ANONYMOUS, -1, 0); assert(map_result != MAP_FAILED); // Map compartment stack - map_result = mmap((char*) to_map->scratch_mem_stack_top - to_map->scratch_mem_stack_size, - to_map->scratch_mem_stack_size, - PROT_READ | PROT_WRITE | PROT_EXEC, // TODO fix this - MAP_PRIVATE | MAP_FIXED | MAP_ANONYMOUS | MAP_STACK, - -1, 0); + map_result = mmap( + (char *) to_map->scratch_mem_stack_top - to_map->scratch_mem_stack_size, + to_map->scratch_mem_stack_size, + PROT_READ | PROT_WRITE | PROT_EXEC, // TODO fix this + MAP_PRIVATE | MAP_FIXED | MAP_ANONYMOUS | MAP_STACK, -1, 0); to_map->stack_pointer = to_map->scratch_mem_stack_top; assert(map_result != MAP_FAILED); @@ -594,14 +618,16 @@ comp_map(struct Compartment* to_map) // TODO change to memcpy? for (size_t j = 0; j < INTERCEPT_INSTR_COUNT; ++j) { - int32_t* curr_addr = to_patch.patch_addr + j; + int32_t *curr_addr = to_patch.patch_addr + j; *curr_addr = to_patch.instr[j]; } - *((void* __capability *) to_patch.comp_manager_cap_addr) = to_patch.manager_cap; + *((void *__capability *) to_patch.comp_manager_cap_addr) + = to_patch.manager_cap; } // Inject manager transfer function - memcpy(to_map->mng_trans_fn, (void*) &compartment_transition_out, to_map->mng_trans_fn_sz); + memcpy(to_map->mng_trans_fn, (void *) &compartment_transition_out, + to_map->mng_trans_fn_sz); // Bind `.got.plt` entries for (size_t i = 0; i < to_map->rela_maps_count; ++i) @@ -610,15 +636,16 @@ comp_map(struct Compartment* to_map) { continue; } - memcpy((void*) to_map->rela_maps[i].rela_address, - &to_map->rela_maps[i].target_func_address, - sizeof(void*)); + memcpy((void *) to_map->rela_maps[i].rela_address, + &to_map->rela_maps[i].target_func_address, sizeof(void *)); } to_map->mapped = true; } -void ddc_set(void *__capability cap) { +void +ddc_set(void *__capability cap) +{ assert(cap != NULL); asm volatile("MSR DDC, %[cap]" : : [cap] "C"(cap) : "memory"); } @@ -635,16 +662,18 @@ void ddc_set(void *__capability cap) { * prefer to default to `main` in that case */ int64_t -comp_exec(struct Compartment* to_exec, char* fn_name, void* args, size_t args_count) +comp_exec( + struct Compartment *to_exec, char *fn_name, void *args, size_t args_count) { - assert(to_exec->mapped && "Attempting to execute an unmapped compartment.\n"); + assert( + to_exec->mapped && "Attempting to execute an unmapped compartment.\n"); - void* fn = NULL; + void *fn = NULL; for (size_t i = 0; i < to_exec->entry_point_count; ++i) { if (!strcmp(fn_name, to_exec->comp_fns[i]->fn_name)) { - fn = (void*) to_exec->comp_fns[i]->fn_addr; + fn = (void *) to_exec->comp_fns[i]->fn_addr; break; } } @@ -652,7 +681,7 @@ comp_exec(struct Compartment* to_exec, char* fn_name, void* args, size_t args_co { errx(1, "Did not find entry point `%s`!\n", fn_name); } - void* wrap_sp; + void *wrap_sp; // TODO check if we need anything from here // https://git.morello-project.org/morello/kernel/linux/-/wikis/Morello-pure-capability-kernel-user-Linux-ABI-specification @@ -667,17 +696,17 @@ comp_exec(struct Compartment* to_exec, char* fn_name, void* args, size_t args_co /*void * __capability * args_caps;*/ /*for (size_t i = 0; i < args_count; ++i)*/ /*{*/ - /*void* __capability arg = (__cheri_tocap void* __capability) args[i];*/ - /*arg = cheri_perms_and(arg, !(CHERI_PERM_STORE | CHERI_PERM_EXECUTE));*/ - /*args_caps[i] = arg;*/ + /*void* __capability arg = (__cheri_tocap void* __capability) args[i];*/ + /*arg = cheri_perms_and(arg, !(CHERI_PERM_STORE | CHERI_PERM_EXECUTE));*/ + /*args_caps[i] = arg;*/ /*}*/ - result = comp_exec_in((void*) to_exec->stack_pointer, to_exec->ddc, fn, - args, args_count, sealed_redirect_cap); + result = comp_exec_in((void *) to_exec->stack_pointer, to_exec->ddc, fn, + args, args_count, sealed_redirect_cap); return result; } void -comp_clean(struct Compartment* to_clean) +comp_clean(struct Compartment *to_clean) { close(to_clean->fd); if (to_clean->mapped) @@ -697,7 +726,7 @@ comp_clean(struct Compartment* to_clean) for (size_t i = 0; i < to_clean->entry_point_count; ++i) { - free((char*) to_clean->comp_fns[i]->fn_name); + free((char *) to_clean->comp_fns[i]->fn_name); free(to_clean->comp_fns[i]); } @@ -707,7 +736,7 @@ comp_clean(struct Compartment* to_clean) } free(to_clean->rela_maps); - struct LibDependency* ld; + struct LibDependency *ld; for (size_t i = 0; i < to_clean->lib_deps_count; ++i) { ld = to_clean->lib_deps[i]; @@ -728,7 +757,6 @@ comp_clean(struct Compartment* to_clean) free(to_clean->lib_deps); free(to_clean->intercept_patches); - free(to_clean); // TODO } @@ -737,9 +765,8 @@ comp_clean(struct Compartment* to_clean) * Helper functions ******************************************************************************/ -static -ssize_t -do_pread(int fd, void* buf, size_t count, off_t offset) +static ssize_t +do_pread(int fd, void *buf, size_t count, off_t offset) { size_t res = pread(fd, buf, count, offset); if (res == -1) @@ -749,12 +776,11 @@ do_pread(int fd, void* buf, size_t count, off_t offset) return res; } -static -Elf64_Sym* -find_symbols(const char** names, size_t names_to_find_count, bool find_all, - Elf64_Sym* symtb, char* strtb, size_t symtb_sz) +static Elf64_Sym * +find_symbols(const char **names, size_t names_to_find_count, bool find_all, + Elf64_Sym *symtb, char *strtb, size_t symtb_sz) { - Elf64_Sym* found_syms = calloc(names_to_find_count, sizeof(Elf64_Sym)); + Elf64_Sym *found_syms = calloc(names_to_find_count, sizeof(Elf64_Sym)); Elf64_Sym curr_sym; size_t found_syms_count = 0; for (size_t i = 0; i < symtb_sz / sizeof(Elf64_Sym); ++i) @@ -776,7 +802,7 @@ find_symbols(const char** names, size_t names_to_find_count, bool find_all, // If we didn't find all symbols that we wanted to intercept, throw an error if (find_all && found_syms_count != names_to_find_count) { - const char** not_found_syms = malloc(names_to_find_count); + const char **not_found_syms = malloc(names_to_find_count); size_t not_found_idx = 0; for (size_t i = 0; i < names_to_find_count; ++i) { @@ -809,20 +835,19 @@ find_symbols(const char** names, size_t names_to_find_count, bool find_all, return found_syms; } -static -char* -find_in_dir(const char* lib_name, char* search_dir) +static char * +find_in_dir(const char *lib_name, char *search_dir) { errno = 0; - char** search_paths = malloc(sizeof(char*)); + char **search_paths = malloc(sizeof(char *)); search_paths[0] = search_dir; - FTS* dir = fts_open(search_paths, FTS_LOGICAL, NULL); + FTS *dir = fts_open(search_paths, FTS_LOGICAL, NULL); if (!dir) { err(1, "Failed fts_open for path %s.\n", search_dir); } - FTSENT* curr_entry; + FTSENT *curr_entry; while ((curr_entry = fts_read(dir)) != NULL) { if (!strcmp(lib_name, curr_entry->fts_name)) @@ -835,48 +860,45 @@ find_in_dir(const char* lib_name, char* search_dir) return NULL; } -static -void -init_comp_scratch_mem(struct Compartment* new_comp) +static void +init_comp_scratch_mem(struct Compartment *new_comp) { - new_comp->scratch_mem_base = - align_up( - (char*) new_comp->segs[new_comp->seg_count - 1]->mem_top + - new_comp->page_size, + new_comp->scratch_mem_base + = align_up((char *) new_comp->segs[new_comp->seg_count - 1]->mem_top + + new_comp->page_size, new_comp->page_size); new_comp->max_manager_caps_count = 10; // TODO new_comp->scratch_mem_heap_size = 0x800000UL; // TODO - new_comp->scratch_mem_size = - new_comp->scratch_mem_heap_size + - new_comp->max_manager_caps_count * sizeof(void* __capability) + - new_comp->mng_trans_fn_sz; + new_comp->scratch_mem_size = new_comp->scratch_mem_heap_size + + new_comp->max_manager_caps_count * sizeof(void *__capability) + + new_comp->mng_trans_fn_sz; new_comp->scratch_mem_alloc = 0; - new_comp->scratch_mem_stack_top = - align_down( - (char*) new_comp->scratch_mem_base + - new_comp->scratch_mem_heap_size, - 16); + new_comp->scratch_mem_stack_top = align_down( + (char *) new_comp->scratch_mem_base + new_comp->scratch_mem_heap_size, + 16); new_comp->scratch_mem_stack_size = 0x80000UL; // TODO new_comp->manager_caps = new_comp->scratch_mem_stack_top; new_comp->active_manager_caps_count = 0; - new_comp->mng_trans_fn = - (char*) new_comp->manager_caps + - new_comp->max_manager_caps_count * sizeof(void* __capability); + new_comp->mng_trans_fn = (char *) new_comp->manager_caps + + new_comp->max_manager_caps_count * sizeof(void *__capability); assert(((uintptr_t) new_comp->scratch_mem_base) % 16 == 0); - assert((((uintptr_t) new_comp->scratch_mem_base) + new_comp->scratch_mem_size) % 16 == 0); - assert(((uintptr_t) new_comp->scratch_mem_stack_top) % 16 == 0); assert( - (((uintptr_t) new_comp->scratch_mem_stack_top) - - new_comp->scratch_mem_stack_size) % 16 == 0); + (((uintptr_t) new_comp->scratch_mem_base) + new_comp->scratch_mem_size) + % 16 + == 0); + assert(((uintptr_t) new_comp->scratch_mem_stack_top) % 16 == 0); + assert((((uintptr_t) new_comp->scratch_mem_stack_top) + - new_comp->scratch_mem_stack_size) + % 16 + == 0); assert(new_comp->scratch_mem_size % 16 == 0); } /* Get the segment data for segments we will be mapping for a library dependency */ -static -void -init_lib_dep_info(struct LibDependency* lib_dep, struct Compartment* new_comp) +static void +init_lib_dep_info(struct LibDependency *lib_dep, struct Compartment *new_comp) { lib_dep->lib_segs_count = 0; int lib_fd = open(lib_dep->lib_path, O_RDONLY); @@ -889,33 +911,35 @@ init_lib_dep_info(struct LibDependency* lib_dep, struct Compartment* new_comp) for (size_t i = 0; i < lib_ehdr.e_phnum; ++i) { do_pread((int) lib_fd, &lib_phdr, sizeof(Elf64_Phdr), - lib_ehdr.e_phoff + i * sizeof(lib_phdr)); + lib_ehdr.e_phoff + i * sizeof(lib_phdr)); if (lib_phdr.p_type != PT_LOAD) { continue; } - struct SegmentMap* this_seg = malloc(sizeof(struct SegmentMap)); - this_seg->mem_bot = (void*) align_down(lib_phdr.p_vaddr, new_comp->page_size); - this_seg->correction = (char*) lib_phdr.p_vaddr - (char*) this_seg->mem_bot; - this_seg->mem_top = (char*) lib_phdr.p_vaddr + lib_phdr.p_memsz; + struct SegmentMap *this_seg = malloc(sizeof(struct SegmentMap)); + this_seg->mem_bot + = (void *) align_down(lib_phdr.p_vaddr, new_comp->page_size); + this_seg->correction + = (char *) lib_phdr.p_vaddr - (char *) this_seg->mem_bot; + this_seg->mem_top = (char *) lib_phdr.p_vaddr + lib_phdr.p_memsz; this_seg->offset = align_down(lib_phdr.p_offset, new_comp->page_size); this_seg->mem_sz = lib_phdr.p_memsz + this_seg->correction; this_seg->file_sz = lib_phdr.p_filesz + this_seg->correction; - this_seg->prot_flags = (lib_phdr.p_flags & PF_R ? PROT_READ : 0) | - (lib_phdr.p_flags & PF_W ? PROT_WRITE : 0) | - (lib_phdr.p_flags & PF_X ? PROT_EXEC : 0); + this_seg->prot_flags = (lib_phdr.p_flags & PF_R ? PROT_READ : 0) + | (lib_phdr.p_flags & PF_W ? PROT_WRITE : 0) + | (lib_phdr.p_flags & PF_X ? PROT_EXEC : 0); lib_dep->lib_segs_count += 1; - lib_dep->lib_segs_size += align_up(this_seg->mem_sz, lib_phdr.p_align); // TODO check - lib_dep->lib_segs = - realloc(lib_dep->lib_segs, - lib_dep->lib_segs_count * sizeof(struct SegmentMap)); + lib_dep->lib_segs_size + += align_up(this_seg->mem_sz, lib_phdr.p_align); // TODO check + lib_dep->lib_segs = realloc(lib_dep->lib_segs, + lib_dep->lib_segs_count * sizeof(struct SegmentMap)); lib_dep->lib_segs[lib_dep->lib_segs_count - 1] = this_seg; } - lib_dep->lib_mem_base = - align_down((char*) new_comp->mem_top + new_comp->page_size, new_comp->page_size); + lib_dep->lib_mem_base = align_down( + (char *) new_comp->mem_top + new_comp->page_size, new_comp->page_size); new_comp->size += new_comp->page_size + lib_dep->lib_segs_size; // Get symbol table @@ -925,7 +949,7 @@ init_lib_dep_info(struct LibDependency* lib_dep, struct Compartment* new_comp) for (size_t i = 0; i < lib_ehdr.e_shnum; ++i) { do_pread((int) lib_fd, &curr_shdr, sizeof(Elf64_Shdr), - lib_ehdr.e_shoff + i * sizeof(Elf64_Shdr)); + lib_ehdr.e_shoff + i * sizeof(Elf64_Shdr)); if (curr_shdr.sh_type != SHT_SYMTAB) { continue; @@ -933,17 +957,17 @@ init_lib_dep_info(struct LibDependency* lib_dep, struct Compartment* new_comp) assert(curr_shdr.sh_link); do_pread((int) lib_fd, &link_shdr, sizeof(Elf64_Shdr), - lib_ehdr.e_shoff + curr_shdr.sh_link * sizeof(Elf64_Shdr)); + lib_ehdr.e_shoff + curr_shdr.sh_link * sizeof(Elf64_Shdr)); - Elf64_Sym* sym_tb = malloc(curr_shdr.sh_size); + Elf64_Sym *sym_tb = malloc(curr_shdr.sh_size); do_pread((int) lib_fd, sym_tb, curr_shdr.sh_size, curr_shdr.sh_offset); - char* str_tb = malloc(link_shdr.sh_size); + char *str_tb = malloc(link_shdr.sh_size); do_pread((int) lib_fd, str_tb, link_shdr.sh_size, link_shdr.sh_offset); lib_dep->lib_syms_count = curr_shdr.sh_size / sizeof(Elf64_Sym); size_t actual_syms = 0; - struct LibDependencySymbol* ld_syms = - malloc(lib_dep->lib_syms_count * sizeof(struct LibDependencySymbol)); + struct LibDependencySymbol *ld_syms = malloc( + lib_dep->lib_syms_count * sizeof(struct LibDependencySymbol)); for (size_t j = 0; j < lib_dep->lib_syms_count; ++j) { curr_sym = sym_tb[j]; @@ -957,12 +981,13 @@ init_lib_dep_info(struct LibDependency* lib_dep, struct Compartment* new_comp) continue; } ld_syms[actual_syms].sym_offset = curr_sym.st_value; - char* sym_name = &str_tb[curr_sym.st_name]; + char *sym_name = &str_tb[curr_sym.st_name]; ld_syms[actual_syms].sym_name = malloc(strlen(sym_name) + 1); strcpy(ld_syms[actual_syms].sym_name, sym_name); actual_syms += 1; } - ld_syms = realloc(ld_syms, actual_syms * sizeof(struct LibDependencySymbol)); + ld_syms = realloc( + ld_syms, actual_syms * sizeof(struct LibDependencySymbol)); lib_dep->lib_syms_count = actual_syms; lib_dep->lib_syms = ld_syms; diff --git a/src/intercept.c b/src/intercept.c index f796eab..72f24ef 100644 --- a/src/intercept.c +++ b/src/intercept.c @@ -1,8 +1,8 @@ #include "intercept.h" struct func_intercept comp_intercept_funcs[INTERCEPT_FUNC_COUNT]; -void* __capability comp_return_caps[COMP_RETURN_CAPS_COUNT]; -void* __capability sealed_redirect_cap; +void *__capability comp_return_caps[COMP_RETURN_CAPS_COUNT]; +void *__capability sealed_redirect_cap; /* Setup required capabilities on the heap to jump from within compartments via * a context switch @@ -20,22 +20,24 @@ void* __capability sealed_redirect_cap; void setup_intercepts() { - for (size_t i = 0; i < sizeof(to_intercept_funcs) / sizeof(to_intercept_funcs[0]); ++i) + for (size_t i = 0; + i < sizeof(to_intercept_funcs) / sizeof(to_intercept_funcs[0]); ++i) { comp_intercept_funcs[i].func_name = to_intercept_funcs[i].func_name; - comp_intercept_funcs[i].redirect_func = to_intercept_funcs[i].redirect_func; - comp_intercept_funcs[i].intercept_pcc = - cheri_address_set(cheri_pcc_get(), (uintptr_t) intercept_wrapper); + comp_intercept_funcs[i].redirect_func + = to_intercept_funcs[i].redirect_func; + comp_intercept_funcs[i].intercept_pcc + = cheri_address_set(cheri_pcc_get(), (uintptr_t) intercept_wrapper); } sealed_redirect_cap = manager_ddc; - sealed_redirect_cap = cheri_address_set( - sealed_redirect_cap, - (intptr_t) comp_return_caps); + sealed_redirect_cap + = cheri_address_set(sealed_redirect_cap, (intptr_t) comp_return_caps); asm("SEAL %[cap], %[cap], lpb\n\t" - : [cap]"+C"(sealed_redirect_cap) - : /**/ ); + : [cap] "+C"(sealed_redirect_cap) + : /**/); comp_return_caps[0] = manager_ddc; // TODO does this need to be sealed? - comp_return_caps[1] = cheri_address_set(cheri_pcc_get(), (uintptr_t) comp_exec_out); + comp_return_caps[1] + = cheri_address_set(cheri_pcc_get(), (uintptr_t) comp_exec_out); } /******************************************************************************* @@ -47,7 +49,7 @@ setup_intercepts() ******************************************************************************/ time_t -intercepted_time(time_t* t) +intercepted_time(time_t *t) { return time(t); } @@ -58,37 +60,40 @@ intercepted_time(time_t* t) * have the capability of `free`ing this memory. A future implementation of a * better memory allocator will resolve this issue. */ -FILE* -intercepted_fopen(const char* filename, const char* mode) +FILE * +intercepted_fopen(const char *filename, const char *mode) { - FILE* res = fopen(filename, mode); + FILE *res = fopen(filename, mode); assert(res != NULL); - /*struct Compartment* comp = manager_find_compartment_by_ddc(cheri_ddc_get()); // TODO*/ - void* comp_addr = manager_register_mem_alloc(loaded_comp, sizeof(FILE)); + /*struct Compartment* comp = + * manager_find_compartment_by_ddc(cheri_ddc_get()); // TODO*/ + void *comp_addr = manager_register_mem_alloc(loaded_comp, sizeof(FILE)); memcpy(comp_addr, res, sizeof(FILE)); return comp_addr; } size_t -intercepted_fread(void* __restrict buf, size_t size, size_t count, FILE* __restrict fp) +intercepted_fread( + void *__restrict buf, size_t size, size_t count, FILE *__restrict fp) { return fread(buf, size, count, fp); } size_t -intercepted_fwrite(void* __restrict buf, size_t size, size_t count, FILE* __restrict fp) +intercepted_fwrite( + void *__restrict buf, size_t size, size_t count, FILE *__restrict fp) { return fwrite(buf, size, count, fp); } int -intercepted_fputc(int chr, FILE* stream) +intercepted_fputc(int chr, FILE *stream) { return fputc(chr, stream); } int -intercepted_fclose(FILE* fp) +intercepted_fclose(FILE *fp) { int res = fclose(fp); assert(res == 0); @@ -96,65 +101,70 @@ intercepted_fclose(FILE* fp) } int -intercepted_getc(FILE* stream) +intercepted_getc(FILE *stream) { return getc(stream); } // Needed by test `lua_script` int -intercepted___srget(FILE* stream) +intercepted___srget(FILE *stream) { return __srget(stream); } -void* -my_realloc(void* ptr, size_t to_alloc) +void * +my_realloc(void *ptr, size_t to_alloc) { // TODO revisit this logic; do we keep a pointer in the manager of the // currently loaded compartment (would probably require this to be set in // the transition function), or do we get this information from the // intercept source (could check the compartment mapping to see which // compartment the source address comes from) - /*struct Compartment* comp = manager_find_compartment_by_ddc(cheri_ddc_get());*/ - struct Compartment* comp = loaded_comp; + /*struct Compartment* comp = + * manager_find_compartment_by_ddc(cheri_ddc_get());*/ + struct Compartment *comp = loaded_comp; if (ptr == NULL) { return my_malloc(to_alloc); // TODO } - void* new_ptr = manager_register_mem_alloc(comp, to_alloc); - struct mem_alloc* old_alloc = get_alloc_struct_from_ptr(comp, (uintptr_t) ptr); - memcpy(new_ptr, ptr, to_alloc < old_alloc->size ? to_alloc : old_alloc->size); + void *new_ptr = manager_register_mem_alloc(comp, to_alloc); + struct mem_alloc *old_alloc + = get_alloc_struct_from_ptr(comp, (uintptr_t) ptr); + memcpy( + new_ptr, ptr, to_alloc < old_alloc->size ? to_alloc : old_alloc->size); manager_free_mem_alloc(comp, ptr); return new_ptr; } -void* +void * my_malloc(size_t to_alloc) { - /*struct Compartment* comp = manager_find_compartment_by_ddc(cheri_ddc_get());*/ - struct Compartment* comp = loaded_comp; + /*struct Compartment* comp = + * manager_find_compartment_by_ddc(cheri_ddc_get());*/ + struct Compartment *comp = loaded_comp; assert(comp->scratch_mem_alloc + to_alloc < comp->scratch_mem_size); - void* new_mem = manager_register_mem_alloc(comp, to_alloc); + void *new_mem = manager_register_mem_alloc(comp, to_alloc); return new_mem; } void -my_free(void* ptr) +my_free(void *ptr) { if (ptr == NULL) { return; } - /*struct Compartment* comp = manager_find_compartment_by_ddc(cheri_ddc_get());*/ + /*struct Compartment* comp = + * manager_find_compartment_by_ddc(cheri_ddc_get());*/ manager_free_mem_alloc(loaded_comp, ptr); // TODO return; } int -my_fprintf(FILE* stream, const char* format, ...) +my_fprintf(FILE *stream, const char *format, ...) { va_list va_args; va_start(va_args, format); @@ -164,9 +174,9 @@ my_fprintf(FILE* stream, const char* format, ...) } size_t -my_call_comp(size_t comp_id, char* fn_name, void* args, size_t args_count) +my_call_comp(size_t comp_id, char *fn_name, void *args, size_t args_count) { - struct Compartment* to_call = manager_get_compartment_by_id(comp_id); + struct Compartment *to_call = manager_get_compartment_by_id(comp_id); return exec_comp(to_call, fn_name, args); /*return exec_comp(to_call, fn_name, args, args_count);*/ } diff --git a/src/manager.c b/src/manager.c index c35730c..64a6721 100644 --- a/src/manager.c +++ b/src/manager.c @@ -2,34 +2,43 @@ // TODO consider moving to a struct or some global thing static size_t comps_count = 0; -struct CompWithEntries** comps; -struct Compartment* loaded_comp = NULL; +struct CompWithEntries **comps; +struct Compartment *loaded_comp = NULL; // Variables and functions related to laying compartments in memory // TODO make start address configurable const uintptr_t comp_start_addr = 0x1000000UL; const unsigned short comp_page_interval_count = 2; -void* min_next_comp_addr = NULL; +void *min_next_comp_addr = NULL; -const char* comp_env_fields[] = { "PATH", }; -void* __capability manager_ddc = 0; +const char *comp_env_fields[] = { + "PATH", +}; +void *__capability manager_ddc = 0; -const char* comp_config_suffix = ".comp"; +const char *comp_config_suffix = ".comp"; -static struct ConfigEntryPoint* parse_compartment_config(char*, size_t*, bool); -static struct ConfigEntryPoint* make_default_entry_point(); -static struct ConfigEntryPoint get_entry_point(char*, struct ConfigEntryPoint*, size_t); -static void* prepare_compartment_args(char** args, struct ConfigEntryPoint); +static struct ConfigEntryPoint * +parse_compartment_config(char *, size_t *, bool); +static struct ConfigEntryPoint * +make_default_entry_point(); +static struct ConfigEntryPoint +get_entry_point(char *, struct ConfigEntryPoint *, size_t); +static void * +prepare_compartment_args(char **args, struct ConfigEntryPoint); -static struct CompWithEntries* get_comp_with_entries(struct Compartment*); +static struct CompWithEntries * +get_comp_with_entries(struct Compartment *); -const char* -get_env_str(const char* env_name) +const char * +get_env_str(const char *env_name) { size_t env_name_len = strlen(env_name); - for (char** env = environ; env != NULL; ++env) { - const char* str = *env; - if (strncmp(str, env_name, env_name_len) == 0 && str[env_name_len] == '=') + for (char **env = environ; env != NULL; ++env) + { + const char *str = *env; + if (strncmp(str, env_name, env_name_len) == 0 + && str[env_name_len] == '=') return str; } return NULL; @@ -39,42 +48,46 @@ get_env_str(const char* env_name) * Utility functions ******************************************************************************/ -void print_full_cap(uintcap_t cap) { - uint32_t words[4]; // Hack to demonstrate! In real code, be more careful about sizes, etc. +void +print_full_cap(uintcap_t cap) +{ + uint32_t words[4]; // Hack to demonstrate! In real code, be more careful + // about sizes, etc. printf("0x%d", cheri_tag_get(cap) ? 1 : 0); memcpy(words, &cap, sizeof(cap)); - for (int i = 3; i >= 0; i--) { + for (int i = 3; i >= 0; i--) + { printf("_%08x", words[i]); } printf("\n"); } -void* +void * get_next_comp_addr(void) { if (min_next_comp_addr == NULL) { - min_next_comp_addr = (void*) comp_start_addr; + min_next_comp_addr = (void *) comp_start_addr; } return min_next_comp_addr; } -struct Compartment* -register_new_comp(char* filename, bool allow_default_entry) +struct Compartment * +register_new_comp(char *filename, bool allow_default_entry) { size_t new_comp_ep_count; - struct ConfigEntryPoint* new_cep = - parse_compartment_config(filename, &new_comp_ep_count, allow_default_entry); + struct ConfigEntryPoint *new_cep = parse_compartment_config( + filename, &new_comp_ep_count, allow_default_entry); - char** ep_names = calloc(new_comp_ep_count, sizeof(char*)); + char **ep_names = calloc(new_comp_ep_count, sizeof(char *)); for (size_t i = 0; i < new_comp_ep_count; ++i) { ep_names[i] = malloc(strlen(new_cep[i].name) + 1); strcpy(ep_names[i], new_cep[i].name); } - char** intercept_names = calloc(INTERCEPT_FUNC_COUNT, sizeof(char*)); - void** intercept_addrs = calloc(INTERCEPT_FUNC_COUNT, sizeof(uintptr_t)); + char **intercept_names = calloc(INTERCEPT_FUNC_COUNT, sizeof(char *)); + void **intercept_addrs = calloc(INTERCEPT_FUNC_COUNT, sizeof(uintptr_t)); for (size_t i = 0; i < INTERCEPT_FUNC_COUNT; ++i) { intercept_names[i] = malloc(strlen(comp_intercept_funcs[i].func_name)); @@ -82,26 +95,27 @@ register_new_comp(char* filename, bool allow_default_entry) intercept_addrs[i] = comp_intercept_funcs[i].redirect_func; } - struct Compartment* new_comp = - comp_from_elf(filename, ep_names, new_comp_ep_count, intercept_names, - intercept_addrs, INTERCEPT_FUNC_COUNT, get_next_comp_addr()); + struct Compartment *new_comp + = comp_from_elf(filename, ep_names, new_comp_ep_count, intercept_names, + intercept_addrs, INTERCEPT_FUNC_COUNT, get_next_comp_addr()); new_comp->id = comps_count; - void* __capability new_comp_ddc = cheri_address_set(cheri_ddc_get(), (uintptr_t) new_comp->base); + void *__capability new_comp_ddc + = cheri_address_set(cheri_ddc_get(), (uintptr_t) new_comp->base); // TODO double check second parameter of `cheri_bounds_set` - new_comp_ddc = cheri_bounds_set(new_comp_ddc, (uintptr_t) new_comp->scratch_mem_stack_top); + new_comp_ddc = cheri_bounds_set( + new_comp_ddc, (uintptr_t) new_comp->scratch_mem_stack_top); new_comp->ddc = new_comp_ddc; - struct CompWithEntries* new_cwe = malloc(sizeof(struct CompWithEntries)); - comps = realloc(comps, comps_count * sizeof(struct CompWithEntries*)); + struct CompWithEntries *new_cwe = malloc(sizeof(struct CompWithEntries)); + comps = realloc(comps, comps_count * sizeof(struct CompWithEntries *)); comps[comps_count] = malloc(sizeof(struct CompWithEntries)); comps[comps_count]->comp = new_comp; comps[comps_count]->cep = new_cep; comps_count += 1; - min_next_comp_addr = - align_up((char*) comp_start_addr + new_comp->size + - comp_page_interval_count * sysconf(_SC_PAGESIZE), - sysconf(_SC_PAGESIZE)); + min_next_comp_addr = align_up((char *) comp_start_addr + new_comp->size + + comp_page_interval_count * sysconf(_SC_PAGESIZE), + sysconf(_SC_PAGESIZE)); for (size_t i = 0; i < new_comp_ep_count; ++i) { @@ -119,15 +133,17 @@ register_new_comp(char* filename, bool allow_default_entry) } int64_t -exec_comp(struct Compartment* to_exec, char* entry_fn, char** entry_fn_args) +exec_comp(struct Compartment *to_exec, char *entry_fn, char **entry_fn_args) { - struct CompWithEntries* comp_to_run = get_comp_with_entries(to_exec); - struct ConfigEntryPoint comp_entry = get_entry_point(entry_fn, comp_to_run->cep, to_exec->entry_point_count); - void* comp_args = prepare_compartment_args(entry_fn_args, comp_entry); + struct CompWithEntries *comp_to_run = get_comp_with_entries(to_exec); + struct ConfigEntryPoint comp_entry = get_entry_point( + entry_fn, comp_to_run->cep, to_exec->entry_point_count); + void *comp_args = prepare_compartment_args(entry_fn_args, comp_entry); - struct Compartment* old_comp = loaded_comp; + struct Compartment *old_comp = loaded_comp; loaded_comp = to_exec; - int64_t exec_res = comp_exec(to_exec, entry_fn, comp_args, comp_entry.arg_count); + int64_t exec_res + = comp_exec(to_exec, entry_fn, comp_args, comp_entry.arg_count); loaded_comp = old_comp; return exec_res; @@ -144,19 +160,18 @@ clean_all_comps() } void -clean_comp(struct Compartment* to_clean) +clean_comp(struct Compartment *to_clean) { comp_clean(to_clean); - struct CompWithEntries* cwe = get_comp_with_entries(to_clean); + struct CompWithEntries *cwe = get_comp_with_entries(to_clean); free(cwe->comp); free(cwe->cep); free(cwe); // TODO move around memory from `comps` } -static -struct CompWithEntries* -get_comp_with_entries(struct Compartment* to_find) +static struct CompWithEntries * +get_comp_with_entries(struct Compartment *to_find) { for (size_t i = 0; i < comps_count; ++i) { @@ -168,14 +183,15 @@ get_comp_with_entries(struct Compartment* to_find) errx(1, "Couldn't find requested compartment with id %zu.", to_find->id); } -struct Compartment* -manager_find_compartment_by_addr(void* addr) +struct Compartment * +manager_find_compartment_by_addr(void *addr) { size_t i; for (i = 0; i < comps_count; ++i) { - if (comps[i]->comp->base <= addr && - (void*) ((char*) comps[i]->comp->base + comps[i]->comp->size) > addr) + if (comps[i]->comp->base <= addr + && (void *) ((char *) comps[i]->comp->base + comps[i]->comp->size) + > addr) { break; } @@ -184,8 +200,8 @@ manager_find_compartment_by_addr(void* addr) return comps[i]->comp; } -struct Compartment* -manager_find_compartment_by_ddc(void* __capability ddc) +struct Compartment * +manager_find_compartment_by_ddc(void *__capability ddc) { size_t i; for (i = 0; i < comps_count; ++i) @@ -199,7 +215,7 @@ manager_find_compartment_by_ddc(void* __capability ddc) errx(1, "Could not find compartment."); } -struct Compartment* +struct Compartment * manager_get_compartment_by_id(size_t id) { assert(id < comps_count); @@ -207,25 +223,26 @@ manager_get_compartment_by_id(size_t id) } void -toml_parse_error(char* error_msg, char* errbuf) +toml_parse_error(char *error_msg, char *errbuf) { errx(1, "%s: %s\n", error_msg, errbuf); } -char* -prep_config_filename(char* filename) +char * +prep_config_filename(char *filename) { // TODO do these string manipulation things leak? - const char* prefix = "./"; + const char *prefix = "./"; if (!strncmp(filename, prefix, strlen(prefix))) { filename += strlen(prefix); } - const char* suffix_to_add = ".comp"; - char* config_filename = malloc(strlen(filename) + strlen(suffix_to_add) + 1); + const char *suffix_to_add = ".comp"; + char *config_filename + = malloc(strlen(filename) + strlen(suffix_to_add) + 1); strcpy(config_filename, filename); - const char* suffix = ".so"; - char* suffix_start = strrchr(config_filename, '.'); + const char *suffix = ".so"; + char *suffix_start = strrchr(config_filename, '.'); if (suffix_start && !strcmp(suffix_start, suffix)) { *suffix_start = '\0'; @@ -234,13 +251,13 @@ prep_config_filename(char* filename) return config_filename; } -static -struct ConfigEntryPoint* -parse_compartment_config(char* comp_filename, size_t* entry_point_count, bool allow_default) +static struct ConfigEntryPoint * +parse_compartment_config( + char *comp_filename, size_t *entry_point_count, bool allow_default) { // Get config file name - char* config_filename = prep_config_filename(comp_filename); - FILE* config_fd = fopen(config_filename,"r"); + char *config_filename = prep_config_filename(comp_filename); + FILE *config_fd = fopen(config_filename, "r"); free(config_filename); if (!config_fd) { @@ -252,30 +269,33 @@ parse_compartment_config(char* comp_filename, size_t* entry_point_count, bool al // Parse config file char toml_errbuf[200]; - toml_table_t* tab = toml_parse_file(config_fd, toml_errbuf, sizeof(toml_errbuf)); + toml_table_t *tab + = toml_parse_file(config_fd, toml_errbuf, sizeof(toml_errbuf)); if (!tab) { toml_parse_error("TOML table parse error", toml_errbuf); } *entry_point_count = toml_table_ntab(tab); - struct ConfigEntryPoint* entry_points = malloc(*entry_point_count * sizeof(struct ConfigEntryPoint)); + struct ConfigEntryPoint *entry_points + = malloc(*entry_point_count * sizeof(struct ConfigEntryPoint)); for (size_t i = 0; i < *entry_point_count; ++i) { - const char* fname = toml_key_in(tab, i); + const char *fname = toml_key_in(tab, i); assert(fname); - toml_table_t* curr_func = toml_table_in(tab, fname); + toml_table_t *curr_func = toml_table_in(tab, fname); assert(curr_func); - toml_array_t* func_arg_types = toml_array_in(curr_func, "args_type"); + toml_array_t *func_arg_types = toml_array_in(curr_func, "args_type"); assert(func_arg_types); size_t func_arg_count = toml_array_nelem(func_arg_types); entry_points[i].name = fname; entry_points[i].arg_count = func_arg_count; - entry_points[i].args_type = malloc(func_arg_count * sizeof(char*)); + entry_points[i].args_type = malloc(func_arg_count * sizeof(char *)); for (size_t j = 0; j < func_arg_count; ++j) { toml_datum_t func_arg_type = toml_string_at(func_arg_types, j); - entry_points[i].args_type[j] = malloc(strlen(func_arg_type.u.s) + 1); + entry_points[i].args_type[j] + = malloc(strlen(func_arg_type.u.s) + 1); strcpy(entry_points[i].args_type[j], func_arg_type.u.s); } } @@ -284,11 +304,11 @@ parse_compartment_config(char* comp_filename, size_t* entry_point_count, bool al } void -clean_compartment_config(struct ConfigEntryPoint* cep, size_t entry_point_count) +clean_compartment_config(struct ConfigEntryPoint *cep, size_t entry_point_count) { for (size_t i = 0; i < entry_point_count; ++i) { - free((void*) cep[i].name); + free((void *) cep[i].name); for (size_t j = 0; j < cep[i].arg_count; ++j) { free(cep[i].args_type[j]); @@ -298,9 +318,9 @@ clean_compartment_config(struct ConfigEntryPoint* cep, size_t entry_point_count) free(cep); } -static -struct ConfigEntryPoint -get_entry_point(char* entry_point_fn, struct ConfigEntryPoint* ceps, size_t cep_count) +static struct ConfigEntryPoint +get_entry_point( + char *entry_point_fn, struct ConfigEntryPoint *ceps, size_t cep_count) { struct ConfigEntryPoint curr_ep; while (cep_count != 0) @@ -315,11 +335,10 @@ get_entry_point(char* entry_point_fn, struct ConfigEntryPoint* ceps, size_t cep_ errx(1, "Did not find entry point for function %s!\n", entry_point_fn); } -static -void* -prepare_compartment_args(char** args, struct ConfigEntryPoint cep) +static void * +prepare_compartment_args(char **args, struct ConfigEntryPoint cep) { - void* parsed_args = calloc(COMP_ARG_SIZE, cep.arg_count); + void *parsed_args = calloc(COMP_ARG_SIZE, cep.arg_count); size_t allocated_args = 0; size_t to_copy; union arg_holder tmp; @@ -352,20 +371,20 @@ prepare_compartment_args(char** args, struct ConfigEntryPoint cep) } else { - errx(1, "Unhandled compartment argument type %s!\n", cep.args_type[i]); + errx(1, "Unhandled compartment argument type %s!\n", + cep.args_type[i]); } - memcpy((char*) parsed_args + i * COMP_ARG_SIZE, &tmp, to_copy); + memcpy((char *) parsed_args + i * COMP_ARG_SIZE, &tmp, to_copy); } return parsed_args; } -static -struct ConfigEntryPoint* +static struct ConfigEntryPoint * make_default_entry_point() { - struct ConfigEntryPoint* cep = malloc(sizeof(struct ConfigEntryPoint)); + struct ConfigEntryPoint *cep = malloc(sizeof(struct ConfigEntryPoint)); cep->name = malloc(strlen("main") + 1); - strcpy((char*) cep->name, "main"); + strcpy((char *) cep->name, "main"); cep->arg_count = 0; cep->args_type = NULL; return cep; diff --git a/src/mem_mng.c b/src/mem_mng.c index 7630f3a..a029093 100644 --- a/src/mem_mng.c +++ b/src/mem_mng.c @@ -9,21 +9,21 @@ * compartment scratch memory space */ -void* -manager_register_mem_alloc(struct Compartment* comp, size_t mem_size) +void * +manager_register_mem_alloc(struct Compartment *comp, size_t mem_size) { // TODO better algorithm to find blocks of memory available for mapping - void* new_mem = (char*)comp->scratch_mem_base + comp->scratch_mem_alloc; - struct mem_alloc* new_alloc = malloc(sizeof(struct mem_alloc)); + void *new_mem = (char *) comp->scratch_mem_base + comp->scratch_mem_alloc; + struct mem_alloc *new_alloc = malloc(sizeof(struct mem_alloc)); new_alloc->ptr = (uintptr_t) new_mem; new_alloc->size = mem_size; manager_insert_new_alloc(comp, new_alloc); - comp->scratch_mem_alloc += __builtin_align_up(mem_size, sizeof(void*)); + comp->scratch_mem_alloc += __builtin_align_up(mem_size, sizeof(void *)); return new_mem; } void -manager_insert_new_alloc(struct Compartment* comp, struct mem_alloc* to_insert) +manager_insert_new_alloc(struct Compartment *comp, struct mem_alloc *to_insert) { if (comp->alloc_head == NULL) { @@ -42,8 +42,8 @@ manager_insert_new_alloc(struct Compartment* comp, struct mem_alloc* to_insert) return; } - struct mem_alloc* curr_alloc = comp->alloc_head; - while(curr_alloc->next_alloc != NULL && curr_alloc->ptr < to_insert->ptr) + struct mem_alloc *curr_alloc = comp->alloc_head; + while (curr_alloc->next_alloc != NULL && curr_alloc->ptr < to_insert->ptr) { curr_alloc = curr_alloc->next_alloc; } @@ -63,9 +63,9 @@ manager_insert_new_alloc(struct Compartment* comp, struct mem_alloc* to_insert) } size_t -manager_free_mem_alloc(struct Compartment* comp, void* ptr) +manager_free_mem_alloc(struct Compartment *comp, void *ptr) { - struct mem_alloc* curr_alloc = comp->alloc_head; + struct mem_alloc *curr_alloc = comp->alloc_head; while (curr_alloc != NULL && curr_alloc->ptr != (uintptr_t) ptr) { curr_alloc = curr_alloc->next_alloc; @@ -99,11 +99,11 @@ manager_free_mem_alloc(struct Compartment* comp, void* ptr) * \param ptr Address to search for * \return A record indicating the requested memory allocation */ -struct mem_alloc* -get_alloc_struct_from_ptr(struct Compartment* comp, uintptr_t ptr) +struct mem_alloc * +get_alloc_struct_from_ptr(struct Compartment *comp, uintptr_t ptr) { - struct mem_alloc* curr_alloc = comp->alloc_head; - while(curr_alloc->next_alloc != NULL) + struct mem_alloc *curr_alloc = comp->alloc_head; + while (curr_alloc->next_alloc != NULL) { if (curr_alloc->ptr == ptr) { diff --git a/tests/args_simple.c b/tests/args_simple.c index fe14838..329f436 100644 --- a/tests/args_simple.c +++ b/tests/args_simple.c @@ -1,6 +1,6 @@ #include -#include #include +#include int check_combined(int one, char two, long three) @@ -46,7 +46,7 @@ check_ullong_max(unsigned long long one) } int -main(int argc, char** argv) +main(int argc, char **argv) { size_t sum = 0; for (size_t i = 0; i < argc; ++i) diff --git a/tests/lua_script.c b/tests/lua_script.c index eb572e2..55f606f 100644 --- a/tests/lua_script.c +++ b/tests/lua_script.c @@ -18,9 +18,9 @@ return_val(int val) } int -do_script_arg(char* script_path) +do_script_arg(char *script_path) { - lua_State* L = luaL_newstate(); + lua_State *L = luaL_newstate(); luaL_openlibs(L); luaL_dofile(L, script_path); @@ -32,7 +32,7 @@ do_script_arg(char* script_path) int do_script() { - lua_State* L = luaL_newstate(); + lua_State *L = luaL_newstate(); luaL_openlibs(L); luaL_dofile(L, "./hello_world.lua"); @@ -42,7 +42,7 @@ do_script() } int -main(int argc, char** argv) +main(int argc, char **argv) { do_script_arg("./hello_world.lua"); return 0; diff --git a/tests/lua_simple.c b/tests/lua_simple.c index ff233e7..e7c384b 100644 --- a/tests/lua_simple.c +++ b/tests/lua_simple.c @@ -7,10 +7,10 @@ int main(void) { - lua_State* L = luaL_newstate(); + lua_State *L = luaL_newstate(); luaL_openlibs(L); - char* test_string = "Hello welt!"; + char *test_string = "Hello welt!"; lua_pushstring(L, test_string); lua_Integer len = luaL_len(L, 1); diff --git a/tests/manager_arg_passer.c b/tests/manager_arg_passer.c index efb9639..ab6ecf0 100644 --- a/tests/manager_arg_passer.c +++ b/tests/manager_arg_passer.c @@ -11,20 +11,23 @@ */ int -main(int argc, char** argv) +main(int argc, char **argv) { // Initial setup manager_ddc = cheri_ddc_get(); setup_intercepts(); - assert(argc >= 4 && "Expect at least three arguments: binary file for compartment, entry function for compartment, and at least one argument to pass to compartment function."); - char* file = argv[1]; + assert(argc >= 4 + && "Expect at least three arguments: binary file for compartment, " + "entry function for compartment, and at least one argument to pass " + "to compartment function."); + char *file = argv[1]; - struct Compartment* arg_comp = register_new_comp(file, false); + struct Compartment *arg_comp = register_new_comp(file, false); comp_map(arg_comp); - char* entry_func = argv[2]; - char** entry_func_args = &argv[3]; + char *entry_func = argv[2]; + char **entry_func_args = &argv[3]; int comp_result = exec_comp(arg_comp, argv[2], &argv[3]); comp_clean(arg_comp); return comp_result; diff --git a/tests/manager_caller.c b/tests/manager_caller.c index 90ce1f7..8a631c0 100644 --- a/tests/manager_caller.c +++ b/tests/manager_caller.c @@ -1,21 +1,22 @@ #include "manager.h" int -main(int argc, char** argv) +main(int argc, char **argv) { // Initial setup manager_ddc = cheri_ddc_get(); setup_intercepts(); - assert(argc >= 2 && "Expect at least one argument: binary file for compartment"); - char* file = argv[1]; - const char* prefix = "./"; + assert(argc >= 2 + && "Expect at least one argument: binary file for compartment"); + char *file = argv[1]; + const char *prefix = "./"; if (!strncmp(file, prefix, strlen(prefix))) { file += strlen(prefix); } - struct Compartment* hw_comp = register_new_comp(file, true); + struct Compartment *hw_comp = register_new_comp(file, true); comp_map(hw_comp); int comp_result = exec_comp(hw_comp, "main", NULL); comp_clean(hw_comp); diff --git a/tests/producer_consumer.c b/tests/producer_consumer.c index 73b1563..3e78a80 100644 --- a/tests/producer_consumer.c +++ b/tests/producer_consumer.c @@ -1,15 +1,15 @@ #include -#include #include -#include #include +#include +#include #include #include "producer_consumer_mem.h" -#include #include +#include #include // Simplified memory model: stk grows downwards from the top @@ -17,12 +17,12 @@ struct comp { size_t size; - void* __capability ddc; + void *__capability ddc; uintptr_t sp; }; -void* __capability big_ddc; -void* saved_sp; +void *__capability big_ddc; +void *saved_sp; const size_t mem_size = 256; const size_t max_comp_count = 2; @@ -32,19 +32,22 @@ struct comp comps[max_comp_count]; #define PROD_CAP_OFFSET 0 #define CONS_CAP_OFFSET 1 - -void print_full_cap(uintcap_t cap) { - uint32_t words[4]; // Hack to demonstrate! In real code, be more careful about sizes, etc. +void +print_full_cap(uintcap_t cap) +{ + uint32_t words[4]; // Hack to demonstrate! In real code, be more careful + // about sizes, etc. printf("0x%d", cheri_tag_get(cap) ? 1 : 0); memcpy(words, &cap, sizeof(cap)); - for (int i = 3; i >= 0; i--) { + for (int i = 3; i >= 0; i--) + { printf("_%08x", words[i]); } printf("\n"); } int -producer_func(lua_State* L) +producer_func(lua_State *L) { /*asm("msr DDC, %w0" : : "r"(prod_ddc));*/ @@ -68,11 +71,11 @@ struct comp make_new_comp(size_t size) { /*void* new_comp_mem = mmap(NULL, size,*/ - /*PROT_READ | PROT_WRITE,*/ - /*MAP_PRIVATE | MAP_ANONYMOUS,*/ - /*-1 , 0)*/ + /*PROT_READ | PROT_WRITE,*/ + /*MAP_PRIVATE | MAP_ANONYMOUS,*/ + /*-1 , 0)*/ - void* __capability new_ddc = (void* __capability) malloc(size); + void *__capability new_ddc = (void *__capability) malloc(size); new_ddc = cheri_bounds_set(new_ddc, size); struct comp new_comp; @@ -81,10 +84,11 @@ make_new_comp(size_t size) uintptr_t ddc_addr = cheri_address_get(new_ddc); new_comp.sp = ddc_addr + size + COMP_STK_OFFSET; - int* alloc_mem_addr = (int*) (ddc_addr + size + COMP_MEM_DDC_OFFSET); + int *alloc_mem_addr = (int *) (ddc_addr + size + COMP_MEM_DDC_OFFSET); *alloc_mem_addr = 0; - void* __capability * big_ddc_addr = (void* __capability *) (ddc_addr + size + COMP_BIG_DDC_OFFSET); + void *__capability *big_ddc_addr + = (void *__capability *) (ddc_addr + size + COMP_BIG_DDC_OFFSET); assert(new_comp.sp % 16 == 0); assert((uintptr_t) alloc_mem_addr % 16 == 0); @@ -102,26 +106,25 @@ main(void) comps[PROD_CAP_OFFSET] = make_new_comp(4096); comps[CONS_CAP_OFFSET] = make_new_comp(4096); - /*void* tmp = mmap(NULL, 1024, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);*/ + /*void* tmp = mmap(NULL, 1024, PROT_READ | PROT_WRITE, MAP_PRIVATE | + * MAP_ANONYMOUS, -1, 0);*/ /*if (tmp == MAP_FAILED)*/ /*{*/ - /*printf("Error %s\n", strerror(errno));*/ - /*assert(0);*/ + /*printf("Error %s\n", strerror(errno));*/ + /*assert(0);*/ /*}*/ /*assert(munmap(tmp, 1024) != -1);*/ - asm("mov %[saved_sp], sp\n\t" - : [saved_sp]"+r"(saved_sp) - : /**/ ); + asm("mov %[saved_sp], sp\n\t" : [saved_sp] "+r"(saved_sp) : /**/); // Set consumer compartment asm("msr DDC, %[cons_ddc]\n\t" "mov sp, %[cons_sp]" : /**/ - : [cons_ddc]"C"(comps[CONS_CAP_OFFSET].ddc), - [cons_sp] "r"(comps[CONS_CAP_OFFSET].sp)); + : [cons_ddc] "C"(comps[CONS_CAP_OFFSET].ddc), + [cons_sp] "r"(comps[CONS_CAP_OFFSET].sp)); - lua_State* consumerL = luaL_newstate(); + lua_State *consumerL = luaL_newstate(); luaL_openlibs(consumerL); /*lua_pushcfunction(L, producer_func);*/ @@ -138,8 +141,7 @@ main(void) asm("msr DDC, %[big_ddc]\n\t" "mov sp, %[saved_sp]\n\t" : - : [big_ddc]"C"(big_ddc), [saved_sp]"r"(saved_sp)); - + : [big_ddc] "C"(big_ddc), [saved_sp] "r"(saved_sp)); return EXIT_SUCCESS; } diff --git a/tests/simple.c b/tests/simple.c index 2b6717a..250e88e 100644 --- a/tests/simple.c +++ b/tests/simple.c @@ -1,6 +1,6 @@ -#include -#include #include +#include +#include int main(void) diff --git a/tests/test_args_near_unmapped.c b/tests/test_args_near_unmapped.c index a437d9b..f3dbb07 100644 --- a/tests/test_args_near_unmapped.c +++ b/tests/test_args_near_unmapped.c @@ -11,29 +11,32 @@ */ int -main(int argc, char** argv) +main(int argc, char **argv) { // Initial setup manager_ddc = cheri_ddc_get(); setup_intercepts(); - char* file = "args_simple"; + char *file = "args_simple"; - struct Compartment* arg_comp = register_new_comp(file, false); + struct Compartment *arg_comp = register_new_comp(file, false); comp_map(arg_comp); - char* entry_func = "check_simple"; - char* entry_func_args[2] = { "40", "2" }; - struct ConfigEntryPoint comp_entry = get_entry_point(entry_func, cep, entry_point_count); - void* comp_args = prepare_compartment_args(entry_func_args, comp_entry); + char *entry_func = "check_simple"; + char *entry_func_args[2] = { "40", "2" }; + struct ConfigEntryPoint comp_entry + = get_entry_point(entry_func, cep, entry_point_count); + void *comp_args = prepare_compartment_args(entry_func_args, comp_entry); // Allocate two pages worth of memory (ensure larger than size of args)... size_t page_size = sysconf(_SC_PAGESIZE); assert(page_size > comp_entry.arg_count * COMP_ARG_SIZE); size_t two_page_size = 2 * page_size; - void* two_page_alloc = mmap(NULL, two_page_size, PROT_WRITE | PROT_READ, MAP_ANONYMOUS, -1, 0); + void *two_page_alloc = mmap( + NULL, two_page_size, PROT_WRITE | PROT_READ, MAP_ANONYMOUS, -1, 0); // ... move args in the first page, near page boundary ... - void* memcpy_address = (char*) two_page_alloc + page_size - comp_entry.arg_count * COMP_ARG_SIZE; + void *memcpy_address = (char *) two_page_alloc + page_size + - comp_entry.arg_count * COMP_ARG_SIZE; memcpy(memcpy_address, comp_args, comp_entry.arg_count * COMP_ARG_SIZE); // ... and set second page as inaccessible // ... and deallocate the second page @@ -41,7 +44,8 @@ main(int argc, char** argv) free(comp_args); comp_args = memcpy_address; - int comp_result = comp_exec(arg_comp, entry_func, comp_args, comp_entry.arg_count); + int comp_result + = comp_exec(arg_comp, entry_func, comp_args, comp_entry.arg_count); clean_compartment_config(cep, entry_point_count); comp_clean(arg_comp); munmap(two_page_alloc, page_size); diff --git a/tests/test_ddc_overwrite.c b/tests/test_ddc_overwrite.c index 96e39d9..db93507 100644 --- a/tests/test_ddc_overwrite.c +++ b/tests/test_ddc_overwrite.c @@ -19,16 +19,16 @@ test_leak(unsigned long long secret_addr) int secret; asm volatile("cvtp c0, %[addr]\n\t" "ldr %w[val], [c0]" - : [val] "=r"(secret) - : [addr] "r"(secret_addr) - : "x0", "memory"); + : [val] "=r"(secret) + : [addr] "r"(secret_addr) + : "x0", "memory"); return secret; } int main() { - int* secret = malloc(sizeof(int)); + int *secret = malloc(sizeof(int)); *secret = 42; int val = test_leak((unsigned long long) secret); assert(val == *secret); diff --git a/tests/test_ddc_overwrite_manager.c b/tests/test_ddc_overwrite_manager.c index 030e261..9baa882 100644 --- a/tests/test_ddc_overwrite_manager.c +++ b/tests/test_ddc_overwrite_manager.c @@ -10,36 +10,40 @@ * but plan to move this to some configuration file in the near future */ -extern struct Compartment* loaded_comp; +extern struct Compartment *loaded_comp; int -main(int argc, char** argv) +main(int argc, char **argv) { // Initial setup manager_ddc = cheri_ddc_get(); setup_intercepts(); - char* file = "test_ddc_overwrite"; + char *file = "test_ddc_overwrite"; size_t entry_point_count = 0; - struct ConfigEntryPoint* cep = parse_compartment_config(file, &entry_point_count); + struct ConfigEntryPoint *cep + = parse_compartment_config(file, &entry_point_count); assert(cep); - struct Compartment* arg_comp = comp_from_elf(file, cep, entry_point_count); + struct Compartment *arg_comp = comp_from_elf(file, cep, entry_point_count); log_new_comp(arg_comp); comp_map(arg_comp); - int* secret = malloc(sizeof(int)); + int *secret = malloc(sizeof(int)); *secret = 42; - char* entry_func = "test_leak"; - size_t secret_addr_str_len = snprintf(NULL, 0, "%llu", (unsigned long long) secret); - char* secret_addr_str = malloc(secret_addr_str_len + 1); + char *entry_func = "test_leak"; + size_t secret_addr_str_len + = snprintf(NULL, 0, "%llu", (unsigned long long) secret); + char *secret_addr_str = malloc(secret_addr_str_len + 1); sprintf(secret_addr_str, "%llu", (unsigned long long) secret); - char* entry_func_args[1] = { secret_addr_str }; - struct ConfigEntryPoint comp_entry = get_entry_point(entry_func, cep, entry_point_count); - void* comp_args = prepare_compartment_args(entry_func_args, comp_entry); + char *entry_func_args[1] = { secret_addr_str }; + struct ConfigEntryPoint comp_entry + = get_entry_point(entry_func, cep, entry_point_count); + void *comp_args = prepare_compartment_args(entry_func_args, comp_entry); - int comp_result = comp_exec(arg_comp, entry_func, comp_args, comp_entry.arg_count); + int comp_result + = comp_exec(arg_comp, entry_func, comp_args, comp_entry.arg_count); clean_compartment_config(cep, entry_point_count); comp_clean(arg_comp); assert(comp_result == *secret); diff --git a/tests/test_map.c b/tests/test_map.c index ea481f5..891821d 100644 --- a/tests/test_map.c +++ b/tests/test_map.c @@ -1,5 +1,5 @@ -#include "manager.h" #include "compartment.c" +#include "manager.h" int main() @@ -7,8 +7,8 @@ main() manager_ddc = cheri_ddc_get(); setup_intercepts(); - char* file = "./simple.so"; - struct Compartment* hw_comp = register_new_comp(file, true); + char *file = "./simple.so"; + struct Compartment *hw_comp = register_new_comp(file, true); comp_map(hw_comp); comp_clean(hw_comp); return 0; diff --git a/tests/test_two_comps-comp1.c b/tests/test_two_comps-comp1.c index 6d10009..c0b34b8 100644 --- a/tests/test_two_comps-comp1.c +++ b/tests/test_two_comps-comp1.c @@ -1,6 +1,10 @@ #include -size_t call_comp(size_t comp_id, char* fn_name, void* args, size_t arg_count) { return 0; }; +size_t +call_comp(size_t comp_id, char *fn_name, void *args, size_t arg_count) +{ + return 0; +}; int inter_call() diff --git a/tests/test_two_comps.c b/tests/test_two_comps.c index 192384a..bda69b1 100644 --- a/tests/test_two_comps.c +++ b/tests/test_two_comps.c @@ -1,22 +1,22 @@ #include "manager.h" int -main(int argc, char** argv) +main(int argc, char **argv) { // Initial setup manager_ddc = cheri_ddc_get(); setup_intercepts(); - char* comp_file_1 = "test_two_comps-comp1"; - char* comp_file_2 = "test_two_comps-comp2"; + char *comp_file_1 = "test_two_comps-comp1"; + char *comp_file_2 = "test_two_comps-comp2"; // Load comp1 - struct Compartment* comp1 = register_new_comp(comp_file_1, true); + struct Compartment *comp1 = register_new_comp(comp_file_1, true); comp_map(comp1); fprintf(stdout, "Mapped Comp 1\n"); // Load comp2 - struct Compartment* comp2 = register_new_comp(comp_file_2, true); + struct Compartment *comp2 = register_new_comp(comp_file_2, true); comp_map(comp2); fprintf(stdout, "Mapped Comp 2\n"); diff --git a/tests/test_two_comps_inter_call.c b/tests/test_two_comps_inter_call.c index 113dcbd..20513a4 100644 --- a/tests/test_two_comps_inter_call.c +++ b/tests/test_two_comps_inter_call.c @@ -1,26 +1,25 @@ #include "manager.h" int -main(int argc, char** argv) +main(int argc, char **argv) { // Initial setup manager_ddc = cheri_ddc_get(); setup_intercepts(); - char* comp_file_1 = "test_two_comps-comp1"; - char* comp_file_2 = "test_two_comps-comp2"; + char *comp_file_1 = "test_two_comps-comp1"; + char *comp_file_2 = "test_two_comps-comp2"; // Load comp1 - struct Compartment* comp1 = register_new_comp(comp_file_1, false); + struct Compartment *comp1 = register_new_comp(comp_file_1, false); comp_map(comp1); fprintf(stdout, "Mapped Comp 1\n"); // Load comp2 - struct Compartment* comp2 = register_new_comp(comp_file_2, true); + struct Compartment *comp2 = register_new_comp(comp_file_2, true); comp_map(comp2); fprintf(stdout, "Mapped Comp 2\n"); - // Run Comp 1 int comp_result = comp_exec(comp1, "inter_call", NULL, 0); assert(comp_result == 0);