From e0cdb514b0a10bc7ffbf7be129101804318039e9 Mon Sep 17 00:00:00 2001 From: Jacob Bramley Date: Fri, 8 Dec 2023 15:25:52 +0000 Subject: [PATCH 1/6] CapableVMs: Migrate to merge queues. --- .github/workflows/merge.yaml | 9 +++++++++ bors.toml | 6 ------ 2 files changed, 9 insertions(+), 6 deletions(-) create mode 100644 .github/workflows/merge.yaml delete mode 100644 bors.toml diff --git a/.github/workflows/merge.yaml b/.github/workflows/merge.yaml new file mode 100644 index 00000000000..2890138a2de --- /dev/null +++ b/.github/workflows/merge.yaml @@ -0,0 +1,9 @@ +on: + pull_request: + merge_group: + +jobs: + dummy: + runs-on: ubuntu-latest + steps: + - run: /usr/bin/true diff --git a/bors.toml b/bors.toml deleted file mode 100644 index 713e3705b3e..00000000000 --- a/bors.toml +++ /dev/null @@ -1,6 +0,0 @@ -status = ["buildbot/ci-builder"] -delete_merged_branches = true -cut_body_after = "" -# A full run should complete within 12 hours, but we might add other -# configurations to it later, so add a little leeway. -timeout_sec = 86400 # 24 hours From ab2797e71964b6a6b4e6533b6e09f1559f286ca0 Mon Sep 17 00:00:00 2001 From: Jacob Bramley Date: Wed, 13 Dec 2023 13:51:58 +0000 Subject: [PATCH 2/6] CapableVMs: Drop 'cloop' run from buildbot. This is, hopefully, a temporary measure to allow the run to complete before the Merge Queues timeout. --- .buildbot.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.buildbot.sh b/.buildbot.sh index f31fc275f2d..70bfd30aa98 100755 --- a/.buildbot.sh +++ b/.buildbot.sh @@ -145,7 +145,9 @@ build() { popd } -build morello-purecap --morello-webkit/build-type Debug --morello-webkit/backend cloop +# TODO: 'cloop' is disabled because it's slow, and takes longer than the Merge +# Queues timeout. We should reinstate it, perhaps as a weekly run or similar. +#build morello-purecap --morello-webkit/build-type Debug --morello-webkit/backend cloop build morello-purecap --morello-webkit/build-type Debug --morello-webkit/backend tier1asm # TODO: tier2asm shows intermittent failures, which are currently under # investigation. To avoid CI disruption, it is disabled here for now, but From 8ac2632fbed69de39c02568717b1665d320b0972 Mon Sep 17 00:00:00 2001 From: Jacob Bramley Date: Tue, 12 Dec 2023 16:45:20 +0000 Subject: [PATCH 3/6] Morello: Check for mallocx alignment bug. https://github.com/CTSRD-CHERI/cheribsd/issues/1964 This was fixed, but the assertions here might be useful in case someone tries to run this on an affected CheriBSD. --- Source/WTF/wtf/ContinuousArenaMalloc.cpp | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/Source/WTF/wtf/ContinuousArenaMalloc.cpp b/Source/WTF/wtf/ContinuousArenaMalloc.cpp index e11edbaba6f..dbe0ce5274e 100644 --- a/Source/WTF/wtf/ContinuousArenaMalloc.cpp +++ b/Source/WTF/wtf/ContinuousArenaMalloc.cpp @@ -111,13 +111,25 @@ void *ContinuousArenaMalloc::internalAllocateAligned(size_t alignment, ASSERT((alignment & (alignment - 1)) == 0); ASSERT(s_Initialized); - return mallocx(size, MALLOCX_ALIGN(alignment) | MALLOCX_TCACHE_NONE | MALLOCX_ARENA(s_arenaIndex)); + void * result = mallocx(size, MALLOCX_ALIGN(alignment) | MALLOCX_TCACHE_NONE | MALLOCX_ARENA(s_arenaIndex)); +#if __has_feature(capabilities) + // If this happens, try disabling capability revocation. + // See: https://github.com/CTSRD-CHERI/cheribsd/issues/1964 + ASSERT(cheri_is_aligned(result, alignment)); +#endif + return result; } void *ContinuousArenaMalloc::internalReallocate(void *ptr, size_t size) { ASSERT(s_Initialized); - return rallocx(ptr, size, MALLOCX_TCACHE_NONE | MALLOCX_ARENA(s_arenaIndex)); + void * result = rallocx(ptr, size, MALLOCX_TCACHE_NONE | MALLOCX_ARENA(s_arenaIndex)); +#if __has_feature(capabilities) + // If this happens, try disabling capability revocation. + // See: https://github.com/CTSRD-CHERI/cheribsd/issues/1964 + ASSERT(cheri_is_aligned(result, size)); +#endif + return result; } void ContinuousArenaMalloc::internalFree(void *ptr) From d64b9749a5ad5a385afcfeea4015c0108c0feda3 Mon Sep 17 00:00:00 2001 From: Jacob Bramley Date: Thu, 14 Dec 2023 12:54:34 +0000 Subject: [PATCH 4/6] Morello: Check for mallocx arena bug. https://github.com/CTSRD-CHERI/cheribsd/issues/1969 --- Source/WTF/wtf/ContinuousArenaMalloc.cpp | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/Source/WTF/wtf/ContinuousArenaMalloc.cpp b/Source/WTF/wtf/ContinuousArenaMalloc.cpp index dbe0ce5274e..12de55fd18a 100644 --- a/Source/WTF/wtf/ContinuousArenaMalloc.cpp +++ b/Source/WTF/wtf/ContinuousArenaMalloc.cpp @@ -113,9 +113,19 @@ void *ContinuousArenaMalloc::internalAllocateAligned(size_t alignment, void * result = mallocx(size, MALLOCX_ALIGN(alignment) | MALLOCX_TCACHE_NONE | MALLOCX_ARENA(s_arenaIndex)); #if __has_feature(capabilities) - // If this happens, try disabling capability revocation. + // If either of these fail, try disabling capability revocation. // See: https://github.com/CTSRD-CHERI/cheribsd/issues/1964 ASSERT(cheri_is_aligned(result, alignment)); +#ifdef __CHERI_PURE_CAPABILITY__ + ASSERT(cheri_is_subset(result, cheri_ddc_get())); +#elif !defined(ASSERT_DISABLED) + uintptr_t addr = reinterpret_cast(result); + uintptr_t ddc_base = cheri_base_get(cheri_ddc_get()); + uintptr_t ddc_len = ddc_base + cheri_length_get(cheri_ddc_get()); + ASSERT(addr >= ddc_base); + ASSERT(size <= ddc_len); + ASSERT((addr + size) <= (ddc_base + ddc_len)); +#endif #endif return result; } @@ -125,9 +135,19 @@ void *ContinuousArenaMalloc::internalReallocate(void *ptr, size_t size) ASSERT(s_Initialized); void * result = rallocx(ptr, size, MALLOCX_TCACHE_NONE | MALLOCX_ARENA(s_arenaIndex)); #if __has_feature(capabilities) - // If this happens, try disabling capability revocation. + // If either of these fail, try disabling capability revocation. // See: https://github.com/CTSRD-CHERI/cheribsd/issues/1964 ASSERT(cheri_is_aligned(result, size)); +#ifdef __CHERI_PURE_CAPABILITY__ + ASSERT(cheri_is_subset(result, cheri_ddc_get())); +#elif !defined(ASSERT_DISABLED) + uintptr_t addr = reinterpret_cast(result); + uintptr_t ddc_base = cheri_base_get(cheri_ddc_get()); + uintptr_t ddc_len = ddc_base + cheri_length_get(cheri_ddc_get()); + ASSERT(addr >= ddc_base); + ASSERT(size <= ddc_len); + ASSERT((addr + size) <= (ddc_base + ddc_len)); +#endif #endif return result; } From 4dfce0ab75c4d26650698766d347572049ae7f5a Mon Sep 17 00:00:00 2001 From: Jacob Bramley Date: Thu, 14 Dec 2023 13:12:06 +0000 Subject: [PATCH 5/6] CapableVMs: Disable revocation to unblock CI. --- .buildbot-test.sh | 3 +++ Source/WTF/wtf/ContinuousArenaMalloc.cpp | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/.buildbot-test.sh b/.buildbot-test.sh index 0314fc7b8ac..de6edbe8db4 100644 --- a/.buildbot-test.sh +++ b/.buildbot-test.sh @@ -26,6 +26,9 @@ du -hs * echo "$PWD/builds:" du -hs builds/* +echo "Disabling revocation to work around https://github.com/CTSRD-CHERI/cheribsd/issues/1964" +sysctl security.cheri.runtime_revocation_default=0 + failures='' # Run higher tiers first (ls -r). They are most complicated, most likely to # receive development, and run a lot faster than lower tiers. diff --git a/Source/WTF/wtf/ContinuousArenaMalloc.cpp b/Source/WTF/wtf/ContinuousArenaMalloc.cpp index 12de55fd18a..98b02088420 100644 --- a/Source/WTF/wtf/ContinuousArenaMalloc.cpp +++ b/Source/WTF/wtf/ContinuousArenaMalloc.cpp @@ -50,6 +50,12 @@ void ContinuousArenaMalloc::initialize(void) { s_Mutex = new Mutex(); +#if __has_feature(capabilities) + // CheriBSD revocation does not support MALLOCX_ARENA. + // See: https://man.cheribsd.org/cgi-bin/man.cgi/mrs + ASSERT(!malloc_is_revoking()); +#endif + void *area_start = mmap(NULL, k_AreaSize, PROT_NONE | PROT_MAX(PROT_READ | PROT_WRITE), MAP_GUARD | MAP_ALIGNED(k_LgAreaSize), From 0cf8f85480fb44637f6f9e74ff5eda1338e505b1 Mon Sep 17 00:00:00 2001 From: Jacob Bramley Date: Fri, 12 Jan 2024 12:40:27 +0000 Subject: [PATCH 6/6] Morello: Specify ContinuousArenaMalloc realloc alignment. This is mostly for symmetry with alignment (malloc), making it easier to verify that we're not breaking existing alignment constraints. --- Source/WTF/wtf/ContinuousArenaMalloc.cpp | 18 ++++++++++++------ Source/WTF/wtf/ContinuousArenaMalloc.h | 6 +++--- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/Source/WTF/wtf/ContinuousArenaMalloc.cpp b/Source/WTF/wtf/ContinuousArenaMalloc.cpp index 98b02088420..c6da46251d0 100644 --- a/Source/WTF/wtf/ContinuousArenaMalloc.cpp +++ b/Source/WTF/wtf/ContinuousArenaMalloc.cpp @@ -111,13 +111,15 @@ void ContinuousArenaMalloc::initializePerThread() #endif } -void *ContinuousArenaMalloc::internalAllocateAligned(size_t alignment, - size_t size) +void *ContinuousArenaMalloc::internalAllocateAligned(size_t alignment, size_t size) { ASSERT((alignment & (alignment - 1)) == 0); ASSERT(s_Initialized); - void * result = mallocx(size, MALLOCX_ALIGN(alignment) | MALLOCX_TCACHE_NONE | MALLOCX_ARENA(s_arenaIndex)); + void * result = mallocx( + size, + MALLOCX_ALIGN(alignment) | MALLOCX_TCACHE_NONE | MALLOCX_ARENA(s_arenaIndex) + ); #if __has_feature(capabilities) // If either of these fail, try disabling capability revocation. // See: https://github.com/CTSRD-CHERI/cheribsd/issues/1964 @@ -136,14 +138,18 @@ void *ContinuousArenaMalloc::internalAllocateAligned(size_t alignment, return result; } -void *ContinuousArenaMalloc::internalReallocate(void *ptr, size_t size) +void *ContinuousArenaMalloc::internalReallocateAligned(void *ptr, size_t alignment, size_t size) { ASSERT(s_Initialized); - void * result = rallocx(ptr, size, MALLOCX_TCACHE_NONE | MALLOCX_ARENA(s_arenaIndex)); + void * result = rallocx( + ptr, + size, + MALLOCX_ALIGN(alignment) | MALLOCX_TCACHE_NONE | MALLOCX_ARENA(s_arenaIndex) + ); #if __has_feature(capabilities) // If either of these fail, try disabling capability revocation. // See: https://github.com/CTSRD-CHERI/cheribsd/issues/1964 - ASSERT(cheri_is_aligned(result, size)); + ASSERT(cheri_is_aligned(result, alignment)); #ifdef __CHERI_PURE_CAPABILITY__ ASSERT(cheri_is_subset(result, cheri_ddc_get())); #elif !defined(ASSERT_DISABLED) diff --git a/Source/WTF/wtf/ContinuousArenaMalloc.h b/Source/WTF/wtf/ContinuousArenaMalloc.h index b10c8743b59..fa5fab29b68 100644 --- a/Source/WTF/wtf/ContinuousArenaMalloc.h +++ b/Source/WTF/wtf/ContinuousArenaMalloc.h @@ -46,7 +46,7 @@ class ContinuousArenaMalloc { } static void* realloc(void* p, size_t size) { - void *ret = internalReallocate(p, size); + void *ret = tryRealloc(p, size); if (!ret) { CRASH(); @@ -72,7 +72,7 @@ class ContinuousArenaMalloc { } static void* tryRealloc(void* p, size_t size) { - return internalReallocate(p, size); + return internalReallocateAligned(p, sizeof(void *), size); } static bool isWithin(size_t non_cap_ptr) { @@ -128,7 +128,7 @@ class ContinuousArenaMalloc { #endif static void* internalAllocateAligned(size_t alignment, size_t size); - static void* internalReallocate(void *p, size_t size); + static void* internalReallocateAligned(void *p, size_t alignment, size_t size); static void internalFree(void* ptr); // True iff [addr, addr+size) is a subset of or equal to [s_Start, s_End).