search

CTSRD-CHERI / cheribsd-ports

FreeBSD ports tree adapted for CheriBSD.
https://CheriBSD.org
Other
5 stars 11 forks source link

Make purecap libslirp available #163

Open markjdb opened 3 weeks ago

markjdb commented 3 weeks ago

This is useful for bhyve, which has a network backend that makes use of libslirp to provide userspace networking. Unfortunately, libslirp requires a smallish patch to work under CHERI. It works in my testing but needs more thought before it can be upstreamed; see the commit log message for some details.

Note, I only tested this by building ports locally on my morello system. I suspect that enabling glib20 for purecap will cause us to start building lots of other packages which previously had been skipped.

kwitaszczyk commented 3 weeks ago

@gcjenkinson Is https://github.com/CTSRD-CHERI/glib/tree/glib_2.76.4_cheri based on https://github.com/arichardson/glib/tree/main-with-cheri-fixes, https://gitlab.gnome.org/arichardson/glib/-/tree/main-with-cheri-fixes, or yet something else? It would be good to discuss with @arichardson what's the CHERIfied upstream for glib.

@gcjenkinson Also, have you tested your branch with aarch64, not only aarch64c?

@markjdb While I'm fine with adding a patch to unblock some CheriABI packages, I wouldn't want to add it if it would break some aarch64 packages. If we're not sure about this, we should test this patch with aarch64 Chromium, Ghidra, CHERI QEMU that we find crucial -- I can do that. If turns out some aarch64 programs are broken with it, and we don't have time to fix glib for them, we can apply the glib patch only when building for purecap.

gcjenkinson commented 3 weeks ago

@kwitaszczyk It hasn't been tested on aarch64, you'd definitely want to do that (though I wouldn't expect too many issues).

@kwitaszczyk The history is a little complicated, but essentially it's lineage is from https://github.com/arichardson/glib/tree/main-with-cheri-fixes (though that is just based on a set of changes I made initially with some clean up).

markjdb commented 3 weeks ago

@markjdb While I'm fine with adding a patch to unblock some CheriABI packages, I wouldn't want to add it if it would break some aarch64 packages. If we're not sure about this, we should test this patch with aarch64 Chromium, Ghidra, CHERI QEMU that we find crucial -- I can do that. If turns out some aarch64 programs are broken with it, and we don't have time to fix glib for them, we can apply the glib patch only when building for purecap.

I'm not really set up to test, so if you could I would really appreciate it. Note that setting -DG_ENABLE_EXPERIMENTAL_ABI_COMPILATION has no runtime effect, it just disables some compile-time assertions.

arichardson commented 3 weeks ago

@gcjenkinson Is https://github.com/CTSRD-CHERI/glib/tree/glib_2.76.4_cheri based on https://github.com/arichardson/glib/tree/main-with-cheri-fixes, https://gitlab.gnome.org/arichardson/glib/-/tree/main-with-cheri-fixes, or yet something else? It would be good to discuss with @arichardson what's the CHERIfied upstream for glib.

@gcjenkinson Also, have you tested your branch with aarch64, not only aarch64c?

@markjdb While I'm fine with adding a patch to unblock some CheriABI packages, I wouldn't want to add it if it would break some aarch64 packages. If we're not sure about this, we should test this patch with aarch64 Chromium, Ghidra, CHERI QEMU that we find crucial -- I can do that. If turns out some aarch64 programs are broken with it, and we don't have time to fix glib for them, we can apply the glib patch only when building for purecap.

I managed to get most of the glib changes merged upstream, the outstanding diff is in https://gitlab.gnome.org/arichardson/glib/-/commits/main-with-cheri-fixes/?ref_type=heads