search

lsds / intravisor

Virtualisation platform using CHERI for isolation and sharing
MIT License
35 stars 9 forks source link

In-address space security exception in Helloworld test cVM on riscv64-hybrid #2

Closed DeborohNoah closed 9 months ago

DeborohNoah commented 1 year ago

Hello, i'm currently trying to run the helloworld native runtime on the intravisor. I'm experiencing issues. I compiled every software as in the guide thorugh cheribuild, I run the machine with

./cheribuild.py run-riscv64-hybrid --enable-hybrid-targets

After running the intravisor on cheribsd with: root@cheribsd-riscv64-hybrid:~ # ./intravisor -y native-hello.yaml -r libnative-hello.so

Using yaml.cfg = native-hello.yaml ** [68] Deploy 'hello' BUILDING cvm: name=hello, disk=(null), runtime=libnative-hello.so, net=(null) , args='/ld.so /app/main', base=0x440000000, size=0x40000000, begin=0x4400000 00, end=0x480000000, cb_in = '(null)', cb_out = 'monitor' wait = 0s clean_roo m = 0 [2]: 87103000 440000000 3d4 3d4 87103000 3d4 [3]: 871033d4 4400013d4 23c 23c 871033d4 23c end of RO: 440002610 [4]: 87103610 440002610 90 90 87103610 90 [5]: 871036a0 4400036a0 8 8 871036a0 8 ELF BASE = 0x440000000, MAP SIZE = 36a8, ENTRY = 0x13d4 encl_map.entry = 0x13d4 encl_map.ret = 0x14ee [cVM STACKs] = [0x47e000000 -- 480000000] pty path = /dev/pts/0 Convrting free memory into cVM Heap: 440004000 -- 47e000000 +3dffc000 ( 991.9 84375 MB) e-hello.so sd-riscv64-hybrid:~ # ./intravisor -y native-hello.yaml -r libnativ Using yaml.cfg = native-hello.yaml ** [68] Deploy 'hello' BUILDING cvm: name=hello, disk=(null), runtime=libnative-hello.so, net=(null), args='/ld.so /app/main', base=0x440000000, size=0x40000000, begin=0x440000000, end=0x480000000, cb_in = '(null)', cb_out = 'monitor' wait = 0s clean_room = 0 [2]: 88b85000 440000000 3d4 3d4 88b85000 3d4 [3]: 88b853d4 4400013d4 23c 23c 88b853d4 23c end of RO: 440002610 [4]: 88b85610 440002610 90 90 88b85610 90 [5]: 88b856a0 4400036a0 8 8 88b856a0 8 ELF BASE = 0x440000000, MAP SIZE = 36a8, ENTRY = 0x13d4 encl_map.entry = 0x13d4 encl_map.ret = 0x14ee [cVM STACKs] = [0x47e000000 -- 480000000] pty path = /dev/pts/0 Convrting free memory into cVM Heap: 440004000 -- 47e000000 +3dffc000 ( 991.984375 MB) cVM doesn't use heap or has a built-in one SEALED RET FROM MON 0x81483390 0x81483380 ** Link Inner<-->Outer ** ALL cVMs loaded target SP = 47fffc000, old TP = 47ffffc00 sp_read = 0x480000000, me->stacl = 0x47ff80000, getSP()=0x47ffff990, me->c_tp = 0x47ffffbf0 47ffffbe0 [1] '/app/main' sp[i+1] = '/app/main' &env0 = 0x47fffc020, &env1=0x47fffc028 ca0: sealed COMP PCC tag 1 s 1 perms 00008117 type 0000000000000000 base 0000000440000000 length 0000000040000000 ofset 00000000000013d4 ca1: sealed COMP DDC tag 1 s 1 perms 0000817d type 0000000000000000 base 0000000440000000 length 0000000040000000 ofset 0000000000000000 ca2: COMP DDC tag 1 s 0 perms 0000817d type ffffffffffffffff base 0000000440000000 length 0000000040000000 ofset 0000000000000000 ca3: sealed HC PCC tag 1 s 1 perms 00068117 type 0000000000000000 base 0000000000000000 length 0000800000000000 ofset 0000000000483c1c ca4: sealed HC DDC (mon.DDC) tag 1 s 1 perms 0007817d type 0000000000000000 base 0000000000000000 length 0000800000000000 ofset 0000000000000000 ca5: sealed OCALL PCC tag 1 s 1 perms 00068117 type 0000000000000000 base 0000000000000000 length 0000800000000000 ofset 0000000000483bf4 ca6: sealed ret from mon tag 1 s 1 perms 00008117 type 0000000000000000 base 0000000440000000 length 0000000040000000 ofset 00000000000014ee HW: sp = 0x3fffc000, tp = 0x47ffffa30, &cinv_args = 0x47ffffab0 TP_ARGS: 47e001000, 44, 47ff81000

In-address space security exception (core dumped)

The core dump reveals the following

Program terminated with signal SIGPROT, CHERI protection violation. Capability tag fault.

Am I running it on the wrong architecture or is this a bug? Let me know if further infos are needed to debug the issue

sartakov commented 1 year ago

Thank you for the question.

  1. there is no need for -r, the yaml file gives all that Intravisor needs
  2. Please past .config here
  3. Please run using gdb and past here ‘display /16i $pc-36’

thank you

DeborohNoah commented 1 year ago

Ok so I ran the program through gdb without the -r. This is the output

(gdb) display /16i $pc-36 1: x/16i $pc-36 0x4400014b0: auipc t0,0x2 0x4400014b4: addi t0,t0,512 0x4400014b8: ld t0,0(t0) 0x4400014bc: lc cs2,32(t0) 0x4400014c0: lc cs3,48(t0) 0x4400014c4: lc cs4,64(t0) 0x4400014c8: lc ct1,192(t0) 0x4400014cc: lc ct0,176(t0) 0x4400014d0: cmove ct2,cs2 => 0x4400014d4: cinvoke cs3,cs4 0x4400014d8: auipc t0,0x2 0x4400014dc: addi t0,t0,472 0x4400014e0: ld t0,0(t0) 0x4400014e4: lc cs2,32(t0) 0x4400014e8: lc cs3,208(t0) 0x4400014ec: lc cs4,64(t0)

As for the .config file this is my configuration

# # Automatically generated file; DO NOT EDIT. # Configuration # CONFIG_ARCH_RV=y # CONFIG_ARCH_ARM is not set # CONFIG_ARCH_X86 is not set CONFIG_BIT_64=y # CONFIG_MODE_PURE is not set CONFIG_MODE_HYB=y # CONFIG_MODE_SIM is not set CONFIG_OS_CHERIBSD=y # CONFIG_OS_LINUX is not set CONFIG_DEBUG=y CONFIG_ORC=y CONFIG_LIBVIRT=y CONFIG_LKL=y

# # LKL Config # CONFIG_LKL_HEAP_SIZE_MB=200 CONFIG_CHERI_SDK="${HOME}/cheri/output/sdk" CONFIG_CVM_MAX_SIZE=0x10000000

Thanks a lot for helping me out!

sartakov commented 1 year ago

CONFIG_CVM_MAX_SIZE and size in native-hello.yaml should have the same value (0x40000000 is preferable). I changed the default value in KConfig

DeborohNoah commented 1 year ago

Ok so made a new .config with the following and edited the max cvm size with the proper value (0x40000000)

vagrant@ubuntu-jammy:~/intravisor$ kconfig-mconf Kconfig

I tried recompiling the intravisor with

vagrant@ubuntu-jammy:~/intravisor$ make -C src/

and, to make sure, helloworld with the following (even though I'm pretty sure it wasn't needed)

vagrant@ubuntu-jammy:~/intravisor/runtime/native/hello_world$ make -C runtime/native/hello_world/

but it keeps raising a memory access error. I even tried reducing the cvm size in the .yaml file to 0x10000000 but then it wouldn't print the "hello world" string. Through gdb i can see the program keeps throwing an error at the same Cinvoke instruction as before so I didn't paste it down here. This is the new .config

.config # # Automatically generated file; DO NOT EDIT. # Configuration # CONFIG_ARCH_RV=y # CONFIG_ARCH_ARM is not set # CONFIG_ARCH_X86 is not set CONFIG_BIT_64=y # CONFIG_MODE_PURE is not set CONFIG_MODE_HYB=y # CONFIG_MODE_SIM is not set CONFIG_OS_CHERIBSD=y # CONFIG_OS_LINUX is not set CONFIG_DEBUG=y CONFIG_ORC=y CONFIG_LIBVIRT=y CONFIG_LKL=y

# # LKL Config # CONFIG_LKL_HEAP_SIZE_MB=200 CONFIG_CHERI_SDK="${HOME}/cheri/output/sdk" CONFIG_CVM_MAX_SIZE=0x40000000

Thanks again for all the support!

sartakov commented 1 year ago

ok, it seems something is broken in RV64 versions, thank you. I will try to have a look later next week or close to xmas - we have some deadlines. meanwhile, if you want to play with this particular example, I suggest to use aarch64 version, which works for me: 

root@cheribsd-morello-hybrid:/e # gdb --args ./intravisor -y 
intravisor          libnative-hello.so  native-hello.yaml  
root@cheribsd-morello-hybrid:/e # gdb --args ./intravisor -y native-hello.yaml 
GNU gdb (GDB) 12.1
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "aarch64-unknown-freebsd13".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./intravisor...
(gdb) r
Starting program: /e/intravisor -y native-hello.yaml
Using yaml.cfg = native-hello.yaml
***************** [17] Deploy 'hello' ***************
BUILDING cvm: name=hello, disk=(null), runtime=libnative-hello.so, net=(null), args='/ld.so /app/main', base=0x440000000, size=0x40000000, begin=0x440000000, end=0x480000000, cb_in = '(null)', cb_out = 'monitor' wait = 0s clean_room = 0
[2]: 4026e000 440000000 3c4 3c4 4026e000 3c4
[3]: 4026e3c8 4400103c8 238 238 4026e3c8 238
end of RO: 440020600
[4]: 4026e600 440020600 90 90 4026e600 90
[5]: 4026e690 440030690 8 8 4026e690 8
ELF BASE = 0x440000000, MAP SIZE = 30698, ENTRY = 0x103c8
encl_map.entry = 0x103c8
encl_map.ret = 0x104e4
[cVM STACKs] = [0x47e000000 -- 480000000]
Convrting free memory into cVM Heap: 440031000 -- 47e000000 +3dfcf000 ( 991.808594 MB)
cVM doesn't use heap or has a built-in one
SEALED RET FROM MON 0xffffffffe7b0 0xffffffffe7a0
ACHTUNG: 'libnative-hello.so' has syscall handler 'syscall_handler' at 0x10518
***************** Link Inner<-->Outer ***************
***************** ALL cVMs loaded ***************
[New LWP 100067 of process 1011]
target SP = 47fffc000, old TP = 47ffffbe0 sp_read = 0x480000000, me->stacl = 0x47ff80000, getSP()=0x47ffff990, me->c_tp = 0x47ffffbd0 47ffffbc0
[1] '/app/main'
sp[i+1] = '/app/main'
&env0 = 0x47fffc020, &env1=0x47fffc028
ca0: sealed COMP PCC
tag 1 s 1 perms 0002c147 type 0000000000000004
        base 0000000440000000 length 0000000040000000 ofset 00000000000103c8
ca1: sealed COMP DDC
tag 1 s 1 perms 00037145 type 0000000000000004
        base 0000000440000000 length 0000000040000000 ofset 0000000000000000
ca2: COMP DDC
tag 1 s 0 perms 00037145 type 0000000000000000
        base 0000000440000000 length 0000000040000000 ofset 0000000000000000
ca3: sealed HC PCC
tag 1 s 1 perms 0002c177 type 0000000000000004
        base 0000000000000000 length 0001000000000000 ofset 0000000000248748
ca4: sealed HC DDC (mon.DDC)
tag 1 s 1 perms 0003717d type 0000000000000004
        base 0000000000000000 length 0001000000000000 ofset 0000000000000000
ca5: sealed OCALL PCC 
tag 1 s 1 perms 0002c177 type 0000000000000004
        base 0000000000000000 length 0001000000000000 ofset 00000000002487c4
ca6: sealed ret from mon
tag 1 s 1 perms 0002c147 type 0000000000000004
        base 0000000440000000 length 0000000040000000 ofset 00000000000104e4
HW: sp = 0x3fffc000, tp = 0x47ffffa10, &cinv_args = 0x47ffffa90
TP_ARGS: 47e001000, 11, 440000000
-----------------------------------------------
hello world, let's read cap 'test1' 
Hello world
[LWP 100067 of process 1011 exited]
[Inferior 1 (process 1011) exited normally]
(gdb) 
#
# Automatically generated file; DO NOT EDIT.
# Configuration
#
#CONFIG_ARCH_RV=y
CONFIG_ARCH_ARM=y
# CONFIG_ARCH_X86 is not set
CONFIG_BIT_64=y
# CONFIG_MODE_PURE is not set
CONFIG_MODE_HYB=y
# CONFIG_MODE_SIM is not set
CONFIG_OS_CHERIBSD=y
# CONFIG_OS_LINUX is not set
# CONFIG_DEBUG is not set
# CONFIG_ORC is not set
# CONFIG_LIBVIRT is not set
# CONFIG_LKL is not set
CONFIG_CHERI_SDK="${HOME}/cheri/output/morello-sdk"
CONFIG_CVM_MAX_SIZE=0x40000000

NB: please make clean if you change something in .config

DeborohNoah commented 1 year ago

Ok will do! Thanks a lot for the support!

sartakov commented 9 months ago

RV64 version should work now (0.3.0)