Next round of changes to the switcher #358
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rmn30
reviewed
Nov 25, 2024
rmn30
reviewed
Nov 25, 2024
nwf
force-pushed
the
202411-switcher-next
branch
3 times, most recently
from
4c1fb36 to
c5356fc
Compare
rmn30
reviewed
Nov 26, 2024
sdk/core/switcher/entry.S
Outdated
| * reference is not stored in memory (in the switcher, anyway), just mtdc. | ||
| * However, when this reference is extracted and sealed for the next | ||
| * context switch (in .Lexception_scheduler_call), the result will lack | ||
| * GL(obal), which will likely prove challenging for the scheduler. |
There was a problem hiding this comment.
which will likely prove challenging for the scheduler
I think this is understatement?! I'm not so familiar with the scheduler but presumably it keeps the sealed trusted stack pointers in global data structures. It sounds like this would only allow the scheduler to crash itself so not really an issue but I wonder if there are other ways a non-GL context pointer could make its way into the scheduler? switcher_interrupt_thread looks like it needs investigating.
nwf
force-pushed
the
202411-switcher-next
branch
2 times, most recently
from
fc43793 to
29bed5e
Compare
nwf
force-pushed
the
202411-switcher-next
branch
2 times, most recently
from
fc8ac57 to
27ddfd1
Compare
nwf
force-pushed
the
202411-switcher-next
branch
4 times, most recently
from
abaab69 to
1eddd0c
Compare
Statically assert that the switcher's possibly imprecise test is precise This changes no bytes in the generated code.
Add "trusted" to signal that these access the TrustedStack spill frame, not the compartment_switcher_entry spill frame.
This lets us shave off an instruction. Some additional creativity inspired by @rmn30 lets us compress the update of csp and the three spills other than the initial.
mtval is also exposed to the scheduler in .Lexception_scheduler_call
While we can't easily reuse the spill frame restore in switcher_after_compartment_call, due to its interplay with the SHWM and zeroing invariants, we can reuse .Lswitch_callee_dead_zeros. This saves a few bytes at the cost of a jump on an error path.
nwf
force-pushed
the
202411-switcher-next
branch
from
1eddd0c to
bea6bec
Compare
nwf
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pulling from #334 . This is much, much smaller than #320 and so hopefully that much easier to review. As usual, commit-by-commit is probably the right approach.
I am only so confident in the
mscratchcchanges, as they are not mechanically checked, though the version here does run the test suite on my machine (and several nearby versions, in some sense, do not). We might want to tear the bottom commits off this PR, as often happens.