[CHERI-RISC-V] Update for tag clearing #210
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
arichardson
force-pushed
the
2023-update-for-tag-clearing
branch
from
c0a74f8
to
e8f4911
Compare
arichardson
force-pushed
the
2023-update-for-tag-clearing
branch
from
44cd2ea
to
de6412a
Compare
|
Should be ready for review now. |
arichardson
force-pushed
the
2023-update-for-tag-clearing
branch
from
de6412a
to
f39ac21
Compare
|
Includes #219 to ensure the CI can pass. |
This is cleaner than using TARGET_AARCH64 and will be required to update CHERI-RISC-V to tag-clearing semantics.
Changing CHERI_TAG_CLEAR_ON_INVALID to 1 swaps over all functions that are shared with the Morello model to tag clearing. It does not handled instructions that are specific to MIPS/RISC-V but that will be added in the following commits.
arichardson
force-pushed
the
2023-update-for-tag-clearing
branch
from
f39ac21
to
f663baa
Compare
|
Rebased. |
arichardson
force-pushed
the
2023-update-for-tag-clearing
branch
from
47aef3c
to
23e6e3a
Compare
qwattash
reviewed
Jun 13, 2023
qwattash
approved these changes
Jun 13, 2023
Ah that is a good point - probably not too useful if it's already untagged. |
It is still not quite the same as the sail model when processing sentries, but the trapping behaviour matches now.
This should also mostly fix CCSeal.
The current behaviour does not match sail yet, but this is the first step towards spec-compliant behaviour.
It still doesn't quite match sail due to the old requirement to have CAP_PERM_EXECUTE, but that is not a useful restriction - non-executable sentries can be extremely useful as an alternative to otypes.
When I originally added sentries, I only considered the jump use case and added a trap for non-executable inputs to catch errors early. However, non-executable sentries can be extremely useful if you use re-derivation for unsealing instead. These semantics now match the sail model where the restriction was removed as part of the tag-clearing changes. For now this keeps the trapping behaviour for MIPS as that allows running the existing testsuite before and after this change.
The cheri-compressed-cap setters assert that the value is in range, so we have to mask before updating otype to arbitrary values.
Check that the input capability could have been created using a sequence of valid subsetting instructions and compare the result to the raw bit pattern instead of accepting any subset of the authorizing capability. This matches the sail behaviour.
We have to check the second argument first.
Jenkins nested parallel has some rather surprising behaviours - in this case it seems like a later successful call to junit set the entire build status back to stable even if there were test failures. Using the same logic as the CheriBSD job should hopefully make this branch fail as expected.
This will allow detecting required CHERI features more easily and is helpful for the transition period where older implementations still exist. See also: CTSRD-CHERI/sail-cheri-riscv#74
arichardson
force-pushed
the
2023-update-for-tag-clearing
branch
from
23e6e3a
to
13edbc1
Compare
bsdjhb
pushed a commit
to CTSRD-CHERI/cheribsd
that referenced
this pull request
Jun 16, 2023
Once CTSRD-CHERI/qemu#210 is merged, QEMU will tag clear instead of rasing exceptions on invalid sealing. To support the transition period where CheriBSD can still be booted on older QEMU, we raise a SIGPROT if the seal/unseal operation tag-clears.
The main branch of CheriBSD has test failures with tag-clearing QEMU as it expects trapping behaviour and those changes will not be cherry-picked, so we have to boot dev until main is updated.
|
Test failures are timeouts on the ASAN builds. Merging. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Catches up with CTSRD-CHERI/sail-cheri-riscv#56
Verified by running TestRIG against sail. While fuzzing against sail I also found some additional divergences that I'll upload fixes for in separate PRs.