Feature: LPMP support to break the enclave number limitation

examples/CMakeLists.txt

@@ -35,3 +35,4 @@ add_subdirectory(hello)
 add_subdirectory(hello-native)
 add_subdirectory(attestation)
 add_subdirectory(tests)
+add_subdirectory(hello-lpmp)

examples/hello-lpmp/CMakeLists.txt

@@ -0,0 +1,36 @@
+set(eapp_bin hello-lpmp)
+set(eapp_src eapp/hello_lpmp.c)
+set(host_bin hello-lpmp-runner)
+set(host_src host/host_lpmp.cpp)
+set(package_name "hello-lpmp.ke")
+set(package_script "./hello-lpmp-runner hello-lpmp eyrie-rt loader.bin")
+set(eyrie_plugins "io_syscall linux_syscall env_setup")
+
+# eapp
+
+add_executable(${eapp_bin} ${eapp_src})
+target_link_libraries(${eapp_bin} "-static")
+
+# host
+
+add_executable(${host_bin} ${host_src})
+target_link_libraries(${host_bin} ${KEYSTONE_LIB_HOST} ${KEYSTONE_LIB_EDGE})
+
+# add target for Eyrie runtime (see keystone.cmake)
+
+set(eyrie_files_to_copy .options_log eyrie-rt loader.bin)
+add_eyrie_runtime(${eapp_bin}-eyrie
+  ${eyrie_plugins}
+  ${eyrie_files_to_copy})
+
+# add target for packaging (see keystone.cmake)
+
+add_keystone_package(${eapp_bin}-package
+  ${package_name}
+  ${package_script}
+  ${eyrie_files_to_copy} ${eapp_bin} ${host_bin})
+
+add_dependencies(${eapp_bin}-package ${eapp_bin}-eyrie)
+
+# add package to the top-level target
+add_dependencies(examples ${eapp_bin}-package)

examples/hello-lpmp/eapp/hello_lpmp.c

@@ -0,0 +1,10 @@
+#include <stdio.h>
+#include <unistd.h>
+
+int main()
+{
+  printf("Hello, Enclave!\n");
+  sleep(30);
+  printf("Goodbye, Enclave!\n");
+  return 0;
+}

examples/hello-lpmp/host/host_lpmp.cpp

@@ -0,0 +1,27 @@
+//******************************************************************************
+// Copyright (c) 2018, The Regents of the University of California (Regents).
+// All Rights Reserved. See LICENSE for license details.
+//------------------------------------------------------------------------------
+#include "edge/edge_call.h"
+#include "host/keystone.h"
+
+using namespace Keystone;
+
+int
+main(int argc, char** argv) {
+  Enclave enclave;
+  Params params;
+
+  params.setFreeMemSize(256 * 1024);
+  params.setUntrustedSize(256 * 1024);
+
+  enclave.init(argv[1], argv[2], argv[3], params);
+
+  enclave.registerOcallDispatch(incoming_call_dispatch);
+  edge_call_init_internals(
+      (uintptr_t)enclave.getSharedBuffer(), enclave.getSharedBufferSize());
+
+  enclave.run();
+
+  return 0;
+}

overlays/keystone/patches/opensbi/opensbi-lpmp.patch

@@ -0,0 +1,23 @@
+diff --git a/lib/sbi/sbi_trap.c b/lib/sbi/sbi_trap.c
+index ee3e4e9..0ac34f9 100644
+--- a/lib/sbi/sbi_trap.c
++++ b/lib/sbi/sbi_trap.c
+@@ -21,6 +21,7 @@
+ #include <sbi/sbi_scratch.h>
+ #include <sbi/sbi_timer.h>
+ #include <sbi/sbi_trap.h>
++#include "lpmp.h"
+
+ static void __noreturn sbi_trap_error(const char *msg, int rc,
+ 				      ulong mcause, ulong mtval, ulong mtval2,
+@@ -304,6 +305,10 @@ struct sbi_trap_regs *sbi_trap_handler(struct sbi_trap_regs *regs)
+ 		sbi_pmu_ctr_incr_fw(mcause == CAUSE_LOAD_ACCESS ?
+ 			SBI_PMU_FW_ACCESS_LOAD : SBI_PMU_FW_ACCESS_STORE);
+ 		/* fallthrough */
++    case CAUSE_FETCH_ACCESS:
++		rc = pmp_fault_handler(mtval);
++		msg = "access fault (PMP)";
++		break;
+ 	default:
+ 		/* If the trap came from S or U mode, redirect it there */
+ 		trap.epc = regs->mepc;

sm/src/enclave.c

@@ -3,11 +3,14 @@
 // All Rights Reserved. See LICENSE for license details.
 //------------------------------------------------------------------------------
 #include "enclave.h"
+#include "lpmp.h"
+#include "ipi.h"
 #include "mprv.h"
 #include "pmp.h"
 #include "page.h"
 #include "cpu.h"
 #include "platform-hook.h"
+#include <sbi/riscv_barrier.h>
 #include <sbi/sbi_string.h>
 #include <sbi/riscv_asm.h>
 #include <sbi/riscv_locks.h>
@@ -76,7 +79,8 @@ static inline void context_switch_to_enclave(struct sbi_trap_regs* regs,
   switch_vector_enclave();
 
   // set PMP
-  osm_pmp_set(PMP_NO_PERM);
+  pmp_clear();
+  smp_mb();
   int memid;
   for(memid=0; memid < ENCLAVE_REGIONS_MAX; memid++) {
     if(enclaves[eid].regions[memid].type != REGION_INVALID) {
@@ -94,13 +98,7 @@ static inline void context_switch_to_host(struct sbi_trap_regs *regs,
     int return_on_resume){
 
   // set PMP
-  int memid;
-  for(memid=0; memid < ENCLAVE_REGIONS_MAX; memid++) {
-    if(enclaves[eid].regions[memid].type != REGION_INVALID) {
-      pmp_set_keystone(enclaves[eid].regions[memid].pmp_rid, PMP_NO_PERM);
-    }
-  }
-  osm_pmp_set(PMP_ALL_PERM);
+  activate_host_lpmp();
 
   uintptr_t interrupts = MIP_SSIP | MIP_STIP | MIP_SEIP;
   csr_write(mideleg, interrupts);
@@ -370,20 +368,21 @@ unsigned long create_enclave(unsigned long *eidptr, struct keystone_sbi_create_t
 
   // create a PMP region bound to the enclave
   ret = SBI_ERR_SM_ENCLAVE_PMP_FAILURE;
-  if(pmp_region_init_atomic(base, size, PMP_PRI_ANY, &region, 0))
+  if(pmp_region_init_atomic(eid, base, size, PMP_PRI_ANY, &region, 0))
     goto free_encl_idx;
 
   // create PMP region for shared memory
-  if(pmp_region_init_atomic(utbase, utsize, PMP_PRI_BOTTOM, &shared_region, 0))
+  if(pmp_region_init_atomic(eid, utbase, utsize, PMP_PRI_BOTTOM, &shared_region, 0))
     goto free_region;
 
-  // set pmp registers for private region (not shared)
-  if(pmp_set_global(region, PMP_NO_PERM))
-    goto free_shared_region;
+  // maintain host LPMP regions.
+  host_split_region(base, size, 0);
 
   // cleanup some memory regions for sanity See issue #38
   clean_enclave_memory(utbase, utsize);
 
+  // send ipi to flush tlb for all harts.
+  send_flush_tlb_ipi();
 
   // initialize enclave metadata
   enclaves[eid].eid = eid;
@@ -392,6 +391,7 @@ unsigned long create_enclave(unsigned long *eidptr, struct keystone_sbi_create_t
   enclaves[eid].regions[0].type = REGION_EPM;
   enclaves[eid].regions[1].pmp_rid = shared_region;
   enclaves[eid].regions[1].type = REGION_UTM;
+
 #if __riscv_xlen == 32
   enclaves[eid].encl_satp = ((base >> RISCV_PGSHIFT) | (SATP_MODE_SV32 << HGATP_MODE_SHIFT));
 #else
@@ -429,14 +429,13 @@ unsigned long create_enclave(unsigned long *eidptr, struct keystone_sbi_create_t
 // free_platform:
   platform_destroy_enclave(&enclaves[eid]);
 unset_region:
-  pmp_unset_global(region);
-free_shared_region:
-  pmp_region_free_atomic(shared_region);
+  pmp_region_free_atomic(eid, shared_region);
 free_region:
-  pmp_region_free_atomic(region);
+  pmp_region_free_atomic(eid, region);
 free_encl_idx:
   encl_free_eid(eid);
 error:
+  host_add_region((uintptr_t)base, (uint64_t)size, 0);
   return ret;
 }
 
@@ -483,14 +482,16 @@ unsigned long destroy_enclave(enclave_id eid)
     sbi_memset((void*) base, 0, size);
 
     //1.b free pmp region
-    pmp_unset_global(rid);
-    pmp_region_free_atomic(rid);
+    pmp_region_free_atomic(eid, rid);
+
+    // maintain host_regions
+    host_add_region((uintptr_t)base, (uint64_t)size, 0);
   }
 
   // 2. free pmp region for UTM
   rid = get_enclave_region_index(eid, REGION_UTM);
   if(rid != -1)
-    pmp_region_free_atomic(enclaves[eid].regions[rid].pmp_rid);
+    pmp_region_free_atomic(eid, enclaves[eid].regions[rid].pmp_rid);
 
   enclaves[eid].encl_satp = 0;
   enclaves[eid].n_thread = 0;
@@ -499,6 +500,9 @@ unsigned long destroy_enclave(enclave_id eid)
     enclaves[eid].regions[i].type = REGION_INVALID;
   }
 
+  // send ipi to flash tlb for all harts.
+  send_flush_tlb_ipi();
+
   // 3. release eid
   encl_free_eid(eid);
 

sm/src/ipi.c

@@ -30,3 +30,20 @@ void send_and_sync_pmp_ipi(int region_idx, int type, uint8_t perm)
   sbi_tlb_request(mask, 0, &tlb_info);
 }
 
+void sbi_flush_tlb_local(struct sbi_tlb_info *__info)
+{
+  asm volatile("sfence.vma");
+}
+
+void send_flush_tlb_ipi(void)
+{
+  ulong mask = 0;
+  ulong source_hart = current_hartid();
+  struct sbi_tlb_info tlb_info;
+  sbi_hsm_hart_interruptible_mask(sbi_domain_thishart_ptr(), 0, &mask);
+
+  SBI_TLB_INFO_INIT(&tlb_info, 0, 0, 0, 0,
+      sbi_flush_tlb_local, source_hart);
+  sbi_tlb_request(mask, 0, &tlb_info);
+}
+

sm/src/ipi.h

@@ -24,4 +24,9 @@ int sbi_pmp_ipi_init(struct sbi_scratch* scratch, bool cold_boot);
 int sbi_pmp_ipi_request(ulong hmask, ulong hbase, struct sbi_pmp_ipi_info* info);
 
 void send_and_sync_pmp_ipi(int region_idx, int type, uint8_t perm);
+
+void sbi_flush_tlb_local(struct sbi_tlb_info *__info);
+
+void send_flush_tlb_ipi(void);
+
 #endif