Minimize the # of memory pages whose permissions are modified
This commit is contained in:
Tate, Hongliang Tian
parent
b041dee55c
commit
68d459975d
@ -3,7 +3,7 @@
|
|||||||
<ProdID>0</ProdID>
|
<ProdID>0</ProdID>
|
||||||
<ISVSVN>0</ISVSVN>
|
<ISVSVN>0</ISVSVN>
|
||||||
<StackMaxSize>0x80000</StackMaxSize>
|
<StackMaxSize>0x80000</StackMaxSize>
|
||||||
<HeapMaxSize>0x1000000</HeapMaxSize>
|
<HeapMaxSize>0x6000000</HeapMaxSize>
|
||||||
<TCSNum>8</TCSNum>
|
<TCSNum>8</TCSNum>
|
||||||
<TCSPolicy>1</TCSPolicy>
|
<TCSPolicy>1</TCSPolicy>
|
||||||
<DisableDebug>0</DisableDebug>
|
<DisableDebug>0</DisableDebug>
|
||||||
|
|||||||
@ -152,7 +152,7 @@ pub fn run_task() -> Result<(), &'static str> {
|
|||||||
let process : &Process = &guard;
|
let process : &Process = &guard;
|
||||||
pid = process.pid;
|
pid = process.pid;
|
||||||
//println!("Run process: {:#x?}", process);
|
//println!("Run process: {:#x?}", process);
|
||||||
println!("Run process (pid = {})", process.pid);
|
//println!("Run process (pid = {})", process.pid);
|
||||||
new_task = &process.task as *const Task
|
new_task = &process.task as *const Task
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -221,7 +221,7 @@ impl Process {
|
|||||||
|
|
||||||
self.code_vma = Vma::from_program_header(&code_ph)?;
|
self.code_vma = Vma::from_program_header(&code_ph)?;
|
||||||
self.data_vma = Vma::from_program_header(&data_ph)?;
|
self.data_vma = Vma::from_program_header(&data_ph)?;
|
||||||
self.stack_vma = Vma::new(8 * 1024, 4096,
|
self.stack_vma = Vma::new(32 * 1024 * 1024, 4096,
|
||||||
vma::Perms(vma::PERM_R | vma::PERM_W))?;
|
vma::Perms(vma::PERM_R | vma::PERM_W))?;
|
||||||
|
|
||||||
self.program_base_addr = self.alloc_mem_for_vmas(elf_file)?;
|
self.program_base_addr = self.alloc_mem_for_vmas(elf_file)?;
|
||||||
|
|||||||
@ -90,8 +90,8 @@ pub fn malloc_batch(vma_list: &mut [&mut Vma], mapped_data: &[u8])
|
|||||||
let mut max_align = VMA_MIN_MEM_ALIGN;
|
let mut max_align = VMA_MIN_MEM_ALIGN;
|
||||||
let mut total_size = 0;
|
let mut total_size = 0;
|
||||||
for vma in vma_list.into_iter() {
|
for vma in vma_list.into_iter() {
|
||||||
let mem_begin = round_up(total_size, vma.mem_align);
|
let mem_begin = align_up(total_size, vma.mem_align);
|
||||||
let mem_end = mem_begin + round_up(vma.mem_size, vma.mem_align);
|
let mem_end = mem_begin + align_up(vma.mem_size, vma.mem_align);
|
||||||
|
|
||||||
if vma.file_is_mapped {
|
if vma.file_is_mapped {
|
||||||
if vma.mem_addr < mem_begin ||
|
if vma.mem_addr < mem_begin ||
|
||||||
@ -114,8 +114,8 @@ pub fn malloc_batch(vma_list: &mut [&mut Vma], mapped_data: &[u8])
|
|||||||
let program_base_addr = memobj.get_addr();
|
let program_base_addr = memobj.get_addr();
|
||||||
let mut mem_cur = program_base_addr;
|
let mut mem_cur = program_base_addr;
|
||||||
for vma in vma_list.into_iter() {
|
for vma in vma_list.into_iter() {
|
||||||
vma.mem_begin = round_up(mem_cur, vma.mem_align);
|
vma.mem_begin = align_up(mem_cur, vma.mem_align);
|
||||||
vma.mem_end = vma.mem_begin + round_up(vma.mem_size, vma.mem_align);
|
vma.mem_end = vma.mem_begin + align_up(vma.mem_size, vma.mem_align);
|
||||||
vma.mem_addr += program_base_addr;
|
vma.mem_addr += program_base_addr;
|
||||||
vma.underlying = memobj.clone();
|
vma.underlying = memobj.clone();
|
||||||
|
|
||||||
@ -137,13 +137,19 @@ pub fn mprotect_batch(vma_list: &[&Vma])
|
|||||||
-> Result<(), &'static str>
|
-> Result<(), &'static str>
|
||||||
{
|
{
|
||||||
for vma in vma_list.into_iter() {
|
for vma in vma_list.into_iter() {
|
||||||
let start = vma.mem_begin as size_t;
|
// If don't need to change memory permissions
|
||||||
let size = (vma.mem_end - vma.mem_begin) as size_t;
|
if vma.mem_flags == Perms(PERM_R | PERM_W) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
let start = align_down(vma.mem_addr, 4096);
|
||||||
|
let size = align_up(vma.mem_size, 4096);
|
||||||
let perms = vma.mem_flags.0 as uint64_t;
|
let perms = vma.mem_flags.0 as uint64_t;
|
||||||
let status = unsafe {
|
let status = unsafe {
|
||||||
//TODO: use proper permissions
|
//TODO: use proper permissions
|
||||||
//TODO: reset the permissions when drop VMA
|
//TODO: reset the permissions when drop VMA
|
||||||
//trts_mprotect(start, size, perms)
|
//trts_mprotect(start, size, perms)
|
||||||
|
//println!("trts_mprotect: start = {}, size = {}", start, size);
|
||||||
trts_mprotect(start, size, (PERM_R | PERM_W | PERM_X) as uint64_t)
|
trts_mprotect(start, size, (PERM_R | PERM_W | PERM_X) as uint64_t)
|
||||||
};
|
};
|
||||||
if (status != sgx_status_t::SGX_SUCCESS) {
|
if (status != sgx_status_t::SGX_SUCCESS) {
|
||||||
@ -185,10 +191,14 @@ impl<'a> From<&'a program::Flags> for Perms {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fn round_up(addr: usize, align: usize) -> usize {
|
fn align_up(addr: usize, align: usize) -> usize {
|
||||||
(addr + (align - 1)) / align * align
|
(addr + (align - 1)) / align * align
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn align_down(addr: usize, align: usize) -> usize {
|
||||||
|
addr & !(align - 1)
|
||||||
|
}
|
||||||
|
|
||||||
#[link(name = "sgx_trts")]
|
#[link(name = "sgx_trts")]
|
||||||
extern {
|
extern {
|
||||||
pub fn trts_mprotect(start: size_t, size: size_t, perms: uint64_t) -> sgx_status_t;
|
pub fn trts_mprotect(start: size_t, size: size_t, perms: uint64_t) -> sgx_status_t;
|
||||||
|
|||||||
@ -4,6 +4,6 @@ char str_buf[] = "Hello World!\n";
|
|||||||
unsigned long str_size = sizeof(str_buf);
|
unsigned long str_size = sizeof(str_buf);
|
||||||
|
|
||||||
void _start(void) {
|
void _start(void) {
|
||||||
__rusgx_write(1, str_buf, str_size);
|
//__rusgx_write(1, str_buf, str_size);
|
||||||
__rusgx_exit(0);
|
__rusgx_exit(0);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -7,7 +7,7 @@ static void print_ok(void) {
|
|||||||
__rusgx_write(1, success_str_buf, success_str_size);
|
__rusgx_write(1, success_str_buf, success_str_size);
|
||||||
}
|
}
|
||||||
|
|
||||||
#define NUM_CHILDREN 100
|
#define NUM_CHILDREN 10
|
||||||
|
|
||||||
void _start(void) {
|
void _start(void) {
|
||||||
for (int ci = 0; ci < NUM_CHILDREN; ci++) {
|
for (int ci = 0; ci < NUM_CHILDREN; ci++) {
|
||||||
@ -16,7 +16,6 @@ void _start(void) {
|
|||||||
|
|
||||||
ret = __rusgx_spawn(&pid, "hello_world_raw/bin.encrypted", NULL, NULL);
|
ret = __rusgx_spawn(&pid, "hello_world_raw/bin.encrypted", NULL, NULL);
|
||||||
if (ret < 0) { __rusgx_exit(0); }
|
if (ret < 0) { __rusgx_exit(0); }
|
||||||
print_ok();
|
|
||||||
|
|
||||||
int status;
|
int status;
|
||||||
ret = __rusgx_wait4(pid, &status, 0);
|
ret = __rusgx_wait4(pid, &status, 0);
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user