Minimize the # of memory pages whose permissions are modified
This commit is contained in:
Tate, Hongliang Tian
parent
b041dee55c
commit
68d459975d
@ -3,7 +3,7 @@
|
||||
<ProdID>0</ProdID>
|
||||
<ISVSVN>0</ISVSVN>
|
||||
<StackMaxSize>0x80000</StackMaxSize>
|
||||
<HeapMaxSize>0x1000000</HeapMaxSize>
|
||||
<HeapMaxSize>0x6000000</HeapMaxSize>
|
||||
<TCSNum>8</TCSNum>
|
||||
<TCSPolicy>1</TCSPolicy>
|
||||
<DisableDebug>0</DisableDebug>
|
||||
|
||||
@ -152,7 +152,7 @@ pub fn run_task() -> Result<(), &'static str> {
|
||||
let process : &Process = &guard;
|
||||
pid = process.pid;
|
||||
//println!("Run process: {:#x?}", process);
|
||||
println!("Run process (pid = {})", process.pid);
|
||||
//println!("Run process (pid = {})", process.pid);
|
||||
new_task = &process.task as *const Task
|
||||
};
|
||||
|
||||
@ -221,7 +221,7 @@ impl Process {
|
||||
|
||||
self.code_vma = Vma::from_program_header(&code_ph)?;
|
||||
self.data_vma = Vma::from_program_header(&data_ph)?;
|
||||
self.stack_vma = Vma::new(8 * 1024, 4096,
|
||||
self.stack_vma = Vma::new(32 * 1024 * 1024, 4096,
|
||||
vma::Perms(vma::PERM_R | vma::PERM_W))?;
|
||||
|
||||
self.program_base_addr = self.alloc_mem_for_vmas(elf_file)?;
|
||||
|
||||
@ -90,8 +90,8 @@ pub fn malloc_batch(vma_list: &mut [&mut Vma], mapped_data: &[u8])
|
||||
let mut max_align = VMA_MIN_MEM_ALIGN;
|
||||
let mut total_size = 0;
|
||||
for vma in vma_list.into_iter() {
|
||||
let mem_begin = round_up(total_size, vma.mem_align);
|
||||
let mem_end = mem_begin + round_up(vma.mem_size, vma.mem_align);
|
||||
let mem_begin = align_up(total_size, vma.mem_align);
|
||||
let mem_end = mem_begin + align_up(vma.mem_size, vma.mem_align);
|
||||
|
||||
if vma.file_is_mapped {
|
||||
if vma.mem_addr < mem_begin ||
|
||||
@ -114,8 +114,8 @@ pub fn malloc_batch(vma_list: &mut [&mut Vma], mapped_data: &[u8])
|
||||
let program_base_addr = memobj.get_addr();
|
||||
let mut mem_cur = program_base_addr;
|
||||
for vma in vma_list.into_iter() {
|
||||
vma.mem_begin = round_up(mem_cur, vma.mem_align);
|
||||
vma.mem_end = vma.mem_begin + round_up(vma.mem_size, vma.mem_align);
|
||||
vma.mem_begin = align_up(mem_cur, vma.mem_align);
|
||||
vma.mem_end = vma.mem_begin + align_up(vma.mem_size, vma.mem_align);
|
||||
vma.mem_addr += program_base_addr;
|
||||
vma.underlying = memobj.clone();
|
||||
|
||||
@ -137,13 +137,19 @@ pub fn mprotect_batch(vma_list: &[&Vma])
|
||||
-> Result<(), &'static str>
|
||||
{
|
||||
for vma in vma_list.into_iter() {
|
||||
let start = vma.mem_begin as size_t;
|
||||
let size = (vma.mem_end - vma.mem_begin) as size_t;
|
||||
// If don't need to change memory permissions
|
||||
if vma.mem_flags == Perms(PERM_R | PERM_W) {
|
||||
continue;
|
||||
}
|
||||
|
||||
let start = align_down(vma.mem_addr, 4096);
|
||||
let size = align_up(vma.mem_size, 4096);
|
||||
let perms = vma.mem_flags.0 as uint64_t;
|
||||
let status = unsafe {
|
||||
//TODO: use proper permissions
|
||||
//TODO: reset the permissions when drop VMA
|
||||
//trts_mprotect(start, size, perms)
|
||||
//println!("trts_mprotect: start = {}, size = {}", start, size);
|
||||
trts_mprotect(start, size, (PERM_R | PERM_W | PERM_X) as uint64_t)
|
||||
};
|
||||
if (status != sgx_status_t::SGX_SUCCESS) {
|
||||
@ -185,10 +191,14 @@ impl<'a> From<&'a program::Flags> for Perms {
|
||||
}
|
||||
}
|
||||
|
||||
fn round_up(addr: usize, align: usize) -> usize {
|
||||
fn align_up(addr: usize, align: usize) -> usize {
|
||||
(addr + (align - 1)) / align * align
|
||||
}
|
||||
|
||||
fn align_down(addr: usize, align: usize) -> usize {
|
||||
addr & !(align - 1)
|
||||
}
|
||||
|
||||
#[link(name = "sgx_trts")]
|
||||
extern {
|
||||
pub fn trts_mprotect(start: size_t, size: size_t, perms: uint64_t) -> sgx_status_t;
|
||||
|
||||
@ -4,6 +4,6 @@ char str_buf[] = "Hello World!\n";
|
||||
unsigned long str_size = sizeof(str_buf);
|
||||
|
||||
void _start(void) {
|
||||
__rusgx_write(1, str_buf, str_size);
|
||||
//__rusgx_write(1, str_buf, str_size);
|
||||
__rusgx_exit(0);
|
||||
}
|
||||
|
||||
@ -7,7 +7,7 @@ static void print_ok(void) {
|
||||
__rusgx_write(1, success_str_buf, success_str_size);
|
||||
}
|
||||
|
||||
#define NUM_CHILDREN 100
|
||||
#define NUM_CHILDREN 10
|
||||
|
||||
void _start(void) {
|
||||
for (int ci = 0; ci < NUM_CHILDREN; ci++) {
|
||||
@ -16,7 +16,6 @@ void _start(void) {
|
||||
|
||||
ret = __rusgx_spawn(&pid, "hello_world_raw/bin.encrypted", NULL, NULL);
|
||||
if (ret < 0) { __rusgx_exit(0); }
|
||||
print_ok();
|
||||
|
||||
int status;
|
||||
ret = __rusgx_wait4(pid, &status, 0);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user