c18n: Export c18n statistics to procstat(1) and file (supersedes #2084) #2079
Conversation
dpgao
force-pushed
the
c18n-nobot
branch
6 times, most recently
from
874a94c
to
0ecef41
Compare
dpgao
changed the title
dpgao
force-pushed
the
c18n-nobot
branch
2 times, most recently
from
9680cbd
to
773358e
Compare
dpgao
force-pushed
the
c18n-nobot
branch
2 times, most recently
from
e195871
to
c0da4f1
Compare
| struct proc *p; | ||
| struct cheri_c18n_info info; | ||
| int error; | ||
| void *buffer; |
There was a problem hiding this comment.
If you initialize this to NULL you don't need two labels for the exit path.
dpgao
force-pushed
the
c18n-nobot
branch
6 times, most recently
from
b4b5479
to
8c7be11
Compare
lib/libprocstat/libprocstat.c
Outdated
| /* | ||
| * Error handling here is wrong. If ENOEXEC, really want to print | ||
| * output indicating no information, which this function signature | ||
| * doesn't currently support. This is because the process probably | ||
| * simply doesn't have c18n in use | ||
| */ | ||
| name[0] = CTL_KERN; | ||
| name[1] = KERN_PROC; | ||
| name[2] = KERN_PROC_C18N; | ||
| name[3] = kp->ki_pid; | ||
| error = sysctl(name, nitems(name), *pp, lenp, NULL, 0); | ||
| if (error != 0 && errno != ESRCH && errno != EPERM && | ||
| errno != ENOEXEC) { | ||
| warn("sysctl(kern.proc.c18n)"); | ||
| goto out_free; | ||
| } | ||
| if (error != 0) | ||
| goto out_free; | ||
| return (0); |
There was a problem hiding this comment.
@rwatson Do we need to fix the error handling here?
dpgao
changed the title
dpgao
changed the title
Yes. The env var version allows the stats to persist after the process exits, which will be useful for benchmarks. |
Exposes LD_COMPARTMENT_STATS that exports a set of compartmentalisation-related statistics to a user-specified file.
Co-authored-by: Dapeng Gao <[email protected]>
| @@ -400,6 +400,13 @@ TRAMP(tramp_update_fp_untagged) | |||
| clrtag c29, TRUSTED_STACK_C | |||
| TRAMPEND(tramp_update_fp_untagged) | |||
|
|
|||
| TRAMP(tramp_count_entry) | |||
| 1: ldr c24, #0 /* To be patched at runtime */ | |||
| stadd w25, [c24] | |||
There was a problem hiding this comment.
From the gctag x25, c30 above and we can assume that it is always 1. This is done to save instructions and assumes that the program is well-behaved.
There was a problem hiding this comment.
Firstly, these things have to be commented. There are so many of these implicit dependencies floating around within and across trampoline fragments that it's really hard to keep track of them all, and it's just asking for someone to break this in future by using a different register for the GCTAG (which would be reasonable, because who would expect it to be used many instructions later?). Secondly, having an untagged return capability seems a totally valid thing to do if you're making a call to a function that won't return. I don't think you can currently easily end up with it from a compiler, but I see no reason why it wouldn't be valid.
dpgao
changed the title
Edit: The c18n statistics part of this PR is a bit stalled, so I pulled out the interrupt-safe changes to #2090 which will hopefully get merged soon.
This PR builds upon #2012 and #2032 and the real content is in the very last commit entitled c18n: Rework implementation to be interrupt-safe. This is not meat to be merged but is a stable implementation needing feedback. I do hope it can be merged in the next release if time permits.This commit completely refactors the trampoline and how stack switching works. The purecap and benchmark ABI implementations now both use a dedicated register to store the trusted stack (ddcandrddcrespectively). This makes the trampolines look identical (modulo register names) on both ABIs. No metadata recording the current top of the stack is stored at the bottom of each compartment's stack. Instead, the stack lookup table now stores that information.The signal handling mechanism has been rewritten to handle (rare) cases where c18n code, in particular trampolines, is interrupted. All c18n code paths that could be interrupted have been audited and it is believed that they can all be handled correctly, although testing for that is hard.This PR modifies #2080 to export a slightly different set of statistics:
It allows exposes environment variable
LD_COMPARTMENT_STATSthat allows a struct containing the above statistics to be exported to a file.