RE: Checking executables before running them in L4re/fiasco
Thanks for the suggestions. From what you say, I guess it is best to do something between ned and say vmlinuz. It also makes better sense semantically (the kernel has booted and checks if the application is ok). Is there a way to accomplish the following: a. Ned starts up a new process which does some checks and returns OK/STOP. b. depending on the value returned by the new process, ned decides to launch/stop vmlinuz. When I try roottask moe rom/hello rom/vmlinuz in the modules.list file, they execute in parallel. Is there a way to make it sequential? Thanks, Ramya From: l4-hackers [l4-hackers-boun...@os.inf.tu-dresden.de] on behalf of Adam Lackorzynski [a...@os.inf.tu-dresden.de] Sent: 01 September 2014 23:57 To: l4-hackers@os.inf.tu-dresden.de Subject: Re: Checking executables before running them in L4re/fiasco Hi, On Mon Sep 01, 2014 at 07:54:02 +, Masti Ramya Jayaram wrote: Thanks for the suggestion. I have one other constraint: I would like to keep trusted computing base (or the amount of security critical code as small as possible). From what I understand from http://l4re.org/doc/index.html, the following constitutes the minimal trusted code (which if buggy or compromised by an attacker ruins the isolation properties of the kernel). a. Whole of fiasco b. Sigma0 (the root pager) c. Moe (the loader) d. Ned (the first loaded program used to bootstrap the rest) In this setup, yes. Potentially one could have specialized components that are even smaller. The IO server is not really security critical as far as I understood. Is this correct? IO has access to the hardware, so it can do interesting things. So I would ideally like to do it even before sigma because if the checks fail, I do not want to proceed and it would be ok to do it in moe or ned. So could you elaborate on mmap part to map a piece of IO memory say in a separate executable after sigma? If you want to do it so early I suggest doing it even earlier in bootstrap. There you run on physical memory and can directly access anything. You're bit limited feature-wise there but for checking some memory regions (aka the binaries) it should be ok. Stuffing another binary inbetween sigma0 and moe is not directly easy and is also quite limited feature-wise. Adam -- Adam a...@os.inf.tu-dresden.de Lackorzynski http://os.inf.tu-dresden.de/~adam/ ___ l4-hackers mailing list l4-hackers@os.inf.tu-dresden.de http://os.inf.tu-dresden.de/mailman/listinfo/l4-hackers ___ l4-hackers mailing list l4-hackers@os.inf.tu-dresden.de http://os.inf.tu-dresden.de/mailman/listinfo/l4-hackers
Re: l4/sys/syscalls.h: No such file or directory
Hi, On 09/02/2014 12:27 AM, Adam Lackorzynski wrote: Most use the C++ interface, so looking for 'create_task' is better. Why not use ned for creating tasks? My whole EDF library is written in C now, so switching to C++ or Lua makes it very uncomfortable for me. On 09/02/2014 12:27 AM, Adam Lackorzynski wrote: Also, the size argument of l4_fpage is the size in log2, so maybe 12 is a good number (the minimum because it's a page). Thanks, that part is working now. The new tasks are created properly and displayed as 'ready' in the JDB thread list. But there's another problem: Using the region mapper of the current task does not work for the newly created tasks, of course. I've attached a small example that illustrates the problem (task creation: lines 19-25, setting pager and exception handler: lines 40-48). I've tried to make it as small as possible for your convenience. How can I create a dedicated region mapper for each of the new tasks? Or is it better to just map the old region mapper to the new tasks? I've found l4_task_map(task_cap, L4RE_THIS_TASK_CAP, ... ) but I didn't come along with the third and fourth parameter. Best regards, Valentin #define THREAD_MAX_NUM 20 typedef struct Edf_thread { unsigned dl; // Deadline void*func; // EIP l4_cap_idx_t cap; // L4 Capability } Edf_thread; Edf_thread thread[THREAD_MAX_NUM]; unsigned char *thread_stack[THREAD_MAX_NUM]; unsigned count = 0; int create_l4_thread(Edf_thread *_thread) { l4_msgtag_t tag; // Create a new task for each thread l4_cap_idx_t task_cap = l4re_util_cap_alloc(); if (l4_is_invalid_cap(task_cap)) return -1; l4_fpage_t task_fpage = l4_fpage(l4re_env()-first_free_utcb, 12, L4_CAP_FPAGE_RW); l4_factory_create_task(l4re_env()-factory, task_cap, task_fpage); // _thread-cap = l4re_util_cap_alloc(); thread[count] = *_thread; thread_stack[count] = malloc(8 10); if (l4_is_invalid_cap(_thread-cap)) return -1; tag = l4_factory_create_thread(l4re_env()-factory, _thread-cap); if (l4_error(tag)) return -1; l4_thread_control_start(); /* * Of course, using the region mapper and exception handler of the current task for the newly created task fails. * I'm getting the following kernel output: * KERNEL: Warning: CPU0: Pager of 26 is invalid (pfa=010002c0, errorcode=0004) to 3 (pc=10002c0) * But how can I create a new region mapper? * Or is it better to just map the old one to the new task? l4_task_map(task_cap, L4RE_THIS_TASK_CAP, ... ?) */ l4_thread_control_pager(l4re_env()-rm); // fails l4_thread_control_exc_handler(l4re_env()-rm); // fails l4_thread_control_bind((l4_utcb_t *)l4re_env()-first_free_utcb, task_cap); tag = l4_thread_control_commit(_thread-cap); if (l4_error(tag)) return -2; tag = l4_thread_ex_regs(_thread-cap, (l4_umword_t)_thread-func, (l4_umword_t)(thread_stack[count] + sizeof(thread_stack[count])), 0); if (l4_error(tag)) return -3; // Pass the deadline of the thread to the L4 system l4_sched_param_t sp = l4_sched_param_by_type(Deadline, thread[count].dl, 0); // Let the L4 system tell the kernel to enqueue the thread in its (deadline-based) ready queue tag = l4_scheduler_run_thread(l4re_env()-scheduler, thread[count].cap, sp); if (l4_error(tag)) return -4; // Shift first_free_utcb for further threads l4re_env()-first_free_utcb = (l4_addr_t)l4re_env()-first_free_utcb + L4_UTCB_OFFSET; return count++; } ___ l4-hackers mailing list l4-hackers@os.inf.tu-dresden.de http://os.inf.tu-dresden.de/mailman/listinfo/l4-hackers
Adding a custom library to l4/pkg/bootstrap
Hi all, I have managed to compile a custom C library (libscc-sec) as part of the l4 packages. Now I would like to use it in the bootstrap package (make a call to a function in the library). I did the following: a. Added the library as a requirement in pkg/bootstrap/Control requires: drivers_uart drivers_of libc l4util cxx_io libscc-sec b. Modified the pkg/bootstrap/server/src/Make.rules so that it also looks for libscc-sec by: L4_LIBS = -static -nostdlib $(DRV_LIBS) -lcxx_base -lcxx_io -llibscc-sec But on compiling, I get an error that says that -llibscc-sec not found The package is getting compiled and I can see the library libscc-sec.a in the build folder. What am I missing? Thanks, ramya ___ l4-hackers mailing list l4-hackers@os.inf.tu-dresden.de http://os.inf.tu-dresden.de/mailman/listinfo/l4-hackers
RE: Fault in function writev (ulibc)
No, it would occur randomly. I realized I had some mismatch in function prototypes with arrays. Fixing that got rid of the problem. Thanks, Ramya From: l4-hackers [l4-hackers-boun...@os.inf.tu-dresden.de] on behalf of Adam Lackorzynski [a...@os.inf.tu-dresden.de] Sent: 02 September 2014 00:00 To: l4-hackers@os.inf.tu-dresden.de Subject: Re: Fault in function writev (ulibc) On Mon Sep 01, 2014 at 16:37:44 +, Masti Ramya Jayaram wrote: I am running a custom application package on fiasco using a serial line (no keyboard/screen) and I intermittently get faults caused by printf. I notice that on disassembling the code around the error that the function is called writev in ulibc. Has anyone experienced something similar before? Not that I could remember. Just happens for a standard printf(foo\n)? Adam -- Adam a...@os.inf.tu-dresden.de Lackorzynski http://os.inf.tu-dresden.de/~adam/ ___ l4-hackers mailing list l4-hackers@os.inf.tu-dresden.de http://os.inf.tu-dresden.de/mailman/listinfo/l4-hackers ___ l4-hackers mailing list l4-hackers@os.inf.tu-dresden.de http://os.inf.tu-dresden.de/mailman/listinfo/l4-hackers
Re: Adding a custom library to l4/pkg/bootstrap
On 02.09.2014 11:37, Masti Ramya Jayaram wrote: b. Modified the pkg/bootstrap/server/src/Make.rules so that it also looks for libscc-sec by: L4_LIBS = -static -nostdlib $(DRV_LIBS) -lcxx_base -lcxx_io -llibscc-sec But on compiling, I get an error that says that -llibscc-sec not found The package is getting compiled and I can see the library libscc-sec.a in the build folder. What am I missing? Use '-lscc-sec' instead of '-llibscc-sec' in 'L4_LIBS' ;-) Quoting from the manpage of ld: | -l namespec | Add the archive or object file specified by namespec to the list of | files to link. This option may be used any number of times. If | namespec is of the form :filename, ld will search the library path | for a file called filename, otherwise it will search the library path | for a file called libnamespec.a. Regards, Jan ___ l4-hackers mailing list l4-hackers@os.inf.tu-dresden.de http://os.inf.tu-dresden.de/mailman/listinfo/l4-hackers
RE: Adding a custom library to l4/pkg/bootstrap
Sorry about the multiple emails. I managed to get past the library not found error - it was a matter of nomenclature. However, now I am trying to call a function in the library through an included header file (which is part of the library) and it fails (undefined reference). My header file: init.h #define BLAH 10 int abcd = 5; int hello(); Code in my init.c int hello(){ printf(Hello); } My C++ code: extern C{ #include l4/libscc-sec/init.h } int main(){ printf(Vars from lib %x, %x, BLAH. abcd) hello(); } The program fails to compile with the calls to the function hello. If I remove hello, it compiles. I made sure that I am indeed using the extern C directive. I also tried putting the function declaration in here instead of the header file itself but it does not help. Thanks, ramya From: l4-hackers [l4-hackers-boun...@os.inf.tu-dresden.de] on behalf of Masti Ramya Jayaram [rma...@inf.ethz.ch] Sent: 02 September 2014 11:37 To: l4-hackers@os.inf.tu-dresden.de Subject: Adding a custom library to l4/pkg/bootstrap Hi all, I have managed to compile a custom C library (libscc-sec) as part of the l4 packages. Now I would like to use it in the bootstrap package (make a call to a function in the library). I did the following: a. Added the library as a requirement in pkg/bootstrap/Control requires: drivers_uart drivers_of libc l4util cxx_io libscc-sec b. Modified the pkg/bootstrap/server/src/Make.rules so that it also looks for libscc-sec by: L4_LIBS = -static -nostdlib $(DRV_LIBS) -lcxx_base -lcxx_io -llibscc-sec But on compiling, I get an error that says that -llibscc-sec not found The package is getting compiled and I can see the library libscc-sec.a in the build folder. What am I missing? Thanks, ramya ___ l4-hackers mailing list l4-hackers@os.inf.tu-dresden.de http://os.inf.tu-dresden.de/mailman/listinfo/l4-hackers ___ l4-hackers mailing list l4-hackers@os.inf.tu-dresden.de http://os.inf.tu-dresden.de/mailman/listinfo/l4-hackers
RE: Checking executables before running them in L4re/fiasco
Also, could you elaborate a bit on how one could have smaller components? I decided to do it at bootstrap at the moment because I realized that using the IO server also means including the entire C library (and much more). On a related note, is there a way to find all the packages in use (there is more than what is compiled by module.list I can see)? Thanks, ramya From: l4-hackers [l4-hackers-boun...@os.inf.tu-dresden.de] on behalf of Masti Ramya Jayaram [rma...@inf.ethz.ch] Sent: 02 September 2014 09:57 To: Adam Lackorzynski; l4-hackers@os.inf.tu-dresden.de Subject: RE: Checking executables before running them in L4re/fiasco Thanks for the suggestions. From what you say, I guess it is best to do something between ned and say vmlinuz. It also makes better sense semantically (the kernel has booted and checks if the application is ok). Is there a way to accomplish the following: a. Ned starts up a new process which does some checks and returns OK/STOP. b. depending on the value returned by the new process, ned decides to launch/stop vmlinuz. When I try roottask moe rom/hello rom/vmlinuz in the modules.list file, they execute in parallel. Is there a way to make it sequential? Thanks, Ramya From: l4-hackers [l4-hackers-boun...@os.inf.tu-dresden.de] on behalf of Adam Lackorzynski [a...@os.inf.tu-dresden.de] Sent: 01 September 2014 23:57 To: l4-hackers@os.inf.tu-dresden.de Subject: Re: Checking executables before running them in L4re/fiasco Hi, On Mon Sep 01, 2014 at 07:54:02 +, Masti Ramya Jayaram wrote: Thanks for the suggestion. I have one other constraint: I would like to keep trusted computing base (or the amount of security critical code as small as possible). From what I understand from http://l4re.org/doc/index.html, the following constitutes the minimal trusted code (which if buggy or compromised by an attacker ruins the isolation properties of the kernel). a. Whole of fiasco b. Sigma0 (the root pager) c. Moe (the loader) d. Ned (the first loaded program used to bootstrap the rest) In this setup, yes. Potentially one could have specialized components that are even smaller. The IO server is not really security critical as far as I understood. Is this correct? IO has access to the hardware, so it can do interesting things. So I would ideally like to do it even before sigma because if the checks fail, I do not want to proceed and it would be ok to do it in moe or ned. So could you elaborate on mmap part to map a piece of IO memory say in a separate executable after sigma? If you want to do it so early I suggest doing it even earlier in bootstrap. There you run on physical memory and can directly access anything. You're bit limited feature-wise there but for checking some memory regions (aka the binaries) it should be ok. Stuffing another binary inbetween sigma0 and moe is not directly easy and is also quite limited feature-wise. Adam -- Adam a...@os.inf.tu-dresden.de Lackorzynski http://os.inf.tu-dresden.de/~adam/ ___ l4-hackers mailing list l4-hackers@os.inf.tu-dresden.de http://os.inf.tu-dresden.de/mailman/listinfo/l4-hackers ___ l4-hackers mailing list l4-hackers@os.inf.tu-dresden.de http://os.inf.tu-dresden.de/mailman/listinfo/l4-hackers ___ l4-hackers mailing list l4-hackers@os.inf.tu-dresden.de http://os.inf.tu-dresden.de/mailman/listinfo/l4-hackers
Passing data to a thread
Hi, I'm trying to pass some data to a newly created thread. Since l4_thread_ex_regs only accepts an instruction pointer, but no data pointer, it seems impossible to me to use a parameterized function such as: thread1_func(void *data) { /* Read the data ... */ } So far, my efforts are: 1. I've tried filling the stack allocated to each newly created thread with thread_stack = malloc(8 10); thread_stack[0] = my_data; but then I'm not able to pop the data from the stack in thread1_func. 2. I've tried using IPC: The main thread which is creating the new threads sends the data to the destination thread. I'm using l4_ipc_send in the main thread and l4_ipc_receive in thread1_func just like in your utcb-ipc example. It works great, but unfortunately the call of l4_ipc_send leads to an _immediate_ execution of thread1_func (timeouts: L4_IPC_NEVER), so my scheduling policy is not respected. So how can I pass data to a thread in a way that is equivalent to passing arguments to functions? Best regards, Valentin ___ l4-hackers mailing list l4-hackers@os.inf.tu-dresden.de http://os.inf.tu-dresden.de/mailman/listinfo/l4-hackers
Re: Adding a custom library to l4/pkg/bootstrap
On 02.09.2014 13:32, Masti Ramya Jayaram wrote: However, now I am trying to call a function in the library through an included header file (which is part of the library) and it fails (undefined reference). Could you give the *exact* error message? BTW, this is something you should always do if you want people to be able to help you ;-) My guess at this point would be that the undefined reference is not your 'hello' function but 'printf'... I made sure that I am indeed using the extern C directive. I also tried putting the function declaration in here instead of the header file itself but it does not help. The function declaration is not the problem here. If it was, the compiler would give you an error along the lines of 'hello' was not declared in this scope. Regards, Jan ___ l4-hackers mailing list l4-hackers@os.inf.tu-dresden.de http://os.inf.tu-dresden.de/mailman/listinfo/l4-hackers
Re: Checking executables before running them in L4re/fiasco
On Tue Sep 02, 2014 at 14:08:03 +, Masti Ramya Jayaram wrote: Also, could you elaborate a bit on how one could have smaller components? I decided to do it at bootstrap at the moment because I realized that using the IO server also means including the entire C library (and much more). For a start, you can set MODE = sigma0 in the Makefile to get a much simpler setup (don't be confused by the name). Of course, not all features are there then but should be ok for checking a binary. More libraries can be removed further but also requires to do more by hand then. On a related note, is there a way to find all the packages in use (there is more than what is compiled by module.list I can see)? You mean binaries that are started? modules.list has defaults for kernel, sigma0 and roottask but otherwise everything else needs to be put there. From: l4-hackers [l4-hackers-boun...@os.inf.tu-dresden.de] on behalf of Masti Ramya Jayaram [rma...@inf.ethz.ch] Sent: 02 September 2014 09:57 To: Adam Lackorzynski; l4-hackers@os.inf.tu-dresden.de Subject: RE: Checking executables before running them in L4re/fiasco Thanks for the suggestions. From what you say, I guess it is best to do something between ned and say vmlinuz. It also makes better sense semantically (the kernel has booted and checks if the application is ok). Is there a way to accomplish the following: a. Ned starts up a new process which does some checks and returns OK/STOP. b. depending on the value returned by the new process, ned decides to launch/stop vmlinuz. When I try roottask moe rom/hello rom/vmlinuz in the modules.list file, they execute in parallel. Is there a way to make it sequential? You start ned via moe (as usual) and have a script like this: local l = L4.default_loader; local e = l:start({}, rom/checker rom/hello); if e:wait() == 0 then l:start({}, rom/hello); else print(Something is wrong with hello.); end So the checker program does exit(0) or exit(1) depending on its result. Adam -- Adam a...@os.inf.tu-dresden.de Lackorzynski http://os.inf.tu-dresden.de/~adam/ ___ l4-hackers mailing list l4-hackers@os.inf.tu-dresden.de http://os.inf.tu-dresden.de/mailman/listinfo/l4-hackers
Re: l4/sys/syscalls.h: No such file or directory
On Tue Sep 02, 2014 at 11:19:35 +0200, Valentin Hauner wrote: Hi, On 09/02/2014 12:27 AM, Adam Lackorzynski wrote: Most use the C++ interface, so looking for 'create_task' is better. Why not use ned for creating tasks? My whole EDF library is written in C now, so switching to C++ or Lua makes it very uncomfortable for me. No problem. There are both C and C++ variants of each function so you can also look at C++ code to see how things are arranged and use C in your code. On 09/02/2014 12:27 AM, Adam Lackorzynski wrote: Also, the size argument of l4_fpage is the size in log2, so maybe 12 is a good number (the minimum because it's a page). Thanks, that part is working now. The new tasks are created properly and displayed as 'ready' in the JDB thread list. But there's another problem: Using the region mapper of the current task does not work for the newly created tasks, of course. I've attached a small example that illustrates the problem (task creation: lines 19-25, setting pager and exception handler: lines 40-48). I've tried to make it as small as possible for your convenience. How can I create a dedicated region mapper for each of the new tasks? Or is it better to just map the old region mapper to the new tasks? I've found l4_task_map(task_cap, L4RE_THIS_TASK_CAP, ... ) but I didn't come along with the third and fourth parameter. Generally, you cannot just use the RM of your program for the new task. Your RM knows how to page your program but not the task you created. However, you're not actually starting a new program but rather just start a new thread in a new task from within the same binary. So your RM can page both. And indeed, you need to map the cap to the new task. l4_task_map(task_cap, L4RE_THIS_TASK_CAP, l4_obj_fpage(l4re_env()-rm, 0, L4_FPAGE_RO), l4_map_obj_control(l4re_env()-rm, L4_MAP_ITEM_MAP)); #define THREAD_MAX_NUM 20 typedef struct Edf_thread { unsigned dl; // Deadline void*func; // EIP l4_cap_idx_t cap; // L4 Capability } Edf_thread; Edf_thread thread[THREAD_MAX_NUM]; unsigned char *thread_stack[THREAD_MAX_NUM]; unsigned count = 0; int create_l4_thread(Edf_thread *_thread) { l4_msgtag_t tag; // Create a new task for each thread l4_cap_idx_t task_cap = l4re_util_cap_alloc(); if (l4_is_invalid_cap(task_cap)) return -1; l4_fpage_t task_fpage = l4_fpage(l4re_env()-first_free_utcb, 12, L4_CAP_FPAGE_RW); l4_factory_create_task(l4re_env()-factory, task_cap, task_fpage); // _thread-cap = l4re_util_cap_alloc(); thread[count] = *_thread; thread_stack[count] = malloc(8 10); if (l4_is_invalid_cap(_thread-cap)) return -1; tag = l4_factory_create_thread(l4re_env()-factory, _thread-cap); if (l4_error(tag)) return -1; l4_thread_control_start(); /* * Of course, using the region mapper and exception handler of the current task for the newly created task fails. * I'm getting the following kernel output: * KERNEL: Warning: CPU0: Pager of 26 is invalid (pfa=010002c0, errorcode=0004) to 3 (pc=10002c0) * But how can I create a new region mapper? * Or is it better to just map the old one to the new task? l4_task_map(task_cap, L4RE_THIS_TASK_CAP, ... ?) */ l4_thread_control_pager(l4re_env()-rm); // fails l4_thread_control_exc_handler(l4re_env()-rm); // fails l4_thread_control_bind((l4_utcb_t *)l4re_env()-first_free_utcb, task_cap); tag = l4_thread_control_commit(_thread-cap); if (l4_error(tag)) return -2; tag = l4_thread_ex_regs(_thread-cap, (l4_umword_t)_thread-func, (l4_umword_t)(thread_stack[count] + sizeof(thread_stack[count])), 0); if (l4_error(tag)) return -3; // Pass the deadline of the thread to the L4 system l4_sched_param_t sp = l4_sched_param_by_type(Deadline, thread[count].dl, 0); // Let the L4 system tell the kernel to enqueue the thread in its (deadline-based) ready queue tag = l4_scheduler_run_thread(l4re_env()-scheduler, thread[count].cap, sp); if (l4_error(tag)) return -4; // Shift first_free_utcb for further threads l4re_env()-first_free_utcb = (l4_addr_t)l4re_env()-first_free_utcb + L4_UTCB_OFFSET; return count++; } Adam -- Adam a...@os.inf.tu-dresden.de Lackorzynski http://os.inf.tu-dresden.de/~adam/ ___ l4-hackers mailing list l4-hackers@os.inf.tu-dresden.de http://os.inf.tu-dresden.de/mailman/listinfo/l4-hackers