Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cpu: fix IDT and GDT lifetimes on load methods #366

Merged
merged 2 commits into from
Jun 5, 2024

Conversation

00xc
Copy link
Member

@00xc 00xc commented May 27, 2024

When running the LIDT or LGDT instructions, we pass addresses pointing to architecture-specific tables that the CPU will use during operation. These tables must reside on valid memory during CPU operation to avoid malfunction.

In practical terms, this means the GDT and IDT entries must have a static lifetime. This will avoid at compile time the following construct:

{
    let idt = IDT::new();
    idt.load();
}
// the IDT entries are no longer valid here

We could enforce this at the type level by requiring the load() method on these structs to take a &'static lifetime. However, since we use locking, we cannot get such reference, only a reference that lives as long as a lock guard we get from the lock protecting the struct. However, this does not matter, as we can check that the guard points to a struct with static lifetime (Guard<'static, T>).

Thus, rewrite the methods on these structs that have these requirements such that they take a guard pointing to a 'static IDT or GDT.

00xc added 2 commits May 24, 2024 18:17
When running the LIDT instruction, the address of the entries in the
structure given to the CPU must be valid at least until the next LIDT
instruction, otherwise it will access invalid memory.

In order for IDT::load() to be sound, the entries passed to it must
have a lifetime of 'static - this makes sure that the entires will
remain valid for the rest of the execution of the SVSM.

Co-developed-by: Thomas Leroy <[email protected]>
Signed-off-by: Carlos López <[email protected]>
When running the LGDT instruction, the address of the entries in the
structure given to the CPU must be valid at least until the next LIDT
instruction, otherwise it will access invalid memory.

In order for GDT::load() to be sound, the entries passed to it must
have a lifetime of 'static - this makes sure that the entires will
remain valid for the rest of the execution of the SVSM.

Co-developed-by: Thomas Leroy <[email protected]>
Signed-off-by: Carlos López <[email protected]>
@p4zuu
Copy link
Collaborator

p4zuu commented May 28, 2024

This is partially fixing #359.

@00xc 00xc mentioned this pull request May 30, 2024
14 tasks
@joergroedel joergroedel merged commit 7eabead into coconut-svsm:main Jun 5, 2024
3 checks passed
@00xc 00xc deleted the cpu/idt/lifetime branch June 10, 2024 13:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants