Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Making zero_mem_region() and control regs helpers unsafe #546

Merged
merged 2 commits into from
Dec 10, 2024
Merged

Making zero_mem_region() and control regs helpers unsafe #546

merged 2 commits into from
Dec 10, 2024

Conversation

p4zuu
Copy link
Collaborator

@p4zuu p4zuu commented Dec 3, 2024

  • As described in Unsound code patterns #359, zero_mem_region() should be unsafe.
  • Writing to control registers can violate memory safety, therefore functions writing to CR0, CR3 and CR4 should also be unsafe. This led to making flush_tlb_global_percpu() unsafe too. Since I don't know perfectly the TLB code, maybe it's not necessary. Comments are very welcome here. Also, if it's correct to make flush_tlb_global_percpu() unsafe, for consistency reason I guess we should put other TLB helpers unsafe (again, comments are welcome here).
  • Inlining control regs helpers

msft-jlange
msft-jlange reviewed Dec 4, 2024
View reviewed changes
kernel/src/cpu/tlb.rs Outdated Show resolved Hide resolved
msft-jlange
msft-jlange suggested changes Dec 4, 2024
View reviewed changes
Copy link
Collaborator

@msft-jlange msft-jlange left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Once you remove the unsafe marker on the TLB flush routine (for the reasons I wrote there), you can also remove unsafe from all of the routines that request TLB flush.

@p4zuu
Copy link
Collaborator Author

p4zuu commented Dec 5, 2024

Once you remove the unsafe marker on the TLB flush routine (for the reasons I wrote there), you can also remove unsafe from all of the routines that request TLB flush.

Fixed now, thanks for the input Jon!

@joergroedel joergroedel added needs-rebase The PR needs to be rebased to the latest upstream branch in-review PR is under active review and not yet approved labels Dec 5, 2024
p4zuu added 2 commits December 6, 2024 09:32
@p4zuu
utils/util: make zero_mem_region unsafe
44909b6 
As advised by @Freax13 in coconut-svsm#359, if misused, zero_mem_region() can corrupt valid
memory by writing zeroes to it. Therefore, it should be unsafe so that callers
verfies that it points to the intended memory.

Signed-off-by: Thomas Leroy <[email protected]>
@p4zuu
kernel/cpu: inlining control regs functions
59e966f 
Some functions only reading and/or writing to control registers can be
linlined.

Signed-off-by: Thomas Leroy <[email protected]>
@joergroedel joergroedel merged commit b3781c4 into coconut-svsm:main Dec 10, 2024
4 checks passed
@p4zuu p4zuu mentioned this pull request Dec 18, 2024
Open
14 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@msft-jlange msft-jlange msft-jlange requested changes

@stefano-garzarella stefano-garzarella stefano-garzarella approved these changes

Assignees
No one assigned
Labels
in-review PR is under active review and not yet approved needs-rebase The PR needs to be rebased to the latest upstream branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@p4zuu @stefano-garzarella @msft-jlange @joergroedel