solo5 icon indicating copy to clipboard operation
solo5 copied to clipboard

Published 20 hours ago verified publisher icon Solo5

Make .text execute-only; add tests

Open adamsteen opened this issue 4 years ago • 12 comments

Now for my next trick, execute only Solo5 unikernels?

I wish i could test this, but my hardware is just too old.

Thoughts on taking this forward?

Note: this is dependant on #447 add openbsd mprotect ept support, and would need to be rebased when that went in.

adamsteen avatar Apr 24 '20 07:04 adamsteen

When you say you can't test this due to old hardware, why is that? ISTR that anything with EPT can do execute-only, but I might be wrong...

Intel® 64 and IA-32 Architectures Software Developer's Manual Combined Volumes 3A, 3B, 3C, and 3D: System Programming Guide (Page 1727)

A.10 VPID AND EPT CAPABILITIES
 - If bit 0 is read as 1, the processor supports execute-only translations by EPT. This support allows software to configure EPT paging-structure entries in which bits 1:0 are clear (indicating that data accesses are not allowed) and bit 2 is set (indicating that instruction fetches are allowed).

Bit 0 does not read 1 on the hardware i have access to, so i am unable to test execute only.

adamsteen avatar Apr 28 '20 22:04 adamsteen

this PR is ready for review and merging.

I have been able to run the tests and all tests expected to pass on OpenBSD do.

probably want to merge https://github.com/Solo5/solo5/pull/495 first.

adamsteen avatar Apr 07 '21 04:04 adamsteen

Please note this works perfectly for the latest release OpenBSD 6.9

adamsteen avatar May 17 '21 04:05 adamsteen

OpenBSD 6.8 fails, it's expected?

dinosaure avatar Dec 17 '21 16:12 dinosaure

Yes it won’t work on OpenBSD 6.8 or 6.9

I had it working for 6.8 but someone broke the kernel side for 6.9 then I got it restored for 7.0. I only run current, so testing 7.0 is hard as I don’t have the hardware!

It should work for 7.0 and definitely works for Current!

adamsteen avatar Dec 17 '21 21:12 adamsteen

OpenBSD 7.1 is out very soon, is there any chance of getting the ci image updated? It should just be a matter of running, sysupgrade and pkg_add -u after each reboot a couple of times! Or following the instructions in the solo5-ci package?

the current OpenBSD image is over 2 years old!

adamsteen avatar Mar 17 '22 22:03 adamsteen

OpenBSD 7.1 is out very soon, is there any chance of getting the ci image updated? It should just be a matter of running, sysupgrade and pkg_add -u after each reboot a couple of times! Or following the instructions in the solo5-ci package?

the current OpenBSD image is over 2 years old!

Unfortunately, I don't have (yet) the control on the CI so it will take a time to upgrade the CI with OpenBSD 7.1. But we should definitely upgrade the CI and it's in my TODO list.

dinosaure avatar Mar 18 '22 09:03 dinosaure

@dinosaure Thank you for the update, appreciate it.

adamsteen avatar Mar 19 '22 07:03 adamsteen

@dinosaure Hi, any updates on control of the CI?

adamsteen avatar Sep 08 '22 22:09 adamsteen

/cc @TheLortex recently upgraded the CI, can you test on OpenBSD 7.1?

dinosaure avatar Sep 09 '22 09:09 dinosaure

Will do!

On Fri, Sep 9, 2022 at 17:08, Calascibetta Romain @.***> wrote:

/cc @.***(https://github.com/TheLortex) recently upgraded the CI, can you test on OpenBSD 7.1?

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>

adamsteen avatar Sep 09 '22 09:09 adamsteen

It's not upgraded yet, still on old OpenBSDs, I have just moved and restarted the CI infrastructure.

TheLortex avatar Sep 20 '22 08:09 TheLortex

rebased onto masted, and tests pass on OpenBSD 7.2

adamsteen avatar Oct 06 '22 03:10 adamsteen

Let's merge this PR 👍 Thanks for your work.

dinosaure avatar Nov 04 '22 16:11 dinosaure

Thank you!

adamsteen avatar Nov 04 '22 22:11 adamsteen