Compartment reuse

Implement a "pseudo" compartment caching feature to evaluate performance
in a more ideal implementation. Rather than fully cleaning a mapping for
a compartment, we emulate keeping around the last copy, which precludes
a pair of `mmap` / `munmap`, as well as downsizing the amount of cleanup
needed to be done (we only need to reset the stack, the allocated parts
of the heap, and the writeable segments). Note that this is not a full
implementation, and it likely breaks with multiple compartments as it
currently is.

Major changes
* Move `mappings` code in a separate file
* Implement mapping reuse (includes caching a mapping, cleaning the
  stack and heap allocations, and resetting writeable segments)
* Add a benchmarking implementation; this is done as it is useful to
  have, and calls to the benchmarking API are not present in the tree,
  but can be added by users
* Allow only an entry point be specified in `manager_arg_passer`, rather
  than requiring arguments to be passed to that entry point
* Add some additional tests, including more failing ones (comment out
  `lua_suite_some`, as it crashes on the CI system)
* Other fixes

Author: Andrei Lascu

include/benchmarking.h

@@ -0,0 +1,37 @@
+#ifndef _BENCHMARKING_COMP_H
+#define _BENCHMARKING_COMP_H
+
+#include <assert.h>
+#include <math.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+
+#define BENCH(name, func)                                                      \
+    do                                                                         \
+    {                                                                          \
+        size_t id = bench_init(name);                                          \
+        bench_start(id);                                                       \
+        func;                                                                  \
+        bench_end(id);                                                         \
+    } while (0)
+
+struct bench_entry
+{
+    const char *fn_name;
+    struct timespec start;
+    struct timespec end;
+    int res_start;
+    double diff;
+};
+
+size_t
+bench_init(const char *);
+void bench_start(size_t);
+void bench_end(size_t);
+
+void bench_report_one_id(size_t);
+
+#endif // _BENCHMARKING_COMP_H

include/comp_utils.h

@@ -5,6 +5,7 @@
 #include <stdbool.h>
 #include <stddef.h>
 #include <stdint.h>
+#include <stdlib.h>
 #include <string.h>
 #include <sys/mman.h>
 

include/compartment.h

@@ -66,8 +66,8 @@ extern void *__capability comp_return_caps[2];
 #endif
 
 // Default sizes for compartment heap and stack, if not explicitly given
-#define DEFAULT_COMP_HEAP_SZ 0x800000UL // 800kB
-#define DEFAULT_COMP_STACK_SZ 0x80000UL // 80kB
+#define DEFAULT_COMP_HEAP_SZ 2 * 1024 * 1024 // 2MB
+#define DEFAULT_COMP_STACK_SZ 500 * 1024 // 500kB
 
 /* Struct representing one segment of an ELF binary.
  *
@@ -207,6 +207,8 @@ struct Compartment
     void *scratch_mem_stack_top;
     size_t scratch_mem_stack_size;
 
+    void *heap_mem_header;
+
     // Internal libraries and relocations
     size_t libs_count;
     struct LibDependency **libs;
@@ -239,4 +241,7 @@ get_seg_target(void *, struct LibDependency *, size_t);
 struct Compartment *
 find_comp(struct Compartment *);
 
+void
+print_comp_simple(struct Compartment *);
+
 #endif // _COMPARTMENT_H

include/manager.h

@@ -14,8 +14,10 @@
 // Third-party libraries
 #include "toml.h"
 
+#include "benchmarking.h"
 #include "compartment.h"
 #include "intercept.h"
+#include "mappings.h"
 
 #define align_down(x, align) __builtin_align_down(x, align)
 #define align_up(x, align) __builtin_align_up(x, align)
@@ -52,25 +54,4 @@ clean_comp(struct Compartment *);
 void
 clean_compartment_config(struct CompEntryPointDef *, size_t);
 
-/*******************************************************************************
- * Compartment mappings
- ******************************************************************************/
-
-struct CompMapping *
-mapping_new(struct Compartment *);
-struct CompMapping *
-mapping_new_fixed(struct Compartment *, void *);
-void
-mapping_free(struct CompMapping *);
-int64_t
-mapping_exec(struct CompMapping *, char *, char **);
-
-struct CompMapping
-{
-    size_t id;
-    void *__capability ddc;
-    void *map_addr;
-    struct Compartment *comp;
-};
-
 #endif // _MANAGER_H

include/mappings.h

@@ -0,0 +1,62 @@
+#ifndef _CHERICOMP_MAPPINGS_H
+#define _CHERICOMP_MAPPINGS_H
+
+#include <err.h>
+
+#include "compartment.h"
+
+/*******************************************************************************
+ * Compartment mappings
+ ******************************************************************************/
+
+struct CompMapping
+{
+    size_t id;
+    void *__capability ddc;
+    void *map_addr;
+    struct Compartment *comp;
+    bool in_use;
+};
+
+struct CompMapping *
+mapping_new(struct Compartment *);
+struct CompMapping *
+mapping_new_fixed(struct Compartment *, void *);
+void
+mapping_free(struct CompMapping *);
+int64_t
+mapping_exec(struct CompMapping *, char *, char **);
+
+/*******************************************************************************
+ * Mappings list
+ ******************************************************************************/
+
+#include "tommy.h"
+
+#define mapping_hash(x) tommy_inthash_u64(x)
+#define MAPPINGS_MAX_SZ 1024
+
+struct CompMappingEntry
+{
+    struct CompMapping *map_ref;
+    tommy_node node;
+};
+
+typedef tommy_hashtable mappings_list;
+typedef struct CompMappingEntry mapping_entry;
+extern mappings_list *mappings;
+
+mappings_list *
+mappings_init(void);
+void
+mappings_clean(mappings_list *);
+void
+mappings_clean_deep(mappings_list *);
+void
+mappings_insert(mapping_entry *, mappings_list *);
+struct CompMapping *
+mappings_search_free(struct Compartment *, mappings_list *);
+void
+mappings_delete(struct CompMapping *, mappings_list *);
+
+#endif // _CHERICOMP_MAPPINGS_H

src/CMakeLists.txt

@@ -3,6 +3,7 @@ add_library(chcomp STATIC
     compartment.c
     intercept.c
     manager.c
+    mappings.c
     symbols_comp.c
     symbols_lib.c
     transition.S
@@ -13,3 +14,8 @@ target_link_libraries(chcomp PRIVATE tomllib tommydslib)
 add_library(computils SHARED
     comp_utils.c)
 target_include_directories(computils PRIVATE ${INCLUDE_DIR})
+
+add_library(compbench SHARED
+    benchmarking.c)
+target_include_directories(compbench PRIVATE ${INCLUDE_DIR})
+target_link_libraries(compbench PRIVATE m)

src/benchmarking.c

@@ -0,0 +1,79 @@
+#include <benchmarking.h>
+
+static size_t next_id = 0;
+static struct bench_entry **benchs;
+
+/*******************************************************************************
+ * Diff functions
+ ******************************************************************************/
+
+static double
+timespec_diff(struct timespec *end, struct timespec *start)
+{
+    return (end->tv_sec - start->tv_sec)
+        + (end->tv_nsec - start->tv_nsec) * pow(10, -9);
+}
+
+/*******************************************************************************
+ * Benchmark one function
+ ******************************************************************************/
+
+size_t
+bench_init(const char *fn_name)
+{
+    return 0;
+    struct bench_entry *new_be = malloc(sizeof(struct bench_entry));
+    new_be->fn_name = fn_name;
+    next_id += 1;
+    benchs = realloc(benchs, next_id * sizeof(struct bench_entry *));
+    benchs[next_id - 1] = new_be;
+    return next_id - 1;
+}
+
+void
+bench_start(size_t id)
+{
+    return;
+    benchs[id]->res_start = clock_gettime(CLOCK_MONOTONIC, &benchs[id]->start);
+}
+
+void
+bench_end(size_t id)
+{
+    return;
+    int res_end = clock_gettime(CLOCK_MONOTONIC, &benchs[id]->end);
+    assert(benchs[id]->res_start != -1);
+    assert(res_end != -1);
+    benchs[id]->diff = timespec_diff(&benchs[id]->end, &benchs[id]->start);
+    bench_report_one_id(id);
+}
+
+/*******************************************************************************
+ * Printing
+ ******************************************************************************/
+
+static void
+print_timespec(char *buf, struct timespec *ts)
+{
+    sprintf(buf, "%lld.%9ld", (long long) ts->tv_sec, ts->tv_nsec);
+}
+
+static void
+bench_report_one(struct bench_entry *entry)
+{
+
+    const unsigned short buf_sz = 30;
+    char *buf_st = alloca(buf_sz);
+    print_timespec(buf_st, &entry->start);
+    char *buf_en = alloca(buf_sz);
+    print_timespec(buf_en, &entry->end);
+    printf("Func <%s> -- start %s -- end %s -- seconds %f\n", entry->fn_name,
+        buf_st, buf_en, entry->diff);
+}
+
+void
+bench_report_one_id(size_t id)
+{
+    printf("ID %zu == ", id);
+    bench_report_one(benchs[id]);
+}

src/comp_utils.c

@@ -75,7 +75,9 @@ malloc(size_t to_alloc)
                 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
             if (mem_begin == MAP_FAILED)
             {
-                err(1, "comp_utils: Failed `mmap`");
+                exit(1);
+                /*err(1, "comp_utils: Failed `mmap`"); // TODO replace with a
+                 * signal*/
             }
             mem_left = NON_COMP_DEFAULT_SIZE;
         }
@@ -175,7 +177,9 @@ free(void *to_free)
 void *
 calloc(size_t elem_count, size_t elem_size)
 {
-    return malloc(elem_count * elem_size);
+    void *alloc = malloc(elem_count * elem_size);
+    explicit_bzero(alloc, elem_count * elem_size);
+    return alloc;
 }
 
 void *

src/compartment.c

@@ -2,6 +2,7 @@
 
 const char *libs_path_env_var = "COMP_LIBRARY_PATH";
 const char *tls_rtld_dropin = "tls_lookup_stub";
+const char *comp_malloc_header = "heap_header";
 const char *comp_utils_soname = "libcomputils.so";
 
 /*******************************************************************************
@@ -66,8 +67,6 @@ static void
 print_lib_dep_seg(struct SegmentMap *);
 static void
 print_lib_dep(struct LibDependency *);
-static void
-print_comp_simple(struct Compartment *);
 
 /*******************************************************************************
  * Main compartment functions
@@ -94,6 +93,8 @@ comp_init(void)
     new_comp->scratch_mem_stack_size = 0;
     new_comp->scratch_mem_extra = 0;
 
+    new_comp->heap_mem_header = NULL;
+
     new_comp->libs_count = 0;
     new_comp->libs = NULL;
     new_comp->libs_tls_sects = NULL;
@@ -171,6 +172,16 @@ comp_from_elf(char *filename, struct CompConfig *cc)
         next_dep:
             (void) 0;
         }
+
+        if (!strcmp(parsed_lib->lib_name, comp_utils_soname))
+        {
+            new_comp->heap_mem_header
+                = (char *) lib_syms_search(
+                      comp_malloc_header, parsed_lib->lib_syms)
+                      ->sym_offset
+                + (uintptr_t) parsed_lib->lib_mem_base;
+        }
+
         libs_parsed_count += 1;
     }
     free(libs_to_parse);
@@ -216,7 +227,6 @@ comp_from_elf(char *filename, struct CompConfig *cc)
     assert(new_comp->environ_sz + new_comp->total_tls_size
         == new_comp->scratch_mem_extra);
 
-    print_comp_simple(new_comp);
     return new_comp;
 }
 
@@ -1231,7 +1241,7 @@ print_lib_dep(struct LibDependency *lib_dep)
     printf("== DONE\n");
 }
 
-static void
+void
 print_comp_simple(struct Compartment *to_print)
 {
     printf("== COMPARTMENT SIMPLE -- ID %zu\n", to_print->id);