From 3262e99ec20c836a28ef572a38c6eef7cd04b8e0 Mon Sep 17 00:00:00 2001 From: Brooks Davis Date: Mon, 15 Apr 2024 12:08:44 -0700 Subject: [PATCH 1/4] Add a libsys status report --- .../status/report-2024-01-2024-03/libsys.adoc | 41 +++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 website/content/en/status/report-2024-01-2024-03/libsys.adoc diff --git a/website/content/en/status/report-2024-01-2024-03/libsys.adoc b/website/content/en/status/report-2024-01-2024-03/libsys.adoc new file mode 100644 index 00000000000..ef46267bdd6 --- /dev/null +++ b/website/content/en/status/report-2024-01-2024-03/libsys.adoc @@ -0,0 +1,41 @@ +=== libsys + +Contact: Brooks Davis + +The libsys project removes direct system calls from `libc.so` and +`libpthread.so` (aka `libthr.so`) to a seperate `libsys.so`. +This will: + + * Isolate language runtimes from the details of system call implementations. + * Better support logging and replay frameworks for systems calls. + * Support elimination of the ability to make system calls outside trusted code in the runtime linker and `libsys`. + +This work was initially inspired by a compartmentalization prototype in CheriBSD in 2016. +Ali Mashtizadeh and Tal Garfinkel picked that work up and attempted to upstream it link:https://reviews.freebsd.org/D14609[D14609]. +Unfortunatly we couldn't figure out how to review and land the massive reorganization required through a phabricator review so it languished. +Last year the CHERI project once again found a need for system call seperation in a new library-based compartmentalization framework in CheriBSD so I rebuilt the patch from scratch, committing dozens of libc cleanups along the way. +I landed the first batch of changes on February 5th. +Since then I've made a number of refinements to the way we link libsys as well as which symbols are provided in which library. + +Thanks to Konstantin Belousov for many round of review and feedback as well as runtime linker fixes. +Thanks to Mark Johnston for runtime linker debugging and Dimitry Andric for sanitizer fixes. +Thanks also to everyone how reported bugs and helped debug issues. + +==== Known issues (as of the end of the reporting period) + + * The `libsys` ABI is not yet considered stable (it's safe to assume `__sys_foo()` will be supported so language runtimes can use it now). + * Programs using address sanitizer must be linked with `-lsys` (resolved in base at publication time.) + +==== TODO + + * Add a `libsys.h`. (See link:https://reviews.freebsd.org/D44387[D44387] and other reviews in the stack.) + * Update man:intro[2] for `libsys`. + * Finalized ABI. I'm likely to reduce the set of `_` (underscore) prefixed symbols we expose. + * MFC the existance of `libsys`? It's not clear this is practical, but it might be possible to MFC something useful for language runtimes. + +==== Help wanted + + * Port language runtimes that don't use `libc` to use `libsys` for system calls rather than rolling their own interfaces. + * Explore limitations on where system calls can be made similar to OpenBSD's link:https://man.openbsd.org/OpenBSD-7.3/msyscall[msyscall(2)] (now obsolete) and link:https://man.openbsd.org/pinsyscalls[pinsyscalls(2)] (not an obvious match to our libsys). + +Sponsor: AFRL, DARPA From 372cb58015af5bd7c1947d7f8b8bc858953b3d1f Mon Sep 17 00:00:00 2001 From: Brooks Davis Date: Mon, 15 Apr 2024 13:46:37 -0700 Subject: [PATCH 2/4] Edits from @pauamma --- .../en/status/report-2024-01-2024-03/libsys.adoc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/website/content/en/status/report-2024-01-2024-03/libsys.adoc b/website/content/en/status/report-2024-01-2024-03/libsys.adoc index ef46267bdd6..87c2960afc5 100644 --- a/website/content/en/status/report-2024-01-2024-03/libsys.adoc +++ b/website/content/en/status/report-2024-01-2024-03/libsys.adoc @@ -3,7 +3,7 @@ Contact: Brooks Davis The libsys project removes direct system calls from `libc.so` and -`libpthread.so` (aka `libthr.so`) to a seperate `libsys.so`. +`libpthread.so` (aka `libthr.so`) to a separate `libsys.so`. This will: * Isolate language runtimes from the details of system call implementations. @@ -12,7 +12,7 @@ This will: This work was initially inspired by a compartmentalization prototype in CheriBSD in 2016. Ali Mashtizadeh and Tal Garfinkel picked that work up and attempted to upstream it link:https://reviews.freebsd.org/D14609[D14609]. -Unfortunatly we couldn't figure out how to review and land the massive reorganization required through a phabricator review so it languished. +Unfortunately we couldn't figure out how to review and land the massive reorganization required through a phabricator review so it languished. Last year the CHERI project once again found a need for system call seperation in a new library-based compartmentalization framework in CheriBSD so I rebuilt the patch from scratch, committing dozens of libc cleanups along the way. I landed the first batch of changes on February 5th. Since then I've made a number of refinements to the way we link libsys as well as which symbols are provided in which library. @@ -24,14 +24,14 @@ Thanks also to everyone how reported bugs and helped debug issues. ==== Known issues (as of the end of the reporting period) * The `libsys` ABI is not yet considered stable (it's safe to assume `__sys_foo()` will be supported so language runtimes can use it now). - * Programs using address sanitizer must be linked with `-lsys` (resolved in base at publication time.) + * Programs using the address sanitizer must be linked with `-lsys` (resolved in base at publication time). ==== TODO * Add a `libsys.h`. (See link:https://reviews.freebsd.org/D44387[D44387] and other reviews in the stack.) * Update man:intro[2] for `libsys`. - * Finalized ABI. I'm likely to reduce the set of `_` (underscore) prefixed symbols we expose. - * MFC the existance of `libsys`? It's not clear this is practical, but it might be possible to MFC something useful for language runtimes. + * Finalize the ABI. I'm likely to reduce the set of `_` (underscore) prefixed symbols we expose. + * MFC the existence of `libsys`? It's not clear this is practical, but it might be possible to MFC something useful for language runtimes. ==== Help wanted From 752b6b78ee07fe8b3708b4ff35d74374d1b93327 Mon Sep 17 00:00:00 2001 From: Brooks Davis Date: Mon, 15 Apr 2024 14:06:50 -0700 Subject: [PATCH 3/4] More improvements from @pauamma --- .../content/en/status/report-2024-01-2024-03/libsys.adoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/website/content/en/status/report-2024-01-2024-03/libsys.adoc b/website/content/en/status/report-2024-01-2024-03/libsys.adoc index 87c2960afc5..c71d720770d 100644 --- a/website/content/en/status/report-2024-01-2024-03/libsys.adoc +++ b/website/content/en/status/report-2024-01-2024-03/libsys.adoc @@ -11,13 +11,13 @@ This will: * Support elimination of the ability to make system calls outside trusted code in the runtime linker and `libsys`. This work was initially inspired by a compartmentalization prototype in CheriBSD in 2016. -Ali Mashtizadeh and Tal Garfinkel picked that work up and attempted to upstream it link:https://reviews.freebsd.org/D14609[D14609]. +Ali Mashtizadeh and Tal Garfinkel picked that work up and attempted to upstream it (link:https://reviews.freebsd.org/D14609[D14609]). Unfortunately we couldn't figure out how to review and land the massive reorganization required through a phabricator review so it languished. -Last year the CHERI project once again found a need for system call seperation in a new library-based compartmentalization framework in CheriBSD so I rebuilt the patch from scratch, committing dozens of libc cleanups along the way. +Last year the CHERI project once again found a need for system call separation in a new library-based compartmentalization framework in CheriBSD so I rebuilt the patch from scratch, committing dozens of libc cleanups along the way. I landed the first batch of changes on February 5th. Since then I've made a number of refinements to the way we link libsys as well as which symbols are provided in which library. -Thanks to Konstantin Belousov for many round of review and feedback as well as runtime linker fixes. +Thanks to Konstantin Belousov for many rounds of review and feedback as well as runtime linker fixes. Thanks to Mark Johnston for runtime linker debugging and Dimitry Andric for sanitizer fixes. Thanks also to everyone how reported bugs and helped debug issues. From e8165ca1cb4a0bc7bceaf2372dbd6006f74871c1 Mon Sep 17 00:00:00 2001 From: Brooks Davis Date: Mon, 15 Apr 2024 14:13:04 -0700 Subject: [PATCH 4/4] s/how/who Co-authored-by: Pau Amma --- website/content/en/status/report-2024-01-2024-03/libsys.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/en/status/report-2024-01-2024-03/libsys.adoc b/website/content/en/status/report-2024-01-2024-03/libsys.adoc index c71d720770d..4c39c8a201c 100644 --- a/website/content/en/status/report-2024-01-2024-03/libsys.adoc +++ b/website/content/en/status/report-2024-01-2024-03/libsys.adoc @@ -19,7 +19,7 @@ Since then I've made a number of refinements to the way we link libsys as well a Thanks to Konstantin Belousov for many rounds of review and feedback as well as runtime linker fixes. Thanks to Mark Johnston for runtime linker debugging and Dimitry Andric for sanitizer fixes. -Thanks also to everyone how reported bugs and helped debug issues. +Thanks also to everyone who reported bugs and helped debug issues. ==== Known issues (as of the end of the reporting period)