Page MenuHomeFreeBSD
Differential D16822

bhyve: Use MAP_GUARD guard pages
ClosedPublic
Actions

Authored by lattera-gmail.com on Aug 21 2018, 1:32 AM.
Tags
Referenced Files
F110698522: D16822.diff
Sat, Feb 22, 1:11 AM
F110690756: D16822.diff
Fri, Feb 21, 11:01 PM
Unknown Object (File)
Sun, Feb 16, 3:50 AM
Unknown Object (File)
Sat, Jan 25, 2:28 AM
Unknown Object (File)
Jan 22 2025, 11:25 AM
Unknown Object (File)
Jan 18 2025, 1:10 AM
Unknown Object (File)
Dec 6 2024, 12:07 AM
Unknown Object (File)
Dec 1 2024, 12:04 AM
View All Files
Subscribers
imp
jhb
mmokhi
Contributor Reviews (src)

Details

Reviewers
rgrimes
araujo
kib
Group Reviewers
bhyve
Commits
rS338511: bhyve: Use MAP_GUARD when mapping guest memory ranges.
Summary

The memory space of virtual machines is protected by guard pages (one guard mapping at the beginning of the VM space and one guard mapping at the end of the VM space) . Instead of relying solely on PROT_NONE mappings, use MAP_GUARD mappings as the guard pages. Note that the size of the guard mapping (4MB) is left unchanged.

Sponsored by: HardendBSD and G2, Inc

Test Plan
  1. Apply patch
  2. Run your bhyve VMs as you normally do

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

lattera-gmail.com created this revision.Aug 21 2018, 1:32 AM
Herald added a reviewer: rgrimes. · View Herald TranscriptAug 21 2018, 1:32 AM
Herald added subscribers: Contributor Reviews (src), imp. · View Herald Transcript
lattera-gmail.com edited the summary of this revision. (Show Details)Aug 21 2018, 1:34 AM
araujo added reviewers: araujo, bhyve.Aug 28 2018, 6:42 AM
mmokhi added a subscriber: mmokhi.Aug 28 2018, 2:46 PM
jhb added a reviewer: kib.Aug 28 2018, 7:52 PM
jhb added a subscriber: jhb.Aug 28 2018, 8:03 PM

Adding @kib since he added MAP_GUARD. I think you should instead MAP_GUARD the entire range first and then remap the middle. The middle is already remapped on line 518, so instead of adding new mmap()'s just for the guards, you should replace the mmap() on line 496 with this:

base = mmap(NULL, len2, PROT_NONE, MAP_GUARD | MAP_ALIGNED_SUPER, -1, 0);
lattera-gmail.com added a comment.Aug 28 2018, 8:14 PM
In D16822#361106, @jhb wrote:

Adding @kib since he added MAP_GUARD. I think you should instead MAP_GUARD the entire range first and then remap the middle. The middle is already remapped on line 518, so instead of adding new mmap()'s just for the guards, you should replace the mmap() on line 496 with this:

base = mmap(NULL, len2, PROT_NONE, MAP_GUARD | MAP_ALIGNED_SUPER, -1, 0);

Thanks for the feedback! I'll give that a shot and report back soon.

lattera-gmail.com updated this revision to Diff 47400.Aug 28 2018, 8:30 PM

Update the patch to use John Baldwin's suggestion on mapping the entire range first with MAP_GUARD.

lattera-gmail.com updated this revision to Diff 47401.Aug 28 2018, 8:38 PM

Missed a spot. Cover another mapping with MAP_GUARD.

kib added a comment.Aug 28 2018, 8:55 PM

The only useful feature of the phabricator is to easily see context around the patch, which you successfully botched.

lib/libvmmapi/vmmapi.c
392 ↗(On Diff #47401)

flags is single-use and thus pointless.

402 ↗(On Diff #47401)

I munmap(2) fails, the interesting errno value is obliterated.

503 ↗(On Diff #47401)

Again flags use is pointless. Before your patch, it was used to avoid line wrapping in the mmap() line, most likely.

510 ↗(On Diff #47401)

Weird line space use.

jhb added a comment.Aug 28 2018, 9:06 PM

You should only be replacing the existing MAP_ANON / PROT_NONE mmap() calls with MAP_GUARD instead. You shouldn't be adding new mmap() calls. The "real" thing is already being mmap()'d later. As @kib notes, it's good to use 'svn diff -x -U 99999' or the like to generate context when uploading to phabricator.

lattera-gmail.com updated this revision to Diff 47406.Aug 28 2018, 9:23 PM

Reflect changes requested by both kib and jhb.

lattera-gmail.com marked 4 inline comments as done.Aug 28 2018, 9:23 PM
In D16822#361129, @kib wrote:

The only useful feature of the phabricator is to easily see context around the patch, which you successfully botched.

I'm still getting used to Phabricator. Please be patient.

jhb added inline comments.Aug 28 2018, 9:45 PM
lib/libvmmapi/vmmapi.c
397 ↗(On Diff #47406)

You don't need this second call to mmap(). setup_memory_segment() maps the appropriate regions of memory via mmap() with MAP_FIXED below. You should just keep the existing line that does 'baseaddr = ptr + VM_MMAP_GUARD_SIZE;'.

499 ↗(On Diff #47406)

I would probably leave the existing comment as it is already accurate. I would also probably leave the len2 helper variable to minimize the diff.

lattera-gmail.com added inline comments.Aug 28 2018, 9:49 PM
lib/libvmmapi/vmmapi.c
397 ↗(On Diff #47406)

Ah, okay. I didn't realize setup_memory_segment did that. I'll remove this call to mmap.

499 ↗(On Diff #47406)

I'll add the comment back in.

As far as len2 is concerned, I figured that since kib complained about the already-existing flags variable being single-use, I'd also get rid of len2, since it, too, is single-use. I can revert that change, though.

lattera-gmail.com updated this revision to Diff 47408.Aug 28 2018, 9:54 PM

Minimize diff with suggestions by jhb.

lattera-gmail.com marked 4 inline comments as done.Aug 28 2018, 9:55 PM
jhb added a comment.Aug 28 2018, 11:04 PM

This looks right to me now. I'll try to test it locally in the next day or so.

lattera-gmail.com added a comment.Sep 4 2018, 12:22 AM
In D16822#361197, @jhb wrote:

This looks right to me now. I'll try to test it locally in the next day or so.

Thanks a lot for the review and the suggestions! For what it's worth, I've been running with this patch with various operating systems (Win10, FreeBSD, HardenedBSD, and CentOS) since the last revision. No issues to report on my end.

araujo accepted this revision as: araujo.Sep 4 2018, 1:51 AM

I have tested it with FreeBSD HEAD as a guest running for couple days.

This revision is now accepted and ready to land.Sep 4 2018, 1:51 AM
Closed by commit rS338511: bhyve: Use MAP_GUARD when mapping guest memory ranges. (authored by jhb). · Explain WhySep 6 2018, 8:29 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
head/
lib/
libvmmapi/
9 lines

Diff 47777

View Options

head/lib/libvmmapi/vmmapi.c

Loading...