Re: [solo5] Solo5, MireageOS and Write and Exec Memory
Well now i feel like a real goose! I cleaned out everything and started a fresh. | ___| __| _ \ | _ \ __ \ \__ \ ( | | ( | ) | /\___/ _|\___// Solo5: Memory map: 512 MB addressable: Solo5: unused @ (0x0 - 0xf) Solo5: text @ (0x10 - 0x21efff) Solo5: rodata @ (0x21f000 - 0x24efff) Solo5: data @ (0x24f000 - 0x30cfff) Solo5: heap >= 0x30d000 < stack < 0x2000 2018-06-22 08:34:29 -00:00: INF [application] hello 2018-06-22 08:34:30 -00:00: INF [application] hello 2018-06-22 08:34:31 -00:00: INF [application] hello 2018-06-22 08:34:32 -00:00: INF [application] hello Solo5: solo5_exit(0) called No warning, no problems. it was as simple as opam install mirage -y&& \ git clone git://github.com/mirage/mirage-skeleton.git $HOME/devl/mirage-skeleton && \ cd $HOME/devl/mirage-skeleton/tutorial/hello && \ mirage configure -t ukvm && \ gmake depends && \ gmake and then doas ukvm-bin hello.ukvm There is a patch on po...@openbsd.org for Ocaml 4.06 and OPAM 2.00rc2, I think once that goes in, it might be time to announce MirageOS on OpenBSD to m...@openbsd.org. Sorry about wasting your time mato, i have no explanation as to why it failed or why it worked again, the only difference was a clean out of .opam and 24-36hours. Cheers Adam ‐‐‐ Original Message ‐‐‐ On June 21, 2018 8:03 PM, Martin Lucina wrote: > > > On Thursday, 21.06.2018 at 07:46, Adam Steen wrote: > > > > > Mirage-Skeleton Hello World Tutorial, I now find this causes as " > > > > > > > > mprotect W^X violation" on OpenBSD. > > > > > > That's err, odd. Do you get a "Warning: phdr[N] requests WRITE and EXEC > > > > > > permissions" when running ukvm-bin? > > > > Yes. > > Right, so your ELF is requesting such a segment, in which case the failure > > is expected (without manually disabling W^X for the ukvm-bin). > > > > When you write "causes a mprotect W^X violation", how does that actually > > > > > > manifest itself at run-time? Does ukvm-bin get killed? Or some other way? > > > > ukvm-bin gets killed by the kernel. > > > > "ukvm-bin: hello.ukvm: Warning: phdr[0] requests WRITE and EXEC permissions" > > > > "ukvm-bin: hello.ukbm: Not Supported" > > The second error would be from the mprotect() returning ENOTSUP, which is > > due to the W^X policy, and ukvm-bin is correctly aborting in that case. > > > Looks like I will have to dig a little deeper, I do recall something like > > this happening soon after i got things working on a custom kernel. I am > > awol again next week, but will try to nail down exactly what caused the > > issue. > > > > Thanks for the confirmation about linux and a starting point with "readelf > > -l" > > As I wrote initially, this looks like something in the MirageOS build on > > OpenBSD is generating a segment with W & X on it. You can double-confirm by > > e.g. building the same unikernel on Linux and seeing if it runs on OpenBSD. > > If it changed recently then it's possible that either a) you were > > previously running a kernel that did not enforce this or b) the build > > toolchain changed and/or due to a) you did not notice that it's producing W > > & X segments in the first place. > > I'd ask around on the OpenBSD lists and/or check the various clang / ld > > manual pages for any options that might affect this. > > -mato
Re: [solo5] Solo5, MireageOS and Write and Exec Memory
Hi Mato See inlines below ‐‐‐ Original Message ‐‐‐ On June 21, 2018 6:05 PM, Martin Lucina wrote: > > > Hi Adam, > > On Wednesday, 20.06.2018 at 22:07, Adam Steen wrote: > > > Hi All > > > > As some of you know I have been working to get MirageOS/Solo5 working on > > > > OpenBSD. > > > > As of Friday of last week, I though i had at least achieved this, but > > > > after running an end to end test with released version the of > > > > Mirage-Skeleton Hello World Tutorial, I now find this causes as " > > > > mprotect W^X violation" on OpenBSD. > > That's err, odd. Do you get a "Warning: phdr[N] requests WRITE and EXEC > > permissions" when running ukvm-bin? Yes. > > I know Solo5 does not issue any mprotect requests with WRITE and EXEC > > > > permissions, but something in MirageOS does. I have be testing building > > > > the Hello World example for a while now without any problems of this > > > > nature, i am not sure where to start look at what changed. > > > > I can permit W^X memory on OpenBSD with a change to the Solo5 configure > > > > script and a file system setting, but this has now missed the boat for > > > > this release and would prefer not to do this. > > That would be just papering over the problem. Your right, it should be sorted correctly. > As for fixes, it'll be while > > yet before the post 0.3.0 renaming and restructuring gets done, I can > > easily cut a point release before then for trivial fixes (no ABI changes). I will have to see what i can track down. > > > Any tips on where i should look? > > When you write "causes a mprotect W^X violation", how does that actually > > manifest itself at run-time? Does ukvm-bin get killed? Or some other way? ukvm-bin gets killed by the kernel. "ukvm-bin: hello.ukvm: Warning: phdr[0] requests WRITE and EXEC permissions" "ukvm-bin: hello.ukbm: Not Supported" and in dmesg "ukvm-bin(65577): mprotect W^X violation" > I've looked at the build products (on Linux) for both the Solo5 standalone > > tests and the mirage-skeleton tutorial/hello unikernel with "readelf -l", > > and I don't see any phdrs asking for W and X protections at the same time, > > so my guess would be something in the OpenBSD build is acting up (again). > > -mato Looks like I will have to dig a little deeper, I do recall something like this happening soon after i got things working on a custom kernel. I am awol again next week, but will try to nail down exactly what caused the issue. Thanks for the confirmation about linux and a starting point with "readelf -l" Adam
Re: [solo5] Solo5, MireageOS and Write and Exec Memory
Hi Adam, On Wednesday, 20.06.2018 at 22:07, Adam Steen wrote: > Hi All > > As some of you know I have been working to get MirageOS/Solo5 working on > OpenBSD. > > As of Friday of last week, I though i had at least achieved this, but > after running an end to end test with released version the of > Mirage-Skeleton Hello World Tutorial, I now find this causes as " > mprotect W^X violation" on OpenBSD. That's err, odd. Do you get a "Warning: phdr[N] requests WRITE and EXEC permissions" when running ukvm-bin? > I know Solo5 does not issue any mprotect requests with WRITE and EXEC > permissions, but something in MirageOS does. I have be testing building > the Hello World example for a while now without any problems of this > nature, i am not sure where to start look at what changed. > > I can permit W^X memory on OpenBSD with a change to the Solo5 configure > script and a file system setting, but this has now missed the boat for > this release and would prefer not to do this. That would be just papering over the problem. As for fixes, it'll be while yet before the post 0.3.0 renaming and restructuring gets done, I can easily cut a point release before then for trivial fixes (no ABI changes). > > Any tips on where i should look? When you write "causes a mprotect W^X violation", how does that actually manifest itself at run-time? Does ukvm-bin get killed? Or some other way? I've looked at the build products (on Linux) for both the Solo5 standalone tests and the mirage-skeleton tutorial/hello unikernel with "readelf -l", and I don't see any phdrs asking for W and X protections at the same time, so my guess would be something in the OpenBSD build is acting up (again). -mato