nestedkernel / perspicuos Goto Github PK
View Code? Open in Web Editor NEWThis repository contains the nested kernel implementation as it was built for the ASPLOS 2015 paper, including the FreeBSD prototype PerspicuOS.
License: Other
This repository contains the nested kernel implementation as it was built for the ASPLOS 2015 paper, including the FreeBSD prototype PerspicuOS.
License: Other
so I cloned the PerspicuOS github repo and built the nk directory,
(which apparently succeeded). However, when trying to build the FreeBSD9 directory, it gave me this error (I used "make buildworld"):
Error: No such file: "opt_sva_mmu.h"
In file included from /root/PerspicuOS/FreeBSD9/lib/libc/stdlib/malloc.c:177:/usr/obj/root/PerspicuOS/FreeBSD9/tmp/usr/include/machine/cpufunc.h:44:25: error mkdep: compile failed
*** Error code 1
Stop in /root/PerspicuOS/FreeBSD9/lib/libc
placeholder for discussion
Hi there,
first of all, congrats for this nice work, I love the idea of not using expensive hardware virtualization support, to get more secure execution for a small performance penalty.
However, I had a quick look at the code and I am a bit concerned with the sva_load_cr0 intrinsic implemented in nk/lib/mmu.c.
As far as I understand it serves outer kernel needs to modify cr0 while ensuring that WP bit stay set. What if a compromised outer kernel locates the sva_load_cr0_secure function at runtime and directly calls to the cr0 move instruction (when such a call is possible) ? When it succeed invariant I8 won't be enforced anymore and the nk will become unprotected.
Is this a potential vulnerability or did I missed something ?
Hi friends. I have successfully compiled the NestedKernel in FreeBSD9.0
This kernel can run in a virtual machine but cannot in a physical machine. So I write to ask for your suggestions. The following is a screenshot of the hanging point.
https://www.dropbox.com/s/gxf5asncfd7nnf4/webwxgetmsgimg.jpeg?dl=0
https://www.dropbox.com/s/1a2fkjilwjp3wxj/Screenshot%20from%202019-03-13%2022-19-50.png?dl=0
Thanks!
Hi,
I am trying to understand the code based on your excellent paper. However, the APIs declared in the paper(nk_declare, nk_alloc, etc.) seem not to be called by the kernel? For example, I search the function pt_update_is_valid
, and the result shows that it appears only once(in nk/lib/mmu.c#.L259), it is not even referenced.
----- Update: Sorry for my mistake before, the github default search functionality seems not good enough, pt_update_is_valid
is referenced in the __update_mapping
function.
I compared the difference between FreeBSD9
and FreeBSD9-orig
directory, trying to find out the modification. I find two possible functions in FreeBSD9/sys/kern/kern_sva.c, provideSVAMemory
and releaseSVAMemory
, both of which are referenced in the nk lib. However, the first line of provideSVAMemory
is panic("Don't call this!");
!
Now I'm a little confused, where and how is the nk library being used? Did I miss anything?
Thanks.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.