<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"><base href="x-msg://3481/"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Hi Ashok,<div><br></div><div>My understanding from the hacker session at the dev conference is that everyone is generally on board with this direction and it's mainly a matter of splitting up the patch a bit to help foster discussion about the different parts of it. Wanted to go ahead and respond to this email, though, and make sure that matches everyone else's take on things, too. Sound right to you guys?</div><div><br></div><div>-Jim</div><div><br><div><div>On Nov 7, 2012, at 7:02 PM, "Thirumurthi, Ashok" <<a href="mailto:ashok.thirumurthi@intel.com">ashok.thirumurthi@intel.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div lang="EN-US" link="blue" vlink="purple" style="font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div class="WordSection1" style="page: WordSection1; "><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">Well, there are a few ways to interpret your question. This patch makes SecureMemoryManager the default in lli, and I should probably follow suit in rt-dyld. For MCJIT, there is no default. That forces users to pick a memory manager and think about whether security is worth the premium. For instance, lldb expression evaluation is a case where security might not figure over speed.<o:p></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "> </span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">MCJIT could also have a secure default if a memory manager wasn’t supplied:<o:p></o:p></span></div><div style="margin: 0in 0in 0.0001pt 0.5in; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 9.5pt; font-family: Consolas; ">ExecutionEngine *MCJIT::createJIT(Module *M,<o:p></o:p></span></div><div style="margin: 0in 0in 0.0001pt 0.5in; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 9.5pt; font-family: Consolas; "> std::string *ErrorStr,<o:p></o:p></span></div><div style="margin: 0in 0in 0.0001pt 0.5in; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 9.5pt; font-family: Consolas; "> JITMemoryManager *JMM,<o:p></o:p></span></div><div style="margin: 0in 0in 0.0001pt 0.5in; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 9.5pt; font-family: Consolas; "> <span class="Apple-converted-space"> </span><span style="color: blue; ">bool</span><span class="Apple-converted-space"> </span>GVsWithCode,<o:p></o:p></span></div><div style="margin: 0in 0in 0.0001pt 0.5in; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 9.5pt; font-family: Consolas; "> TargetMachine *TM) {<o:p></o:p></span></div><div style="margin: 0in 0in 0.0001pt 0.5in; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 9.5pt; font-family: Consolas; "> sys::DynamicLibrary::LoadLibraryPermanently(0, NULL);<o:p></o:p></span></div><div style="margin: 0in 0in 0.0001pt 0.5in; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 9.5pt; font-family: Consolas; "> </span></div><div style="margin: 0in 0in 0.0001pt 0.5in; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 9.5pt; font-family: Consolas; "> <span class="Apple-converted-space"> </span><span style="color: blue; ">return</span><span class="Apple-converted-space"> </span><span style="color: blue; ">new</span><span class="Apple-converted-space"> </span>MCJIT(M, TM, JMM, GVsWithCode);<o:p></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 9.5pt; font-family: Consolas; ">-><o:p></o:p></span></div><div style="margin: 0in 0in 0.0001pt 0.5in; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 9.5pt; font-family: Consolas; "> <span class="Apple-converted-space"> </span><span style="color: blue; ">return</span><span class="Apple-converted-space"> </span><span style="color: blue; ">new</span><span class="Apple-converted-space"> </span>MCJIT(M, TM, JMM ? JMM : CreateDefaultMemManager(), GVsWithCode);<o:p></o:p></span></div><div style="margin: 0in 0in 0.0001pt 0.5in; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 9.5pt; font-family: Consolas; ">}<o:p></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 9.5pt; font-family: Consolas; "> </span></div><div style="margin: 0in 0in 0.0001pt 0.5in; font-size: 12pt; font-family: 'Times New Roman', serif; text-indent: -0.25in; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><span>-<span style="font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-family: 'Times New Roman'; "> <span class="Apple-converted-space"> </span></span></span></span><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">Ashok<o:p></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "> </span></div><div style="border-style: solid none none; border-top-width: 1pt; border-top-color: rgb(181, 196, 223); padding: 3pt 0in 0in; "><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><b><span style="font-size: 10pt; font-family: Tahoma, sans-serif; ">From:</span></b><span style="font-size: 10pt; font-family: Tahoma, sans-serif; "><span class="Apple-converted-space"> </span>Eric Christopher [<a href="mailto:echristo@gmail.com" style="color: purple; text-decoration: underline; ">mailto:echristo@gmail.com</a>]<span class="Apple-converted-space"> </span><br><b>Sent:</b><span class="Apple-converted-space"> </span>Tuesday, November 06, 2012 6:53 PM<br><b>To:</b><span class="Apple-converted-space"> </span>Thirumurthi, Ashok<br><b>Cc:</b><span class="Apple-converted-space"> </span><a href="mailto:llvm-commits@cs.uiuc.edu" style="color: purple; text-decoration: underline; ">llvm-commits@cs.uiuc.edu</a>; Jim Grosbach<br><b>Subject:</b><span class="Apple-converted-space"> </span>Re: [llvm-commits] [PATCH for REVIEW] Secure Memory Manager for MCJIT and RuntimeDyld.<o:p></o:p></span></div></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">I haven't looked at the whole thing yet, but any reason not to make this the default (other than it's slightly more complicated)?<o:p></o:p></div><div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div><div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">-eric<o:p></o:p></div></div><div><p class="MsoNormal" style="margin: 0in 0in 12pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></p><div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">On Tue, Nov 6, 2012 at 8:01 AM, Thirumurthi, Ashok <<a href="mailto:ashok.thirumurthi@intel.com" target="_blank" style="color: purple; text-decoration: underline; ">ashok.thirumurthi@intel.com</a>> wrote:<o:p></o:p></div><div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="color: rgb(31, 73, 125); ">Currently, RuntimeDyld clients (like MCJIT) cannot restrict the memory protection flags for sections that are read-only, RW or RX. Instead, all sections are loaded into RWX memory. This patch improves the interface of RTDyldMemoryManager to allow sections to be allocated as RW and later protected as R, RW or RX. In addition, as RuntimeDyld clients may have multiple Modules to load, the interface includes a memory pool ID to pool allocations. This permits RuntimeDyld clients to free a memory pool without impacting other loads. Finally, as RuntimeDyld loads a full Module, the RWX attributes of all sections are known prior to the first allocation. As a result, the interface includes the facility to log requests for memory. The goal is to minimize the number of mmap/mprotect calls that must be made to load a Module, while also ensuring that no full page of memory is wasted.</span><o:p></o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="color: rgb(31, 73, 125); "> </span><o:p></o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="color: rgb(31, 73, 125); ">As RTDyldMemoryManager is a base class of JITMemoryManager, this patch touches all of the memory managers in the llvm code base.</span><o:p></o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="color: rgb(31, 73, 125); "> </span><o:p></o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="color: rgb(31, 73, 125); ">In addition, this patch provides two reference memory managers which can be committed separately. The first, a slightly modified version of SectionMemoryManager, is a trivial memory manager that happily ignores the call to protectPool. This was previously ripped from lli.cpp and committed with tests in unittests/ExecutionEngine/MCJIT. This memory manager is useful for clients that are more interested in efficiency than security.</span><o:p></o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="color: rgb(31, 73, 125); "> </span><o:p></o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="color: rgb(31, 73, 125); ">MCJIT and JIT engines allow the client to specify a JITMemoryManager. Although this unifies the interface between execution engines, MCJIT clients use the methods in the base class RTDyldMemoryManager. SectionMemoryManager also provides a convenient implementation of pure virtual methods in JITMemoryManager. In particular, SectionMemoryManager is now used by rt-dyld.</span><o:p></o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="color: rgb(31, 73, 125); "> </span><o:p></o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="color: rgb(31, 73, 125); ">Alternately, the SecureMemoryManager is a reference memory manager with an implementation of protectPool. This memory manager derives from SectionMemoryManager and provides a single class with functionality of interest to MCJIT and RuntimeDyld clients. Specifically, requests with the same combination of RWX flags are satisfied by the same allocation. In addition, allocations can be grouped using a pool ID. The patch includes unit tests for all of this functionality. In addition, this patch modifies lli to use the SecureMemoryManager.</span><o:p></o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="color: rgb(31, 73, 125); "> </span><o:p></o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="color: rgb(31, 73, 125); ">Looking forwards, options can be provided for lli and rt-dyld to choose between secure, fast, and remote memory managers. In addition, options can be provided for MCJIT to determine if protectPool will be called. Finally, MCJIT can be reworked to support multiple Modules.</span><o:p></o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="color: rgb(31, 73, 125); "> </span><o:p></o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="color: rgb(31, 73, 125); ">While the patch is large, it has been provided for completeness to support reviews at the hackers workshop at llvm-dev. Reviewers on the list can restrict their comments to the interface or the implementation as these can easily be performed in two separate commits. Thanks!</span><o:p></o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="color: rgb(31, 73, 125); "> </span><span style="color: rgb(136, 136, 136); "><o:p></o:p></span></div><p style="margin-right: 0in; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="color: rgb(31, 73, 125); ">-</span><span style="font-size: 7pt; color: rgb(31, 73, 125); "> <span class="Apple-converted-space"> </span></span><span style="color: rgb(31, 73, 125); ">Ashok Thirumurthi</span><span style="color: rgb(136, 136, 136); "><o:p></o:p></span></p></div><p class="MsoNormal" style="margin: 0in 0in 12pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><br>_______________________________________________<br>llvm-commits mailing list<br><a href="mailto:llvm-commits@cs.uiuc.edu" style="color: purple; text-decoration: underline; ">llvm-commits@cs.uiuc.edu</a><br><a href="http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits" target="_blank" style="color: purple; text-decoration: underline; ">http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits</a><o:p></o:p></p></div><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "></p></div></div></div></blockquote></div><br></div></body></html>