Thanks to visit codestin.com
Credit goes to github.com

Skip to content

trap and emulate cpuid, disabling rdrand and rdseed #3619

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 14 commits into from
Jul 14, 2025
Merged

trap and emulate cpuid, disabling rdrand and rdseed #3619

merged 14 commits into from
Jul 14, 2025

Conversation

@sporksmith
Copy link
Contributor

@sporksmith sporksmith commented Jun 27, 2025
edited
Loading

  • Trap and emulate the cpuid instruction (on platforms that support it), and force reporting that the RDRAND and RDSEED instructions aren't supported.
  • Add handling for arch_prctl to prevent the managed process from interfering with our trapping of cpuid.
  • Rewrite the determinism test in rust, fixing some minor determinism issues in the rust runtime initialization.
  • Extend the determinism test to validate that tor_llcrypto::rng::CautionRng (which uses rdrand when its available) is deterministic under shadow, on platforms where trapping the cpuid instruction is supported.

Fixes #1561 and #3610.

@github-actions github-actions bot added Component: Libraries Support functions like LD_PRELOAD and logging Component: Testing Unit and integration tests and frameworks Component: Main Composing the core Shadow executable Component: Documentation In-repository documentation, under docs/ labels Jun 27, 2025
trinity-1686a
trinity-1686a reviewed Jun 28, 2025
View reviewed changes
Copy link
Contributor

@trinity-1686a trinity-1686a left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it looks like if a tested program does syscall(SYS_arch_prctl, ARCH_SET_CPUID, 1);, CPUID isn't intercepted (on Intel). This syscall should probably be intercepted, logged, and maybe ignored?

@github-actions github-actions bot removed Component: Main Composing the core Shadow executable Component: Documentation In-repository documentation, under docs/ labels Jun 28, 2025
@sporksmith
Copy link
Contributor Author

sporksmith commented Jun 28, 2025

it looks like if a tested program does syscall(SYS_arch_prctl, ARCH_SET_CPUID, 1);, CPUID isn't intercepted (on Intel). This syscall should probably be intercepted, logged, and maybe ignored?

Ooh, good catch. Yeah I'll add a handler for that.

@github-actions github-actions bot added Component: Main Composing the core Shadow executable Component: Build Build/install tools and dependencies labels Jul 7, 2025
@sporksmith sporksmith force-pushed the cpuid branch 3 times, most recently from 4ded682 to 947d1fa Compare July 7, 2025 23:52
@sporksmith sporksmith marked this pull request as ready for review July 8, 2025 03:36
@sporksmith sporksmith requested a review from a team July 8, 2025 03:36
@sporksmith sporksmith changed the title cpuid trap and emulation, disabling rdrand trap and emulate cpuid, disabling rdrand and rdseed Jul 8, 2025
sporksmith added a commit to sporksmith/shadow that referenced this pull request Jul 8, 2025
@sporksmith
Update changelog for shadow#3619
aac8e86
@github-actions github-actions bot added the Component: Documentation In-repository documentation, under docs/ label Jul 8, 2025
@robgjansen
Copy link
Member

robgjansen commented Jul 9, 2025

(I'm running PETS 2025 next week, so I don't think I'll be able to get to this for a bit. Hope that's OK!)

@sporksmith
Copy link
Contributor Author

sporksmith commented Jul 9, 2025

(I'm running PETS 2025 next week, so I don't think I'll be able to get to this for a bit. Hope that's OK!)

No problem. Using this fix locally (to debug a flaky arti test) is good enough for me for the moment :)

Have a good PETS!

stevenengler
stevenengler approved these changes Jul 14, 2025
View reviewed changes
Copy link
Contributor

@stevenengler stevenengler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool! LGTM!

@sporksmith
linux-api: add arch_prctl
01ce325
@sporksmith
tsc: Move functionality to a tsc module
d838109 
This is in preparation to widen the scope of this module to include
other asm utilities (for cpuid).
@sporksmith
rename tsc crate -> asm_util
8c932cd
sporksmith added 10 commits July 14, 2025 12:48
@sporksmith
shadow-shim-helper: add cpuid module
d88786a
@sporksmith
Rename shim_rdtsc.c -> shim_insn_emu.c
60f867a 
In preparation to expand this to include cpuid emulation.
@sporksmith
Intercept cpuid and fake not-supporting RDRAND and RDSEED
d9e055b
@sporksmith
Handle arch_prctl to prevent interference with trapping cpuid
20fa280
@sporksmith
regular_file: fix read-only check
66c2466 
This was incorrectly checking the mode instead of the flags to test
whether the file was being opened read-only.
@sporksmith
sched_getaffinity: mark pid as non-deterministic
0ce186b 
Workaround for shadow#3626
@sporksmith
determinism test: rewrite in rust
5088f05 
This drops some testing that was orthogonal to determinism, including
trying to open files with multiple libc APIs and reverse DNS lookups.
@sporksmith
format_shmem_name: use fixed-width names
32bcb2a 
Occasionally having a different-length name here results in
different read-amounts in strace logs for programs that read
`/proc/self/maps`, which includes all rust programs during the runtime
initialization.
@sporksmith
determinism test: test tor_llcrypto
444a572
@sporksmith
Update changelog for shadow#3619
f4a834e
@sporksmith sporksmith enabled auto-merge July 14, 2025 17:50
@sporksmith sporksmith merged commit bc9a62a into shadow:main Jul 14, 2025
25 checks passed
This was referenced Jul 14, 2025
Closed
Open
@sporksmith sporksmith mentioned this pull request Sep 24, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stevenengler stevenengler stevenengler approved these changes

+1 more reviewer

@trinity-1686a trinity-1686a trinity-1686a left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@sporksmith sporksmith

Labels

Component: Build Build/install tools and dependencies Component: Documentation In-repository documentation, under docs/ Component: Libraries Support functions like LD_PRELOAD and logging Component: Main Composing the core Shadow executable Component: Testing Unit and integration tests and frameworks

Projects

None yet

Milestone

Remove sources of non-determinism

Development

Successfully merging this pull request may close these issues.

Trap and emulate cpuid (disabling RDRAND)

4 participants

@sporksmith @robgjansen @stevenengler @trinity-1686a