Feature: LPMP support to break the enclave number limitation

This PR introduces LPMP, which breaks the number limitation via an
efficient PMP virtualization mechanism. As a proof-of-concept, our
primary prototype enables Keystone to host 32 enclaves simultaneously.

Co-authored-by: Mingde Ren <mingde-ren@outlook.com>

examples/CMakeLists.txt

@@ -35,3 +35,4 @@ add_subdirectory(hello)
 add_subdirectory(hello-native)
 add_subdirectory(attestation)
 add_subdirectory(tests)
+add_subdirectory(hello-lpmp)

examples/hello-lpmp/CMakeLists.txt

@@ -0,0 +1,36 @@
+set(eapp_bin hello-lpmp)
+set(eapp_src eapp/hello_lpmp.c)
+set(host_bin hello-lpmp-runner)
+set(host_src host/host_lpmp.cpp)
+set(package_name "hello-lpmp.ke")
+set(package_script "./hello-lpmp-runner hello-lpmp eyrie-rt loader.bin")
+set(eyrie_plugins "io_syscall linux_syscall env_setup")
+
+# eapp
+
+add_executable(${eapp_bin} ${eapp_src})
+target_link_libraries(${eapp_bin} "-static")
+
+# host
+
+add_executable(${host_bin} ${host_src})
+target_link_libraries(${host_bin} ${KEYSTONE_LIB_HOST} ${KEYSTONE_LIB_EDGE})
+
+# add target for Eyrie runtime (see keystone.cmake)
+
+set(eyrie_files_to_copy .options_log eyrie-rt loader.bin)
+add_eyrie_runtime(${eapp_bin}-eyrie
+  ${eyrie_plugins}
+  ${eyrie_files_to_copy})
+
+# add target for packaging (see keystone.cmake)
+
+add_keystone_package(${eapp_bin}-package
+  ${package_name}
+  ${package_script}
+  ${eyrie_files_to_copy} ${eapp_bin} ${host_bin})
+
+add_dependencies(${eapp_bin}-package ${eapp_bin}-eyrie)
+
+# add package to the top-level target
+add_dependencies(examples ${eapp_bin}-package)

examples/hello-lpmp/eapp/hello_lpmp.c

@@ -0,0 +1,10 @@
+#include <stdio.h>
+#include <unistd.h>
+
+int main()
+{
+  printf("Hello, Enclave!\n");
+  sleep(30);
+  printf("Goodbye, Enclave!\n");
+  return 0;
+}

examples/hello-lpmp/host/host_lpmp.cpp

@@ -0,0 +1,27 @@
+//******************************************************************************
+// Copyright (c) 2018, The Regents of the University of California (Regents).
+// All Rights Reserved. See LICENSE for license details.
+//------------------------------------------------------------------------------
+#include "edge/edge_call.h"
+#include "host/keystone.h"
+
+using namespace Keystone;
+
+int
+main(int argc, char** argv) {
+  Enclave enclave;
+  Params params;
+
+  params.setFreeMemSize(256 * 1024);
+  params.setUntrustedSize(256 * 1024);
+
+  enclave.init(argv[1], argv[2], argv[3], params);
+
+  enclave.registerOcallDispatch(incoming_call_dispatch);
+  edge_call_init_internals(
+      (uintptr_t)enclave.getSharedBuffer(), enclave.getSharedBufferSize());
+
+  enclave.run();
+
+  return 0;
+}

overlays/keystone/patches/opensbi/opensbi-lpmp.patch

@@ -0,0 +1,140 @@
+diff --git a/include/sbi/sbi_lpmp.h b/include/sbi/sbi_lpmp.h
+new file mode 100644
+index 0000000..d56ad96
+--- /dev/null
++++ b/include/sbi/sbi_lpmp.h
+@@ -0,0 +1,21 @@
++#ifndef __SBI_LPMP_H__
++#define __SBI_LPMP_H__
++
++#define PTE_V (1L << 0)
++#define PTE_R (1L << 1)
++#define PTE_W (1L << 2)
++#define PTE_X (1L << 3)
++
++#define PPNSHIFT        9
++#define PGSHIFT         12
++#define PTE2PA(pte)     (((pte) >> 10) << 12)
++#define PXMASK          0x1FF  // 9 bits
++#define PXSHIFT(level)  (PGSHIFT + (9 * (level)))
++#define PX(level, va)   ((((uint64_t)(va)) >> PXSHIFT(level)) & PXMASK)
++
++typedef uint64_t *pagetable_t;
++typedef uint64_t pte_t;
++
++int pmp_fault_handler(ulong mtval);
++
++#endif
+diff --git a/lib/sbi/objects.mk b/lib/sbi/objects.mk
+index 1ed1983..9bdc555 100644
+--- a/lib/sbi/objects.mk
++++ b/lib/sbi/objects.mk
+@@ -44,3 +44,4 @@ libsbi-objs-y += sbi_tlb.o
+ libsbi-objs-y += sbi_trap.o
+ libsbi-objs-y += sbi_unpriv.o
+ libsbi-objs-y += sbi_expected_trap.o
++libsbi-objs-y += sbi_lpmp.o
+diff --git a/lib/sbi/sbi_lpmp.c b/lib/sbi/sbi_lpmp.c
+new file mode 100644
+index 0000000..35837e3
+--- /dev/null
++++ b/lib/sbi/sbi_lpmp.c
+@@ -0,0 +1,75 @@
++#include "lpmp.h"
++#include <sbi/riscv_asm.h>
++#include <sbi/riscv_encoding.h>
++#include <sbi/sbi_console.h>
++#include <sbi/sbi_error.h>
++#include <sbi/sbi_types.h>
++#include <sbi/sbi_lpmp.h>
++
++static uint64_t get_pt_root(void) { 
++    return ((csr_read(satp) & 0xFFFFFFFFFFF) << 12); 
++}
++
++static uint64_t walkaddr(pagetable_t pagetable, uint64_t va) {
++    if (pagetable == 0)
++        return 0;
++    pte_t *pte;
++    uint64_t level;
++    uint64_t pa;
++
++    // make sure page tables in PMP.
++    host_hit_region((uint64_t)pagetable);
++    for (level = 4; level > 0; level--) {
++        pte = &pagetable[PX(level, va)];
++        if (*pte & (PTE_X | PTE_W | PTE_R)) {
++            goto found;  // A leaf pte has been found.
++        } else if (*pte & PTE_V) {
++            pagetable = (pagetable_t)PTE2PA(*pte);
++            host_hit_region((uint64_t)pagetable);
++        } else {
++            sbi_panic("invalid va=0x%lx\n", va);
++        }
++    }
++    pte = &pagetable[PX(0, va)];
++  
++found:
++    if (pte == 0)
++        return 0;
++    if ((*pte & PTE_V) == 0)
++        return 0;    
++    uint64_t number_of_ones = PGSHIFT + level * PPNSHIFT;
++    uint64_t offset_mask = (1 << number_of_ones) - 1;
++    uint64_t offset = (va & offset_mask);
++    pa = PTE2PA(*pte) + offset;
++
++    return pa;
++}
++
++static inline void flush_tlb()
++{
++	  asm volatile("sfence.vma");
++}
++
++int pmp_fault_handler(ulong mtval) {
++    if (!mtval) {
++        sbi_printf("mepc = 0x%lx\n", csr_read(CSR_MEPC));
++        sbi_printf("Null pointer!\n");
++        return -1;
++    }
++    pagetable_t pt_root = (pagetable_t)get_pt_root();
++    uintptr_t pa = pt_root ? walkaddr(pt_root, mtval) : mtval;
++
++    if (pa && host_hit_region(pa)) {
++        activate_host_lpmp();
++        // Option 1. enable TLB cached PMP.
++        asm volatile("sfence.vma	%0, zero	\n\t" : : "r"(mtval));
++
++        // Option 2. disable TLB cached PMP.
++        // flush_tlb();
++
++        return 0;
++    } else {
++        sbi_printf("Error: Host should not access this pa\n");
++        return -1;
++    }
++}
+diff --git a/lib/sbi/sbi_trap.c b/lib/sbi/sbi_trap.c
+index ee3e4e9..2a4fd44 100644
+--- a/lib/sbi/sbi_trap.c
++++ b/lib/sbi/sbi_trap.c
+@@ -21,6 +21,7 @@
+ #include <sbi/sbi_scratch.h>
+ #include <sbi/sbi_timer.h>
+ #include <sbi/sbi_trap.h>
++#include <sbi/sbi_lpmp.h>
+
+ static void __noreturn sbi_trap_error(const char *msg, int rc,
+ 				      ulong mcause, ulong mtval, ulong mtval2,
+@@ -304,6 +305,10 @@ struct sbi_trap_regs *sbi_trap_handler(struct sbi_trap_regs *regs)
+ 		sbi_pmu_ctr_incr_fw(mcause == CAUSE_LOAD_ACCESS ?
+ 			SBI_PMU_FW_ACCESS_LOAD : SBI_PMU_FW_ACCESS_STORE);
+ 		/* fallthrough */
++    case CAUSE_FETCH_ACCESS:
++		rc = pmp_fault_handler(mtval);
++		msg = "access fault (PMP)";
++		break;
+ 	default:
+ 		/* If the trap came from S or U mode, redirect it there */
+ 		trap.epc = regs->mepc;

sm/src/enclave.c

@@ -3,11 +3,14 @@
 // All Rights Reserved. See LICENSE for license details.
 //------------------------------------------------------------------------------
 #include "enclave.h"
+#include "lpmp.h"
+#include "ipi.h"
 #include "mprv.h"
 #include "pmp.h"
 #include "page.h"
 #include "cpu.h"
 #include "platform-hook.h"
+#include <sbi/riscv_barrier.h>
 #include <sbi/sbi_string.h>
 #include <sbi/riscv_asm.h>
 #include <sbi/riscv_locks.h>
@@ -76,7 +79,8 @@ static inline void context_switch_to_enclave(struct sbi_trap_regs* regs,
   switch_vector_enclave();
 
   // set PMP
-  osm_pmp_set(PMP_NO_PERM);
+  pmp_clear();
+  smp_mb();
   int memid;
   for(memid=0; memid < ENCLAVE_REGIONS_MAX; memid++) {
     if(enclaves[eid].regions[memid].type != REGION_INVALID) {
@@ -94,13 +98,7 @@ static inline void context_switch_to_host(struct sbi_trap_regs *regs,
     int return_on_resume){
 
   // set PMP
-  int memid;
-  for(memid=0; memid < ENCLAVE_REGIONS_MAX; memid++) {
-    if(enclaves[eid].regions[memid].type != REGION_INVALID) {
-      pmp_set_keystone(enclaves[eid].regions[memid].pmp_rid, PMP_NO_PERM);
-    }
-  }
-  osm_pmp_set(PMP_ALL_PERM);
+  activate_host_lpmp();
 
   uintptr_t interrupts = MIP_SSIP | MIP_STIP | MIP_SEIP;
   csr_write(mideleg, interrupts);
@@ -370,20 +368,21 @@ unsigned long create_enclave(unsigned long *eidptr, struct keystone_sbi_create_t
 
   // create a PMP region bound to the enclave
   ret = SBI_ERR_SM_ENCLAVE_PMP_FAILURE;
-  if(pmp_region_init_atomic(base, size, PMP_PRI_ANY, &region, 0))
+  if(pmp_region_init_atomic(eid, base, size, PMP_PRI_ANY, &region, 0))
     goto free_encl_idx;
 
   // create PMP region for shared memory
-  if(pmp_region_init_atomic(utbase, utsize, PMP_PRI_BOTTOM, &shared_region, 0))
+  if(pmp_region_init_atomic(eid, utbase, utsize, PMP_PRI_BOTTOM, &shared_region, 0))
     goto free_region;
 
-  // set pmp registers for private region (not shared)
-  if(pmp_set_global(region, PMP_NO_PERM))
-    goto free_shared_region;
+  // maintain host LPMP regions.
+  host_split_region(base, size, 0);
 
   // cleanup some memory regions for sanity See issue #38
   clean_enclave_memory(utbase, utsize);
 
+  // send ipi to flush tlb for all harts.
+  send_flush_tlb_ipi();
 
   // initialize enclave metadata
   enclaves[eid].eid = eid;
@@ -392,6 +391,7 @@ unsigned long create_enclave(unsigned long *eidptr, struct keystone_sbi_create_t
   enclaves[eid].regions[0].type = REGION_EPM;
   enclaves[eid].regions[1].pmp_rid = shared_region;
   enclaves[eid].regions[1].type = REGION_UTM;
+
 #if __riscv_xlen == 32
   enclaves[eid].encl_satp = ((base >> RISCV_PGSHIFT) | (SATP_MODE_SV32 << HGATP_MODE_SHIFT));
 #else
@@ -429,14 +429,13 @@ unsigned long create_enclave(unsigned long *eidptr, struct keystone_sbi_create_t
 // free_platform:
   platform_destroy_enclave(&enclaves[eid]);
 unset_region:
-  pmp_unset_global(region);
-free_shared_region:
-  pmp_region_free_atomic(shared_region);
+  pmp_region_free_atomic(eid, shared_region);
 free_region:
-  pmp_region_free_atomic(region);
+  pmp_region_free_atomic(eid, region);
 free_encl_idx:
   encl_free_eid(eid);
 error:
+  host_add_region((uintptr_t)base, (uint64_t)size, 0);
   return ret;
 }
 
@@ -483,14 +482,16 @@ unsigned long destroy_enclave(enclave_id eid)
     sbi_memset((void*) base, 0, size);
 
     //1.b free pmp region
-    pmp_unset_global(rid);
-    pmp_region_free_atomic(rid);
+    pmp_region_free_atomic(eid, rid);
+
+    // maintain host_regions
+    host_add_region((uintptr_t)base, (uint64_t)size, 0);
   }
 
   // 2. free pmp region for UTM
   rid = get_enclave_region_index(eid, REGION_UTM);
   if(rid != -1)
-    pmp_region_free_atomic(enclaves[eid].regions[rid].pmp_rid);
+    pmp_region_free_atomic(eid, enclaves[eid].regions[rid].pmp_rid);
 
   enclaves[eid].encl_satp = 0;
   enclaves[eid].n_thread = 0;
@@ -499,6 +500,9 @@ unsigned long destroy_enclave(enclave_id eid)
     enclaves[eid].regions[i].type = REGION_INVALID;
   }
 
+  // send ipi to flash tlb for all harts.
+  send_flush_tlb_ipi();
+
   // 3. release eid
   encl_free_eid(eid);
 

sm/src/ipi.c

@@ -30,3 +30,20 @@ void send_and_sync_pmp_ipi(int region_idx, int type, uint8_t perm)
   sbi_tlb_request(mask, 0, &tlb_info);
 }
 
+void sbi_flush_tlb_local(struct sbi_tlb_info *__info)
+{
+  asm volatile("sfence.vma");
+}
+
+void send_flush_tlb_ipi()
+{
+  ulong mask = 0;
+  ulong source_hart = current_hartid();
+  struct sbi_tlb_info tlb_info;
+  sbi_hsm_hart_interruptible_mask(sbi_domain_thishart_ptr(), 0, &mask);
+
+  SBI_TLB_INFO_INIT(&tlb_info, 0, 0, 0, 0,
+      sbi_flush_tlb_local, source_hart);
+  sbi_tlb_request(mask, 0, &tlb_info);
+}
+

sm/src/ipi.h

@@ -24,4 +24,9 @@ int sbi_pmp_ipi_init(struct sbi_scratch* scratch, bool cold_boot);
 int sbi_pmp_ipi_request(ulong hmask, ulong hbase, struct sbi_pmp_ipi_info* info);
 
 void send_and_sync_pmp_ipi(int region_idx, int type, uint8_t perm);
+
+void sbi_flush_tlb_local(struct sbi_tlb_info *__info);
+
+void send_flush_tlb_ipi();
+
 #endif