Chapter 8 Conclusions and Future Work
A.5 Interrupted Program State
A.5.1 sva was privileged
Synopsis
void sva was privileged(void)
Description
Determine if the more recent Interrupt Context is for state that was executing in privileged mode.
Arguments None.
Return Value
• true: The most recent Interrupt Context represents state that was running in privileged mode. • false: The most recent Interrupt Context represents state that was running in non-privileged mode.
A.5.2 sva icontext lif
Synopsis
bool sva icontext lif(void)
Description
Determine if interrupts were enabled when the program execution represented by the most recent interrupt context was interrupted.
Arguments None.
Return Value
• true: The most recent Interrupt Context represents state that was running with interrupts enabled. • false: The most recent Interrupt Context represents state that was running with interrupts disabled.
A.5.3 sva icontext get stackp
Synopsis
void * sva icontext get stackp(void)
Description
Return the stack pointer contained within the most recent interrupt context.
Arguments None.
Return Value
A pointer to the stack pointer within the most recent interrupt context is returned.
A.5.4 sva icontext load retval
Synopsis
integer sva icontext load retval(void)
Description
Load the return value out of an interrupt context for a program that was executing a system call.
Arguments None.
Return Value
An integer value representing the current value to be returned by the system call is returned.
A.5.5 sva icontext save retval
Synopsis
Description
Set the return value of a system call within an interrupt context representing the state of the program that issued the system call.
Arguments
• value: The value that should be returned by the system call when the interrupt program state is placed back on to the processor.
Return Value
• true: The return value within the interrupt context was set.
• false: The return value within the interrupt context was not set. This could be due to the interrupt context being created by an exception or interrupt.
CFI Checks
• The most recent user-space interrupt context must be from interrupted program state created by a system call (as opposed to an interrupt or trap).
A.5.6 sva icontext commit
Synopsis
void sva icontext commit(void)
Description
Commit any interrupt context state that is currently residing on the processor into the interrupt context memory buffer.
Arguments None.
Return Value None.
A.5.7 sva icontext push
Synopsis
void sva icontext push((*f)(), integer arg1, ...)
Description
Modify the most recently interrupted user-space state (user Interrupt Context) so that, when resumed on return from interrupt, the user-space program finds itself executing the function f with the specified arguments. Note that this instruction can take multiple arguments.
This instruction is used to implement asynchronous event delivery (e.g., signals on Unix systems).
Arguments
• f: A pointer to the function which should be called when the user-space state is resumed. • arg1: The first argument that is passed to f.
Return Value None.
Virtual Ghost Checks
• The function pointer f must point to a function that was declared as a valid function target for the currently executing integer state.
A.5.8 sva icontext save
Synopsis
void sva icontext save(void)
Description
Save the most recently interrupted state into SVA internal memory.
Arguments None.
Return Value None.
A.5.9 sva icontext load
Synopsis
void sva icontext load(void)
Description
Load into the most recent Interrupt Context the saved state from the most recent call to sva icontext save() made on this Interrupt Context.
Arguments
• address: A pointer to the virtual memory address into which the user-space interrupt context was saved.
Return Value None.
A.5.10 sva ialloca
Synopsis
void * sva ialloca(integer size, integer alignment, void * initp)
Description
Perform an alloca on the stack of the interrupted program state, aligning the memory and initializing it from the memory pointed to by initp. The most recently Interrupt Context must represent interrupted user-space state. This intrinsic will also do validity checking to ensure that the interrupted application’s stack pointer does not point into kernel memory.
Arguments
• size: The amount of memory, in bytes, to allocate on the stack contained within the interrupted program state.
• alignment: The memory will be aligned on a 2alignment boundary.
• initp: If not NULL, size bytes of data will be copied from the memory pointed to by initp to the newly stack-allocated memory.
Return Value
A pointer to the allocated memory is returned.
CFI Checks
• The most recent interrupt-context represents interrupted user-space state.
Virtual Ghost Checks
• The interrupt-context is marked invalid to ensure that sva ialloca() proceeds the call to sva icontext push().
• The memory between initp and initp + size cannot be within SVA memory. • The memory between initp and initp + size cannot be within Ghost Memory. • The alignment value must be less than 64 for a 64-bit address space.
A.5.11 sva iunwind
Synopsis
void sva iunwind(void)
Description
Unwind control flow on the most recently created interrupted state (Interrupt Context) so that, when re- sumed, the interrupted state beings execution at the instruction immediately following the previous invoking instruction (e.g., invoke).
Arguments None.
Return Value None.
A.5.12 sva init icontext
Synopsis
uint sva init icontext(void * stackp, uint stacklen, (*f)(), integer arg1, ...)
Description
Initialize a new stack, interrupt context, and integer state. The integer state is initialized so that control flow resumes in the specified function which will be called with the specified arguments. The function will appear to have been called by the sc ret function.
The interrupt context will be initialized so that it is identical to the current interrupt context with the exception that it will be using the specified kernel stack.
The current interrupt context must represent interrupted user-space state.
Arguments
• stackp: The first address of the kernel stack to be used for the new state. • stacklen: The length, in bytes, of the new kernel stack.
• f: A pointer to the function which should be called when the state is loaded back on to the processor. • arg1: The first argument that is passed to f.
Return Value None.
CFI Checks
A.5.13 sva reinit icontext
Synopsis
uint sva reinit icontext(void * stackp, bool priv, (*f)(), integer arg1, ...)
Description
Reinitialize the most recent interrupt context so that, when it resumes on the processor, execution begins in the specified function with the specified argument. If the privilege level is changed to unprivileged, the stack pointer is also reset to the specified value.
Any secure memory mappings associated with the running integer state are discarded.
Arguments
• stackp: The first address of the stack to be used for the new state.
• priv: A flag indicating whether the interrupt context should represent privileged or unprivileged program state.
• f: A pointer to the function which should be called when the state is loaded back on to the processor. • arg1: The first argument that is passed to f.
Return Value None.