Skip to content

trap and emulate cpuid, disabling rdrand and rdseed#3619

Merged
sporksmith merged 14 commits intoshadow:mainfrom
sporksmith:cpuid
Jul 14, 2025
Merged

trap and emulate cpuid, disabling rdrand and rdseed#3619
sporksmith merged 14 commits intoshadow:mainfrom
sporksmith:cpuid

Conversation

@sporksmith
Copy link
Copy Markdown
Contributor

@sporksmith sporksmith commented Jun 27, 2025
edited
Loading

  • Trap and emulate the cpuid instruction (on platforms that support it), and force reporting that the RDRAND and RDSEED instructions aren't supported.
  • Add handling for arch_prctl to prevent the managed process from interfering with our trapping of cpuid.
  • Rewrite the determinism test in rust, fixing some minor determinism issues in the rust runtime initialization.
  • Extend the determinism test to validate that tor_llcrypto::rng::CautionRng (which uses rdrand when its available) is deterministic under shadow, on platforms where trapping the cpuid instruction is supported.

Fixes #1561 and #3610.

@github-actions github-actions bot added Component: Libraries Support functions like LD_PRELOAD and logging Component: Testing Unit and integration tests and frameworks Component: Main Composing the core Shadow executable Component: Documentation In-repository documentation, under docs/ labels Jun 27, 2025
trinity-1686a
trinity-1686a reviewed Jun 28, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@trinity-1686a trinity-1686a left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it looks like if a tested program does syscall(SYS_arch_prctl, ARCH_SET_CPUID, 1);, CPUID isn't intercepted (on Intel). This syscall should probably be intercepted, logged, and maybe ignored?

@github-actions github-actions bot removed Component: Main Composing the core Shadow executable Component: Documentation In-repository documentation, under docs/ labels Jun 28, 2025
@sporksmith
Copy link
Copy Markdown
Contributor Author

sporksmith commented Jun 28, 2025

it looks like if a tested program does syscall(SYS_arch_prctl, ARCH_SET_CPUID, 1);, CPUID isn't intercepted (on Intel). This syscall should probably be intercepted, logged, and maybe ignored?

Ooh, good catch. Yeah I'll add a handler for that.

@github-actions github-actions bot added Component: Main Composing the core Shadow executable Component: Build Build/install tools and dependencies labels Jul 7, 2025
@sporksmith sporksmith force-pushed the cpuid branch 3 times, most recently from 4ded682 to 947d1fa Compare July 7, 2025 23:52
@sporksmith sporksmith marked this pull request as ready for review July 8, 2025 03:36
@sporksmith sporksmith requested a review from a team July 8, 2025 03:36
@sporksmith sporksmith changed the title cpuid trap and emulation, disabling rdrand trap and emulate cpuid, disabling rdrand and rdseed Jul 8, 2025
sporksmith added a commit to sporksmith/shadow that referenced this pull request Jul 8, 2025
@sporksmith
Update changelog for shadow#3619
aac8e86
@github-actions github-actions bot added the Component: Documentation In-repository documentation, under docs/ label Jul 8, 2025
@robgjansen
Copy link
Copy Markdown
Member

robgjansen commented Jul 9, 2025

(I'm running PETS 2025 next week, so I don't think I'll be able to get to this for a bit. Hope that's OK!)

@sporksmith
Copy link
Copy Markdown
Contributor Author

sporksmith commented Jul 9, 2025

(I'm running PETS 2025 next week, so I don't think I'll be able to get to this for a bit. Hope that's OK!)

No problem. Using this fix locally (to debug a flaky arti test) is good enough for me for the moment :)

Have a good PETS!

stevenengler
stevenengler approved these changes Jul 14, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@stevenengler stevenengler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool! LGTM!

@sporksmith
linux-api: add arch_prctl
01ce325
@sporksmith
tsc: Move functionality to a tsc module
d838109 
This is in preparation to widen the scope of this module to include
other asm utilities (for cpuid).
@sporksmith
rename tsc crate -> asm_util
8c932cd
sporksmith added 10 commits July 14, 2025 12:48
@sporksmith
shadow-shim-helper: add cpuid module
d88786a
@sporksmith
Rename shim_rdtsc.c -> shim_insn_emu.c
60f867a 
In preparation to expand this to include cpuid emulation.
@sporksmith
Intercept cpuid and fake not-supporting RDRAND and RDSEED
d9e055b
@sporksmith
Handle arch_prctl to prevent interference with trapping cpuid
20fa280
@sporksmith
regular_file: fix read-only check
66c2466 
This was incorrectly checking the mode instead of the flags to test
whether the file was being opened read-only.
@sporksmith
sched_getaffinity: mark pid as non-deterministic
0ce186b 
Workaround for shadow#3626
@sporksmith
determinism test: rewrite in rust
5088f05 
This drops some testing that was orthogonal to determinism, including
trying to open files with multiple libc APIs and reverse DNS lookups.
@sporksmith
format_shmem_name: use fixed-width names
32bcb2a 
Occasionally having a different-length name here results in
different read-amounts in strace logs for programs that read
`/proc/self/maps`, which includes all rust programs during the runtime
initialization.
@sporksmith
determinism test: test tor_llcrypto
444a572
@sporksmith
Update changelog for shadow#3619
f4a834e
@sporksmith sporksmith enabled auto-merge July 14, 2025 17:50
@sporksmith sporksmith merged commit bc9a62a into shadow:main Jul 14, 2025
25 checks passed
This was referenced Jul 14, 2025
Closed
Open
@sporksmith sporksmith mentioned this pull request Sep 24, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stevenengler stevenengler stevenengler approved these changes

+1 more reviewer

@trinity-1686a trinity-1686a trinity-1686a left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@sporksmith sporksmith

Labels

Component: Build Build/install tools and dependencies Component: Documentation In-repository documentation, under docs/ Component: Libraries Support functions like LD_PRELOAD and logging Component: Main Composing the core Shadow executable Component: Testing Unit and integration tests and frameworks

Projects

None yet

Milestone

Remove sources of non-determinism

Development

Successfully merging this pull request may close these issues.

Trap and emulate cpuid (disabling RDRAND)

4 participants

@sporksmith @robgjansen @stevenengler @trinity-1686a