remain in compartment 1 for iconv test

Author: oinoom

CMakeLists.txt

@@ -8,6 +8,8 @@ include(cmake/qemu-command.cmake)
 
 find_package(PkgConfig REQUIRED)
 
+option(IA2_TRACE_EXIT "Enable IA2 exit-path tracing instrumentation" OFF)
+
 set(EXTERNAL_DIR ${PROJECT_SOURCE_DIR}/external)
 
 enable_testing()
@@ -38,4 +40,5 @@ ExternalProject_Add(tools
         -DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE}
         -DClang_DIR=${Clang_DIR}
         -DLLVM_DIR=${LLVM_DIR}
+        -DIA2_TRACE_EXIT=${IA2_TRACE_EXIT}
     INSTALL_COMMAND "")

cmake/ia2.cmake

@@ -49,6 +49,9 @@ function(add_ia2_compartment NAME TYPE)
     IA2_ENABLE=1
     PKEY=${ARG_PKEY}
   )
+  if(IA2_TRACE_EXIT)
+    target_compile_definitions(${NAME} PRIVATE IA2_TRACE_EXIT=1)
+  endif()
   set_target_properties(${NAME} PROPERTIES PKEY ${ARG_PKEY})
   target_compile_options(${NAME} PRIVATE
     "-Werror=incompatible-pointer-types"
@@ -147,6 +150,9 @@ function(create_compile_commands NAME TYPE)
     IA2_ENABLE=0
     PKEY=${ARG_PKEY}
   )
+  if(IA2_TRACE_EXIT)
+    target_compile_definitions(${COMPILE_COMMAND_TARGET} PRIVATE IA2_TRACE_EXIT=1)
+  endif()
   # Copy target properties from the real target. We might need to add more properties.
   target_link_libraries(${COMPILE_COMMAND_TARGET} PRIVATE $<TARGET_PROPERTY:${NAME},LINK_LIBRARIES>)
   target_include_directories(${COMPILE_COMMAND_TARGET} PRIVATE ${INCLUDE_DIRECTORIES})

runtime/libia2/CMakeLists.txt

@@ -21,6 +21,10 @@ if(IA2_DEBUG_MEMORY)
     target_compile_definitions(libia2 PRIVATE IA2_DEBUG_MEMORY=1)
 endif()
 
+if(IA2_TRACE_EXIT)
+    target_compile_definitions(libia2 PUBLIC IA2_TRACE_EXIT=1)
+endif()
+
 target_link_options(libia2
     INTERFACE
         "-pthread"

runtime/libia2/main.c

@@ -45,11 +45,14 @@ __asm__(
     "mov main_sp(%rip), %rsp\n"
     // Save return value
     "mov %rax,%r10\n"
-    // Switch pkey to untrusted compartment
-    "xor %ecx,%ecx\n"
-    "xor %edx,%edx\n"
-    "mov_pkru_eax 0\n"
-    "wrpkru\n"
+    // NOTE: Removed switch to compartment 0 to allow exit handlers to run
+    // in compartment 1 (where libc lives). This prevents SEGV_PKUERR when
+    // exit() tries to acquire __exit_funcs_lock in libc's .bss section.
+    // See: tests/dl_debug_test/*_ANALYSIS.md for details
+    // "xor %ecx,%ecx\n"
+    // "xor %edx,%edx\n"
+    // "mov_pkru_eax 0\n"
+    // "wrpkru\n"
     // Restore return value
     "mov %r10,%rax\n"
     "popq %rbp\n"

tests/dl_debug_test/main.c

@@ -14,9 +14,28 @@ INIT_RUNTIME(2);
 #define IA2_COMPARTMENT 1
 #include <ia2_compartment_init.inc>
 
+// on_exit handler to set PKRU=0 before destructors run
+// on_exit handlers run BEFORE atexit handlers
+static void set_pkru_zero_for_exit(int status, void *arg) {
+    (void)status;
+    (void)arg;
+    __asm__ volatile(
+        "xor %%eax, %%eax\n"
+        "xor %%ecx, %%ecx\n"
+        "xor %%edx, %%edx\n"
+        "wrpkru\n"
+        ::: "eax", "ecx", "edx"
+    );
+}
+
 void ia2_main(void) {
     ia2_register_compartment("main", 1, NULL);
     ia2_register_compartment("libdl_debug_test_lib.so", 2, NULL);
+
+    // Register handler to run FIRST during exit (before atexit handlers)
+    // on_exit handlers run BEFORE atexit, which runs BEFORE destructors
+    // Use IA2_IGNORE to prevent rewriter from wrapping this function pointer
+    on_exit(IA2_IGNORE(&set_pkru_zero_for_exit), NULL);
 }
 
 // Test that iconv (libc) runs in compartment 1 and _dl_debug_state inherits it

tools/CMakeLists.txt

@@ -2,5 +2,7 @@ cmake_minimum_required(VERSION 4.0)
 project(tools)
 set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
 
+option(IA2_TRACE_EXIT "Enable IA2 exit-path tracing instrumentation" OFF)
+
 add_subdirectory(rewriter)
 add_subdirectory(pad-tls)

tools/rewriter/CMakeLists.txt

@@ -35,3 +35,7 @@ target_link_libraries(ia2-rewriter PRIVATE
     clang-cpp
     LLVM
     )
+
+if(IA2_TRACE_EXIT)
+    target_compile_definitions(ia2-rewriter PRIVATE IA2_TRACE_EXIT=1)
+endif()