libia2/memory_maps: move ia2_threads_metadata global definition to INIT_RUNTIME to have a once-mapped definition

This also requires moving the type definitions from `memory_maps.h` to `ia2.h`.
Moreover, since `ia2.h` `#include`d `ia2_internal.h` (where `INIT_RUNTIME` is) at the beginning,
the type definitions and everything would have to go before that,
so I instead moved the `#include "ia2_internal.h"` to the end of `ia2.h`
and hoisted the `#define _GNU_SOURCE` to the top of `ia2.h`.

Author: kkysen

runtime/libia2/include/ia2.h

@@ -4,15 +4,17 @@
 #define IA2_ENABLE 0
 #endif
 
-// This include must come first so we define _GNU_SOURCE before including
-// standard headers. ia2_internal.h requires GNU-specific headers.
-#if IA2_ENABLE
-#include "ia2_internal.h"
+// This include must come first so we define
+//`_GNU_SOURCE` before including standard headers.
+//`ia2_internal.h` requires GNU-specific headers.
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE
 #endif
 
 #include <errno.h>
 #include <stdint.h>
 #include <unistd.h>
+#include <pthread.h>
 
 /// Do not wrap functions or function pointers in the following code.
 ///
@@ -163,6 +165,60 @@
 
 #define IA2_MAX_COMPARTMENTS 16
 
+// Only enable this code that stores these addresses when debug logging is enabled.
+// This reduces the trusted codebase and avoids runtime overhead.
+// #if IA2_DEBUG_MEMORY
+
+/// The data here is shared, so it should not be trusted for use as a pointer,
+/// but it can be used best effort for non-trusted purposes.
+///
+/// All fields should be used atomically.
+struct ia2_thread_metadata {
+  pid_t tid;
+  pthread_t thread;
+
+  /// The start function passed to `pthread_create`.
+  void *(*start_fn)(void *arg);
+
+  /// The addresses of each compartment's stack for this thread.
+  uintptr_t stack_addrs[IA2_MAX_COMPARTMENTS];
+
+  /// The addresses of each compartment's TLS region for this thread,
+  /// except for compartment 1, which has split TLS regions (see below).
+  uintptr_t tls_addrs[IA2_MAX_COMPARTMENTS];
+
+  /// The TLS region is split only for the first compartment,
+  /// so we need two addresses for just that one.
+  ///
+  /// Compartment 1's TLS region is split because there is a page of
+  /// unprotected data for `ia2_stackptr_0` (in compartment 0), plus padding,
+  /// as we don't have a general implementation of shared TLS yet,
+  /// but `ia2_stackptr_0` is special-cased for now
+  /// as it must be stored in TLS and unprotected.
+  uintptr_t tls_addr_compartment1_first;
+  uintptr_t tls_addr_compartment1_second;
+};
+
+// It's much simpler to only support a static number of created threads,
+// especially because we want to have very few dependencies.
+// If a program needs more threads, you can just increase this number.
+#define IA2_MAX_THREADS 512
+
+struct ia2_all_threads_metadata {
+  /// This is the number of threads registered,
+  /// and it is monotonically increasing by 1.
+  ///
+  /// It may be transiently higher than `IA2_MAX_THREADS`,
+  /// but will abort if that happens (other threads may be observe a higher value).
+  _Atomic size_t num_threads;
+  pid_t tids[IA2_MAX_THREADS];
+
+  /// Should be initialized to 0.
+  struct ia2_thread_metadata thread_metadata[IA2_MAX_THREADS];
+};
+
+// #endif // IA2_DEBUG_MEMORY
+
 /// Convert a compartment pkey to a PKRU register value
 #define PKRU(pkey) (~((3U << (2 * pkey)) | 3))
 
@@ -179,3 +235,7 @@ size_t ia2_get_pkey();
 #ifdef __cplusplus
 }
 #endif
+
+#if IA2_ENABLE
+#include "ia2_internal.h"
+#endif

runtime/libia2/include/ia2_compartment_init.inc

@@ -10,8 +10,8 @@
 #include <string.h>
 #include <sys/mman.h>
 
-#include <ia2_internal.h>
 #include <ia2.h>
+#include <ia2_internal.h>
 
 #ifndef IA2_COMPARTMENT_LIBRARIES
 #define IA2_COMPARTMENT_LIBRARIES NULL

runtime/libia2/include/ia2_internal.h

@@ -443,7 +443,14 @@ __attribute__((__noreturn__)) void ia2_reinit_stack_err(int i);
     init_stacks_and_setup_tls();                                               \
     REPEATB##n(setup_destructors_for_compartment, nop_macro);                  \
     mark_init_finished();                                                      \
-  }
+  }                                                                            \
+                                                                               \
+  /* All zeroed, so this should go in `.bss` */                                \
+  /* and only have pages lazily allocated. */                                  \
+  struct ia2_all_threads_metadata ia2_threads_metadata IA2_SHARED_DATA = {     \
+      .num_threads = 0,                                                        \
+      .thread_metadata = {0},                                                  \
+  };
 
 #if IA2_VERBOSE
 #define ia2_log(fmt, ...) fprintf(stdout, "%s:" fmt, __func__, __VA_ARGS__)

runtime/libia2/memory_maps.c

@@ -7,31 +7,10 @@
 // This reduces the trusted codebase and avoids runtime overhead.
 #if IA2_DEBUG_MEMORY
 
-// It's much simpler to only support a static number of created threads,
-// especially because we want to have very few dependencies.
-// If a program needs more threads, you can just increase this number.
-#define IA2_MAX_THREADS 512
-
-struct ia2_all_threads_metadata {
-  /// This is the number of threads registered,
-  /// and it is monotonically increasing by 1.
-  ///
-  /// It may be transiently higher than `IA2_MAX_THREADS`,
-  /// but will abort if that happens (other threads may be observe a higher value).
-  _Atomic size_t num_threads;
-  pid_t tids[IA2_MAX_THREADS];
-
-  /// Should be initialized to 0.
-  struct ia2_thread_metadata thread_metadata[IA2_MAX_THREADS];
-};
-
 #define min(a, b) ((a) < (b) ? (a) : (b))
 
 // All zeroed, so this should go in `.bss` and only have pages lazily allocated.
-static struct ia2_all_threads_metadata IA2_SHARED_DATA ia2_threads_metadata = {
-    .num_threads = 0,
-    .thread_metadata = {0},
-};
+extern struct ia2_all_threads_metadata ia2_threads_metadata;
 
 struct ia2_thread_metadata *ia2_all_threads_metadata_new_for_current_thread(struct ia2_all_threads_metadata *const this) {
   const size_t thread = atomic_fetch_add(&this->num_threads, 1);

runtime/libia2/memory_maps.h

@@ -11,36 +11,6 @@ void setup_thread_metadata(void);
 // This reduces the trusted codebase and avoids runtime overhead.
 #if IA2_DEBUG_MEMORY
 
-/// The data here is shared, so it should not be trusted for use as a pointer,
-/// but it can be used best effort for non-trusted purposes.
-///
-/// All fields should be used atomically.
-struct ia2_thread_metadata {
-  pid_t tid;
-  pthread_t thread;
-
-  /// The start function passed to `pthread_create`.
-  void *(*start_fn)(void *arg);
-
-  /// The addresses of each compartment's stack for this thread.
-  uintptr_t stack_addrs[IA2_MAX_COMPARTMENTS];
-
-  /// The addresses of each compartment's TLS region for this thread,
-  /// except for compartment 1, which has split TLS regions (see below).
-  uintptr_t tls_addrs[IA2_MAX_COMPARTMENTS];
-
-  /// The TLS region is split only for the first compartment,
-  /// so we need two addresses for just that one.
-  ///
-  /// Compartment 1's TLS region is split because there is a page of
-  /// unprotected data for `ia2_stackptr_0` (in compartment 0), plus padding,
-  /// as we don't have a general implementation of shared TLS yet,
-  /// but `ia2_stackptr_0` is special-cased for now
-  /// as it must be stored in TLS and unprotected.
-  uintptr_t tls_addr_compartment1_first;
-  uintptr_t tls_addr_compartment1_second;
-};
-
 /// Allocate and initialize a new `ia2_thread_metadata` for the current thread.
 /// Importantly, this may only be called once per thread.
 ///