|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [MirageOS-devel] OCaml-TLS directly on Xen
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA384 Hey, I demonstrated that OCaml-TLS runs directly on Xen at the OCaml workshop. The port is still a bit hackish, thus I hope to get some feedback (esp. regarding what features (such as FORTIFY_SOURCE stack protection, and/or assert (should minios provide an assert_fail symbol?)) we want to compile our C code with, and how to upstream these changes properly). I develop on a cubieboard2, where I pinned mirage (44bd28f862549aa1f149421c1e515bb3703e40d7), mirage-xen (0251870f14030315b00ffdd0cd0112d8788270a1) and tcpip (05148f900352eabaa615b60d5b2fb518f5518edd) to git HEAD (as well as x509/asn1-combinators/nocrypto/tls). Several libraries needed to be modified to run in the Xen environment: minios - ------ https://github.com/hannesm/xen/tree/tls-fixes some symbols are required for the various C libraries below, namely: abort (calling do_exit) __stack_chk_guard (being NULL) fprintf/printf/stdout/stderr/fflush (for gmp and zarith) gmp (the GNU multi-precision arithmetic library) - ------------------------------------------------ Configure (esp. config.guess) gets confused by an arm dualcore: http://berlin.ccc.de/~hannes/gmp-6a.diff fixes this. I used the following CFLAGS: export CFLAGS="-marm -O2 -pedantic -fomit-frame-pointer -fno-builtin - -D_FORTIFY_SOURCE=0" ./configure make zarith - ------ Due to subtle differences of GNU libm and openlibm (esp isinf/isnan is rewritten in the GNU version to __isinf/__isnan), I modified caml_z.c to #include <openlibm.h> instead of <math.h> (should openlibm instead install its header file as math.h!?) Patch at http://berlin.ccc.de/~hannes/zarith.diff I additionally pointed zarith to my custom gmp library: export CPPFLAGS="-I/home/mirage/gmp-6.0.0.orig - -I/home/mirage/.opam/system/include" export LDFLAGS="-L/home/mirage/gmp-6.0.0.orig/.libs" (the previously mentioned CFLAGS are also still active!) ctypes (0.3.3) - -------------- nocrypto (from git) depends on ctypes, which needed some CFLAGS (to avoid assert_fail being called (-DNDEBUG), sscanf being translated to __isoc99_sscanf (-D_GNU_SOURCE)), patch http://berlin.ccc.de/~hannes/ctypes.diff nocrypto - -------- https://github.com/mirleft/ocaml-nocrypto/tree/xen-fixes (adds -DNDEBUG) tls - --- https://github.com/mirleft/ocaml-tls/tree/xen-fixes (use Io_page aligned cstructs before transmitting) Once these libraries are patched, the minimum TLS server https://github.com/mirleft/tls-mvp-server/tree/fixes works (with export NET="direct" and s/-unix/-xen/ (mirage-clock-xen, mirage-entropy-xen) in config.ml), and some minor modifications to the Makefile to link in the right gmp/minios/... Cheers, hannes -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCQAGBQJUGWgSAAoJELyJZYjffCjuEmwP/1jKJH4tZeHLB4LG1+Yotg5b YDS/VttiH8xCstlOSx+rq9VefJlzzmCaXTC1C9+yJZciyPhRM4P9J1NVaJmh4OcK qoVEJFe7zrnlCHj+348ZSOJ5mInRVzS/idMRuu+vtvAObpQVNS8/AAq0mgrQfjXS 7cjmb9JF7HJN7IKm3A9Zxx047RwIn/dzBjFhr36D9H0Crf1scN46hzWpVSciYuVF coNqbePjz1vq4bYjAYqjsKtNDQ5wo4sCHREKlon9YwzKxsuwovrwSgDYQIG0NSgL srKdDPmT9Lwi4i4HBba65nf7X4PgyiwbzjCmq7fTbYnDyQ/az5C2kE5Gqow1UEpB B0xgawkak2Ta9fSegNErykaZhL4OPUf0ug9T8hRGheDm8dkQvAG/jf7Z8kfh7lBk GggrYK4Fw1t05QRMQLGQ9Wem89r4r5+p2udxMAbm8NoiFn0xG2cMQj3Tjx6Py/Ao Cd6+YsKSgRMI0pgRb/vT5YbArZpuXJ112PryMyzkAwAs/bK0fyR6mDG+61gE3mvV /EXbvHWhWor1jfR3RXl2g15pbdY5TnJMvkrjqs1Ie5gvDybfcdwfS+NHClm/iIzP GKOykdscjfEw99Fzw10lwBZdcRTH8Kd8MCRQY+73uA776lIb+6EbrwahIxOW2O0l UGpbvb00yu8Fg+b+wikQ =TPqs -----END PGP SIGNATURE----- _______________________________________________ MirageOS-devel mailing list MirageOS-devel@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |