-
Notifications
You must be signed in to change notification settings - Fork 337
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Emulator: Improve usability by restricting memory region access for guest programs #727
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Benchmark for Linux-cuda d32cbd0Click to hide benchmark
Benchmark for Linux-default
Benchmark for macOS-default d32cbd0Click to hide benchmark
Benchmark for macOS-metal
|
I'm not sure if we want this commit bd843b8 I realized while adding all of those changes that returning Result on everything is a related but separate task |
Benchmark for Linux-cuda
Benchmark for Linux-default e58a871Click to hide benchmark
Benchmark for macOS-default
Benchmark for macOS-metal
|
SchmErik
commented
Jul 19, 2023
flaub
reviewed
Jul 19, 2023
flaub
reviewed
Jul 19, 2023
flaub
approved these changes
Jul 19, 2023
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Other than the unstable feature, I think this is great!
SchmErik
force-pushed
the
erik/guest-mem-access
branch
2 times, most recently
from
July 20, 2023 05:59
1702264
to
bc9dec3
Compare
…ograms Memory regions outside of the address range `TEXT_START` to `SYSTEM.start() - 1` are used to store information related to the zkVM. Tampering with this region will cause the prover to crash. Restrict the guest from writing to this region.
It was possible for the executor to panic when accessing higher regions of memory. This change fixes the panics by checking that the address trying to be accessed has a valid page index.
SchmErik
force-pushed
the
erik/guest-mem-access
branch
from
July 20, 2023 06:20
bc9dec3
to
97c483f
Compare
Benchmark for Linux-cuda
Benchmark for Linux-default
Benchmark for macOS-default
Benchmark for macOS-metal
|
capossele
pushed a commit
that referenced
this pull request
Aug 7, 2023
…uest programs (#727) Memory regions outside of the address range `TEXT_START` to `SYSTEM.start() - 1` are used to store information related to the zkVM. Tampering with this region will cause the prover to crash. Restrict the guest from writing to this region. * Executor: fix panic by guarding against invalid page indicies It was possible for the executor to panic when accessing higher regions of memory. This change fixes the panics by checking that the address trying to be accessed has a valid page index.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Memory regions outside of the address range TEXT_START to SYSTEM.start() - 1 is
used to store information related to the zkVM. Tampering with this region will
cause the prover to crash. Restrict the guest from writing to this region.
Fixes: #672