feat: support truncate and read-only for backing store mmap

Author: edubart

src/Makefile

@@ -358,6 +358,7 @@ LIBCARTESI_OBJS:= \
 	machine.o \
 	memory-address-range.o \
 	os.o \
+	os-mmap.o \
 	plic-address-range.o \
 	pristine-merkle-tree.o \
 	replay-step-state-access-interop.o \

src/address-range.h

@@ -327,6 +327,12 @@ class address_range {
         return do_is_page_marked_dirty(offset);
     }
 
+    /// \brief Returns true the mapped memory is read-only on the host
+    /// \returns True if the memory is read-only in the host
+    bool is_host_read_only() const noexcept {
+        return do_is_host_read_only();
+    }
+
 private:
     // Default implementation of peek() always fails
     virtual bool do_peek(const machine & /*m*/, uint64_t /*offset*/, uint64_t /*length*/,
@@ -371,6 +377,10 @@ class address_range {
     virtual bool do_is_page_marked_dirty(uint64_t /*offset*/) const noexcept {
         return true;
     }
+
+    virtual bool do_is_host_read_only() const noexcept {
+        return false;
+    }
 };
 
 template <size_t N>

src/cartesi-machine.lua

@@ -628,7 +628,7 @@ local has_sync_init_date = false
 local memory_range_replace = {}
 local ram = {
     length = 128 << 20, -- 128MB
-    backing_store = { data_filename = images_path .. "linux.bin" },
+    backing_store = { data_filename = images_path .. "linux.bin", truncate = true },
 }
 local init_splash = true
 local append_bootargs = ""

src/machine.cpp

@@ -93,27 +93,6 @@ using namespace std::string_literals;
 
 static const auto throw_invalid_argument = [](const char *err) { throw std::invalid_argument{err}; };
 
-/// \brief Creates a memory address range.
-/// \param d Description of address range for use in error messages.
-/// \param start Target physical address where range starts.
-/// \param length Length of range, in bytes.
-/// \param f Flags for address range.
-/// \param backing_store Backing store configuration for range.
-/// \returns New address range with flags already set.
-/// \details If \p backing_store.data_filename is non-empty and file is large enough to back entire address range,
-/// return a memory-mapped range, otherwise use calloc.
-static inline auto make_memory_address_range(const std::string &d, uint64_t start, uint64_t length, pmas_flags flags,
-    const backing_store_config &backing_store) {
-    if (backing_store.data_filename.empty() && backing_store.shared) {
-        throw std::invalid_argument{"shared address range requires non-empty memory filename when initializing " + d};
-    }
-    if (backing_store.data_filename.empty() ||
-        length > static_cast<uint64_t>(os_get_file_length(backing_store.data_filename.c_str()))) {
-        return make_callocd_memory_address_range(d, start, length, flags, backing_store.data_filename);
-    }
-    return make_mmapd_memory_address_range(d, start, length, flags, backing_store.data_filename, backing_store.shared);
-}
-
 void machine::check_address_range(const address_range &ar, register_where where) {
     if (!where.interpret && !where.merkle) {
         throw std::runtime_error{"address range "s + ar.get_description() + " must be registered somwhere"s};
@@ -158,8 +137,8 @@ void machine::replace_memory_range(const memory_range_config &config) {
             }
             // Replace range, preserving original flags.
             // This will automatically start with all pages dirty.
-            existing = make_moved_unique(make_memory_address_range(existing->get_description(), existing->get_start(),
-                existing->get_length(), existing->get_flags(), config.backing_store));
+            existing = make_moved_unique(memory_address_range{existing->get_description(), existing->get_start(),
+                existing->get_length(), existing->get_flags(), config.backing_store, config.read_only});
             return;
         }
     }
@@ -196,12 +175,12 @@ void machine::init_uarch(const uarch_config &c) {
     constexpr auto ram_description = "uarch RAM";
     if (c.ram.backing_store.data_filename.empty()) {
         m_us.ram = &register_address_range(
-            make_callocd_memory_address_range(ram_description, AR_UARCH_RAM_START, UARCH_RAM_LENGTH, uram_flags),
+            memory_address_range{ram_description, AR_UARCH_RAM_START, UARCH_RAM_LENGTH, uram_flags},
             register_where{.merkle = true, .interpret = false});
         memcpy(m_us.ram->get_host_memory(), uarch_pristine_ram, uarch_pristine_ram_len);
     } else {
-        m_us.ram = &register_address_range(make_memory_address_range(ram_description, AR_UARCH_RAM_START,
-                                               UARCH_RAM_LENGTH, uram_flags, c.ram.backing_store),
+        m_us.ram = &register_address_range(memory_address_range{ram_description, AR_UARCH_RAM_START, UARCH_RAM_LENGTH,
+                                               uram_flags, c.ram.backing_store},
             register_where{.merkle = true, .interpret = false});
     }
 }
@@ -291,25 +270,14 @@ void machine::init_ram_ar(const ram_config &ram) {
     if (ram.length == 0) {
         throw std::invalid_argument("RAM length cannot be zero");
     }
-    register_address_range(make_memory_address_range("RAM"s, AR_RAM_START, ram.length, ram_flags, ram.backing_store),
+    register_address_range(memory_address_range{"RAM"s, AR_RAM_START, ram.length, ram_flags, ram.backing_store},
         register_where{.merkle = true, .interpret = true});
 }
 
 void machine::init_flash_drive_ars(flash_drive_configs &flash_drive) {
     if (flash_drive.size() > FLASH_DRIVE_MAX) {
         throw std::invalid_argument{"too many flash drives"};
     }
-    // Flags for flash drives
-    static const pmas_flags flash_flags{
-        .M = true,
-        .IO = false,
-        .R = true,
-        .W = true,
-        .X = false,
-        .IR = true,
-        .IW = true,
-        .DID = PMA_ISTART_DID::flash_drive,
-    };
     // Register all flash drives
     int i = 0; // NOLINT(misc-const-correctness)
     for (auto &f : flash_drive) {
@@ -341,8 +309,19 @@ void machine::init_flash_drive_ars(flash_drive_configs &flash_drive) {
             }
             f.length = length;
         }
+        // Flags for flash drives
+        static const pmas_flags flash_flags{
+            .M = true,
+            .IO = false,
+            .R = true,
+            .W = !f.read_only,
+            .X = false,
+            .IR = true,
+            .IW = !f.read_only,
+            .DID = PMA_ISTART_DID::flash_drive,
+        };
         register_address_range(
-            make_memory_address_range(flash_description, f.start, f.length, flash_flags, f.backing_store),
+            memory_address_range{flash_description, f.start, f.length, flash_flags, f.backing_store, f.read_only},
             register_where{.merkle = true, .interpret = true});
         i++;
     }
@@ -456,11 +435,11 @@ void machine::init_cmio_ars(const cmio_config &c) {
         .IW = true,
         .DID = PMA_ISTART_DID::cmio_rx_buffer,
     };
-    register_address_range(make_memory_address_range("CMIO tx buffer memory range"s, AR_CMIO_TX_BUFFER_START,
-                               AR_CMIO_TX_BUFFER_LENGTH, tx_flags, c.tx_buffer.backing_store),
+    register_address_range(memory_address_range{"CMIO tx buffer memory range"s, AR_CMIO_TX_BUFFER_START,
+                               AR_CMIO_TX_BUFFER_LENGTH, tx_flags, c.tx_buffer.backing_store},
         register_where{.merkle = true, .interpret = true});
-    register_address_range(make_memory_address_range("CMIO rx buffer memory range"s, AR_CMIO_RX_BUFFER_START,
-                               AR_CMIO_RX_BUFFER_LENGTH, rx_flags, c.rx_buffer.backing_store),
+    register_address_range(memory_address_range{"CMIO rx buffer memory range"s, AR_CMIO_RX_BUFFER_START,
+                               AR_CMIO_RX_BUFFER_LENGTH, rx_flags, c.rx_buffer.backing_store},
         register_where{.merkle = true, .interpret = true});
 }
 
@@ -517,7 +496,7 @@ void machine::init_pmas_contents(const pmas_config &config, memory_address_range
 
 void machine::init_tlb_contents(const tlb_config &config) {
     if (const auto &image_filename = config.backing_store.data_filename; !image_filename.empty()) {
-        auto shadow_tlb_ptr = make_unique_mmap<shadow_tlb_state>(image_filename.c_str(), 1, false /* not shared */);
+        auto shadow_tlb_ptr = make_unique_mmap<shadow_tlb_state>(1, os_mmap_flags{}, image_filename);
         auto &shadow_tlb = *shadow_tlb_ptr;
         for (auto set_index : {TLB_CODE, TLB_READ, TLB_WRITE}) {
             for (uint64_t slot_index = 0; slot_index < TLB_SET_SIZE; ++slot_index) {
@@ -550,7 +529,7 @@ static inline auto make_dtb_address_range(const dtb_config &config) {
         .IW = true,
         .DID = PMA_ISTART_DID::memory,
     };
-    return make_memory_address_range("DTB"s, AR_DTB_START, AR_DTB_LENGTH, dtb_flags, config.backing_store);
+    return memory_address_range{"DTB"s, AR_DTB_START, AR_DTB_LENGTH, dtb_flags, config.backing_store};
 }
 
 void machine::init_dtb_contents(const machine_config &config, memory_address_range &dtb) {
@@ -570,7 +549,7 @@ static inline auto make_pmas_address_range(const pmas_config &config) {
         .IW = false,
         .DID = PMA_ISTART_DID::memory,
     };
-    return make_memory_address_range("PMAs", AR_PMAS_START, AR_PMAS_LENGTH, m_pmas_flags, config.backing_store);
+    return memory_address_range{"PMAs", AR_PMAS_START, AR_PMAS_LENGTH, m_pmas_flags, config.backing_store};
 }
 
 // ??D It is best to leave the std::move() on r because it may one day be necessary!
@@ -2190,6 +2169,9 @@ void machine::write_memory(uint64_t paddr, const unsigned char *data, uint64_t l
     if (!ar.is_memory()) {
         throw std::invalid_argument{"address range to write is not entirely in single memory range"};
     }
+    if (ar.is_host_read_only()) {
+        throw std::invalid_argument{"address range is read-only in the host"};
+    }
     if (is_protected(ar.get_driver_id())) {
         throw std::invalid_argument{"attempt to write to protected memory range"};
     }
@@ -2216,6 +2198,9 @@ void machine::fill_memory(uint64_t paddr, uint8_t val, uint64_t length) {
     if (!ar.is_memory()) {
         throw std::invalid_argument{"address range to fill is not entirely in memory PMA"};
     }
+    if (ar.is_host_read_only()) {
+        throw std::invalid_argument{"address range is read-only in the host"};
+    }
     if (is_protected(ar.get_driver_id())) {
         throw std::invalid_argument{"attempt fill to protected memory range"};
     }
@@ -2346,7 +2331,7 @@ void machine::write_word(uint64_t paddr, uint64_t val) {
             << std::dec << paddr << ")";
         throw std::runtime_error{err.str()};
     }
-    if (!ar.is_writeable()) {
+    if (!ar.is_writeable() || ar.is_host_read_only()) {
         std::ostringstream err;
         err << "attempted memory write to read-only " << ar.get_description() << " at address 0x" << std::hex << paddr
             << "(" << std::dec << paddr << ")";
@@ -2531,7 +2516,7 @@ interpreter_break_reason machine::log_step(uint64_t mcycle_count, const std::str
 interpreter_break_reason machine::verify_step(const hash_type &root_hash_before, const std::string &filename,
     uint64_t mcycle_count, const hash_type &root_hash_after) {
     auto data_length = os_get_file_length(filename.c_str(), "step log file");
-    auto data = make_unique_mmap<unsigned char>(filename.c_str(), data_length, false /* not shared */);
+    auto data = make_unique_mmap<unsigned char>(data_length, os_mmap_flags{}, filename);
     replay_step_state_access::context context;
     replay_step_state_access a(context, data.get(), data_length, root_hash_before);
     uint64_t mcycle_end{};

src/memory-address-range.cpp

@@ -28,10 +28,19 @@ class base_error : public std::invalid_argument {
 };
 
 memory_address_range::memory_address_range(const std::string &description, uint64_t start, uint64_t length,
-    const pmas_flags &flags, const std::string &image_filename, const mmapd &m) try :
+    const pmas_flags &flags, const backing_store_config &backing_store, bool read_only) try :
     address_range(description.c_str(), start, length, flags, [](const char *err) { throw base_error{err}; }),
-    m_ptr{make_unique_mmap<unsigned char>(image_filename.c_str(), length, m.shared)},
-    m_host_memory{std::get<mmapd_ptr>(m_ptr).get()} {
+    m_ptr{make_unique_mmap<unsigned char>(length,
+        os_mmap_flags{
+            .shared = backing_store.shared,
+            .read_only = read_only,
+            .truncate = backing_store.truncate,
+            // Lock backing file to prevent other processes causing memory corruptions
+            .lock_backing = !backing_store.data_filename.empty(),
+        },
+        backing_store.data_filename)},
+    m_host_memory{m_ptr.get()},
+    m_read_only{read_only} {
     if (!is_memory()) {
         throw std::invalid_argument{"memory range must be flagged memory when initializing "s + description};
     }
@@ -44,47 +53,4 @@ memory_address_range::memory_address_range(const std::string &description, uint6
     throw std::invalid_argument{"unknown exception when initializing "s + description};
 }
 
-memory_address_range::memory_address_range(const std::string &description, uint64_t start, uint64_t length,
-    const pmas_flags &flags, const std::string &image_filename, const callocd & /*c*/) try :
-    address_range(description.c_str(), start, length, flags, [](const char *err) { throw base_error{err}; }),
-    m_ptr{make_unique_calloc<unsigned char>(length)},
-    m_host_memory{std::get<callocd_ptr>(m_ptr).get()} {
-    if (!is_memory()) {
-        throw std::invalid_argument{"memory range must be flagged memory when initializing "s + description};
-    }
-    m_dirty_page_map.resize((length / (8 * AR_PAGE_SIZE)) + 1, 0xff);
-    // Try to load image file, if any
-    if (!image_filename.empty()) {
-        auto fp = make_unique_fopen(image_filename.c_str(), "rb", std::nothrow_t{});
-        if (!fp) {
-            throw std::system_error{errno, std::generic_category(), "error opening image file '"s + image_filename};
-        }
-        // Get file size
-        if (fseek(fp.get(), 0, SEEK_END) != 0) {
-            throw std::system_error{errno, std::generic_category(),
-                "error obtaining length of image file '"s + image_filename};
-        }
-        const auto file_length = static_cast<uint64_t>(ftello(fp.get()));
-        if (fseek(fp.get(), 0, SEEK_SET) != 0) {
-            throw std::system_error{errno, std::generic_category(),
-                "error obtaining length of image file '"s + image_filename};
-        }
-        // Check against PMA range size
-        if (file_length > length) {
-            throw std::runtime_error{"image file '"s + image_filename + "' is too large for range"s};
-        }
-        // Read to host memory
-        const auto read_length = static_cast<uint64_t>(fread(m_host_memory, 1, file_length, fp.get()));
-        if (read_length != file_length) {
-            throw std::runtime_error{"error reading from image file '"s + image_filename};
-        }
-    }
-} catch (base_error &b) {
-    throw; // already contains the description
-} catch (std::exception &e) {
-    throw std::invalid_argument{e.what() + " when initializing "s + description};
-} catch (...) {
-    throw std::invalid_argument{"unknown exception when initializing "s + description};
-}
-
 } // namespace cartesi

src/memory-address-range.h

@@ -21,6 +21,8 @@
 #include <variant>
 
 #include "address-range.h"
+#include "machine-config.h"
+#include "os-mmap.h"
 #include "unique-c-ptr.h"
 
 namespace cartesi {
@@ -32,49 +34,22 @@ class machine;
 /// \brief An address range occupied by memory
 
 class memory_address_range : public address_range {
-
-    using callocd_ptr = unique_calloc_ptr<unsigned char>;
-    using mmapd_ptr = unique_mmap_ptr<unsigned char>;
-
-    std::variant<std::monostate, ///< Before initialization
-        callocd_ptr,             ///< Automatic pointer for calloced memory
-        mmapd_ptr                ///< Automatic pointer for mmapped memory
-        >
-        m_ptr;
-
+    unique_mmap_ptr<unsigned char> m_ptr;  ///< Pointer to mmaped memory
     unsigned char *m_host_memory;          ///< Start of associated memory region in host.
+    bool m_read_only;                      ///< Whether the mapped memory is read-only on the host
     std::vector<uint8_t> m_dirty_page_map; ///< Map of dirty pages.
 
 public:
     using ptr_type = std::unique_ptr<memory_address_range>;
 
-    /// \brief Mmap'd range data (shared or not).
-    struct mmapd {
-        bool shared;
-    };
-
     /// \brief Constructor for mmap'd ranges.
     /// \param description Description of address range for use in error messages
     /// \param start Start of address range
     /// \param length Length of address range
     /// \param flags Range flags
     /// \param image_filename Path to backing file.
-    /// \param m Mmap'd range data (shared or not).
-    memory_address_range(const std::string &description, uint64_t start, uint64_t length, const pmas_flags &flags,
-        const std::string &image_filename, const mmapd &m);
-
-    /// \brief Calloc'd range data (just a tag).
-    struct callocd {};
-
-    /// \brief Constructor for calloc'd ranges.
-    /// \param description Description of address range for use in error messages
-    /// \param start Start of address range
-    /// \param length Length of address range
-    /// \param flags Range flags
-    /// \param image_filename Path to backing file.
-    /// \param c Calloc'd range data (just a tag).
     memory_address_range(const std::string &description, uint64_t start, uint64_t length, const pmas_flags &flags,
-        const std::string &image_filename, const callocd & /*c*/);
+        const backing_store_config &backing_store = {}, bool read_only = false);
 
     memory_address_range(const memory_address_range &) = delete;
     memory_address_range &operator=(const memory_address_range &) = delete;
@@ -117,6 +92,10 @@ class memory_address_range : public address_range {
         return (m_dirty_page_map[map_index] & (1 << (page_index & 7))) != 0;
     }
 
+    bool do_is_host_read_only() const noexcept override {
+        return m_read_only;
+    }
+
     bool do_peek(const machine & /*m*/, uint64_t offset, uint64_t length, const unsigned char **data,
         unsigned char * /*scratch*/) const noexcept override {
         if (contains_relative(offset, length)) {
@@ -128,16 +107,6 @@ class memory_address_range : public address_range {
     }
 };
 
-static inline auto make_callocd_memory_address_range(const std::string &description, uint64_t start, uint64_t length,
-    pmas_flags flags, const std::string &image_filename = {}) {
-    return memory_address_range{description, start, length, flags, image_filename, memory_address_range::callocd{}};
-}
-
-static inline auto make_mmapd_memory_address_range(const std::string &description, uint64_t start, uint64_t length,
-    pmas_flags flags, const std::string &image_filename, bool shared) {
-    return memory_address_range{description, start, length, flags, image_filename, memory_address_range::mmapd{shared}};
-}
-
 } // namespace cartesi
 
 #endif