-
Notifications
You must be signed in to change notification settings - Fork 10
/
MVEE.ini
256 lines (236 loc) · 7.91 KB
/
MVEE.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
{
"monitor":
{
//
// Can be used to forcibly set the location of the ReMon root folder.
// This is useful if we are expecting to run the MVEE on a system where
// readlink -f /proc/self/exe would not return the true path to the MVEE
// binary.
//
// NOTE:
// If the MVEE binary is in /home/user/ReMon/MVEE/bin/Release, then the root
// path you should use would be /home/user/ReMon/
//
"root_path" : "",
//
// The location of the GHUMVEE-ready version of glibc. If is_absolute is
// set to false, GHUMVEE will prepend the MVEE root and append the arch
// (i386 or amd64) to this folder name.
//
"libc_path" :
{
"path" : "/patched_binaries/libc/",
"is_absolute" : false
},
// see above
"libgomp_path" :
{
"path" : "/patched_binaries/libgomp/",
"is_absolute" : false
},
"libstdcpp_path" :
{
"path" : "/patched_binaries/libstdc++/",
"is_absolute" : false
},
"libgfortran_path" :
{
"path" : "/patched_binaries/libgfortran/",
"is_absolute" : false
},
"gnomelibs_path" :
{
"path" : "/patched_binaries/gnomelibs/",
"is_absolute" : false
},
//
// Paths to supported benchmark suites. These are only used if you launch
// GHUMVEE using the legacy command line options (i.e. ./MVEE <demo number>
// <number of variants>).
// If these are not marked as absolute paths, GHUMVEE will prepend the
// MVEE root path to the folder name.
//
"spec_path" :
{
"path" : "/ext/spec2006/",
"is_absolute" : false
},
"parsec2_path" :
{
"path" : "/ext/parsec-2.1/",
"is_absolute" : false
},
"parsec3_path" :
{
"path" : "/ext/parsec-3.0/",
"is_absolute" : false
},
//
// If set to true, the MVEE logs everything to stdout as well as the regular
// log file. This setting has no effect if the MVEE is built with the
// MVEE_BENCHMARK option enabled.
//
"log_to_stdout" : false
},
"variant":
{
"global":
{
"settings":
{
//
// if set to false, we will not perform any cross-checking on syscall
// numbers and arguments, until cross-checking is explicitly enabled
// through syscall(MVEE_ENABLE_XCHECKS).
//
"xchecks_initially_enabled" : true,
//
// if set to true, we will not perform any cross-checking on heap
// allocations (through sys_mmap or sys_mremap), on protection flag
// changes through sys_mprotect (unless the program is trying to
// enable PROT_EXEC), or on deallocations through sys_munmap
//
"relaxed_mman_xchecks" : false,
//
// if set to true, GHUMVEE will load the IP-MON component we described
// in our USENIX ATC 16 paper "Secure and Efficient Application
// Monitoring and Replication"
//
"use_ipmon" : false,
//
// AMD64 kernels and recent i386 kernels map a "Virtual Dynamic Shared
// Object" (VDSO) into each process' address space. This VDSO consists
// of at least one executable page that typically offers optimized
// user-mode only versions of certain system calls, including
// sys_gettimeofday and sys_clock_gettime. Since these optimized system
// calls execute entirely in user-space, they can not get intercepted by
// GHUMVEE and GHUMVEE will therefore not be able to guarantee that all
// variants get consistent return values from said system calls. With
// hide_vdso set to true, GHUMVEE will inject its MVEE_LD_Loader into
// each of the variants. This MVEE_LD_Loader hides the VDSO so that libc
// no longer sees it and so that it will fall back to the normal,
// kernel-space versions of the VDSO system calls.
//
"hide_vdso" : true,
//
// The x86 RDTSC instruction reads a mutable Time Stamp Counter
// (TSC). GHUMVEE cannot guarantee that all variants read consistent
// values from the TSC. By enabling this option, GHUMVEE will set the
// TSC disable bit in one of the CPUs control register. Any RDTSC
// instruction executed with the TSC disable bit set will trap. GHUMVEE
// will intercept this trap and emulate the instruction so that each
// variant gets the same result.
//
"intercept_tsc" : true,
//
// With non_overlapping_mmaps set to a non-zero value, GHUMVEE will
// enable Disjoint Code Layouting, the Anti-ROP technique we presented
// in the "Cloning Your Gadgets" paper.
//
"non_overlapping_mmaps" : 0,
//
// With allow_setaffinity set to false, GHUMVEE will return -EPERM from
// all sys_sched_setaffinity calls made by variants.
//
"allow_setaffinity" : false,
//
// With use_system_libc set to false, GHUMVEE will force all variants to
// load their libc and libpthread libraries from the specified path.
// If the specified path is not marked as absolute, GHUMVEE will prepend
// the MVEE root path and append the architecture to the folder name.
//
// Note: this setting only applies when GHUMVEE is monitoring (i.e., not
// launched with the -n option)
//
"use_system_libc" : false,
// see above
"use_system_libgomp" : false,
"use_system_libstdcpp" : false,
"use_system_libgfortran" : true,
"use_system_gnomelibs" : false,
//
// If set to true, the variants will not be monitored. This can be used
// to run native benchmarks.
//
"disable_syscall_checks" : false,
//
// If set to true, we launch the variants through the linux perf tool.
// This also allows disables divergence reporting on write calls
// originating from the perf tool. The MVEE will buffer output from
// perf and report perf data individually for each variant when it shuts
// down.
//
"performance_counting_enabled" : false,
//
// Set this to true if you're expecting the variants to have 100+
// simultaneously running processes/threads. When set to true, GHUMVEE
// will allocate smaller shm segments (i.e., the buffers used for the
// the sync agents and IP-MON) to avoid going over the system-wide shm
// limits
//
"have_many_threads" : false,
//
// If set to true, all arguments passed through the MVEE command line
// will be merged into one arg.
//
// In other words, if you type:
// ./MVEE -N 1 -- echo Hello!
//
// The resulting variant invocation will be either:
// execve("/bin/bash", ["bash", "-c", "echo Hello!", NULL]) (if merge_extra_args is true)
// OR
// execve("/bin/bash", ["bash", "-c", "echo", "Hello!", NULL]) (if merge_extra_args is false)
//
// The output of the first variant would be:
// "Hello!"
// The output of the second variant would be:
// ""
//
"merge_extra_args": true,
//
// Use this to control the placement of new mmap/mremapped allocations.
//
// Possible settings:
// 0 - The MVEE doesn't control allocations.
// 1 - The MVEE randomizes stack, data mmaps, brk, and code mmaps.
// The MVEE ensures that data mmaps and brk mmaps are mapped to
// the same addresses across variants.
//
// 1 is the recommended setting in programs that contain
// address-sensitive behavior.
//
// NOTE: The MVEE ignores this setting if relaxed_mman_checks is set to
// true.
//
"mvee_controlled_aslr": 1
},
"exec":
{
//
// Array of command line arguments passed to the program
// NOTE: Do not add the basename of the program (i.e., argv[0]) here.
// ReMon will do this for you
//
"argv": [
"-c"
],
//
// Path to the program binary. Subject to aliasing
//
"path": "/bin/bash"
}
},
"sets":
{
"default": [
"variant-A",
"variant-B"
]
},
"specs":
{
"variant-A": {},
"variant-B": {}
}
}
}