PERFORCE change 211963 for review
Robert Watson
rwatson at FreeBSD.org
Wed May 30 02:14:57 UTC 2012
http://p4web.freebsd.org/@@211963?ac=10
Change 211963 by rwatson at rwatson_svr_ctsrd_mipsbuild on 2012/05/30 02:14:54
Checkpoint work-in-progress kernel context switch support for the
CHERI capability coprocessor: a template user capability is
created during boot, and then used to populate user registers
when a new user context is created during execve(). More
explicitly manage the difference between user and kernel
capability contexts, moving the existing CP2 frame to struct pcb,
and adding a second one for the kernel. This is not yet believed
to work, but best to submit before getting on a plane!
Affected files ...
.. //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/cp2.c#5 edit
.. //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/cp2.h#6 edit
.. //depot/projects/ctsrd/cheribsd/src/sys/mips/include/pcb.h#2 edit
.. //depot/projects/ctsrd/cheribsd/src/sys/mips/include/proc.h#3 edit
.. //depot/projects/ctsrd/cheribsd/src/sys/mips/mips/pm_machdep.c#3 edit
Differences ...
==== //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/cp2.c#5 (text+ko) ====
@@ -29,6 +29,10 @@
*/
#include <sys/param.h>
+#include <sys/kernel.h>
+#include <sys/proc.h>
+
+#include <mips/include/pcb.h>
#include <mips/cheri/cp2.h>
@@ -48,6 +52,11 @@
*/
/*
+ * Template capability delegating ambient authority to userspace processes.
+ */
+static struct capability cp2_user_template;
+
+/*
* Given an existing more privileged capability (fromcrn), build a new
* capability in tocrn with the contents of the passed flattened
* representation.
@@ -81,6 +90,18 @@
}
void
+cp2_capability_set_upriv(struct capability *cp)
+{
+
+ /*
+ * XXXRW: Note assumption that MIPS_XUSEG_START == NULL. Perhaps
+ * should be a CTASSERT().
+ */
+ cp2_capability_set(cp, CHERI_PERM_ALL, NULL, NULL,
+ MIPS_XUSEG_END);
+}
+
+void
cp2_capability_set_null(struct capability *cp)
{
@@ -101,97 +122,42 @@
cp2_capability_copy(struct capability *cp_to, struct capability *cp_from)
{
- CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, cp_from);
- CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, cp_to);
+ cp2_capability_load(CHERI_CR_CT0, cp_from);
+ cp2_capability_store(CHERI_CR_CT0, cp_to);
}
void
cp2_context_copy(struct cp2_frame *cf_destp, struct cp2_frame *cf_srcp)
{
- CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c0);
- CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c0);
-
- CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c1);
- CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c1);
-
- CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c2);
- CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c2);
-
- CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c3);
- CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c3);
-
- CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c4);
- CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c4);
-
- CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c5);
- CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c5);
-
- CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c6);
- CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c6);
-
- CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c7);
- CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c7);
-
- CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c8);
- CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c8);
-
- CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c9);
- CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c9);
-
- CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c10);
- CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c10);
-
- CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c11);
- CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c11);
-
- CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c12);
- CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c12);
-
- CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c13);
- CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c13);
-
- CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c14);
- CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c14);
-
- CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c15);
- CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c15);
-
- CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c16);
- CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c16);
-
- CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c17);
- CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c17);
-
- CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c18);
- CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c18);
-
- CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c19);
- CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c19);
-
- CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c20);
- CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c20);
-
- CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c21);
- CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c21);
-
- CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c22);
- CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c22);
-
- CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c23);
- CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c23);
-
- CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c24);
- CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c24);
-
- CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_udc);
- CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_udc);
-
- CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_tsc);
- CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_tsc);
-
- CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_pcc);
- CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_pcc);
+ cp2_capability_copy(&cf_destp->cf_c0, &cf_srcp->cf_c0);
+ cp2_capability_copy(&cf_destp->cf_c1, &cf_srcp->cf_c1);
+ cp2_capability_copy(&cf_destp->cf_c2, &cf_srcp->cf_c2);
+ cp2_capability_copy(&cf_destp->cf_c3, &cf_srcp->cf_c3);
+ cp2_capability_copy(&cf_destp->cf_c4, &cf_srcp->cf_c4);
+ cp2_capability_copy(&cf_destp->cf_c5, &cf_srcp->cf_c5);
+ cp2_capability_copy(&cf_destp->cf_c6, &cf_srcp->cf_c6);
+ cp2_capability_copy(&cf_destp->cf_c7, &cf_srcp->cf_c7);
+ cp2_capability_copy(&cf_destp->cf_c8, &cf_srcp->cf_c8);
+ cp2_capability_copy(&cf_destp->cf_c9, &cf_srcp->cf_c9);
+ cp2_capability_copy(&cf_destp->cf_c10, &cf_srcp->cf_c10);
+ cp2_capability_copy(&cf_destp->cf_c11, &cf_srcp->cf_c11);
+ cp2_capability_copy(&cf_destp->cf_c12, &cf_srcp->cf_c12);
+ cp2_capability_copy(&cf_destp->cf_c13, &cf_srcp->cf_c13);
+ cp2_capability_copy(&cf_destp->cf_c14, &cf_srcp->cf_c14);
+ cp2_capability_copy(&cf_destp->cf_c15, &cf_srcp->cf_c15);
+ cp2_capability_copy(&cf_destp->cf_c16, &cf_srcp->cf_c16);
+ cp2_capability_copy(&cf_destp->cf_c17, &cf_srcp->cf_c17);
+ cp2_capability_copy(&cf_destp->cf_c18, &cf_srcp->cf_c18);
+ cp2_capability_copy(&cf_destp->cf_c19, &cf_srcp->cf_c19);
+ cp2_capability_copy(&cf_destp->cf_c20, &cf_srcp->cf_c20);
+ cp2_capability_copy(&cf_destp->cf_c21, &cf_srcp->cf_c21);
+ cp2_capability_copy(&cf_destp->cf_c22, &cf_srcp->cf_c22);
+ cp2_capability_copy(&cf_destp->cf_c23, &cf_srcp->cf_c23);
+ cp2_capability_copy(&cf_destp->cf_c24, &cf_srcp->cf_c24);
+ cp2_capability_copy(&cf_destp->cf_udc, &cf_srcp->cf_udc);
+ cp2_capability_copy(&cf_destp->cf_tsc, &cf_srcp->cf_tsc);
+ cp2_capability_copy(&cf_destp->cf_pcc, &cf_srcp->cf_pcc);
}
/*
@@ -477,3 +443,56 @@
break;
}
}
+
+static void
+cheri_init(void *arg)
+{
+
+ /*
+ * Initialise a template capability that will be used when
+ * configuring new user processes.
+ *
+ * XXXRW: Currently, this delegates the full address space -- more
+ * ideally, we'd limit it to user portions of the address space,
+ * reinforcing the MIPS segment and ring model.
+ */
+ cp2_capability_set_priv(&cp2_user_template);
+}
+SYSINIT(elf32, SI_SUB_CREATE_INIT, SI_ORDER_ANY, cheri_init, NULL);
+
+void
+cheri_exec_setregs(struct thread *td)
+{
+ struct cp2_frame *cfp;
+
+ cfp = &td->td_pcb->pcb_ucp2frame;
+ cp2_capability_load(CHERI_CR_CT0, &cp2_user_template);
+ cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c0);
+ cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c1);
+ cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c2);
+ cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c3);
+ cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c4);
+ cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c5);
+ cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c6);
+ cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c7);
+ cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c8);
+ cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c9);
+ cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c10);
+ cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c11);
+ cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c12);
+ cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c13);
+ cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c14);
+ cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c15);
+ cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c16);
+ cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c17);
+ cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c18);
+ cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c19);
+ cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c20);
+ cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c21);
+ cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c22);
+ cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c23);
+ cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c24);
+ cp2_capability_store(CHERI_CR_CT0, &cfp->cf_udc);
+ cp2_capability_store(CHERI_CR_CT0, &cfp->cf_tsc);
+ cp2_capability_store(CHERI_CR_CT0, &cfp->cf_pcc);
+}
==== //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/cp2.h#6 (text+ko) ====
@@ -257,6 +257,20 @@
: "i" (crn_to), "i" (crn_base), "r" (offset)); \
} while (0)
+static inline void
+cp2_capability_load(u_int crn_to, struct capability *cp)
+{
+
+ CP2_CR_LOAD(crn_to, CHERI_CR_KDC, cp);
+}
+
+static inline void
+cp2_capability_store(u_int crn_from, struct capability *cp)
+{
+
+ CP2_CR_STORE(crn_from, CHERI_CR_KDC, cp);
+}
+
/*
* Extract a flattened but useful memory representation of a complete
* capability register.
@@ -349,15 +363,17 @@
* APIs that act on C language representations of capabilities -- but not
* capabilities themselves.
*/
+void cp2_capability_copy(struct capability *cp_to,
+ struct capability *cp_from);
void cp2_capability_set(struct capability *cp, uint32_t uperms,
void *otypep /* eaddr */, void *basep, uint64_t length);
-
void cp2_capability_set_priv(struct capability *cp);
+void cp2_capability_set_upriv(struct capability *cp);
void cp2_capability_set_null(struct capability *cp);
-void cp2_capability_copy(struct capability *cp_to,
- struct capability *cp_from);
void cp2_context_copy(struct cp2_frame *cf_destp,
struct cp2_frame *cf_srcp);
+void cheri_exec_setregs(struct thread *td);
+
#endif /* _MIPS_CHERI_CP2_H_ */
==== //depot/projects/ctsrd/cheribsd/src/sys/mips/include/pcb.h#2 (text+ko) ====
@@ -44,13 +44,23 @@
#include <machine/frame.h>
+#ifdef CPU_CHERI
+#include <mips/cheri/cp2.h>
+#endif
+
/*
* MIPS process control block
*/
struct pcb
{
struct trapframe pcb_regs; /* saved CPU and registers */
+#ifdef CPU_CHERI
+ struct cp2_frame pcb_ucp2frame;
+#endif
__register_t pcb_context[14]; /* kernel context for resume */
+#ifdef CPU_CHERI
+ struct cp2_frame pcb_cp2frame;
+#endif
void *pcb_onfault; /* for copyin/copyout faults */
register_t pcb_tpc;
};
==== //depot/projects/ctsrd/cheribsd/src/sys/mips/include/proc.h#3 (text+ko) ====
@@ -65,9 +65,6 @@
int md_pc_count; /* performance counter */
int md_pc_spill; /* performance counter spill */
void *md_tls;
-#if defined(CPU_CHERI)
- struct cp2_frame md_cp2frame;
-#endif
#ifdef CPU_CNMIPS
struct octeon_cop2_state *md_cop2; /* kernel context */
struct octeon_cop2_state *md_ucop2; /* userland context */
==== //depot/projects/ctsrd/cheribsd/src/sys/mips/mips/pm_machdep.c#3 (text+ko) ====
@@ -69,6 +69,10 @@
#include <fs/pseudofs/pseudofs.h>
#include <fs/procfs/procfs.h>
+#ifdef CPU_CHERI
+#include <mips/cheri/cp2.h>
+#endif
+
#define UCONTEXT_MAGIC 0xACEDBADE
/*
@@ -525,6 +529,7 @@
#endif
#if defined(CPU_CHERI)
td->td_frame->sr |= MIPS_SR_COP_2_BIT;
+ cheri_exec_setregs(td);
#endif
/*
* FREEBSD_DEVELOPERS_FIXME:
More information about the p4-projects
mailing list