PERFORCE change 219707 for review
Robert Watson
rwatson at FreeBSD.org
Fri Nov 9 19:18:02 UTC 2012
http://p4web.freebsd.org/@@219707?ac=10
Change 219707 by rwatson at rwatson_svr_ctsrd_mipsbuild on 2012/11/09 19:17:32
Teach CheriBSD to check $C0 on system call enter to determine
whether the system call is being made by a userspace sandbox.
In the future we will surely do something more mature, but this
will be fine in the mean time.
Affected files ...
.. //depot/projects/ctsrd/cheribsd/src/sys/kern/subr_syscall.c#5 edit
.. //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/cheri.c#7 edit
.. //depot/projects/ctsrd/cheribsd/src/sys/mips/include/cheri.h#12 edit
Differences ...
==== //depot/projects/ctsrd/cheribsd/src/sys/kern/subr_syscall.c#5 (text+ko) ====
@@ -52,6 +52,10 @@
#endif
#include <security/audit/audit.h>
+#ifdef CPU_CHERI
+#include <machine/cheri.h>
+#endif
+
static inline int
syscallenter(struct thread *td, struct syscall_args *sa)
{
@@ -72,6 +76,17 @@
PROC_UNLOCK(p);
} else
traced = 0;
+
+#ifdef CPU_CHERI
+ /*
+ * Constrain code that can originate system calls if userspace
+ * sandboxing is available.
+ */
+ error = cheri_syscall_authorize(td);
+ if (error)
+ goto retval;
+#endif
+
error = (p->p_sysent->sv_fetch_syscall_args)(td, sa);
#ifdef KTRACE
if (KTRPOINT(td, KTR_SYSCALL))
==== //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/cheri.c#7 (text+ko) ====
@@ -283,6 +283,34 @@
CHERI_REG_PRINT(c, ctag, 31);
}
+/*
+ * Only allow system calls from sandboxes that hold ambient authority in
+ * userspace.
+ */
+int
+cheri_syscall_authorize(struct thread *td)
+{
+ struct chericap c;
+
+ /*
+ * Check whether userspace holds the rights defined in
+ * cheri_capability_set_user() in $C0. We might also consider
+ * checking $PCC here.
+ *
+ * XXXRW: Possibly ENOSYS should be EPROT or ESANDBOX?
+ */
+ intr_disable();
+ CHERI_CLC(CHERI_CR_KR1C, CHERI_CR_KDC,
+ &td->td_pcb->pcb_cheriframe.cf_c0, 0);
+ CHERI_GETCAPREG(CHERI_CR_KR1C, c);
+ intr_enable();
+ if (c.c_perms != CHERI_CAP_USER_PERMS ||
+ c.c_base != CHERI_CAP_USER_BASE ||
+ c.c_length != CHERI_CAP_USER_LENGTH)
+ return (ENOSYS);
+ return (0);
+}
+
#ifdef DDB
#define DB_CHERI_REG_PRINT_NUM(crn, num) do { \
struct chericap c; \
==== //depot/projects/ctsrd/cheribsd/src/sys/mips/include/cheri.h#12 (text+ko) ====
@@ -301,6 +301,7 @@
struct cheri_frame *cf_srcp);
void cheri_exec_setregs(struct thread *td);
void cheri_log_exception(struct trapframe *frame, int trap_type);
+int cheri_syscall_authorize(struct thread *td);
#endif
#endif /* _MIPS_INCLUDE_CHERI_H_ */
More information about the p4-projects
mailing list