PERFORCE change 219761 for review

Robert Watson rwatson at FreeBSD.org
Mon Nov 12 16:08:01 UTC 2012 

http://p4web.freebsd.org/@@219761?ac=10

Change 219761 by rwatson at rwatson_zenith_cl_cam_ac_uk on 2012/11/12 16:07:26

	Do a bit more legwork so that we can try and convince ourselves that
	libraries linked into sandboxed code work; do this by linking in libmd.
	Provide a number of system call stubs depended on by the library, which
	mostly return ECAPMODE.  Also provide an errno implementation.  We will
	want to expand this example shortly to illustrate how capability-unaware
	code can copy in arguments and out return values via capabilities using
	utility routines, as will be required for libpng.

Affected files ...

.. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/Makefile#5 edit
.. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/cheritest-helper.c#3 edit
.. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/malloc.c#1 add
.. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/stub.c#1 add

Differences ...

==== //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/Makefile#5 (text+ko) ====

@@ -2,12 +2,26 @@
 # $FreeBSD$
 #
 PROG=	cheritest-helper
-SRCS=	cheritest-helper.c chsbrt.S
+SRCS=	cheritest-helper.c			\
+	malloc.c				\
+	stub.c					\
+	chsbrt.S				\
+	memcpy.S				\
+	memset.S
+
 LDFLAGS+=	-Wl,--script=${.CURDIR}/sandbox.ld -nostdlib
 NO_MAN=
 #STRIP=
+DPADD=	${LIBMD}
+LDADD=	-lmd
+
 NO_SHARED=	yes
 
+#
+# For libc files!
+#
+NO_WERROR=	yes
+
 FILESOWN=       ${LIBOWN}
 FILESGRP=       ${LIBGRP}
 FILESMODE=      ${LIBMODE}
@@ -24,6 +38,7 @@
 cheritest-helper.dump: cheritest-helper
 	objdump -xsSD ${.ALLSRC} > ${.TARGET}
 
-.PATH: ${.CURDIR}/${MACHINE_ARCH}
+.PATH: ${.CURDIR}/${MACHINE_ARCH}		\
+	${.CURDIR}/../../lib/libc/string/${MACHINE_TARGET}
 
 .include <bsd.prog.mk>

==== //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/cheritest-helper.c#3 (text+ko) ====

@@ -30,12 +30,27 @@
 
 #include <sys/types.h>
 
+#include <machine/cheri.h>
+
+#include <md5.h>
+
 int	invoke(register_t a0, register_t a1, register_t a2, register_t a3);
 
+/*
+ * Sample sandboxed code.  Calculate an MD5 checksum of the data arriving via
+ * c1, and place the checksum in c2.
+ *
+ * XXXRW: More to follow here.
+ */
 int
 invoke(register_t a0 __unused, register_t a1 __unused, register_t a2 __unused,
     register_t a3 __unused)
 {
+	MD5_CTX md5context;
+	char buf[33];
+
+	MD5Init(&md5context);
+	MD5End(&md5context, buf);
 
 	return (123456);
 }

More information about the p4-projects mailing list