PERFORCE change 219780 for review
Robert Watson
rwatson at FreeBSD.org
Wed Nov 14 06:51:18 UTC 2012
http://p4web.freebsd.org/@@219780?ac=10
Change 219780 by rwatson at rwatson_zenith_cl_cam_ac_uk on 2012/11/14 06:50:51
Implement a very simple sandbox abort() function that effectively
does a longjmp() back to the capability return code. Add exercise
case to cheritest.
Affected files ...
.. //depot/projects/ctsrd/cheribsd/src/bin/cheritest/cheritest.c#11 edit
.. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/cheritest-helper.c#6 edit
.. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/mips64/chsbrt.S#4 edit
Differences ...
==== //depot/projects/ctsrd/cheribsd/src/bin/cheritest/cheritest.c#11 (text+ko) ====
@@ -70,7 +70,8 @@
fprintf(stderr, "cheritest listregs\n");
fprintf(stderr, "cheritest overrun\n");
fprintf(stderr, "cheritest sandbox\n");
- fprintf(stderr, "cheritest sandbox_invoke\n");
+ fprintf(stderr, "cheritest sandbox_invoke_abort\n");
+ fprintf(stderr, "cheritest sandbox_invoke_md5\n");
fprintf(stderr, "cheritest sleep\n");
fprintf(stderr, "cheritest unsandbox\n");
fprintf(stderr, "cheritest syscalltest\n");
@@ -152,6 +153,22 @@
CHERI_CSETLEN(0, 1, CHERI_CAP_USER_LENGTH - 1);
}
+static void
+cheritest_sandbox_invoke_abort(void)
+{
+ struct sandbox *sb;
+ register_t v;
+
+ if (sandbox_setup("/usr/libexec/cheritest-helper.bin", 1024 * 1024,
+ &sb) < 0)
+ err(1, "sandbox_setup");
+
+ v = sandbox_invoke(sb, 0, 1, 0, 0, NULL, NULL, NULL, NULL, NULL,
+ NULL, NULL);
+ printf("%s: sandbox returned %ju\n", __func__, (uintmax_t)v);
+ sandbox_destroy(sb);
+}
+
/*
* XXXRW: c1 and c2 were not getting properly aligned when placed in the
* stack. Odd.
@@ -160,7 +177,7 @@
static struct chericap c1, c2;
static void
-cheritest_sandbox_invoke(void)
+cheritest_sandbox_invoke_md5(void)
{
struct sandbox *sb;
char buf[33];
@@ -241,8 +258,10 @@
cheritest_overrun();
else if (strcmp(argv[i], "sandbox") == 0)
cheritest_sandbox();
- else if (strcmp(argv[i], "sandbox_invoke") == 0)
- cheritest_sandbox_invoke();
+ else if (strcmp(argv[i], "sandbox_invoke_abort") == 0)
+ cheritest_sandbox_invoke_abort();
+ else if (strcmp(argv[i], "sandbox_invoke_md5") == 0)
+ cheritest_sandbox_invoke_md5();
else if (strcmp(argv[i], "sleep") == 0)
sleep(10);
else if (strcmp(argv[i], "unsandbox") == 0)
==== //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/cheritest-helper.c#6 (text+ko) ====
@@ -33,6 +33,7 @@
#include <machine/cheri.h>
#include <md5.h>
+#include <stdlib.h>
#include "cmemcpy.h"
@@ -42,15 +43,20 @@
* Sample sandboxed code. Calculate an MD5 checksum of the data arriving via
* c1, and place the checksum in c2. a0 will hold input data length. c2
* must be (at least) 33 bytes.
+ *
+ * ... unless a1 is set, in which case immediately abort() to test that case.
*/
int
-invoke(register_t a0, register_t a1 __unused, register_t a2 __unused,
+invoke(register_t a0, register_t a1, register_t a2 __unused,
register_t a3 __unused)
{
MD5_CTX md5context;
char buf[33], ch;
u_int count;
+ if (a1)
+ abort();
+
MD5Init(&md5context);
for (count = 0; count < a0; count++) {
memcpy_fromcap(&ch, 1, count, sizeof(ch));
==== //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/mips64/chsbrt.S#4 (text+ko) ====
@@ -137,6 +137,13 @@
sd $a5, 0($at)
#
+ # If abort() is called, we effectively longjmp back to just after the
+ # call to invoke(). Save a stack pointer for that unwind.
+ #
+ dla $at, abort_stack
+ sd $sp, 0($at)
+
+ #
# Invoke MIPS ABI C "invoke" function.
#
dla $25, invoke
@@ -148,6 +155,7 @@
#
# XXXRW: To move to caller context once using CCALL.
#
+abort_target:
ld $t0, 0($sp)
ld $t1, 8($sp)
daddiu $sp, 16
@@ -195,5 +203,23 @@
#
cjr $31($c24) # Jump to return capability register
nop # Branch-delay slot?
+ .end __start
+
+ .global abort
+ .ent abort
+abort:
+ #
+ # If abort() is called, unwind the stack and jump into the return
+ # code. Set $v0 to -2 so that it's somewhat recognisable, even if
+ # non-ideal.
+ #
+ dla $at, abort_stack
+ ld $sp, 0($at)
+ dli $v0, -2
+ b abort_target
+ nop
+ .end abort
- .end __start
+ .data
+abort_stack:
+ .dword 0x0000000000000000 # What to restore sp to on abort
More information about the p4-projects
mailing list