Date: Fri, 9 Nov 2012 19:18:01 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 219707 for review Message-ID: <201211091918.qA9JI1wD013395@skunkworks.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@219707?ac=10 Change 219707 by rwatson@rwatson_svr_ctsrd_mipsbuild on 2012/11/09 19:17:32 Teach CheriBSD to check $C0 on system call enter to determine whether the system call is being made by a userspace sandbox. In the future we will surely do something more mature, but this will be fine in the mean time. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/sys/kern/subr_syscall.c#5 edit .. //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/cheri.c#7 edit .. //depot/projects/ctsrd/cheribsd/src/sys/mips/include/cheri.h#12 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/sys/kern/subr_syscall.c#5 (text+ko) ==== @@ -52,6 +52,10 @@ #endif #include <security/audit/audit.h> +#ifdef CPU_CHERI +#include <machine/cheri.h> +#endif + static inline int syscallenter(struct thread *td, struct syscall_args *sa) { @@ -72,6 +76,17 @@ PROC_UNLOCK(p); } else traced = 0; + +#ifdef CPU_CHERI + /* + * Constrain code that can originate system calls if userspace + * sandboxing is available. + */ + error = cheri_syscall_authorize(td); + if (error) + goto retval; +#endif + error = (p->p_sysent->sv_fetch_syscall_args)(td, sa); #ifdef KTRACE if (KTRPOINT(td, KTR_SYSCALL)) ==== //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/cheri.c#7 (text+ko) ==== @@ -283,6 +283,34 @@ CHERI_REG_PRINT(c, ctag, 31); } +/* + * Only allow system calls from sandboxes that hold ambient authority in + * userspace. + */ +int +cheri_syscall_authorize(struct thread *td) +{ + struct chericap c; + + /* + * Check whether userspace holds the rights defined in + * cheri_capability_set_user() in $C0. We might also consider + * checking $PCC here. + * + * XXXRW: Possibly ENOSYS should be EPROT or ESANDBOX? + */ + intr_disable(); + CHERI_CLC(CHERI_CR_KR1C, CHERI_CR_KDC, + &td->td_pcb->pcb_cheriframe.cf_c0, 0); + CHERI_GETCAPREG(CHERI_CR_KR1C, c); + intr_enable(); + if (c.c_perms != CHERI_CAP_USER_PERMS || + c.c_base != CHERI_CAP_USER_BASE || + c.c_length != CHERI_CAP_USER_LENGTH) + return (ENOSYS); + return (0); +} + #ifdef DDB #define DB_CHERI_REG_PRINT_NUM(crn, num) do { \ struct chericap c; \ ==== //depot/projects/ctsrd/cheribsd/src/sys/mips/include/cheri.h#12 (text+ko) ==== @@ -301,6 +301,7 @@ struct cheri_frame *cf_srcp); void cheri_exec_setregs(struct thread *td); void cheri_log_exception(struct trapframe *frame, int trap_type); +int cheri_syscall_authorize(struct thread *td); #endif #endif /* _MIPS_INCLUDE_CHERI_H_ */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201211091918.qA9JI1wD013395>