From owner-p4-projects@FreeBSD.ORG  Sun Sep 15 18:55:46 2013
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
 id D04D9DD0; Sun, 15 Sep 2013 18:55:46 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id 7649BDCE
 for <perforce@freebsd.org>; Sun, 15 Sep 2013 18:55:46 +0000 (UTC)
 (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [8.8.178.74])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 6091F2FC9
 for <perforce@freebsd.org>; Sun, 15 Sep 2013 18:55:46 +0000 (UTC)
Received: from skunkworks.freebsd.org ([127.0.1.74])
 by skunkworks.freebsd.org (8.14.7/8.14.7) with ESMTP id r8FItkEs050979
 for <perforce@freebsd.org>; Sun, 15 Sep 2013 18:55:46 GMT
 (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
 by skunkworks.freebsd.org (8.14.7/8.14.6/Submit) id r8FItjSp050935
 for perforce@freebsd.org; Sun, 15 Sep 2013 18:55:45 GMT
 (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Sun, 15 Sep 2013 18:55:45 GMT
Message-Id: <201309151855.r8FItjSp050935@skunkworks.freebsd.org>
X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to
 bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
Subject: PERFORCE change 717800 for review
To: Perforce Change Reviews <perforce@FreeBSD.org>
Precedence: bulk
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.14
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/p4-projects>,
 <mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
 <mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Sep 2013 18:55:47 -0000

http://p4web.freebsd.org/@@717800?ac=10

Change 717800 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2013/09/15 18:54:47

	Clean up a variety of aspects of CheriBSD support for CHERI's
	capability coprocessor in preparation for further exception-
	handling work:
	
	(1) In a more structured way, allocate exception-handling
	    reserved capability registers for kernel use:
	    CHERI_CR_CTEMP for KR1C -- C-language temporary use prior to
	    compiling the kernel with CHERI-aware Clang; and
	    CHERI_REG_SEC0 for KR2C -- temporary storage of a preempted
	    $c0 prior to formal saving of the user thread context.
	
	(2) Now that KR2C is used for the saved $c0, start managing the 
	    previously occupied $c25 as part of the user context
	    explicitly, effective returning it to general-purpose use by
	    the compiler.  This increases the size of the saved user
	    thread context from 27 capability registers to 28.
	
	(3) Explicitly name $c24 and $c26 as RCC and IDC in various
	    pieces of C and assembly code to make usage more clear.
	
	(4) Prefer #defines for various register names in kernel
	    assembly -- e.g., CHERI_REG_KDC instead of $c30, which (on
	    the whole) makes things more readable.
	
	(5) Use bzero rather than a series of inline capability
	    preparations to initialise the majority of a user thread's
	    CP2 context.
	
	(6) Improve comments and remove some XXXRW notes in a few places
	    (and in one or two add them).
	
	(7) Print the complete set of CP2 registers in DDB rather than
	    just most of them.

Affected files ...

.. //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/cheri.c#15 edit
.. //depot/projects/ctsrd/cheribsd/src/sys/mips/include/cheri.h#21 edit
.. //depot/projects/ctsrd/cheribsd/src/sys/mips/include/cheriasm.h#11 edit
.. //depot/projects/ctsrd/cheribsd/src/sys/mips/include/cherireg.h#11 edit

Differences ...

==== //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/cheri.c#15 (text+ko) ====

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2011-2012 Robert N. M. Watson
+ * Copyright (c) 2011-2013 Robert N. M. Watson
  * All rights reserved.
  *
  * This software was developed by SRI International and the University of
@@ -97,11 +97,11 @@
 	 * temporary preserved during kernel execution to avoid this.
 	 */
 	s = intr_disable();
-	CHERI_CINCBASE(CHERI_CR_KR1C, CHERI_CR_KDC, (register_t)basep);
-	CHERI_CSETLEN(CHERI_CR_KR1C, CHERI_CR_KR1C, (register_t)length);
-	CHERI_CANDPERM(CHERI_CR_KR1C, CHERI_CR_KR1C, (register_t)perms);
-	CHERI_CSETTYPE(CHERI_CR_KR1C, CHERI_CR_KR1C, (register_t)otypep);
-	CHERI_CSC(CHERI_CR_KR1C, CHERI_CR_KDC, (register_t)cp, 0);
+	CHERI_CINCBASE(CHERI_CR_CTEMP, CHERI_CR_KDC, (register_t)basep);
+	CHERI_CSETLEN(CHERI_CR_CTEMP, CHERI_CR_CTEMP, (register_t)length);
+	CHERI_CANDPERM(CHERI_CR_CTEMP, CHERI_CR_CTEMP, (register_t)perms);
+	CHERI_CSETTYPE(CHERI_CR_CTEMP, CHERI_CR_CTEMP, (register_t)otypep);
+	CHERI_CSC(CHERI_CR_CTEMP, CHERI_CR_KDC, (register_t)cp, 0);
 	intr_restore(s);
 }
 
@@ -169,8 +169,8 @@
 	 * temporary preserved during kernel execution to avoid this.
 	 */
 	s = intr_disable();
-	cheri_capability_load(CHERI_CR_KR1C, cp_from);
-	cheri_capability_store(CHERI_CR_KR1C, cp_to);
+	cheri_capability_load(CHERI_CR_CTEMP, cp_from);
+	cheri_capability_store(CHERI_CR_CTEMP, cp_to);
 	intr_restore(s);
 }
 
@@ -178,6 +178,7 @@
 cheri_context_copy(struct cheri_frame *cf_destp, struct cheri_frame *cf_srcp)
 {
 
+	/* XXXRW: Use a capability-aware memcpy here instead. */
 	cheri_capability_copy(&cf_destp->cf_c0, &cf_srcp->cf_c0);
 	cheri_capability_copy(&cf_destp->cf_c1, &cf_srcp->cf_c1);
 	cheri_capability_copy(&cf_destp->cf_c2, &cf_srcp->cf_c2);
@@ -202,12 +203,9 @@
 	cheri_capability_copy(&cf_destp->cf_c21, &cf_srcp->cf_c21);
 	cheri_capability_copy(&cf_destp->cf_c22, &cf_srcp->cf_c22);
 	cheri_capability_copy(&cf_destp->cf_c23, &cf_srcp->cf_c23);
-	cheri_capability_copy(&cf_destp->cf_c24, &cf_srcp->cf_c24);
-	cheri_capability_copy(&cf_destp->cf_c26, &cf_srcp->cf_c26);
-	/*
-	 * XXXRW: not in CHERI ISAv2:
-	 * cheri_capability_copy(&cf_destp->cf_tsc, &cf_srcp->cf_tsc);
-	 */
+	cheri_capability_copy(&cf_destp->cf_rcc, &cf_srcp->cf_rcc);
+	cheri_capability_copy(&cf_destp->cf_c25, &cf_srcp->cf_c25);
+	cheri_capability_copy(&cf_destp->cf_idc, &cf_srcp->cf_idc);
 	cheri_capability_copy(&cf_destp->cf_pcc, &cf_srcp->cf_pcc);
 }
 
@@ -223,36 +221,8 @@
 	 * propagate around rights as required.
 	 */
 	cfp = &td->td_pcb->pcb_cheriframe;
+	bzero(cfp, sizeof(*cfp));
 	cheri_capability_set_user(&cfp->cf_c0);
-	cheri_capability_set_null(&cfp->cf_c1);
-	cheri_capability_set_null(&cfp->cf_c2);
-	cheri_capability_set_null(&cfp->cf_c3);
-	cheri_capability_set_null(&cfp->cf_c4);
-	cheri_capability_set_null(&cfp->cf_c5);
-	cheri_capability_set_null(&cfp->cf_c6);
-	cheri_capability_set_null(&cfp->cf_c7);
-	cheri_capability_set_null(&cfp->cf_c8);
-	cheri_capability_set_null(&cfp->cf_c9);
-	cheri_capability_set_null(&cfp->cf_c10);
-	cheri_capability_set_null(&cfp->cf_c11);
-	cheri_capability_set_null(&cfp->cf_c12);
-	cheri_capability_set_null(&cfp->cf_c13);
-	cheri_capability_set_null(&cfp->cf_c14);
-	cheri_capability_set_null(&cfp->cf_c15);
-	cheri_capability_set_null(&cfp->cf_c16);
-	cheri_capability_set_null(&cfp->cf_c17);
-	cheri_capability_set_null(&cfp->cf_c18);
-	cheri_capability_set_null(&cfp->cf_c19);
-	cheri_capability_set_null(&cfp->cf_c20);
-	cheri_capability_set_null(&cfp->cf_c21);
-	cheri_capability_set_null(&cfp->cf_c22);
-	cheri_capability_set_null(&cfp->cf_c23);
-	cheri_capability_set_null(&cfp->cf_c24);
-	cheri_capability_set_null(&cfp->cf_c26);
-	/*
-	 * XXXRW: not in CHERI ISAv2:
-	 * cheri_capability_set_null(&cfp->cf_tsc);
-	 */
 	cheri_capability_set_user(&cfp->cf_pcc);
 }
 
@@ -286,57 +256,57 @@
 
 	/* C0 */
 	intr_disable();
-	CHERI_CLC(CHERI_CR_KR1C, CHERI_CR_KDC, &cheriframe->cf_c0, 0);
-	CHERI_GETCAPREG(CHERI_CR_KR1C, c);
-	CHERI_CGETTAG(ctag, CHERI_CR_KR1C);
+	CHERI_CLC(CHERI_CR_CTEMP, CHERI_CR_KDC, &cheriframe->cf_c0, 0);
+	CHERI_GETCAPREG(CHERI_CR_CTEMP, c);
+	CHERI_CGETTAG(ctag, CHERI_CR_CTEMP);
 	intr_enable();
 	CHERI_REG_PRINT(c, ctag, 0);
 
 	/* C1 */
 	intr_disable();
-	CHERI_CLC(CHERI_CR_KR1C, CHERI_CR_KDC, &cheriframe->cf_c1, 0);
-	CHERI_GETCAPREG(CHERI_CR_KR1C, c);
-	CHERI_CGETTAG(ctag, CHERI_CR_KR1C);
+	CHERI_CLC(CHERI_CR_CTEMP, CHERI_CR_KDC, &cheriframe->cf_c1, 0);
+	CHERI_GETCAPREG(CHERI_CR_CTEMP, c);
+	CHERI_CGETTAG(ctag, CHERI_CR_CTEMP);
 	intr_enable();
 	CHERI_REG_PRINT(c, ctag, 1);
 
 	/* C2 */
 	intr_disable();
-	CHERI_CLC(CHERI_CR_KR1C, CHERI_CR_KDC, &cheriframe->cf_c2, 0);
-	CHERI_GETCAPREG(CHERI_CR_KR1C, c);
-	CHERI_CGETTAG(ctag, CHERI_CR_KR1C);
+	CHERI_CLC(CHERI_CR_CTEMP, CHERI_CR_KDC, &cheriframe->cf_c2, 0);
+	CHERI_GETCAPREG(CHERI_CR_CTEMP, c);
+	CHERI_CGETTAG(ctag, CHERI_CR_CTEMP);
 	intr_enable();
 	CHERI_REG_PRINT(c, ctag, 2);
 
 	/* C3 */
 	intr_disable();
-	CHERI_CLC(CHERI_CR_KR1C, CHERI_CR_KDC, &cheriframe->cf_c3, 0);
-	CHERI_GETCAPREG(CHERI_CR_KR1C, c);
-	CHERI_CGETTAG(ctag, CHERI_CR_KR1C);
+	CHERI_CLC(CHERI_CR_CTEMP, CHERI_CR_KDC, &cheriframe->cf_c3, 0);
+	CHERI_GETCAPREG(CHERI_CR_CTEMP, c);
+	CHERI_CGETTAG(ctag, CHERI_CR_CTEMP);
 	intr_enable();
 	CHERI_REG_PRINT(c, ctag, 3);
 
-	/* C24 */
+	/* C24 - RCC */
 	intr_disable();
-	CHERI_CLC(CHERI_CR_KR1C, CHERI_CR_KDC, &cheriframe->cf_c24, 0);
-	CHERI_GETCAPREG(CHERI_CR_KR1C, c);
-	CHERI_CGETTAG(ctag, CHERI_CR_KR1C);
+	CHERI_CLC(CHERI_CR_CTEMP, CHERI_CR_KDC, &cheriframe->cf_rcc, 0);
+	CHERI_GETCAPREG(CHERI_CR_CTEMP, c);
+	CHERI_CGETTAG(ctag, CHERI_CR_CTEMP);
 	intr_enable();
 	CHERI_REG_PRINT(c, ctag, 24);
 
-	/* C26 */
+	/* C26 - IDC */
 	intr_disable();
-	CHERI_CLC(CHERI_CR_KR1C, CHERI_CR_KDC, &cheriframe->cf_c26, 0);
-	CHERI_GETCAPREG(CHERI_CR_KR1C, c);
-	CHERI_CGETTAG(ctag, CHERI_CR_KR1C);
+	CHERI_CLC(CHERI_CR_CTEMP, CHERI_CR_KDC, &cheriframe->cf_idc, 0);
+	CHERI_GETCAPREG(CHERI_CR_CTEMP, c);
+	CHERI_CGETTAG(ctag, CHERI_CR_CTEMP);
 	intr_enable();
 	CHERI_REG_PRINT(c, ctag, 26);
 
-	/* EPCC */
+	/* C31 - saved PCC */
 	intr_disable();
-	CHERI_CLC(CHERI_CR_KR1C, CHERI_CR_KDC, &cheriframe->cf_pcc, 0);
-	CHERI_GETCAPREG(CHERI_CR_KR1C, c);
-	CHERI_CGETTAG(ctag, CHERI_CR_KR1C);
+	CHERI_CLC(CHERI_CR_CTEMP, CHERI_CR_KDC, &cheriframe->cf_pcc, 0);
+	CHERI_GETCAPREG(CHERI_CR_CTEMP, c);
+	CHERI_CGETTAG(ctag, CHERI_CR_CTEMP);
 	intr_enable();
 	CHERI_REG_PRINT(c, ctag, 31);
 
@@ -377,9 +347,9 @@
 	 * XXXRW: Possibly ECAPMODE should be EPROT or ESANDBOX?
 	 */
 	intr_disable();
-	CHERI_CLC(CHERI_CR_KR1C, CHERI_CR_KDC,
+	CHERI_CLC(CHERI_CR_CTEMP, CHERI_CR_KDC,
 	    &td->td_pcb->pcb_cheriframe.cf_c0, 0);
-	CHERI_GETCAPREG(CHERI_CR_KR1C, c);
+	CHERI_GETCAPREG(CHERI_CR_CTEMP, c);
 	intr_enable();
 	if (c.c_perms != CHERI_CAP_USER_PERMS ||
 	    c.c_base != CHERI_CAP_USER_BASE ||
@@ -471,24 +441,19 @@
 	db_printf("Thread %d at %p\n", td->td_tid, td);
 	db_printf("CHERI frame at %p\n", cfp);
 
-	/* Laboriously load and print each capability. */
-	for (i = 0; i < 25; i++) {
+	/* Laboriously load and print each user capability. */
+	for (i = 0; i < 27; i++) {
 		s = intr_disable();
-		cheri_capability_load(CHERI_CR_KR1C,
+		cheri_capability_load(CHERI_CR_CTEMP,
 		    (struct chericap *)&cfp->cf_c0 + i);
-		DB_CHERI_REG_PRINT_NUM(CHERI_CR_KR1C, i);
+		DB_CHERI_REG_PRINT_NUM(CHERI_CR_CTEMP, i);
 		intr_restore(s);
 	}
 	db_printf("\nPCC:\n");
 	s = intr_disable();
-#if 0
-	cheri_capability_load(CHERI_CR_KR1C, (struct chericap *)&cfp->cf_c0 +
-	    CHERI_CR_TSC_OFF);
-	DB_CHERI_REG_PRINT_NUM(CHERI_CR_KR1C, CHERI_CR_TSC);
-#endif
-	cheri_capability_load(CHERI_CR_KR1C, (struct chericap *)&cfp->cf_c0 +
+	cheri_capability_load(CHERI_CR_CTEMP, (struct chericap *)&cfp->cf_c0 +
 	    CHERI_CR_PCC_OFF);
-	DB_CHERI_REG_PRINT_NUM(CHERI_CR_KR1C, CHERI_CR_EPCC);
+	DB_CHERI_REG_PRINT_NUM(CHERI_CR_CTEMP, CHERI_CR_EPCC);
 	intr_restore(s);
 }
 #endif

==== //depot/projects/ctsrd/cheribsd/src/sys/mips/include/cheri.h#21 (text+ko) ====

@@ -41,7 +41,8 @@
 #include <sys/types.h>
 
 /*
- * Canonical C-language representation of a capability.
+ * Canonical C-language representation of a capability -- for compilers that
+ * don't support capabilities; for them, we'll provide __capability void *.
  */
 #define	CHERICAP_SIZE	32
 struct chericap {
@@ -77,17 +78,13 @@
 	/*
 	 * General-purpose capabilities -- note, numbering is from v1.7 of the
 	 * CHERI ISA spec (ISAv2).
-	 *
-	 * XXXRW: Currently, C25 is used in-kernel to maintain a saved UDC
-	 * (C0), and so not part of cheri_frame.  This will change in the
-	 * future.
 	 */
 	struct chericap	cf_c1, cf_c2, cf_c3, cf_c4;
 	struct chericap	cf_c5, cf_c6, cf_c7;
 	struct chericap	cf_c8, cf_c9, cf_c10, cf_c11, cf_c12;
 	struct chericap	cf_c13, cf_c14, cf_c15, cf_c16, cf_c17;
 	struct chericap	cf_c18, cf_c19, cf_c20, cf_c21, cf_c22;
-	struct chericap	cf_c23, cf_c24, cf_c26;
+	struct chericap cf_c23, cf_rcc, cf_c25, cf_idc;
 
 	/*
 	 * Special-purpose capability registers that must be preserved on a
@@ -101,7 +98,7 @@
 	 */
 	struct chericap	cf_pcc;
 };
-CTASSERT(sizeof(struct cheri_frame) == (27 * CHERICAP_SIZE));
+CTASSERT(sizeof(struct cheri_frame) == (28 * CHERICAP_SIZE));
 #endif
 
 /*

==== //depot/projects/ctsrd/cheribsd/src/sys/mips/include/cheriasm.h#11 (text+ko) ====

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2012 Robert N. M. Watson
+ * Copyright (c) 2012-2013 Robert N. M. Watson
  * All rights reserved.
  *
  * This software was developed by SRI International and the University of
@@ -36,6 +36,57 @@
 #endif
 
 /*
+ * 27 user-context registers -- with names where appropriate.
+ */
+#define	CHERI_REG_C0	$c0	/* MIPS legacy load/store capability. */
+#define	CHERI_REG_C1	$c1
+#define	CHERI_REG_C2	$c2
+#define	CHERI_REG_C3	$c3
+#define	CHERI_REG_C4	$c4
+#define	CHERI_REG_C5	$c5
+#define	CHERI_REG_C6	$c6
+#define	CHERI_REG_C7	$c7
+#define	CHERI_REG_C8	$c8
+#define	CHERI_REG_C9	$c9
+#define	CHERI_REG_C10	$c10
+#define	CHERI_REG_C11	$c11
+#define	CHERI_REG_C12	$c12
+#define	CHERI_REG_C13	$c13
+#define	CHERI_REG_C14	$c14
+#define	CHERI_REG_C15	$c15
+#define	CHERI_REG_C16	$c16
+#define	CHERI_REG_C17	$c17
+#define	CHERI_REG_C18	$c18
+#define	CHERI_REG_C19	$c19
+#define	CHERI_REG_C20	$c20
+#define	CHERI_REG_C21	$c21
+#define	CHERI_REG_C22	$c22
+#define	CHERI_REG_C23	$c23
+#define	CHERI_REG_RCC	$c24	/* Return code capability. */
+#define	CHERI_REG_C25	$c25	/* Notionally reserved for exception-use. */
+#define	CHERI_REG_IDC	$c26	/* Invoked data capability. */
+
+/* 5 exception-context registers -- with names where appropriate. */
+#define	CHERI_REG_KR1C	$c27	/* Kernel exception handling capability (1). */
+#define	CHERI_REG_KR2C	$c28	/* Kernel exception handling capability (2). */
+#define	CHERI_REG_KCC	$c29	/* Kernel code capability. */
+#define	CHERI_REG_KDC	$c30	/* Kernel data capability. */
+#define	CHERI_REG_EPCC	$c31	/* Exception program counter capability. */
+
+/*
+ * C-level code will manipulate capabilities using this exception-handling
+ * register; label it here for consistency.  Interrupts must be disabled while
+ * using the register to prevent awkward preemptions.
+ */
+#define	CHERI_REG_CTEMP	CHERI_REG_KR1C	/* C-level capability manipulation. */
+
+/*
+ * Where to save the user $c0 during low-level exception handling.  Possibly
+ * this should be an argument to macros rather than hard-coded in the macros.
+ */
+#define	CHERI_REG_SEC0	CHERI_REG_KR2C	/* Saved $c0 in exception handling. */
+
+/*
  * Assembly code to be used in CHERI exception handling and context switching.
  *
  * When entering an exception handler from userspace, conditionally save the
@@ -49,8 +100,9 @@
 	andi	reg, reg, MIPS_SR_KSU_USER;				\
 	beq	reg, $0, 64f;						\
 	nop;								\
-	cmove	$c25, $c0;						\
-	cmove	$c0, $c30;						\
+	/* Save user $c0; install kernel $c0. */			\
+	cmove	CHERI_REG_SEC0, CHERI_REG_C0;				\
+	cmove	CHERI_REG_C0, CHERI_REG_KDC;				\
 64:
 
 /*
@@ -72,27 +124,29 @@
 	beq	reg, $0, 65f;						\
 	nop;								\
 	b	66f;							\
-	cmove	$c0, $c25;	/* Branch-delay; install UDC in C0. */	\
+	/* If returning to userspace, restore saved user $c0. */	\
+	cmove	CHERI_REG_C0, CHERI_REG_SEC0;	/* Branch-delay. */	\
 65:									\
-	cmove	$c31, $c29;	/* Install kernel PCC in EPCC. */	\
+	/* If returning to kernelspace, reinstall kernel code PCC. */	\
+	cmove	CHERI_REG_EPCC, CHERI_REG_KCC;				\
 66:
 
 /*
  * Macros to save and restore CHERI capability registers registers from
  * pcb.pcb_cheriframe, individually and in quantity.  Explicitly use $kdc
  * ($30), which U_PCB_CHERIFRAME is assumed to be valid for, but that the
- * userspace $c0 has been set aside in $sc0 ($c25).  This assumes previous or
- * further calls to CHERI_EXECPTION_ENTER() and CHERI_EXCEPTION_RETURN() to
+ * userspace $c0 has been set aside in CHERI_REG_SEC0.  This assumes previous
+ * or further calls to CHERI_EXECPTION_ENTER() and CHERI_EXCEPTION_RETURN() to
  * manage $c0.
  */
 #define	SZCAP	32
 #define	SAVE_U_PCB_CHERIREG(creg, offs, base, treg)			\
 	PTR_ADDIU	treg, base, U_PCB_CHERIFRAME;			\
-	csc		creg, treg, (SZCAP * offs)($c30)
+	csc		creg, treg, (SZCAP * offs)(CHERI_REG_KDC)
 
 #define	RESTORE_U_PCB_CHERIREG(creg, offs, base, treg)			\
 	PTR_ADDIU	treg, base, U_PCB_CHERIFRAME;			\
-	clc		creg, treg, (SZCAP * offs)($c30)
+	clc		creg, treg, (SZCAP * offs)(CHERI_REG_KDC)
 
 /*
  * XXXRW: Update once the assembler supports reserved CHERI register names to
@@ -105,61 +159,63 @@
  * XXXRW: Note hard-coding of UDC here.
  */
 #define	SAVE_CHERI_CONTEXT(base, treg)					\
-	SAVE_U_PCB_CHERIREG($c25, CHERI_CR_C0_OFF, base, treg);		\
-	SAVE_U_PCB_CHERIREG($c1, CHERI_CR_C1_OFF, base, treg);		\
-	SAVE_U_PCB_CHERIREG($c2, CHERI_CR_C2_OFF, base, treg);		\
-	SAVE_U_PCB_CHERIREG($c3, CHERI_CR_C3_OFF, base, treg);		\
-	SAVE_U_PCB_CHERIREG($c4, CHERI_CR_C4_OFF, base, treg);		\
-	SAVE_U_PCB_CHERIREG($c5, CHERI_CR_C5_OFF, base, treg);		\
-	SAVE_U_PCB_CHERIREG($c6, CHERI_CR_C6_OFF, base, treg);		\
-	SAVE_U_PCB_CHERIREG($c7, CHERI_CR_C7_OFF, base, treg);		\
-	SAVE_U_PCB_CHERIREG($c8, CHERI_CR_C8_OFF, base, treg);		\
-	SAVE_U_PCB_CHERIREG($c9, CHERI_CR_C9_OFF, base, treg);		\
-	SAVE_U_PCB_CHERIREG($c10, CHERI_CR_C10_OFF, base, treg);	\
-	SAVE_U_PCB_CHERIREG($c11, CHERI_CR_C11_OFF, base, treg);	\
-	SAVE_U_PCB_CHERIREG($c12, CHERI_CR_C12_OFF, base, treg);	\
-	SAVE_U_PCB_CHERIREG($c13, CHERI_CR_C13_OFF, base, treg);	\
-	SAVE_U_PCB_CHERIREG($c14, CHERI_CR_C14_OFF, base, treg);	\
-	SAVE_U_PCB_CHERIREG($c15, CHERI_CR_C15_OFF, base, treg);	\
-	SAVE_U_PCB_CHERIREG($c16, CHERI_CR_C16_OFF, base, treg);	\
-	SAVE_U_PCB_CHERIREG($c17, CHERI_CR_C17_OFF, base, treg);	\
-	SAVE_U_PCB_CHERIREG($c18, CHERI_CR_C18_OFF, base, treg);	\
-	SAVE_U_PCB_CHERIREG($c19, CHERI_CR_C19_OFF, base, treg);	\
-	SAVE_U_PCB_CHERIREG($c20, CHERI_CR_C20_OFF, base, treg);	\
-	SAVE_U_PCB_CHERIREG($c21, CHERI_CR_C21_OFF, base, treg);	\
-	SAVE_U_PCB_CHERIREG($c22, CHERI_CR_C22_OFF, base, treg);	\
-	SAVE_U_PCB_CHERIREG($c23, CHERI_CR_C23_OFF, base, treg);	\
-	SAVE_U_PCB_CHERIREG($c24, CHERI_CR_C24_OFF, base, treg);	\
-	SAVE_U_PCB_CHERIREG($c26, CHERI_CR_C26_OFF, base, treg);	\
-	SAVE_U_PCB_CHERIREG($c31, CHERI_CR_PCC_OFF, base, treg)
+	SAVE_U_PCB_CHERIREG(CHERI_REG_SEC0, CHERI_CR_C0_OFF, base, treg); \
+	SAVE_U_PCB_CHERIREG(CHERI_REG_C1, CHERI_CR_C1_OFF, base, treg);	\
+	SAVE_U_PCB_CHERIREG(CHERI_REG_C2, CHERI_CR_C2_OFF, base, treg);	\
+	SAVE_U_PCB_CHERIREG(CHERI_REG_C3, CHERI_CR_C3_OFF, base, treg);	\
+	SAVE_U_PCB_CHERIREG(CHERI_REG_C4, CHERI_CR_C4_OFF, base, treg);	\
+	SAVE_U_PCB_CHERIREG(CHERI_REG_C5, CHERI_CR_C5_OFF, base, treg);	\
+	SAVE_U_PCB_CHERIREG(CHERI_REG_C6, CHERI_CR_C6_OFF, base, treg);	\
+	SAVE_U_PCB_CHERIREG(CHERI_REG_C7, CHERI_CR_C7_OFF, base, treg);	\
+	SAVE_U_PCB_CHERIREG(CHERI_REG_C8, CHERI_CR_C8_OFF, base, treg);	\
+	SAVE_U_PCB_CHERIREG(CHERI_REG_C9, CHERI_CR_C9_OFF, base, treg);	\
+	SAVE_U_PCB_CHERIREG(CHERI_REG_C10, CHERI_CR_C10_OFF, base, treg); \
+	SAVE_U_PCB_CHERIREG(CHERI_REG_C11, CHERI_CR_C11_OFF, base, treg); \
+	SAVE_U_PCB_CHERIREG(CHERI_REG_C12, CHERI_CR_C12_OFF, base, treg); \
+	SAVE_U_PCB_CHERIREG(CHERI_REG_C13, CHERI_CR_C13_OFF, base, treg); \
+	SAVE_U_PCB_CHERIREG(CHERI_REG_C14, CHERI_CR_C14_OFF, base, treg); \
+	SAVE_U_PCB_CHERIREG(CHERI_REG_C15, CHERI_CR_C15_OFF, base, treg); \
+	SAVE_U_PCB_CHERIREG(CHERI_REG_C16, CHERI_CR_C16_OFF, base, treg); \
+	SAVE_U_PCB_CHERIREG(CHERI_REG_C17, CHERI_CR_C17_OFF, base, treg); \
+	SAVE_U_PCB_CHERIREG(CHERI_REG_C18, CHERI_CR_C18_OFF, base, treg); \
+	SAVE_U_PCB_CHERIREG(CHERI_REG_C19, CHERI_CR_C19_OFF, base, treg); \
+	SAVE_U_PCB_CHERIREG(CHERI_REG_C20, CHERI_CR_C20_OFF, base, treg); \
+	SAVE_U_PCB_CHERIREG(CHERI_REG_C21, CHERI_CR_C21_OFF, base, treg); \
+	SAVE_U_PCB_CHERIREG(CHERI_REG_C22, CHERI_CR_C22_OFF, base, treg); \
+	SAVE_U_PCB_CHERIREG(CHERI_REG_C23, CHERI_CR_C23_OFF, base, treg); \
+	SAVE_U_PCB_CHERIREG(CHERI_REG_RCC, CHERI_CR_RCC_OFF, base, treg); \
+	SAVE_U_PCB_CHERIREG(CHERI_REG_C25, CHERI_CR_C25_OFF, base, treg); \
+	SAVE_U_PCB_CHERIREG(CHERI_REG_IDC, CHERI_CR_IDC_OFF, base, treg); \
+	SAVE_U_PCB_CHERIREG(CHERI_REG_EPCC, CHERI_CR_PCC_OFF, base, treg)
 
 #define	RESTORE_CHERI_CONTEXT(base, treg)				\
-	RESTORE_U_PCB_CHERIREG($c25, CHERI_CR_C0_OFF, base, treg);	\
-	RESTORE_U_PCB_CHERIREG($c1, CHERI_CR_C1_OFF, base, treg);	\
-	RESTORE_U_PCB_CHERIREG($c2, CHERI_CR_C2_OFF, base, treg);	\
-	RESTORE_U_PCB_CHERIREG($c3, CHERI_CR_C3_OFF, base, treg);	\
-	RESTORE_U_PCB_CHERIREG($c4, CHERI_CR_C4_OFF, base, treg);	\
-	RESTORE_U_PCB_CHERIREG($c5, CHERI_CR_C5_OFF, base, treg);	\
-	RESTORE_U_PCB_CHERIREG($c6, CHERI_CR_C6_OFF, base, treg);	\
-	RESTORE_U_PCB_CHERIREG($c7, CHERI_CR_C7_OFF, base, treg);	\
-	RESTORE_U_PCB_CHERIREG($c8, CHERI_CR_C8_OFF, base, treg);	\
-	RESTORE_U_PCB_CHERIREG($c9, CHERI_CR_C9_OFF, base, treg);	\
-	RESTORE_U_PCB_CHERIREG($c10, CHERI_CR_C10_OFF, base, treg);	\
-	RESTORE_U_PCB_CHERIREG($c11, CHERI_CR_C11_OFF, base, treg);	\
-	RESTORE_U_PCB_CHERIREG($c12, CHERI_CR_C12_OFF, base, treg);	\
-	RESTORE_U_PCB_CHERIREG($c13, CHERI_CR_C13_OFF, base, treg);	\
-	RESTORE_U_PCB_CHERIREG($c14, CHERI_CR_C14_OFF, base, treg);	\
-	RESTORE_U_PCB_CHERIREG($c15, CHERI_CR_C15_OFF, base, treg);	\
-	RESTORE_U_PCB_CHERIREG($c16, CHERI_CR_C16_OFF, base, treg);	\
-	RESTORE_U_PCB_CHERIREG($c17, CHERI_CR_C17_OFF, base, treg);	\
-	RESTORE_U_PCB_CHERIREG($c18, CHERI_CR_C18_OFF, base, treg);	\
-	RESTORE_U_PCB_CHERIREG($c19, CHERI_CR_C19_OFF, base, treg);	\
-	RESTORE_U_PCB_CHERIREG($c20, CHERI_CR_C20_OFF, base, treg);	\
-	RESTORE_U_PCB_CHERIREG($c21, CHERI_CR_C21_OFF, base, treg);	\
-	RESTORE_U_PCB_CHERIREG($c22, CHERI_CR_C22_OFF, base, treg);	\
-	RESTORE_U_PCB_CHERIREG($c23, CHERI_CR_C23_OFF, base, treg);	\
-	RESTORE_U_PCB_CHERIREG($c24, CHERI_CR_C24_OFF, base, treg);	\
-	RESTORE_U_PCB_CHERIREG($c26, CHERI_CR_C26_OFF, base, treg);	\
-	RESTORE_U_PCB_CHERIREG($c31, CHERI_CR_PCC_OFF, base, treg)
+	RESTORE_U_PCB_CHERIREG(CHERI_REG_SEC0, CHERI_CR_C0_OFF, base, treg); \
+	RESTORE_U_PCB_CHERIREG(CHERI_REG_C1, CHERI_CR_C1_OFF, base, treg); \
+	RESTORE_U_PCB_CHERIREG(CHERI_REG_C2, CHERI_CR_C2_OFF, base, treg); \
+	RESTORE_U_PCB_CHERIREG(CHERI_REG_C3, CHERI_CR_C3_OFF, base, treg); \
+	RESTORE_U_PCB_CHERIREG(CHERI_REG_C4, CHERI_CR_C4_OFF, base, treg); \
+	RESTORE_U_PCB_CHERIREG(CHERI_REG_C5, CHERI_CR_C5_OFF, base, treg); \
+	RESTORE_U_PCB_CHERIREG(CHERI_REG_C6, CHERI_CR_C6_OFF, base, treg); \
+	RESTORE_U_PCB_CHERIREG(CHERI_REG_C7, CHERI_CR_C7_OFF, base, treg); \
+	RESTORE_U_PCB_CHERIREG(CHERI_REG_C8, CHERI_CR_C8_OFF, base, treg); \
+	RESTORE_U_PCB_CHERIREG(CHERI_REG_C9, CHERI_CR_C9_OFF, base, treg); \
+	RESTORE_U_PCB_CHERIREG(CHERI_REG_C10, CHERI_CR_C10_OFF, base, treg); \
+	RESTORE_U_PCB_CHERIREG(CHERI_REG_C11, CHERI_CR_C11_OFF, base, treg); \
+	RESTORE_U_PCB_CHERIREG(CHERI_REG_C12, CHERI_CR_C12_OFF, base, treg); \
+	RESTORE_U_PCB_CHERIREG(CHERI_REG_C13, CHERI_CR_C13_OFF, base, treg); \
+	RESTORE_U_PCB_CHERIREG(CHERI_REG_C14, CHERI_CR_C14_OFF, base, treg); \
+	RESTORE_U_PCB_CHERIREG(CHERI_REG_C15, CHERI_CR_C15_OFF, base, treg); \
+	RESTORE_U_PCB_CHERIREG(CHERI_REG_C16, CHERI_CR_C16_OFF, base, treg); \
+	RESTORE_U_PCB_CHERIREG(CHERI_REG_C17, CHERI_CR_C17_OFF, base, treg); \
+	RESTORE_U_PCB_CHERIREG(CHERI_REG_C18, CHERI_CR_C18_OFF, base, treg); \
+	RESTORE_U_PCB_CHERIREG(CHERI_REG_C19, CHERI_CR_C19_OFF, base, treg); \
+	RESTORE_U_PCB_CHERIREG(CHERI_REG_C20, CHERI_CR_C20_OFF, base, treg); \
+	RESTORE_U_PCB_CHERIREG(CHERI_REG_C21, CHERI_CR_C21_OFF, base, treg); \
+	RESTORE_U_PCB_CHERIREG(CHERI_REG_C22, CHERI_CR_C22_OFF, base, treg); \
+	RESTORE_U_PCB_CHERIREG(CHERI_REG_C23, CHERI_CR_C23_OFF, base, treg); \
+	RESTORE_U_PCB_CHERIREG(CHERI_REG_RCC, CHERI_CR_RCC_OFF, base, treg); \
+	RESTORE_U_PCB_CHERIREG(CHERI_REG_C25, CHERI_CR_C25_OFF, base, treg); \
+	RESTORE_U_PCB_CHERIREG(CHERI_REG_IDC, CHERI_CR_IDC_OFF, base, treg); \
+	RESTORE_U_PCB_CHERIREG(CHERI_REG_EPCC, CHERI_CR_PCC_OFF, base, treg)
 
 #endif /* _MIPS_INCLUDE_CHERIASM_H_ */

==== //depot/projects/ctsrd/cheribsd/src/sys/mips/include/cherireg.h#11 (text+ko) ====

@@ -127,29 +127,17 @@
 #define	CHERI_CR_C21	21
 #define	CHERI_CR_C22	22
 #define	CHERI_CR_C23	23
-#define	CHERI_CR_C24	24
+#define	CHERI_CR_RCC	24
 #define	CHERI_CR_C25	25
-#define	CHERI_CR_C26	26
-#define	CHERI_CR_C27	27
-#define	CHERI_CR_C28	28
-#define	CHERI_CR_C29	29
-#define	CHERI_CR_C30	30
-#define	CHERI_CR_C31	31
+#define	CHERI_CR_IDC	26
+#define	CHERI_CR_KR1C	27
+#define	CHERI_CR_KR2C	28
+#define	CHERI_CR_KCC	29
+#define	CHERI_CR_KDC	30
+#define	CHERI_CR_EPCC	31
 
-/*
- * XXXRW: Note that UDC is used by the kernel to hold the saved user data
- * capability during kernel execution.  In the future, this will change --
- * instead we will swap with KR2C, and save it to a frame to be used as needed
- * later.  In the mean time, userspace agrees not to use C25.
- */
-#define	CHERI_CR_RCC	CHERI_CR_C24	/* Return code capability. */
-#define	CHERI_CR_UDC	CHERI_CR_C25	/* User data capability. */
-#define	CHERI_CR_IDC	CHERI_CR_C26	/* Invoked data capability.*/
-#define	CHERI_CR_KR1C	CHERI_CR_C27	/* Kernel reserved capability 1. */
-#define	CHERI_CR_KR2C	CHERI_CR_C28	/* Kernel reserved capability 2. */
-#define	CHERI_CR_KCC	CHERI_CR_C29	/* Kernel code capability. */
-#define	CHERI_CR_KDC	CHERI_CR_C30	/* Kernel data capability. */
-#define	CHERI_CR_EPCC	CHERI_CR_C31	/* Exception program counter cap. */
+#define	CHERI_CR_CTEMP	CHERI_CR_KR1C	/* C-language temporary. */
+#define	CHERI_CR_SEC0	CHERI_CR_KR2C	/* Saved $c0 in exception handler. */
 
 /*
  * Offsets of registers in struct cheri_frame -- must match the definition in
@@ -179,9 +167,10 @@
 #define	CHERI_CR_C21_OFF	21
 #define	CHERI_CR_C22_OFF	22
 #define	CHERI_CR_C23_OFF	23
-#define	CHERI_CR_C24_OFF	24
-#define	CHERI_CR_C26_OFF	25
-#define	CHERI_CR_PCC_OFF	26
+#define	CHERI_CR_RCC_OFF	24
+#define	CHERI_CR_C25_OFF	25
+#define	CHERI_CR_IDC_OFF	26
+#define	CHERI_CR_PCC_OFF	27	/* NB: Not register $c27! */
 
 /*
  * List of CHERI capability cause code constants, which are used to

From owner-p4-projects@FreeBSD.ORG  Sun Sep 15 18:56:48 2013
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
 id ED87C119; Sun, 15 Sep 2013 18:56:47 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id B1859117
 for <perforce@freebsd.org>; Sun, 15 Sep 2013 18:56:47 +0000 (UTC)
 (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [8.8.178.74])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 831752FEE
 for <perforce@freebsd.org>; Sun, 15 Sep 2013 18:56:47 +0000 (UTC)
Received: from skunkworks.freebsd.org ([127.0.1.74])
 by skunkworks.freebsd.org (8.14.7/8.14.7) with ESMTP id r8FIulce052753
 for <perforce@freebsd.org>; Sun, 15 Sep 2013 18:56:47 GMT
 (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
 by skunkworks.freebsd.org (8.14.7/8.14.6/Submit) id r8FIulgM052749
 for perforce@freebsd.org; Sun, 15 Sep 2013 18:56:47 GMT
 (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Sun, 15 Sep 2013 18:56:47 GMT
Message-Id: <201309151856.r8FIulgM052749@skunkworks.freebsd.org>
X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to
 bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
Subject: PERFORCE change 717817 for review
To: Perforce Change Reviews <perforce@FreeBSD.org>
Precedence: bulk
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.14
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/p4-projects>,
 <mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
 <mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Sep 2013 18:56:48 -0000

http://p4web.freebsd.org/@@717817?ac=10

Change 717817 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2013/09/15 18:56:33

	Add two new test comments to bin/cheritest: list privileged CP2
	registers, and list the CP2 cause register.  Both should (and do)
	cause SIGPROT for the user process.

Affected files ...

.. //depot/projects/ctsrd/cheribsd/src/bin/cheritest/cheritest.c#15 edit

Differences ...

==== //depot/projects/ctsrd/cheribsd/src/bin/cheritest/cheritest.c#15 (text+ko) ====

@@ -71,6 +71,8 @@
 	fprintf(stderr, "cheritest ccall\n");
 	fprintf(stderr, "cheritest copyregs\n");
 	fprintf(stderr, "cheritest creturn\n");
+	fprintf(stderr, "cheritest listcausereg\n");
+	fprintf(stderr, "cheritest listprivregs\n");
 	fprintf(stderr, "cheritest listregs\n");
 	fprintf(stderr, "cheritest overrun\n");
 	fprintf(stderr, "cheritest sandbox\n");
@@ -125,6 +127,32 @@
 }
 
 static void
+cheritest_listcausereg(void)
+{
+	register_t cause;
+
+	printf("CP2 cause register:\n");
+	CHERI_CGETCAUSE(cause);
+	printf("Cause: %ju\n", (uintmax_t)cause);
+}
+
+static void
+cheritest_listprivregs(void)
+{
+
+	/*
+	 * Because of the assembly generated by CP2_CR_GET(), can't use a loop
+	 * -- register numbers must be available at compile-time.
+	 */
+	printf("CP2 privileged registers:\n");
+	CHERI_CAPREG_PRINT(27);
+	CHERI_CAPREG_PRINT(28);
+	CHERI_CAPREG_PRINT(29);
+	CHERI_CAPREG_PRINT(30);
+	CHERI_CAPREG_PRINT(31);
+}
+
+static void
 cheritest_listregs(void)
 {
 
@@ -270,7 +298,11 @@
 	CHERI_CMOVE(1, 0);
 
 	for (i = 0; i < argc; i++) {
-		if (strcmp(argv[i], "listregs") == 0)
+		if (strcmp(argv[i], "listcausereg") == 0)
+			cheritest_listcausereg();
+		else if (strcmp(argv[i], "listprivregs") == 0)
+			cheritest_listprivregs();
+		else if (strcmp(argv[i], "listregs") == 0)
 			cheritest_listregs();
 		else if (strcmp(argv[i], "ccall") == 0)
 			cheritest_ccall();

From owner-p4-projects@FreeBSD.ORG  Sun Sep 15 20:16:12 2013
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
 id 6E594E6E; Sun, 15 Sep 2013 20:16:12 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id 2DC99E6C
 for <perforce@freebsd.org>; Sun, 15 Sep 2013 20:16:12 +0000 (UTC)
 (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [8.8.178.74])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 191B3238D
 for <perforce@freebsd.org>; Sun, 15 Sep 2013 20:16:12 +0000 (UTC)
Received: from skunkworks.freebsd.org ([127.0.1.74])
 by skunkworks.freebsd.org (8.14.7/8.14.7) with ESMTP id r8FKGB5H068983
 for <perforce@freebsd.org>; Sun, 15 Sep 2013 20:16:11 GMT
 (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
 by skunkworks.freebsd.org (8.14.7/8.14.6/Submit) id r8FKGBOg068980
 for perforce@freebsd.org; Sun, 15 Sep 2013 20:16:11 GMT
 (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Sun, 15 Sep 2013 20:16:11 GMT
Message-Id: <201309152016.r8FKGBOg068980@skunkworks.freebsd.org>
X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to
 bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
Subject: PERFORCE change 718517 for review
To: Perforce Change Reviews <perforce@FreeBSD.org>
Precedence: bulk
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.14
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/p4-projects>,
 <mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
 <mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Sep 2013 20:16:12 -0000

http://p4web.freebsd.org/@@718517?ac=10

Change 718517 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2013/09/15 20:15:56

	Add some initial code to /bin/cheritest's ccall path to set up
	code and data capabilities for CCall in userspace.  Numerous
	current caveats, some identified in the comment.

Affected files ...

.. //depot/projects/ctsrd/cheribsd/src/bin/cheritest/cheritest.c#16 edit

Differences ...

==== //depot/projects/ctsrd/cheribsd/src/bin/cheritest/cheritest.c#16 (text+ko) ====

@@ -102,7 +102,30 @@
 cheritest_ccall(void)
 {
 
-	/* XXXRW: Temporary nop semantics. */
+	/*-
+	 * Construct a code capability in $c10, and a data capability in $c11,
+	 * starting with $c0 for both.
+	 *
+	 * Current limitations:
+	 * - Doesn't set the type (XXXRW: new or old semantics?)
+	 * - Doesn't use sealing.
+	 * - $c11 doesn't matter as sandbox_creturn doesn't access data.
+	 * - We don't flush registers before CCall.
+	 * - We don't restore registers after CCall.
+	 */
+	CHERI_CINCBASE(10, 0, sandbox_creturn);
+	/* XXXRW: CHERI_CSETTYPE(10, 10, sandbox_creturn); */
+	CHERI_CSETLEN(10, 10, 4);	/* XXXRW: Use symbols not magic. */
+	CHERI_CANDPERM(10, 10, CHERI_PERM_EXECUTE);
+	/* XXXRW: CHERI_CSEALCODE(10, 10); */
+
+	CHERI_CINCBASE(11, 0, sandbox_creturn);
+	/* XXXRW: CHERI_CSETTYPE(11, 11, sandbox_creturn); */
+	CHERI_CSETLEN(11, 11, 4);	/* XXXRW: Use symbols not magic. */
+	CHERI_CANDPERM(11, 11, CHERI_PERM_LOAD);
+	/* XXXRW: CHERI_CSEALDATA(11, 11); */
+	
+	/* Invoke capability. */
 	CHERI_CCALL(10, 11);
 }
 

From owner-p4-projects@FreeBSD.ORG  Sun Sep 15 21:29:30 2013
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
 id 59278B0A; Sun, 15 Sep 2013 21:29:30 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id E6723B08
 for <perforce@freebsd.org>; Sun, 15 Sep 2013 21:29:29 +0000 (UTC)
 (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [8.8.178.74])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id C4A5D26B4
 for <perforce@freebsd.org>; Sun, 15 Sep 2013 21:29:29 +0000 (UTC)
Received: from skunkworks.freebsd.org ([127.0.1.74])
 by skunkworks.freebsd.org (8.14.7/8.14.7) with ESMTP id r8FLTTL7072204
 for <perforce@freebsd.org>; Sun, 15 Sep 2013 21:29:29 GMT
 (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
 by skunkworks.freebsd.org (8.14.7/8.14.6/Submit) id r8FLTThp072194
 for perforce@freebsd.org; Sun, 15 Sep 2013 21:29:29 GMT
 (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Sun, 15 Sep 2013 21:29:29 GMT
Message-Id: <201309152129.r8FLTThp072194@skunkworks.freebsd.org>
X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to
 bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
Subject: PERFORCE change 719157 for review
To: Perforce Change Reviews <perforce@FreeBSD.org>
Precedence: bulk
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.14
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/p4-projects>,
 <mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
 <mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Sep 2013 21:29:30 -0000

http://p4web.freebsd.org/@@719157?ac=10

Change 719157 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2013/09/15 21:28:53

	Begin to flesh out the framing around a software CCall/CReturn
	path: branch from a low-level exception handler in the vector
	table to one of two higher-level paths: CHERICCall and
	CHERICReturn.  Select the path based on the cause register.
	Many more assertions required here -- and this is still just an
	(increasingly complicated) NOP.

Affected files ...

.. //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/ccall.S#4 edit

Differences ...

==== //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/ccall.S#4 (text+ko) ====

@@ -43,17 +43,80 @@
 
 #include "assym.s"
 
+/*
+ * Software implementations of CCall, CReturn handlers for CHERI.
+ *
+ * The low-level CHERICCallVector exception handler, which has been relocated
+ * to the MIPS exception vector table, jumps to either CHERICCall or
+ * CHERICReturn running in the normal kernel address space.
+ *
+ * Notice that 'j' is used, implying that the kernel is in the 32-bit kernel
+ * segment so that the target fits in the available immediate -- this is also
+ * true of other FreeBSD exception handlers.
+ */
+
 	.set noreorder	/* Preserve nops, allow instructions in b-d slots. */
 
 /*
- * Software implementations of CCall, CReturn handlers for CHERI.
+ * CCall/CReturn low-level exception handler; this code must be position-
+ * independent, as it will be relocated into the vector table.
+ */
+VECTOR(CHERICCallVector, unknown)
+        .set push
+        .set noat
+        CHERI_EXCEPTION_ENTER(k0)
+
+	/*
+	 * Determine whether this is a CCall or CReturn instruction.
+	 *
+	 * XXXRW: Panic if CGetCause returns something other than CALL/RETURN.
+	 *
+	 * XXXRW: Panic if not entering from userspace.
+	 */
+	CGetCause	k0
+	andi		k0, k0, 0x1	/* CALL is odd; RETURN is even. */
+	beqz		k0, CReturn_label
+	nop		/* Branch-delay slot. */
+
+	j		CHERICCall
+	nop		/* Branch-delay slot. */
+
+CReturn_label:
+	j		CHERICReturn
+	nop		/* Branch-delay slot. */
+
+        .set pop
+VECTOR_END(CHERICCallVector)
+
+/*
+ * Software implementation of CCall; this code does not need to be position-
+ * independent.
+ *
+ * XXXRW: Gubbins missing.
+ */
+CHERICCall:
+        .set push
+        .set noat
+
+	/* XXXRW: For now, increment PC as though it were a no-op. */
+        MFC0	k0, MIPS_COP_0_EXC_PC
+	PTR_ADDU	k0, 4
+	MTC0	k0, MIPS_COP_0_EXC_PC
+	COP0_SYNC
+
+	CHERI_EXCEPTION_RETURN(k0)
+	eret
+        .set pop
+
+/*
+ * Software implementation of CReturn; this code does not need to be position-
+ * independent.
  *
  * XXXRW: Gubbins missing.
  */
-VECTOR(CHERICCallVector, unknown)
+CHERICReturn:
         .set push
         .set noat
-        CHERI_EXCEPTION_ENTER(k0)
 
 	/* XXXRW: For now, increment PC as though it were a no-op. */
         MFC0	k0, MIPS_COP_0_EXC_PC
@@ -64,4 +127,3 @@
 	CHERI_EXCEPTION_RETURN(k0)
 	eret
         .set pop
-VECTOR_END(CHERICCallVector)

From owner-p4-projects@FreeBSD.ORG  Mon Sep 16 07:54:34 2013
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
 id 7FB8EA31; Mon, 16 Sep 2013 07:54:34 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id 2FECAA2F
 for <perforce@freebsd.org>; Mon, 16 Sep 2013 07:54:34 +0000 (UTC)
 (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [8.8.178.74])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 1AB89249D
 for <perforce@freebsd.org>; Mon, 16 Sep 2013 07:54:34 +0000 (UTC)
Received: from skunkworks.freebsd.org ([127.0.1.74])
 by skunkworks.freebsd.org (8.14.7/8.14.7) with ESMTP id r8G7sX9x080273
 for <perforce@freebsd.org>; Mon, 16 Sep 2013 07:54:33 GMT
 (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
 by skunkworks.freebsd.org (8.14.7/8.14.6/Submit) id r8G7sX0g080270
 for perforce@freebsd.org; Mon, 16 Sep 2013 07:54:33 GMT
 (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Mon, 16 Sep 2013 07:54:33 GMT
Message-Id: <201309160754.r8G7sX0g080270@skunkworks.freebsd.org>
X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to
 bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
Subject: PERFORCE change 724674 for review
To: Perforce Change Reviews <perforce@FreeBSD.org>
Precedence: bulk
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.14
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/p4-projects>,
 <mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
 <mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Sep 2013 07:54:34 -0000

http://p4web.freebsd.org/@@724674?ac=10

Change 724674 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2013/09/16 07:54:32

	In the CCall/CReturn exception-handler stub, use k1 rather than k0
	for the CCall/CReturn determination, which we will then leak to
	userspace to make debugging easier.  Add an XXXRW that we might want
	to clear them here (and in other exception handlers) in the future.
	Letting code know you just returned from CCall/CReturn is not really
	a problem, however.
	
	Shift the capability cause register before testing its value;
	although neither CCall nor CReturn exceptions are triggered by a
	specific register, there appears to be garbage in the field.  This
	is fine(ish): we should have been shifting, but undefined bits are
	also undesirable here.
	
	The CCall/CReturn NOP implementations now appear to correspond to
	the instruction used to trigger the exception.

Affected files ...

.. //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/ccall.S#5 edit

Differences ...

==== //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/ccall.S#5 (text+ko) ====

@@ -72,10 +72,14 @@
 	 * XXXRW: Panic if CGetCause returns something other than CALL/RETURN.
 	 *
 	 * XXXRW: Panic if not entering from userspace.
+	 *
+	 * XXXRW: Should we be clearing $k0 and $k1 before returning to
+	 * userspace?  Should other exception handlers be doing it?
 	 */
-	CGetCause	k0
-	andi		k0, k0, 0x1	/* CALL is odd; RETURN is even. */
-	beqz		k0, CReturn_label
+	CGetCause	k1
+	REG_SRL		k1, 8
+	andi		k1, k1, 0x1	/* CALL is odd; RETURN is even. */
+	beqz		k1, CReturn_label
 	nop		/* Branch-delay slot. */
 
 	j		CHERICCall

From owner-p4-projects@FreeBSD.ORG  Mon Sep 16 07:55:35 2013
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
 id 949C3B2C; Mon, 16 Sep 2013 07:55:35 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id 56C0BB2A
 for <perforce@freebsd.org>; Mon, 16 Sep 2013 07:55:35 +0000 (UTC)
 (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [8.8.178.74])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4378124AF
 for <perforce@freebsd.org>; Mon, 16 Sep 2013 07:55:35 +0000 (UTC)
Received: from skunkworks.freebsd.org ([127.0.1.74])
 by skunkworks.freebsd.org (8.14.7/8.14.7) with ESMTP id r8G7tZYJ082375
 for <perforce@freebsd.org>; Mon, 16 Sep 2013 07:55:35 GMT
 (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
 by skunkworks.freebsd.org (8.14.7/8.14.6/Submit) id r8G7tZkf082372
 for perforce@freebsd.org; Mon, 16 Sep 2013 07:55:35 GMT
 (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Mon, 16 Sep 2013 07:55:35 GMT
Message-Id: <201309160755.r8G7tZkf082372@skunkworks.freebsd.org>
X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to
 bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
Subject: PERFORCE change 724682 for review
To: Perforce Change Reviews <perforce@FreeBSD.org>
Precedence: bulk
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.14
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/p4-projects>,
 <mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
 <mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Sep 2013 07:55:35 -0000

http://p4web.freebsd.org/@@724682?ac=10

Change 724682 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2013/09/16 07:55:19

	When performing CCall/CReturn tests, (for now) print out the
	values of $k0 and $k1 after the instructions in question return.
	This gives us an (often correct) hint as to which kernel code path
	was taken.

Affected files ...

.. //depot/projects/ctsrd/cheribsd/src/bin/cheritest/cheritest.c#17 edit

Differences ...

==== //depot/projects/ctsrd/cheribsd/src/bin/cheritest/cheritest.c#17 (text+ko) ====

@@ -101,6 +101,7 @@
 static void
 cheritest_ccall(void)
 {
+	register_t k0, k1;
 
 	/*-
 	 * Construct a code capability in $c10, and a data capability in $c11,
@@ -127,14 +128,33 @@
 	
 	/* Invoke capability. */
 	CHERI_CCALL(10, 11);
+
+	/*
+	 * XXXRW: Rely on a side channel out of our test handler to see
+	 * whether it was a CCall or CReturn.
+	 */
+	 __asm__ __volatile__ ("move %0, $k0" : "=r" (k0));
+	 __asm__ __volatile__ ("move %0, $k1" : "=r" (k1));
+	printf("MIPS K0: %016jx\n", k0);
+	printf("MIPS K1: %016jx\n", k1);
 }
 
 static void
 cheritest_creturn(void)
 {
+	register_t k0, k1;
 
 	/* XXXRW: Temporary nop semantics. */
 	CHERI_CRETURN();
+
+	/*
+	 * XXXRW: Rely on a side channel out of our test handler to see
+	 * whether it was a CCall or CReturn.
+	 */
+	__asm__ __volatile__ ("move %0, $k0" : "=r" (k0));
+	__asm__ __volatile__ ("move %0, $k1" : "=r" (k1));
+	printf("MIPS K0: %016jx\n", k0);
+	printf("MIPS K1: %016jx\n", k1);
 }
 
 static void

From owner-p4-projects@FreeBSD.ORG  Mon Sep 16 18:06:25 2013
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
 id 5806A4CC; Mon, 16 Sep 2013 18:06:25 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id 1826C4C9
 for <perforce@freebsd.org>; Mon, 16 Sep 2013 18:06:25 +0000 (UTC)
 (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [8.8.178.74])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id DE5542142
 for <perforce@freebsd.org>; Mon, 16 Sep 2013 18:06:24 +0000 (UTC)
Received: from skunkworks.freebsd.org ([127.0.1.74])
 by skunkworks.freebsd.org (8.14.7/8.14.7) with ESMTP id r8GI6O1g078201
 for <perforce@freebsd.org>; Mon, 16 Sep 2013 18:06:24 GMT
 (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
 by skunkworks.freebsd.org (8.14.7/8.14.6/Submit) id r8GI6OSg078198
 for perforce@freebsd.org; Mon, 16 Sep 2013 18:06:24 GMT
 (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Mon, 16 Sep 2013 18:06:24 GMT
Message-Id: <201309161806.r8GI6OSg078198@skunkworks.freebsd.org>
X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to
 bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
Subject: PERFORCE change 730135 for review
To: Perforce Change Reviews <perforce@FreeBSD.org>
Precedence: bulk
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.14
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/p4-projects>,
 <mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
 <mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Sep 2013 18:06:25 -0000

http://p4web.freebsd.org/@@730135?ac=10

Change 730135 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2013/09/16 18:05:52

	Rework a number of sealing/unsealing/call/return assembly macros
	in CheriBSD:
	
	- Add missing CHERI_CSEALCODE() macro.
	- Do use memory clobbers for $c0 sealing/unsealing.
	- Do use memory clobbers for CCALL, CRETURN.

Affected files ...

.. //depot/projects/ctsrd/cheribsd/src/sys/mips/include/cheri.h#22 edit

Differences ...

==== //depot/projects/ctsrd/cheribsd/src/sys/mips/include/cheri.h#22 (text+ko) ====

@@ -149,29 +149,47 @@
 } while (0)
 
 /*
- * Instructions to seal and unseal capabilities.
+ * Instructions relating to capability invocation, return, sealing, and
+ * unsealing.  Memory clobbers are required for register manipulation when
+ * targeting $c0.  They are also required for both CCall and CReturn to ensure
+ * that any memory write-back is done before invocation.
+ *
+ * XXXRW: Is the latter class of cases required?
  */
+#define	CHERI_CSEALCODE(cd, cs) do {					\
+	if ((cd) == 0)							\
+		__asm__ __volatile__ ("csealcode $c%0, $c%1" : :	\
+		    "i" (cd), "i" (cs) : "memory");			\
+	else								\
+		__asm__ __volatile__ ("csealcode $c%0, $c%1" : :	\
+		    "i" (cd), "i" (cs));				\
+} while (0)
+
 #define CHERI_CSEALDATA(cd, cs, ct) do {				\
-	__asm__ __volatile__ ("csealdata $c%0, $c%1, $c%2" : :		\
+	if ((cd) == 0)							\
+		__asm__ __volatile__ ("csealdata $c%0, $c%1, $c%2" : :	\
+		    "i" (cd), "i" (cs), "i" (ct) : "memory");		\
+	else								\
+		__asm__ __volatile__ ("csealdata $c%0, $c%1, $c%2" : :	\
 		    "i" (cd), "i" (cs), "i" (ct));			\
 } while (0)
 
-#define CHERI_CUNSEAL(cd, cs, ct) do {					\
-	__asm__ __volatile__ ("cunseal $c%0, $c%1, $c%2" : :		\
-		    "i" (cd), "i" (cs), "i" (ct));			\
+#define CHERI_CUNSEAL(cd, cb, ct) do {					\
+	if ((cd) == 0)							\
+		__asm__ __volatile__ ("cunseal $c%0, $c%1, $c%2" : :	\
+		    "i" (cd), "i" (cb), "i" (ct) : "memory");		\
+	else								\
+		__asm__ __volatile__ ("cunseal $c%0, $c%1, $c%2" : :	\
+		    "i" (cd), "i" (cb), "i" (ct));			\
 } while (0)
 
-/*
- * Routines associated with CHERI object-capability invocation; currently we
- * believe these require no clobbers, as they don't directly replace c0.
- */
 #define	CHERI_CCALL(cs, cb) do {					\
 	__asm__ __volatile__ ("ccall $c%0, $c%1" : :			\
-	    "i" (cs), "i" (cb));					\
+	    "i" (cs), "i" (cb) : "memory");				\
 } while (0)
 
 #define	CHERI_CRETURN() do {						\
-	__asm__ __volatile__ ("creturn");				\
+	__asm__ __volatile__ ("creturn" : : : "memory");		\
 } while (0)
 
 /*