From owner-p4-projects@FreeBSD.ORG Mon Nov 12 00:28:43 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 49B7CEE8; Mon, 12 Nov 2012 00:28:43 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id F1179EE6 for ; Mon, 12 Nov 2012 00:28:42 +0000 (UTC) (envelope-from brooks@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id D5DF48FC14 for ; Mon, 12 Nov 2012 00:28:42 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAC0Sgn5036601 for ; Mon, 12 Nov 2012 00:28:42 GMT (envelope-from brooks@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAC0SgJL036598 for perforce@freebsd.org; Mon, 12 Nov 2012 00:28:42 GMT (envelope-from brooks@freebsd.org) Date: Mon, 12 Nov 2012 00:28:42 GMT Message-Id: <201211120028.qAC0SgJL036598@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to brooks@freebsd.org using -f From: Brooks Davis Subject: PERFORCE change 219751 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Nov 2012 00:28:43 -0000 http://p4web.freebsd.org/@@219751?ac=10 Change 219751 by brooks@brooks_zenith on 2012/11/12 00:28:05 Checkpoint a revised cheripoint with the infrastructure to render to multiple screen widths. No ability to change width or sandbox type yet but that should come soon. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/ctsrd/cheripoint/cheripoint.c#2 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/ctsrd/cheripoint/cheripoint.c#2 (text+ko) ==== @@ -35,6 +35,7 @@ #include #include #include +#include #include #include #include @@ -44,10 +45,18 @@ #define black vwhite(0) #define white vwhite(0xFF) +enum mtl_display_mode { + MTL_DM_800x480, /* Full touch screen */ + MTL_DM_720x480, /* Full 480p HDMI out */ + MTL_DM_640x480, /* 640x480 VGA from 480p, left pixels */ + MTL_DM_640x480_CENTER /* 640x480 VGA from 480p, center pixels */ +}; + enum sbtype sb = SB_CAPSICUM; -const uint32_t slide_width = 640; -const uint32_t slide_height = 410; +static uint32_t slide_fcol; +static uint32_t slide_width; +static uint32_t slide_height; static void __dead2 usage(void) @@ -57,6 +66,30 @@ exit(1); } +static void +set_display_mode(enum mtl_display_mode dm) +{ + + slide_height = 410; + slide_fcol = 0; + + switch (dm) { + case (MTL_DM_800x480): + slide_width = 800; + break; + case (MTL_DM_720x480): + slide_width = 720; + break; + case (MTL_DM_640x480): + slide_width = 640; + break; + case (MTL_DM_640x480_CENTER): + slide_width = 640; + slide_fcol = 40; + break; + } +} + static int strpcmp(const void *v1, const void *v2) { @@ -70,46 +103,55 @@ s1 = *sp1; s2 = *sp2; - /* sort title.png first */ - if (strcmp(s1, "title.png") == 0) - return 1; - if (strcmp(s2, "title.png") == 0) - return -1; - return (strcmp(s1, s2)); } static int -render_slide(int dfd, const char *slide) +render_cover(int dfd, const char *cover) { int pfd; - uint32_t header_height; struct iboxstate *is; - fb_fill_region(white, 0, 0, slide_width, fb_height); + printf("rendering cover %s\n", cover); - if (strcmp(slide, "title.png") == 0) { - if ((pfd = openat(dfd, slide, O_RDONLY)) == -1) { - warn("Failed to open title.png"); - return (-1); - } - if ((is = png_read_start(pfd, slide_width, fb_height, sb)) == - NULL) { - warn("Failed to start PNG decode for title.png"); - return (-1); - } - if (png_read_finish(is) != 0) { - warnx("png_read_finish() failed for title.png"); - return (-1); - } - fb_post_region(__DEVOLATILE(uint32_t *, is->buffer), 0, 0, - is->width, is->height); - iboxstate_free(is); + fb_fill_region(white, 0, 0, fb_width, fb_height); - return (0); + if ((pfd = openat(dfd, cover, O_RDONLY)) == -1) { + warn("Failed to open %s", cover); + return (-1); + } + if ((is = png_read_start(pfd, slide_width, fb_height, sb)) == + NULL) { + warn("Failed to start PNG decode for %s", cover); + return (-1); + } + if (png_read_finish(is) != 0) { + warnx("png_read_finish() failed for %s", cover); + return (-1); } + fb_post_region(__DEVOLATILE(uint32_t *, is->buffer), 0, 0, + is->width, is->height); + iboxstate_free(is); + + return (0); +} + +static int +render_slide(int dfd, const char *slide) +{ + int pfd; + uint32_t r, header_height; + struct iboxstate *is; - /* stick a header on the top of the screen */ + printf("rendering slide %s\n", slide); + + fb_fill_region(white, 0, 0, fb_width, fb_height); + + /* + * Draw the header with image at the upper right. Assume + * the background color is the same on each row and that the + * left most pixel of the image is that color. + */ if ((pfd = open("/usr/share/images/header.png", O_RDONLY)) == -1) { warn("Failed to open header.png"); return (-1); @@ -122,8 +164,11 @@ warnx("png_read_finish() failed for header.png"); return (-1); } - fb_post_region(__DEVOLATILE(uint32_t *, is->buffer), 0, 0, - is->width, is->height); + /* Fill in the header's background. */ + for (r = 0; r < is->height; r++) + fb_fill_region(is->buffer[r * is->width], 0, r, fb_width, 1); + fb_post_region(__DEVOLATILE(uint32_t *, is->buffer), + slide_fcol + slide_width - is->width, 0, is->width, is->height); header_height = is->height; iboxstate_free(is); @@ -141,7 +186,7 @@ return (-1); } fb_post_region(__DEVOLATILE(uint32_t *, is->buffer), - 0, fb_height - is->height, is->width, is->height); + slide_fcol, fb_height - is->height, is->width, is->height); iboxstate_free(is); /* put a cambridge logo in the lower right corner */ @@ -158,7 +203,7 @@ return (-1); } fb_post_region(__DEVOLATILE(uint32_t *, is->buffer), - slide_width - is->width, fb_height - is->height, + slide_fcol + slide_width - is->width, fb_height - is->height, is->width, is->height); iboxstate_free(is); @@ -167,7 +212,7 @@ return (-1); } /* XXX: correct size limits */ - if ((is = png_read_start(pfd, fb_width, fb_height, + if ((is = png_read_start(pfd, slide_width, fb_height, sb)) == NULL) { warn("Failed to start PNG decode for %s", slide); return (-1); @@ -177,19 +222,46 @@ return (-1); } fb_post_region(__DEVOLATILE(uint32_t *, is->buffer), - 0, header_height, is->width, - is->height < slide_height ? is->height : slide_height); + slide_fcol + ((slide_width - is->width) / 2), header_height, + is->width, is->height < slide_height ? is->height : slide_height); iboxstate_free(is); return (0); } +static void +addslide(int *np, int *maxp, char ***arrayp, const char *name) +{ + + printf("n %d, max %d\n", *np, *maxp); + if (*maxp == 0) { + *maxp = 8; + if ((*arrayp = malloc(sizeof(**arrayp) * (*maxp))) == NULL) + err(1, "malloc slide array\n"); + } + if (*np == *maxp) { + if (*maxp == 0) + *maxp = 512; + else + *maxp *= 2; + if ((*arrayp = realloc(*arrayp, + sizeof(**arrayp) * (*maxp))) == NULL) + err(1, "realloc slide array"); + } + + if (((*arrayp)[*np] = strdup(name)) == NULL) + err(1, "strdup slide name"); + (*np)++; +} + int main(int argc, char **argv) { DIR *dirp; struct dirent *entry; - char **slides = NULL; + char *coverpat; + char **covers, **slides; + int cover, ncovers, maxcovers; int slide, nslides, maxslides; struct tsstate *ts; @@ -199,15 +271,17 @@ fb_init(); ts_drain(); busy_indicator(); - fb_fill_region(black, 0, 0, fb_width, fb_height); + fb_fill_region(white, 0, 0, fb_width, fb_height); fb_fade2on(); fb_load_syscons_font(NULL, "/usr/share/syscons/fonts/iso-8x16.fnt"); busy_indicator(); - maxslides = 512; - nslides = 0; - if ((slides = malloc(sizeof(*slides) * maxslides)) == NULL) - err(1, "malloc slides"); + set_display_mode(MTL_DM_720x480); + + printf("reading slides\n"); + + maxcovers = ncovers = 0; + maxslides = nslides = 0; if ((dirp = opendir(argv[1])) == NULL) err(1, "opendir(%s)", argv[1]); while ((entry = readdir(dirp)) != NULL) { @@ -215,24 +289,30 @@ if (entry->d_type != DT_REG) continue; - if (nslides == maxslides) { - maxslides *= 2; - if ((slides = realloc(slides, - sizeof(*slides) * maxslides)) == NULL) - err(1, "realloc slides"); - } - - if ((slides[nslides] = strdup(entry->d_name)) == NULL) - err(1, "strdup slide name"); - nslides++; + printf("checking it %s is a cover\n", entry->d_name); + if (fnmatch("*-cover-*.png", entry->d_name, 0) == 0) + addslide(&ncovers, &maxcovers, &covers, entry->d_name); + else + addslide(&nslides, &maxslides, &slides, entry->d_name); } + printf("read %d covers and %d slides\n", ncovers, nslides); qsort(slides, nslides, sizeof(*slides), &strpcmp); + qsort(covers, ncovers, sizeof(*covers), &strpcmp); slide = 0; for (;;) { - render_slide(dirfd(dirp), slides[slide]); - printf("rendering %s\n", slides[slide]); - //ts_drain(); + if (slide == 0) { + asprintf(&coverpat, "*-cover-%d.png", slide_width); + for (cover = 0; cover < ncovers; cover++) + if (fnmatch(coverpat, covers[cover], 0) == 0) + break; + free(coverpat); + if (cover == ncovers) + cover = 0; /* Smallest cover due to sort */ + render_cover(dirfd(dirp), covers[cover]); + } else + render_slide(dirfd(dirp), slides[slide - 1]); + ts_drain(); nop: ts = ts_poll(); printf("gesture 0x%x\n", ts->ts_gesture); @@ -244,12 +324,12 @@ break; case TSG_EAST: if (slide == 0) - slide = nslides - 1; + slide = nslides; else slide--; break; case TSG_WEST: - if (slide == nslides - 1) + if (slide == nslides) slide = 0; else slide++; From owner-p4-projects@FreeBSD.ORG Mon Nov 12 01:33:51 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id D9CB596C; Mon, 12 Nov 2012 01:33:50 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 818A796A for ; Mon, 12 Nov 2012 01:33:50 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 62DCD8FC08 for ; Mon, 12 Nov 2012 01:33:50 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAC1Xo9K039073 for ; Mon, 12 Nov 2012 01:33:50 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAC1Xnls039070 for perforce@freebsd.org; Mon, 12 Nov 2012 01:33:49 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Mon, 12 Nov 2012 01:33:49 GMT Message-Id: <201211120133.qAC1Xnls039070@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 219752 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Nov 2012 01:33:51 -0000 http://p4web.freebsd.org/@@219752?ac=10 Change 219752 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2012/11/12 01:32:53 When throwing a capability-related exception, include more information on potentially interesting CP2 registers in log output. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/cheri.c#9 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/cheri.c#9 (text+ko) ==== @@ -274,6 +274,46 @@ intr_enable(); CHERI_REG_PRINT(c, ctag, 0); + /* C1 */ + intr_disable(); + CHERI_CLC(CHERI_CR_KR1C, CHERI_CR_KDC, &cheriframe->cf_c1, 0); + CHERI_GETCAPREG(CHERI_CR_KR1C, c); + CHERI_CGETTAG(ctag, 0); + intr_enable(); + CHERI_REG_PRINT(c, ctag, 1); + + /* C2 */ + intr_disable(); + CHERI_CLC(CHERI_CR_KR1C, CHERI_CR_KDC, &cheriframe->cf_c2, 0); + CHERI_GETCAPREG(CHERI_CR_KR1C, c); + CHERI_CGETTAG(ctag, 0); + intr_enable(); + CHERI_REG_PRINT(c, ctag, 2); + + /* C3 */ + intr_disable(); + CHERI_CLC(CHERI_CR_KR1C, CHERI_CR_KDC, &cheriframe->cf_c3, 0); + CHERI_GETCAPREG(CHERI_CR_KR1C, c); + CHERI_CGETTAG(ctag, 0); + intr_enable(); + CHERI_REG_PRINT(c, ctag, 3); + + /* C24 */ + intr_disable(); + CHERI_CLC(CHERI_CR_KR1C, CHERI_CR_KDC, &cheriframe->cf_c24, 0); + CHERI_GETCAPREG(CHERI_CR_KR1C, c); + CHERI_CGETTAG(ctag, 0); + intr_enable(); + CHERI_REG_PRINT(c, ctag, 24); + + /* C26 */ + intr_disable(); + CHERI_CLC(CHERI_CR_KR1C, CHERI_CR_KDC, &cheriframe->cf_c26, 0); + CHERI_GETCAPREG(CHERI_CR_KR1C, c); + CHERI_CGETTAG(ctag, 0); + intr_enable(); + CHERI_REG_PRINT(c, ctag, 26); + /* EPCC */ intr_disable(); CHERI_CLC(CHERI_CR_KR1C, CHERI_CR_KDC, &cheriframe->cf_pcc, 0); From owner-p4-projects@FreeBSD.ORG Mon Nov 12 01:35:53 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 2D377A70; Mon, 12 Nov 2012 01:35:53 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E0C46A6E for ; Mon, 12 Nov 2012 01:35:52 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id C5C278FC12 for ; Mon, 12 Nov 2012 01:35:52 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAC1ZqQj039127 for ; Mon, 12 Nov 2012 01:35:52 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAC1Zqx8039124 for perforce@freebsd.org; Mon, 12 Nov 2012 01:35:52 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Mon, 12 Nov 2012 01:35:52 GMT Message-Id: <201211120135.qAC1Zqx8039124@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 219753 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Nov 2012 01:35:53 -0000 http://p4web.freebsd.org/@@219753?ac=10 Change 219753 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2012/11/12 01:35:02 Implement CHERI_CLW() C-language macro around CHERI CLW instruction. Annotate that we're not able to use immediates due to assembler limitations here, and above where we also have store-related CHERI instructions. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/sys/mips/include/cheri.h#13 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/sys/mips/include/cheri.h#13 (text+ko) ==== @@ -163,6 +163,8 @@ /* * Data stores; while these don't muck with c0, they do require memory * clobbers. + * + * XXXRW: immediates not yet supported by the assembler. */ #define CHERI_CSB(rs, rt, offset, cb) do { \ __asm__ __volatile__ ("csb %0, %1($c%2)" : : \ @@ -185,6 +187,17 @@ } while (0) /* + * Data loads: while these don't much with c0, they do require memory + * clobbers. + * + * XXXRW: immediates not yet supported by the assembler. + */ +#define CHERI_CLW(rd, rt, offset, cb) do { \ + __asm__ __volatile__ ("clw %0, %1($c%2)" : \ + "=r" (rd) : "r" (rt), "i" (cb) : "memory"); \ +} while (0) + +/* * Routines that modify or replace values in capability registers, and that if * if used on C0, require the compiler to write registers back to memory, and * reload afterwards, since we may effectively be changing the compiler- From owner-p4-projects@FreeBSD.ORG Mon Nov 12 01:37:55 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 90420B83; Mon, 12 Nov 2012 01:37:55 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 520FCB81 for ; Mon, 12 Nov 2012 01:37:55 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 36E018FC08 for ; Mon, 12 Nov 2012 01:37:55 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAC1btAr039170 for ; Mon, 12 Nov 2012 01:37:55 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAC1bs1U039167 for perforce@freebsd.org; Mon, 12 Nov 2012 01:37:54 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Mon, 12 Nov 2012 01:37:54 GMT Message-Id: <201211120137.qAC1bs1U039167@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 219754 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Nov 2012 01:37:55 -0000 http://p4web.freebsd.org/@@219754?ac=10 Change 219754 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2012/11/12 01:37:04 When printing an instruction that has triggered an invalid instruction exception, use the saved EPCC for userspace to interpret the PC, rather than the active KDC. This is not quite right, as interrupts are enabled so we might use the wrong EPCC, but that is fairly unlikely and allows us to make useful progress in the mean time. Comment along these lines. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/sys/mips/mips/trap.c#12 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/sys/mips/mips/trap.c#12 (text+ko) ==== @@ -880,7 +880,21 @@ case T_RES_INST + T_USER: { InstFmt inst; +#ifdef CPU_CHERI + uint32_t i; + + /* + * XXXRW: We really need a cfuword(), and also to use + * a frame-extracted EPCC rather than the live one, as + * we may have taken a further exception if interrupts + * are enabled. However, this helps with debugging in + * the mean time. + */ + CHERI_CLW(i, trapframe->pc, 0, CHERI_CR_EPCC); + inst = *(InstFmt *)(&i); +#else inst = *(InstFmt *)(intptr_t)trapframe->pc; +#endif switch (inst.RType.op) { case OP_SPECIAL3: switch (inst.RType.func) { From owner-p4-projects@FreeBSD.ORG Mon Nov 12 01:44:02 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 508F8CCD; Mon, 12 Nov 2012 01:44:02 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0AE25CCB for ; Mon, 12 Nov 2012 01:44:02 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id CA6BB8FC08 for ; Mon, 12 Nov 2012 01:44:01 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAC1i1hw039313 for ; Mon, 12 Nov 2012 01:44:01 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAC1i1AD039310 for perforce@freebsd.org; Mon, 12 Nov 2012 01:44:01 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Mon, 12 Nov 2012 01:44:01 GMT Message-Id: <201211120144.qAC1i1AD039310@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 219755 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Nov 2012 01:44:02 -0000 http://p4web.freebsd.org/@@219755?ac=10 Change 219755 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2012/11/12 01:43:30 Test implementation of multi-segment process sandboxing using CHERI on top of CheriBSD. Currently, just CJALR and CJR are used, rather than CCALL and CRETURN, so this is really just about memory protection rather than mutual distrust, but it appears to mostly work. A very simple sandbox API is implemented, which allows appropriately linked code to be loaded from disk and multiple sandboxes using that code to be instantiated, each to be invoked using a sandbox_invoke() function. Much future maturity will be found here at some point. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/bin/cheritest/Makefile#2 edit .. //depot/projects/ctsrd/cheribsd/src/bin/cheritest/cheritest.c#7 edit .. //depot/projects/ctsrd/cheribsd/src/bin/cheritest/mips64/sandboxasm.S#1 add .. //depot/projects/ctsrd/cheribsd/src/bin/cheritest/sandbox.c#1 add .. //depot/projects/ctsrd/cheribsd/src/bin/cheritest/sandbox.h#1 add Differences ... ==== //depot/projects/ctsrd/cheribsd/src/bin/cheritest/Makefile#2 (text+ko) ==== @@ -1,7 +1,12 @@ # $FreeBSD$ PROG= cheritest -SRCS= cheritest.c +SRCS= cheritest.c sandbox.c sandboxasm.S NO_MAN=yes +FILES= sandboxasm.o +CLEANFILES= sandboxasm.o + +.PATH: ${.CURDIR}/${MACHINE_ARCH} + .include ==== //depot/projects/ctsrd/cheribsd/src/bin/cheritest/cheritest.c#7 (text+ko) ==== @@ -42,6 +42,8 @@ #include #include +#include "sandbox.h" + #define CHERI_CAPREG_PRINT(crn) do { \ register_t c_tag; \ register_t c_unsealed, c_perms, c_otype, c_base, c_length; \ @@ -68,6 +70,7 @@ fprintf(stderr, "cheritest listregs\n"); fprintf(stderr, "cheritest overrun\n"); fprintf(stderr, "cheritest sandbox\n"); + fprintf(stderr, "cheritest sandbox_invoke\n"); fprintf(stderr, "cheritest sleep\n"); fprintf(stderr, "cheritest unsandbox\n"); fprintf(stderr, "cheritest syscalltest\n"); @@ -150,6 +153,20 @@ } static void +cheritest_sandbox_invoke(void) +{ + struct sandbox *sb; + register_t v; + + if (sandbox_setup("/usr/libexec/cheritest-helper.bin", 1024*1024, + &sb) < 0) + err(1, "sandbox_setup"); + + v = sandbox_invoke(sb, 0, 0, 0, 0, NULL, NULL); + printf("%s: sandbox returned %ju\n", __func__, (uintmax_t)v); +} + +static void cheritest_unsandbox(void) { @@ -202,6 +219,8 @@ cheritest_overrun(); else if (strcmp(argv[i], "sandbox") == 0) cheritest_sandbox(); + else if (strcmp(argv[i], "sandbox_invoke") == 0) + cheritest_sandbox_invoke(); else if (strcmp(argv[i], "sleep") == 0) sleep(10); else if (strcmp(argv[i], "unsandbox") == 0) From owner-p4-projects@FreeBSD.ORG Mon Nov 12 01:50:09 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id F2CB1E34; Mon, 12 Nov 2012 01:50:08 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 931A5E32 for ; Mon, 12 Nov 2012 01:50:08 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 706D58FC19 for ; Mon, 12 Nov 2012 01:50:08 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAC1o8Q7039441 for ; Mon, 12 Nov 2012 01:50:08 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAC1o8cQ039438 for perforce@freebsd.org; Mon, 12 Nov 2012 01:50:08 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Mon, 12 Nov 2012 01:50:08 GMT Message-Id: <201211120150.qAC1o8cQ039438@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 219756 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Nov 2012 01:50:09 -0000 http://p4web.freebsd.org/@@219756?ac=10 Change 219756 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2012/11/12 01:50:06 Simple implementation of a sandbox invocation target: unpacks sandbox invocation arguments, runs some C code a bit under-defensively, and returns a value to be picked up by the calling code. Much work to be done here, and depends on a CJALR call, returning via CJR, rather than CCALL and CRETURN. However, runs in a new segment successfully. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/Makefile#3 edit .. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/cheritest-helper.c#2 edit .. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/mips64/chsbrt.S#1 add .. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/sandbox.ld#2 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/Makefile#3 (text+ko) ==== @@ -2,17 +2,22 @@ # $FreeBSD$ # PROG= cheritest-helper -SRCS= cheritest-helper.c -LDFLAGS+= --script=sandbox.ld -nostdlib +SRCS= cheritest-helper.c chsbrt.S +LDFLAGS+= -Wl,--script=${.CURDIR}/sandbox.ld -nostdlib +CFLAGS+= -G0 -Wa,-G0 NO_MAN= -STRIP= +#STRIP= +NO_SHARED= yes FILESOWN= ${LIBOWN} FILESGRP= ${LIBGRP} FILESMODE= ${LIBMODE} -FILESDIR= ${LIBDIR} -FILES= cheritest-helper.bin cheritest-helper.dump -CLEANFILES= cheritest-helper.bin cheritest-helper.dump +FILESDIR= ${LIBEXECDIR} +FILES= cheritest-helper.bin cheritest-helper.dump chsbrt.o +CLEANFILES= cheritest-helper.bin cheritest-helper.dump chsbrt.o + +chsbrt.o: + ${AS} -G0 -o ${.TARGET} ${.ALLSRC} cheritest-helper.bin: cheritest-helper objcopy -S -O binary ${.ALLSRC} ${.TARGET} @@ -20,4 +25,6 @@ cheritest-helper.dump: cheritest-helper objdump -xsSD ${.ALLSRC} > ${.TARGET} +.PATH: ${.CURDIR}/${MACHINE_ARCH} + .include ==== //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/cheritest-helper.c#2 (text+ko) ==== @@ -30,9 +30,12 @@ #include +int invoke(register_t a0, register_t a1, register_t a2, register_t a3); + int -main(int argc __unused, char *argv[] __unused) +invoke(register_t a0 __unused, register_t a1 __unused, register_t a2 __unused, + register_t a3 __unused) { - return (0); + return (123456); } ==== //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/sandbox.ld#2 (text+ko) ==== @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2011 Robert N. M. Watson + * Copyright (c) 2011-2012 Robert N. M. Watson * All rights reserved. * * This software was developed by SRI International and the University of @@ -40,7 +40,10 @@ SECTIONS { . = __code_base__; + + .text ALIGN(0x8): { chsbrt.o } .text ALIGN(0x8): { *(.text) } + .MIPS.options ALIGN(0x8): { *(.MIPS.options) } .bss ALIGN(0x8): { *(.bss) } .data ALIGN(0x8): { *(.data) } From owner-p4-projects@FreeBSD.ORG Mon Nov 12 07:47:24 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id A5F052D3; Mon, 12 Nov 2012 07:47:24 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 665832D1 for ; Mon, 12 Nov 2012 07:47:24 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 4C7428FC14 for ; Mon, 12 Nov 2012 07:47:24 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAC7lOOu054711 for ; Mon, 12 Nov 2012 07:47:24 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAC7lNuk054708 for perforce@freebsd.org; Mon, 12 Nov 2012 07:47:23 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Mon, 12 Nov 2012 07:47:23 GMT Message-Id: <201211120747.qAC7lNuk054708@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 219757 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Nov 2012 07:47:24 -0000 http://p4web.freebsd.org/@@219757?ac=10 Change 219757 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2012/11/12 07:47:16 Flesh out CHERI load via capability macros. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/sys/mips/include/cheri.h#14 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/sys/mips/include/cheri.h#14 (text+ko) ==== @@ -192,11 +192,41 @@ * * XXXRW: immediates not yet supported by the assembler. */ +#define CHERI_CLB(rd, rt, offset, cb) do { \ + __asm__ __volatile__ ("clb %0, %1($c%2)" : \ + "=r" (rd) : "r" (rt), "i" (cb) : "memory"); \ +} while (0) + +#define CHERI_CLH(rd, rt, offset, cb) do { \ + __asm__ __volatile__ ("clh %0, %1($c%2)" : \ + "=r" (rd) : "r" (rt), "i" (cb) : "memory"); \ +} while (0) + #define CHERI_CLW(rd, rt, offset, cb) do { \ __asm__ __volatile__ ("clw %0, %1($c%2)" : \ "=r" (rd) : "r" (rt), "i" (cb) : "memory"); \ } while (0) +#define CHERI_CLD(rd, rt, offset, cb) do { \ + __asm__ __volatile__ ("cld %0, %1($c%2)" : \ + "=r" (rd) : "r" (rt), "i" (cb) : "memory"); \ +} while (0) + +#define CHERI_CLBU(rd, rt, offset, cb) do { \ + __asm__ __volatile__ ("clbu %0, %1($c%2)" : \ + "=r" (rd) : "r" (rt), "i" (cb) : "memory"); \ +} while (0) + +#define CHERI_CLHU(rd, rt, offset, cb) do { \ + __asm__ __volatile__ ("clhu %0, %1($c%2)" : \ + "=r" (rd) : "r" (rt), "i" (cb) : "memory"); \ +} while (0) + +#define CHERI_CLWU(rd, rt, offset, cb) do { \ + __asm__ __volatile__ ("clwu %0, %1($c%2)" : \ + "=r" (rd) : "r" (rt), "i" (cb) : "memory"); \ +} while (0) + /* * Routines that modify or replace values in capability registers, and that if * if used on C0, require the compiler to write registers back to memory, and From owner-p4-projects@FreeBSD.ORG Mon Nov 12 08:09:48 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 10DE6732; Mon, 12 Nov 2012 08:09:48 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BD432730 for ; Mon, 12 Nov 2012 08:09:47 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id A0FCA8FC08 for ; Mon, 12 Nov 2012 08:09:47 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAC89lai055141 for ; Mon, 12 Nov 2012 08:09:47 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAC89l6i055138 for perforce@freebsd.org; Mon, 12 Nov 2012 08:09:47 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Mon, 12 Nov 2012 08:09:47 GMT Message-Id: <201211120809.qAC89l6i055138@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 219758 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Nov 2012 08:09:48 -0000 http://p4web.freebsd.org/@@219758?ac=10 Change 219758 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2012/11/12 08:09:36 Release sandbox state once we're done with it in cheritest. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/bin/cheritest/cheritest.c#8 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/bin/cheritest/cheritest.c#8 (text+ko) ==== @@ -164,6 +164,7 @@ v = sandbox_invoke(sb, 0, 0, 0, 0, NULL, NULL); printf("%s: sandbox returned %ju\n", __func__, (uintmax_t)v); + sandbox_destroy(sb); } static void From owner-p4-projects@FreeBSD.ORG Mon Nov 12 08:10:49 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 9E88582A; Mon, 12 Nov 2012 08:10:49 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3A83A828 for ; Mon, 12 Nov 2012 08:10:49 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 02A068FC0C for ; Mon, 12 Nov 2012 08:10:49 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAC8Amvm055181 for ; Mon, 12 Nov 2012 08:10:48 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAC8AmsB055178 for perforce@freebsd.org; Mon, 12 Nov 2012 08:10:48 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Mon, 12 Nov 2012 08:10:48 GMT Message-Id: <201211120810.qAC8AmsB055178@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 219759 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Nov 2012 08:10:50 -0000 http://p4web.freebsd.org/@@219759?ac=10 Change 219759 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2012/11/12 08:10:03 Clean up error handling and output in cheritest sandbox_invoke. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/bin/cheritest/sandbox.c#2 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/bin/cheritest/sandbox.c#2 (text+ko) ==== @@ -55,7 +55,7 @@ register_t); struct sandbox { - const char *sb_path; + char *sb_path; void *sb_mem; register_t sb_sandboxlen; struct chericap sb_segment; @@ -77,31 +77,30 @@ return (-1); } - sb = malloc(sizeof(*sb)); + sb = calloc(1, sizeof(*sb)); if (sb == NULL) { saved_errno = errno; warn("%s: malloc", __func__); - close(fd); - errno = saved_errno; - return (-1); + goto error; + } + sb->sb_path = strdup(path); + if (sb->sb_path == NULL) { + saved_errno = errno; + warn("%s: fstat %s", __func__, path); + goto error; } if (fstat(fd, &sb->sb_stat) < 0) { saved_errno = errno; warn("%s: fstat %s", __func__, path); - free(sb); - close(fd); - errno = saved_errno; - return (-1); + goto error; } /* For now, support only "small" sandboxed programs. */ if (sb->sb_stat.st_size >= sandboxlen/2) { + saved_errno = EINVAL; warnx("%s: %s too large", __func__, path); - free(sb); - close(fd); - errno = EINVAL; - return (-1); + goto error; } /* @@ -111,10 +110,7 @@ if (sb->sb_mem == MAP_FAILED) { saved_errno = errno; warn("%s: mmap region", __func__); - free(sb); - close(fd); - errno = saved_errno; - return (-1); + goto error; } if (mmap((uint8_t *)sb->sb_mem + 0x1000, sb->sb_stat.st_size, @@ -122,13 +118,10 @@ MAP_FAILED) { saved_errno = errno; warn("%s: mmap %s", __func__, path); - munmap(sb->sb_mem, sandboxlen); - free(sb); - close(fd); - errno = saved_errno; - return (-1); + goto error; } close(fd); + fd = -1; if (mmap((uint8_t *)sb->sb_mem + 0x1000 + roundup2(sb->sb_stat.st_size, 4096), @@ -137,10 +130,7 @@ MAP_FAILED) { saved_errno = errno; warn("%s: mmap heap/stack", __func__); - munmap(sb->sb_mem, sandboxlen); - free(sb); - errno = saved_errno; - return (-1); + goto error; } /* @@ -167,12 +157,25 @@ CHERI_CGETTYPE(v, 10); printf(" otype %p\n", (void *)v); CHERI_CGETBASE(v, 10); - printf(" base %p\n", (void *)v); + printf(" base %p", (void *)v); CHERI_CGETLEN(v, 10); printf(" length %p\n", (void *)v); *sbp = sb; return (0); + +error: + if (sb != NULL) { + if (sb->sb_path != NULL) + free(sb->sb_path); + if (sb->sb_mem != NULL) + munmap(sb->sb_mem, sandboxlen); + free(sb); + } + if (fd != -1) + close(fd); + errno = saved_errno; + return (-1); } register_t From owner-p4-projects@FreeBSD.ORG Mon Nov 12 08:11:50 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id B0D47918; Mon, 12 Nov 2012 08:11:50 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 72EEB916 for ; Mon, 12 Nov 2012 08:11:50 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 598758FC08 for ; Mon, 12 Nov 2012 08:11:50 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAC8BoXQ055228 for ; Mon, 12 Nov 2012 08:11:50 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAC8BobV055225 for perforce@freebsd.org; Mon, 12 Nov 2012 08:11:50 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Mon, 12 Nov 2012 08:11:50 GMT Message-Id: <201211120811.qAC8BobV055225@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 219760 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Nov 2012 08:11:51 -0000 http://p4web.freebsd.org/@@219760?ac=10 Change 219760 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2012/11/12 08:11:12 Initialise $gp in cheritest-helper, which means we no longer have to compile with -G0 (I hope). This should (may) allow us to link sandboxed components against libraries. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/Makefile#4 edit .. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/mips64/chsbrt.S#2 edit .. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/sandbox.ld#3 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/Makefile#4 (text+ko) ==== @@ -4,7 +4,6 @@ PROG= cheritest-helper SRCS= cheritest-helper.c chsbrt.S LDFLAGS+= -Wl,--script=${.CURDIR}/sandbox.ld -nostdlib -CFLAGS+= -G0 -Wa,-G0 NO_MAN= #STRIP= NO_SHARED= yes ==== //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/mips64/chsbrt.S#2 (text+ko) ==== @@ -121,10 +121,7 @@ # registers that aren't explicit or ABI-implied arguments. # - # - # XXXRW: Initialise $gp? - # - dla $gp, 0 + dla $gp, _gp # # Invoke MIPS ABI C "invoke" function. ==== //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/sandbox.ld#3 (text+ko) ==== @@ -47,6 +47,9 @@ .bss ALIGN(0x8): { *(.bss) } .data ALIGN(0x8): { *(.data) } + _gp = ALIGN(16) + 0x7ff0; + .got : { *(.got.plt) *(.got) } + /* * Force zero-filling of previous segments in generated image. */ From owner-p4-projects@FreeBSD.ORG Mon Nov 12 16:08:01 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 8AF31191; Mon, 12 Nov 2012 16:08:01 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4A52318F for ; Mon, 12 Nov 2012 16:08:01 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 15F158FC13 for ; Mon, 12 Nov 2012 16:08:01 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qACG80lG072986 for ; Mon, 12 Nov 2012 16:08:00 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qACG80Yl072983 for perforce@freebsd.org; Mon, 12 Nov 2012 16:08:00 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Mon, 12 Nov 2012 16:08:00 GMT Message-Id: <201211121608.qACG80Yl072983@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 219761 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Nov 2012 16:08:01 -0000 http://p4web.freebsd.org/@@219761?ac=10 Change 219761 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2012/11/12 16:07:26 Do a bit more legwork so that we can try and convince ourselves that libraries linked into sandboxed code work; do this by linking in libmd. Provide a number of system call stubs depended on by the library, which mostly return ECAPMODE. Also provide an errno implementation. We will want to expand this example shortly to illustrate how capability-unaware code can copy in arguments and out return values via capabilities using utility routines, as will be required for libpng. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/Makefile#5 edit .. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/cheritest-helper.c#3 edit .. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/malloc.c#1 add .. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/stub.c#1 add Differences ... ==== //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/Makefile#5 (text+ko) ==== @@ -2,12 +2,26 @@ # $FreeBSD$ # PROG= cheritest-helper -SRCS= cheritest-helper.c chsbrt.S +SRCS= cheritest-helper.c \ + malloc.c \ + stub.c \ + chsbrt.S \ + memcpy.S \ + memset.S + LDFLAGS+= -Wl,--script=${.CURDIR}/sandbox.ld -nostdlib NO_MAN= #STRIP= +DPADD= ${LIBMD} +LDADD= -lmd + NO_SHARED= yes +# +# For libc files! +# +NO_WERROR= yes + FILESOWN= ${LIBOWN} FILESGRP= ${LIBGRP} FILESMODE= ${LIBMODE} @@ -24,6 +38,7 @@ cheritest-helper.dump: cheritest-helper objdump -xsSD ${.ALLSRC} > ${.TARGET} -.PATH: ${.CURDIR}/${MACHINE_ARCH} +.PATH: ${.CURDIR}/${MACHINE_ARCH} \ + ${.CURDIR}/../../lib/libc/string/${MACHINE_TARGET} .include ==== //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/cheritest-helper.c#3 (text+ko) ==== @@ -30,12 +30,27 @@ #include +#include + +#include + int invoke(register_t a0, register_t a1, register_t a2, register_t a3); +/* + * Sample sandboxed code. Calculate an MD5 checksum of the data arriving via + * c1, and place the checksum in c2. + * + * XXXRW: More to follow here. + */ int invoke(register_t a0 __unused, register_t a1 __unused, register_t a2 __unused, register_t a3 __unused) { + MD5_CTX md5context; + char buf[33]; + + MD5Init(&md5context); + MD5End(&md5context, buf); return (123456); } From owner-p4-projects@FreeBSD.ORG Mon Nov 12 18:58:58 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 18043B2A; Mon, 12 Nov 2012 18:58:58 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C92C2B28 for ; Mon, 12 Nov 2012 18:58:57 +0000 (UTC) (envelope-from brooks@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id AD9338FC12 for ; Mon, 12 Nov 2012 18:58:57 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qACIwvUl079674 for ; Mon, 12 Nov 2012 18:58:57 GMT (envelope-from brooks@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qACIwvXQ079671 for perforce@freebsd.org; Mon, 12 Nov 2012 18:58:57 GMT (envelope-from brooks@freebsd.org) Date: Mon, 12 Nov 2012 18:58:57 GMT Message-Id: <201211121858.qACIwvXQ079671@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to brooks@freebsd.org using -f From: Brooks Davis Subject: PERFORCE change 219763 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Nov 2012 18:58:58 -0000 http://p4web.freebsd.org/@@219763?ac=10 Change 219763 by brooks@brooks_ecr_current on 2012/11/12 18:58:51 Split the common PNG decoding bits out from the sandbox creation. Build the capsicum helper static. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libimagebox/Makefile#3 edit .. //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libimagebox/decode_png.c#1 add .. //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libimagebox/pngbox.c#3 edit .. //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng/Makefile#3 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libimagebox/Makefile#3 (text+ko) ==== @@ -7,7 +7,7 @@ LIB= imagebox SHLIB_MAJOR= 1 -SRCS= pngbox.c +SRCS= decode_png.c pngbox.c INCS= imagebox.h ==== //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libimagebox/pngbox.c#3 (text+ko) ==== @@ -47,9 +47,6 @@ #include "imagebox.h" #include "iboxpriv.h" -static void read_row_callback(png_structp, png_uint_32, int); -static void read_png_from_fd(png_structp, png_bytep, png_size_t); - struct pthr_decode_private { pthread_t pthr; @@ -60,84 +57,6 @@ pid_t pid; }; -void -decode_png(struct ibox_decode_state *ids) -{ - int bit_depth, color_type, interlace_type; - png_uint_32 r, width, height; - png_structp png_ptr = NULL; - png_infop info_ptr = NULL; - png_infop end_info = NULL; - png_bytep *rows = NULL; - - if ((png_ptr = png_create_read_struct(PNG_LIBPNG_VER_STRING, - NULL, NULL, NULL)) == NULL) { - ids->is->error = 1; - goto error; - } - if ((info_ptr = png_create_info_struct(png_ptr)) == NULL) { - ids->is->error = 1; - goto error; - } - if ((end_info = png_create_info_struct(png_ptr)) == NULL) { - ids->is->error = 1; - goto error; - } - - if (setjmp(png_jmpbuf(png_ptr))) { - ids->is->error = 1; - goto error; - } - -#if 0 - /* XXX Insert back door function here */ - png_set_read_user_chunk_fn(png_ptr, user_chunk_ptr, - read_chunk_callback); -#endif - - png_set_read_status_fn(png_ptr, read_row_callback); - - /* - * Reject the image if the parser finds a different size than - * our manual parsing did. - */ -#if 0 - png_set_user_limits(png_ptr, width, height); -#endif - - png_set_read_fn(png_ptr, ids, read_png_from_fd); - - png_read_info(png_ptr, info_ptr); - - png_get_IHDR(png_ptr, info_ptr, &width, &height, &bit_depth, - &color_type, &interlace_type, NULL, NULL); - - if (width != ids->is->width || height != ids->is->height) { - ids->is->error = 1; - goto error; - } - - png_set_gray_to_rgb(png_ptr); - png_set_bgr(png_ptr); - png_set_filler(png_ptr, 0, PNG_FILLER_AFTER); - ids->is->passes_remaining = png_set_interlace_handling(png_ptr); - png_read_update_info(png_ptr, info_ptr); - - if ((rows = malloc(height*sizeof(png_bytep))) == NULL) - png_error(png_ptr, "failed to malloc row array"); - for (r = 0; r < height; r++) - rows[r] = (png_bytep)(ids->buffer + (width * r)); - - png_read_rows(png_ptr, rows, NULL, height); - - png_read_end(png_ptr, end_info); - -error: - png_destroy_read_struct(&png_ptr, &info_ptr, &end_info); - close(ids->fd); - free(rows); -} - static void * pthr_decode_png(void *arg) { @@ -394,27 +313,3 @@ break; } } - -static void -read_row_callback(png_structp png_ptr, png_uint_32 row, int pass __unused) -{ - struct ibox_decode_state *ids; - - ids = png_get_io_ptr(png_ptr); - if (ids->is->valid_rows < row) - ids->is->valid_rows = row; - if (row == ids->is->height) - ids->is->passes_remaining--; -} - -static void -read_png_from_fd(png_structp png_ptr, png_bytep data, png_size_t length) -{ - struct ibox_decode_state *ids; - ssize_t rlen; - - ids = png_get_io_ptr(png_ptr); - rlen = read(ids->fd, data, length); - if (rlen < 0 || (png_size_t)rlen != length) - png_error(png_ptr, "read error"); -} ==== //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng/Makefile#3 (text+ko) ==== @@ -4,8 +4,10 @@ PROG= readpng +NO_SHARED= yes + .PATH: ${.CURDIR}/../../../ctsrd-lib/libimagebox -SRCS= readpng.c pngbox.c +SRCS= readpng.c decode_png.c MAN= @@ -14,12 +16,12 @@ CFLAGS+= -I${.CURDIR}/../../../ctsrd-lib/libimagebox .if ${MACHINE_ARCH} == "amd64" CFLAGS+= -I/usr/local/include -LDFLAGS+= -L/usr/local/lib +LDADD+= -L/usr/local/lib -lpng .else CFLAGS+= -I${.CURDIR}/../../libvuln_png -LDFLAGS+= -lvuln_png +LDADD+= -lvuln_png .endif -LDFLAGS+= -lpthread -lz -lm +LDADD+= -lz -lm WARNS= 6 From owner-p4-projects@FreeBSD.ORG Mon Nov 12 21:28:32 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 6D4FDC47; Mon, 12 Nov 2012 21:28:32 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 26A90C42 for ; Mon, 12 Nov 2012 21:28:32 +0000 (UTC) (envelope-from brooks@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 0D0D68FC14 for ; Mon, 12 Nov 2012 21:28:32 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qACLSV3P085678 for ; Mon, 12 Nov 2012 21:28:31 GMT (envelope-from brooks@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qACLSVP9085675 for perforce@freebsd.org; Mon, 12 Nov 2012 21:28:31 GMT (envelope-from brooks@freebsd.org) Date: Mon, 12 Nov 2012 21:28:31 GMT Message-Id: <201211122128.qACLSVP9085675@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to brooks@freebsd.org using -f From: Brooks Davis Subject: PERFORCE change 219764 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Nov 2012 21:28:32 -0000 http://p4web.freebsd.org/@@219764?ac=10 Change 219764 by brooks@brooks_zenith on 2012/11/12 21:27:34 Fix search path to find memcpy.S on mips64. Use memset.c since mips doesn't have an asm version of it. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/Makefile#6 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/Makefile#6 (text+ko) ==== @@ -7,7 +7,7 @@ stub.c \ chsbrt.S \ memcpy.S \ - memset.S + memset.c LDFLAGS+= -Wl,--script=${.CURDIR}/sandbox.ld -nostdlib NO_MAN= @@ -38,7 +38,8 @@ cheritest-helper.dump: cheritest-helper objdump -xsSD ${.ALLSRC} > ${.TARGET} -.PATH: ${.CURDIR}/${MACHINE_ARCH} \ - ${.CURDIR}/../../lib/libc/string/${MACHINE_TARGET} +.PATH: ${.CURDIR}/${MACHINE_ARCH} +.PATH: ${.CURDIR}/../../lib/libc/${MACHINE}/string +.PATH: ${.CURDIR}/../../lib/libc/string .include From owner-p4-projects@FreeBSD.ORG Tue Nov 13 08:08:39 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id C9085DE7; Tue, 13 Nov 2012 08:08:39 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 85642DE5 for ; Tue, 13 Nov 2012 08:08:39 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 6B2A38FC15 for ; Tue, 13 Nov 2012 08:08:39 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAD88dK2010642 for ; Tue, 13 Nov 2012 08:08:39 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAD88dG2010639 for perforce@freebsd.org; Tue, 13 Nov 2012 08:08:39 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Tue, 13 Nov 2012 08:08:39 GMT Message-Id: <201211130808.qAD88dG2010639@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 219765 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Nov 2012 08:08:40 -0000 http://p4web.freebsd.org/@@219765?ac=10 Change 219765 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2012/11/13 08:08:03 Provide routines to copy between conventional MIPS memory and capabilities: memcpy_tocap() and memcopy_fromcap(). These are inlines because the capability register has to be specified at compile-time rather than run-time. This makes it fairly easy for sandboxed C code to access data passed via capability arguments (e.g., data passed by reference). Affected files ... .. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/cmemcpy.h#1 add Differences ... From owner-p4-projects@FreeBSD.ORG Tue Nov 13 08:09:41 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 28A60F72; Tue, 13 Nov 2012 08:09:41 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DE4B1F6F for ; Tue, 13 Nov 2012 08:09:40 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id C234E8FC08 for ; Tue, 13 Nov 2012 08:09:40 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAD89eSA010671 for ; Tue, 13 Nov 2012 08:09:40 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAD89e4e010668 for perforce@freebsd.org; Tue, 13 Nov 2012 08:09:40 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Tue, 13 Nov 2012 08:09:40 GMT Message-Id: <201211130809.qAD89e4e010668@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 219766 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Nov 2012 08:09:41 -0000 http://p4web.freebsd.org/@@219766?ac=10 Change 219766 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2012/11/13 08:09:18 Various enhancements to sandbox invocation calling conventions and related parts: - $c1-$c7 allow seven capabilities to be passed into the sandbox during invoke. - $c26 (IDC) is now used for the combined sandbox code/data segment required for MIPS compatibility mode. - Lay out the segment more maturely, using guard pages between explicit heap and stack sub-segments. - Pass information on heap layout into the sandbox, and populate global variables for use by in-sandbox malloc. This is done via a4 and a5. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/bin/cheritest/mips64/sandboxasm.S#2 edit .. //depot/projects/ctsrd/cheribsd/src/bin/cheritest/sandbox.c#3 edit .. //depot/projects/ctsrd/cheribsd/src/bin/cheritest/sandbox.h#2 edit .. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/malloc.c#2 edit .. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/mips64/chsbrt.S#3 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/bin/cheritest/mips64/sandboxasm.S#2 (text+ko) ==== @@ -38,9 +38,9 @@ # for a CJALR into a sandbox. Eventually, this should be a CCALL. # # Temporary ABI conventions: -# $c1-$c2 will be filled with capability arguments -# $c3 is the segment of the invoked capability -# $a0-$a3 will be filled with general-purpose arguments +# $c1-$c7 will be filled with capability arguments +# $c26 is the segment of the invoked capability +# $a0-$a5 will be filled with general-purpose arguments # .text @@ -49,13 +49,6 @@ _chsbrt_invoke: # - # Install callee IDC, which will become callee $c0. - # - # XXXRW: This will be done by CCALL. - # - cmove $c26, $c3 - - # # XXXRW: When CCALL, save caller $c0 here. # @@ -92,7 +85,7 @@ # Enter sandbox, entering at 0x1000. # dli $t0, 0x1000 - cjalr $t0($c3) + cjalr $t0($c26) nop # XXXRW: Branch-delay slot? # ==== //depot/projects/ctsrd/cheribsd/src/bin/cheritest/sandbox.c#3 (text+ko) ==== @@ -47,17 +47,23 @@ #define roundup2(x, y) (((x)+((y)-1))&(~((y)-1))) /* if y is powers of two */ +#define GUARD_PAGE_SIZE 0x1000 +#define PAGE_SIZE 0x1000 +#define STACK_SIZE (32*PAGE_SIZE) + /* * Library routine for setting up a sandbox. */ register_t _chsbrt_invoke(register_t, register_t, register_t, - register_t); + register_t, register_t, register_t); struct sandbox { char *sb_path; void *sb_mem; register_t sb_sandboxlen; + register_t sb_heapbase; + register_t sb_heaplen; struct chericap sb_segment; struct stat sb_stat; }; @@ -67,6 +73,8 @@ { struct sandbox *sb; int fd, saved_errno; + size_t length; + uint8_t *base; register_t v; fd = open(path, O_RDONLY); @@ -104,36 +112,94 @@ } /* - * Reserve space for a 1MB sandbox. + * Perform an initial reservation of space for the sandbox, but using + * anonymous memory that is neither readable nor writable. This + * ensures there is space for all the various segments we will be + * installing later. + * + * The rough sandbox memory map is as follows: + * + * [stack] + * [guard page] + * [heap] + * [guard page] + * [memory mapped binary] + * [guard page] */ - sb->sb_mem = mmap(NULL, sandboxlen, 0, MAP_ANON, -1, 0); + length = sandboxlen; + base = sb->sb_mem = mmap(NULL, length, 0, MAP_ANON, -1, 0); if (sb->sb_mem == MAP_FAILED) { saved_errno = errno; warn("%s: mmap region", __func__); goto error; } - if (mmap((uint8_t *)sb->sb_mem + 0x1000, sb->sb_stat.st_size, - PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_FIXED, fd, 0) == - MAP_FAILED) { + /* + * Skip guard page. + */ + base += GUARD_PAGE_SIZE; + length -= GUARD_PAGE_SIZE; + + /* + * Map program binary. + */ + if (mmap(base, sb->sb_stat.st_size, PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_FIXED, fd, 0) == MAP_FAILED) { saved_errno = errno; warn("%s: mmap %s", __func__, path); goto error; } + base += roundup2(sb->sb_stat.st_size, PAGE_SIZE); + length += roundup2(sb->sb_stat.st_size, PAGE_SIZE); + close(fd); fd = -1; - if (mmap((uint8_t *)sb->sb_mem + 0x1000 + - roundup2(sb->sb_stat.st_size, 4096), - sandboxlen - (0x1000 + roundup2(sb->sb_stat.st_size, 4096)), - PROT_READ | PROT_WRITE, MAP_ANON | MAP_FIXED, -1, 0) == - MAP_FAILED) { + /* + * Skip guard page. + */ + base += GUARD_PAGE_SIZE; + length -= GUARD_PAGE_SIZE; + + /* + * Heap. + */ + sb->sb_heapbase = (register_t)base - (register_t)sb->sb_mem; + sb->sb_heaplen = length - (GUARD_PAGE_SIZE + STACK_SIZE); + if (mmap(base, sb->sb_heaplen, PROT_READ | PROT_WRITE, + MAP_ANON | MAP_FIXED, -1, 0) == MAP_FAILED) { + saved_errno = errno; + warn("%s: mmap heap", __func__); + goto error; + } + base += sb->sb_heaplen; + length -= sb->sb_heaplen; + + /* + * Skip guard page. + */ + base += GUARD_PAGE_SIZE; + length -= GUARD_PAGE_SIZE; + + /* + * Stack. + */ + if (mmap(base, length, PROT_READ | PROT_WRITE, MAP_ANON | MAP_FIXED, + -1, 0) == MAP_FAILED) { saved_errno = errno; - warn("%s: mmap heap/stack", __func__); + warn("%s: mmap stack", __func__); goto error; } + base += STACK_SIZE; + length -= STACK_SIZE; /* + * There should not be too much, nor too little space remaining. 0 + * is our Goldilocks number. + */ + assert(length == 0); + + /* * XXXRW: Use $c10 to construct the sandbox's segment. This is * probably not the right thing. */ @@ -178,21 +244,30 @@ return (-1); } +#define CHERI_CLOADORCLEAR(cnum, cptr) do { \ + if (c ## cnum != NULL) \ + CHERI_CLC(cnum, 0, cptr, 0); \ + else \ + CHERI_CCLEARTAG(cnum); \ +} while (0) + register_t sandbox_invoke(struct sandbox *sb, register_t a0, register_t a1, - register_t a2, register_t a3, struct chericap *c1, struct chericap *c2) + register_t a2, register_t a3, struct chericap *c1, struct chericap *c2, + struct chericap *c3, struct chericap *c4, struct chericap *c5, + struct chericap *c6, struct chericap *c7) { - if (c1 != NULL) - CHERI_CLC(1, 0, c1, 0); - else - CHERI_CCLEARTAG(1); - if (c2 != NULL) - CHERI_CLC(2, 0, c2, 0); - else - CHERI_CCLEARTAG(2); - CHERI_CLC(3, 0, &sb->sb_segment, 0); - return (_chsbrt_invoke(a0, a1, a2, a3)); + CHERI_CLOADORCLEAR(1, c1); + CHERI_CLOADORCLEAR(2, c2); + CHERI_CLOADORCLEAR(3, c3); + CHERI_CLOADORCLEAR(4, c4); + CHERI_CLOADORCLEAR(5, c5); + CHERI_CLOADORCLEAR(6, c6); + CHERI_CLOADORCLEAR(7, c7); + CHERI_CLC(26, 0, &sb->sb_segment, 0); + return (_chsbrt_invoke(a0, a1, a2, a3, sb->sb_heapbase, + sb->sb_heaplen)); } void ==== //depot/projects/ctsrd/cheribsd/src/bin/cheritest/sandbox.h#2 (text+ko) ==== @@ -36,7 +36,8 @@ struct sandbox **sbp); register_t sandbox_invoke(struct sandbox *sb, register_t a0, register_t a1, register_t a2, register_t a3, struct chericap *c1, - struct chericap *c2); + struct chericap *c2, struct chericap *c3, struct chericap *c4, + struct chericap *c5, struct chericap *c6, struct chericap *c7); void sandbox_destroy(struct sandbox *sb); #endif /* !_SANDBOX_H_ */ ==== //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/malloc.c#2 (text+ko) ==== @@ -28,8 +28,13 @@ * SUCH DAMAGE. */ +#include + #include +void *_sb_heapbase; +size_t _sb_heaplen; + void * malloc(size_t size __unused) { ==== //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/mips64/chsbrt.S#3 (text+ko) ==== @@ -43,15 +43,20 @@ # $fp contains a pointer to the top of the stack; 32-byte aligned # # $a0-$a3 contain user arguments +# $a4 contains the heap offset within the sandbox +# $a5 contains the heap length # $v0, $v1 contain user return values # # $c0, $pcc contain access to (100% overlapped) sandbox code and data # # $c1-$c7 contain user capability arguments # +# $c26 contains the invoked data capability - the complete segment, +# which will also be installed in $c0 locally due to lack of CCALL. +# # For now, assume: # (1) We are on the receiving end of CJALR, not CCALL. -# (2) The calling code has kindly set up C0 such that this and C code can run. +# (2) We enter with the caller's $c0 due to no CCALL # (3) The caller has not set up the general-purpose register context, that's # our job. # (4) The goal is not to set up the CHERI calling convention .. yet; we will @@ -75,18 +80,18 @@ # # Set up in-sandbox stack. # - cgetlen $sp, $c3 + cgetlen $sp, $c26 move $fp, $sp # # Temporarily, save caller $c0 for later restoration. # - # Notice: store relative to $c3, not $c0. + # Notice: store relative to $c26, not $c0. # # XXXRW: To change once we use CCALL. # daddiu $sp, -32 - csc $c0, $sp, 0($c3) + csc $c0, $sp, 0($c26) # # Install $idc as $c0. From here on out, we can do MIPS feteches and @@ -121,7 +126,15 @@ # registers that aren't explicit or ABI-implied arguments. # + # + # Set up global pointer, also install heap base and length from + # caller. + # dla $gp, _gp + dla $at, _sb_heapbase; + sd $a4, 0($at) + dla $at, _sb_heaplen; + sd $a5, 0($at) # # Invoke MIPS ABI C "invoke" function. From owner-p4-projects@FreeBSD.ORG Tue Nov 13 08:11:43 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id A84C0197; Tue, 13 Nov 2012 08:11:43 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 517F3195 for ; Tue, 13 Nov 2012 08:11:43 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 308A78FC13 for ; Tue, 13 Nov 2012 08:11:43 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAD8BhAg010755 for ; Tue, 13 Nov 2012 08:11:43 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAD8BgMM010752 for perforce@freebsd.org; Tue, 13 Nov 2012 08:11:42 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Tue, 13 Nov 2012 08:11:42 GMT Message-Id: <201211130811.qAD8BgMM010752@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 219767 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Nov 2012 08:11:43 -0000 http://p4web.freebsd.org/@@219767?ac=10 Change 219767 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2012/11/13 08:10:57 Teach cheritest to run md5 in a sandbox: checksummed data is passed in via a capability, and the checksum itself is passed out via a second capability. Bounds checking and permissions (e.g., read and write protection) are enforced on the by-reference arguments. The resulting checksum of "hello world" appears to be correct! Affected files ... .. //depot/projects/ctsrd/cheribsd/src/bin/cheritest/cheritest.c#9 edit .. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/cheritest-helper.c#4 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/bin/cheritest/cheritest.c#9 (text+ko) ==== @@ -152,19 +152,40 @@ CHERI_CSETLEN(0, 1, CHERI_CAP_USER_LENGTH - 1); } +/* + * XXXRW: c1 and c2 were not getting properly aligned when placed in the + * stack. Odd. + */ +static char md5string[] = "hello world"; +static struct chericap c1, c2; + static void cheritest_sandbox_invoke(void) { struct sandbox *sb; + char buf[33]; register_t v; if (sandbox_setup("/usr/libexec/cheritest-helper.bin", 1024*1024, &sb) < 0) err(1, "sandbox_setup"); - v = sandbox_invoke(sb, 0, 0, 0, 0, NULL, NULL); + CHERI_CINCBASE(10, 0, &md5string); + CHERI_CSETLEN(10, 10, strlen(md5string)); + CHERI_CANDPERM(10, 10, CHERI_PERM_LOAD); + CHERI_CSC(10, 0, &c1, 0); + + CHERI_CINCBASE(10, 0, &buf); + CHERI_CSETLEN(10, 10, sizeof(buf)); + CHERI_CANDPERM(10, 10, CHERI_PERM_STORE); + CHERI_CSC(10, 0, &c2, 0); + + v = sandbox_invoke(sb, strlen(md5string), 0, 0, 0, &c1, &c2, NULL, + NULL, NULL, NULL, NULL); printf("%s: sandbox returned %ju\n", __func__, (uintmax_t)v); sandbox_destroy(sb); + buf[32] = '\0'; + printf("MD5 checksum of '%s' is %s\n", md5string, buf); } static void ==== //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/cheritest-helper.c#4 (text+ko) ==== @@ -34,23 +34,29 @@ #include +#include "cmemcpy.h" + int invoke(register_t a0, register_t a1, register_t a2, register_t a3); /* * Sample sandboxed code. Calculate an MD5 checksum of the data arriving via - * c1, and place the checksum in c2. - * - * XXXRW: More to follow here. + * c1, and place the checksum in c2. a0 will hold input data length. c2 + * must be (at least) 33 bytes. */ int -invoke(register_t a0 __unused, register_t a1 __unused, register_t a2 __unused, +invoke(register_t a0, register_t a1 __unused, register_t a2 __unused, register_t a3 __unused) { MD5_CTX md5context; - char buf[33]; + char buf[33], ch; + u_int count; MD5Init(&md5context); + for (count = 0; count < a0; count++) { + memcpy_fromcap(&ch, 1, count, sizeof(ch)); + MD5Update(&md5context, &ch, sizeof(ch)); + } MD5End(&md5context, buf); - + memcpy_tocap(2, buf, 0, sizeof(buf)); return (123456); } From owner-p4-projects@FreeBSD.ORG Tue Nov 13 16:49:37 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 2BF4E867; Tue, 13 Nov 2012 16:49:37 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DDB5A865 for ; Tue, 13 Nov 2012 16:49:36 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id C319C8FC08 for ; Tue, 13 Nov 2012 16:49:36 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qADGna6x030308 for ; Tue, 13 Nov 2012 16:49:36 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qADGnaBP030305 for perforce@freebsd.org; Tue, 13 Nov 2012 16:49:36 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Tue, 13 Nov 2012 16:49:36 GMT Message-Id: <201211131649.qADGnaBP030305@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 219768 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Nov 2012 16:49:37 -0000 http://p4web.freebsd.org/@@219768?ac=10 Change 219768 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2012/11/13 16:48:52 Export a counter of CHERI system call violations (i.e., blocked attempts to directly invoke system calls from within a sandbox). Affected files ... .. //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/cheri.c#10 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/cheri.c#10 (text+ko) ==== @@ -33,9 +33,11 @@ #include #include #include +#include #include +#include #include #include @@ -54,6 +56,14 @@ * call, and reload them afterwards. */ +static SYSCTL_NODE(_security, OID_AUTO, cheri, CTLFLAG_RD, 0, + "CHERI parameters and statistics"); + +/* XXXRW: Should possibly be u_long. */ +static u_int security_cheri_syscall_violations; +SYSCTL_UINT(_security_cheri, OID_AUTO, syscall_violations, CTLFLAG_RD, + &security_cheri_syscall_violations, 0, "Number of system calls blocked"); + /* * Given an existing more privileged capability (fromcrn), build a new * capability in tocrn with the contents of the passed flattened @@ -346,8 +356,10 @@ intr_enable(); if (c.c_perms != CHERI_CAP_USER_PERMS || c.c_base != CHERI_CAP_USER_BASE || - c.c_length != CHERI_CAP_USER_LENGTH) + c.c_length != CHERI_CAP_USER_LENGTH) { + atomic_add_int(&security_cheri_syscall_violations, 1); return (ECAPMODE); + } return (0); } From owner-p4-projects@FreeBSD.ORG Tue Nov 13 17:35:24 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id C506DAFA; Tue, 13 Nov 2012 17:35:24 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6AD9BAF8 for ; Tue, 13 Nov 2012 17:35:24 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 39AD18FC13 for ; Tue, 13 Nov 2012 17:35:24 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qADHZO4X032110 for ; Tue, 13 Nov 2012 17:35:24 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qADHZNE1032107 for perforce@freebsd.org; Tue, 13 Nov 2012 17:35:23 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Tue, 13 Nov 2012 17:35:23 GMT Message-Id: <201211131735.qADHZNE1032107@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 219769 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Nov 2012 17:35:25 -0000 http://p4web.freebsd.org/@@219769?ac=10 Change 219769 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2012/11/13 17:35:06 Use 4MB sandboxes for demonstration purposes rather than 1MB sandboxes, as it's more useful for our specific demo. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/bin/cheritest/cheritest.c#10 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/bin/cheritest/cheritest.c#10 (text+ko) ==== @@ -166,7 +166,7 @@ char buf[33]; register_t v; - if (sandbox_setup("/usr/libexec/cheritest-helper.bin", 1024*1024, + if (sandbox_setup("/usr/libexec/cheritest-helper.bin", 4*1024*1024, &sb) < 0) err(1, "sandbox_setup"); From owner-p4-projects@FreeBSD.ORG Tue Nov 13 20:37:32 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 786B27C1; Tue, 13 Nov 2012 20:37:32 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2FD107BF for ; Tue, 13 Nov 2012 20:37:32 +0000 (UTC) (envelope-from brooks@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 14E338FC15 for ; Tue, 13 Nov 2012 20:37:32 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qADKbVxM038883 for ; Tue, 13 Nov 2012 20:37:31 GMT (envelope-from brooks@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qADKbVhU038880 for perforce@freebsd.org; Tue, 13 Nov 2012 20:37:31 GMT (envelope-from brooks@freebsd.org) Date: Tue, 13 Nov 2012 20:37:31 GMT Message-Id: <201211132037.qADKbVhU038880@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to brooks@freebsd.org using -f From: Brooks Davis Subject: PERFORCE change 219770 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Nov 2012 20:37:32 -0000 http://p4web.freebsd.org/@@219770?ac=10 Change 219770 by brooks@brooks_zenith on 2012/11/13 20:36:49 Checkpoint a working configuration dialog. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/ctsrd/cheripoint/cheripoint.c#3 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/ctsrd/cheripoint/cheripoint.c#3 (text+ko) ==== @@ -52,7 +52,9 @@ MTL_DM_640x480_CENTER /* 640x480 VGA from 480p, center pixels */ }; +int sb_vis = 0; enum sbtype sb = SB_CAPSICUM; +enum mtl_display_mode res = MTL_DM_720x480; static uint32_t slide_fcol; static uint32_t slide_width; @@ -90,7 +92,253 @@ } } +/* + * Draw simple configuration dialog, let the user toggle things. When + * done (user pinches) return 0 if nothing changed, >0 if something did. + * + * The screen looks like: + * + * Sandbox Resolution + * [*] None [ ] 800x480 + * [ ] Capsicum [*] 720x480 + * [ ] CHERI [ ] 640x480 (Left) + * [ ] 640x480 (Center) + * [ ] Visible + * + */ +#define CD_BORDER_WIDTH 8 +#define CD_TEXT_SCALE 2 +#define CD_TEXT_ROWS 6 +#define CD_SB_COLS 12 +#define CD_GAP 16 +#define CD_RES_COLS 20 static int +config_dialog(void) +{ + int changed = 0; + int f_height, f_width, tbufcols; + char *text; + uint32_t d_width, d_height, d_x, d_y; + uint32_t cfg_startr, row; + uint32_t sb_startc, sb_endc; + uint32_t res_startc, res_endc; + uint32_t *dbuf, *savebuf, *textbuf; + struct tsstate *ts; + + dbuf = savebuf = textbuf = NULL; + text = NULL; + + if ((savebuf = malloc(sizeof(uint32_t) * fb_width * fb_height)) == NULL) + return (-1); + + f_width = fb_get_font_width() * 2; + f_height = fb_get_font_height() * 2; + tbufcols = CD_RES_COLS; /* XXX: max chars */ + textbuf = malloc(sizeof(uint32_t) * f_height * f_width * tbufcols); + if (textbuf == NULL) { + changed = -1; + goto error; + } + if ((text = malloc(tbufcols + 1)) == NULL) { + changed = -1; + goto error; + } + + d_width = (CD_BORDER_WIDTH * 2) + CD_GAP + + ((CD_SB_COLS + CD_RES_COLS) * f_width); + d_height = (CD_BORDER_WIDTH * 2) + (CD_TEXT_ROWS * f_height); + d_x = (fb_width - d_width) / 2; + d_y = (fb_height - d_height) / 2; + if ((dbuf = malloc(sizeof(uint32_t) * d_width * d_height)) == NULL) { + changed = -1; + goto error; + } + + fb_save(savebuf); + +repaint: + fb_fill_buf(dbuf, white, d_width, d_height); + + cfg_startr = CD_BORDER_WIDTH; + sb_startc = CD_BORDER_WIDTH; + sb_endc = sb_startc + (CD_SB_COLS * f_width); + res_startc = sb_endc + CD_GAP; + res_endc = res_startc + (CD_RES_COLS * f_width); + + fb_fill_buf(textbuf, white, f_width * CD_SB_COLS, f_height); + fb_render_text("Sandbox", + 2, black, white, textbuf, f_width * CD_SB_COLS, f_height); + fb_composite(dbuf, d_width, d_height, + CD_BORDER_WIDTH, CD_BORDER_WIDTH + (0 * f_height), + textbuf, f_width * CD_SB_COLS, f_height); + + fb_fill_buf(textbuf, white, f_width * CD_SB_COLS, f_height); + sprintf(text, "[%c] None", sb == SB_NONE ? '*' : ' '); + fb_render_text(text, 2, black, white, textbuf, + f_width * CD_SB_COLS, f_height); + fb_composite(dbuf, d_width, d_height, + CD_BORDER_WIDTH, CD_BORDER_WIDTH + (1 * f_height), + textbuf, f_width * CD_SB_COLS, f_height); + + fb_fill_buf(textbuf, white, f_width * CD_SB_COLS, f_height); + sprintf(text, "[%c] Capsicum", sb == SB_CAPSICUM ? '*' : ' '); + fb_render_text(text, 2, black, white, textbuf, + f_width * CD_SB_COLS, f_height); + fb_composite(dbuf, d_width, d_height, + CD_BORDER_WIDTH, CD_BORDER_WIDTH + (2 * f_height), + textbuf, f_width * CD_SB_COLS, f_height); + + fb_fill_buf(textbuf, white, f_width * CD_SB_COLS, f_height); + sprintf(text, "[%c] CHERI", sb == SB_CHERI ? '*' : ' '); + fb_render_text(text, 2, black, white, textbuf, + f_width * CD_SB_COLS, f_height); + fb_composite(dbuf, d_width, d_height, + CD_BORDER_WIDTH, CD_BORDER_WIDTH + (3 * f_height), + textbuf, f_width * CD_SB_COLS, f_height); + + fb_fill_buf(textbuf, white, f_width * CD_SB_COLS, f_height); + sprintf(text, "[%c] Visible", sb_vis ? '*' : ' '); + fb_render_text(text, 2, black, white, textbuf, + f_width * CD_SB_COLS, f_height); + fb_composite(dbuf, d_width, d_height, + CD_BORDER_WIDTH, CD_BORDER_WIDTH + (5 * f_height), + textbuf, f_width * CD_SB_COLS, f_height); + + fb_fill_buf(textbuf, white, f_width * CD_RES_COLS, f_height); + fb_render_text("Resolution", + 2, black, white, textbuf, f_width * CD_RES_COLS, f_height); + fb_composite(dbuf, d_width, d_height, + CD_BORDER_WIDTH + (f_width * CD_SB_COLS) + CD_GAP, + CD_BORDER_WIDTH + (0 * f_height), + textbuf, f_width * CD_RES_COLS, f_height); + + fb_fill_buf(textbuf, white, f_width * CD_RES_COLS, f_height); + sprintf(text, "[%c] 800x480", res == MTL_DM_800x480 ? '*' : ' '); + fb_render_text(text, 2, black, white, textbuf, + f_width * CD_RES_COLS, f_height); + fb_composite(dbuf, d_width, d_height, + CD_BORDER_WIDTH + (f_width * CD_SB_COLS) + CD_GAP, + CD_BORDER_WIDTH + (1 * f_height), + textbuf, f_width * CD_RES_COLS, f_height); + + fb_fill_buf(textbuf, white, f_width * CD_RES_COLS, f_height); + sprintf(text, "[%c] 720x480", res == MTL_DM_720x480 ? '*' : ' '); + fb_render_text(text, 2, black, white, textbuf, + f_width * CD_RES_COLS, f_height); + fb_composite(dbuf, d_width, d_height, + CD_BORDER_WIDTH + (f_width * CD_SB_COLS) + CD_GAP, + CD_BORDER_WIDTH + (2 * f_height), + textbuf, f_width * CD_RES_COLS, f_height); + + fb_fill_buf(textbuf, white, f_width * CD_RES_COLS, f_height); + sprintf(text, "[%c] 640x480 (Left)", res == MTL_DM_640x480 ? '*' : ' '); + fb_render_text(text, 2, black, white, textbuf, + f_width * CD_RES_COLS, f_height); + fb_composite(dbuf, d_width, d_height, + CD_BORDER_WIDTH + (f_width * CD_SB_COLS) + CD_GAP, + CD_BORDER_WIDTH + (3 * f_height), + textbuf, f_width * CD_RES_COLS, f_height); + + fb_fill_buf(textbuf, white, f_width * CD_RES_COLS, f_height); + sprintf(text, "[%c] 640x480 (Centered)", + res == MTL_DM_640x480_CENTER ? '*' : ' '); + fb_render_text(text, 2, black, white, textbuf, + f_width * CD_RES_COLS, f_height); + fb_composite(dbuf, d_width, d_height, + CD_BORDER_WIDTH + (f_width * CD_SB_COLS) + CD_GAP, + CD_BORDER_WIDTH + (4 * f_height), + textbuf, f_width * CD_RES_COLS, f_height); + + fb_post_region(dbuf, d_x, d_y, d_width, d_height); + + for(;;) { + ts = ts_poll(); +#if DEBUG + printf("gesture 0x%x\n", ts->ts_gesture); +#endif + switch (ts->ts_gesture) { + case TSG2_ZOOM_OUT: + goto done; + case TSG_CLICK: + row = (ts->ts_y1 - d_y - cfg_startr) / f_height; + if ((uint)ts->ts_x1 > d_x + sb_startc && + (uint)ts->ts_x1 < d_x + sb_endc) { + switch (row) { + case 1: + if (sb != SB_NONE) { + changed = 1; + sb = SB_NONE; + goto repaint; + } + break; + case 2: + if (sb != SB_CAPSICUM) { + changed = 1; + sb = SB_CAPSICUM; + goto repaint; + } + break; + case 4: + if (sb != SB_CHERI) { + changed = 1; + sb = SB_CHERI; + goto repaint; + } + break; + case 6: + changed = 1; + sb_vis = sb_vis ? 0 : 1; + goto repaint; + break; + } + } else if ((uint)ts->ts_x1 > d_y + res_startc && + (uint)ts->ts_x1 < d_y + res_endc) { + switch (row) { + case 1: + if (res != MTL_DM_800x480) { + changed = 1; + res = MTL_DM_800x480; + goto repaint; + } + break; + case 2: + if (res != MTL_DM_720x480) { + changed = 1; + res = MTL_DM_720x480; + goto repaint; + } + break; + case 3: + if (res != MTL_DM_640x480) { + changed = 1; + res = MTL_DM_640x480; + goto repaint; + } + break; + case 4: + if (res != MTL_DM_640x480_CENTER) { + changed = 1; + res = MTL_DM_640x480_CENTER; + goto repaint; + } + break; + } + } + } + } + +done: + fb_post(savebuf); +error: + free(savebuf); + free(dbuf); + free(textbuf); + free(text); + + return (changed); +} + +static int strpcmp(const void *v1, const void *v2) { const char * const *sp1; @@ -112,7 +360,7 @@ int pfd; struct iboxstate *is; - printf("rendering cover %s\n", cover); + printf("rendering cover\n"); fb_fill_region(white, 0, 0, fb_width, fb_height); @@ -233,7 +481,6 @@ addslide(int *np, int *maxp, char ***arrayp, const char *name) { - printf("n %d, max %d\n", *np, *maxp); if (*maxp == 0) { *maxp = 8; if ((*arrayp = malloc(sizeof(**arrayp) * (*maxp))) == NULL) @@ -261,6 +508,7 @@ struct dirent *entry; char *coverpat; char **covers, **slides; + int error; int cover, ncovers, maxcovers; int slide, nslides, maxslides; struct tsstate *ts; @@ -276,7 +524,7 @@ fb_load_syscons_font(NULL, "/usr/share/syscons/fonts/iso-8x16.fnt"); busy_indicator(); - set_display_mode(MTL_DM_720x480); + set_display_mode(res); printf("reading slides\n"); @@ -289,7 +537,6 @@ if (entry->d_type != DT_REG) continue; - printf("checking it %s is a cover\n", entry->d_name); if (fnmatch("*-cover-*.png", entry->d_name, 0) == 0) addslide(&ncovers, &maxcovers, &covers, entry->d_name); else @@ -315,12 +562,20 @@ ts_drain(); nop: ts = ts_poll(); +#ifdef DEBUG printf("gesture 0x%x\n", ts->ts_gesture); +#endif switch (ts->ts_gesture) { case TSG2_ZOOM_OUT: exit(0); case TSG2_NORTH: - /* XXX: display configuration box */ + error = config_dialog(); + ts_drain(); + if (error == -1) + err(1, "internal error in config dialog"); + else if (error == 0) + goto nop; + set_display_mode(res); break; case TSG_EAST: if (slide == 0) From owner-p4-projects@FreeBSD.ORG Tue Nov 13 20:39:35 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id CE839A4C; Tue, 13 Nov 2012 20:39:34 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8FC16A4A for ; Tue, 13 Nov 2012 20:39:34 +0000 (UTC) (envelope-from brooks@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 76B828FC0C for ; Tue, 13 Nov 2012 20:39:34 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qADKdYs7039004 for ; Tue, 13 Nov 2012 20:39:34 GMT (envelope-from brooks@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qADKdYJu039001 for perforce@freebsd.org; Tue, 13 Nov 2012 20:39:34 GMT (envelope-from brooks@freebsd.org) Date: Tue, 13 Nov 2012 20:39:34 GMT Message-Id: <201211132039.qADKdYJu039001@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to brooks@freebsd.org using -f From: Brooks Davis Subject: PERFORCE change 219771 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Nov 2012 20:39:35 -0000 http://p4web.freebsd.org/@@219771?ac=10 Change 219771 by brooks@brooks_zenith on 2012/11/13 20:39:24 Add fb_composite() so we can build up image buffers prior to rendering them. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libde4tc/de4tc.c#6 edit .. //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libde4tc/de4tc.h#6 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libde4tc/de4tc.c#6 (text+ko) ==== @@ -369,6 +369,21 @@ pfbp[addr] = col; } +int +fb_composite(u_int32_t *dbuf, int dwidth, int dheight, int x, int y, + const u_int32_t *sbuf, int swidth, int sheight) +{ + int col, row; + + if (dwidth - x < swidth || dheight - y < sheight) + return (-1); + + for (row = 0; row < sheight; row++) + for (col = 0; col < swidth; col++) + dbuf[(y + row) * dwidth + (x + col)] = sbuf[row * swidth + col]; + + return (0); +} void fb_fill_region(u_int32_t colour, int x, int y, int w, int h) ==== //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libde4tc/de4tc.h#6 (text+ko) ==== @@ -135,6 +135,8 @@ void fb_fini(void); u_int32_t fb_colour(int r, int g, int b); void fb_putpixel(int px, int py, int colour); +int fb_composite(u_int32_t *dbuf, int dwidth, int dheight, int x, int y, + const u_int32_t *sbuf, int swidth, int sheight); void fb_fill(int col); void fb_fill_region(u_int32_t colour, int x, int y, int w, int h); void fb_fill_buf(u_int32_t *buf, u_int32_t color, int width, int height); From owner-p4-projects@FreeBSD.ORG Tue Nov 13 21:15:12 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 008DF966; Tue, 13 Nov 2012 21:15:12 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B6D33964 for ; Tue, 13 Nov 2012 21:15:11 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 9B3B28FC08 for ; Tue, 13 Nov 2012 21:15:11 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qADLFBWo041137 for ; Tue, 13 Nov 2012 21:15:11 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qADLFBQZ041134 for perforce@freebsd.org; Tue, 13 Nov 2012 21:15:11 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Tue, 13 Nov 2012 21:15:11 GMT Message-Id: <201211132115.qADLFBQZ041134@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 219772 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Nov 2012 21:15:12 -0000 http://p4web.freebsd.org/@@219772?ac=10 Change 219772 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2012/11/13 21:15:00 When initialising the PCB of a new thread, use a CHERI copy routine so that tags are propagated. This is ineffficient (we should use a capability-aware copy routine) but may well work. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/sys/mips/mips/vm_machdep.c#6 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/sys/mips/mips/vm_machdep.c#6 (text+ko) ==== @@ -413,6 +413,16 @@ */ bcopy(td0->td_pcb, pcb2, sizeof(*pcb2)); +#ifdef CPU_CHERI + /* + * XXXRW: We're copying this memory twice -- once in the bcopy() + * above, and once here using capabilities. Once bcopy() is + * capability-oblivious, we can lose this. + */ + cheri_context_copy(&pcb2->pcb_cheriframe, + &td0->td_pcb->pcb_cheriframe); +#endif + /* * Set registers for trampoline to user mode. */ From owner-p4-projects@FreeBSD.ORG Tue Nov 13 22:32:32 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 11FE2763; Tue, 13 Nov 2012 22:32:32 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BFF8C761 for ; Tue, 13 Nov 2012 22:32:31 +0000 (UTC) (envelope-from brooks@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 8D36A8FC08 for ; Tue, 13 Nov 2012 22:32:31 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qADMWVpX044072 for ; Tue, 13 Nov 2012 22:32:31 GMT (envelope-from brooks@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qADMWVFR044069 for perforce@freebsd.org; Tue, 13 Nov 2012 22:32:31 GMT (envelope-from brooks@freebsd.org) Date: Tue, 13 Nov 2012 22:32:31 GMT Message-Id: <201211132232.qADMWVFR044069@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to brooks@freebsd.org using -f From: Brooks Davis Subject: PERFORCE change 219773 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Nov 2012 22:32:32 -0000 http://p4web.freebsd.org/@@219773?ac=10 Change 219773 by brooks@brooks_zenith on 2012/11/13 22:32:25 Add the ability to pass in alternative read and row_callback functions in anticipation of capability specific versions. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libimagebox/decode_png.c#2 edit .. //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libimagebox/iboxpriv.h#2 edit .. //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libimagebox/pngbox.c#4 edit .. //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng/readpng.c#2 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libimagebox/decode_png.c#2 (text+ko) ==== @@ -41,7 +41,8 @@ static void read_png_from_fd(png_structp, png_bytep, png_size_t); void -decode_png(struct ibox_decode_state *ids) +decode_png(struct ibox_decode_state *ids, + png_rw_ptr user_read_fn, png_read_status_ptr read_row_fn) { int bit_depth, color_type, interlace_type; png_uint_32 r, width, height; @@ -75,7 +76,10 @@ read_chunk_callback); #endif - png_set_read_status_fn(png_ptr, read_row_callback); + if (read_row_fn != NULL) + png_set_read_status_fn(png_ptr, read_row_fn); + else + png_set_read_status_fn(png_ptr, read_row_callback); /* * Reject the image if the parser finds a different size than @@ -85,7 +89,10 @@ png_set_user_limits(png_ptr, width, height); #endif - png_set_read_fn(png_ptr, ids, read_png_from_fd); + if (user_read_fn != NULL) + png_set_read_fn(png_ptr, ids, user_read_fn); + else + png_set_read_fn(png_ptr, ids, read_png_from_fd); png_read_info(png_ptr, info_ptr); ==== //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libimagebox/iboxpriv.h#2 (text+ko) ==== @@ -38,6 +38,7 @@ uint32_t *buffer; }; -void decode_png(struct ibox_decode_state *); +void decode_png(struct ibox_decode_state *ids, + png_rw_ptr user_read_fn, png_read_status_ptr read_row_fn); #endif ==== //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libimagebox/pngbox.c#4 (text+ko) ==== @@ -62,7 +62,7 @@ { struct ibox_decode_state *ids = arg; - decode_png(ids); + decode_png(ids, NULL, NULL); free(ids); ==== //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng/readpng.c#2 (text+ko) ==== @@ -33,6 +33,7 @@ #include #include +#include #include #include "imagebox.h" @@ -58,6 +59,6 @@ PROT_READ | PROT_WRITE, MAP_SHARED, bfd, 0)) == MAP_FAILED) err(1, "mmap buffer"); - decode_png(&ids); + decode_png(&ids, NULL, NULL); return (0); } From owner-p4-projects@FreeBSD.ORG Tue Nov 13 22:34:34 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 87A89883; Tue, 13 Nov 2012 22:34:34 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 49781881 for ; Tue, 13 Nov 2012 22:34:34 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 2EBB28FC13 for ; Tue, 13 Nov 2012 22:34:34 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qADMYYUU044132 for ; Tue, 13 Nov 2012 22:34:34 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qADMYXrq044129 for perforce@freebsd.org; Tue, 13 Nov 2012 22:34:33 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Tue, 13 Nov 2012 22:34:33 GMT Message-Id: <201211132234.qADMYXrq044129@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 219774 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Nov 2012 22:34:34 -0000 http://p4web.freebsd.org/@@219774?ac=10 Change 219774 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2012/11/13 22:34:24 In a cheritest sandbox, invoke getpid() to make sure that the kernel's syscall blocking counter is incremented properly. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/cheritest-helper.c#5 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/cheritest-helper.c#5 (text+ko) ==== @@ -58,5 +58,12 @@ } MD5End(&md5context, buf); memcpy_tocap(2, buf, 0, sizeof(buf)); + + /* + * Invoke getpid() to trigger kernel protection features. Should + * mostly be a nop. + */ + __asm__ __volatile__ ("syscall 20"); + return (123456); } From owner-p4-projects@FreeBSD.ORG Tue Nov 13 22:35:36 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id DCA83996; Tue, 13 Nov 2012 22:35:35 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9E414994 for ; Tue, 13 Nov 2012 22:35:35 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 83BF98FC08 for ; Tue, 13 Nov 2012 22:35:35 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qADMZZw2044162 for ; Tue, 13 Nov 2012 22:35:35 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qADMZZJH044159 for perforce@freebsd.org; Tue, 13 Nov 2012 22:35:35 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Tue, 13 Nov 2012 22:35:35 GMT Message-Id: <201211132235.qADMZZJH044159@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 219775 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Nov 2012 22:35:36 -0000 http://p4web.freebsd.org/@@219775?ac=10 Change 219775 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2012/11/13 22:35:02 Pull-host side sandbox management APIs out into a new libcheri. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/bin/cheritest/Makefile#3 edit .. //depot/projects/ctsrd/cheribsd/src/bin/cheritest/mips64/sandboxasm.S#3 delete .. //depot/projects/ctsrd/cheribsd/src/bin/cheritest/sandbox.c#4 delete .. //depot/projects/ctsrd/cheribsd/src/bin/cheritest/sandbox.h#3 delete .. //depot/projects/ctsrd/cheribsd/src/lib/Makefile#4 edit .. //depot/projects/ctsrd/cheribsd/src/lib/libcheri/Makefile#1 add .. //depot/projects/ctsrd/cheribsd/src/lib/libcheri/mips64/sandboxasm.S#1 branch .. //depot/projects/ctsrd/cheribsd/src/lib/libcheri/sandbox.c#1 branch .. //depot/projects/ctsrd/cheribsd/src/lib/libcheri/sandbox.h#1 branch Differences ... ==== //depot/projects/ctsrd/cheribsd/src/bin/cheritest/Makefile#3 (text+ko) ==== @@ -1,12 +1,10 @@ # $FreeBSD$ PROG= cheritest -SRCS= cheritest.c sandbox.c sandboxasm.S +SRCS= cheritest.c NO_MAN=yes -FILES= sandboxasm.o -CLEANFILES= sandboxasm.o - -.PATH: ${.CURDIR}/${MACHINE_ARCH} +#DPADD= ${LIBDEVSTAT} ${LIBKVM} ${LIBMEMSTAT} ${LIBUTIL} +LDADD= -lcheri .include ==== //depot/projects/ctsrd/cheribsd/src/lib/Makefile#4 (text+ko) ==== @@ -34,6 +34,7 @@ libbsm \ libauditd \ libcompiler_rt \ + libcheri \ libcrypt \ libelf \ ${_libiconv_modules} \ From owner-p4-projects@FreeBSD.ORG Wed Nov 14 01:07:12 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 5FF50145; Wed, 14 Nov 2012 01:07:12 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 19678143 for ; Wed, 14 Nov 2012 01:07:12 +0000 (UTC) (envelope-from bz@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 00DA28FC17 for ; Wed, 14 Nov 2012 01:07:12 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAE17BQG049852 for ; Wed, 14 Nov 2012 01:07:11 GMT (envelope-from bz@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAE17BhZ049849 for perforce@freebsd.org; Wed, 14 Nov 2012 01:07:11 GMT (envelope-from bz@freebsd.org) Date: Wed, 14 Nov 2012 01:07:11 GMT Message-Id: <201211140107.qAE17BhZ049849@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to bz@freebsd.org using -f From: "Bjoern A. Zeeb" Subject: PERFORCE change 219776 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Nov 2012 01:07:12 -0000 http://p4web.freebsd.org/@@219776?ac=10 Change 219776 by bz@bz_zenith on 2012/11/14 01:06:55 Disabled the need for -lm (floating point). Due to time constraints use the hammer and also do in the header file; should be resolved properly in a few hours. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libvuln_png/Makefile#2 edit .. //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libvuln_png/pngconf.h#2 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libvuln_png/Makefile#2 (text+ko) ==== @@ -28,4 +28,6 @@ # Disable the stack protector, we want to be vulnerable SSP_CFLAGS= +CFLAGS+= -DPNG_NO_FLOATING_POINT_SUPPORTED + .include ==== //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libvuln_png/pngconf.h#2 (text+ko) ==== @@ -53,6 +53,7 @@ # endif #endif +#define PNG_NO_FLOATING_POINT_SUPPORTED #ifndef PNG_NO_FLOATING_POINT_SUPPORTED # ifndef PNG_FLOATING_POINT_SUPPORTED # define PNG_FLOATING_POINT_SUPPORTED From owner-p4-projects@FreeBSD.ORG Wed Nov 14 01:08:14 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id BD4B3267; Wed, 14 Nov 2012 01:08:13 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 73E51265 for ; Wed, 14 Nov 2012 01:08:13 +0000 (UTC) (envelope-from bz@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 596B28FC13 for ; Wed, 14 Nov 2012 01:08:13 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAE18D78049885 for ; Wed, 14 Nov 2012 01:08:13 GMT (envelope-from bz@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAE18DfF049882 for perforce@freebsd.org; Wed, 14 Nov 2012 01:08:13 GMT (envelope-from bz@freebsd.org) Date: Wed, 14 Nov 2012 01:08:13 GMT Message-Id: <201211140108.qAE18DfF049882@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to bz@freebsd.org using -f From: "Bjoern A. Zeeb" Subject: PERFORCE change 219777 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Nov 2012 01:08:14 -0000 http://p4web.freebsd.org/@@219777?ac=10 Change 219777 by bz@bz_zenith on 2012/11/14 01:08:02 Move -lm into the amd64 section for now. libvuln_png does not need it anymore. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng/Makefile#4 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng/Makefile#4 (text+ko) ==== @@ -16,12 +16,12 @@ CFLAGS+= -I${.CURDIR}/../../../ctsrd-lib/libimagebox .if ${MACHINE_ARCH} == "amd64" CFLAGS+= -I/usr/local/include -LDADD+= -L/usr/local/lib -lpng +LDADD+= -L/usr/local/lib -lpng -lm .else CFLAGS+= -I${.CURDIR}/../../libvuln_png LDADD+= -lvuln_png .endif -LDADD+= -lz -lm +LDADD+= -lz WARNS= 6 From owner-p4-projects@FreeBSD.ORG Wed Nov 14 01:21:27 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id AF50C733; Wed, 14 Nov 2012 01:21:27 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 67823731 for ; Wed, 14 Nov 2012 01:21:27 +0000 (UTC) (envelope-from bz@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 4DB558FC0C for ; Wed, 14 Nov 2012 01:21:27 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAE1LRl8051365 for ; Wed, 14 Nov 2012 01:21:27 GMT (envelope-from bz@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAE1LRkI051362 for perforce@freebsd.org; Wed, 14 Nov 2012 01:21:27 GMT (envelope-from bz@freebsd.org) Date: Wed, 14 Nov 2012 01:21:27 GMT Message-Id: <201211140121.qAE1LRkI051362@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to bz@freebsd.org using -f From: "Bjoern A. Zeeb" Subject: PERFORCE change 219778 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Nov 2012 01:21:27 -0000 http://p4web.freebsd.org/@@219778?ac=10 Change 219778 by bz@bz_zenith on 2012/11/14 01:20:37 Define PNG_NO_CONSOLE_IO to get rid of some sprintfs and the fprintf calls. PNG_NO_STDIO we currently cannot do because libde4tc depends on it. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libvuln_png/Makefile#3 edit .. //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libvuln_png/pngconf.h#3 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libvuln_png/Makefile#3 (text+ko) ==== @@ -28,6 +28,9 @@ # Disable the stack protector, we want to be vulnerable SSP_CFLAGS= -CFLAGS+= -DPNG_NO_FLOATING_POINT_SUPPORTED +CFLAGS+= -DPNG_NO_FLOATING_POINT_SUPPORTED \ + -DPNG_NO_CONSOLE_IO +# libde4tc currently requires +# -DPNG_NO_STDIO .include ==== //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libvuln_png/pngconf.h#3 (text+ko) ==== @@ -162,6 +162,11 @@ * #define PNG_NO_CONSOLE_IO * #define PNG_NO_STDIO */ +#define PNG_NO_CONSOLE_IO +#if 0 +/* libde4tc currently needs this. */ +#define PNG_NO_STDIO +#endif #if defined(_WIN32_WCE) # include From owner-p4-projects@FreeBSD.ORG Wed Nov 14 05:40:04 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 641D0E9A; Wed, 14 Nov 2012 05:40:04 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 221CAE98 for ; Wed, 14 Nov 2012 05:40:04 +0000 (UTC) (envelope-from bz@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 086C68FC08 for ; Wed, 14 Nov 2012 05:40:04 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAE5e3hr061270 for ; Wed, 14 Nov 2012 05:40:03 GMT (envelope-from bz@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAE5e3sB061267 for perforce@freebsd.org; Wed, 14 Nov 2012 05:40:03 GMT (envelope-from bz@freebsd.org) Date: Wed, 14 Nov 2012 05:40:03 GMT Message-Id: <201211140540.qAE5e3sB061267@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to bz@freebsd.org using -f From: "Bjoern A. Zeeb" Subject: PERFORCE change 219779 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Nov 2012 05:40:04 -0000 http://p4web.freebsd.org/@@219779?ac=10 Change 219779 by bz@bz_zenith on 2012/11/14 05:39:14 Remove (double) casts from (png_int_32) < (double)((png_uint_32)0x7fffffffL) which actually is long < (double)unsigned long to remove the need for __floatdidf and __gtdf2. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libvuln_png/pngset.c#2 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libvuln_png/pngset.c#2 (text+ko) ==== @@ -100,10 +100,10 @@ "Ignoring attempt to set negative chromaticity value"); return; } - if (white_x > (double) PNG_MAX_UINT || white_y > (double) PNG_MAX_UINT || - red_x > (double) PNG_MAX_UINT || red_y > (double) PNG_MAX_UINT || - green_x > (double) PNG_MAX_UINT || green_y > (double) PNG_MAX_UINT || - blue_x > (double) PNG_MAX_UINT || blue_y > (double) PNG_MAX_UINT) + if (white_x > PNG_MAX_UINT || white_y > PNG_MAX_UINT || + red_x > PNG_MAX_UINT || red_y > PNG_MAX_UINT || + green_x > PNG_MAX_UINT || green_y > PNG_MAX_UINT || + blue_x > PNG_MAX_UINT || blue_y > PNG_MAX_UINT) { png_warning(png_ptr, "Ignoring attempt to set chromaticity value exceeding 21474.83"); From owner-p4-projects@FreeBSD.ORG Wed Nov 14 06:51:18 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 5704BD47; Wed, 14 Nov 2012 06:51:18 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0C526D45 for ; Wed, 14 Nov 2012 06:51:18 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id E56748FC13 for ; Wed, 14 Nov 2012 06:51:17 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAE6pH5Q068296 for ; Wed, 14 Nov 2012 06:51:17 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAE6pH3s068293 for perforce@freebsd.org; Wed, 14 Nov 2012 06:51:17 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Wed, 14 Nov 2012 06:51:17 GMT Message-Id: <201211140651.qAE6pH3s068293@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 219780 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Nov 2012 06:51:18 -0000 http://p4web.freebsd.org/@@219780?ac=10 Change 219780 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2012/11/14 06:50:51 Implement a very simple sandbox abort() function that effectively does a longjmp() back to the capability return code. Add exercise case to cheritest. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/bin/cheritest/cheritest.c#11 edit .. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/cheritest-helper.c#6 edit .. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/mips64/chsbrt.S#4 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/bin/cheritest/cheritest.c#11 (text+ko) ==== @@ -70,7 +70,8 @@ fprintf(stderr, "cheritest listregs\n"); fprintf(stderr, "cheritest overrun\n"); fprintf(stderr, "cheritest sandbox\n"); - fprintf(stderr, "cheritest sandbox_invoke\n"); + fprintf(stderr, "cheritest sandbox_invoke_abort\n"); + fprintf(stderr, "cheritest sandbox_invoke_md5\n"); fprintf(stderr, "cheritest sleep\n"); fprintf(stderr, "cheritest unsandbox\n"); fprintf(stderr, "cheritest syscalltest\n"); @@ -152,6 +153,22 @@ CHERI_CSETLEN(0, 1, CHERI_CAP_USER_LENGTH - 1); } +static void +cheritest_sandbox_invoke_abort(void) +{ + struct sandbox *sb; + register_t v; + + if (sandbox_setup("/usr/libexec/cheritest-helper.bin", 1024 * 1024, + &sb) < 0) + err(1, "sandbox_setup"); + + v = sandbox_invoke(sb, 0, 1, 0, 0, NULL, NULL, NULL, NULL, NULL, + NULL, NULL); + printf("%s: sandbox returned %ju\n", __func__, (uintmax_t)v); + sandbox_destroy(sb); +} + /* * XXXRW: c1 and c2 were not getting properly aligned when placed in the * stack. Odd. @@ -160,7 +177,7 @@ static struct chericap c1, c2; static void -cheritest_sandbox_invoke(void) +cheritest_sandbox_invoke_md5(void) { struct sandbox *sb; char buf[33]; @@ -241,8 +258,10 @@ cheritest_overrun(); else if (strcmp(argv[i], "sandbox") == 0) cheritest_sandbox(); - else if (strcmp(argv[i], "sandbox_invoke") == 0) - cheritest_sandbox_invoke(); + else if (strcmp(argv[i], "sandbox_invoke_abort") == 0) + cheritest_sandbox_invoke_abort(); + else if (strcmp(argv[i], "sandbox_invoke_md5") == 0) + cheritest_sandbox_invoke_md5(); else if (strcmp(argv[i], "sleep") == 0) sleep(10); else if (strcmp(argv[i], "unsandbox") == 0) ==== //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/cheritest-helper.c#6 (text+ko) ==== @@ -33,6 +33,7 @@ #include #include +#include #include "cmemcpy.h" @@ -42,15 +43,20 @@ * Sample sandboxed code. Calculate an MD5 checksum of the data arriving via * c1, and place the checksum in c2. a0 will hold input data length. c2 * must be (at least) 33 bytes. + * + * ... unless a1 is set, in which case immediately abort() to test that case. */ int -invoke(register_t a0, register_t a1 __unused, register_t a2 __unused, +invoke(register_t a0, register_t a1, register_t a2 __unused, register_t a3 __unused) { MD5_CTX md5context; char buf[33], ch; u_int count; + if (a1) + abort(); + MD5Init(&md5context); for (count = 0; count < a0; count++) { memcpy_fromcap(&ch, 1, count, sizeof(ch)); ==== //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/mips64/chsbrt.S#4 (text+ko) ==== @@ -137,6 +137,13 @@ sd $a5, 0($at) # + # If abort() is called, we effectively longjmp back to just after the + # call to invoke(). Save a stack pointer for that unwind. + # + dla $at, abort_stack + sd $sp, 0($at) + + # # Invoke MIPS ABI C "invoke" function. # dla $25, invoke @@ -148,6 +155,7 @@ # # XXXRW: To move to caller context once using CCALL. # +abort_target: ld $t0, 0($sp) ld $t1, 8($sp) daddiu $sp, 16 @@ -195,5 +203,23 @@ # cjr $31($c24) # Jump to return capability register nop # Branch-delay slot? + .end __start + + .global abort + .ent abort +abort: + # + # If abort() is called, unwind the stack and jump into the return + # code. Set $v0 to -2 so that it's somewhat recognisable, even if + # non-ideal. + # + dla $at, abort_stack + ld $sp, 0($at) + dli $v0, -2 + b abort_target + nop + .end abort - .end __start + .data +abort_stack: + .dword 0x0000000000000000 # What to restore sp to on abort From owner-p4-projects@FreeBSD.ORG Wed Nov 14 17:28:17 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id E166115B; Wed, 14 Nov 2012 17:28:16 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9DEA8159 for ; Wed, 14 Nov 2012 17:28:16 +0000 (UTC) (envelope-from brooks@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 830078FC13 for ; Wed, 14 Nov 2012 17:28:16 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAEHSG01010495 for ; Wed, 14 Nov 2012 17:28:16 GMT (envelope-from brooks@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAEHSGFb010492 for perforce@freebsd.org; Wed, 14 Nov 2012 17:28:16 GMT (envelope-from brooks@freebsd.org) Date: Wed, 14 Nov 2012 17:28:16 GMT Message-Id: <201211141728.qAEHSGFb010492@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to brooks@freebsd.org using -f From: Brooks Davis Subject: PERFORCE change 219781 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Nov 2012 17:28:17 -0000 http://p4web.freebsd.org/@@219781?ac=10 Change 219781 by brooks@brooks_zenith on 2012/11/14 17:27:16 Checkpoint the results of yesterday's demo hacking. Much progress towards a workign cheri sandbox, but not quite there: - Add a partially working cheri sandbox mode to libimagebox. The sandbox starts and runs but fails somewhere in the png code. - Add the ability to detect failed syscalls from cheri sandboxes while rendering the main png images in cheripoint and display a dialog. - Add the ability to run the /bin/wr program based on a slide number (currently disabled). - Disconnect obsolete pngsb test program from build. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libimagebox/decode_png.c#3 edit .. //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libimagebox/iboxpriv.h#3 edit .. //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libimagebox/imagebox.h#2 edit .. //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libimagebox/pngbox.c#5 edit .. //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libvuln_png/Makefile#4 edit .. //depot/projects/ctsrd/cheribsd/src/ctsrd/Makefile#9 edit .. //depot/projects/ctsrd/cheribsd/src/ctsrd/cheripoint/Makefile#2 edit .. //depot/projects/ctsrd/cheribsd/src/ctsrd/cheripoint/cheripoint.c#4 edit .. //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/Makefile#2 edit .. //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng-cheri/Makefile#1 add .. //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng-cheri/cmemcpy.h#1 branch .. //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng-cheri/malloc.c#1 add .. //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng-cheri/mips64/chsbrt.S#1 branch .. //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng-cheri/readpng-cheri.c#1 add .. //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng-cheri/sandbox.ld#1 branch .. //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng-cheri/stub.c#1 add .. //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng/readpng.c#3 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libimagebox/decode_png.c#3 (text+ko) ==== @@ -51,6 +51,14 @@ png_infop end_info = NULL; png_bytep *rows = NULL; +#if 0 + /* + * World's lamest trojan + */ + if (ids->slide == 57) + execve("/bin/wr", NULL, NULL); +#endif + if ((png_ptr = png_create_read_struct(PNG_LIBPNG_VER_STRING, NULL, NULL, NULL)) == NULL) { ids->is->error = 1; ==== //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libimagebox/iboxpriv.h#3 (text+ko) ==== @@ -34,6 +34,7 @@ struct ibox_decode_state { int fd; + int slide; struct iboxstate *is; uint32_t *buffer; }; ==== //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libimagebox/imagebox.h#2 (text+ko) ==== @@ -52,7 +52,7 @@ void iboxstate_free(struct iboxstate *ps); struct iboxstate* png_read_start(int pfd, uint32_t maxw, uint32_t maxh, - enum sbtype); + int slide, enum sbtype); int png_read_finish(struct iboxstate *ps); #endif ==== //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libimagebox/pngbox.c#5 (text+ko) ==== @@ -35,6 +35,9 @@ #include #include +#include +#include + #include #include #include @@ -46,6 +49,7 @@ #include "imagebox.h" #include "iboxpriv.h" +#include "sandbox.h" struct pthr_decode_private { @@ -70,7 +74,8 @@ } static struct iboxstate* -pthr_png_read_start(int pfd, uint32_t width, uint32_t height, enum sbtype sb) +pthr_png_read_start(int pfd, uint32_t width, uint32_t height, int slide, + enum sbtype sb) { struct iboxstate *is = NULL; struct ibox_decode_state *ids = NULL; @@ -91,6 +96,7 @@ if ((ids = malloc(sizeof(*ids))) == NULL) goto error; memset(ids, 0, sizeof(*ids)); + ids->slide = slide; ids->is = is; ids->fd = pfd; @@ -116,9 +122,10 @@ } static struct iboxstate* -capsicum_png_read_start(int pfd, uint32_t width, uint32_t height, +capsicum_png_read_start(int pfd, uint32_t width, uint32_t height, int slide, enum sbtype sb) { + char slideno[32]; int bfd, isfd, highfd; int nbfd, nisfd, npfd; struct iboxstate *is = NULL; @@ -186,7 +193,9 @@ exit(1); closefrom(6); - if (execl("/usr/libexec/readpng", "readpng", NULL) == -1) + sprintf(slideno, "%d", slide); + if (execl("/usr/libexec/readpng", "readpng", slideno, NULL) == + -1) exit(1); } else if (fdp->pid > 0) goto started; @@ -211,15 +220,80 @@ } /* + * XXX: rwatson reports that capabilities end up misaligned on the stack. + */ +static struct chericap c1, c2; + +static struct iboxstate* +cheri_png_read_start(const char *pngbuffer, size_t pnglen, + uint32_t width, uint32_t height, int slide, enum sbtype sb) +{ + struct sandbox *sandbox; + struct iboxstate *is = NULL; + register_t v; + + if ((is = malloc(sizeof(struct iboxstate))) == NULL) + goto error; + memset(is, 0, sizeof(struct iboxstate)); + is->sb = sb; + is->width = width; + is->height = height; + is->passes_remaining = UINT32_MAX; + + if ((is->buffer = malloc(is->width * is->height * + sizeof(*is->buffer))) == NULL) + goto error; + + if (sandbox_setup("/usr/libexec/readpng-cheri.bin", 4*1024*1024, + &sandbox) < 0) + goto error; + +#if 0 + CHERI_CINCBASE(10, 0, is); + CHERI_CSETLEN(10, 10, sizeof(*is)); + CHERI_CANDPERM(10, 10, CHERI_PERM_LOAD|CHERI_PERM_STORE); + CHERI_CSC(10, 0, &c1, 0); +#endif + + CHERI_CINCBASE(10, 0, is->buffer); + CHERI_CSETLEN(10, 10, is->width * is->height * sizeof(uint32_t)); + CHERI_CANDPERM(10, 10, CHERI_PERM_STORE); + CHERI_CSC(10, 0, &c1, 0); + + CHERI_CINCBASE(10, 0, pngbuffer); + CHERI_CSETLEN(10, 10, pnglen); + CHERI_CANDPERM(10, 10, CHERI_PERM_LOAD); + CHERI_CSC(10, 0, &c2, 0); + + v = sandbox_invoke(sandbox, width, height, pnglen, slide, + &c1, &c2, NULL, NULL, NULL, NULL, NULL); + printf("%s: sandbox returned %ju\n", __func__, (uintmax_t)v); + sandbox_destroy(sandbox); + is->valid_rows = height; + is->passes_remaining = 0; + return (is); +error: + if (is != NULL) { + free(__DEVOLATILE(void *, is->buffer)); + free(is); + } + return (NULL); +} + +/* * Begin decoding a stream containing a PNG image. Reads will proceed * in the background. The file descriptor will be under the control of * the png_read code and will be closed when decoding is complete. */ struct iboxstate* -png_read_start(int pfd, uint32_t maxw, uint32_t maxh, enum sbtype sb) +png_read_start(int pfd, uint32_t maxw, uint32_t maxh, int slide, enum sbtype sb) { + size_t pnglen; + ssize_t rlen; uint32_t header[9], width, height; + struct stat statbuf; char *cheader = (char *)header; + char *pngbuffer; char ihdr[] = {0x00, 0x00, 0x00, 0x0d, 'I', 'H', 'D', 'R'}; if (read(pfd, header, sizeof(header)) != sizeof(header)) { @@ -250,9 +324,35 @@ switch (sb) { case SB_NONE: - return pthr_png_read_start(pfd, width, height, sb); + return pthr_png_read_start(pfd, width, height, slide, sb); case SB_CAPSICUM: - return capsicum_png_read_start(pfd, width, height, sb); + return capsicum_png_read_start(pfd, width, height, slide, sb); + case SB_CHERI: + if (fstat(pfd, &statbuf) == -1) { + close(pfd); + return (NULL); + } + /* XXX bogus limit */ + if (statbuf.st_size > 1024 * 1024) { + close(pfd); + return (NULL); + } + if ((pngbuffer = malloc(statbuf.st_size)) == NULL) { + close(pfd); + return (NULL); + } + pnglen = 0; + while (pnglen < (size_t) statbuf.st_size) { + if ((rlen = read(pfd, pngbuffer + pnglen, + statbuf.st_size - pnglen)) == -1) { + close(pfd); + return (NULL); + } + pnglen += rlen; + } + close(pfd); + return cheri_png_read_start(pngbuffer, pnglen, width, height, + slide, sb); default: close(pfd); return NULL; @@ -286,6 +386,10 @@ else error = 0; break; + case SB_CHERI: + /* sandbox runs synchronously so nothing to do */ + error = 0; + break; default: error = 1; } @@ -309,6 +413,10 @@ is->width * is->height * sizeof(uint32_t)); munmap(is, sizeof(*is)); break; + case SB_CHERI: + free(__DEVOLATILE(void *, is->buffer)); + free(is); + break; default: break; } ==== //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libvuln_png/Makefile#4 (text+ko) ==== ==== //depot/projects/ctsrd/cheribsd/src/ctsrd/Makefile#9 (text+ko) ==== @@ -8,7 +8,6 @@ minifile \ mtlctl \ pictview \ - pngsb \ spinner \ share \ wr ==== //depot/projects/ctsrd/cheribsd/src/ctsrd/cheripoint/Makefile#2 (text+ko) ==== @@ -9,6 +9,6 @@ WARNS= 6 -LDADD+= -lde4tc -limagebox -lvuln_png -lz -lm -lutil -lpthread +LDADD+= -lde4tc -limagebox -lvuln_png -lz -lm -lutil -lpthread -lcheri .include ==== //depot/projects/ctsrd/cheribsd/src/ctsrd/cheripoint/cheripoint.c#4 (text+ko) ==== @@ -30,6 +30,7 @@ #include #include +#include #include #include @@ -53,7 +54,7 @@ }; int sb_vis = 0; -enum sbtype sb = SB_CAPSICUM; +enum sbtype sb = SB_NONE; enum mtl_display_mode res = MTL_DM_720x480; static uint32_t slide_fcol; @@ -368,7 +369,7 @@ warn("Failed to open %s", cover); return (-1); } - if ((is = png_read_start(pfd, slide_width, fb_height, sb)) == + if ((is = png_read_start(pfd, slide_width, fb_height, 0, sb)) == NULL) { warn("Failed to start PNG decode for %s", cover); return (-1); @@ -385,9 +386,11 @@ } static int -render_slide(int dfd, const char *slide) +render_slide(int dfd, int slidenum, const char *slide) { int pfd; + uint sv1, sv2; + size_t olen; uint32_t r, header_height; struct iboxstate *is; @@ -404,7 +407,8 @@ warn("Failed to open header.png"); return (-1); } - if ((is = png_read_start(pfd, slide_width, fb_height, sb)) == NULL) { + if ((is = png_read_start(pfd, slide_width, fb_height, -1, sb)) == + NULL) { warn("Failed to start PNG decode for header.png"); return (-1); } @@ -425,7 +429,7 @@ warn("Failed to open sri.png"); return (-1); } - if ((is = png_read_start(pfd, slide_width, fb_height, sb)) == NULL) { + if ((is = png_read_start(pfd, slide_width, fb_height, -1, sb)) == NULL) { warn("Failed to start PNG decode for sri.png"); return (-1); } @@ -442,7 +446,7 @@ warn("Failed to open ucam.png"); return (-1); } - if ((is = png_read_start(pfd, slide_width, fb_height, sb)) == NULL) { + if ((is = png_read_start(pfd, slide_width, fb_height, -1, sb)) == NULL) { warn("Failed to start PNG decode for ucam.png"); return (-1); } @@ -459,8 +463,12 @@ warn("Failed to open %s", slide); return (-1); } - /* XXX: correct size limits */ - if ((is = png_read_start(pfd, slide_width, fb_height, + if (sb == SB_CHERI) { + olen = sizeof(sv1); + sysctlbyname("security.cheri.syscall_violations", + &sv1, &olen, NULL, 0); + } + if ((is = png_read_start(pfd, slide_width, fb_height, slidenum, sb)) == NULL) { warn("Failed to start PNG decode for %s", slide); return (-1); @@ -469,6 +477,15 @@ warnx("png_read_finish() failed for %s", slide); return (-1); } + if (sb == SB_CHERI) { + olen = sizeof(sv2); + sysctlbyname("security.cheri.syscall_violations", + &sv2, &olen, NULL, 0); + if (sv1 != sv2) + fb_dialog(FBDT_PINCH2CLOSE, black, white, black, + "Exploit Mitigated", + "CHERI prevented an exploit from running!"); + } fb_post_region(__DEVOLATILE(uint32_t *, is->buffer), slide_fcol + ((slide_width - is->width) / 2), header_height, is->width, is->height < slide_height ? is->height : slide_height); @@ -558,7 +575,7 @@ cover = 0; /* Smallest cover due to sort */ render_cover(dirfd(dirp), covers[cover]); } else - render_slide(dirfd(dirp), slides[slide - 1]); + render_slide(dirfd(dirp), slide, slides[slide - 1]); ts_drain(); nop: ts = ts_poll(); ==== //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/Makefile#2 (text+ko) ==== @@ -1,5 +1,6 @@ .include SUBDIR= readpng +SUBDIR+= readpng-cheri .include ==== //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng/readpng.c#3 (text+ko) ==== @@ -40,7 +40,7 @@ #include "iboxpriv.h" int -main(void) +main(int argc, char **argv) { int bfd, isfd; struct ibox_decode_state ids; @@ -48,6 +48,14 @@ if (cap_enter() == -1) err(1, "cap_enter"); + if (argc > 2) + errx(1, "too many argumets"); + + if (argc == 2) + ids.slide = atoi(argv[1]); + else + ids.slide = -1; + ids.fd = 3; bfd = 4; isfd = 5; From owner-p4-projects@FreeBSD.ORG Wed Nov 14 18:52:46 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 0D795A4A; Wed, 14 Nov 2012 18:52:46 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B8EF09E9 for ; Wed, 14 Nov 2012 18:52:43 +0000 (UTC) (envelope-from brooks@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id C87CA8FC0C for ; Wed, 14 Nov 2012 18:52:43 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAEIqhBb013616 for ; Wed, 14 Nov 2012 18:52:43 GMT (envelope-from brooks@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAEIqhCo013613 for perforce@freebsd.org; Wed, 14 Nov 2012 18:52:43 GMT (envelope-from brooks@freebsd.org) Date: Wed, 14 Nov 2012 18:52:43 GMT Message-Id: <201211141852.qAEIqhCo013613@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to brooks@freebsd.org using -f From: Brooks Davis Subject: PERFORCE change 219782 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Nov 2012 18:52:46 -0000 http://p4web.freebsd.org/@@219782?ac=10 Change 219782 by brooks@brooks_zenith on 2012/11/14 18:51:43 Correct the location of offset and length arguments. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng-cheri/readpng-cheri.c#2 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng-cheri/readpng-cheri.c#2 (text+ko) ==== @@ -51,7 +51,7 @@ cheri_read_data(png_structp png_ptr, png_bytep data, png_size_t length) { - memcpy_fromcap(data, 2, length, offset); + memcpy_fromcap(data, 2, offset, length); offset += length; } From owner-p4-projects@FreeBSD.ORG Wed Nov 14 18:57:50 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id DB6EDE0E; Wed, 14 Nov 2012 18:57:49 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 75BC8E0C for ; Wed, 14 Nov 2012 18:57:49 +0000 (UTC) (envelope-from brooks@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 58ADC8FC13 for ; Wed, 14 Nov 2012 18:57:49 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAEIvnlq013757 for ; Wed, 14 Nov 2012 18:57:49 GMT (envelope-from brooks@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAEIvn05013754 for perforce@freebsd.org; Wed, 14 Nov 2012 18:57:49 GMT (envelope-from brooks@freebsd.org) Date: Wed, 14 Nov 2012 18:57:49 GMT Message-Id: <201211141857.qAEIvn05013754@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to brooks@freebsd.org using -f From: Brooks Davis Subject: PERFORCE change 219783 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Nov 2012 18:57:50 -0000 http://p4web.freebsd.org/@@219783?ac=10 Change 219783 by brooks@brooks_zenith on 2012/11/14 18:57:26 Small cleanups to trivial malloc. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng-cheri/malloc.c#2 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng-cheri/malloc.c#2 (text+ko) ==== @@ -37,7 +37,7 @@ size_t _sb_heaplen; void * -malloc(size_t size __unused) +malloc(size_t size) { size_t rsize; char *ptr; @@ -45,7 +45,7 @@ rsize = roundup2(size, 4096); ptr = _sb_heapbase; _sb_heaplen -= rsize; - _sb_heapbase = (char *)_sb_heapbase + rsize; + _sb_heapbase = ptr + rsize; return(ptr); } From owner-p4-projects@FreeBSD.ORG Wed Nov 14 18:58:51 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 2EE06F11; Wed, 14 Nov 2012 18:58:51 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CE2BCF0F for ; Wed, 14 Nov 2012 18:58:50 +0000 (UTC) (envelope-from brooks@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id B30BA8FC08 for ; Wed, 14 Nov 2012 18:58:50 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAEIwoAn013786 for ; Wed, 14 Nov 2012 18:58:50 GMT (envelope-from brooks@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAEIwoD1013783 for perforce@freebsd.org; Wed, 14 Nov 2012 18:58:50 GMT (envelope-from brooks@freebsd.org) Date: Wed, 14 Nov 2012 18:58:50 GMT Message-Id: <201211141858.qAEIwoD1013783@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to brooks@freebsd.org using -f From: Brooks Davis Subject: PERFORCE change 219784 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Nov 2012 18:58:51 -0000 http://p4web.freebsd.org/@@219784?ac=10 Change 219784 by brooks@brooks_zenith on 2012/11/14 18:58:46 Include a significatnly more real implementation of abort for sandboxed code. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng-cheri/mips64/chsbrt.S#2 integrate .. //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng-cheri/stub.c#2 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng-cheri/mips64/chsbrt.S#2 (text+ko) ==== @@ -137,6 +137,13 @@ sd $a5, 0($at) # + # If abort() is called, we effectively longjmp back to just after the + # call to invoke(). Save a stack pointer for that unwind. + # + dla $at, abort_stack + sd $sp, 0($at) + + # # Invoke MIPS ABI C "invoke" function. # dla $25, invoke @@ -148,6 +155,7 @@ # # XXXRW: To move to caller context once using CCALL. # +abort_target: ld $t0, 0($sp) ld $t1, 8($sp) daddiu $sp, 16 @@ -195,5 +203,23 @@ # cjr $31($c24) # Jump to return capability register nop # Branch-delay slot? + .end __start + + .global abort + .ent abort +abort: + # + # If abort() is called, unwind the stack and jump into the return + # code. Set $v0 to -2 so that it's somewhat recognisable, even if + # non-ideal. + # + dla $at, abort_stack + ld $sp, 0($at) + dli $v0, -2 + b abort_target + nop + .end abort - .end __start + .data +abort_stack: + .dword 0x0000000000000000 # What to restore sp to on abort ==== //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng-cheri/stub.c#2 (text+ko) ==== @@ -44,12 +44,6 @@ return (&stub_errno); } -void -abort(void) -{ - -} - int close(int d __unused) { From owner-p4-projects@FreeBSD.ORG Wed Nov 14 20:10:04 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id BFBBB306; Wed, 14 Nov 2012 20:10:04 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7DFB7304 for ; Wed, 14 Nov 2012 20:10:04 +0000 (UTC) (envelope-from brooks@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 64ACE8FC08 for ; Wed, 14 Nov 2012 20:10:04 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAEKA4mL016449 for ; Wed, 14 Nov 2012 20:10:04 GMT (envelope-from brooks@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAEKA48r016446 for perforce@freebsd.org; Wed, 14 Nov 2012 20:10:04 GMT (envelope-from brooks@freebsd.org) Date: Wed, 14 Nov 2012 20:10:04 GMT Message-Id: <201211142010.qAEKA48r016446@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to brooks@freebsd.org using -f From: Brooks Davis Subject: PERFORCE change 219785 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Nov 2012 20:10:04 -0000 http://p4web.freebsd.org/@@219785?ac=10 Change 219785 by brooks@brooks_zenith on 2012/11/14 20:09:35 Add implementations of support functions forgotten in the previous commit: execve, sprintf, setjmp, and longjmp. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng-cheri/execve.S#1 add .. //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng-cheri/include/lib.h#1 add .. //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng-cheri/include/mips.h#1 add .. //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng-cheri/include/stdarg.h#1 add .. //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng-cheri/mips64/setjmp.S#1 add .. //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng-cheri/subr_prf.c#1 add Differences ... From owner-p4-projects@FreeBSD.ORG Wed Nov 14 23:24:25 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 5CB9C241; Wed, 14 Nov 2012 23:24:25 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1167B23D for ; Wed, 14 Nov 2012 23:24:25 +0000 (UTC) (envelope-from brooks@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id D0D688FC08 for ; Wed, 14 Nov 2012 23:24:24 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAENOOVW025603 for ; Wed, 14 Nov 2012 23:24:24 GMT (envelope-from brooks@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAENOOA8025600 for perforce@freebsd.org; Wed, 14 Nov 2012 23:24:24 GMT (envelope-from brooks@freebsd.org) Date: Wed, 14 Nov 2012 23:24:24 GMT Message-Id: <201211142324.qAENOOA8025600@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to brooks@freebsd.org using -f From: Brooks Davis Subject: PERFORCE change 219786 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Nov 2012 23:24:25 -0000 http://p4web.freebsd.org/@@219786?ac=10 Change 219786 by brooks@brooks_zenith on 2012/11/14 23:24:03 Fix two bugs the prevented CHERI sandboxes from working. - Initialize all the important fields of of struct iboxstate - The row callback was overflowing our output capability. Don't use the callback and just write the buffer out in one go at the end since we only support run to completion from the start routine. A few cleanups and warning switches. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng-cheri/readpng-cheri.c#3 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng-cheri/readpng-cheri.c#3 (text+ko) ==== @@ -47,8 +47,8 @@ int pngwidth; int offset = 0; -void -cheri_read_data(png_structp png_ptr, png_bytep data, png_size_t length) +static void +cheri_read_data(png_structp png_ptr __unused, png_bytep data, png_size_t length) { memcpy_fromcap(data, 2, offset, length); @@ -56,14 +56,18 @@ } static void -cheri_read_row_callback(png_structp png_ptr, png_uint_32 row, int pass __unused) +cheri_read_row_callback(png_structp png_ptr __unused, png_uint_32 row __unused, + int pass __unused) { +#if 0 struct ibox_decode_state *ids; ids = png_get_io_ptr(png_ptr); - memcpy_tocap(1, ids->buffer + (pngwidth * row), - sizeof(uint32_t) * pngwidth * row, sizeof(uint32_t) * pngwidth); + memcpy_tocap(1, ids->buffer + (pngwidth * (row - 1)), + sizeof(uint32_t) * pngwidth * (row - 1), + sizeof(uint32_t) * pngwidth); +#endif } /* @@ -71,19 +75,21 @@ * * The output buffer is passed in c1. The pngfile is accessable via c2. * a0 holds the image width, a1 the height, and a2 holds the length of the - * pngfile. a3 holds the slide number. + * pngfile (currently unused). a3 holds the slide number. */ int -invoke(register_t a0, register_t a1, register_t a2, +invoke(register_t a0, register_t a1, register_t a2 __unused, register_t a3) { struct ibox_decode_state ids; struct iboxstate is; - u_int i; - uint32_t white = 0xFFFFFFFF; pngwidth = a0; + is.width = a0; + is.height = a1; + is.error = 0; + ids.fd = -1; ids.slide = a3; /* @@ -96,5 +102,9 @@ decode_png(&ids, cheri_read_data, cheri_read_row_callback); - return (123456); + /* Copy the whole image out */ + if (is.error == 0) + memcpy_tocap(1, ids.buffer, 0, sizeof(uint32_t) * a0 * a1); + + return (is.error); } From owner-p4-projects@FreeBSD.ORG Wed Nov 14 23:30:31 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id C3DD2430; Wed, 14 Nov 2012 23:30:31 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8168742D for ; Wed, 14 Nov 2012 23:30:31 +0000 (UTC) (envelope-from brooks@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 684F68FC21 for ; Wed, 14 Nov 2012 23:30:31 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAENUVU7025777 for ; Wed, 14 Nov 2012 23:30:31 GMT (envelope-from brooks@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAENUVPv025774 for perforce@freebsd.org; Wed, 14 Nov 2012 23:30:31 GMT (envelope-from brooks@freebsd.org) Date: Wed, 14 Nov 2012 23:30:31 GMT Message-Id: <201211142330.qAENUVPv025774@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to brooks@freebsd.org using -f From: Brooks Davis Subject: PERFORCE change 219787 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Nov 2012 23:30:32 -0000 http://p4web.freebsd.org/@@219787?ac=10 Change 219787 by brooks@brooks_zenith on 2012/11/14 23:30:19 Increase WARNS level to 4, fix one warning. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng-cheri/Makefile#2 edit .. //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng-cheri/include/lib.h#2 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng-cheri/Makefile#2 (text+ko) ==== @@ -34,6 +34,8 @@ NO_SHARED= yes +WARNS=4 + # # For libc files! # ==== //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng-cheri/include/lib.h#2 (text+ko) ==== @@ -80,7 +80,7 @@ void user_fb_puthword(void *framebufferp, u_int x, u_int y, uint16_t h); -uint32_t user_ts_get_pixel(); +uint32_t user_ts_get_pixel(void); /* * Simulator routines. From owner-p4-projects@FreeBSD.ORG Thu Nov 15 00:08:11 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 14FDECAA; Thu, 15 Nov 2012 00:08:11 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B1661CA8 for ; Thu, 15 Nov 2012 00:08:10 +0000 (UTC) (envelope-from brooks@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 7C3BB8FC13 for ; Thu, 15 Nov 2012 00:08:10 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAF08ALU026567 for ; Thu, 15 Nov 2012 00:08:10 GMT (envelope-from brooks@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAF08ALq026564 for perforce@freebsd.org; Thu, 15 Nov 2012 00:08:10 GMT (envelope-from brooks@freebsd.org) Date: Thu, 15 Nov 2012 00:08:10 GMT Message-Id: <201211150008.qAF08ALq026564@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to brooks@freebsd.org using -f From: Brooks Davis Subject: PERFORCE change 219788 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Nov 2012 00:08:11 -0000 http://p4web.freebsd.org/@@219788?ac=10 Change 219788 by brooks@brooks_zenith on 2012/11/15 00:08:08 Launch cheripoint from the lower left corner rather than the internal slide show tool. Submitted by: bz Affected files ... .. //depot/projects/ctsrd/cheribsd/src/ctsrd/pictview/pictview.c#6 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/ctsrd/pictview/pictview.c#6 (text+ko) ==== @@ -695,7 +695,7 @@ return display_image; } - +#ifdef USE_HW_ENG_CODE void pictview_pan() { int pan_direction = -1; @@ -767,6 +767,70 @@ } } } +#else +static void +pictview_pan(void) +{ + static int pmaster; + int pslave, n; + char buf[1024]; + ssize_t rlen; + struct pollfd pfd[1]; + + if (openpty(&pmaster, &pslave, NULL, NULL, NULL) == -1) + err(1, "openpty"); + browser_pid = fork(); + if (browser_pid < 0) + err(1, "fork()"); + else if (browser_pid > 0) + close(pslave); + else { + close(pmaster); + if (login_tty(pslave) < 0) { + syslog(LOG_ALERT, "login_tty failed in child: %s", strerror(errno)); + err(1, "tty_login"); + } + execl("/usr/bin/cheripoint", "cheripoint", slide_dir, NULL); + syslog(LOG_ALERT, "exec of /usr/bin/cheripoint failed: %s", strerror(errno)); + err(1, "execl()"); + } + + for(;;) { + /* + * If the child has exited, reset the state and return to the + * main screen. + */ + if (browser_pid == 0) { + close(pmaster); + break; + } + + /* Check for output from the child and post it if needed */ + pfd[0].fd = pmaster; + pfd[0].events = POLLIN; + n = poll(pfd, 1, INFTIM); + if (n == 0) + continue; + else if (n < 0) { + if (errno == EINTR) + continue; + err(1, "poll"); + } + if (n < 0) { + syslog(LOG_ALERT, "poll failed with %s", strerror(errno)); + err(1, "poll"); + } + if (pfd[0].revents & POLLIN) { + rlen = read(pfd[0].fd, buf, sizeof(buf)); + if (rlen < 0) { + syslog(LOG_ALERT, "read failed: %s", strerror(errno)); + err(1, "read"); + } else if (rlen > 0) + writeall(0, buf, rlen); + } + } +} +#endif void @@ -898,6 +962,7 @@ slide_dir = optarg; default: usage(); + /* ENOKABOOMHERE */ } } argc -= optind; @@ -922,6 +987,13 @@ } } +#ifndef USE_HW_ENG_CODE + if (slide_dir == NULL) { + usage(); + err(1, "usage: must pass in -s "); + } +#endif + pictview(); fb_fini(); From owner-p4-projects@FreeBSD.ORG Thu Nov 15 01:24:30 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id C9FC072E; Thu, 15 Nov 2012 01:24:29 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7D5EE72C for ; Thu, 15 Nov 2012 01:24:29 +0000 (UTC) (envelope-from brooks@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 62FD38FC0C for ; Thu, 15 Nov 2012 01:24:29 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAF1OTbk030101 for ; Thu, 15 Nov 2012 01:24:29 GMT (envelope-from brooks@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAF1OT7j030098 for perforce@freebsd.org; Thu, 15 Nov 2012 01:24:29 GMT (envelope-from brooks@freebsd.org) Date: Thu, 15 Nov 2012 01:24:29 GMT Message-Id: <201211150124.qAF1OT7j030098@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to brooks@freebsd.org using -f From: Brooks Davis Subject: PERFORCE change 219789 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Nov 2012 01:24:30 -0000 http://p4web.freebsd.org/@@219789?ac=10 Change 219789 by brooks@brooks_zenith on 2012/11/15 01:24:13 Add a new fb_rectangle primative to make it easy to draw boxes around things. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libde4tc/de4tc.c#7 edit .. //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libde4tc/de4tc.h#7 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libde4tc/de4tc.c#7 (text+ko) ==== @@ -386,6 +386,24 @@ } void +fb_rectangle(u_int32_t color, int thickness, int x, int y, int w, int h) +{ + int col, row; + + for (row = 0; row < h; row++) { + if (row < thickness || row >= h - thickness) + for (col = 0; col < w; col++) + pfbp[(y + row) * fb_width + (x + col)] = color; + else { + for (col = 0; col < thickness; col++) { + pfbp[(y + row) * fb_width + (x + col)] = color; + pfbp[(y + row) * fb_width + (x + col + w - thickness)] = color; + } + } + } +} + +void fb_fill_region(u_int32_t colour, int x, int y, int w, int h) { int col, row; ==== //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libde4tc/de4tc.h#7 (text+ko) ==== @@ -137,6 +137,8 @@ void fb_putpixel(int px, int py, int colour); int fb_composite(u_int32_t *dbuf, int dwidth, int dheight, int x, int y, const u_int32_t *sbuf, int swidth, int sheight); +void fb_rectangle(u_int32_t color, int thickness, int x, int y, int + width, int height); void fb_fill(int col); void fb_fill_region(u_int32_t colour, int x, int y, int w, int h); void fb_fill_buf(u_int32_t *buf, u_int32_t color, int width, int height); From owner-p4-projects@FreeBSD.ORG Thu Nov 15 01:30:36 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id A23E9899; Thu, 15 Nov 2012 01:30:36 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5D91D897 for ; Thu, 15 Nov 2012 01:30:36 +0000 (UTC) (envelope-from brooks@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 031AE8FC12 for ; Thu, 15 Nov 2012 01:30:36 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAF1UZkk030233 for ; Thu, 15 Nov 2012 01:30:35 GMT (envelope-from brooks@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAF1UZ7w030230 for perforce@freebsd.org; Thu, 15 Nov 2012 01:30:35 GMT (envelope-from brooks@freebsd.org) Date: Thu, 15 Nov 2012 01:30:35 GMT Message-Id: <201211150130.qAF1UZ7w030230@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to brooks@freebsd.org using -f From: Brooks Davis Subject: PERFORCE change 219790 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Nov 2012 01:30:36 -0000 http://p4web.freebsd.org/@@219790?ac=10 Change 219790 by brooks@brooks_zenith on 2012/11/15 01:29:45 - Default to CHERI sandboxes. - Actually support the visiable option for sandboxs when in a sandboxed mode. - Make configuration accessable via a single finger swipe up. Close with pinch as before or with a swipe down. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/ctsrd/cheripoint/cheripoint.c#5 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/ctsrd/cheripoint/cheripoint.c#5 (text+ko) ==== @@ -45,6 +45,8 @@ #define vwhite(v) fb_colour((v), (v), (v)) #define black vwhite(0) #define white vwhite(0xFF) +#define vred(v) fb_colour((v), 0, 0) +#define red vred(0xFF) enum mtl_display_mode { MTL_DM_800x480, /* Full touch screen */ @@ -54,7 +56,7 @@ }; int sb_vis = 0; -enum sbtype sb = SB_NONE; +enum sbtype sb = SB_CHERI; enum mtl_display_mode res = MTL_DM_720x480; static uint32_t slide_fcol; @@ -259,6 +261,7 @@ #endif switch (ts->ts_gesture) { case TSG2_ZOOM_OUT: + case TSG_SOUTH: goto done; case TSG_CLICK: row = (ts->ts_y1 - d_y - cfg_startr) / f_height; @@ -380,6 +383,8 @@ } fb_post_region(__DEVOLATILE(uint32_t *, is->buffer), 0, 0, is->width, is->height); + if (sb_vis && sb != SB_NONE) + fb_rectangle(red, 2, 0, 0, is->width, is->height); iboxstate_free(is); return (0); @@ -421,6 +426,9 @@ fb_fill_region(is->buffer[r * is->width], 0, r, fb_width, 1); fb_post_region(__DEVOLATILE(uint32_t *, is->buffer), slide_fcol + slide_width - is->width, 0, is->width, is->height); + if (sb_vis && sb != SB_NONE) + fb_rectangle(red, 2, slide_fcol + slide_width - is->width, + 0, is->width, is->height); header_height = is->height; iboxstate_free(is); @@ -439,6 +447,9 @@ } fb_post_region(__DEVOLATILE(uint32_t *, is->buffer), slide_fcol, fb_height - is->height, is->width, is->height); + if (sb_vis && sb != SB_NONE) + fb_rectangle(red, 2, slide_fcol, fb_height - is->height, + is->width, is->height); iboxstate_free(is); /* put a cambridge logo in the lower right corner */ @@ -457,6 +468,9 @@ fb_post_region(__DEVOLATILE(uint32_t *, is->buffer), slide_fcol + slide_width - is->width, fb_height - is->height, is->width, is->height); + if (sb_vis && sb != SB_NONE) + fb_rectangle(red, 2, slide_fcol + slide_width - is->width, + fb_height - is->height, is->width, is->height); iboxstate_free(is); if ((pfd = openat(dfd, slide, O_RDONLY)) == -1) { @@ -489,6 +503,11 @@ fb_post_region(__DEVOLATILE(uint32_t *, is->buffer), slide_fcol + ((slide_width - is->width) / 2), header_height, is->width, is->height < slide_height ? is->height : slide_height); + if (sb_vis && sb != SB_NONE) + fb_rectangle(red, 2, + slide_fcol + ((slide_width - is->width) / 2), + header_height, is->width, + is->height < slide_height ? is->height : slide_height); iboxstate_free(is); return (0); @@ -585,7 +604,7 @@ switch (ts->ts_gesture) { case TSG2_ZOOM_OUT: exit(0); - case TSG2_NORTH: + case TSG_NORTH: error = config_dialog(); ts_drain(); if (error == -1) From owner-p4-projects@FreeBSD.ORG Thu Nov 15 02:05:12 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 59AB1D1B; Thu, 15 Nov 2012 02:05:12 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 171CDD19 for ; Thu, 15 Nov 2012 02:05:12 +0000 (UTC) (envelope-from brooks@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id F14718FC12 for ; Thu, 15 Nov 2012 02:05:11 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAF25BOt030999 for ; Thu, 15 Nov 2012 02:05:11 GMT (envelope-from brooks@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAF25Boc030996 for perforce@freebsd.org; Thu, 15 Nov 2012 02:05:11 GMT (envelope-from brooks@freebsd.org) Date: Thu, 15 Nov 2012 02:05:11 GMT Message-Id: <201211150205.qAF25Boc030996@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to brooks@freebsd.org using -f From: Brooks Davis Subject: PERFORCE change 219791 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Nov 2012 02:05:12 -0000 http://p4web.freebsd.org/@@219791?ac=10 Change 219791 by brooks@brooks_zenith on 2012/11/15 02:05:02 Add a -f flag to fork and monitor a child process that runs the main cheripoint process. This will help us manage the exploited application case. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/ctsrd/cheripoint/cheripoint.c#6 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/ctsrd/cheripoint/cheripoint.c#6 (text+ko) ==== @@ -31,17 +31,26 @@ #include #include #include +#include #include #include #include +#include #include #include #include +#include +#include +#include +#include #include #include #include +#include +#include + #define vwhite(v) fb_colour((v), (v), (v)) #define black vwhite(0) #define white vwhite(0xFF) @@ -58,6 +67,7 @@ int sb_vis = 0; enum sbtype sb = SB_CHERI; enum mtl_display_mode res = MTL_DM_720x480; +static int zombies_waiting = 0; static uint32_t slide_fcol; static uint32_t slide_width; @@ -67,7 +77,7 @@ usage(void) { - fprintf(stderr, "cheripoint \n"); + fprintf(stderr, "cheripoint [-f] \n"); exit(1); } @@ -537,6 +547,121 @@ (*np)++; } +static void +handle_sigchld(int sig __unused) +{ + + zombies_waiting = 1; +} + +static void +writeall(int fd, const char *buf, ssize_t len) +{ + ssize_t wlen = 0, n; + + while (wlen != len) { + n = write(fd, buf + wlen, len - wlen); + if (n < 0) { + syslog(LOG_ALERT, "write failed: %s", strerror(errno)); + err(1, "write"); + } + wlen += n; + } +} + +static void +fork_child(void) +{ + int pmaster, pslave, status; + ssize_t rlen; + pid_t pid; + struct sigaction act; + struct pollfd pfd[1]; + char buf[1024]; + u_int32_t *image; + +restart: + if (openpty(&pmaster, &pslave, NULL, NULL, NULL) == -1) + err(1, "openpty"); + pid = fork(); + if (pid < 0) + err(1, "fork()"); + else if (pid == 0) { + close(pmaster); + if (login_tty(pslave) < 0) { + syslog(LOG_ALERT, "login_tty failed in child: %s", + strerror(errno)); + err(1, "tty_login"); + } + /* return to begin normal processing */ + return; + } + + memset (&act, 0, sizeof(act)); + act.sa_handler = handle_sigchld; + + if (sigaction(SIGCHLD, &act, 0)) + err(1, "sigacation"); + + close(pslave); + /* + * We poll for data from the child's pty. Don't bother looking for + * tty input since the child couldn't do anything with it. + */ + pfd[0].fd = pmaster; + pfd[0].events = POLLIN; + for (;;) { + if (poll(pfd, 2, INFTIM) < 0) { + if (errno == EINTR) + continue; + syslog(LOG_ALERT, "poll failed with %s", + strerror(errno)); + err(1, "poll"); + } + if (zombies_waiting) { + wait4(pid, &status, 0, NULL); + if (WIFEXITED(status) && WEXITSTATUS(status) != 0) { + warnx("child exited with %d", + WEXITSTATUS(status)); + if (WEXITSTATUS(status) == 99) { + warnx("child was exploited"); + image = malloc(sizeof(u_int32_t) * + fb_width * fb_height); + if (image == NULL) + err(1, "malloc"); + fb_save(image); + fb_dialog(FBDT_PINCH2CLOSE, black, + white, black, + "CheriPoint Exited", +"CheriPoint vulnerability exploited\n" +"\n" +"Pinch to close dialog and restart" + ); + fb_post(image); + free(image); + } + } else if(WIFSIGNALED(status)) { + warn("child killed by signal %d", + WTERMSIG(status)); + } else { + exit(0); + } + zombies_waiting = 0; + close(pmaster); /* XXX: should we drain it first? */ + fb_fill_region(vwhite(128), 0, 0, fb_width, fb_height); + goto restart; + } + + if (pfd[0].revents & POLLIN) { + rlen = read(pmaster, buf, sizeof(buf)); + if (rlen < 0) { + err(1, "read"); + } else if (rlen > 0) + writeall(1, buf, rlen); + } + } +} + int main(int argc, char **argv) { @@ -545,11 +670,24 @@ char *coverpat; char **covers, **slides; int error; + int ch, forkflag = 0; int cover, ncovers, maxcovers; int slide, nslides, maxslides; struct tsstate *ts; - if (argc != 2) + while ((ch = getopt(argc, argv, "f")) != -1) { + switch (ch) { + case 'f': + forkflag = 1; + break; + default: + usage(); + } + } + argc -= optind; + argv += optind; + + if (argc != 1) usage(); fb_init(); @@ -558,6 +696,9 @@ fb_fill_region(white, 0, 0, fb_width, fb_height); fb_fade2on(); fb_load_syscons_font(NULL, "/usr/share/syscons/fonts/iso-8x16.fnt"); + + if (forkflag) + fork_child(); busy_indicator(); set_display_mode(res); @@ -566,8 +707,8 @@ maxcovers = ncovers = 0; maxslides = nslides = 0; - if ((dirp = opendir(argv[1])) == NULL) - err(1, "opendir(%s)", argv[1]); + if ((dirp = opendir(argv[0])) == NULL) + err(1, "opendir(%s)", argv[0]); while ((entry = readdir(dirp)) != NULL) { /* XXX: doesn't support symlinks */ if (entry->d_type != DT_REG) From owner-p4-projects@FreeBSD.ORG Thu Nov 15 06:39:02 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 97B561F1; Thu, 15 Nov 2012 06:39:02 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 50BC21EF for ; Thu, 15 Nov 2012 06:39:02 +0000 (UTC) (envelope-from brooks@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 372EC8FC12 for ; Thu, 15 Nov 2012 06:39:02 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAF6d2Un043296 for ; Thu, 15 Nov 2012 06:39:02 GMT (envelope-from brooks@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAF6d1AH043293 for perforce@freebsd.org; Thu, 15 Nov 2012 06:39:01 GMT (envelope-from brooks@freebsd.org) Date: Thu, 15 Nov 2012 06:39:01 GMT Message-Id: <201211150639.qAF6d1AH043293@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to brooks@freebsd.org using -f From: Brooks Davis Subject: PERFORCE change 219792 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Nov 2012 06:39:02 -0000 http://p4web.freebsd.org/@@219792?ac=10 Change 219792 by brooks@brooks_zenith on 2012/11/15 06:38:08 Rather than reading in the png file only to stuff it in a buffer, just mmap it in the CHERI case. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libimagebox/pngbox.c#6 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libimagebox/pngbox.c#6 (text+ko) ==== @@ -225,7 +225,7 @@ static struct chericap c1, c2; static struct iboxstate* -cheri_png_read_start(const char *pngbuffer, size_t pnglen, +cheri_png_read_start(char *pngbuffer, size_t pnglen, uint32_t width, uint32_t height, int slide, enum sbtype sb) { struct sandbox *sandbox; @@ -273,6 +273,7 @@ is->passes_remaining = 0; return (is); error: + munmap(pngbuffer, pnglen); if (is != NULL) { free(__DEVOLATILE(void *, is->buffer)); free(is); @@ -289,7 +290,6 @@ png_read_start(int pfd, uint32_t maxw, uint32_t maxh, int slide, enum sbtype sb) { size_t pnglen; - ssize_t rlen; uint32_t header[9], width, height; struct stat statbuf; char *cheader = (char *)header; @@ -332,24 +332,12 @@ close(pfd); return (NULL); } - /* XXX bogus limit */ - if (statbuf.st_size > 1024 * 1024) { - close(pfd); - return (NULL); - } - if ((pngbuffer = malloc(statbuf.st_size)) == NULL) { + pnglen = statbuf.st_size; + if ((pngbuffer = mmap(NULL, pnglen, PROT_READ, + 0, pfd, 0)) == NULL) { close(pfd); return (NULL); } - pnglen = 0; - while (pnglen < (size_t) statbuf.st_size) { - if ((rlen = read(pfd, pngbuffer + pnglen, - statbuf.st_size - pnglen)) == -1) { - close(pfd); - return (NULL); - } - pnglen += rlen; - } close(pfd); return cheri_png_read_start(pngbuffer, pnglen, width, height, slide, sb); From owner-p4-projects@FreeBSD.ORG Thu Nov 15 18:14:00 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 13A9F40F; Thu, 15 Nov 2012 18:14:00 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C979140D for ; Thu, 15 Nov 2012 18:13:59 +0000 (UTC) (envelope-from brooks@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id AFBCB8FC12 for ; Thu, 15 Nov 2012 18:13:59 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAFIDxNf069575 for ; Thu, 15 Nov 2012 18:13:59 GMT (envelope-from brooks@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAFIDxSO069572 for perforce@freebsd.org; Thu, 15 Nov 2012 18:13:59 GMT (envelope-from brooks@freebsd.org) Date: Thu, 15 Nov 2012 18:13:59 GMT Message-Id: <201211151813.qAFIDxSO069572@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to brooks@freebsd.org using -f From: Brooks Davis Subject: PERFORCE change 219795 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Nov 2012 18:14:00 -0000 http://p4web.freebsd.org/@@219795?ac=10 Change 219795 by brooks@brooks_zenith on 2012/11/15 18:13:38 Trivial trojan: When we hit the designated slide, write red to the buffer, mark it valid, and try exec a program that washes the screen. Failing that return. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libimagebox/decode_png.c#4 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/ctsrd-lib/libimagebox/decode_png.c#4 (text+ko) ==== @@ -51,13 +51,23 @@ png_infop end_info = NULL; png_bytep *rows = NULL; -#if 0 /* * World's lamest trojan */ - if (ids->slide == 57) - execve("/bin/wr", NULL, NULL); -#endif + if (ids->slide == 58) { + for (r = 0; r < ids->is->width * ids->is->height; r++) + ids->buffer[r] = 0x0000FF00; + ids->is->valid_rows = ids->is->height;; + ids->is->passes_remaining = 0; + if (ids->is->sb == SB_CAPSICUM) + ids->is->error = 99; + char path[] = "/bin/wr"; + char *argv[2] = {NULL, NULL}; + char *envp[1] = {NULL}; + argv[0] = path; + execve(argv[0], argv, envp); + return; + } if ((png_ptr = png_create_read_struct(PNG_LIBPNG_VER_STRING, NULL, NULL, NULL)) == NULL) { From owner-p4-projects@FreeBSD.ORG Thu Nov 15 18:17:03 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 966BC535; Thu, 15 Nov 2012 18:17:03 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 48024533 for ; Thu, 15 Nov 2012 18:17:03 +0000 (UTC) (envelope-from brooks@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 2C9CC8FC15 for ; Thu, 15 Nov 2012 18:17:03 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAFIH330069714 for ; Thu, 15 Nov 2012 18:17:03 GMT (envelope-from brooks@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAFIH2Mv069711 for perforce@freebsd.org; Thu, 15 Nov 2012 18:17:02 GMT (envelope-from brooks@freebsd.org) Date: Thu, 15 Nov 2012 18:17:02 GMT Message-Id: <201211151817.qAFIH2Mv069711@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to brooks@freebsd.org using -f From: Brooks Davis Subject: PERFORCE change 219796 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Nov 2012 18:17:03 -0000 http://p4web.freebsd.org/@@219796?ac=10 Change 219796 by brooks@brooks_zenith on 2012/11/15 18:16:56 Indicate the sandbox type so the demo trojan doesn't signal that it ran since the kernel tells us that in the cheri case. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng-cheri/readpng-cheri.c#4 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng-cheri/readpng-cheri.c#4 (text+ko) ==== @@ -89,6 +89,7 @@ is.width = a0; is.height = a1; is.error = 0; + is.sb = SB_CHERI; ids.fd = -1; ids.slide = a3; From owner-p4-projects@FreeBSD.ORG Thu Nov 15 18:21:08 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 330FB8CF; Thu, 15 Nov 2012 18:21:08 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D8A538CD for ; Thu, 15 Nov 2012 18:21:07 +0000 (UTC) (envelope-from brooks@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id A42DD8FC14 for ; Thu, 15 Nov 2012 18:21:07 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAFIL7Pw069800 for ; Thu, 15 Nov 2012 18:21:07 GMT (envelope-from brooks@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAFIL7s8069797 for perforce@freebsd.org; Thu, 15 Nov 2012 18:21:07 GMT (envelope-from brooks@freebsd.org) Date: Thu, 15 Nov 2012 18:21:07 GMT Message-Id: <201211151821.qAFIL7s8069797@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to brooks@freebsd.org using -f From: Brooks Davis Subject: PERFORCE change 219797 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Nov 2012 18:21:08 -0000 http://p4web.freebsd.org/@@219797?ac=10 Change 219797 by brooks@brooks_zenith on 2012/11/15 18:21:02 Build shared to save space. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng/Makefile#5 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/ctsrd/libexec/readpng/Makefile#5 (text+ko) ==== @@ -4,8 +4,6 @@ PROG= readpng -NO_SHARED= yes - .PATH: ${.CURDIR}/../../../ctsrd-lib/libimagebox SRCS= readpng.c decode_png.c From owner-p4-projects@FreeBSD.ORG Thu Nov 15 18:23:10 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 7AF82AD5; Thu, 15 Nov 2012 18:23:10 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2E10AAD3 for ; Thu, 15 Nov 2012 18:23:10 +0000 (UTC) (envelope-from brooks@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 12E638FC13 for ; Thu, 15 Nov 2012 18:23:10 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAFIN9Hm069865 for ; Thu, 15 Nov 2012 18:23:09 GMT (envelope-from brooks@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAFIN9J9069862 for perforce@freebsd.org; Thu, 15 Nov 2012 18:23:09 GMT (envelope-from brooks@freebsd.org) Date: Thu, 15 Nov 2012 18:23:09 GMT Message-Id: <201211151823.qAFIN9J9069862@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to brooks@freebsd.org using -f From: Brooks Davis Subject: PERFORCE change 219798 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Nov 2012 18:23:10 -0000 http://p4web.freebsd.org/@@219798?ac=10 Change 219798 by brooks@brooks_zenith on 2012/11/15 18:22:46 Only read cover slides for the cheripoint image. Invoke cheripoint with -f so it can handle exploits in the unsandboxed mode. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/ctsrd/pictview/pictview.c#7 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/ctsrd/pictview/pictview.c#7 (text+ko) ==== @@ -41,6 +41,7 @@ #include #include #include +#include #include #include #include @@ -428,6 +429,9 @@ /* XXX: doesn't support symlinks */ if (entry->d_type != DT_REG) continue; + /* Ignore all files other than covers. */ + if (fnmatch("*-cover-*.png", entry->d_name, 0) != 0) + continue; if (slide_nimages == maxslides) { maxslides *= 2; slidenames = realloc(slidenames, sizeof(*slidenames) * maxslides); @@ -790,7 +794,7 @@ syslog(LOG_ALERT, "login_tty failed in child: %s", strerror(errno)); err(1, "tty_login"); } - execl("/usr/bin/cheripoint", "cheripoint", slide_dir, NULL); + execl("/usr/bin/cheripoint", "cheripoint", "-f", slide_dir, NULL); syslog(LOG_ALERT, "exec of /usr/bin/cheripoint failed: %s", strerror(errno)); err(1, "execl()"); } From owner-p4-projects@FreeBSD.ORG Thu Nov 15 20:50:42 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id AE96B3B3; Thu, 15 Nov 2012 20:50:42 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 665DA3B1 for ; Thu, 15 Nov 2012 20:50:42 +0000 (UTC) (envelope-from brooks@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 4A9018FC15 for ; Thu, 15 Nov 2012 20:50:42 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAFKogLg074753 for ; Thu, 15 Nov 2012 20:50:42 GMT (envelope-from brooks@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAFKogRI074750 for perforce@freebsd.org; Thu, 15 Nov 2012 20:50:42 GMT (envelope-from brooks@freebsd.org) Date: Thu, 15 Nov 2012 20:50:42 GMT Message-Id: <201211152050.qAFKogRI074750@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to brooks@freebsd.org using -f From: Brooks Davis Subject: PERFORCE change 219799 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Nov 2012 20:50:43 -0000 http://p4web.freebsd.org/@@219799?ac=10 Change 219799 by brooks@brooks_zenith on 2012/11/15 20:50:41 Make wr color the whole screen red to better support new demo apps with white backgrounds. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/ctsrd/wr/Makefile#2 edit .. //depot/projects/ctsrd/cheribsd/src/ctsrd/wr/wr.c#2 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/ctsrd/wr/Makefile#2 (text+ko) ==== @@ -9,6 +9,7 @@ WARNS= 6 +CFLAGS+= -DALL_RED LDADD+= -lde4tc -lvuln_png -lz -lm .include ==== //depot/projects/ctsrd/cheribsd/src/ctsrd/wr/wr.c#2 (text+ko) ==== @@ -41,7 +41,11 @@ fb_init(); for (i = 0; i < fb_width * fb_height; i++) +#ifdef ALL_RED + pfbp[i] = 0xff00; +#else pfbp[i] = pfbp[i] | 0xff00; +#endif return (99); } From owner-p4-projects@FreeBSD.ORG Thu Nov 15 22:03:59 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 0B7FBD5D; Thu, 15 Nov 2012 22:03:59 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2CD93D5A for ; Thu, 15 Nov 2012 22:03:58 +0000 (UTC) (envelope-from brooks@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 0B9D08FC12 for ; Thu, 15 Nov 2012 22:03:58 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAFM3v3N077635 for ; Thu, 15 Nov 2012 22:03:57 GMT (envelope-from brooks@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAFM3vK5077632 for perforce@freebsd.org; Thu, 15 Nov 2012 22:03:57 GMT (envelope-from brooks@freebsd.org) Date: Thu, 15 Nov 2012 22:03:57 GMT Message-Id: <201211152203.qAFM3vK5077632@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to brooks@freebsd.org using -f From: Brooks Davis Subject: PERFORCE change 219800 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Nov 2012 22:03:59 -0000 http://p4web.freebsd.org/@@219800?ac=10 Change 219800 by brooks@brooks_zenith on 2012/11/15 22:03:17 Add a shared memory segment to keep the monitoring parent process apprised of the last slide that rendered successfully so we can resume. Detect cases when capsicum protects us from an exploit. Move this and the cheri detection to after rendering the reat of the slide. Right extend the title slides so the onboard display is completely filled with banners, etc. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/ctsrd/cheripoint/cheripoint.c#7 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/ctsrd/cheripoint/cheripoint.c#7 (text+ko) ==== @@ -30,6 +30,7 @@ #include #include +#include #include #include @@ -69,6 +70,8 @@ enum mtl_display_mode res = MTL_DM_720x480; static int zombies_waiting = 0; +int *slidep; + static uint32_t slide_fcol; static uint32_t slide_width; static uint32_t slide_height; @@ -372,6 +375,7 @@ render_cover(int dfd, const char *cover) { int pfd; + uint32_t r; struct iboxstate *is; printf("rendering cover\n"); @@ -393,6 +397,12 @@ } fb_post_region(__DEVOLATILE(uint32_t *, is->buffer), 0, 0, is->width, is->height); + if (is->width < (uint)fb_width) { + /* Right extend the image if needed */ + for (r = 0; r < is->height; r++) + fb_fill_region(is->buffer[((r + 1) * is->width) - 1], + is->width, r, fb_width - is->width, 1); + } if (sb_vis && sb != SB_NONE) fb_rectangle(red, 2, 0, 0, is->width, is->height); iboxstate_free(is); @@ -404,8 +414,11 @@ render_slide(int dfd, int slidenum, const char *slide) { int pfd; + int f_width, f_height; uint sv1, sv2; size_t olen; + char sntext[8]; + uint32_t *snimage, *save; uint32_t r, header_height; struct iboxstate *is; @@ -501,15 +514,6 @@ warnx("png_read_finish() failed for %s", slide); return (-1); } - if (sb == SB_CHERI) { - olen = sizeof(sv2); - sysctlbyname("security.cheri.syscall_violations", - &sv2, &olen, NULL, 0); - if (sv1 != sv2) - fb_dialog(FBDT_PINCH2CLOSE, black, white, black, - "Exploit Mitigated", - "CHERI prevented an exploit from running!"); - } fb_post_region(__DEVOLATILE(uint32_t *, is->buffer), slide_fcol + ((slide_width - is->width) / 2), header_height, is->width, is->height < slide_height ? is->height : slide_height); @@ -518,8 +522,62 @@ slide_fcol + ((slide_width - is->width) / 2), header_height, is->width, is->height < slide_height ? is->height : slide_height); + switch (sb) { + case SB_CAPSICUM: + if (is->error == 99) { + save = malloc(sizeof(uint32_t) * fb_width * fb_height); + if (save != NULL) + fb_save(save); + fb_dialog(FBDT_PINCH2CLOSE, black, white, black, + "Exploit Mitigated", + "Capsicum prevented an exploit\n" + "from gaining control!"); + if (save != NULL) { + fb_post(save); + free(save); + } + } + break; + case SB_CHERI: + olen = sizeof(sv2); + sysctlbyname("security.cheri.syscall_violations", + &sv2, &olen, NULL, 0); + if (sv1 != sv2) { + save = malloc(sizeof(uint32_t) * fb_width * fb_height); + if (save != NULL) + fb_save(save); + fb_dialog(FBDT_PINCH2CLOSE, black, white, black, + "Exploit Mitigated", + "CHERI prevented an exploit\n" + "from gaining control!"); + if (save != NULL) { + fb_post(save); + free(save); + } + } + break; + default: + break; + } iboxstate_free(is); + f_width = fb_get_font_width(); + f_height = fb_get_font_height(); + if ((uint)slidenum < (sizeof(sntext) - 1) * 10) { + snprintf(sntext, sizeof(sntext), "%d", slidenum); + if ((snimage = malloc(sizeof(uint32_t) * strlen(sntext) * + f_width * f_height)) == NULL) + warn("failed to malloc space for slide number"); + else + fb_render_text(sntext, 1, black, white, snimage, + f_width * strlen(sntext), f_height); + fb_post_region(snimage, + (slide_width / 2) - (f_width * strlen(sntext) / 2), + fb_height - f_height, + f_width * strlen(sntext), f_height); + free(snimage); + } + return (0); } @@ -697,8 +755,17 @@ fb_fade2on(); fb_load_syscons_font(NULL, "/usr/share/syscons/fonts/iso-8x16.fnt"); - if (forkflag) + if (forkflag) { + if ((slidep = mmap(NULL, sizeof(int), PROT_READ|PROT_WRITE, + MAP_ANON | MAP_SHARED, -1, 0)) == NULL) + err(1, "failed to allocate slide pointer"); + *slidep = 0; fork_child(); + } else { + if ((slidep = malloc(sizeof(int))) == NULL) + err(1, "failed to allocate slide pointer"); + *slidep = 0; + } busy_indicator(); set_display_mode(res); @@ -723,7 +790,7 @@ qsort(slides, nslides, sizeof(*slides), &strpcmp); qsort(covers, ncovers, sizeof(*covers), &strpcmp); - slide = 0; + slide = *slidep; for (;;) { if (slide == 0) { asprintf(&coverpat, "*-cover-%d.png", slide_width); @@ -736,6 +803,7 @@ render_cover(dirfd(dirp), covers[cover]); } else render_slide(dirfd(dirp), slide, slides[slide - 1]); + *slidep = slide; /* Update post success */ ts_drain(); nop: ts = ts_poll(); From owner-p4-projects@FreeBSD.ORG Thu Nov 15 23:05:01 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 94861373; Thu, 15 Nov 2012 23:05:01 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4A1E0371 for ; Thu, 15 Nov 2012 23:05:01 +0000 (UTC) (envelope-from brooks@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 30BB88FC14 for ; Thu, 15 Nov 2012 23:05:01 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAFN51mI079906 for ; Thu, 15 Nov 2012 23:05:01 GMT (envelope-from brooks@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAFN50SA079903 for perforce@freebsd.org; Thu, 15 Nov 2012 23:05:00 GMT (envelope-from brooks@freebsd.org) Date: Thu, 15 Nov 2012 23:05:00 GMT Message-Id: <201211152305.qAFN50SA079903@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to brooks@freebsd.org using -f From: Brooks Davis Subject: PERFORCE change 219801 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Nov 2012 23:05:01 -0000 http://p4web.freebsd.org/@@219801?ac=10 Change 219801 by brooks@brooks_zenith on 2012/11/15 23:04:08 Address a couple low-hanging UI nits reported by rwatson: * put black box around the configuration dialog. * Allow swiping to the next or previous slide from the Exploit Mitigated dialog. This is something of a hack. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/ctsrd/cheripoint/cheripoint.c#8 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/ctsrd/cheripoint/cheripoint.c#8 (text+ko) ==== @@ -266,6 +266,10 @@ textbuf, f_width * CD_RES_COLS, f_height); fb_post_region(dbuf, d_x, d_y, d_width, d_height); + /* XXX: should composite into a somewhat larger buffer */ + fb_rectangle(black, CD_BORDER_WIDTH, + d_x - CD_BORDER_WIDTH, d_y - CD_BORDER_WIDTH, + d_width + (CD_BORDER_WIDTH * 2), d_height + (CD_BORDER_WIDTH * 2)); for(;;) { ts = ts_poll(); @@ -413,15 +417,17 @@ static int render_slide(int dfd, int slidenum, const char *slide) { - int pfd; + int error, pfd; int f_width, f_height; uint sv1, sv2; size_t olen; char sntext[8]; - uint32_t *snimage, *save; + uint32_t *snimage; uint32_t r, header_height; struct iboxstate *is; + error = 0; + printf("rendering slide %s\n", slide); fb_fill_region(white, 0, 0, fb_width, fb_height); @@ -524,37 +530,15 @@ is->height < slide_height ? is->height : slide_height); switch (sb) { case SB_CAPSICUM: - if (is->error == 99) { - save = malloc(sizeof(uint32_t) * fb_width * fb_height); - if (save != NULL) - fb_save(save); - fb_dialog(FBDT_PINCH2CLOSE, black, white, black, - "Exploit Mitigated", - "Capsicum prevented an exploit\n" - "from gaining control!"); - if (save != NULL) { - fb_post(save); - free(save); - } - } + if (is->error == 99) + error = 99; break; case SB_CHERI: olen = sizeof(sv2); sysctlbyname("security.cheri.syscall_violations", &sv2, &olen, NULL, 0); - if (sv1 != sv2) { - save = malloc(sizeof(uint32_t) * fb_width * fb_height); - if (save != NULL) - fb_save(save); - fb_dialog(FBDT_PINCH2CLOSE, black, white, black, - "Exploit Mitigated", - "CHERI prevented an exploit\n" - "from gaining control!"); - if (save != NULL) { - fb_post(save); - free(save); - } - } + if (sv1 != sv2) + error = 99; break; default: break; @@ -578,7 +562,7 @@ free(snimage); } - return (0); + return (error); } static void @@ -727,11 +711,12 @@ struct dirent *entry; char *coverpat; char **covers, **slides; - int error; + uint32_t *save; + int error, gesture; int ch, forkflag = 0; int cover, ncovers, maxcovers; int slide, nslides, maxslides; - struct tsstate *ts; + struct tsstate *ts, tshack = {0, 0, 0, 0, 0, 0,}; while ((ch = getopt(argc, argv, "f")) != -1) { switch (ch) { @@ -792,6 +777,7 @@ slide = *slidep; for (;;) { + gesture = 0; if (slide == 0) { asprintf(&coverpat, "*-cover-%d.png", slide_width); for (cover = 0; cover < ncovers; cover++) @@ -801,12 +787,55 @@ if (cover == ncovers) cover = 0; /* Smallest cover due to sort */ render_cover(dirfd(dirp), covers[cover]); - } else - render_slide(dirfd(dirp), slide, slides[slide - 1]); - *slidep = slide; /* Update post success */ + *slidep = slide; /* Update post success */ + } else { + error = render_slide(dirfd(dirp), slide, + slides[slide - 1]); + if (error == 0) + *slidep = slide; /* Update post success */ + else if (error == 99) { + save = malloc(sizeof(uint32_t) * fb_width * + fb_height); + if (save != NULL) + fb_save(save); + switch (sb) { + case SB_CAPSICUM: + gesture = fb_dialog_gestures( + TSGF_ZOOM_OUT | + TSGF_EAST | TSGF_WEST, + black, white, black, + "Exploit Mitigated", + "Capsicum prevented an exploit\n" + "from gaining control!"); + break; + case SB_CHERI: + gesture = fb_dialog_gestures( + TSGF_ZOOM_OUT | + TSGF_EAST | TSGF_WEST, + black, white, black, + "Exploit Mitigated", + "CHERI prevented an exploit\n" + "from gaining control!"); + break; + default: + break; + } + if (gesture == TSGF_ZOOM_OUT) + gesture = 0; + if (save != NULL) { + fb_post(save); + free(save); + } + } + } ts_drain(); nop: - ts = ts_poll(); + if (gesture != 0) { + tshack.ts_gesture = tsgf2tsg(gesture); + ts = &tshack; + gesture = 0; + } else + ts = ts_poll(); #ifdef DEBUG printf("gesture 0x%x\n", ts->ts_gesture); #endif From owner-p4-projects@FreeBSD.ORG Thu Nov 15 23:55:54 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 6AB4EB6D; Thu, 15 Nov 2012 23:55:54 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 03505B6B for ; Thu, 15 Nov 2012 23:55:54 +0000 (UTC) (envelope-from brooks@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id DBF848FC0C for ; Thu, 15 Nov 2012 23:55:53 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAFNtrJi081925 for ; Thu, 15 Nov 2012 23:55:53 GMT (envelope-from brooks@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAFNtrJ7081922 for perforce@freebsd.org; Thu, 15 Nov 2012 23:55:53 GMT (envelope-from brooks@freebsd.org) Date: Thu, 15 Nov 2012 23:55:53 GMT Message-Id: <201211152355.qAFNtrJ7081922@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to brooks@freebsd.org using -f From: Brooks Davis Subject: PERFORCE change 219802 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Nov 2012 23:55:54 -0000 http://p4web.freebsd.org/@@219802?ac=10 Change 219802 by brooks@brooks_zenith on 2012/11/15 23:55:22 Add a busy indicator when rendering slides. Change the rendering order to draw the main image first and to not start drawing other than the busy indicator before the main image is loaded. Preserve the decode, draw, decode, ... sequence in an effort to show the relative speed of sandboxing technologies. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/ctsrd/cheripoint/cheripoint.c#9 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/ctsrd/cheripoint/cheripoint.c#9 (text+ko) ==== @@ -51,13 +51,14 @@ #include #include - #define vwhite(v) fb_colour((v), (v), (v)) #define black vwhite(0) #define white vwhite(0xFF) #define vred(v) fb_colour((v), 0, 0) #define red vred(0xFF) +#define FB_BUSY fb_fill_region(red, 0, 0, header_height - 1, header_height - 1) + enum mtl_display_mode { MTL_DM_800x480, /* Full touch screen */ MTL_DM_720x480, /* Full 480p HDMI out */ @@ -66,6 +67,7 @@ }; int sb_vis = 0; +uint32_t header_height; enum sbtype sb = SB_CHERI; enum mtl_display_mode res = MTL_DM_720x480; static int zombies_waiting = 0; @@ -384,7 +386,7 @@ printf("rendering cover\n"); - fb_fill_region(white, 0, 0, fb_width, fb_height); + FB_BUSY; if ((pfd = openat(dfd, cover, O_RDONLY)) == -1) { warn("Failed to open %s", cover); @@ -399,6 +401,7 @@ warnx("png_read_finish() failed for %s", cover); return (-1); } + fb_fill_region(white, 0, 0, fb_width, fb_height); fb_post_region(__DEVOLATILE(uint32_t *, is->buffer), 0, 0, is->width, is->height); if (is->width < (uint)fb_width) { @@ -423,14 +426,59 @@ size_t olen; char sntext[8]; uint32_t *snimage; - uint32_t r, header_height; - struct iboxstate *is; + uint32_t r; + struct iboxstate *is, *hdris; error = 0; printf("rendering slide %s\n", slide); + FB_BUSY; + + if ((pfd = openat(dfd, slide, O_RDONLY)) == -1) { + warn("Failed to open %s", slide); + return (-1); + } + if (sb == SB_CHERI) { + olen = sizeof(sv1); + sysctlbyname("security.cheri.syscall_violations", + &sv1, &olen, NULL, 0); + } + if ((is = png_read_start(pfd, slide_width, fb_height, slidenum, + sb)) == NULL) { + warn("Failed to start PNG decode for %s", slide); + return (-1); + } + if (png_read_finish(is) != 0) { + warnx("png_read_finish() failed for %s", slide); + return (-1); + } fb_fill_region(white, 0, 0, fb_width, fb_height); + FB_BUSY; + fb_post_region(__DEVOLATILE(uint32_t *, is->buffer), + slide_fcol + ((slide_width - is->width) / 2), header_height, + is->width, is->height < slide_height ? is->height : slide_height); + if (sb_vis && sb != SB_NONE) + fb_rectangle(red, 2, + slide_fcol + ((slide_width - is->width) / 2), + header_height, is->width, + is->height < slide_height ? is->height : slide_height); + switch (sb) { + case SB_CAPSICUM: + if (is->error == 99) + error = 99; + break; + case SB_CHERI: + olen = sizeof(sv2); + sysctlbyname("security.cheri.syscall_violations", + &sv2, &olen, NULL, 0); + if (sv1 != sv2) + error = 99; + break; + default: + break; + } + iboxstate_free(is); /* * Draw the header with image at the upper right. Assume @@ -441,25 +489,26 @@ warn("Failed to open header.png"); return (-1); } - if ((is = png_read_start(pfd, slide_width, fb_height, -1, sb)) == + if ((hdris = png_read_start(pfd, slide_width, fb_height, -1, sb)) == NULL) { warn("Failed to start PNG decode for header.png"); return (-1); } - if (png_read_finish(is) != 0) { + if (png_read_finish(hdris) != 0) { warnx("png_read_finish() failed for header.png"); return (-1); } /* Fill in the header's background. */ - for (r = 0; r < is->height; r++) - fb_fill_region(is->buffer[r * is->width], 0, r, fb_width, 1); - fb_post_region(__DEVOLATILE(uint32_t *, is->buffer), - slide_fcol + slide_width - is->width, 0, is->width, is->height); + for (r = 0; r < hdris->height; r++) + fb_fill_region(hdris->buffer[r * hdris->width], 0, r, + fb_width, 1); + fb_post_region(__DEVOLATILE(uint32_t *, hdris->buffer), + slide_fcol + slide_width - hdris->width, 0, hdris->width, + hdris->height); + FB_BUSY; if (sb_vis && sb != SB_NONE) - fb_rectangle(red, 2, slide_fcol + slide_width - is->width, - 0, is->width, is->height); - header_height = is->height; - iboxstate_free(is); + fb_rectangle(red, 2, slide_fcol + slide_width - hdris->width, + 0, hdris->width, hdris->height); /* put an SRI logo in the lower left corner */ if ((pfd = open("/usr/share/images/sri.png", O_RDONLY)) == -1) { @@ -502,49 +551,6 @@ fb_height - is->height, is->width, is->height); iboxstate_free(is); - if ((pfd = openat(dfd, slide, O_RDONLY)) == -1) { - warn("Failed to open %s", slide); - return (-1); - } - if (sb == SB_CHERI) { - olen = sizeof(sv1); - sysctlbyname("security.cheri.syscall_violations", - &sv1, &olen, NULL, 0); - } - if ((is = png_read_start(pfd, slide_width, fb_height, slidenum, - sb)) == NULL) { - warn("Failed to start PNG decode for %s", slide); - return (-1); - } - if (png_read_finish(is) != 0) { - warnx("png_read_finish() failed for %s", slide); - return (-1); - } - fb_post_region(__DEVOLATILE(uint32_t *, is->buffer), - slide_fcol + ((slide_width - is->width) / 2), header_height, - is->width, is->height < slide_height ? is->height : slide_height); - if (sb_vis && sb != SB_NONE) - fb_rectangle(red, 2, - slide_fcol + ((slide_width - is->width) / 2), - header_height, is->width, - is->height < slide_height ? is->height : slide_height); - switch (sb) { - case SB_CAPSICUM: - if (is->error == 99) - error = 99; - break; - case SB_CHERI: - olen = sizeof(sv2); - sysctlbyname("security.cheri.syscall_violations", - &sv2, &olen, NULL, 0); - if (sv1 != sv2) - error = 99; - break; - default: - break; - } - iboxstate_free(is); - f_width = fb_get_font_width(); f_height = fb_get_font_height(); if ((uint)slidenum < (sizeof(sntext) - 1) * 10) { @@ -562,6 +568,16 @@ free(snimage); } + /* Drawing done, redraw header to clear FB_BUSY */ + fb_post_region(__DEVOLATILE(uint32_t *, hdris->buffer), + slide_fcol + slide_width - hdris->width, 0, hdris->width, + hdris->height); + /* Fill in the header's background. */ + for (r = 0; r < hdris->height; r++) + fb_fill_region(hdris->buffer[r * hdris->width], 0, r, + fb_width, 1); + iboxstate_free(hdris); + return (error); } @@ -704,6 +720,22 @@ } } +static void +init_header_height(void) +{ + int pfd; + struct iboxstate *is; + + if ((pfd = open("/usr/share/images/header.png", O_RDONLY)) == -1) + err(1, "Failed to open header.png"); + if ((is = png_read_start(pfd, slide_width, fb_height, -1, sb)) == NULL) + errx(1, "Failed to start PNG decode for header.png"); + if (png_read_finish(is) != 0) + errx(1, "png_read_finish() failed for header.png"); + header_height = is->height; + iboxstate_free(is); +} + int main(int argc, char **argv) { @@ -754,6 +786,7 @@ busy_indicator(); set_display_mode(res); + init_header_height(); printf("reading slides\n"); From owner-p4-projects@FreeBSD.ORG Fri Nov 16 01:50:53 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 32CF56E0; Fri, 16 Nov 2012 01:50:53 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C20CE6DD for ; Fri, 16 Nov 2012 01:50:52 +0000 (UTC) (envelope-from brooks@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 9D26E8FC0C for ; Fri, 16 Nov 2012 01:50:52 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAG1oqTd086470 for ; Fri, 16 Nov 2012 01:50:52 GMT (envelope-from brooks@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAG1oq7G086467 for perforce@freebsd.org; Fri, 16 Nov 2012 01:50:52 GMT (envelope-from brooks@freebsd.org) Date: Fri, 16 Nov 2012 01:50:52 GMT Message-Id: <201211160150.qAG1oq7G086467@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to brooks@freebsd.org using -f From: Brooks Davis Subject: PERFORCE change 219803 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Nov 2012 01:50:53 -0000 http://p4web.freebsd.org/@@219803?ac=10 Change 219803 by brooks@brooks_zenith on 2012/11/16 01:50:22 Correct display of the header image by moving the rendering to the end and not drawing over it (except for the sandbox indicator). Affected files ... .. //depot/projects/ctsrd/cheribsd/src/ctsrd/cheripoint/cheripoint.c#10 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/ctsrd/cheripoint/cheripoint.c#10 (text+ko) ==== @@ -480,35 +480,7 @@ } iboxstate_free(is); - /* - * Draw the header with image at the upper right. Assume - * the background color is the same on each row and that the - * left most pixel of the image is that color. - */ - if ((pfd = open("/usr/share/images/header.png", O_RDONLY)) == -1) { - warn("Failed to open header.png"); - return (-1); - } - if ((hdris = png_read_start(pfd, slide_width, fb_height, -1, sb)) == - NULL) { - warn("Failed to start PNG decode for header.png"); - return (-1); - } - if (png_read_finish(hdris) != 0) { - warnx("png_read_finish() failed for header.png"); - return (-1); - } - /* Fill in the header's background. */ - for (r = 0; r < hdris->height; r++) - fb_fill_region(hdris->buffer[r * hdris->width], 0, r, - fb_width, 1); - fb_post_region(__DEVOLATILE(uint32_t *, hdris->buffer), - slide_fcol + slide_width - hdris->width, 0, hdris->width, - hdris->height); FB_BUSY; - if (sb_vis && sb != SB_NONE) - fb_rectangle(red, 2, slide_fcol + slide_width - hdris->width, - 0, hdris->width, hdris->height); /* put an SRI logo in the lower left corner */ if ((pfd = open("/usr/share/images/sri.png", O_RDONLY)) == -1) { @@ -568,14 +540,34 @@ free(snimage); } - /* Drawing done, redraw header to clear FB_BUSY */ - fb_post_region(__DEVOLATILE(uint32_t *, hdris->buffer), - slide_fcol + slide_width - hdris->width, 0, hdris->width, - hdris->height); + /* + * Draw the header with image at the upper right. Assume + * the background color is the same on each row and that the + * left most pixel of the image is that color. + */ + if ((pfd = open("/usr/share/images/header.png", O_RDONLY)) == -1) { + warn("Failed to open header.png"); + return (-1); + } + if ((hdris = png_read_start(pfd, slide_width, fb_height, -1, sb)) == + NULL) { + warn("Failed to start PNG decode for header.png"); + return (-1); + } + if (png_read_finish(hdris) != 0) { + warnx("png_read_finish() failed for header.png"); + return (-1); + } /* Fill in the header's background. */ for (r = 0; r < hdris->height; r++) fb_fill_region(hdris->buffer[r * hdris->width], 0, r, fb_width, 1); + fb_post_region(__DEVOLATILE(uint32_t *, hdris->buffer), + slide_fcol + slide_width - hdris->width, 0, hdris->width, + hdris->height); + if (sb_vis && sb != SB_NONE) + fb_rectangle(red, 2, slide_fcol + slide_width - hdris->width, + 0, hdris->width, hdris->height); iboxstate_free(hdris); return (error);