Date: Tue, 27 Nov 2012 22:53:06 GMT From: Brooks Davis <brooks@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 219857 for review Message-ID: <201211272253.qARMr6G2037699@skunkworks.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@219857?ac=10 Change 219857 by brooks@brooks_zenith on 2012/11/27 22:52:29 Add the ability to break into the debugger on a capability exception. This behavior is controlled by the sysctl security.cheri.debugger_on_exception which defaults to off. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/cheri.c#11 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/cheri.c#11 (text+ko) ==== @@ -36,6 +36,7 @@ #include <sys/sysctl.h> #include <ddb/ddb.h> +#include <sys/kdb.h> #include <machine/atomic.h> #include <machine/cheri.h> @@ -64,6 +65,11 @@ SYSCTL_UINT(_security_cheri, OID_AUTO, syscall_violations, CTLFLAG_RD, &security_cheri_syscall_violations, 0, "Number of system calls blocked"); +static u_int security_cheri_debugger_on_exception; +SYSCTL_UINT(_security_cheri, OID_AUTO, debugger_on_exception, CTLFLAG_RW, + &security_cheri_debugger_on_exception, 0, + "Run debugger on CHERI exception"); + /* * Given an existing more privileged capability (fromcrn), build a new * capability in tocrn with the contents of the passed flattened @@ -331,6 +337,11 @@ CHERI_CGETTAG(ctag, 31); intr_enable(); CHERI_REG_PRINT(c, ctag, 31); + +#if DDB + if (security_cheri_debugger_on_exception) + kdb_enter(KDB_WHY_CHERI, "CHERI exception"); +#endif } /*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201211272253.qARMr6G2037699>