Date: Wed, 30 May 2012 02:14:56 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 211963 for review Message-ID: <201205300214.q4U2EuRa094742@skunkworks.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@211963?ac=10 Change 211963 by rwatson@rwatson_svr_ctsrd_mipsbuild on 2012/05/30 02:14:54 Checkpoint work-in-progress kernel context switch support for the CHERI capability coprocessor: a template user capability is created during boot, and then used to populate user registers when a new user context is created during execve(). More explicitly manage the difference between user and kernel capability contexts, moving the existing CP2 frame to struct pcb, and adding a second one for the kernel. This is not yet believed to work, but best to submit before getting on a plane! Affected files ... .. //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/cp2.c#5 edit .. //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/cp2.h#6 edit .. //depot/projects/ctsrd/cheribsd/src/sys/mips/include/pcb.h#2 edit .. //depot/projects/ctsrd/cheribsd/src/sys/mips/include/proc.h#3 edit .. //depot/projects/ctsrd/cheribsd/src/sys/mips/mips/pm_machdep.c#3 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/cp2.c#5 (text+ko) ==== @@ -29,6 +29,10 @@ */ #include <sys/param.h> +#include <sys/kernel.h> +#include <sys/proc.h> + +#include <mips/include/pcb.h> #include <mips/cheri/cp2.h> @@ -48,6 +52,11 @@ */ /* + * Template capability delegating ambient authority to userspace processes. + */ +static struct capability cp2_user_template; + +/* * Given an existing more privileged capability (fromcrn), build a new * capability in tocrn with the contents of the passed flattened * representation. @@ -81,6 +90,18 @@ } void +cp2_capability_set_upriv(struct capability *cp) +{ + + /* + * XXXRW: Note assumption that MIPS_XUSEG_START == NULL. Perhaps + * should be a CTASSERT(). + */ + cp2_capability_set(cp, CHERI_PERM_ALL, NULL, NULL, + MIPS_XUSEG_END); +} + +void cp2_capability_set_null(struct capability *cp) { @@ -101,97 +122,42 @@ cp2_capability_copy(struct capability *cp_to, struct capability *cp_from) { - CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, cp_from); - CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, cp_to); + cp2_capability_load(CHERI_CR_CT0, cp_from); + cp2_capability_store(CHERI_CR_CT0, cp_to); } void cp2_context_copy(struct cp2_frame *cf_destp, struct cp2_frame *cf_srcp) { - CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c0); - CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c0); - - CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c1); - CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c1); - - CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c2); - CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c2); - - CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c3); - CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c3); - - CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c4); - CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c4); - - CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c5); - CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c5); - - CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c6); - CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c6); - - CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c7); - CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c7); - - CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c8); - CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c8); - - CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c9); - CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c9); - - CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c10); - CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c10); - - CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c11); - CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c11); - - CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c12); - CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c12); - - CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c13); - CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c13); - - CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c14); - CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c14); - - CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c15); - CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c15); - - CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c16); - CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c16); - - CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c17); - CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c17); - - CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c18); - CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c18); - - CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c19); - CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c19); - - CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c20); - CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c20); - - CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c21); - CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c21); - - CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c22); - CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c22); - - CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c23); - CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c23); - - CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_c24); - CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_c24); - - CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_udc); - CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_udc); - - CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_tsc); - CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_tsc); - - CP2_CR_LOAD(CHERI_CR_CT0, CHERI_CR_KDC, &cf_srcp->cf_pcc); - CP2_CR_STORE(CHERI_CR_CT0, CHERI_CR_KDC, &cf_destp->cf_pcc); + cp2_capability_copy(&cf_destp->cf_c0, &cf_srcp->cf_c0); + cp2_capability_copy(&cf_destp->cf_c1, &cf_srcp->cf_c1); + cp2_capability_copy(&cf_destp->cf_c2, &cf_srcp->cf_c2); + cp2_capability_copy(&cf_destp->cf_c3, &cf_srcp->cf_c3); + cp2_capability_copy(&cf_destp->cf_c4, &cf_srcp->cf_c4); + cp2_capability_copy(&cf_destp->cf_c5, &cf_srcp->cf_c5); + cp2_capability_copy(&cf_destp->cf_c6, &cf_srcp->cf_c6); + cp2_capability_copy(&cf_destp->cf_c7, &cf_srcp->cf_c7); + cp2_capability_copy(&cf_destp->cf_c8, &cf_srcp->cf_c8); + cp2_capability_copy(&cf_destp->cf_c9, &cf_srcp->cf_c9); + cp2_capability_copy(&cf_destp->cf_c10, &cf_srcp->cf_c10); + cp2_capability_copy(&cf_destp->cf_c11, &cf_srcp->cf_c11); + cp2_capability_copy(&cf_destp->cf_c12, &cf_srcp->cf_c12); + cp2_capability_copy(&cf_destp->cf_c13, &cf_srcp->cf_c13); + cp2_capability_copy(&cf_destp->cf_c14, &cf_srcp->cf_c14); + cp2_capability_copy(&cf_destp->cf_c15, &cf_srcp->cf_c15); + cp2_capability_copy(&cf_destp->cf_c16, &cf_srcp->cf_c16); + cp2_capability_copy(&cf_destp->cf_c17, &cf_srcp->cf_c17); + cp2_capability_copy(&cf_destp->cf_c18, &cf_srcp->cf_c18); + cp2_capability_copy(&cf_destp->cf_c19, &cf_srcp->cf_c19); + cp2_capability_copy(&cf_destp->cf_c20, &cf_srcp->cf_c20); + cp2_capability_copy(&cf_destp->cf_c21, &cf_srcp->cf_c21); + cp2_capability_copy(&cf_destp->cf_c22, &cf_srcp->cf_c22); + cp2_capability_copy(&cf_destp->cf_c23, &cf_srcp->cf_c23); + cp2_capability_copy(&cf_destp->cf_c24, &cf_srcp->cf_c24); + cp2_capability_copy(&cf_destp->cf_udc, &cf_srcp->cf_udc); + cp2_capability_copy(&cf_destp->cf_tsc, &cf_srcp->cf_tsc); + cp2_capability_copy(&cf_destp->cf_pcc, &cf_srcp->cf_pcc); } /* @@ -477,3 +443,56 @@ break; } } + +static void +cheri_init(void *arg) +{ + + /* + * Initialise a template capability that will be used when + * configuring new user processes. + * + * XXXRW: Currently, this delegates the full address space -- more + * ideally, we'd limit it to user portions of the address space, + * reinforcing the MIPS segment and ring model. + */ + cp2_capability_set_priv(&cp2_user_template); +} +SYSINIT(elf32, SI_SUB_CREATE_INIT, SI_ORDER_ANY, cheri_init, NULL); + +void +cheri_exec_setregs(struct thread *td) +{ + struct cp2_frame *cfp; + + cfp = &td->td_pcb->pcb_ucp2frame; + cp2_capability_load(CHERI_CR_CT0, &cp2_user_template); + cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c0); + cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c1); + cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c2); + cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c3); + cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c4); + cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c5); + cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c6); + cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c7); + cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c8); + cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c9); + cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c10); + cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c11); + cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c12); + cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c13); + cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c14); + cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c15); + cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c16); + cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c17); + cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c18); + cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c19); + cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c20); + cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c21); + cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c22); + cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c23); + cp2_capability_store(CHERI_CR_CT0, &cfp->cf_c24); + cp2_capability_store(CHERI_CR_CT0, &cfp->cf_udc); + cp2_capability_store(CHERI_CR_CT0, &cfp->cf_tsc); + cp2_capability_store(CHERI_CR_CT0, &cfp->cf_pcc); +} ==== //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/cp2.h#6 (text+ko) ==== @@ -257,6 +257,20 @@ : "i" (crn_to), "i" (crn_base), "r" (offset)); \ } while (0) +static inline void +cp2_capability_load(u_int crn_to, struct capability *cp) +{ + + CP2_CR_LOAD(crn_to, CHERI_CR_KDC, cp); +} + +static inline void +cp2_capability_store(u_int crn_from, struct capability *cp) +{ + + CP2_CR_STORE(crn_from, CHERI_CR_KDC, cp); +} + /* * Extract a flattened but useful memory representation of a complete * capability register. @@ -349,15 +363,17 @@ * APIs that act on C language representations of capabilities -- but not * capabilities themselves. */ +void cp2_capability_copy(struct capability *cp_to, + struct capability *cp_from); void cp2_capability_set(struct capability *cp, uint32_t uperms, void *otypep /* eaddr */, void *basep, uint64_t length); - void cp2_capability_set_priv(struct capability *cp); +void cp2_capability_set_upriv(struct capability *cp); void cp2_capability_set_null(struct capability *cp); -void cp2_capability_copy(struct capability *cp_to, - struct capability *cp_from); void cp2_context_copy(struct cp2_frame *cf_destp, struct cp2_frame *cf_srcp); +void cheri_exec_setregs(struct thread *td); + #endif /* _MIPS_CHERI_CP2_H_ */ ==== //depot/projects/ctsrd/cheribsd/src/sys/mips/include/pcb.h#2 (text+ko) ==== @@ -44,13 +44,23 @@ #include <machine/frame.h> +#ifdef CPU_CHERI +#include <mips/cheri/cp2.h> +#endif + /* * MIPS process control block */ struct pcb { struct trapframe pcb_regs; /* saved CPU and registers */ +#ifdef CPU_CHERI + struct cp2_frame pcb_ucp2frame; +#endif __register_t pcb_context[14]; /* kernel context for resume */ +#ifdef CPU_CHERI + struct cp2_frame pcb_cp2frame; +#endif void *pcb_onfault; /* for copyin/copyout faults */ register_t pcb_tpc; }; ==== //depot/projects/ctsrd/cheribsd/src/sys/mips/include/proc.h#3 (text+ko) ==== @@ -65,9 +65,6 @@ int md_pc_count; /* performance counter */ int md_pc_spill; /* performance counter spill */ void *md_tls; -#if defined(CPU_CHERI) - struct cp2_frame md_cp2frame; -#endif #ifdef CPU_CNMIPS struct octeon_cop2_state *md_cop2; /* kernel context */ struct octeon_cop2_state *md_ucop2; /* userland context */ ==== //depot/projects/ctsrd/cheribsd/src/sys/mips/mips/pm_machdep.c#3 (text+ko) ==== @@ -69,6 +69,10 @@ #include <fs/pseudofs/pseudofs.h> #include <fs/procfs/procfs.h> +#ifdef CPU_CHERI +#include <mips/cheri/cp2.h> +#endif + #define UCONTEXT_MAGIC 0xACEDBADE /* @@ -525,6 +529,7 @@ #endif #if defined(CPU_CHERI) td->td_frame->sr |= MIPS_SR_COP_2_BIT; + cheri_exec_setregs(td); #endif /* * FREEBSD_DEVELOPERS_FIXME:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201205300214.q4U2EuRa094742>