Date: Wed, 2 Oct 2013 14:08:14 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 931386 for review Message-ID: <201310021408.r92E8EPU043468@skunkworks.freebsd.org>
index | next in thread | raw e-mail
http://p4web.freebsd.org/@@931386?ac=10 Change 931386 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2013/10/02 14:07:34 Flesh out the remainder of the basic substance of a software-path CCall, but with some notable XXX's involving error handling and the trusted stack. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/ccall.S#8 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/ccall.S#8 (text+ko) ==== @@ -110,11 +110,69 @@ * XXXRW: Temporarily, store a one-entry trusted stack in a global. k1 should * eventually point to the next entry in td->td_pcb.pcb_cheristack, with an * overflow check. + * + * XXXRW: We'd like a CSetCause so that we can jump to the general CP2 + * exception handler from here after setting its state appropriately. + * + * NB: No attempt to make this pipeline well yet -- branch-delay slots not + * well-utilised, some CP2 fields accessed multiple times. */ CHERICCall: .set push .set noat + /* First, test argument registers for tag validity. */ + cbtu CHERI_REG_CCALLCODE, CCall_c1_invalid + nop + cbtu CHERI_REG_CCALLDATA, CCall_c2_invalid + nop + + /* Second, check for the sealed bit on both arguments. */ + cgetunsealed k0, CHERI_REG_CCALLCODE + beqz k0, CCall_c1_unsealed + nop + + cgetunsealed k0, CHERI_REG_CCALLDATA + beqz k0, CCall_c2_unsealed + nop + + /* Third, check for type equality. */ + cgettype k0, CHERI_REG_CCALLCODE + cgettype k1, CHERI_REG_CCALLDATA + bne k0, k1, CCall_c1_c2_type_mismatch + nop + + /* Fourth, check permissions. */ + cgetperm k0, CHERI_REG_CCALLCODE + REG_LI k1, CHERI_PERM_SEAL | CHERI_PERM_EXECUTE + and k0, k0, k1 + beq k0, k1, CCall_c1_perms + nop + + /* Fifth, check proposed PC is not lower than base. */ + cgetbase k0, CHERI_REG_CCALLCODE + cgettype k1, CHERI_REG_CCALLCODE + sltu k1, k1, k0 + bne k1, zero, CCall_c1_range + nop + + /* + * Sixth, check proposed PC is not greater than base + length - 4. + * + * XXXRW: CHERI ISA spec calls for '-1'; we use '4' as it is the + * length of an instruction. + * + * XXXRW: Check this logic. + */ + cgetbase k0, CHERI_REG_CCALLCODE + cgetlen k1, CHERI_REG_CCALLCODE + PTR_ADDU k0, k0, k1 + PTR_SUBIU k0, 4 + cgettype k1, CHERI_REG_CCALLCODE + sltu k1, k1, k0 + bne k1, zero, CCall_c1_range + nop + /* XXXRW: Change to PCB reference in the future. */ PTR_LA k1, cheri_tsc_hack @@ -160,6 +218,22 @@ CHERI_EXCEPTION_RETURN(k0) eret + +CCall_c1_invalid: +CCall_c2_invalid: +CCall_c1_unsealed: +CCall_c2_unsealed: +CCall_c1_c2_type_mismatch: +CCall_c1_perms: +CCall_c1_range: + /* XXXRW: For now, treat as a NOP. */ + MFC0 k0, MIPS_COP_0_EXC_PC + PTR_ADDIU k0, 4 + MTC0 k0, MIPS_COP_0_EXC_PC + + CHERI_EXCEPTION_RETURN(k0); + eret + .set pop /* @@ -172,6 +246,13 @@ * XXXRW: Temporarily, store a one-entry trusted stack in a global. k1 should * eventually point to the next entry in td->td_pcb.pcb_cheristack, with an * underflow check. + * + * XXXRW: We'd like a CSetCause so that we can jump to the general CP2 + * exception handler from here after setting its state appropriately. + * + * Possible failure modes: + * + * 1. Trusted stack underflow. XXXRW: How to deal with this? */ CHERICReturn: .set push @@ -193,4 +274,14 @@ CHERI_EXCEPTION_RETURN(k0) eret - .set pop + +CReturn_error: + /* XXXRW: For now, treat as a NOP. */ + MFC0 k0, MIPS_COP_0_EXC_PC + PTR_ADDIU k0, 4 + MTC0 k0, MIPS_COP_0_EXC_PC + + CHERI_EXCEPTION_RETURN(k0) + eret + + .set pophome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201310021408.r92E8EPU043468>