From owner-p4-projects@FreeBSD.ORG Wed Oct 2 14:08:15 2013 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 3C8803C0; Wed, 2 Oct 2013 14:08:15 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id D9FBA3BE for ; Wed, 2 Oct 2013 14:08:14 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [8.8.178.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id C54C42D6B for ; Wed, 2 Oct 2013 14:08:14 +0000 (UTC) Received: from skunkworks.freebsd.org ([127.0.1.74]) by skunkworks.freebsd.org (8.14.7/8.14.7) with ESMTP id r92E8E8t043471 for ; Wed, 2 Oct 2013 14:08:14 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.7/8.14.6/Submit) id r92E8EPU043468 for perforce@freebsd.org; Wed, 2 Oct 2013 14:08:14 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Wed, 2 Oct 2013 14:08:14 GMT Message-Id: <201310021408.r92E8EPU043468@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 931386 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Oct 2013 14:08:15 -0000 http://p4web.freebsd.org/@@931386?ac=10 Change 931386 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2013/10/02 14:07:34 Flesh out the remainder of the basic substance of a software-path CCall, but with some notable XXX's involving error handling and the trusted stack. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/ccall.S#8 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/ccall.S#8 (text+ko) ==== @@ -110,11 +110,69 @@ * XXXRW: Temporarily, store a one-entry trusted stack in a global. k1 should * eventually point to the next entry in td->td_pcb.pcb_cheristack, with an * overflow check. + * + * XXXRW: We'd like a CSetCause so that we can jump to the general CP2 + * exception handler from here after setting its state appropriately. + * + * NB: No attempt to make this pipeline well yet -- branch-delay slots not + * well-utilised, some CP2 fields accessed multiple times. */ CHERICCall: .set push .set noat + /* First, test argument registers for tag validity. */ + cbtu CHERI_REG_CCALLCODE, CCall_c1_invalid + nop + cbtu CHERI_REG_CCALLDATA, CCall_c2_invalid + nop + + /* Second, check for the sealed bit on both arguments. */ + cgetunsealed k0, CHERI_REG_CCALLCODE + beqz k0, CCall_c1_unsealed + nop + + cgetunsealed k0, CHERI_REG_CCALLDATA + beqz k0, CCall_c2_unsealed + nop + + /* Third, check for type equality. */ + cgettype k0, CHERI_REG_CCALLCODE + cgettype k1, CHERI_REG_CCALLDATA + bne k0, k1, CCall_c1_c2_type_mismatch + nop + + /* Fourth, check permissions. */ + cgetperm k0, CHERI_REG_CCALLCODE + REG_LI k1, CHERI_PERM_SEAL | CHERI_PERM_EXECUTE + and k0, k0, k1 + beq k0, k1, CCall_c1_perms + nop + + /* Fifth, check proposed PC is not lower than base. */ + cgetbase k0, CHERI_REG_CCALLCODE + cgettype k1, CHERI_REG_CCALLCODE + sltu k1, k1, k0 + bne k1, zero, CCall_c1_range + nop + + /* + * Sixth, check proposed PC is not greater than base + length - 4. + * + * XXXRW: CHERI ISA spec calls for '-1'; we use '4' as it is the + * length of an instruction. + * + * XXXRW: Check this logic. + */ + cgetbase k0, CHERI_REG_CCALLCODE + cgetlen k1, CHERI_REG_CCALLCODE + PTR_ADDU k0, k0, k1 + PTR_SUBIU k0, 4 + cgettype k1, CHERI_REG_CCALLCODE + sltu k1, k1, k0 + bne k1, zero, CCall_c1_range + nop + /* XXXRW: Change to PCB reference in the future. */ PTR_LA k1, cheri_tsc_hack @@ -160,6 +218,22 @@ CHERI_EXCEPTION_RETURN(k0) eret + +CCall_c1_invalid: +CCall_c2_invalid: +CCall_c1_unsealed: +CCall_c2_unsealed: +CCall_c1_c2_type_mismatch: +CCall_c1_perms: +CCall_c1_range: + /* XXXRW: For now, treat as a NOP. */ + MFC0 k0, MIPS_COP_0_EXC_PC + PTR_ADDIU k0, 4 + MTC0 k0, MIPS_COP_0_EXC_PC + + CHERI_EXCEPTION_RETURN(k0); + eret + .set pop /* @@ -172,6 +246,13 @@ * XXXRW: Temporarily, store a one-entry trusted stack in a global. k1 should * eventually point to the next entry in td->td_pcb.pcb_cheristack, with an * underflow check. + * + * XXXRW: We'd like a CSetCause so that we can jump to the general CP2 + * exception handler from here after setting its state appropriately. + * + * Possible failure modes: + * + * 1. Trusted stack underflow. XXXRW: How to deal with this? */ CHERICReturn: .set push @@ -193,4 +274,14 @@ CHERI_EXCEPTION_RETURN(k0) eret - .set pop + +CReturn_error: + /* XXXRW: For now, treat as a NOP. */ + MFC0 k0, MIPS_COP_0_EXC_PC + PTR_ADDIU k0, 4 + MTC0 k0, MIPS_COP_0_EXC_PC + + CHERI_EXCEPTION_RETURN(k0) + eret + + .set pop