From owner-p4-projects@FreeBSD.ORG Mon Nov 12 01:44:02 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 508F8CCD; Mon, 12 Nov 2012 01:44:02 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0AE25CCB for ; Mon, 12 Nov 2012 01:44:02 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id CA6BB8FC08 for ; Mon, 12 Nov 2012 01:44:01 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAC1i1hw039313 for ; Mon, 12 Nov 2012 01:44:01 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAC1i1AD039310 for perforce@freebsd.org; Mon, 12 Nov 2012 01:44:01 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Mon, 12 Nov 2012 01:44:01 GMT Message-Id: <201211120144.qAC1i1AD039310@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 219755 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Nov 2012 01:44:02 -0000 http://p4web.freebsd.org/@@219755?ac=10 Change 219755 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2012/11/12 01:43:30 Test implementation of multi-segment process sandboxing using CHERI on top of CheriBSD. Currently, just CJALR and CJR are used, rather than CCALL and CRETURN, so this is really just about memory protection rather than mutual distrust, but it appears to mostly work. A very simple sandbox API is implemented, which allows appropriately linked code to be loaded from disk and multiple sandboxes using that code to be instantiated, each to be invoked using a sandbox_invoke() function. Much future maturity will be found here at some point. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/bin/cheritest/Makefile#2 edit .. //depot/projects/ctsrd/cheribsd/src/bin/cheritest/cheritest.c#7 edit .. //depot/projects/ctsrd/cheribsd/src/bin/cheritest/mips64/sandboxasm.S#1 add .. //depot/projects/ctsrd/cheribsd/src/bin/cheritest/sandbox.c#1 add .. //depot/projects/ctsrd/cheribsd/src/bin/cheritest/sandbox.h#1 add Differences ... ==== //depot/projects/ctsrd/cheribsd/src/bin/cheritest/Makefile#2 (text+ko) ==== @@ -1,7 +1,12 @@ # $FreeBSD$ PROG= cheritest -SRCS= cheritest.c +SRCS= cheritest.c sandbox.c sandboxasm.S NO_MAN=yes +FILES= sandboxasm.o +CLEANFILES= sandboxasm.o + +.PATH: ${.CURDIR}/${MACHINE_ARCH} + .include ==== //depot/projects/ctsrd/cheribsd/src/bin/cheritest/cheritest.c#7 (text+ko) ==== @@ -42,6 +42,8 @@ #include #include +#include "sandbox.h" + #define CHERI_CAPREG_PRINT(crn) do { \ register_t c_tag; \ register_t c_unsealed, c_perms, c_otype, c_base, c_length; \ @@ -68,6 +70,7 @@ fprintf(stderr, "cheritest listregs\n"); fprintf(stderr, "cheritest overrun\n"); fprintf(stderr, "cheritest sandbox\n"); + fprintf(stderr, "cheritest sandbox_invoke\n"); fprintf(stderr, "cheritest sleep\n"); fprintf(stderr, "cheritest unsandbox\n"); fprintf(stderr, "cheritest syscalltest\n"); @@ -150,6 +153,20 @@ } static void +cheritest_sandbox_invoke(void) +{ + struct sandbox *sb; + register_t v; + + if (sandbox_setup("/usr/libexec/cheritest-helper.bin", 1024*1024, + &sb) < 0) + err(1, "sandbox_setup"); + + v = sandbox_invoke(sb, 0, 0, 0, 0, NULL, NULL); + printf("%s: sandbox returned %ju\n", __func__, (uintmax_t)v); +} + +static void cheritest_unsandbox(void) { @@ -202,6 +219,8 @@ cheritest_overrun(); else if (strcmp(argv[i], "sandbox") == 0) cheritest_sandbox(); + else if (strcmp(argv[i], "sandbox_invoke") == 0) + cheritest_sandbox_invoke(); else if (strcmp(argv[i], "sleep") == 0) sleep(10); else if (strcmp(argv[i], "unsandbox") == 0)