From owner-p4-projects@FreeBSD.ORG Fri Nov 9 19:17:00 2012 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id CC719D3B; Fri, 9 Nov 2012 19:17:00 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 75E61D38 for ; Fri, 9 Nov 2012 19:17:00 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 384ED8FC08 for ; Fri, 9 Nov 2012 19:17:00 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qA9JH0M4013372 for ; Fri, 9 Nov 2012 19:17:00 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qA9JGxex013369 for perforce@freebsd.org; Fri, 9 Nov 2012 19:16:59 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Fri, 9 Nov 2012 19:16:59 GMT Message-Id: <201211091916.qA9JGxex013369@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 219706 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Nov 2012 19:17:01 -0000 http://p4web.freebsd.org/@@219706?ac=10 Change 219706 by rwatson@rwatson_svr_ctsrd_mipsbuild on 2012/11/09 19:16:20 Add new cheritest commands: sandbox, unsandbox, and yieldtest, which are intended to help validate that the kernel is correctly preventing sandboxed userspace code from performing system calls. "sandboxed" in this case simply means a minor adjustment to $C0 that won't affect actual code execution, just the kernel's gating of system calls. Hopefully. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/bin/cheritest/cheritest.c#5 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/bin/cheritest/cheritest.c#5 (text+ko) ==== @@ -31,8 +31,11 @@ #include #include +#include +#include #include +#include #include #include #include @@ -64,7 +67,10 @@ fprintf(stderr, "cheritest copyregs\n"); fprintf(stderr, "cheritest listregs\n"); fprintf(stderr, "cheritest overrun\n"); + fprintf(stderr, "cheritest sandbox\n"); fprintf(stderr, "cheritest sleep\n"); + fprintf(stderr, "cheritest unsandbox\n"); + fprintf(stderr, "cheritest yieldtest\n"); exit(EX_USAGE); } @@ -86,7 +92,6 @@ cheritest_copyregs(void) { - CHERI_CMOVE(1, 0); CHERI_CMOVE(2, 0); CHERI_CMOVE(3, 0); CHERI_CMOVE(4, 0); @@ -133,6 +138,42 @@ CHERI_CAPREG_PRINT(26); } +static void +cheritest_sandbox(void) +{ + + /* + * Install a limited C0 so that the kernel will no longer accept + * system calls. + */ + CHERI_CSETLEN(0, 1, CHERI_CAP_USER_LENGTH - 1); + +} + +static void +cheritest_unsandbox(void) +{ + + /* + * Restore a more privielged C0 so that the kernel will accept system + * calls again. + */ + CHERI_CSETLEN(0, 1, CHERI_CAP_USER_LENGTH); +} + +static void +cheritest_yieldtest(void) +{ + int ret; + + cheritest_sandbox(); + ret = sched_yield(); + cheritest_unsandbox(); + if (ret) + err(1, "sched_yield"); + +} + int main(__unused int argc, __unused char *argv[]) { @@ -149,6 +190,9 @@ if (argc == 0) usage(); + /* Save original C0 in C1 for later use. */ + CHERI_CMOVE(1, 0); + for (i = 0; i < argc; i++) { if (strcmp(argv[0], "listregs") == 0) cheritest_listregs(); @@ -156,8 +200,14 @@ cheritest_copyregs(); else if (strcmp(argv[0], "overrun") == 0) cheritest_overrun(); + else if (strcmp(argv[0], "sandbox") == 0) + cheritest_sandbox(); else if (strcmp(argv[0], "sleep") == 0) sleep(10); + else if (strcmp(argv[0], "unsandbox") == 0) + cheritest_unsandbox(); + else if (strcmp(argv[0], "yieldtest") == 0) + cheritest_yieldtest(); else usage(); }