From owner-p4-projects@FreeBSD.ORG  Sat Nov 10 00:32:27 2012
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
 id AD77499B; Sat, 10 Nov 2012 00:32:27 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 6EE5F999
 for <perforce@freebsd.org>; Sat, 10 Nov 2012 00:32:27 +0000 (UTC)
 (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from skunkworks.freebsd.org (skunkworks.freebsd.org
 [IPv6:2001:4f8:fff6::2d])
 by mx1.freebsd.org (Postfix) with ESMTP id 545058FC08
 for <perforce@freebsd.org>; Sat, 10 Nov 2012 00:32:27 +0000 (UTC)
Received: from skunkworks.freebsd.org (localhost [127.0.0.1])
 by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAA0WRH0026903
 for <perforce@freebsd.org>; Sat, 10 Nov 2012 00:32:27 GMT
 (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
 by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAA0WRta026900
 for perforce@freebsd.org; Sat, 10 Nov 2012 00:32:27 GMT
 (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Sat, 10 Nov 2012 00:32:27 GMT
Message-Id: <201211100032.qAA0WRta026900@skunkworks.freebsd.org>
X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to
 bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
Subject: PERFORCE change 219713 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Precedence: bulk
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.14
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/p4-projects>,
 <mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
 <mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Nov 2012 00:32:27 -0000

http://p4web.freebsd.org/@@219713?ac=10

Change 219713 by rwatson@rwatson_svr_ctsrd_mipsbuild on 2012/11/10 00:31:27

	Perform CHERI sandbox checks just before Capsicum sandbox checks,
	rather than earlier in system call handling -- specifically, after
	system call arguments are copied in, and PC updates may have been
	performed.  Otherwise, we repeat the offending system call
	indefinitely, spinning in and out of the kernel.  With this change,
	sandboxed userspace components are now blocked from making system
	calls.

Affected files ...

.. //depot/projects/ctsrd/cheribsd/src/sys/kern/subr_syscall.c#6 edit

Differences ...

==== //depot/projects/ctsrd/cheribsd/src/sys/kern/subr_syscall.c#6 (text+ko) ====

@@ -77,16 +77,6 @@
 	} else
 		traced = 0;
 
-#ifdef CPU_CHERI
-	/*
-	 * Constrain code that can originate system calls if userspace
-	 * sandboxing is available.
-	 */
-	error = cheri_syscall_authorize(td);
-	if (error)
-		goto retval;
-#endif
-
 	error = (p->p_sysent->sv_fetch_syscall_args)(td, sa);
 #ifdef KTRACE
 	if (KTRPOINT(td, KTR_SYSCALL))
@@ -119,6 +109,16 @@
 				goto retval;
 		}
 
+#ifdef CPU_CHERI
+		/*
+		 * Constrain code that can originate system calls if
+		 * userspace sandboxing is available.
+		 */
+		error = cheri_syscall_authorize(td);
+		if (error)
+			goto retval;
+#endif
+
 #ifdef CAPABILITY_MODE
 		/*
 		 * In capability mode, we only allow access to system calls