Date: Sat, 10 Nov 2012 00:32:27 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 219713 for review Message-ID: <201211100032.qAA0WRta026900@skunkworks.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@219713?ac=10 Change 219713 by rwatson@rwatson_svr_ctsrd_mipsbuild on 2012/11/10 00:31:27 Perform CHERI sandbox checks just before Capsicum sandbox checks, rather than earlier in system call handling -- specifically, after system call arguments are copied in, and PC updates may have been performed. Otherwise, we repeat the offending system call indefinitely, spinning in and out of the kernel. With this change, sandboxed userspace components are now blocked from making system calls. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/sys/kern/subr_syscall.c#6 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/sys/kern/subr_syscall.c#6 (text+ko) ==== @@ -77,16 +77,6 @@ } else traced = 0; -#ifdef CPU_CHERI - /* - * Constrain code that can originate system calls if userspace - * sandboxing is available. - */ - error = cheri_syscall_authorize(td); - if (error) - goto retval; -#endif - error = (p->p_sysent->sv_fetch_syscall_args)(td, sa); #ifdef KTRACE if (KTRPOINT(td, KTR_SYSCALL)) @@ -119,6 +109,16 @@ goto retval; } +#ifdef CPU_CHERI + /* + * Constrain code that can originate system calls if + * userspace sandboxing is available. + */ + error = cheri_syscall_authorize(td); + if (error) + goto retval; +#endif + #ifdef CAPABILITY_MODE /* * In capability mode, we only allow access to system calls
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201211100032.qAA0WRta026900>