Date: Mon, 12 Nov 2012 16:08:00 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 219761 for review Message-ID: <201211121608.qACG80Yl072983@skunkworks.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@219761?ac=10 Change 219761 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2012/11/12 16:07:26 Do a bit more legwork so that we can try and convince ourselves that libraries linked into sandboxed code work; do this by linking in libmd. Provide a number of system call stubs depended on by the library, which mostly return ECAPMODE. Also provide an errno implementation. We will want to expand this example shortly to illustrate how capability-unaware code can copy in arguments and out return values via capabilities using utility routines, as will be required for libpng. Affected files ... .. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/Makefile#5 edit .. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/cheritest-helper.c#3 edit .. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/malloc.c#1 add .. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/stub.c#1 add Differences ... ==== //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/Makefile#5 (text+ko) ==== @@ -2,12 +2,26 @@ # $FreeBSD$ # PROG= cheritest-helper -SRCS= cheritest-helper.c chsbrt.S +SRCS= cheritest-helper.c \ + malloc.c \ + stub.c \ + chsbrt.S \ + memcpy.S \ + memset.S + LDFLAGS+= -Wl,--script=${.CURDIR}/sandbox.ld -nostdlib NO_MAN= #STRIP= +DPADD= ${LIBMD} +LDADD= -lmd + NO_SHARED= yes +# +# For libc files! +# +NO_WERROR= yes + FILESOWN= ${LIBOWN} FILESGRP= ${LIBGRP} FILESMODE= ${LIBMODE} @@ -24,6 +38,7 @@ cheritest-helper.dump: cheritest-helper objdump -xsSD ${.ALLSRC} > ${.TARGET} -.PATH: ${.CURDIR}/${MACHINE_ARCH} +.PATH: ${.CURDIR}/${MACHINE_ARCH} \ + ${.CURDIR}/../../lib/libc/string/${MACHINE_TARGET} .include <bsd.prog.mk> ==== //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/cheritest-helper.c#3 (text+ko) ==== @@ -30,12 +30,27 @@ #include <sys/types.h> +#include <machine/cheri.h> + +#include <md5.h> + int invoke(register_t a0, register_t a1, register_t a2, register_t a3); +/* + * Sample sandboxed code. Calculate an MD5 checksum of the data arriving via + * c1, and place the checksum in c2. + * + * XXXRW: More to follow here. + */ int invoke(register_t a0 __unused, register_t a1 __unused, register_t a2 __unused, register_t a3 __unused) { + MD5_CTX md5context; + char buf[33]; + + MD5Init(&md5context); + MD5End(&md5context, buf); return (123456); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201211121608.qACG80Yl072983>