Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 12 Dec 2012 21:18:56 GMT
From:      Brooks Davis <brooks@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 219900 for review
Message-ID:  <201212122118.qBCLIuGD005495@skunkworks.freebsd.org>

next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@219900?ac=10

Change 219900 by brooks@brooks_zenith on 2012/12/12 21:18:14

	Unconditionally allow the MIPS_GET_COUNT sysarch().

Affected files ...

.. //depot/projects/ctsrd/cheribsd/src/sys/kern/subr_syscall.c#7 edit
.. //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/cheri.c#12 edit
.. //depot/projects/ctsrd/cheribsd/src/sys/mips/include/cheri.h#17 edit

Differences ...

==== //depot/projects/ctsrd/cheribsd/src/sys/kern/subr_syscall.c#7 (text+ko) ====

@@ -114,7 +114,8 @@
 		 * Constrain code that can originate system calls if
 		 * userspace sandboxing is available.
 		 */
-		error = cheri_syscall_authorize(td);
+		error = cheri_syscall_authorize(td, sa->code,
+		    sa->narg, sa->args);
 		if (error)
 			goto retval;
 #endif

==== //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/cheri.c#12 (text+ko) ====

@@ -33,6 +33,7 @@
 #include <sys/param.h>
 #include <sys/kernel.h>
 #include <sys/proc.h>
+#include <sys/syscall.h>
 #include <sys/sysctl.h>
 
 #include <ddb/ddb.h>
@@ -41,6 +42,7 @@
 #include <machine/atomic.h>
 #include <machine/cheri.h>
 #include <machine/pcb.h>
+#include <machine/sysarch.h>
 
 /*
  * Beginnings of a programming interface for explicitly managing capability
@@ -345,15 +347,21 @@
 }
 
 /*
- * Only allow system calls from sandboxes that hold ambient authority in
+ * Only allow most system calls from sandboxes that hold ambient authority in
  * userspace.
  */
 int
-cheri_syscall_authorize(struct thread *td)
+cheri_syscall_authorize(struct thread *td, u_int code, int nargs,
+    register_t *args)
 {
 	struct chericap c;
 
 	/*
+	 * Allow the cycle counter to be read via sysarch.
+	 */
+	if (code == SYS_sysarch && args[0] == MIPS_GET_COUNT)
+		return (0);
+	/*
 	 * Check whether userspace holds the rights defined in
 	 * cheri_capability_set_user() in $C0.  Note that object type is
 	 * We might also consider checking $PCC here.

==== //depot/projects/ctsrd/cheribsd/src/sys/mips/include/cheri.h#17 (text+ko) ====

@@ -340,7 +340,8 @@
 	    struct cheri_frame *cf_srcp);
 void	cheri_exec_setregs(struct thread *td);
 void	cheri_log_exception(struct trapframe *frame, int trap_type);
-int	cheri_syscall_authorize(struct thread *td);
+int	cheri_syscall_authorize(struct thread *td, u_int code,
+	    int nargs, register_t *args);
 #endif
 
 #endif /* _MIPS_INCLUDE_CHERI_H_ */



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201212122118.qBCLIuGD005495>