Date: Wed, 12 Dec 2012 21:18:56 GMT From: Brooks Davis <brooks@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 219900 for review Message-ID: <201212122118.qBCLIuGD005495@skunkworks.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@219900?ac=10 Change 219900 by brooks@brooks_zenith on 2012/12/12 21:18:14 Unconditionally allow the MIPS_GET_COUNT sysarch(). Affected files ... .. //depot/projects/ctsrd/cheribsd/src/sys/kern/subr_syscall.c#7 edit .. //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/cheri.c#12 edit .. //depot/projects/ctsrd/cheribsd/src/sys/mips/include/cheri.h#17 edit Differences ... ==== //depot/projects/ctsrd/cheribsd/src/sys/kern/subr_syscall.c#7 (text+ko) ==== @@ -114,7 +114,8 @@ * Constrain code that can originate system calls if * userspace sandboxing is available. */ - error = cheri_syscall_authorize(td); + error = cheri_syscall_authorize(td, sa->code, + sa->narg, sa->args); if (error) goto retval; #endif ==== //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/cheri.c#12 (text+ko) ==== @@ -33,6 +33,7 @@ #include <sys/param.h> #include <sys/kernel.h> #include <sys/proc.h> +#include <sys/syscall.h> #include <sys/sysctl.h> #include <ddb/ddb.h> @@ -41,6 +42,7 @@ #include <machine/atomic.h> #include <machine/cheri.h> #include <machine/pcb.h> +#include <machine/sysarch.h> /* * Beginnings of a programming interface for explicitly managing capability @@ -345,15 +347,21 @@ } /* - * Only allow system calls from sandboxes that hold ambient authority in + * Only allow most system calls from sandboxes that hold ambient authority in * userspace. */ int -cheri_syscall_authorize(struct thread *td) +cheri_syscall_authorize(struct thread *td, u_int code, int nargs, + register_t *args) { struct chericap c; /* + * Allow the cycle counter to be read via sysarch. + */ + if (code == SYS_sysarch && args[0] == MIPS_GET_COUNT) + return (0); + /* * Check whether userspace holds the rights defined in * cheri_capability_set_user() in $C0. Note that object type is * We might also consider checking $PCC here. ==== //depot/projects/ctsrd/cheribsd/src/sys/mips/include/cheri.h#17 (text+ko) ==== @@ -340,7 +340,8 @@ struct cheri_frame *cf_srcp); void cheri_exec_setregs(struct thread *td); void cheri_log_exception(struct trapframe *frame, int trap_type); -int cheri_syscall_authorize(struct thread *td); +int cheri_syscall_authorize(struct thread *td, u_int code, + int nargs, register_t *args); #endif #endif /* _MIPS_INCLUDE_CHERI_H_ */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201212122118.qBCLIuGD005495>