PERFORCE change 219877 for review

Tue Dec 4 18:46:10 UTC 2012

http://p4web.freebsd.org/@@219877?ac=10

Change 219877 by brooks at brooks_zenith on 2012/12/04 18:45:40

	Add a mostly working CHERI sandbox to minifile based on the
	cheripoint sandbox.  This correctly identifies files and is
	generaly usable.  However, triggering the BADMAGIC trojan causes a
	TLB miss exception.

Affected files ...

.. //depot/projects/ctsrd/cheribsd/src/ctsrd/minifile/Makefile#3 edit
.. //depot/projects/ctsrd/cheribsd/src/ctsrd/minifile/cheri/Makefile#1 add
.. //depot/projects/ctsrd/cheribsd/src/ctsrd/minifile/cheri/cmemcpy.h#1 branch
.. //depot/projects/ctsrd/cheribsd/src/ctsrd/minifile/cheri/execve.S#1 branch
.. //depot/projects/ctsrd/cheribsd/src/ctsrd/minifile/cheri/include/lib.h#1 branch
.. //depot/projects/ctsrd/cheribsd/src/ctsrd/minifile/cheri/include/mips.h#1 branch
.. //depot/projects/ctsrd/cheribsd/src/ctsrd/minifile/cheri/include/stdarg.h#1 branch
.. //depot/projects/ctsrd/cheribsd/src/ctsrd/minifile/cheri/malloc.c#1 add
.. //depot/projects/ctsrd/cheribsd/src/ctsrd/minifile/cheri/minifile-cheri.c#1 add
.. //depot/projects/ctsrd/cheribsd/src/ctsrd/minifile/cheri/mips64/chsbrt.S#1 branch
.. //depot/projects/ctsrd/cheribsd/src/ctsrd/minifile/cheri/mips64/setjmp.S#1 branch
.. //depot/projects/ctsrd/cheribsd/src/ctsrd/minifile/cheri/sandbox.ld#1 branch
.. //depot/projects/ctsrd/cheribsd/src/ctsrd/minifile/cheri/stub.c#1 add
.. //depot/projects/ctsrd/cheribsd/src/ctsrd/minifile/cheri/subr_prf.c#1 add
.. //depot/projects/ctsrd/cheribsd/src/ctsrd/minifile/minifile.c#5 edit
.. //depot/projects/ctsrd/cheribsd/src/ctsrd/minifile/minifile.h#2 edit

Differences ...

==== //depot/projects/ctsrd/cheribsd/src/ctsrd/minifile/Makefile#3 (text+ko) ====

@@ -2,6 +2,7 @@
 # $FreeBSD$
 
 SUBDIR+=	capsicum
+SUBDIR+=	cheri
 
 PROG=	minifile
 
@@ -9,6 +10,6 @@
 
 WARNS=	0
 
-LDADD+= 	 -lvuln_magic
+LDADD+=		-lcheri -lvuln_magic
 
 .include <bsd.prog.mk>

==== //depot/projects/ctsrd/cheribsd/src/ctsrd/minifile/minifile.c#5 (text+ko) ====

@@ -1,14 +1,19 @@
 
-#include <sys/types.h>
+#include <sys/param.h>
 #include <sys/capability.h>
 #include <sys/mman.h>
 #include <sys/stat.h>
 #include <sys/wait.h>
 
+#include <machine/cheri.h>
+#include <machine/cpuregs.h>
+
 #include <err.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <magic.h>
+#include <sandbox.h>
+#include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -146,6 +151,85 @@
 	return type;
 }
 
+static struct chericap file_cap, magic_cap, out_cap;
+
+const char *
+cheri_magic_descriptor(int mfd, int fd)
+{
+	register_t v;
+	size_t outsize, magicsize, filesize;
+	char *filebuf = NULL;
+	void *magicbuf = NULL;
+	struct sandbox *sandbox;
+	struct stat filesb, magicsb;
+	static char outbuf[4096];
+	const char *type;
+	char *ttype;
+
+	type = "badfile";
+
+	outsize = 128;
+	CHERI_CINCBASE(10, 0, outbuf);
+	CHERI_CSETLEN(10, 10, outsize);
+	CHERI_CANDPERM(10, 10, CHERI_PERM_STORE);
+	CHERI_CSC(10, 0, &out_cap, 0);
+
+	if (fstat(mfd, &magicsb) == -1)
+		err(1, "fstat magic fd");
+	magicsize = magicsb.st_size;
+	if ((magicbuf = mmap(NULL, magicsize, PROT_READ|PROT_WRITE,
+	    MAP_PRIVATE, mfd, 0)) == MAP_FAILED) {
+		warn("mmap magic fd");
+		goto error;
+	}
+	CHERI_CINCBASE(10, 0, magicbuf);
+	CHERI_CSETLEN(10, 10, magicsize);
+	CHERI_CANDPERM(10, 10, CHERI_PERM_LOAD);
+	CHERI_CSC(10, 0, &magic_cap, 0);
+
+	if (fstat(fd, &filesb) == -1)
+		err(1, "fstat input fd");
+	filesize = MIN(MINIFILE_BUF_MAX, filesb.st_size);
+	if ((filebuf = mmap(NULL, filesize, PROT_READ, 0, fd, 0)) ==
+	    MAP_FAILED) {
+		warn("mmap input fd");
+		goto error;
+	}
+	CHERI_CINCBASE(10, 0, filebuf);
+	CHERI_CSETLEN(10, 10, filesize);
+	CHERI_CANDPERM(10, 10, CHERI_PERM_LOAD);
+	CHERI_CSC(10, 0, &file_cap, 0);
+
+       if (sandbox_setup("/usr/libexec/minifile-cheri.bin", 8*1024*1024,
+            &sandbox) < 0)
+                goto error;
+
+	v = sandbox_invoke(sandbox, outsize, magicsize, filesize, 0,
+	    &out_cap, &magic_cap, &file_cap, NULL, NULL, NULL, NULL);
+	printf("%s: sandbox returned %ju\n", __func__, (uintmax_t)v);
+
+	sandbox_destroy(sandbox);
+
+	outsize = strnlen(outbuf, outsize);
+	if (v == 0) {
+		ttype = outbuf + outsize;
+		strvisx(ttype, outbuf, outsize, 0);
+		type = ttype;
+	} else {
+		ttype = outbuf + outsize;
+		strvisx(ttype, outbuf, outsize, 0);
+		type = ttype;
+	}
+
+error:
+	if (munmap(magicbuf, magicsize) == -1)
+		warn("munmap magicbuf");
+	if (munmap(filebuf, filesize) == -1)
+		warn("munmap filebuf");
+
+	return type;
+}
+
 int
 main(int argc, char **argv)
 {
@@ -227,10 +311,14 @@
 				errx(1, "capsicum_magic_descriptor()");
 			break;
 		case SB_CHERI:
-			errx(1, "no cheri capability support yet");
+			type = cheri_magic_descriptor(mfd, fd);
+			if (type == NULL)
+				errx(1, "cheri_magic_descriptor()");
+			break;
 		default:
 			errx(1, "invalid sandbox type");
 		}
+		close(fd);
 		printf("%s: %s\n", fname, type);
 	}
 }	

==== //depot/projects/ctsrd/cheribsd/src/ctsrd/minifile/minifile.h#2 (text+ko) ====

@@ -1,7 +1,9 @@
-#define MAGIC_FILE	"/usr/share/misc/magic.mgc"
+#define	MINIFILE_FILE_FD	3
+#define	MINIFILE_MAGIC_FD	4
+#define	MINIFILE_OUT_FD		5
+
+#define	MINIFILE_OUT_CAP	1
+#define	MINIFILE_MAGIC_CAP	2
+#define	MINIFILE_FILE_CAP	3
 
-#define MINIFILE_FILE_FD        3
-#define MINIFILE_MAGIC_FD       4
-#define MINIFILE_OUT_FD         5
-#define MINIFILE_MAX_FD         MINIFILE_OUT_FD
-#define MINIFILE_BUF_MAX        4096
+#define	MINIFILE_BUF_MAX	4096
