PERFORCE change 931386 for review
Robert Watson
rwatson at FreeBSD.org
Wed Oct 2 14:08:15 UTC 2013
http://p4web.freebsd.org/@@931386?ac=10
Change 931386 by rwatson at rwatson_zenith_cl_cam_ac_uk on 2013/10/02 14:07:34
Flesh out the remainder of the basic substance of a software-path
CCall, but with some notable XXX's involving error handling and the
trusted stack.
Affected files ...
.. //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/ccall.S#8 edit
Differences ...
==== //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/ccall.S#8 (text+ko) ====
@@ -110,11 +110,69 @@
* XXXRW: Temporarily, store a one-entry trusted stack in a global. k1 should
* eventually point to the next entry in td->td_pcb.pcb_cheristack, with an
* overflow check.
+ *
+ * XXXRW: We'd like a CSetCause so that we can jump to the general CP2
+ * exception handler from here after setting its state appropriately.
+ *
+ * NB: No attempt to make this pipeline well yet -- branch-delay slots not
+ * well-utilised, some CP2 fields accessed multiple times.
*/
CHERICCall:
.set push
.set noat
+ /* First, test argument registers for tag validity. */
+ cbtu CHERI_REG_CCALLCODE, CCall_c1_invalid
+ nop
+ cbtu CHERI_REG_CCALLDATA, CCall_c2_invalid
+ nop
+
+ /* Second, check for the sealed bit on both arguments. */
+ cgetunsealed k0, CHERI_REG_CCALLCODE
+ beqz k0, CCall_c1_unsealed
+ nop
+
+ cgetunsealed k0, CHERI_REG_CCALLDATA
+ beqz k0, CCall_c2_unsealed
+ nop
+
+ /* Third, check for type equality. */
+ cgettype k0, CHERI_REG_CCALLCODE
+ cgettype k1, CHERI_REG_CCALLDATA
+ bne k0, k1, CCall_c1_c2_type_mismatch
+ nop
+
+ /* Fourth, check permissions. */
+ cgetperm k0, CHERI_REG_CCALLCODE
+ REG_LI k1, CHERI_PERM_SEAL | CHERI_PERM_EXECUTE
+ and k0, k0, k1
+ beq k0, k1, CCall_c1_perms
+ nop
+
+ /* Fifth, check proposed PC is not lower than base. */
+ cgetbase k0, CHERI_REG_CCALLCODE
+ cgettype k1, CHERI_REG_CCALLCODE
+ sltu k1, k1, k0
+ bne k1, zero, CCall_c1_range
+ nop
+
+ /*
+ * Sixth, check proposed PC is not greater than base + length - 4.
+ *
+ * XXXRW: CHERI ISA spec calls for '-1'; we use '4' as it is the
+ * length of an instruction.
+ *
+ * XXXRW: Check this logic.
+ */
+ cgetbase k0, CHERI_REG_CCALLCODE
+ cgetlen k1, CHERI_REG_CCALLCODE
+ PTR_ADDU k0, k0, k1
+ PTR_SUBIU k0, 4
+ cgettype k1, CHERI_REG_CCALLCODE
+ sltu k1, k1, k0
+ bne k1, zero, CCall_c1_range
+ nop
+
/* XXXRW: Change to PCB reference in the future. */
PTR_LA k1, cheri_tsc_hack
@@ -160,6 +218,22 @@
CHERI_EXCEPTION_RETURN(k0)
eret
+
+CCall_c1_invalid:
+CCall_c2_invalid:
+CCall_c1_unsealed:
+CCall_c2_unsealed:
+CCall_c1_c2_type_mismatch:
+CCall_c1_perms:
+CCall_c1_range:
+ /* XXXRW: For now, treat as a NOP. */
+ MFC0 k0, MIPS_COP_0_EXC_PC
+ PTR_ADDIU k0, 4
+ MTC0 k0, MIPS_COP_0_EXC_PC
+
+ CHERI_EXCEPTION_RETURN(k0);
+ eret
+
.set pop
/*
@@ -172,6 +246,13 @@
* XXXRW: Temporarily, store a one-entry trusted stack in a global. k1 should
* eventually point to the next entry in td->td_pcb.pcb_cheristack, with an
* underflow check.
+ *
+ * XXXRW: We'd like a CSetCause so that we can jump to the general CP2
+ * exception handler from here after setting its state appropriately.
+ *
+ * Possible failure modes:
+ *
+ * 1. Trusted stack underflow. XXXRW: How to deal with this?
*/
CHERICReturn:
.set push
@@ -193,4 +274,14 @@
CHERI_EXCEPTION_RETURN(k0)
eret
- .set pop
+
+CReturn_error:
+ /* XXXRW: For now, treat as a NOP. */
+ MFC0 k0, MIPS_COP_0_EXC_PC
+ PTR_ADDIU k0, 4
+ MTC0 k0, MIPS_COP_0_EXC_PC
+
+ CHERI_EXCEPTION_RETURN(k0)
+ eret
+
+ .set pop
More information about the p4-projects
mailing list