PERFORCE change 931386 for review

Robert Watson rwatson at FreeBSD.org
Wed Oct 2 14:08:15 UTC 2013


http://p4web.freebsd.org/@@931386?ac=10

Change 931386 by rwatson at rwatson_zenith_cl_cam_ac_uk on 2013/10/02 14:07:34

	Flesh out the remainder of the basic substance of a software-path
	CCall, but with some notable XXX's involving error handling and the
	trusted stack.

Affected files ...

.. //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/ccall.S#8 edit

Differences ...

==== //depot/projects/ctsrd/cheribsd/src/sys/mips/cheri/ccall.S#8 (text+ko) ====

@@ -110,11 +110,69 @@
  * XXXRW: Temporarily, store a one-entry trusted stack in a global.  k1 should
  * eventually point to the next entry in td->td_pcb.pcb_cheristack, with an
  * overflow check.
+ *
+ * XXXRW: We'd like a CSetCause so that we can jump to the general CP2
+ * exception handler from here after setting its state appropriately.
+ *
+ * NB: No attempt to make this pipeline well yet -- branch-delay slots not
+ * well-utilised, some CP2 fields accessed multiple times.
  */
 CHERICCall:
         .set push
         .set noat
 
+	/* First, test argument registers for tag validity. */
+	cbtu		CHERI_REG_CCALLCODE, CCall_c1_invalid
+	nop
+	cbtu		CHERI_REG_CCALLDATA, CCall_c2_invalid
+	nop
+
+	/* Second, check for the sealed bit on both arguments. */
+	cgetunsealed	k0, CHERI_REG_CCALLCODE
+	beqz		k0, CCall_c1_unsealed
+	nop
+
+	cgetunsealed	k0, CHERI_REG_CCALLDATA
+	beqz		k0, CCall_c2_unsealed
+	nop
+
+	/* Third, check for type equality. */
+	cgettype	k0, CHERI_REG_CCALLCODE
+	cgettype	k1, CHERI_REG_CCALLDATA
+	bne		k0, k1, CCall_c1_c2_type_mismatch
+	nop
+
+	/* Fourth, check permissions. */
+	cgetperm	k0, CHERI_REG_CCALLCODE
+	REG_LI		k1, CHERI_PERM_SEAL | CHERI_PERM_EXECUTE
+	and		k0, k0, k1
+	beq		k0, k1, CCall_c1_perms
+	nop
+
+	/* Fifth, check proposed PC is not lower than base. */
+	cgetbase	k0, CHERI_REG_CCALLCODE
+	cgettype	k1, CHERI_REG_CCALLCODE
+	sltu		k1, k1, k0
+	bne		k1, zero, CCall_c1_range
+	nop
+
+	/*
+	 * Sixth, check proposed PC is not greater than base + length - 4.
+	 *
+	 * XXXRW: CHERI ISA spec calls for '-1'; we use '4' as it is the
+	 * length of an instruction.
+	 *
+	 * XXXRW: Check this logic.
+	 */
+	cgetbase	k0, CHERI_REG_CCALLCODE
+	cgetlen		k1, CHERI_REG_CCALLCODE
+	PTR_ADDU	k0, k0, k1
+	PTR_SUBIU	k0, 4
+	cgettype	k1, CHERI_REG_CCALLCODE
+	sltu		k1, k1, k0
+	bne		k1, zero, CCall_c1_range
+	nop
+
 	/* XXXRW: Change to PCB reference in the future. */
 	PTR_LA		k1, cheri_tsc_hack
 
@@ -160,6 +218,22 @@
 
 	CHERI_EXCEPTION_RETURN(k0)
 	eret
+
+CCall_c1_invalid:
+CCall_c2_invalid:
+CCall_c1_unsealed:
+CCall_c2_unsealed:
+CCall_c1_c2_type_mismatch:
+CCall_c1_perms:
+CCall_c1_range:
+	/* XXXRW: For now, treat as a NOP. */
+	MFC0		k0, MIPS_COP_0_EXC_PC
+	PTR_ADDIU	k0, 4
+	MTC0		k0, MIPS_COP_0_EXC_PC
+
+	CHERI_EXCEPTION_RETURN(k0);
+	eret
+
         .set pop
 
 /*
@@ -172,6 +246,13 @@
  * XXXRW: Temporarily, store a one-entry trusted stack in a global.  k1 should
  * eventually point to the next entry in td->td_pcb.pcb_cheristack, with an
  * underflow check.
+ *
+ * XXXRW: We'd like a CSetCause so that we can jump to the general CP2
+ * exception handler from here after setting its state appropriately.
+ *
+ * Possible failure modes:
+ *
+ * 1. Trusted stack underflow.   XXXRW: How to deal with this?
  */
 CHERICReturn:
         .set push
@@ -193,4 +274,14 @@
 
 	CHERI_EXCEPTION_RETURN(k0)
 	eret
-        .set pop
+
+CReturn_error:
+	/* XXXRW: For now, treat as a NOP. */
+	MFC0		k0, MIPS_COP_0_EXC_PC
+	PTR_ADDIU	k0, 4
+	MTC0		k0, MIPS_COP_0_EXC_PC
+
+	CHERI_EXCEPTION_RETURN(k0)
+	eret
+
+	.set pop


More information about the p4-projects mailing list