Skip to content
GitLab
Switch branch/tag
  1. 30 Sep, 2022 1 commit
  3. 27 Sep, 2022 1 commit
  5. 21 Sep, 2022 5 commits
  7. 20 Sep, 2022 1 commit
  9. 06 Sep, 2022 1 commit
  11. 05 Sep, 2022 2 commits
    • Ruben's avatar
      PCC: limit bounds/permissions · 1860c16c
      Ruben authored 
      Limit PCC bounds/permissions as specified
by the Linux Pure-cap kernel-user ABI.

Change-Id: I304e67a218cd29ce4e3585e2afdd6ea2b16c4cdd
      1860c16c
    • Ruben's avatar
      [NFC] Clarify naming in libc_support.cpp · 84f0a4b6
      Ruben authored 
      To reflect that these interfaces aren't only moving or transforming
data but also adding some new required values e.g. AT_CHERI_EXEC_RX_CAP,
rename:
 - move_auxv to prepare_auxv
 - move_arguments_impl to prepare_arguments
 - __shim_move_arguments to __shim_prepare_environment

Change-Id: I2dd6498c0118f2a3f5e32045123281135bd8fac4
      84f0a4b6
  13. 02 Sep, 2022 4 commits
  15. 31 Aug, 2022 3 commits
    • Oliver Swede's avatar
      Change value of sealing capability · f013b4f8
      Oliver Swede authored and Ruben's avatar Ruben committed 
      Change-Id: I308922114bcdc2102c24bd0ed023352772097c48
      f013b4f8
    • Ruben's avatar
      Allocate separate regions for argv/envp/auxv · a82c5e5e
      Ruben authored 
      With the Pure-cap ABI these areas are no longer located on stack. Instead,
they're allocated in separate memory regions pointed to by the values supplied
to the executable in the argc/argv/envp/auxv quadruple.

Also implement few early helpers for invoking system calls. libc
functions can't be invoked from libc_support.cpp as libc isn't
initialized yet and dynamic linkage hasn't happened. Instead,
implementing this early execution stage helpers which can be invoked
independently although don't provide full semantics of the main shim
handlers for these system calls.

Change-Id: I79ebc7c5bc7670bd992eac387446c7c6237424c1
      a82c5e5e
    • Ruben's avatar
      Refactor __shim_move_arguments · 3813da4a
      Ruben authored 
      Split the function into few steps and corresponding helpers:
 - find_arguments
 - move_argv_or_envp - invoked for both argv and envp
 - move_auxv

Also extract common part (independent of __SANITIZE_CHERISEED__)
of the two versions of the function into move_arguments_impl.

Change-Id: Iadc577b3ef867a548703cf7d100ef4a3b1a36041
      3813da4a
  17. 25 Aug, 2022 2 commits
    • Ruben's avatar
      Generate wrapper aliases instead of wrappers · 892dc4d7
      Ruben authored 
      The system call wrappers have only been used by Bionic, and effectively
should have been part of Bionic. Instead of generating Bionic wrappers
in libshim, generate wrapper aliases which can be called from the system
call sequences generated in Bionic when libshim is used.

The wrapper aliases (unlike the earlier wrappers) have function
prototypes as specified by LIBSHIM_FN_C. The cancellation points
via the aliases are not supported, however Bionic doesn't require
the support.

Change-Id: Iaaa2c725d72ee8d7f4940c399c93041c757886b8
      892dc4d7
    • Ruben's avatar
      Don't update errno in libshim · 54092666
      Ruben authored 
      libshim system call handlers return error to the caller like the kernel
would, however not updating the errno - errno should be updated by the
standard library when required.

Change-Id: I5733ea3967c6806d549c27a5b5b398983214fdf0
      54092666
  19. 19 Aug, 2022 1 commit
  21. 11 Aug, 2022 1 commit
  23. 22 Jul, 2022 1 commit
    • Ruben's avatar
      Initialize pointers to argc/argv/envp/auxv · 60466534
      Ruben authored 
      With the new Linux Pure-cap kernel-user ABI, C0-C3 should be:
 C0 = argc
 C1 = capability for argv
 C2 = capability for envp
 C3 = capability for auxv

Unlike with the actual kernel, in libshim these values are supplied on
stack and are supposed to be loaded to c0-c3 by the _start routine of
the standard C library after the call to __shim_marshal_program_arguments.

For CHERIseed, the _start or subsequent routines will be able to access
these values from stack.

Change-Id: I7cbae51d8fc48eb4680c9e596caf12e43a1c52b6
      60466534
  25. 12 Jul, 2022 2 commits
    • Tamas Petz's avatar
      Switch to libc_support.cpp · 0fee05d3
      Tamas Petz authored and Tamas Petz's avatar Tamas Petz committed 
      This change removes do_raw_args_marshalling.S in favour
of a C++ implementation of the same. The expectation is
that the higher level code is more easy to maintain on
the long term.

Downside is that temporary CSP and DDC are potentially
spilled to the stack.

The new call is __shim_marshal_program_arguments(),
which is meant to be a drop-in replacement of
do_raw_args_marshalling(). During a transitioning
period both symbols are available.

Change-Id: I11c10dff919bd6ef4d135b69d17103297c823518
      0fee05d3
    • Tamas Petz's avatar
      [Makefile] Synchronize build flags to Android · a313d281
      Tamas Petz authored and Tamas Petz's avatar Tamas Petz committed 
      Ensure that Makefile path uses at least as strict
flags as the Android build system use.

This change also fixes two conversions marked by
the new '-Wcheri-pedantic' flag.

Change-Id: I578a31d3e4808b51a629dd2b32a45cb277d37882
      a313d281
  27. 29 Jun, 2022 1 commit
    • Tamas Petz's avatar
      Fix ImplArgTy type for Morello · 8a2b238d
      Tamas Petz authored 
      There was a conversion function which turned
uintptr_shim_t into uintptr_t as an integer
value, invalidating the capability.

Change-Id: I01fb129708c61d15d0994a9a571662379df85565
      8a2b238d
  29. 28 Jun, 2022 1 commit
  31. 24 Jun, 2022 1 commit
  33. 23 Jun, 2022 2 commits
  35. 20 Jun, 2022 2 commits
    • Tamas Petz's avatar
      Switch to single JSON descriptor · bcce64e6
      Tamas Petz authored 
      It is getting harder and harder to maintain several
syscall descriptions. Use only one while maintaining
the existing flexibility.

The new, but backwards compatible descriptor format
adds 'libc' and 'arch' fields. The former filters
libc, the latter architectures. An empty list means
no filtering.

Note that only bionic, where wrappers are generated,
uses 'aliases' and 'symbol' field.

Change-Id: I3ab2d567377b7175a17ddd8bc91a70afd5eb011d
      bcce64e6
    • Tamas Petz's avatar
      [Makefile] Do not generate shims twice · 1d354214
      Tamas Petz authored and Tamas Petz's avatar Tamas Petz committed 
      Multi-target rules are executed per target.
Use target group (&:) to say that the rule is
expected to create all the targets at once.

The ordering rule was also behaving incorrectly
in the new setup.

Change-Id: I60dbdfee7a308d3af6f00bf40ac04e4ec63e471d
      1d354214
  37. 17 Jun, 2022 1 commit
    • Tamas Petz's avatar
      Support cancellation points · 421084cc
      Tamas Petz authored and Tamas Petz's avatar Tamas Petz committed 
      The new configuration option LIBSHIM_CANCELLATION_POINTS
enables or disables support for cancellation points.

The new argument "cg" is an int*: if it is non-null and
the pointed value is not zero the system call is cancelled.

This is basically just some labels which can be used to
check whether a PC is within a range. In addition, a test
helper is also available: if __shim_pause_in_cp is implemented
and it returns nonzero, the current system call will busy-wait
forever. This can be used to test cancellation integration with
libc: a thread can be stopped reliably within the cancellable
region.

Wrappers do not support cancellation points.

Change-Id: I40bf2fcb3119fef7b60eda6c8079854eb7f442bd
      421084cc
  39. 16 Jun, 2022 1 commit
    • Tamas Petz's avatar
      Move shim_svc_impl.h to svc.cpp · c2ad046a
      Tamas Petz authored 
      With cancellation support there will be more logic,
and we will need to export some symbols. Header
inclusion prevents developing cancellation points.

Change-Id: I792aa88a0944f630b5d892ce187238f0ad003902
      c2ad046a
  41. 15 Jun, 2022 2 commits
  43. 14 Jun, 2022 2 commits
  45. 13 Jun, 2022 1 commit
  47. 06 Jun, 2022 1 commit