Remove mc_pc entirely from the purecap mcontext_t.

bsdjhb · bsdjhb · commit 276f5003dd71 · 2020-08-25T10:29:01.000-07:00
Instead, purecap is expected to always manipulate mc_cheriframe.cf_pcc
directly.  freebsd64_setmcontext() now takes care of applying the
64-bit mc_pc as an offset to pcc and freebsd64_getmcontext() stores
the offset of pcc in mc_pc.

get/set_mcontext() in a CHERI kernel (hybrid and purecap) only operate
on pcc.

This did entail fixing some some code in the CHERI C tests.  Some of
it is still dubious (specifically how CJR/CJALR are handled for the
hybrid case), but I suspect hybrid just never uses those instructions.
diff --git a/contrib/subrepo-cheri-c-tests/test_runtime.c b/contrib/subrepo-cheri-c-tests/test_runtime.c
@@ -115,7 +115,7 @@ enum cheri_branch_ops
 static inline struct cheri_frame *
 getCHERIFrame(mcontext_t *context)
 {
-#ifdef __CHERI_SANDBOX__
+#ifdef __CHERI_PURE_CAPABILITY__
 	return &context->mc_cheriframe;
 #else
 	assert_eq(context->mc_cp2state_len, sizeof(struct cheri_frame));
@@ -239,6 +239,18 @@ isInDelaySlot(mcontext_t *context)
 	return getImm(context->cause, 31, 1);
 }
 
+static inline void
+setPc(mcontext_t *context, register_t pc)
+{
+#ifdef __CHERI_PURE_CAPABILITY__
+	struct cheri_frame *frame = getCHERIFrame(context);
+
+	frame->cf_pcc = __builtin_cheri_offset_set(frame->cf_pcc, pc);
+#else
+	context->mc_pc = pc;
+#endif
+}
+
 /**
  * If we are in a branch delay slot, work out what the next instruction will
  * be.  This is either the branch target or the instruction immediately
@@ -279,42 +291,42 @@ emulateBranch(mcontext_t *context, register_t pc)
 					       "In delay slot for not-taken likely branch!");
 				case MIPS_BRANCH_BLTZ:
 				case MIPS_BRANCH_BLTZAL:
-					context->mc_pc = ((regVal < 0) ? branchPc : normalPc);
+					setPc(context, (regVal < 0) ? branchPc : normalPc);
 					return true;
 				case MIPS_BRANCH_BGEZL:
 				case MIPS_BRANCH_BGEZ:
 					assert((regVal < 0) &&
 					       "In delay slot for not-taken likely branch!");
 				case MIPS_BRANCH_BGEZAL:
 				case MIPS_BRANCH_BGEZALL:
-					context->mc_pc = ((regVal >= 0) ? branchPc : normalPc);
+					setPc(context, (regVal >= 0) ? branchPc : normalPc);
 					return true;
 			}
 			break;
 		}
 		case MIPS_BRANCH_J:
 		case MIPS_BRANCH_JAL:
-			context->mc_pc = (getImm(instr, 25, 0)<<2) & ((pc >> 28) << 28);
+			setPc(context, (getImm(instr, 25, 0)<<2) & ((pc >> 28) << 28));
 			return true;
 		case MIPS_BRANCH_JR:
 		case MIPS_BRANCH_JALR:
-			context->mc_pc = getReg(context, instr, 25);
+			setPc(context, getReg(context, instr, 25));
 			return true;
 		case MIPS_BRANCH_BEQL:
 		case MIPS_BRANCH_BEQ:
-			context->mc_pc = ((regVal == regVal2) ? branchPc : normalPc);
+			setPc(context, (regVal == regVal2) ? branchPc : normalPc);
 			return true;
 		case MIPS_BRANCH_BNEL:
 		case MIPS_BRANCH_BNE:
-			context->mc_pc = ((regVal != regVal2) ? branchPc : normalPc);
+			setPc(context, (regVal != regVal2) ? branchPc : normalPc);
 			return true;
 		case MIPS_BRANCH_BLEZL:
 		case MIPS_BRANCH_BLEZ:
-			context->mc_pc = ((regVal <= 0) ? branchPc : normalPc);
+			setPc(context, (regVal <= 0) ? branchPc : normalPc);
 			return true;
 		case MIPS_BRANCH_BGTZL:
 		case MIPS_BRANCH_BGTZ:
-			context->mc_pc = ((regVal > 0) ? branchPc : normalPc);
+			setPc(context, (regVal > 0) ? branchPc : normalPc);
 			return true;
 		case MIPS_BRANCH_CHERI:
 		{
@@ -324,28 +336,26 @@ emulateBranch(mcontext_t *context, register_t pc)
 				{
 					void * __capability cap = getCapReg(context, instr, 20);
 					bool tag = __builtin_cheri_tag_get(cap);
-					context->mc_pc = (!tag ? branchPc : normalPc);
+					setPc(context, !tag ? branchPc : normalPc);
 					return true;
 				}
 				case CHERI_BRANCH_CBTS:
 				{
 					void * __capability cap = getCapReg(context, instr, 20);
 					bool tag = __builtin_cheri_tag_get(cap);
-					context->mc_pc = (tag ? branchPc : normalPc);
+					setPc(context, tag ? branchPc : normalPc);
 					return true;
 				}
 				case CHERI_BRANCH_CJR:
 				case CHERI_BRANCH_CJALR:
 				{
-					context->mc_pc = getReg(context, instr, 10);
 					// FIXME: This is very ugly, but to fix it we need to
 					// define a new structure to replace cheri_frame.
 					struct cheri_frame *frame = getCHERIFrame(context);
-					// Note: The /cap_size is safe here because if this is not
-					// aligned then the load will fail anyway...
-					int regno = offsetof(struct cheri_frame, cf_pcc) / cap_size;
-					(((void * __capability*)frame)[regno]) =
-						getCapReg(context, instr, 15);
+					frame->cf_pcc = getCapReg(context, instr, 15);
+#ifndef __CHERI_PURE_CAPABILITY__
+					context->mc_pc = __builtin_cheri_offset_get(frame->cf_pcc);
+#endif
 					return true;
 				}
 			}
@@ -363,8 +373,12 @@ capsighandler(int signo, siginfo_t *info __unused, ucontext_t *uap)
 {
 	mcontext_t *context = &uap->uc_mcontext;
 	bool isDelaySlot = isInDelaySlot(context);
-	register_t pc = context->mc_pc;
 	struct cheri_frame *frame = getCHERIFrame(context);
+#ifdef __CHERI_PURE_CAPABILITY__
+	register_t pc = __builtin_cheri_offset_get(frame->cf_pcc);
+#else
+	register_t pc = context->mc_pc;
+#endif
 	void * __capability reg = getCapRegAtIndex(context, frame->cf_capcause & 0xff);
 	assert_eq(signo, SIGPROT);
 	assert(test_fault_handler);
@@ -386,7 +400,7 @@ capsighandler(int signo, siginfo_t *info __unused, ucontext_t *uap)
 	}
 	else
 	{
-		context->mc_pc += 4;
+		setPc(context, pc + 4);
 	}
 }
 
diff --git a/lib/libc/mips/gen/makecontext.c b/lib/libc/mips/gen/makecontext.c
@@ -98,7 +98,6 @@ __makecontext(ucontext_t *ucp, void (*func)(void), int argc, ...)
 	mc->mc_cheriframe.cf_c16 = ucp;
 	mc->mc_cheriframe.cf_c12 = func;
 	mc->mc_cheriframe.cf_pcc = _ctx_start;
-	mc->mc_pc = (__cheri_offset register_t)mc->mc_cheriframe.cf_pcc;
 #else
 	mc->mc_regs[SP] = (intptr_t)sp;
 	mc->mc_regs[S0] = (intptr_t)ucp;
diff --git a/sys/mips/include/ucontext.h b/sys/mips/include/ucontext.h
@@ -53,7 +53,12 @@ typedef struct	__mcontext {
 	 * struct sigcontext and ucontext_t at the same time.
 	 */
 	int		mc_onstack;	/* sigstack state to restore */
+#if (defined(_KERNEL) && __has_feature(capabilities)) || \
+    defined(__CHERI_PURE_CAPABILITY__)
+	__register_t	__unused_pc;	/* purecap only uses pcc */
+#else
 	__register_t	mc_pc;		/* pc at time of signal */
+#endif
 	__register_t	mc_regs[32];	/* processor regs 0 to 31 */
 	__register_t	sr;		/* status register */
 	__register_t	mullo, mulhi;	/* mullo and mulhi registers... */
diff --git a/sys/mips/mips/freebsd64_machdep.c b/sys/mips/mips/freebsd64_machdep.c
@@ -68,6 +68,7 @@
 #include <cheri/cheric.h>
 
 #include <machine/abi.h>
+#include <machine/cheri_machdep.h>
 #include <machine/cpuinfo.h>
 #include <machine/md_var.h>
 #include <machine/pcb.h>
@@ -191,7 +192,7 @@ freebsd64_get_mcontext(struct thread *td, mcontext64_t *mcp, int flags)
 		return (error);
 
 	mcp->mc_onstack = mc.mc_onstack;
-	mcp->mc_pc = mc.mc_pc;
+	mcp->mc_pc = cheri_getoffset(mc.mc_cheriframe.cf_pcc);
 	for (i = 0; i < 32; i++)
 		mcp->mc_regs[i] = mc.mc_regs[i];
 	mcp->sr = mc.sr;
@@ -247,7 +248,8 @@ freebsd64_set_mcontext(struct thread *td, mcontext64_t *mcp)
 	}
 
 	mc.mc_onstack = mcp->mc_onstack;
-	mc.mc_pc = mcp->mc_pc;
+	mc.mc_cheriframe.cf_pcc = update_pcc_offset(mc.mc_cheriframe.cf_pcc,
+	    mcp->mc_pc);
 	for (i = 0; i < 32; i++)
 		mc.mc_regs[i] = mcp->mc_regs[i];
 	mc.sr = mcp->sr;
diff --git a/sys/mips/mips/pm_machdep.c b/sys/mips/mips/pm_machdep.c
@@ -189,7 +189,9 @@ sendsig(sig_t catcher, ksiginfo_t *ksi, sigset_t *mask)
 	sf.sf_uc.uc_sigmask = *mask;
 	sf.sf_uc.uc_stack = td->td_sigstk;
 	sf.sf_uc.uc_mcontext.mc_onstack = (oonstack) ? 1 : 0;
+#if !__has_feature(capabilities)
 	sf.sf_uc.uc_mcontext.mc_pc = TRAPF_PC_OFFSET(regs);
+#endif
 	sf.sf_uc.uc_mcontext.mullo = regs->mullo;
 	sf.sf_uc.uc_mcontext.mulhi = regs->mulhi;
 	sf.sf_uc.uc_mcontext.mc_tls = td->td_md.md_tls;
@@ -540,7 +542,9 @@ get_mcontext(struct thread *td, mcontext_t *mcp, int flags)
 #endif
 	}
 
+#if !__has_feature(capabilities)
 	mcp->mc_pc = TRAPF_PC_OFFSET(td->td_frame);
+#endif
 	mcp->mullo = td->td_frame->mullo;
 	mcp->mulhi = td->td_frame->mulhi;
 	mcp->mc_tls = td->td_md.md_tls;
@@ -569,10 +573,7 @@ set_mcontext(struct thread *td, mcontext_t *mcp)
 		bcopy((void *)&mcp->mc_fpregs, (void *)&td->td_frame->f0,
 		    sizeof(mcp->mc_fpregs));
 	}
-#if __has_feature(capabilities)
-	td->td_frame->pc =
-	    update_pcc_offset(mcp->mc_cheriframe.cf_pcc, mcp->mc_pc);
-#else
+#if !__has_feature(capabilities)
 	td->td_frame->pc = (trapf_pc_t) mcp->mc_pc;
 #endif
 	td->td_frame->mullo = mcp->mullo;
