Skip to content

Commit

Permalink
switcher: symbolic names of seal types
Browse files Browse the repository at this point in the history
Co-authored-by: Robert Norton <robert.norton@microsoft.com>
  • Loading branch information
nwf and ronorton committed Nov 8, 2024
1 parent 9f58e41 commit 8e7188c
Show file tree
Hide file tree
Showing 3 changed files with 31 additions and 5 deletions.
21 changes: 20 additions & 1 deletion sdk/core/loader/boot.cc
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@
#include <string.h>

#include "../switcher/tstack.h"
#include "../switcher/misc-assembly.h"
#include "constants.h"
#include "debug.hh"
#include "defines.h"
Expand Down Expand Up @@ -145,6 +144,14 @@ namespace
FirstDynamicSoftware = 0x1000000,
};

// The switcher assembly includes the types of import table entries and
// trusted stacks. This enumeration and the assembly must be kept in sync.
// This will fail if the enumeration value changes.
static_assert(int(SealedImportTableEntries) == 9,
"If this fails, update switcher/entry.S to the new value");
static_assert(int(SealedTrustedStacks) == 10,
"If this fails, update switcher/entry.S to the new value");

// The allocator and static sealing types must be contiguous so that the
// token library can hold a permit-unseal capability for both.
static_assert(int(Allocator) + 1 == int(StaticToken),
Expand All @@ -163,6 +170,18 @@ namespace
static_assert(magic_enum::enum_count<SealingType>() <= 12,
"Too many sealing types reserved for a 3-bit otype field");

} // namespace

/*
* Unusually late, include this where we have access to the above enum
* SealingType, but early enough that the constants defined herein are available
* to the rest of the code.
*/
#include "../switcher/misc-assembly.h"

namespace
{

constexpr auto StoreLPerm = Root::Permissions<Root::Type::RWStoreL>;
/// PCC permissions for the switcher.
constexpr auto SwitcherPccPermissions =
Expand Down
8 changes: 4 additions & 4 deletions sdk/core/switcher/entry.S
Original file line number Diff line number Diff line change
Expand Up @@ -257,7 +257,7 @@ __Z26compartment_switcher_entryz:

// Fetch the sealing key
LoadCapPCC cs0, compartment_switcher_sealing_key
li gp, 9
li gp, SEAL_TYPE_SealedImportTableEntries
csetaddr cs0, cs0, gp
// The target capability is in ct1. Unseal, check tag and load the entry point offset.
cunseal ct1, ct1, cs0
Expand Down Expand Up @@ -535,7 +535,7 @@ exception_entry_asm:

// Switch onto the new thread's trusted stack
LoadCapPCC ct0, compartment_switcher_sealing_key
li gp, 10
li gp, SEAL_TYPE_SealedTrustedStacks
csetaddr ct0, ct0, gp
cunseal csp, ca0, ct0
clw t0, TrustedStack_offset_mcause(csp)
Expand Down Expand Up @@ -965,7 +965,7 @@ __Z25switcher_interrupt_threadPv:
// Load the unsealing key into a register that we will clobber two
// instructions later.
LoadCapPCC ca1, compartment_switcher_sealing_key
li a2, 10
li a2, SEAL_TYPE_SealedTrustedStacks
csetaddr ca1, ca1, a2
// The target capability is in ct1. Unseal, check tag and load the entry point offset.
cunseal ca1, ca0, ca1
Expand Down Expand Up @@ -1024,7 +1024,7 @@ __Z25switcher_interrupt_threadPv:
.type __Z23switcher_current_threadv,@function
__Z23switcher_current_threadv:
LoadCapPCC ca0, compartment_switcher_sealing_key
li a1, 10
li a1, SEAL_TYPE_SealedTrustedStacks
csetaddr ca0, ca0, a1
cspecialr ca1, mtdc
cseal ca0, ca1, ca0
Expand Down
7 changes: 7 additions & 0 deletions sdk/core/switcher/misc-assembly.h
Original file line number Diff line number Diff line change
Expand Up @@ -34,3 +34,10 @@ using namespace priv;
EXPORT_ASSEMBLY_NAME(MCAUSE_THREAD_EXIT, 24)
EXPORT_ASSEMBLY_NAME(MCAUSE_THREAD_INTERRUPT, 25)
EXPORT_ASSEMBLY_NAME(MCAUSE_CHERI, 28)

EXPORT_ASSEMBLY_EXPRESSION(SEAL_TYPE_SealedImportTableEntries,
SealingType::SealedImportTableEntries,
9)
EXPORT_ASSEMBLY_EXPRESSION(SEAL_TYPE_SealedTrustedStacks,
SealingType::SealedTrustedStacks,
10)

0 comments on commit 8e7188c

Please sign in to comment.