From c661519d11408c29e12cc73be70c5eb59e5ae686 Mon Sep 17 00:00:00 2001 From: Nathaniel Wesley Filardo Date: Fri, 25 Oct 2024 14:03:46 +0000 Subject: [PATCH] switcher: symbolic names of seal types Co-authored-by: Robert Norton --- sdk/core/loader/boot.cc | 21 ++++++++++++++++++++- sdk/core/switcher/entry.S | 8 ++++---- sdk/core/switcher/misc-assembly.h | 7 +++++++ 3 files changed, 31 insertions(+), 5 deletions(-) diff --git a/sdk/core/loader/boot.cc b/sdk/core/loader/boot.cc index 332a4917..01e4ca7a 100644 --- a/sdk/core/loader/boot.cc +++ b/sdk/core/loader/boot.cc @@ -11,7 +11,6 @@ #include #include "../switcher/tstack.h" -#include "../switcher/misc-assembly.h" #include "constants.h" #include "debug.hh" #include "defines.h" @@ -145,6 +144,14 @@ namespace FirstDynamicSoftware = 0x1000000, }; + // The switcher assembly includes the types of import table entries and + // trusted stacks. This enumeration and the assembly must be kept in sync. + // This will fail if the enumeration value changes. + static_assert(int(SealedImportTableEntries) == 9, + "If this fails, update switcher/entry.S to the new value"); + static_assert(int(SealedTrustedStacks) == 10, + "If this fails, update switcher/entry.S to the new value"); + // The allocator and static sealing types must be contiguous so that the // token library can hold a permit-unseal capability for both. static_assert(int(Allocator) + 1 == int(StaticToken), @@ -163,6 +170,18 @@ namespace static_assert(magic_enum::enum_count() <= 12, "Too many sealing types reserved for a 3-bit otype field"); +} // namespace + +/* + * Unusually late, include this where we have access to the above enum + * SealingType, but early enough that the constants defined herein are available + * to the rest of the code. + */ +#include "../switcher/misc-assembly.h" + +namespace +{ + constexpr auto StoreLPerm = Root::Permissions; /// PCC permissions for the switcher. constexpr auto SwitcherPccPermissions = diff --git a/sdk/core/switcher/entry.S b/sdk/core/switcher/entry.S index bace58f5..1ea2bbf9 100644 --- a/sdk/core/switcher/entry.S +++ b/sdk/core/switcher/entry.S @@ -257,7 +257,7 @@ __Z26compartment_switcher_entryz: // Fetch the sealing key LoadCapPCC cs0, compartment_switcher_sealing_key - li gp, 9 + li gp, SEAL_TYPE_SealedImportTableEntries csetaddr cs0, cs0, gp // The target capability is in ct1. Unseal, check tag and load the entry point offset. cunseal ct1, ct1, cs0 @@ -535,7 +535,7 @@ exception_entry_asm: // Switch onto the new thread's trusted stack LoadCapPCC ct0, compartment_switcher_sealing_key - li gp, 10 + li gp, SEAL_TYPE_SealedTrustedStacks csetaddr ct0, ct0, gp cunseal csp, ca0, ct0 clw t0, TrustedStack_offset_mcause(csp) @@ -965,7 +965,7 @@ __Z25switcher_interrupt_threadPv: // Load the unsealing key into a register that we will clobber two // instructions later. LoadCapPCC ca1, compartment_switcher_sealing_key - li a2, 10 + li a2, SEAL_TYPE_SealedTrustedStacks csetaddr ca1, ca1, a2 // The target capability is in ct1. Unseal, check tag and load the entry point offset. cunseal ca1, ca0, ca1 @@ -1024,7 +1024,7 @@ __Z25switcher_interrupt_threadPv: .type __Z23switcher_current_threadv,@function __Z23switcher_current_threadv: LoadCapPCC ca0, compartment_switcher_sealing_key - li a1, 10 + li a1, SEAL_TYPE_SealedTrustedStacks csetaddr ca0, ca0, a1 cspecialr ca1, mtdc cseal ca0, ca1, ca0 diff --git a/sdk/core/switcher/misc-assembly.h b/sdk/core/switcher/misc-assembly.h index 24ddbcce..f93293c1 100644 --- a/sdk/core/switcher/misc-assembly.h +++ b/sdk/core/switcher/misc-assembly.h @@ -34,3 +34,10 @@ using namespace priv; EXPORT_ASSEMBLY_NAME(MCAUSE_THREAD_EXIT, 24) EXPORT_ASSEMBLY_NAME(MCAUSE_THREAD_INTERRUPT, 25) EXPORT_ASSEMBLY_NAME(MCAUSE_CHERI, 28) + +EXPORT_ASSEMBLY_EXPRESSION(SEAL_TYPE_SealedImportTableEntries, + SealingType::SealedImportTableEntries, + 9) +EXPORT_ASSEMBLY_EXPRESSION(SEAL_TYPE_SealedTrustedStacks, + SealingType::SealedTrustedStacks, + 10)