void cheri_exec_setregs(struct thread *td) { struct cheri_frame *cfp; struct cheri_signal *csigp; /* * XXXRW: Experimental CHERI ABI initialises $c0 with full user * privilege, and all other user-accessible capability registers with * no rights at all. The runtime linker/compiler/application can * propagate around rights as required. */ cfp = &td->td_pcb->pcb_cheriframe; bzero(cfp, sizeof(*cfp)); cheri_capability_set_user_c0(&cfp->cf_c0); cheri_capability_set_user_stack(&cfp->cf_c11); cheri_capability_set_user_idc(&cfp->cf_idc); cheri_capability_set_user_pcc(&cfp->cf_pcc); /* * Also initialise signal-handling state; this can't yet be modified * by userspace, but the principle is that signal handlers should run * with ambient authority unless given up by the userspace runtime * explicitly. */ csigp = &td->td_pcb->pcb_cherisignal; bzero(csigp, sizeof(*csigp)); cheri_capability_set_user_c0(&csigp->csig_c0); cheri_capability_set_user_stack(&csigp->csig_c11); cheri_capability_set_user_idc(&csigp->csig_idc); cheri_capability_set_user_pcc(&csigp->csig_pcc); cheri_capability_set_user_sigcode(&csigp->csig_sigcode, td->td_proc->p_sysent); }
void cheri_exec_setregs(struct thread *td, unsigned long entry_addr) { struct trapframe *frame; struct cheri_signal *csigp; /* * We assume that the caller has initialised the trapframe to zeroes * -- but do a quick assertion or two to catch programmer error. We * might want to check this with a more thorough set of assertions in * the future. */ frame = &td->td_pcb->pcb_regs; KASSERT(*(uint64_t *)&frame->ddc == 0, ("%s: non-zero initial $ddc", __func__)); KASSERT(*(uint64_t *)&frame->pcc == 0, ("%s: non-zero initial $epcc", __func__)); /* * XXXRW: Experimental CHERI ABI initialises $ddc with full user * privilege, and all other user-accessible capability registers with * no rights at all. The runtime linker/compiler/application can * propagate around rights as required. */ cheri_capability_set_user_ddc(&frame->ddc); cheri_capability_set_user_stc(&frame->stc); cheri_capability_set_user_idc(&frame->idc); cheri_capability_set_user_pcc(&frame->pcc); cheri_capability_set_user_entry(&frame->c12, entry_addr); /* * Also initialise signal-handling state; this can't yet be modified * by userspace, but the principle is that signal handlers should run * with ambient authority unless given up by the userspace runtime * explicitly. */ csigp = &td->td_pcb->pcb_cherisignal; bzero(csigp, sizeof(*csigp)); cheri_capability_set_user_ddc(&csigp->csig_ddc); cheri_capability_set_user_stc(&csigp->csig_stc); cheri_capability_set_user_stc(&csigp->csig_default_stack); cheri_capability_set_user_idc(&csigp->csig_idc); cheri_capability_set_user_pcc(&csigp->csig_pcc); cheri_capability_set_user_sigcode(&csigp->csig_sigcode, td->td_proc->p_sysent); /* * Set up root for the userspace object-type capability tree. This * can be queried using sysarch(2). */ cheri_capability_set_user_type(&td->td_pcb->pcb_typecap); }