cheribsdtest: Add tests in anticipation of c18n where function pointers are wrapped by default #2299
Conversation
When library-based compartmentalisation causes every function pointer to be wrapped in a trampoline, signal handlers return back to a trampoline rather than sigcode. The length return address capability is thus increased to account for this.
| @@ -82,3 +84,20 @@ CHERIBSDTEST(fptr_canon_dlfunc, | |||
|
|
|||
| cheribsdtest_success(); | |||
| } | |||
|
|
|||
| CHERIBSDTEST(fptr_canon_scalar, | |||
| "Check that function pointers are canonical when cast to scalar") | |||
There was a problem hiding this comment.
As with LLD, please don't use the term scalar. A capability is still a scalar (contrast with a vector of capabilities).
There was a problem hiding this comment.
Also, this isn't about casting, this is about loading from memory where the value in memory is an integer address that's been relocated, rather than a pointer.
| @@ -267,6 +267,8 @@ CHERIBSDTEST(signal_returncap, | |||
| CHERIBSDTEST_VERIFY2(v == CHERI_CAP_USER_CODE_LENGTH, | |||
| "length 0x%jx (expected <= 0x%jx)", v, | |||
| (uintmax_t)CHERI_CAP_USER_CODE_LENGTH); | |||
| #elif defined(CHERIBSD_C18N_TESTS) | |||
| CHERIBSDTEST_VERIFY2(v <= 0x300, "length 0x%jx (expected <= 0x300)", v); | |||
There was a problem hiding this comment.
No, rather the PR’s title is a bit misleading.
| * This function must only be referenced as a scalar. | ||
| */ | ||
| void | ||
| cheribsdtest_dynamic_dummy_func_scalar_only(void) |
There was a problem hiding this comment.
I’m aiming to test the ‘lazy-trampolines’ that come with default-wrapped function pointers. To do this you’d need to first resolve an integer address to the function, then resolve a capability, and make sure that a) they are equal and b) the latter is a tagged capability. (I haven’t actually tested (b) here because that would assume the existence of CHERI. To avoid using ifdefs maybe we can just call the function?)
The new function is needed to provide this ordering of symbol resolution.
| { | ||
| } | ||
|
|
||
| ptraddr_t cheribsdtest_dynamic_dummy_func_scalar_address = |
There was a problem hiding this comment.
Why can't we model this on cheribsdtest_dynamic_get_dummy_fptr and have it be a static local that's returned? That is:
ptraddr_t
cheribsdtest_dynamic_get_dummy_fptr_addr(void)
{
static volatile ptraddr_t addr = (ptraddr_t)&cheribsdtest_dynamic_dummy_func;
return (addr);
}
dpgao
changed the title
Add test for global integer variables containing function addresses.
Also increases the length of signal_returncap because c18n with default-wrapped trampolines requires that.