mmap: Remove MAP_ALIGNED_CHERI_SEAL

There are no differences in alignment between regular and sealed capabilities on current architectures and even if there were there is little value in putting this support in the kernel where callers who need to seal values returned by mmap() will be highly CHERI-aware.
bsdjhb · Sep 13, 2024 · 91aa338 · 91aa338
1 parent d2f37a3
commit 91aa338
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 46 deletions.
diff --git a/bin/cheribsdtest/cheribsdtest_vm.c b/bin/cheribsdtest/cheribsdtest_vm.c
@@ -900,12 +900,6 @@ CHERIBSDTEST(vm_reservation_align,
 	    "mmap failed to align representable region with requested "
 	    "cheri alignment for %p", map);
 
-	map = CHERIBSDTEST_CHECK_SYSCALL(mmap(NULL, len,
-	    PROT_READ | PROT_WRITE, MAP_ANON | MAP_ALIGNED_CHERI_SEAL, -1, 0));
-	CHERIBSDTEST_VERIFY2(((ptraddr_t)(map) & align_mask) == 0,
-	    "mmap failed to align representable region with requested "
-	    "cheri seal alignment for %p", map);
-
 	cheribsdtest_success();
 }
 

diff --git a/lib/libsys/mmap.2 b/lib/libsys/mmap.2
@@ -215,19 +215,6 @@ On architectures without CHERI support or where all capabilities are
 precise,
 .Dv MAP_ALIGNED_CHERI
 has no effect.
-.It Dv MAP_ALIGNED_CHERI_SEAL
-Align the region as required to allow a CHERI capability to be sealed.
-If a suitable region cannot be found or the address of
-.Fa addr
-or the length in
-.Fa len
-is not representable as a precise, sealable capability,
-.Fn mmap
-will fail.
-On architectures without CHERI support or where all capabilities are
-precise,
-.Dv MAP_ALIGNED_CHERI_SEAL
-has no effect.
 .It Dv MAP_ALIGNED_SUPER
 Align the region to maximize the potential use of large
 .Pq Dq super
@@ -608,8 +595,6 @@ was not.
 .It Bq Er EINVAL
 .Dv MAP_ALIGNED_CHERI
 (implied on CheriABI)
-or
-.Dv MAP_ALIGNED_CHERI_SEAL
 was specified and
 .Fa addr
 or

diff --git a/sys/sys/mman.h b/sys/sys/mman.h
@@ -125,12 +125,8 @@
  *
  * MAP_ALIGNED_CHERI returns memory aligned appropriately for the requested
  * length or fails.  Passing an under-rounded length fails.
- *
- * MAP_ALIGNED_CHERI_SEAL returns memory aligned to allow sealing given the
- * requested length or fails.  Passing an under-rounded length fails.
  */
 #define	MAP_ALIGNED_CHERI	MAP_ALIGNED(2)	/* align for CHERI data */
-#define	MAP_ALIGNED_CHERI_SEAL	MAP_ALIGNED(3)	/* align for sealing on CHERI */
 
 /*
  * Flags provided to shm_rename

diff --git a/sys/vm/vm_mmap.c b/sys/vm/vm_mmap.c
@@ -408,8 +408,8 @@ sys_mmap(struct thread *td, struct mmap_args *uap)
 #endif
 	}
 	else if ((flags & MAP_ALIGNMENT_MASK) != MAP_ALIGNED(0) &&
-		 (flags & MAP_ALIGNMENT_MASK) != MAP_ALIGNED_CHERI &&
-		 (flags & MAP_ALIGNMENT_MASK) != MAP_ALIGNED_CHERI_SEAL) {
+	    (flags & MAP_ALIGNMENT_MASK) != MAP_ALIGNED(3) && /* MAP_ALIGNED_CHERI_SEAL */
+	    (flags & MAP_ALIGNMENT_MASK) != MAP_ALIGNED_CHERI) {
 		/* Reject nonsensical sub-page alignment requests */
 		if ((flags >> MAP_ALIGNMENT_SHIFT) < PAGE_SHIFT) {
 			SYSERRCAUSE("subpage alignment request");
@@ -629,22 +629,17 @@ kern_mmap(struct thread *td, const struct mmap_req *mrp)
 	align = flags & MAP_ALIGNMENT_MASK;
 #if !__has_feature(capabilities)
 	/* In the non-CHERI case, remove the alignment request. */
-	if (align == MAP_ALIGNED_CHERI || align == MAP_ALIGNED_CHERI_SEAL) {
+	if (align == MAP_ALIGNED_CHERI) {
 		flags &= ~MAP_ALIGNMENT_MASK;
 		align = 0;
 	}
 #else /* __has_feature(capabilities) */
 	/*
-	 * Convert MAP_ALIGNED_CHERI(_SEAL) into explicit alignment
+	 * Convert MAP_ALIGNED_CHERI into explicit alignment
 	 * requests and pad lengths.  The combination of alignment (via
 	 * the updated, explicit alignment flags) and padding is required
 	 * for any request that would otherwise be unrepresentable due
 	 * to compressed capability bounds.
-	 *
-	 * XXX: With CHERI Concentrate, there is no difference in
-	 * precision between sealed and unsealed capabilities.  We
-	 * retain the duplicate code paths in case other otype tradeoffs
-	 * are made at a later date.
 	 */
 	if (align == MAP_ALIGNED_CHERI) {
 		flags &= ~MAP_ALIGNMENT_MASK;
@@ -658,18 +653,6 @@ kern_mmap(struct thread *td, const struct mmap_req *mrp)
 				addr_mask = CHERI_ALIGN_MASK(size);
 		}
 		align = flags & MAP_ALIGNMENT_MASK;
-	} else if (align == MAP_ALIGNED_CHERI_SEAL) {
-		flags &= ~MAP_ALIGNMENT_MASK;
-		if (CHERI_SEALABLE_ALIGNMENT(size) > (1UL << PAGE_SHIFT)) {
-			flags |= MAP_ALIGNED(CHERI_SEAL_ALIGN_SHIFT(size));
-
-			if (size != CHERI_SEALABLE_LENGTH(size))
-				size = CHERI_SEALABLE_LENGTH(size);
-
-			if (CHERI_SEAL_ALIGN_MASK(size) != 0)
-				addr_mask = CHERI_SEAL_ALIGN_MASK(size);
-		}
-		align = flags & MAP_ALIGNMENT_MASK;
 	}
 #endif