blob: 6113c83d1961a3291edd3aeee1f7a77cdc2dad18 [file] [log] [blame]
// Copyright Microsoft and CHERIoT Contributors.
// SPDX-License-Identifier: MIT
#pragma once
#include <cdefs.h>
#include <compartment-macros.h>
#include <stdint.h>
#ifdef __cplusplus
# include <cheri.hh>
template<typename T>
static inline CHERI::Capability<T> compart_seal(T *in)
{
void *key = SEALING_CAP();
return CHERI::Capability{in}.seal(key);
}
template<typename T>
static inline CHERI::Capability<T> compart_unseal(T *in)
{
void *key = SEALING_CAP();
return CHERI::Capability{in}.unseal(key);
}
template<typename T>
static inline auto compart_unseal(void *in)
{
return compart_unseal(static_cast<T *>(in));
}
#else
# include <cheri-builtins.h>
static inline void *compart_seal(void *in)
{
void *key = SEALING_CAP();
return cseal(in, key);
}
static inline void *compart_unseal(void *in)
{
void *key = SEALING_CAP();
return cunseal(in, key);
}
#endif
/**
* State for error handlers to use.
*
* Note: This structure should have the same layout as the register-save area.
*/
struct ErrorState
{
/**
* The faulting program counter. Error handlers may modify this but the
* result *must* point into the compartment's program counter capability.
* If it does not then the trusted stack will be unwound forcibly to the
* caller's compartment.
*
* Note: This is passed as an *untagged* capability. This allows error
* handlers to inspect the bounds and permissions, but does not convey the
* rights.
*/
void *pcc;
/**
* The register state where the fault occurred. These may be modified by
* an error handler.
*/
void *registers[15];
#ifdef __cplusplus
/**
* Templated method to get a reference to value of given
* CHERI::RegisterNumber.
*
* Static asserts that the register is one of the general purpose ones
* excluding CZR. This doesn't support getting PCC because in that case
* you can Use ErrorState.pcc directly.
*/
template<CHERI::RegisterNumber ARegisterNumber>
[[nodiscard]] void *&get_register_value()
{
static_assert(ARegisterNumber > CHERI::RegisterNumber::CZR &&
ARegisterNumber <= CHERI::RegisterNumber::CA5,
"get_register_value: invalid RegisterNumber");
return this->registers[static_cast<size_t>(ARegisterNumber) - 1];
}
/**
* Returns a pointer to the value of the given CHERI::RegisterNumber from
* this ErrorState.
*
* Will either select the appropriate index into ErrorState.registers
* accounting for the missing CZR, ErrorState.PCC, or if registerNumber is
* invalid or not contained in ErrorState then nullptr is returned.
*/
[[nodiscard]] void **
get_register_value(CHERI::RegisterNumber registerNumber)
{
if (registerNumber > CHERI::RegisterNumber::CZR &&
registerNumber <= CHERI::RegisterNumber::CA5)
{
return &this->registers[static_cast<size_t>(registerNumber) - 1];
}
if (registerNumber == CHERI::RegisterNumber::PCC)
{
return &this->pcc;
}
return nullptr;
}
#endif
};
/**
* Valid return values from an error handler.
*/
enum ErrorRecoveryBehaviour
{
/// Install the modified context.
InstallContext,
/// Unwind the trusted stack to the caller.
ForceUnwind
};
__BEGIN_DECLS
/**
* The error handler for the current compartment. A compartment may choose to
* implement this. If not implemented then compartment faults will unwind the
* trusted stack.
*/
__attribute__((
section(".compartment_error_handler"))) enum ErrorRecoveryBehaviour
compartment_error_handler(struct ErrorState *frame,
size_t mcause,
size_t mtval);
__END_DECLS