Update init_compartments and simple_init

As discussed, we move towards a more abstract model, including memory
management in the assembly layer. This updates the initialiation
function to not require any user input, and setup memory appropriately,
for future use.

Add checks to `simple_init` to sanity check functionality.

include/comps_offsets.h

@@ -2,3 +2,5 @@
 #define COMP_OFFSET_PCC 0
 #define COMP_OFFSET_DDC 16
 #define COMP_OFFSET_STK_ADDR 32
+
+#define MAX_COMP_COUNT 2

src/manager.S

@@ -44,25 +44,59 @@ asm_call_wrapper:
 /**
  * Sets up memory for compartments
  *
- * @param c1 Start address of switcher memory region
- * @param c2 Size of switcher memory region
- * @param c3 Address of `switch_compartment`
+ * Initializes required memory for compartments. This involves allocating a
+ * memory region for use by switcher code, to contain required capabilities,
+ * and deriving appropriate PCC/DDC values containing the executable switcher
+ * code, and the aforementioned memory region, respectively.
+ *
+ * @return Pointer to newly allocated memory region
  */
 .type init_compartments, "function"
 init_compartments:
-
-    // Derive DDC
-    cvtp      c1, x1
-    scbnds    c1, c1, x2
-
-    // Derive PCC
-    cvtp      c2, x3
-    mov       x3, #320 // TODO dynamic value
-    scbndse   c2, c2, x3
-
-    // Store (DDC, PCC) at `[switcher_caps]`
-    ldr       x4, switcher_caps
-    stp       c1, c2, [x4]
+    // Compute size of required memory, equivalent to `length` parameter of
+    // `mmap`
+    mov       x0, #COMP_SIZE
+    mov       x1, #MAX_COMP_COUNT
+    mov       x2, #32    // size of the 2 switcher capabilities
+    madd      x1, x0, x1, x2
+
+    // Store length and `lr` on stack, as we'll need them later
+    stp       x1, lr, [sp, #-16]!
+
+    // Allocate memory for switcher
+    mov       x0, xzr    // address
+                         // length - already stored in `x1`
+    mov       w2, #3     // prot == PROT_READ | PROT_WRITE
+    mov       w3, #4098  // flags == MAP_PRIVATE | MAP_ANONYMOUS
+    mov       w4, #-1    // fd
+    mov       w5, wzr    // offset
+    bl        mmap
+
+    // Restore length and `lr`
+    ldp       x1, lr, [sp], #16
+
+    // Save pointer to new allocated memory in `switcher_caps`
+    adr       x2, switcher_caps
+    str       x0, [x2]
+
+    // Derive DDC for switcher
+    cvtp      c2, x0
+    scbnds    c2, c2, x1
+
+    // Derive PCC for `switch_compartments` and friends
+    adr       x3, switcher_entry
+    adr       x4, switch_compartment_end
+    sub       x4, x4, x3
+    cvtp      c3, x3
+    scbndse   c3, c3, x4
+
+    // Store (DDC, PCC) at `switcher_caps`
+    ldr       x1, switcher_caps
+    stp       c2, c3, [x1], #32
+
+    // Save start address for compartment capabilities in `comps_addr`
+    adr       x2, comps_addr
+    str       x1, [x2]
 
     ret
 

src/switcher.S

@@ -5,6 +5,7 @@
 
 .global switcher_entry
 .global switch_compartment
+.global switch_compartment_end
 
 /**
  * Entry point from user code to switcher function
@@ -129,3 +130,5 @@ clean:
     // We need LR (x30) to return. The call to this helper already cleaned it.
     // Don't replace SP; this needs special handling by the caller anyway.
     ret
+
+switch_compartment_end:

tests/simple_init.c

@@ -1,6 +1,7 @@
-#include "assert.h"
-#include "stdint.h"
-#include "stdlib.h"
+#include <assert.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <sys/mman.h>
 
 #include "cheriintrin.h"
 
@@ -10,23 +11,15 @@ static_assert(COMP_SIZE == sizeof(void* __capability) * 3, "Invalid `COMP_SIZE`
 static_assert(COMP_OFFSET_DDC == sizeof(void* __capability) * 1, "Invalid `COMP_OFFSET_DDC` provided.");
 static_assert(COMP_OFFSET_STK_ADDR == sizeof(void* __capability) * 2, "Invalid `COMP_OFFSET_STK_LEN` provided.");
 
-/*******************************************************************************
- * Globals and constants
- ******************************************************************************/
-
-const size_t max_comp_cnt = 2;
-const size_t switcher_mem_max_size = max_comp_cnt * COMP_SIZE;
-
 /*******************************************************************************
  * Extern functions
  ******************************************************************************/
 
-extern void asm_call_wrapper(void*, ...);
-extern void init_compartments(uint8_t*, size_t, uintptr_t);
-extern int switch_compartment();
+extern void* init_compartments();
+extern void* __capability * switcher_caps;
 
-extern void* comps_addr;
-extern void* switcher_caps;
+extern void switcher_entry();
+extern void switch_compartment_end();
 
 /*******************************************************************************
  * Main
@@ -35,15 +28,21 @@ extern void* switcher_caps;
 int
 main()
 {
-    switcher_caps = malloc(sizeof(void* __capability) * 2);
-    comps_addr = malloc(COMP_SIZE * max_comp_cnt);
+    void* inner_addr = init_compartments();
+
+    assert(inner_addr != MAP_FAILED);
+    assert(switcher_caps == inner_addr);
 
-    uint8_t* switcher_start = malloc(switcher_mem_max_size);
-    uintptr_t switch_comp_addr = (uintptr_t) switch_compartment;
+    void* __capability switcher_ddc = switcher_caps[0];
+    assert(cheri_is_valid(switcher_ddc));
+    assert(cheri_length_get(switcher_ddc) ==
+            COMP_SIZE * MAX_COMP_COUNT + 2 * sizeof(void* __capability));
 
-    // init_compartments();
+    void* __capability switcher_pcc = switcher_caps[1];
+    assert(cheri_is_valid(switcher_pcc));
+    assert(cheri_address_get(switcher_pcc) == (unsigned long) switcher_entry);
+    assert(cheri_address_get(switcher_pcc) + cheri_length_get(switcher_pcc) ==
+            (unsigned long) switch_compartment_end);
 
-    asm_call_wrapper(init_compartments,
-                     switcher_start, switcher_mem_max_size, switch_comp_addr);
     return 0;
 }