References:
[1]
//file: ./bin/cheritest/cheritest_libcheri_trustedstack.c
/*
* Perform a return without a corresponding invocation, to underflow the
* trusted stack.
*/
void
test_sandbox_trustedstack_underflow(const struct cheri_test *ctp __unused)
{
struct cheri_object returncap;
void * __capability codecap /* currently ignored: asm ("$c1") */;
void * __capability datacap /* currently ignored: asm ("$c2") */;
returncap = libcheri_make_sealed_return_object();
codecap = returncap.co_codecap;
datacap = returncap.co_datacap;
/*
* TODO: the branch delay slot has been removed. We can remove the nop
* once we no longer expect to run on older bitfiles
*/
__asm__ __volatile__ ("ccall %0, %1, 1\n\tnop" : : "C"(codecap),
"C"(datacap));
cheritest_failure_errx("continued after attempted CReturn");
}
If you could revise
the fundmental principles of
computer system design
to improve security...
... what would you change?