svn commit: r329281 - in head/sys: amd64/amd64 i386/i386

Conrad Meyer cem at FreeBSD.org
Wed Feb 14 23:35:49 UTC 2018 

Author: cem
Date: Wed Feb 14 23:35:47 2018
New Revision: 329281
URL: https://svnweb.freebsd.org/changeset/base/329281

Log:
  x86 pmap: Make memory mapped via pmap_qenter() non-executable
  
  The idea is, the pmap_qenter() API is now defined to not produce executable
  mappings.  If you need executable mappings, use another API.
  
  Add pg_nx flag in pmap_qenter on x86 to make kernel pages non-executable.
  
  Other architectures that support execute-specific permissons on page table
  entries should subsequently be updated to match.
  
  Submitted by:	Darrick Lew <darrick.freebsd AT gmail.com>
  Reviewed by:	markj
  Discussed with:	alc, jhb, kib
  Sponsored by:	Dell EMC Isilon
  Differential Revision:	https://reviews.freebsd.org/D14062

Modified:
  head/sys/amd64/amd64/pmap.c
  head/sys/i386/i386/pmap.c

Modified: head/sys/amd64/amd64/pmap.c
==============================================================================
--- head/sys/amd64/amd64/pmap.c	Wed Feb 14 21:39:10 2018	(r329280)
+++ head/sys/amd64/amd64/pmap.c	Wed Feb 14 23:35:47 2018	(r329281)
@@ -2338,7 +2338,7 @@ pmap_qenter(vm_offset_t sva, vm_page_t *ma, int count)
 		pa = VM_PAGE_TO_PHYS(m) | cache_bits;
 		if ((*pte & (PG_FRAME | X86_PG_PTE_CACHE)) != pa) {
 			oldpte |= *pte;
-			pte_store(pte, pa | pg_g | X86_PG_RW | X86_PG_V);
+			pte_store(pte, pa | pg_g | pg_nx | X86_PG_RW | X86_PG_V);
 		}
 		pte++;
 	}

Modified: head/sys/i386/i386/pmap.c
==============================================================================
--- head/sys/i386/i386/pmap.c	Wed Feb 14 21:39:10 2018	(r329280)
+++ head/sys/i386/i386/pmap.c	Wed Feb 14 23:35:47 2018	(r329281)
@@ -1677,7 +1677,11 @@ pmap_qenter(vm_offset_t sva, vm_page_t *ma, int count)
 		pa = VM_PAGE_TO_PHYS(m) | pmap_cache_bits(m->md.pat_mode, 0);
 		if ((*pte & (PG_FRAME | PG_PTE_CACHE)) != pa) {
 			oldpte |= *pte;
+#if defined(PAE) || defined(PAE_TABLES)
+			pte_store(pte, pa | pgeflag | pg_nx | PG_RW | PG_V);
+#else
 			pte_store(pte, pa | pgeflag | PG_RW | PG_V);
+#endif
 		}
 		pte++;
 	}

More information about the svn-src-all mailing list