svn commit: r340030 - in head/sys/riscv: include riscv

John Baldwin jhb at FreeBSD.org
Thu Nov 1 22:23:17 UTC 2018


Author: jhb
Date: Thu Nov  1 22:23:15 2018
New Revision: 340030
URL: https://svnweb.freebsd.org/changeset/base/340030

Log:
  Restrict setting PTE execute permissions on RISC-V.
  
  Previously, RISC-V was enabling execute permissions in PTEs for any
  readable page.  Now, execute permissions are only enabled if they were
  explicitly specified (e.g. via PROT_EXEC to mmap).  The one exception
  is that the initial kernel mapping in locore still maps all of the
  kernel RWX.
  
  While here, change the fault type passed to vm_fault and
  pmap_fault_fixup to only include a single VM_PROT_* value representing
  the faulting access to match other architectures rather than passing a
  bitmask.
  
  Reviewed by:	markj
  Sponsored by:	DARPA
  Differential Revision:	https://reviews.freebsd.org/D17783

Modified:
  head/sys/riscv/include/pte.h
  head/sys/riscv/riscv/locore.S
  head/sys/riscv/riscv/pmap.c
  head/sys/riscv/riscv/trap.c

Modified: head/sys/riscv/include/pte.h
==============================================================================
--- head/sys/riscv/include/pte.h	Thu Nov  1 22:17:51 2018	(r340029)
+++ head/sys/riscv/include/pte.h	Thu Nov  1 22:23:15 2018	(r340030)
@@ -78,7 +78,7 @@ typedef	uint64_t	pn_t;			/* page number */
 #define	PTE_V		(1 << 0) /* Valid */
 #define	PTE_RWX		(PTE_R | PTE_W | PTE_X)
 #define	PTE_RX		(PTE_R | PTE_X)
-#define	PTE_KERN	(PTE_V | PTE_RWX | PTE_A | PTE_D)
+#define	PTE_KERN	(PTE_V | PTE_R | PTE_W | PTE_A | PTE_D)
 
 #define	PTE_PPN0_S	10
 #define	PTE_PPN1_S	19

Modified: head/sys/riscv/riscv/locore.S
==============================================================================
--- head/sys/riscv/riscv/locore.S	Thu Nov  1 22:17:51 2018	(r340029)
+++ head/sys/riscv/riscv/locore.S	Thu Nov  1 22:23:15 2018	(r340030)
@@ -94,7 +94,7 @@ _start:
 	add	t3, t4, t2
 	li	t5, 0
 2:
-	li	t0, (PTE_KERN)
+	li	t0, (PTE_KERN | PTE_X)
 	slli	t2, t4, PTE_PPN1_S	/* << PTE_PPN1_S */
 	or	t5, t0, t2
 	sd	t5, (s1)		/* Store PTE entry to position */

Modified: head/sys/riscv/riscv/pmap.c
==============================================================================
--- head/sys/riscv/riscv/pmap.c	Thu Nov  1 22:17:51 2018	(r340029)
+++ head/sys/riscv/riscv/pmap.c	Thu Nov  1 22:23:15 2018	(r340030)
@@ -2010,7 +2010,7 @@ pmap_protect(pmap_t pmap, vm_offset_t sva, vm_offset_t
 }
 
 int
-pmap_fault_fixup(pmap_t pmap, vm_offset_t va, vm_prot_t prot)
+pmap_fault_fixup(pmap_t pmap, vm_offset_t va, vm_prot_t ftype)
 {
 	pt_entry_t orig_l3;
 	pt_entry_t new_l3;
@@ -2027,12 +2027,13 @@ pmap_fault_fixup(pmap_t pmap, vm_offset_t va, vm_prot_
 
 	orig_l3 = pmap_load(l3);
 	if ((orig_l3 & PTE_V) == 0 ||
-	    ((prot & VM_PROT_WRITE) != 0 && (orig_l3 & PTE_W) == 0) ||
-	    ((prot & VM_PROT_READ) != 0 && (orig_l3 & PTE_R) == 0))
+	    (ftype == VM_PROT_WRITE && (orig_l3 & PTE_W) == 0) ||
+	    (ftype == VM_PROT_EXECUTE && (orig_l3 & PTE_X) == 0) ||
+	    (ftype == VM_PROT_READ && (orig_l3 & PTE_R) == 0))
 		goto done;
 
 	new_l3 = orig_l3 | PTE_A;
-	if ((prot & VM_PROT_WRITE) != 0)
+	if (ftype == VM_PROT_WRITE)
 		new_l3 |= PTE_D;
 
 	if (orig_l3 != new_l3) {
@@ -2088,7 +2089,9 @@ pmap_enter(pmap_t pmap, vm_offset_t va, vm_page_t m, v
 	pa = VM_PAGE_TO_PHYS(m);
 	pn = (pa / PAGE_SIZE);
 
-	new_l3 = PTE_V | PTE_R | PTE_X | PTE_A;
+	new_l3 = PTE_V | PTE_R | PTE_A;
+	if (prot & VM_PROT_EXECUTE)
+		new_l3 |= PTE_X;
 	if (flags & VM_PROT_WRITE)
 		new_l3 |= PTE_D;
 	if (prot & VM_PROT_WRITE)
@@ -2464,7 +2467,9 @@ pmap_enter_quick_locked(pmap_t pmap, vm_offset_t va, v
 	pa = VM_PAGE_TO_PHYS(m);
 	pn = (pa / PAGE_SIZE);
 
-	entry = (PTE_V | PTE_R | PTE_X);
+	entry = PTE_V | PTE_R;
+	if (prot & VM_PROT_EXECUTE)
+		entry |= PTE_X;
 	entry |= (pn << PTE_PPN0_S);
 
 	/*

Modified: head/sys/riscv/riscv/trap.c
==============================================================================
--- head/sys/riscv/riscv/trap.c	Thu Nov  1 22:17:51 2018	(r340029)
+++ head/sys/riscv/riscv/trap.c	Thu Nov  1 22:23:15 2018	(r340030)
@@ -207,9 +207,11 @@ data_abort(struct trapframe *frame, int lower)
 
 	if ((frame->tf_scause == EXCP_FAULT_STORE) ||
 	    (frame->tf_scause == EXCP_STORE_PAGE_FAULT)) {
-		ftype = (VM_PROT_READ | VM_PROT_WRITE);
+		ftype = VM_PROT_WRITE;
+	} else if (frame->tf_scause == EXCP_INST_PAGE_FAULT) {
+		ftype = VM_PROT_EXECUTE;
 	} else {
-		ftype = (VM_PROT_READ);
+		ftype = VM_PROT_READ;
 	}
 
 	if (pmap_fault_fixup(map->pmap, va, ftype))


More information about the svn-src-all mailing list