svn commit: r345446 - in stable/12/sys: amd64/amd64 amd64/include arm/arm arm/include arm64/arm64 arm64/include compat/freebsd32 i386/i386 i386/include kern mips/include mips/mips powerpc/include p...

Konstantin Belousov kib at FreeBSD.org
Sat Mar 23 11:47:19 UTC 2019


Author: kib
Date: Sat Mar 23 11:47:13 2019
New Revision: 345446
URL: https://svnweb.freebsd.org/changeset/base/345446

Log:
  MFC r345228:
  amd64 KPTI: add control from procctl(2).

Added:
  stable/12/sys/amd64/include/procctl.h
     - copied unchanged from r345228, head/sys/amd64/include/procctl.h
  stable/12/sys/arm/include/procctl.h
     - copied unchanged from r345228, head/sys/arm/include/procctl.h
  stable/12/sys/arm64/include/procctl.h
     - copied unchanged from r345228, head/sys/arm64/include/procctl.h
  stable/12/sys/i386/include/procctl.h
     - copied unchanged from r345228, head/sys/i386/include/procctl.h
  stable/12/sys/mips/include/procctl.h
     - copied unchanged from r345228, head/sys/mips/include/procctl.h
  stable/12/sys/powerpc/include/procctl.h
     - copied unchanged from r345228, head/sys/powerpc/include/procctl.h
  stable/12/sys/riscv/include/procctl.h
     - copied unchanged from r345228, head/sys/riscv/include/procctl.h
  stable/12/sys/sparc64/include/procctl.h
     - copied unchanged from r345228, head/sys/sparc64/include/procctl.h
  stable/12/sys/x86/include/procctl.h
     - copied unchanged from r345228, head/sys/x86/include/procctl.h
Modified:
  stable/12/sys/amd64/amd64/vm_machdep.c
  stable/12/sys/arm/arm/vm_machdep.c
  stable/12/sys/arm64/arm64/vm_machdep.c
  stable/12/sys/compat/freebsd32/freebsd32_misc.c
  stable/12/sys/i386/i386/vm_machdep.c
  stable/12/sys/kern/kern_procctl.c
  stable/12/sys/mips/mips/vm_machdep.c
  stable/12/sys/powerpc/powerpc/vm_machdep.c
  stable/12/sys/riscv/riscv/vm_machdep.c
  stable/12/sys/sparc64/sparc64/vm_machdep.c
  stable/12/sys/sys/proc.h
  stable/12/sys/sys/procctl.h
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/sys/amd64/amd64/vm_machdep.c
==============================================================================
--- stable/12/sys/amd64/amd64/vm_machdep.c	Sat Mar 23 11:43:41 2019	(r345445)
+++ stable/12/sys/amd64/amd64/vm_machdep.c	Sat Mar 23 11:47:13 2019	(r345446)
@@ -59,13 +59,16 @@ __FBSDID("$FreeBSD$");
 #include <sys/mbuf.h>
 #include <sys/mutex.h>
 #include <sys/pioctl.h>
+#include <sys/priv.h>
 #include <sys/proc.h>
+#include <sys/procctl.h>
 #include <sys/smp.h>
 #include <sys/sysctl.h>
 #include <sys/sysent.h>
 #include <sys/unistd.h>
 #include <sys/vnode.h>
 #include <sys/vmmeter.h>
+#include <sys/wait.h>
 
 #include <machine/cpu.h>
 #include <machine/md_var.h>
@@ -376,6 +379,66 @@ cpu_exec_vmspace_reuse(struct proc *p, vm_map_t map)
 
 	return (((curproc->p_amd64_md_flags & P_MD_KPTI) != 0) ==
 	    (vm_map_pmap(map)->pm_ucr3 != PMAP_NO_CR3));
+}
+
+static void
+cpu_procctl_kpti(struct proc *p, int com, int *val)
+{
+
+	if (com == PROC_KPTI_CTL) {
+		if (pti && *val == PROC_KPTI_CTL_ENABLE_ON_EXEC)
+			p->p_amd64_md_flags |= P_MD_KPTI;
+		if (*val == PROC_KPTI_CTL_DISABLE_ON_EXEC)
+			p->p_amd64_md_flags &= ~P_MD_KPTI;
+	} else /* PROC_KPTI_STATUS */ {
+		*val = (p->p_amd64_md_flags & P_MD_KPTI) != 0 ?
+		    PROC_KPTI_CTL_ENABLE_ON_EXEC:
+		    PROC_KPTI_CTL_DISABLE_ON_EXEC;
+		if (vmspace_pmap(p->p_vmspace)->pm_ucr3 != PMAP_NO_CR3)
+			*val |= PROC_KPTI_STATUS_ACTIVE;
+	}
+}
+
+int
+cpu_procctl(struct thread *td, int idtype, id_t id, int com, void *data)
+{
+	struct proc *p;
+	int error, val;
+
+	switch (com) {
+	case PROC_KPTI_CTL:
+	case PROC_KPTI_STATUS:
+		if (idtype != P_PID) {
+			error = EINVAL;
+			break;
+		}
+		if (com == PROC_KPTI_CTL) {
+			/* sad but true and not a joke */
+			error = priv_check(td, PRIV_IO);
+			if (error != 0)
+				break;
+			error = copyin(data, &val, sizeof(val));
+			if (error != 0)
+				break;
+			if (val != PROC_KPTI_CTL_ENABLE_ON_EXEC &&
+			    val != PROC_KPTI_CTL_DISABLE_ON_EXEC) {
+				error = EINVAL;
+				break;
+			}
+		}
+		error = pget(id, PGET_CANSEE | PGET_NOTWEXIT | PGET_NOTID, &p);
+		if (error == 0) {
+			cpu_procctl_kpti(p, com, &val);
+			PROC_UNLOCK(p);
+			if (com == PROC_KPTI_STATUS)
+				error = copyout(&val, data, sizeof(val));
+		}
+		break;
+	default:
+		error = EINVAL;
+		break;
+	}
+	return (error);
 }
 
 void

Copied: stable/12/sys/amd64/include/procctl.h (from r345228, head/sys/amd64/include/procctl.h)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ stable/12/sys/amd64/include/procctl.h	Sat Mar 23 11:47:13 2019	(r345446, copy of r345228, head/sys/amd64/include/procctl.h)
@@ -0,0 +1,6 @@
+/*-
+ * This file is in the public domain.
+ */
+/* $FreeBSD$ */
+
+#include <x86/procctl.h>

Modified: stable/12/sys/arm/arm/vm_machdep.c
==============================================================================
--- stable/12/sys/arm/arm/vm_machdep.c	Sat Mar 23 11:43:41 2019	(r345445)
+++ stable/12/sys/arm/arm/vm_machdep.c	Sat Mar 23 11:47:13 2019	(r345446)
@@ -354,3 +354,10 @@ cpu_exec_vmspace_reuse(struct proc *p __unused, vm_map
 	return (true);
 }
 
+int
+cpu_procctl(struct thread *td __unused, int idtype __unused, id_t id __unused,
+    int com __unused, void *data __unused)
+{
+
+	return (EINVAL);
+}

Copied: stable/12/sys/arm/include/procctl.h (from r345228, head/sys/arm/include/procctl.h)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ stable/12/sys/arm/include/procctl.h	Sat Mar 23 11:47:13 2019	(r345446, copy of r345228, head/sys/arm/include/procctl.h)
@@ -0,0 +1,4 @@
+/*-
+ * This file is in the public domain.
+ */
+/* $FreeBSD$ */

Modified: stable/12/sys/arm64/arm64/vm_machdep.c
==============================================================================
--- stable/12/sys/arm64/arm64/vm_machdep.c	Sat Mar 23 11:43:41 2019	(r345445)
+++ stable/12/sys/arm64/arm64/vm_machdep.c	Sat Mar 23 11:47:13 2019	(r345446)
@@ -271,6 +271,14 @@ cpu_exec_vmspace_reuse(struct proc *p __unused, vm_map
 	return (true);
 }
 
+int
+cpu_procctl(struct thread *td __unused, int idtype __unused, id_t id __unused,
+    int com __unused, void *data __unused)
+{
+
+	return (EINVAL);
+}
+
 void
 swi_vm(void *v)
 {

Copied: stable/12/sys/arm64/include/procctl.h (from r345228, head/sys/arm64/include/procctl.h)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ stable/12/sys/arm64/include/procctl.h	Sat Mar 23 11:47:13 2019	(r345446, copy of r345228, head/sys/arm64/include/procctl.h)
@@ -0,0 +1,4 @@
+/*-
+ * This file is in the public domain.
+ */
+/* $FreeBSD$ */

Modified: stable/12/sys/compat/freebsd32/freebsd32_misc.c
==============================================================================
--- stable/12/sys/compat/freebsd32/freebsd32_misc.c	Sat Mar 23 11:43:41 2019	(r345445)
+++ stable/12/sys/compat/freebsd32/freebsd32_misc.c	Sat Mar 23 11:47:13 2019	(r345446)
@@ -3350,6 +3350,10 @@ freebsd32_procctl(struct thread *td, struct freebsd32_
 	} x32;
 	int error, error1, flags, signum;
 
+	if (uap->com >= PROC_PROCCTL_MD_MIN)
+		return (cpu_procctl(td, uap->idtype, PAIR32TO64(id_t, uap->id),
+		    uap->com, PTRIN(uap->data)));
+
 	switch (uap->com) {
 	case PROC_ASLR_CTL:
 	case PROC_SPROTECT:

Modified: stable/12/sys/i386/i386/vm_machdep.c
==============================================================================
--- stable/12/sys/i386/i386/vm_machdep.c	Sat Mar 23 11:43:41 2019	(r345445)
+++ stable/12/sys/i386/i386/vm_machdep.c	Sat Mar 23 11:47:13 2019	(r345446)
@@ -393,6 +393,14 @@ cpu_exec_vmspace_reuse(struct proc *p __unused, vm_map
 	return (true);
 }
 
+int
+cpu_procctl(struct thread *td __unused, int idtype __unused, id_t id __unused,
+    int com __unused, void *data __unused)
+{
+
+	return (EINVAL);
+}
+
 void
 cpu_set_syscall_retval(struct thread *td, int error)
 {

Copied: stable/12/sys/i386/include/procctl.h (from r345228, head/sys/i386/include/procctl.h)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ stable/12/sys/i386/include/procctl.h	Sat Mar 23 11:47:13 2019	(r345446, copy of r345228, head/sys/i386/include/procctl.h)
@@ -0,0 +1,6 @@
+/*-
+ * This file is in the public domain.
+ */
+/* $FreeBSD$ */
+
+#include <x86/procctl.h>

Modified: stable/12/sys/kern/kern_procctl.c
==============================================================================
--- stable/12/sys/kern/kern_procctl.c	Sat Mar 23 11:43:41 2019	(r345445)
+++ stable/12/sys/kern/kern_procctl.c	Sat Mar 23 11:47:13 2019	(r345446)
@@ -494,6 +494,10 @@ sys_procctl(struct thread *td, struct procctl_args *ua
 	} x;
 	int error, error1, flags, signum;
 
+	if (uap->com >= PROC_PROCCTL_MD_MIN)
+		return (cpu_procctl(td, uap->idtype, uap->id,
+		    uap->com, uap->data));
+
 	switch (uap->com) {
 	case PROC_ASLR_CTL:
 	case PROC_SPROTECT:

Copied: stable/12/sys/mips/include/procctl.h (from r345228, head/sys/mips/include/procctl.h)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ stable/12/sys/mips/include/procctl.h	Sat Mar 23 11:47:13 2019	(r345446, copy of r345228, head/sys/mips/include/procctl.h)
@@ -0,0 +1,4 @@
+/*-
+ * This file is in the public domain.
+ */
+/* $FreeBSD$ */

Modified: stable/12/sys/mips/mips/vm_machdep.c
==============================================================================
--- stable/12/sys/mips/mips/vm_machdep.c	Sat Mar 23 11:43:41 2019	(r345445)
+++ stable/12/sys/mips/mips/vm_machdep.c	Sat Mar 23 11:47:13 2019	(r345446)
@@ -462,6 +462,14 @@ cpu_exec_vmspace_reuse(struct proc *p __unused, vm_map
 	return (true);
 }
 
+int
+cpu_procctl(struct thread *td __unused, int idtype __unused, id_t id __unused,
+    int com __unused, void *data __unused)
+{
+
+	return (EINVAL);
+}
+
 /*
  * Software interrupt handler for queued VM system processing.
  */

Copied: stable/12/sys/powerpc/include/procctl.h (from r345228, head/sys/powerpc/include/procctl.h)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ stable/12/sys/powerpc/include/procctl.h	Sat Mar 23 11:47:13 2019	(r345446, copy of r345228, head/sys/powerpc/include/procctl.h)
@@ -0,0 +1,4 @@
+/*-
+ * This file is in the public domain.
+ */
+/* $FreeBSD$ */

Modified: stable/12/sys/powerpc/powerpc/vm_machdep.c
==============================================================================
--- stable/12/sys/powerpc/powerpc/vm_machdep.c	Sat Mar 23 11:43:41 2019	(r345445)
+++ stable/12/sys/powerpc/powerpc/vm_machdep.c	Sat Mar 23 11:47:13 2019	(r345446)
@@ -256,3 +256,10 @@ cpu_exec_vmspace_reuse(struct proc *p __unused, vm_map
 	return (true);
 }
 
+int
+cpu_procctl(struct thread *td __unused, int idtype __unused, id_t id __unused,
+    int com __unused, void *data __unused)
+{
+
+	return (EINVAL);
+}

Copied: stable/12/sys/riscv/include/procctl.h (from r345228, head/sys/riscv/include/procctl.h)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ stable/12/sys/riscv/include/procctl.h	Sat Mar 23 11:47:13 2019	(r345446, copy of r345228, head/sys/riscv/include/procctl.h)
@@ -0,0 +1,4 @@
+/*-
+ * This file is in the public domain.
+ */
+/* $FreeBSD$ */

Modified: stable/12/sys/riscv/riscv/vm_machdep.c
==============================================================================
--- stable/12/sys/riscv/riscv/vm_machdep.c	Sat Mar 23 11:43:41 2019	(r345445)
+++ stable/12/sys/riscv/riscv/vm_machdep.c	Sat Mar 23 11:47:13 2019	(r345446)
@@ -274,6 +274,14 @@ cpu_exec_vmspace_reuse(struct proc *p __unused, vm_map
 	return (true);
 }
 
+int
+cpu_procctl(struct thread *td __unused, int idtype __unused, id_t id __unused,
+    int com __unused, void *data __unused)
+{
+
+	return (EINVAL);
+}
+
 void
 swi_vm(void *v)
 {

Copied: stable/12/sys/sparc64/include/procctl.h (from r345228, head/sys/sparc64/include/procctl.h)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ stable/12/sys/sparc64/include/procctl.h	Sat Mar 23 11:47:13 2019	(r345446, copy of r345228, head/sys/sparc64/include/procctl.h)
@@ -0,0 +1,4 @@
+/*-
+ * This file is in the public domain.
+ */
+/* $FreeBSD$ */

Modified: stable/12/sys/sparc64/sparc64/vm_machdep.c
==============================================================================
--- stable/12/sys/sparc64/sparc64/vm_machdep.c	Sat Mar 23 11:43:41 2019	(r345445)
+++ stable/12/sys/sparc64/sparc64/vm_machdep.c	Sat Mar 23 11:47:13 2019	(r345446)
@@ -381,6 +381,14 @@ cpu_exec_vmspace_reuse(struct proc *p __unused, vm_map
 }
 
 int
+cpu_procctl(struct thread *td __unused, int idtype __unused, id_t id __unused,
+    int com __unused, void *data __unused)
+{
+
+	return (EINVAL);
+}
+
+int
 is_physical_memory(vm_paddr_t addr)
 {
 	struct ofw_mem_region *mr;

Modified: stable/12/sys/sys/proc.h
==============================================================================
--- stable/12/sys/sys/proc.h	Sat Mar 23 11:43:41 2019	(r345445)
+++ stable/12/sys/sys/proc.h	Sat Mar 23 11:47:13 2019	(r345446)
@@ -1088,6 +1088,8 @@ bool	cpu_exec_vmspace_reuse(struct proc *p, struct vm_
 int	cpu_fetch_syscall_args(struct thread *td);
 void	cpu_fork(struct thread *, struct proc *, struct thread *, int);
 void	cpu_fork_kthread_handler(struct thread *, void (*)(void *), void *);
+int	cpu_procctl(struct thread *td, int idtype, id_t id, int com,
+	    void *data);
 void	cpu_set_syscall_retval(struct thread *, int);
 void	cpu_set_upcall(struct thread *, void (*)(void *), void *,
 	    stack_t *);

Modified: stable/12/sys/sys/procctl.h
==============================================================================
--- stable/12/sys/sys/procctl.h	Sat Mar 23 11:43:41 2019	(r345445)
+++ stable/12/sys/sys/procctl.h	Sat Mar 23 11:47:13 2019	(r345446)
@@ -41,6 +41,10 @@
 #include <sys/wait.h>
 #endif
 
+/* MD PROCCTL verbs start at 0x10000000 */
+#define	PROC_PROCCTL_MD_MIN	0x10000000
+#include <machine/procctl.h>
+
 #define	PROC_SPROTECT		1	/* set protected state */
 #define	PROC_REAP_ACQUIRE	2	/* reaping enable */
 #define	PROC_REAP_RELEASE	3	/* reaping disable */

Copied: stable/12/sys/x86/include/procctl.h (from r345228, head/sys/x86/include/procctl.h)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ stable/12/sys/x86/include/procctl.h	Sat Mar 23 11:47:13 2019	(r345446, copy of r345228, head/sys/x86/include/procctl.h)
@@ -0,0 +1,43 @@
+/*-
+ * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
+ *
+ * Copyright (c) 2019 The FreeBSD Foundation
+ *
+ * Portions of this software were developed by Konstantin Belousov
+ * under sponsorship from the FreeBSD Foundation.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#ifndef _X86_PROCCTL_H
+#define	_X86_PROCCTL_H
+
+#define	PROC_KPTI_CTL		(PROC_PROCCTL_MD_MIN + 0)
+#define	PROC_KPTI_STATUS	(PROC_PROCCTL_MD_MIN + 1)
+
+#define	PROC_KPTI_CTL_ENABLE_ON_EXEC	1
+#define	PROC_KPTI_CTL_DISABLE_ON_EXEC	2
+#define	PROC_KPTI_STATUS_ACTIVE		0x80000000
+
+#endif


More information about the svn-src-all mailing list