From owner-svn-src-all@freebsd.org Mon Sep 23 14:19:42 2019 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 54BD6F606E; Mon, 23 Sep 2019 14:19:42 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46cRKV1WlXz44PQ; Mon, 23 Sep 2019 14:19:42 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 175ED180EC; Mon, 23 Sep 2019 14:19:42 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x8NEJfN3041701; Mon, 23 Sep 2019 14:19:41 GMT (envelope-from markj@FreeBSD.org) Received: (from markj@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x8NEJf3f041700; Mon, 23 Sep 2019 14:19:41 GMT (envelope-from markj@FreeBSD.org) Message-Id: <201909231419.x8NEJf3f041700@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: markj set sender to markj@FreeBSD.org using -f From: Mark Johnston Date: Mon, 23 Sep 2019 14:19:41 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r352624 - head/sys/amd64/amd64 X-SVN-Group: head X-SVN-Commit-Author: markj X-SVN-Commit-Paths: head/sys/amd64/amd64 X-SVN-Commit-Revision: 352624 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Sep 2019 14:19:42 -0000 Author: markj Date: Mon Sep 23 14:19:41 2019 New Revision: 352624 URL: https://svnweb.freebsd.org/changeset/base/352624 Log: Set NX on some non-leaf direct map page table entries. The direct map is never used for execution of code, so we might as well set NX in the direct map's PML4Es. Also clarify the intent of the code in create_pagetables() that restricts access protections on the region of the direct map mapping the kernel text. Reviewed by: alc, kib (previous version) MFC after: 1 week Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D21759 Modified: head/sys/amd64/amd64/pmap.c Modified: head/sys/amd64/amd64/pmap.c ============================================================================== --- head/sys/amd64/amd64/pmap.c Mon Sep 23 14:14:43 2019 (r352623) +++ head/sys/amd64/amd64/pmap.c Mon Sep 23 14:19:41 2019 (r352624) @@ -1539,13 +1539,13 @@ create_pagetables(vm_paddr_t *firstaddr) } for (j = 0; i < ndmpdp; i++, j++) { pdp_p[i] = DMPDphys + ptoa(j); - pdp_p[i] |= X86_PG_RW | X86_PG_V; + pdp_p[i] |= X86_PG_RW | X86_PG_V | pg_nx; } /* * Instead of using a 1G page for the memory containing the kernel, - * use 2M pages with appropriate permissions. (If using 1G pages, - * this will partially overwrite the PDPEs above.) + * use 2M pages with read-only and no-execute permissions. (If using 1G + * pages, this will partially overwrite the PDPEs above.) */ if (ndm1g) { pd_p = (pd_entry_t *)DMPDkernphys; @@ -1555,7 +1555,7 @@ create_pagetables(vm_paddr_t *firstaddr) bootaddr_rwx(i << PDRSHIFT); for (i = 0; i < nkdmpde; i++) pdp_p[i] = (DMPDkernphys + ptoa(i)) | X86_PG_RW | - X86_PG_V; + X86_PG_V | pg_nx; } /* And recursively map PML4 to itself in order to get PTmap */ @@ -1566,7 +1566,7 @@ create_pagetables(vm_paddr_t *firstaddr) /* Connect the Direct Map slot(s) up to the PML4. */ for (i = 0; i < ndmpdpphys; i++) { p4_p[DMPML4I + i] = DMPDPphys + ptoa(i); - p4_p[DMPML4I + i] |= X86_PG_RW | X86_PG_V; + p4_p[DMPML4I + i] |= X86_PG_RW | X86_PG_V | pg_nx; } /* Connect the KVA slots up to the PML4 */