From owner-svn-src-stable-12@freebsd.org Sat Mar 23 11:47:18 2019 Return-Path: Delivered-To: svn-src-stable-12@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A2FF3154BE5D; Sat, 23 Mar 2019 11:47:18 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5320B8C9DA; Sat, 23 Mar 2019 11:47:18 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 03B837E5E; Sat, 23 Mar 2019 11:47:18 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x2NBlHqI029459; Sat, 23 Mar 2019 11:47:17 GMT (envelope-from kib@FreeBSD.org) Received: (from kib@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x2NBlDSD029435; Sat, 23 Mar 2019 11:47:13 GMT (envelope-from kib@FreeBSD.org) Message-Id: <201903231147.x2NBlDSD029435@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kib set sender to kib@FreeBSD.org using -f From: Konstantin Belousov Date: Sat, 23 Mar 2019 11:47:13 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r345446 - in stable/12/sys: amd64/amd64 amd64/include arm/arm arm/include arm64/arm64 arm64/include compat/freebsd32 i386/i386 i386/include kern mips/include mips/mips powerpc/include p... X-SVN-Group: stable-12 X-SVN-Commit-Author: kib X-SVN-Commit-Paths: in stable/12/sys: amd64/amd64 amd64/include arm/arm arm/include arm64/arm64 arm64/include compat/freebsd32 i386/i386 i386/include kern mips/include mips/mips powerpc/include powerpc/powerpc riscv/incl... X-SVN-Commit-Revision: 345446 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 5320B8C9DA X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.96 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_SHORT(-0.97)[-0.966,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: svn-src-stable-12@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 12-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Mar 2019 11:47:19 -0000 Author: kib Date: Sat Mar 23 11:47:13 2019 New Revision: 345446 URL: https://svnweb.freebsd.org/changeset/base/345446 Log: MFC r345228: amd64 KPTI: add control from procctl(2). Added: stable/12/sys/amd64/include/procctl.h - copied unchanged from r345228, head/sys/amd64/include/procctl.h stable/12/sys/arm/include/procctl.h - copied unchanged from r345228, head/sys/arm/include/procctl.h stable/12/sys/arm64/include/procctl.h - copied unchanged from r345228, head/sys/arm64/include/procctl.h stable/12/sys/i386/include/procctl.h - copied unchanged from r345228, head/sys/i386/include/procctl.h stable/12/sys/mips/include/procctl.h - copied unchanged from r345228, head/sys/mips/include/procctl.h stable/12/sys/powerpc/include/procctl.h - copied unchanged from r345228, head/sys/powerpc/include/procctl.h stable/12/sys/riscv/include/procctl.h - copied unchanged from r345228, head/sys/riscv/include/procctl.h stable/12/sys/sparc64/include/procctl.h - copied unchanged from r345228, head/sys/sparc64/include/procctl.h stable/12/sys/x86/include/procctl.h - copied unchanged from r345228, head/sys/x86/include/procctl.h Modified: stable/12/sys/amd64/amd64/vm_machdep.c stable/12/sys/arm/arm/vm_machdep.c stable/12/sys/arm64/arm64/vm_machdep.c stable/12/sys/compat/freebsd32/freebsd32_misc.c stable/12/sys/i386/i386/vm_machdep.c stable/12/sys/kern/kern_procctl.c stable/12/sys/mips/mips/vm_machdep.c stable/12/sys/powerpc/powerpc/vm_machdep.c stable/12/sys/riscv/riscv/vm_machdep.c stable/12/sys/sparc64/sparc64/vm_machdep.c stable/12/sys/sys/proc.h stable/12/sys/sys/procctl.h Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/amd64/amd64/vm_machdep.c ============================================================================== --- stable/12/sys/amd64/amd64/vm_machdep.c Sat Mar 23 11:43:41 2019 (r345445) +++ stable/12/sys/amd64/amd64/vm_machdep.c Sat Mar 23 11:47:13 2019 (r345446) @@ -59,13 +59,16 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include +#include #include #include #include #include #include #include +#include #include #include @@ -376,6 +379,66 @@ cpu_exec_vmspace_reuse(struct proc *p, vm_map_t map) return (((curproc->p_amd64_md_flags & P_MD_KPTI) != 0) == (vm_map_pmap(map)->pm_ucr3 != PMAP_NO_CR3)); +} + +static void +cpu_procctl_kpti(struct proc *p, int com, int *val) +{ + + if (com == PROC_KPTI_CTL) { + if (pti && *val == PROC_KPTI_CTL_ENABLE_ON_EXEC) + p->p_amd64_md_flags |= P_MD_KPTI; + if (*val == PROC_KPTI_CTL_DISABLE_ON_EXEC) + p->p_amd64_md_flags &= ~P_MD_KPTI; + } else /* PROC_KPTI_STATUS */ { + *val = (p->p_amd64_md_flags & P_MD_KPTI) != 0 ? + PROC_KPTI_CTL_ENABLE_ON_EXEC: + PROC_KPTI_CTL_DISABLE_ON_EXEC; + if (vmspace_pmap(p->p_vmspace)->pm_ucr3 != PMAP_NO_CR3) + *val |= PROC_KPTI_STATUS_ACTIVE; + } +} + +int +cpu_procctl(struct thread *td, int idtype, id_t id, int com, void *data) +{ + struct proc *p; + int error, val; + + switch (com) { + case PROC_KPTI_CTL: + case PROC_KPTI_STATUS: + if (idtype != P_PID) { + error = EINVAL; + break; + } + if (com == PROC_KPTI_CTL) { + /* sad but true and not a joke */ + error = priv_check(td, PRIV_IO); + if (error != 0) + break; + error = copyin(data, &val, sizeof(val)); + if (error != 0) + break; + if (val != PROC_KPTI_CTL_ENABLE_ON_EXEC && + val != PROC_KPTI_CTL_DISABLE_ON_EXEC) { + error = EINVAL; + break; + } + } + error = pget(id, PGET_CANSEE | PGET_NOTWEXIT | PGET_NOTID, &p); + if (error == 0) { + cpu_procctl_kpti(p, com, &val); + PROC_UNLOCK(p); + if (com == PROC_KPTI_STATUS) + error = copyout(&val, data, sizeof(val)); + } + break; + default: + error = EINVAL; + break; + } + return (error); } void Copied: stable/12/sys/amd64/include/procctl.h (from r345228, head/sys/amd64/include/procctl.h) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/12/sys/amd64/include/procctl.h Sat Mar 23 11:47:13 2019 (r345446, copy of r345228, head/sys/amd64/include/procctl.h) @@ -0,0 +1,6 @@ +/*- + * This file is in the public domain. + */ +/* $FreeBSD$ */ + +#include Modified: stable/12/sys/arm/arm/vm_machdep.c ============================================================================== --- stable/12/sys/arm/arm/vm_machdep.c Sat Mar 23 11:43:41 2019 (r345445) +++ stable/12/sys/arm/arm/vm_machdep.c Sat Mar 23 11:47:13 2019 (r345446) @@ -354,3 +354,10 @@ cpu_exec_vmspace_reuse(struct proc *p __unused, vm_map return (true); } +int +cpu_procctl(struct thread *td __unused, int idtype __unused, id_t id __unused, + int com __unused, void *data __unused) +{ + + return (EINVAL); +} Copied: stable/12/sys/arm/include/procctl.h (from r345228, head/sys/arm/include/procctl.h) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/12/sys/arm/include/procctl.h Sat Mar 23 11:47:13 2019 (r345446, copy of r345228, head/sys/arm/include/procctl.h) @@ -0,0 +1,4 @@ +/*- + * This file is in the public domain. + */ +/* $FreeBSD$ */ Modified: stable/12/sys/arm64/arm64/vm_machdep.c ============================================================================== --- stable/12/sys/arm64/arm64/vm_machdep.c Sat Mar 23 11:43:41 2019 (r345445) +++ stable/12/sys/arm64/arm64/vm_machdep.c Sat Mar 23 11:47:13 2019 (r345446) @@ -271,6 +271,14 @@ cpu_exec_vmspace_reuse(struct proc *p __unused, vm_map return (true); } +int +cpu_procctl(struct thread *td __unused, int idtype __unused, id_t id __unused, + int com __unused, void *data __unused) +{ + + return (EINVAL); +} + void swi_vm(void *v) { Copied: stable/12/sys/arm64/include/procctl.h (from r345228, head/sys/arm64/include/procctl.h) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/12/sys/arm64/include/procctl.h Sat Mar 23 11:47:13 2019 (r345446, copy of r345228, head/sys/arm64/include/procctl.h) @@ -0,0 +1,4 @@ +/*- + * This file is in the public domain. + */ +/* $FreeBSD$ */ Modified: stable/12/sys/compat/freebsd32/freebsd32_misc.c ============================================================================== --- stable/12/sys/compat/freebsd32/freebsd32_misc.c Sat Mar 23 11:43:41 2019 (r345445) +++ stable/12/sys/compat/freebsd32/freebsd32_misc.c Sat Mar 23 11:47:13 2019 (r345446) @@ -3350,6 +3350,10 @@ freebsd32_procctl(struct thread *td, struct freebsd32_ } x32; int error, error1, flags, signum; + if (uap->com >= PROC_PROCCTL_MD_MIN) + return (cpu_procctl(td, uap->idtype, PAIR32TO64(id_t, uap->id), + uap->com, PTRIN(uap->data))); + switch (uap->com) { case PROC_ASLR_CTL: case PROC_SPROTECT: Modified: stable/12/sys/i386/i386/vm_machdep.c ============================================================================== --- stable/12/sys/i386/i386/vm_machdep.c Sat Mar 23 11:43:41 2019 (r345445) +++ stable/12/sys/i386/i386/vm_machdep.c Sat Mar 23 11:47:13 2019 (r345446) @@ -393,6 +393,14 @@ cpu_exec_vmspace_reuse(struct proc *p __unused, vm_map return (true); } +int +cpu_procctl(struct thread *td __unused, int idtype __unused, id_t id __unused, + int com __unused, void *data __unused) +{ + + return (EINVAL); +} + void cpu_set_syscall_retval(struct thread *td, int error) { Copied: stable/12/sys/i386/include/procctl.h (from r345228, head/sys/i386/include/procctl.h) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/12/sys/i386/include/procctl.h Sat Mar 23 11:47:13 2019 (r345446, copy of r345228, head/sys/i386/include/procctl.h) @@ -0,0 +1,6 @@ +/*- + * This file is in the public domain. + */ +/* $FreeBSD$ */ + +#include Modified: stable/12/sys/kern/kern_procctl.c ============================================================================== --- stable/12/sys/kern/kern_procctl.c Sat Mar 23 11:43:41 2019 (r345445) +++ stable/12/sys/kern/kern_procctl.c Sat Mar 23 11:47:13 2019 (r345446) @@ -494,6 +494,10 @@ sys_procctl(struct thread *td, struct procctl_args *ua } x; int error, error1, flags, signum; + if (uap->com >= PROC_PROCCTL_MD_MIN) + return (cpu_procctl(td, uap->idtype, uap->id, + uap->com, uap->data)); + switch (uap->com) { case PROC_ASLR_CTL: case PROC_SPROTECT: Copied: stable/12/sys/mips/include/procctl.h (from r345228, head/sys/mips/include/procctl.h) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/12/sys/mips/include/procctl.h Sat Mar 23 11:47:13 2019 (r345446, copy of r345228, head/sys/mips/include/procctl.h) @@ -0,0 +1,4 @@ +/*- + * This file is in the public domain. + */ +/* $FreeBSD$ */ Modified: stable/12/sys/mips/mips/vm_machdep.c ============================================================================== --- stable/12/sys/mips/mips/vm_machdep.c Sat Mar 23 11:43:41 2019 (r345445) +++ stable/12/sys/mips/mips/vm_machdep.c Sat Mar 23 11:47:13 2019 (r345446) @@ -462,6 +462,14 @@ cpu_exec_vmspace_reuse(struct proc *p __unused, vm_map return (true); } +int +cpu_procctl(struct thread *td __unused, int idtype __unused, id_t id __unused, + int com __unused, void *data __unused) +{ + + return (EINVAL); +} + /* * Software interrupt handler for queued VM system processing. */ Copied: stable/12/sys/powerpc/include/procctl.h (from r345228, head/sys/powerpc/include/procctl.h) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/12/sys/powerpc/include/procctl.h Sat Mar 23 11:47:13 2019 (r345446, copy of r345228, head/sys/powerpc/include/procctl.h) @@ -0,0 +1,4 @@ +/*- + * This file is in the public domain. + */ +/* $FreeBSD$ */ Modified: stable/12/sys/powerpc/powerpc/vm_machdep.c ============================================================================== --- stable/12/sys/powerpc/powerpc/vm_machdep.c Sat Mar 23 11:43:41 2019 (r345445) +++ stable/12/sys/powerpc/powerpc/vm_machdep.c Sat Mar 23 11:47:13 2019 (r345446) @@ -256,3 +256,10 @@ cpu_exec_vmspace_reuse(struct proc *p __unused, vm_map return (true); } +int +cpu_procctl(struct thread *td __unused, int idtype __unused, id_t id __unused, + int com __unused, void *data __unused) +{ + + return (EINVAL); +} Copied: stable/12/sys/riscv/include/procctl.h (from r345228, head/sys/riscv/include/procctl.h) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/12/sys/riscv/include/procctl.h Sat Mar 23 11:47:13 2019 (r345446, copy of r345228, head/sys/riscv/include/procctl.h) @@ -0,0 +1,4 @@ +/*- + * This file is in the public domain. + */ +/* $FreeBSD$ */ Modified: stable/12/sys/riscv/riscv/vm_machdep.c ============================================================================== --- stable/12/sys/riscv/riscv/vm_machdep.c Sat Mar 23 11:43:41 2019 (r345445) +++ stable/12/sys/riscv/riscv/vm_machdep.c Sat Mar 23 11:47:13 2019 (r345446) @@ -274,6 +274,14 @@ cpu_exec_vmspace_reuse(struct proc *p __unused, vm_map return (true); } +int +cpu_procctl(struct thread *td __unused, int idtype __unused, id_t id __unused, + int com __unused, void *data __unused) +{ + + return (EINVAL); +} + void swi_vm(void *v) { Copied: stable/12/sys/sparc64/include/procctl.h (from r345228, head/sys/sparc64/include/procctl.h) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/12/sys/sparc64/include/procctl.h Sat Mar 23 11:47:13 2019 (r345446, copy of r345228, head/sys/sparc64/include/procctl.h) @@ -0,0 +1,4 @@ +/*- + * This file is in the public domain. + */ +/* $FreeBSD$ */ Modified: stable/12/sys/sparc64/sparc64/vm_machdep.c ============================================================================== --- stable/12/sys/sparc64/sparc64/vm_machdep.c Sat Mar 23 11:43:41 2019 (r345445) +++ stable/12/sys/sparc64/sparc64/vm_machdep.c Sat Mar 23 11:47:13 2019 (r345446) @@ -381,6 +381,14 @@ cpu_exec_vmspace_reuse(struct proc *p __unused, vm_map } int +cpu_procctl(struct thread *td __unused, int idtype __unused, id_t id __unused, + int com __unused, void *data __unused) +{ + + return (EINVAL); +} + +int is_physical_memory(vm_paddr_t addr) { struct ofw_mem_region *mr; Modified: stable/12/sys/sys/proc.h ============================================================================== --- stable/12/sys/sys/proc.h Sat Mar 23 11:43:41 2019 (r345445) +++ stable/12/sys/sys/proc.h Sat Mar 23 11:47:13 2019 (r345446) @@ -1088,6 +1088,8 @@ bool cpu_exec_vmspace_reuse(struct proc *p, struct vm_ int cpu_fetch_syscall_args(struct thread *td); void cpu_fork(struct thread *, struct proc *, struct thread *, int); void cpu_fork_kthread_handler(struct thread *, void (*)(void *), void *); +int cpu_procctl(struct thread *td, int idtype, id_t id, int com, + void *data); void cpu_set_syscall_retval(struct thread *, int); void cpu_set_upcall(struct thread *, void (*)(void *), void *, stack_t *); Modified: stable/12/sys/sys/procctl.h ============================================================================== --- stable/12/sys/sys/procctl.h Sat Mar 23 11:43:41 2019 (r345445) +++ stable/12/sys/sys/procctl.h Sat Mar 23 11:47:13 2019 (r345446) @@ -41,6 +41,10 @@ #include #endif +/* MD PROCCTL verbs start at 0x10000000 */ +#define PROC_PROCCTL_MD_MIN 0x10000000 +#include + #define PROC_SPROTECT 1 /* set protected state */ #define PROC_REAP_ACQUIRE 2 /* reaping enable */ #define PROC_REAP_RELEASE 3 /* reaping disable */ Copied: stable/12/sys/x86/include/procctl.h (from r345228, head/sys/x86/include/procctl.h) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/12/sys/x86/include/procctl.h Sat Mar 23 11:47:13 2019 (r345446, copy of r345228, head/sys/x86/include/procctl.h) @@ -0,0 +1,43 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause-FreeBSD + * + * Copyright (c) 2019 The FreeBSD Foundation + * + * Portions of this software were developed by Konstantin Belousov + * under sponsorship from the FreeBSD Foundation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef _X86_PROCCTL_H +#define _X86_PROCCTL_H + +#define PROC_KPTI_CTL (PROC_PROCCTL_MD_MIN + 0) +#define PROC_KPTI_STATUS (PROC_PROCCTL_MD_MIN + 1) + +#define PROC_KPTI_CTL_ENABLE_ON_EXEC 1 +#define PROC_KPTI_CTL_DISABLE_ON_EXEC 2 +#define PROC_KPTI_STATUS_ACTIVE 0x80000000 + +#endif