Page MenuHomeFreeBSD
Differential D21759

Set NX on direct map PML4Es.
ClosedPublic
Actions

Authored by markj on Sep 22 2019, 7:51 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Apr 1, 3:13 AM
Unknown Object (File)
Mar 17 2024, 6:23 AM
Unknown Object (File)
Feb 11 2024, 12:13 AM
Unknown Object (File)
Jan 27 2024, 9:42 PM
Unknown Object (File)
Dec 23 2023, 4:17 AM
Unknown Object (File)
Dec 20 2023, 2:11 PM
Unknown Object (File)
Nov 8 2023, 11:09 PM
Unknown Object (File)
Oct 29 2023, 6:19 AM
View All 23 Files
Subscribers
imp

Details

Reviewers
alc
kib
Commits
rS352624: Set NX on some non-leaf direct map page table entries.
Summary

For a while now we've been using the direct map without execute
permissions, and we have the ability to dynamically create executable
mappings in the kernel map. To help ensure that the direct map is never
used for code execution, mark the direct map PML4Es as NX as well. No
functional change intended.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj created this revision.Sep 22 2019, 7:51 PM
Harbormaster completed remote builds in B26629: Diff 62437.Sep 22 2019, 7:51 PM
markj added reviewers: alc, kib.Sep 22 2019, 7:53 PM
kib accepted this revision.Sep 22 2019, 8:21 PM
This revision is now accepted and ready to land.Sep 22 2019, 8:21 PM
alc added inline comments.Sep 22 2019, 8:58 PM
sys/amd64/amd64/pmap.c
1545–1559 ↗(On Diff #62437)

Doesn't setting pg_nx on the direct map's PML4 entries conflict with what this block is trying to do?

markj added inline comments.Sep 22 2019, 9:23 PM
sys/amd64/amd64/pmap.c
1545–1559 ↗(On Diff #62437)

I think the omission of pg_nx in the PDPEs is an oversight, and doesn't have any effect since it is set in the PDEs (which also do not set PG_RW). The intent of this block is to ensure that the kernel text is not writeable via the direct map, not to permit execution. So I believe the answer to your question is no.

alc added inline comments.Sep 22 2019, 10:09 PM
sys/amd64/amd64/pmap.c
1545–1559 ↗(On Diff #62437)

I would argue that the phrase "appropriate permissions" in the above comment is simply too vague. I shouldn't have to infer what "appropriate" means. :-)

alc accepted this revision.Sep 22 2019, 10:14 PM
markj updated this revision to Diff 62447.Sep 22 2019, 11:21 PM
  • Set NX on other intermedia direct map PT entries.
  • Clarify a comment.
This revision now requires review to proceed.Sep 22 2019, 11:21 PM
Harbormaster completed remote builds in B26634: Diff 62447.Sep 22 2019, 11:21 PM
alc accepted this revision.Sep 23 2019, 4:08 AM
This revision is now accepted and ready to land.Sep 23 2019, 4:08 AM
Closed by commit rS352624: Set NX on some non-leaf direct map page table entries. (authored by markj). · Explain WhySep 23 2019, 2:19 PM
This revision was automatically updated to reflect the committed changes.
markj added a commit: rS352624: Set NX on some non-leaf direct map page table entries..
Herald added a subscriber: imp. · View Herald TranscriptSep 23 2019, 2:19 PM

Revision Contents
Changeset List

PathSize
head/
sys/
amd64/
amd64/
10 lines

Diff 62468

View Options

head/sys/amd64/amd64/pmap.c

Loading...