Page MenuHomeFreeBSD

D13956.id38136.diff
No OneTemporary

D13956.id38136.diff

Index: sys/amd64/amd64/pmap.c
===================================================================
--- sys/amd64/amd64/pmap.c
+++ sys/amd64/amd64/pmap.c
@@ -2575,6 +2575,15 @@
pml4 = &pmap->pm_pml4[pml4index];
*pml4 = VM_PAGE_TO_PHYS(m) | PG_U | PG_RW | PG_V | PG_A | PG_M;
if (pmap->pm_pml4u != NULL && pml4index < NUPML4E) {
+ /*
+ * PTI: Make all user-space mappings in the
+ * kernel-mode page table no-execute so that
+ * we detect any programming errors that leave
+ * the kernel-mode page table active on return
+ * to user space.
+ */
+ *pml4 |= pg_nx;
+
pml4u = &pmap->pm_pml4u[pml4index];
*pml4u = VM_PAGE_TO_PHYS(m) | PG_U | PG_RW | PG_V |
PG_A | PG_M;
Index: sys/amd64/amd64/trap.c
===================================================================
--- sys/amd64/amd64/trap.c
+++ sys/amd64/amd64/trap.c
@@ -720,6 +720,16 @@
/* Fault in the page. */
rv = vm_fault(map, va, ftype, VM_FAULT_NORMAL);
if (rv == KERN_SUCCESS) {
+ if (pti && pg_nx != 0 && (frame->tf_err & (PGEX_P | PGEX_W |
+ PGEX_U | PGEX_I)) == (PGEX_P | PGEX_U | PGEX_I) &&
+ bootverbose) {
+ /*
+ * Most likely, userspace executed with the
+ * kernel-mode page table.
+ */
+ printf("PTI: pid %d comm %s tf_err %#lx\n", p->p_pid,
+ p->p_comm, frame->tf_err);
+ }
#ifdef HWPMC_HOOKS
if (ftype == VM_PROT_READ || ftype == VM_PROT_WRITE) {
PMC_SOFT_CALL_TF( , , page_fault, all, frame);

File Metadata

Mime Type
text/plain
Expires
Sun, Jul 5, 1:06 PM (20 h, 28 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
34698726
Default Alt Text
D13956.id38136.diff (1 KB)

Event Timeline