Page MenuHomeFreeBSD
Differential D21759

Set NX on direct map PML4Es.
ClosedPublic
Actions

Authored by markj on Sep 22 2019, 7:51 PM.
Tags
None
Referenced Files
F106142247: D21759.id62447.diff
Thu, Dec 26, 2:31 AM
F106115517: D21759.diff
Wed, Dec 25, 3:49 PM
Unknown Object (File)
Wed, Dec 11, 4:53 AM
Unknown Object (File)
Nov 4 2024, 12:37 PM
Unknown Object (File)
Oct 30 2024, 6:02 PM
Unknown Object (File)
Oct 17 2024, 9:49 PM
Unknown Object (File)
Oct 2 2024, 7:15 AM
Unknown Object (File)
Sep 26 2024, 4:57 AM
View All 47 Files
Subscribers
imp

Details

Reviewers
alc
kib
Commits
rS352624: Set NX on some non-leaf direct map page table entries.
Summary

For a while now we've been using the direct map without execute
permissions, and we have the ability to dynamically create executable
mappings in the kernel map. To help ensure that the direct map is never
used for code execution, mark the direct map PML4Es as NX as well. No
functional change intended.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj created this revision.Sep 22 2019, 7:51 PM
Harbormaster completed remote builds in B26629: Diff 62437.Sep 22 2019, 7:51 PM
markj added reviewers: alc, kib.Sep 22 2019, 7:53 PM
kib accepted this revision.Sep 22 2019, 8:21 PM
This revision is now accepted and ready to land.Sep 22 2019, 8:21 PM
alc added inline comments.Sep 22 2019, 8:58 PM
sys/amd64/amd64/pmap.c
1545–1559 ↗(On Diff #62437)

Doesn't setting pg_nx on the direct map's PML4 entries conflict with what this block is trying to do?

markj added inline comments.Sep 22 2019, 9:23 PM
sys/amd64/amd64/pmap.c
1545–1559 ↗(On Diff #62437)

I think the omission of pg_nx in the PDPEs is an oversight, and doesn't have any effect since it is set in the PDEs (which also do not set PG_RW). The intent of this block is to ensure that the kernel text is not writeable via the direct map, not to permit execution. So I believe the answer to your question is no.

alc added inline comments.Sep 22 2019, 10:09 PM
sys/amd64/amd64/pmap.c
1545–1559 ↗(On Diff #62437)

I would argue that the phrase "appropriate permissions" in the above comment is simply too vague. I shouldn't have to infer what "appropriate" means. :-)

alc accepted this revision.Sep 22 2019, 10:14 PM
markj updated this revision to Diff 62447.Sep 22 2019, 11:21 PM
  • Set NX on other intermedia direct map PT entries.
  • Clarify a comment.
This revision now requires review to proceed.Sep 22 2019, 11:21 PM
Harbormaster completed remote builds in B26634: Diff 62447.Sep 22 2019, 11:21 PM
alc accepted this revision.Sep 23 2019, 4:08 AM
This revision is now accepted and ready to land.Sep 23 2019, 4:08 AM
Closed by commit rS352624: Set NX on some non-leaf direct map page table entries. (authored by markj). · Explain WhySep 23 2019, 2:19 PM
This revision was automatically updated to reflect the committed changes.
markj added a commit: rS352624: Set NX on some non-leaf direct map page table entries..
Herald added a subscriber: imp. · View Herald TranscriptSep 23 2019, 2:19 PM

Revision Contents
Changeset List

PathSize
head/
sys/
amd64/
amd64/
10 lines

Diff 62468

View Options

head/sys/amd64/amd64/pmap.c

Loading...