Page MenuHomeFreeBSD

Add the arm64 table attributes and use them
ClosedPublic

Authored by andrew on Sep 23 2021, 3:14 PM.
Tags
None
Referenced Files
F106755603: D32081.id95957.diff
Sat, Jan 4, 9:56 PM
F106755520: D32081.id95779.diff
Sat, Jan 4, 9:54 PM
Unknown Object (File)
Thu, Jan 2, 10:59 AM
Unknown Object (File)
Sat, Dec 7, 8:32 PM
Unknown Object (File)
Dec 1 2024, 8:34 PM
Unknown Object (File)
Nov 17 2024, 3:50 PM
Unknown Object (File)
Nov 6 2024, 2:01 PM
Unknown Object (File)
Nov 5 2024, 1:04 AM
Subscribers

Details

Summary

Add the table page table attributes on arm64 and use them to add
restrictions to the block and page entries below them. This ensures
we are unable to increase the permissions in these last level entries
without also changing them in the upper levels.

Use the attributes to ensure the kernel can't execute from userspace
memory and vice versa, userspace has no access to read or write kernel
memory, and that the DMAP region is non-executable.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

sys/arm64/arm64/pmap.c
1885
1888

I would suggest adding a note to the effect that this is done for bootstrap L0 entries in locore. And maybe we should assert it in pmap_bootstrap().

Where are bits 59/60 described in the ARMARM?

sys/arm64/include/pte.h
41
In D32081#725184, @kib wrote:

Where are bits 59/60 described in the ARMARM?

The bits are defined as UXNTable and PXNTable in D5.3.3 Memory attribute fields in the VMSAv8-64 translation table format descriptors under the Next-level attributes in stage 1 VMSAv8-64 Table descriptors header (at least in G.b). This also points to Hierarchical control of instruction fetching in D5.4.6 Access permissions for instruction execution.

This revision is now accepted and ready to land.Sep 28 2021, 5:44 PM
alc added inline comments.
sys/arm64/arm64/pmap.c
1877

A stylistic suggestion: Use l0e instead of l0. A few lines later, in the same function, we use the same variable name, l0, as a pointer instead of a value. In general, I'd like to suggest that going forward new or revised code use names of the form l0p or l0e.

This revision was automatically updated to reflect the committed changes.