Index: head/lib/libc/amd64/Symbol.map =================================================================== --- head/lib/libc/amd64/Symbol.map (revision 344353) +++ head/lib/libc/amd64/Symbol.map (revision 344354) @@ -1,65 +1,72 @@ /* * $FreeBSD$ */ /* * This only needs to contain symbols that are not listed in * symbol maps from other parts of libc (i.e., not found in * stdlib/Symbol.map, string/Symbol.map, sys/Symbol.map, ...). */ FBSD_1.0 { /* PSEUDO syscalls */ _exit; .mcount; _setjmp; _longjmp; fabs; __flt_rounds; fpgetmask; fpgetprec; fpgetround; fpgetsticky; fpsetmask; fpsetprec; fpsetround; __infinity; __nan; makecontext; rfork_thread; setjmp; longjmp; sigsetjmp; siglongjmp; htonl; htons; ntohl; ntohs; amd64_get_fsbase; amd64_get_gsbase; amd64_set_fsbase; amd64_set_gsbase; brk; sbrk; vfork; }; +FBSD_1.6 { + x86_pkru_get_perm; + x86_pkru_set_perm; + x86_pkru_protect_range; + x86_pkru_unprotect_range; +}; + /* * * FreeBSD private ABI * */ FBSDprivate_1.0 { /* PSEUDO syscalls */ _getlogin; _set_tp; ___longjmp; __makecontext; __longjmp; __signalcontext; signalcontext; __siglongjmp; _brk; _vfork; }; Index: head/lib/libc/i386/Symbol.map =================================================================== --- head/lib/libc/i386/Symbol.map (revision 344353) +++ head/lib/libc/i386/Symbol.map (revision 344354) @@ -1,62 +1,69 @@ /* * $FreeBSD$ */ /* * This only needs to contain symbols that are not listed in * symbol maps from other parts of libc (i.e., not found in * stdlib/Symbol.map, string/Symbol.map, sys/Symbol.map, ...). */ FBSD_1.0 { /* PSEUDO syscalls */ _exit; .mcount; _setjmp; _longjmp; alloca; fabs; __flt_rounds; __nan; __infinity; makecontext; rfork_thread; setjmp; longjmp; sigsetjmp; siglongjmp; htonl; htons; ntohl; ntohs; vfork; brk; i386_clr_watch; i386_get_fsbase; i386_get_gsbase; i386_get_ioperm; i386_get_ldt; i386_set_fsbase; i386_set_gsbase; i386_set_ioperm; i386_set_ldt; i386_set_watch; i386_vm86; sbrk; ___tls_get_addr; }; +FBSD_1.6 { + x86_pkru_get_perm; + x86_pkru_set_perm; + x86_pkru_protect_range; + x86_pkru_unprotect_range; +}; + FBSDprivate_1.0 { /* PSEUDO syscalls */ _getlogin; _set_tp; ___longjmp; __makecontext; __longjmp; __signalcontext; signalcontext; __siglongjmp; _vfork; _brk; }; Index: head/lib/libc/x86/sys/Makefile.inc =================================================================== --- head/lib/libc/x86/sys/Makefile.inc (revision 344353) +++ head/lib/libc/x86/sys/Makefile.inc (revision 344354) @@ -1,10 +1,11 @@ # $FreeBSD$ .PATH: ${LIBC_SRCTOP}/x86/sys SRCS+= \ - __vdso_gettc.c + __vdso_gettc.c \ + pkru.c .if ${MACHINE_CPUARCH} == "amd64" && ${MK_HYPERV} != "no" CFLAGS+= -DWANT_HYPERV .endif Index: head/lib/libc/x86/sys/pkru.c =================================================================== --- head/lib/libc/x86/sys/pkru.c (nonexistent) +++ head/lib/libc/x86/sys/pkru.c (revision 344354) @@ -0,0 +1,138 @@ +/*- + * Copyright (c) 2019 The FreeBSD Foundation + * All rights reserved. + * + * Portions of this software were developed by Konstantin Belousov + * under sponsorship from the FreeBSD Foundation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +__FBSDID("$FreeBSD$"); + +#include +#include +#include +#include +#include +#include +#include + +#define MAX_PKRU_IDX 0xf +#ifdef __i386__ +#define X86_SET_PKRU I386_SET_PKRU +#define X86_CLEAR_PKRU I386_CLEAR_PKRU +#else +#define X86_SET_PKRU AMD64_SET_PKRU +#define X86_CLEAR_PKRU AMD64_CLEAR_PKRU +#endif + +static int +x86_pkru_get_perm_unsup(u_int keyidx, int *access, int *modify) +{ + + errno = EOPNOTSUPP; + return (-1); +} + +static int +x86_pkru_get_perm_hw(u_int keyidx, int *access, int *modify) +{ + uint32_t pkru; + + if (keyidx > MAX_PKRU_IDX) { + errno = EINVAL; + return (-1); + } + keyidx *= 2; + pkru = rdpkru(); + *access = (pkru & (1 << keyidx)) == 0; + *modify = (pkru & (2 << keyidx)) == 0; + return (0); +} + +DEFINE_UIFUNC(, int, x86_pkru_get_perm, (u_int, int *, int *), static) +{ + + return ((cpu_stdext_feature2 & CPUID_STDEXT2_OSPKE) == 0 ? + x86_pkru_get_perm_unsup : x86_pkru_get_perm_hw); +} + +static int +x86_pkru_set_perm_unsup(u_int keyidx, int access, int modify) +{ + + errno = EOPNOTSUPP; + return (-1); +} + +static int +x86_pkru_set_perm_hw(u_int keyidx, int access, int modify) +{ + uint32_t pkru; + + if (keyidx > MAX_PKRU_IDX) { + errno = EINVAL; + return (-1); + } + keyidx *= 2; + pkru = rdpkru(); + pkru &= ~(3 << keyidx); + if (!access) + pkru |= 1 << keyidx; + if (!modify) + pkru |= 2 << keyidx; + wrpkru(pkru); + return (0); +} + +DEFINE_UIFUNC(, int, x86_pkru_set_perm, (u_int, int, int), static) +{ + + return ((cpu_stdext_feature2 & CPUID_STDEXT2_OSPKE) == 0 ? + x86_pkru_set_perm_unsup : x86_pkru_set_perm_hw); +} + +int +x86_pkru_protect_range(void *addr, unsigned long len, u_int keyidx, int flags) +{ + struct amd64_set_pkru a64pkru; + + memset(&a64pkru, 0, sizeof(a64pkru)); + a64pkru.addr = addr; + a64pkru.len = len; + a64pkru.keyidx = keyidx; + a64pkru.flags = flags; + return (sysarch(X86_SET_PKRU, &a64pkru)); +} + +int +x86_pkru_unprotect_range(void *addr, unsigned long len) +{ + struct amd64_set_pkru a64pkru; + + memset(&a64pkru, 0, sizeof(a64pkru)); + a64pkru.addr = addr; + a64pkru.len = len; + return (sysarch(X86_CLEAR_PKRU, &a64pkru)); +} Property changes on: head/lib/libc/x86/sys/pkru.c ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sys/x86/include/sysarch.h =================================================================== --- head/sys/x86/include/sysarch.h (revision 344353) +++ head/sys/x86/include/sysarch.h (revision 344354) @@ -1,162 +1,167 @@ /*- * SPDX-License-Identifier: BSD-3-Clause * * Copyright (c) 1993 The Regents of the University of California. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ /* * Architecture specific syscalls (X86) */ #ifndef _MACHINE_SYSARCH_H_ #define _MACHINE_SYSARCH_H_ #include #define I386_GET_LDT 0 #define I386_SET_LDT 1 #define LDT_AUTO_ALLOC 0xffffffff /* I386_IOPL */ #define I386_GET_IOPERM 3 #define I386_SET_IOPERM 4 /* xxxxx */ #define I386_VM86 6 /* XXX Not implementable on amd64 */ #define I386_GET_FSBASE 7 #define I386_SET_FSBASE 8 #define I386_GET_GSBASE 9 #define I386_SET_GSBASE 10 #define I386_GET_XFPUSTATE 11 #define I386_SET_PKRU 12 #define I386_CLEAR_PKRU 13 /* Leave space for 0-127 for to avoid translating syscalls */ #define AMD64_GET_FSBASE 128 #define AMD64_SET_FSBASE 129 #define AMD64_GET_GSBASE 130 #define AMD64_SET_GSBASE 131 #define AMD64_GET_XFPUSTATE 132 #define AMD64_SET_PKRU 133 #define AMD64_CLEAR_PKRU 134 /* Flags for AMD64_SET_PKRU */ #define AMD64_PKRU_EXCL 0x0001 #define AMD64_PKRU_PERSIST 0x0002 struct i386_ioperm_args { unsigned int start; unsigned int length; int enable; }; #ifdef __i386__ struct i386_ldt_args { unsigned int start; union descriptor *descs; unsigned int num; }; struct i386_vm86_args { int sub_op; /* sub-operation to perform */ char *sub_args; /* args */ }; struct i386_get_xfpustate { void *addr; int len; }; #else struct i386_ldt_args { unsigned int start; struct user_segment_descriptor *descs __packed; unsigned int num; }; struct i386_get_xfpustate { unsigned int addr; int len; }; struct i386_set_pkru { unsigned int addr; unsigned int len; unsigned int keyidx; int flags; }; struct amd64_get_xfpustate { void *addr; int len; }; #endif struct amd64_set_pkru { void *addr; unsigned long len; unsigned int keyidx; int flags; }; #ifndef _KERNEL union descriptor; struct dbreg; __BEGIN_DECLS int i386_get_ldt(int, union descriptor *, int); int i386_set_ldt(int, union descriptor *, int); int i386_get_ioperm(unsigned int, unsigned int *, int *); int i386_set_ioperm(unsigned int, unsigned int, int); int i386_vm86(int, void *); int i386_get_fsbase(void **); int i386_get_gsbase(void **); int i386_set_fsbase(void *); int i386_set_gsbase(void *); int i386_set_watch(int, unsigned int, int, int, struct dbreg *); int i386_clr_watch(int, struct dbreg *); int amd64_get_fsbase(void **); int amd64_get_gsbase(void **); int amd64_set_fsbase(void *); int amd64_set_gsbase(void *); +int x86_pkru_get_perm(unsigned int keyidx, int *access, int *modify); +int x86_pkru_set_perm(unsigned int keyidx, int access, int modify); +int x86_pkru_protect_range(void *addr, unsigned long len, unsigned int keyidx, + int flag); +int x86_pkru_unprotect_range(void *addr, unsigned long len); int sysarch(int, void *); __END_DECLS #else struct thread; union descriptor; int i386_get_ldt(struct thread *, struct i386_ldt_args *); int i386_set_ldt(struct thread *, struct i386_ldt_args *, union descriptor *); int i386_get_ioperm(struct thread *, struct i386_ioperm_args *); int i386_set_ioperm(struct thread *, struct i386_ioperm_args *); int amd64_get_ldt(struct thread *, struct i386_ldt_args *); int amd64_set_ldt(struct thread *, struct i386_ldt_args *, struct user_segment_descriptor *); int amd64_get_ioperm(struct thread *, struct i386_ioperm_args *); int amd64_set_ioperm(struct thread *, struct i386_ioperm_args *); #endif #endif /* !_MACHINE_SYSARCH_H_ */