SVNews r330539

NOTE: This service is experimental and subject to change! Use at your own risk!

2018-03-06 14:28:37 - r330539 by jtl (jtl)

Complete list of files affected by revision r330539:

(Note: At the moment, these links point to ViewVC on They are probably slow. Do not overuse.)

  History   Contents   Diff   MODIFY   /head/sys/amd64/amd64/db_interface.c  
  History   Contents   Diff   MODIFY   /head/sys/amd64/amd64/gdb_machdep.c  
  History   Contents   Diff   MODIFY   /head/sys/amd64/amd64/initcpu.c  
  History   Contents   Diff   MODIFY   /head/sys/amd64/amd64/mpboot.S  
  History   Contents   Diff   MODIFY   /head/sys/amd64/amd64/pmap.c  
  History   Contents   Diff   MODIFY   /head/sys/amd64/include/cpu.h  
  History   Contents   Diff   MODIFY   /head/sys/amd64/include/gdb_machdep.h  
  History   Contents   Diff   MODIFY   /head/sys/arm/include/gdb_machdep.h  
  History   Contents   Diff   MODIFY   /head/sys/conf/ldscript.amd64  
  History   Contents   Diff   MODIFY   /head/sys/gdb/gdb_packet.c  
  History   Contents   Diff   MODIFY   /head/sys/i386/include/gdb_machdep.h  
  History   Contents   Diff   MODIFY   /head/sys/mips/include/gdb_machdep.h  
  History   Contents   Diff   MODIFY   /head/sys/powerpc/include/gdb_machdep.h  
  History   Contents   Diff   MODIFY   /head/sys/sparc64/include/gdb_machdep.h  

Commit message:

amd64: Protect the kernel text, data, and BSS by setting the RW/NX bits
correctly for the data contained on each memory page.

There are several components to this change:
 * Add a variable to indicate the start of the R/W portion of the
  initial memory.
 * Stop detecting NX bit support for each AP. Instead, use the value
  from the BSP and, if supported, activate the feature on the other
  APs just before loading the correct page table. (Functionally, we
  already assume that the BSP and all APs had the same support or
  lack of support for the NX bit.)
 * Set the RW and NX bits correctly for the kernel text, data, and
  BSS (subject to some caveats below).
 * Ensure DDB can write to memory when necessary (such as to set a
 * Ensure GDB can write to memory when necessary (such as to set a
  breakpoint). For this purpose, add new MD functions gdb_begin_write()
  and gdb_end_write() which the GDB support code can call before and
  after writing to memory.

This change is not comprehensive:
 * It doesn't do anything to protect modules.
 * It doesn't do anything for kernel memory allocated after the kernel
  starts running.
 * In order to avoid excessive memory inefficiency, it may let multiple
  types of data share a 2M page, and assigns the most permissions
  needed for data on that page.

Reviewed by: jhb, kib
Discussed with: emaste
MFC after: 2 weeks
Sponsored by: Netflix
Differential Revision:


Powered by Python FreeBSD support by secnetix GmbH & Co. KG

Page generated in 8 ms, 14 files printed. Current time is 2018-03-18 11:53:45. All times are in UTC/GMT.