diff options
| author | Jonathan T. Looney <jtl@FreeBSD.org> | 2018-03-06 14:28:37 +0000 |
|---|---|---|
| committer | Jonathan T. Looney <jtl@FreeBSD.org> | 2018-03-06 14:28:37 +0000 |
| commit | beb2406556f190519f91f573d984503bda34673b (patch) | |
| tree | cb513f21901aa6017dd8da719b6a866a6d839032 /sys/gdb | |
| parent | a0d442c0d8bb6cb7b8f809a4cee243c5cdca8c1e (diff) | |
| download | src-beb2406556f190519f91f573d984503bda34673b.tar.gz src-beb2406556f190519f91f573d984503bda34673b.zip | |
amd64: Protect the kernel text, data, and BSS by setting the RW/NX bits
correctly for the data contained on each memory page.
There are several components to this change:
* Add a variable to indicate the start of the R/W portion of the
initial memory.
* Stop detecting NX bit support for each AP. Instead, use the value
from the BSP and, if supported, activate the feature on the other
APs just before loading the correct page table. (Functionally, we
already assume that the BSP and all APs had the same support or
lack of support for the NX bit.)
* Set the RW and NX bits correctly for the kernel text, data, and
BSS (subject to some caveats below).
* Ensure DDB can write to memory when necessary (such as to set a
breakpoint).
* Ensure GDB can write to memory when necessary (such as to set a
breakpoint). For this purpose, add new MD functions gdb_begin_write()
and gdb_end_write() which the GDB support code can call before and
after writing to memory.
This change is not comprehensive:
* It doesn't do anything to protect modules.
* It doesn't do anything for kernel memory allocated after the kernel
starts running.
* In order to avoid excessive memory inefficiency, it may let multiple
types of data share a 2M page, and assigns the most permissions
needed for data on that page.
Reviewed by: jhb, kib
Discussed with: emaste
MFC after: 2 weeks
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D14282
Notes
Notes:
svn path=/head/; revision=330539
Diffstat (limited to 'sys/gdb')
| -rw-r--r-- | sys/gdb/gdb_packet.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/sys/gdb/gdb_packet.c b/sys/gdb/gdb_packet.c index c6a85e1ced27..c74eaaa855b3 100644 --- a/sys/gdb/gdb_packet.c +++ b/sys/gdb/gdb_packet.c @@ -147,6 +147,7 @@ gdb_rx_mem(unsigned char *addr, size_t size) { unsigned char *p; void *prev; + void *wctx; jmp_buf jb; size_t cnt; int ret; @@ -155,6 +156,7 @@ gdb_rx_mem(unsigned char *addr, size_t size) if (size * 2 != gdb_rxsz) return (-1); + wctx = gdb_begin_write(); prev = kdb_jmpbuf(jb); ret = setjmp(jb); if (ret == 0) { @@ -170,6 +172,7 @@ gdb_rx_mem(unsigned char *addr, size_t size) kdb_cpu_sync_icache(addr, size); } (void)kdb_jmpbuf(prev); + gdb_end_write(wctx); return ((ret == 0) ? 1 : 0); } |