Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
242,611 Commits 606 Branches 0 Tags 3.1 GiB
84e0ecfe04
Commit Graph

62710 Commits

Author SHA1 Message Date
jmcneill
84e0ecfe04 IST_MPSAFE is not a valid flag for fdtbus_intr_establish; use 
FDT_INTR_MPSAFE instead.
 2016-05-23 18:21:14 +00:00
chs
72af35a796 remove unused variables. 2016-05-23 01:45:41 +00:00
maxv
7123eade7b Save L4's physical address earlier. Also, PDE_SIZE has nothing to do 
here, we are just zeroing out the upper 32bits of the 64bit pointer.
 2016-05-22 10:11:55 +00:00
christos
2b0df44082 Account for the VA hole differently (simpler) 2016-05-22 01:09:09 +00:00
christos
bfab48c6b3 Add various security options; enables PaX ASLR/MPROTECT 2016-05-21 18:31:13 +00:00
maxv
c4cd7f0720 There is an issue in the way the direct map is set up on amd64. 
When allocating memory, the kernel allocates physical pages and virtual
addresses for these pages. In order to optimize allocations smaller
than PAGE_SIZE, uvm_km_kmem_alloc can allocate a single physical page
and take its virtual address in the direct map in high virtual memory.
This direct map is set up at boot time, its PTEs do not change, and
therefore they don't need to be kentered. These high virtual PTEs being
constant, the permissions of the areas they point to are fixed at boot
time and cannot change.

The problem is that at boot time, they are created with RWX permissions.
Therefore, allocations smaller than PAGE_SIZE in the kernel heap are all
executable: mbufs, pnbufs, small kmem allocations, etc.

Fix this by setting the NOX bit in the direct map pages at boot time. We
also set the NOX bit in the temporary tmpva, since it does not need to
be executable either.

This also makes the U-area non executable on amd64.
 2016-05-21 07:15:56 +00:00
maxv
d1afa69a65 Explain where this value comes from. 2016-05-21 07:00:18 +00:00
christos
9930e8e348 gcc can't compute the large initializer in rpi_release_mem, 
so disable stack protector.
 2016-05-20 16:40:40 +00:00
jnemeth
605ea3fe8e make CPU microcode loading dependent on both DOM0OPS AND CPU_UCODE 2016-05-20 03:41:20 +00:00
christos
5fbd96fa60 Turn on PaX ASLR/MPROTECT 2016-05-20 01:37:47 +00:00
christos
7b6e3dab7a We don't want PIE! 2016-05-19 15:41:18 +00:00
christos
48f9de0fc1 Turn on ASLR for sparc64 2016-05-19 15:37:06 +00:00
christos
9b7590baea lose one more bit of ALSR to account for rounding in the VA hole. 2016-05-19 15:36:35 +00:00
ryo
5ca0adf8c7 delete unused variables 2016-05-19 05:15:51 +00:00
nakayama
10bacc40a1 Decrement %tl in trap handler not to make it zero unconditionally 
for the nested trap, and remove useless mov.
 2016-05-18 15:14:08 +00:00
nakayama
da6c94469a Fix (unused) pstate mask bits in tstate and comment. 2016-05-18 07:59:30 +00:00
palle
2f23095fbd sun4v: Implement missng MMU protection trap handling - mostly from OpenBSD 2016-05-17 19:43:28 +00:00
palle
61ea5f5e14 Update TODO: sun4v_datatrap handling for trap level 0 is working 2016-05-17 19:39:44 +00:00
msaitoh
7ca43d6799 Fix CORTEXA9Rx definitions. 2016-05-17 08:27:24 +00:00
ryo
ec48232126 Add initial support for Freescale i.MX7 SoC and 
Atmark Techno Armadillo-IoT G3 boards.

Contributed by Internet Initiative Japan Inc.
 2016-05-17 06:44:45 +00:00
christos
10c1bb4dec Clamt the PAX_ASLR random value to the max bits we have for VA. 2016-05-17 00:39:43 +00:00
palle
ef44ed55df Avoid assembler-specific defines by using the export keyword in genassym.cf instead 2016-05-16 20:03:07 +00:00
maxv
9c4befc9b2 Update kern.ldscript.4MB. It is the same as kern.ldscript, but with a large 
page alignment before rodata.
 2016-05-16 07:52:31 +00:00
nakayama
49bc961c13 %g1 is not preserved across function call, so load it before 
return_from_trap.
 2016-05-15 23:54:58 +00:00
chs
6ee802c24a define ALTENTRY(), needed by dtrace. 2016-05-15 15:26:04 +00:00
maxv
9aca421dba Explicitly mention MP_TRAMPOLINE in these comments, so that NXR links them. 2016-05-15 10:35:54 +00:00
maxv
4c1aaf9dc6 Split the PRELOADED_MODULES+BOOTSTRAP_TABLES chunk into two separate 
chunks mapped independently with RWX and RW, on both amd64 and i386.

This way the BOOTSTRAP TABLES are non-executable.
 2016-05-15 07:17:53 +00:00
maxv
0d0621d260 Reduce the diff between amd64 and i386. We invert two instructions on 
amd64, but it makes no difference since PDE_SIZE = 8.
 2016-05-15 07:01:36 +00:00
christos
931302e025 Turn on MPROTECT on GENERIC and both MPROTECT and ASLR on XEN* 2016-05-14 17:11:30 +00:00
maxv
b561cb98a5 KNF so it appears aligned on NXR, and fix a comment. 2016-05-14 12:48:31 +00:00
maxv
8f728b8ede Actually, put the NOX identification above. Old CPUs do not support the 
cpuid instruction.
 2016-05-14 09:51:56 +00:00
maxv
15756d7e09 The NOX bit on large pages does not need to be amd64-specific anymore. 
The i386 secondary CPUs can now properly handle it.
 2016-05-14 09:37:21 +00:00
maxv
f63de3d1a3 Map rodata and data+bss independently, and give them R and RW with 
fillkpt_nox. The code is exactly the same as amd64's.
 2016-05-14 08:49:16 +00:00
maxv
e39b2c82ed Define fillkpt_nox on i386, same as amd64. 
But there is a difference in the way it is done here. If PAE is not enabled,
PDE_SIZE = 4, so there is no NOX bit set. If PAE is enabled, PDE_SIZE = 8,
so the NOX bit is set.

This works exactly as intended, since NOX does not exist in the non-PAE
case.
 2016-05-14 08:39:41 +00:00
maxv
9d6cfafacd Fix the secondary CPUs bug in i386. Same as amd64. 2016-05-14 08:34:00 +00:00
maxv
3b5965adb8 Align the segments on i386. We're going to map them independently. 2016-05-14 08:19:42 +00:00
maxv
60dc596ebe Define killkpt, and don't use _RELOC. Same as amd64. 2016-05-14 06:49:34 +00:00
palle
f985c2c1eb sun4v: add missing implementation of sun4v_datatrap_tl0 so data_access_fault() is called - mostly from OpenBSD 2016-05-13 21:48:15 +00:00
nakayama
3d642aeb5c Interrupt handlers are now allocated by kmem_zalloc(9), so free 
them by kmem_free(9).
 2016-05-13 21:24:11 +00:00
nakayama
4cb5a9c6dd Allocate interrupt handlers for clockintr and statintr dynamically. 2016-05-13 21:23:30 +00:00
nakayama
78ba29b05a Use newly introduced intrhand_alloc(). 2016-05-13 21:22:47 +00:00
palle
4b8507f0c9 Fixed typo in comment + reorder parameters for trap debug output to match function prototype for data_access_fault() 2016-05-13 21:21:43 +00:00
nakayama
948555d679 - ci_paddr is always 64-bit. 
- intrlev is array of pointer.
- ih_ack is pointer.
 2016-05-13 21:21:25 +00:00
maxv
b9750d0de9 Bring some amd64 swag. No functional changes. 2016-05-13 14:03:00 +00:00
christos
4b31d24b7f From scole_mail: 
So here is a patch to get basic ski console output working.  The ski
simulator was decoding the wrong registers in ssccnputc() due to
automagically inlined ssc() which contains a "break" simulated system
call.

The ski loader "skiload" has almost exactly the same inline assembly
call for ssc(), but for whatever reason, (maybe ssc() and
ski_cons_putchar() are in different files?), the ssc() function didn't
get inlined and I/O worked fine.
 2016-05-13 13:40:55 +00:00
maxv
d32d8095a7 KNF a little, use C-style comments, and remove susword/fusword. No 
functional changes.
 2016-05-13 13:24:01 +00:00
maxv
2b98d8b4ef Actually, make the NOX part amd64-specific. The secondary CPUs bug is not 
yet fixed on i386.
 2016-05-13 11:47:02 +00:00
maxv
5d4038a3e2 KNF, so it appears aligned on NXR. 2016-05-13 11:17:20 +00:00
maxv
d8433c925e Remap the rodata and data+bss segments with large pages on x86. There still 
is a bug in the way the text segment is mapped, but I'll see later.
 2016-05-13 10:24:42 +00:00
maxv
7c62ff1587 Define __kernel_end. 2016-05-13 10:18:01 +00:00