and make the stack and heap non-executable by default. the changes
fall into two basic catagories:
- pmap and trap-handler changes. these are all MD:
= alpha: we already track per-page execute permission with the (software)
PG_EXEC bit, so just have the trap handler pay attention to it.
= i386: use a new GDT segment for %cs for processes that have no
executable mappings above a certain threshold (currently the
bottom of the stack). track per-page execute permission with
the last unused PTE bit.
= powerpc/ibm4xx: just use the hardware exec bit.
= powerpc/oea: we already track per-page exec bits, but the hardware only
implements non-exec mappings at the segment level. so track the
number of executable mappings in each segment and turn on the no-exec
segment bit iff the count is 0. adjust the trap handler to deal.
= sparc (sun4m): fix our use of the hardware protection bits.
fix the trap handler to recognize text faults.
= sparc64: split the existing unified TSB into data and instruction TSBs,
and only load TTEs into the appropriate TSB(s) for the permissions.
fix the trap handler to check for execute permission.
= not yet implemented: amd64, hppa, sh5
- changes in all the emulations that put a signal trampoline on the stack.
instead, we now put the trampoline into a uvm_aobj and map that into
the process separately.
originally from openbsd, adapted for netbsd by me.
objects. Clients of the pool_cache API must consistently use
the "paddr" variants or not, otherwise behavior is undefined.
Enable this on Alpha, ARM, MIPS, and x86. Other platforms must
define POOL_VTOPHYS() in the appropriate manner in order to enable
the feature.
Part 1 of a series of simple patches contributed by Wasabi Systems
to improve network performance.
This will allow improvements to the pmaps so that they can more easily defer expensive operations, eg tlb/cache flush, til the last possible moment.
Currently this is a no-op on most platforms, so they should see no difference.
Reviewed by Jason.
be locked before it can be marked as `active' on a processor.
- Require that pmaps other than the kernel pmap be locked when they
are passed to pmap_tlb_shootdown(). This, combined with the locking
protocol tweak, allow us to get a consistent view of `activeness' of
a pmap, which means we can optmize away a lot of TLB shootdown traffic
for user pmaps.
- Borrow an idea from the i386mp branch; use the normal SHOOTDOWN IPI
to deal with hitting the entire TLB, and garbage-collect the TBIA
and TBIAP IPIs.
each vm_page structure. Add a VM_MDPAGE_INIT() macro to init this
data when pages are initialized by UVM. These macros are mandatory,
but ports may #define them to nothing if they are not needed/used.
This deprecates struct pmap_physseg. As a transitional measure,
allow a port to #define PMAP_PHYSSEG so that it can continue to
use it until its pmap is converted to use VM_MDPAGE_MEMBERS.
Use all this stuff to eliminate a lot of extra work in the Alpha
pmap module (it's smaller and faster now). Changes to other pmap
modules will follow.
array of those structures at the end of the pmap structure. We compute
the size of the pmap structure based on the maximum CPU ID for a
particular machine. This gives us better cache behavior and better
memory footprint for the ASN info.
call overhead is incurred as we start sprinkling pmap_update() calls
throughout the source tree (no pmaps currently defer operations, but
we are adding the infrastructure to allow them to do so).
to arrive here referencing the kernel_lev1map without having the
RESERVED ASN -- another CPU may have caused pmap_lev1map_destroy()
to be called, and that routine only invalidates the ASN for the
CPU that called it. So, in the MULTIPROCESSOR case, simply assign
the RESERVED ASN if we reference the kernel_lev1map rather than
asserting that we already have the RESERVED ASN. Thanks to Bill
Sommerfeld for helping me track down the problem.
Also add a new IPI that causes a CPU to re-activate its address
space if the pmap it's using changes level 1 maps (this probably
won't happen very often, but it's correct to have it).
This makes Alpha MP kernels boot multiuser. In fact, this commit
is being made from my dual-CPU AlphaServer 1200 running an MP kernel.
multiprocessor support:
- Implement MP-safe halt.
- Make the FPU saving code more like Bill's on the i386 MP branch.
XXX This code will no doubt be revisited again.
- Pass the cpu_info and trapframe to IPI handlers, saving some work
in the handlers themselves, and also making it possible for the
"pause" handler to reference register state for DDB.
- Add "machine cpu" to DDB, making it possible to reference other
CPUs registers (and thus get e.g. a traceback) from whichever
CPU is actually running the debugger.
- Garbage-collect "machine halt" and "machine reboot" DDB commands.
They don't have a prayer of working properly in multiprocessor
kernels, and didn't really work all that well in uniprocessor kernels.
- Add a bitmask for the CPUs which need an isync before this pmap returns
to userspace on that CPU.
- Define PMAP_USERRET(), a utility macro for userret() to use to process
the deferred isync, and call it as appropriate in userret().
longer need to lock the kernel pmap in pmap_kenter_pa() and pmap_kremove().
- Since locking the kernel pmap in interrupt context is no longer required,
don't go to splimp() when locking the kernel pmap.
- Implement a new pmap_remove() function, not yet enabled by default. It
is structured like pmap_protect, and should be *much* faster. This was
actually written quite some time ago, but never committed because it
didn't work properly. Given the recent bugfix to pmap_protect(), "duh,
of course it didn't work properly before...". It seems to work fine now
(have done several builds and run the UVM regression tests using the new
code), but it is currently run-time optional so that some performance
measurements can be easily run against the old and new code.
context, so we must block interrupts which may cause memory allocation
before asserting the kernel pmap's lock. Put this all in PMAP_LOCK()
and PMAP_UNLOCK() macros to make it easier.
UVM pmap's locking protocol, written by Chuck Cranor. Not all of the
support for multiple processors is here yet, but the kernel does run
under moderate loads with LOCKDEBUG (all locking operations are no-ops
unless LOCKDEBUG is turned on).
This is by no means complete... there are still some possible snares
to take a look at.
caller to pass an optional 3rd argument, which is the previous level
PTE corresponding the virtual address. If this argument is non-NULL,
the table walk otherwise necessary will be bypassed.
