[src/trunk]: src/sys/arch/amd64 Declare new SVS_* variants: SVS_ENTER_NOSTACK...

[maxv <maxv%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/eb17b2fb8917
branches:  trunk
changeset: 358647:eb17b2fb8917
user:      maxv <maxv%NetBSD.org@localhost>
date:      Thu Jan 11 09:00:04 2018 +0000

description:
Declare new SVS_* variants: SVS_ENTER_NOSTACK and SVS_LEAVE_NOSTACK. Use
SVS_ENTER_NOSTACK in the syscall entry point, and put it before the code
that touches curlwp. (curlwp is located in the direct map.)

Then, disable __HAVE_CPU_UAREA_ROUTINES (to be removed later). This moves
the kernel stack into pmap_kernel(), and not the direct map. That's a
change I've always wanted to make: because of the direct map we can't add
a redzone on the stack, and basically, a stack overflow can go very far
in memory without being detected (as far as erasing all of the system's
memory).

Finally, unmap the direct map from userland.

diffstat:

 sys/arch/amd64/amd64/locore.S     |   4 ++--
 sys/arch/amd64/amd64/machdep.c    |  16 ++++++++++++----
 sys/arch/amd64/include/frameasm.h |  14 +++++++++++++-
 sys/arch/amd64/include/types.h    |   4 ++--
 4 files changed, 29 insertions(+), 9 deletions(-)

diffs (118 lines):

diff -r a84f78949536 -r eb17b2fb8917 sys/arch/amd64/amd64/locore.S
--- a/sys/arch/amd64/amd64/locore.S     Thu Jan 11 08:59:27 2018 +0000
+++ b/sys/arch/amd64/amd64/locore.S     Thu Jan 11 09:00:04 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: locore.S,v 1.145 2018/01/07 16:10:16 maxv Exp $        */
+/*     $NetBSD: locore.S,v 1.146 2018/01/11 09:00:04 maxv Exp $        */
 
 /*
  * Copyright-o-rama!
@@ -1268,6 +1268,7 @@
         * is ignored as well.
         */
        swapgs
+       SVS_ENTER_NOSTACK
        movq    %r15,CPUVAR(SCRATCH)
        movq    CPUVAR(CURLWP),%r15
        movq    L_PCB(%r15),%r15
@@ -1295,7 +1296,6 @@
        subq    $TF_REGSIZE,%rsp
        cld
 #endif
-       SVS_ENTER
        INTR_SAVE_GPRS
        movw    $GSEL(GUDATA_SEL, SEL_UPL),TF_DS(%rsp)
        movw    $GSEL(GUDATA_SEL, SEL_UPL),TF_ES(%rsp)
diff -r a84f78949536 -r eb17b2fb8917 sys/arch/amd64/amd64/machdep.c
--- a/sys/arch/amd64/amd64/machdep.c    Thu Jan 11 08:59:27 2018 +0000
+++ b/sys/arch/amd64/amd64/machdep.c    Thu Jan 11 09:00:04 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: machdep.c,v 1.285 2018/01/07 16:10:16 maxv Exp $       */
+/*     $NetBSD: machdep.c,v 1.286 2018/01/11 09:00:04 maxv Exp $       */
 
 /*
  * Copyright (c) 1996, 1997, 1998, 2000, 2006, 2007, 2008, 2011
@@ -110,7 +110,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.285 2018/01/07 16:10:16 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.286 2018/01/11 09:00:04 maxv Exp $");
 
 /* #define XENDEBUG_LOW  */
 
@@ -2339,6 +2339,8 @@
 void
 svs_pdir_switch(struct pmap *pmap)
 {
+       extern size_t pmap_direct_pdpe;
+       extern size_t pmap_direct_npdp;
        struct cpu_info *ci = curcpu();
        pt_entry_t pte;
        size_t i;
@@ -2351,8 +2353,14 @@
        mutex_enter(&ci->ci_svs_mtx);
 
        for (i = 0; i < 512; i++) {
-               if (i == PDIR_SLOT_PTE) {
-                       /* We don't want to have this mapped. */
+               /*
+                * This is where we decide what to unmap from the user page
+                * tables.
+                */
+               if (pmap_direct_pdpe <= i &&
+                   i < pmap_direct_pdpe + pmap_direct_npdp) {
+                       ci->ci_svs_updir[i] = 0;
+               } else if (i == PDIR_SLOT_PTE) {
                        ci->ci_svs_updir[i] = 0;
                } else {
                        pte = svs_pte_atomic_read(pmap, i);
diff -r a84f78949536 -r eb17b2fb8917 sys/arch/amd64/include/frameasm.h
--- a/sys/arch/amd64/include/frameasm.h Thu Jan 11 08:59:27 2018 +0000
+++ b/sys/arch/amd64/include/frameasm.h Thu Jan 11 09:00:04 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: frameasm.h,v 1.27 2018/01/07 16:10:16 maxv Exp $       */
+/*     $NetBSD: frameasm.h,v 1.28 2018/01/11 09:00:04 maxv Exp $       */
 
 #ifndef _AMD64_MACHINE_FRAMEASM_H
 #define _AMD64_MACHINE_FRAMEASM_H
@@ -107,9 +107,21 @@
        movq    CPUVAR(UPDIRPA),%rax    ; \
        movq    %rax,%cr3               ; \
        popq    %rax
+#define SVS_ENTER_NOSTACK \
+       movq    %rax,CPUVAR(SCRATCH)    ; \
+       movq    CPUVAR(KPDIRPA),%rax    ; \
+       movq    %rax,%cr3               ; \
+       movq    CPUVAR(SCRATCH),%rax
+#define SVS_LEAVE_NOSTACK \
+       movq    %rax,CPUVAR(SCRATCH)    ; \
+       movq    CPUVAR(UPDIRPA),%rax    ; \
+       movq    %rax,%cr3               ; \
+       movq    CPUVAR(SCRATCH),%rax
 #else
 #define SVS_ENTER      /* nothing */
 #define SVS_LEAVE      /* nothing */
+#define SVS_ENTER_NOSTACK      /* nothing */
+#define SVS_LEAVE_NOSTACK      /* nothing */
 #endif
 
 #define        INTRENTRY_L(kernel_trap, usertrap) \
diff -r a84f78949536 -r eb17b2fb8917 sys/arch/amd64/include/types.h
--- a/sys/arch/amd64/include/types.h    Thu Jan 11 08:59:27 2018 +0000
+++ b/sys/arch/amd64/include/types.h    Thu Jan 11 09:00:04 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: types.h,v 1.53 2018/01/05 08:04:21 maxv Exp $  */
+/*     $NetBSD: types.h,v 1.54 2018/01/11 09:00:04 maxv Exp $  */
 
 /*-
  * Copyright (c) 1990 The Regents of the University of California.
@@ -106,7 +106,7 @@
 #define        __HAVE_DIRECT_MAP 1
 #define        __HAVE_MM_MD_DIRECT_MAPPED_IO
 #define        __HAVE_MM_MD_DIRECT_MAPPED_PHYS
-#define        __HAVE_CPU_UAREA_ROUTINES
+/* #define     __HAVE_CPU_UAREA_ROUTINES */
 #if !defined(NO_PCI_MSI_MSIX)
 #define        __HAVE_PCI_MSI_MSIX
 #endif