The NetBSD Project

CVS log for src/sys/arch/amd64/stand/prekern/mm.c

[BACK] Up to [cvs.NetBSD.org] / src / sys / arch / amd64 / stand / prekern

Request diff between arbitrary revisions


Keyword substitution: kv
Default branch: MAIN


Revision 1.27.6.1: download - view: text, markup, annotated - select for diffs
Thu May 13 00:47:22 2021 UTC (3 years, 6 months ago) by thorpej
Branches: thorpej-i2c-spi-conf
Diff to: previous 1.27: preferred, colored; next MAIN 1.28: preferred, colored
Changes since revision 1.27: +5 -5 lines
Sync with HEAD.

Revision 1.28: download - view: text, markup, annotated - select for diffs
Tue May 4 21:09:16 2021 UTC (3 years, 7 months ago) by khorben
Branches: MAIN
CVS tags: thorpej-ifq-base, thorpej-ifq, thorpej-i2c-spi-conf2-base, thorpej-i2c-spi-conf2, thorpej-i2c-spi-conf-base, thorpej-futex2-base, thorpej-futex2, thorpej-cfargs2-base, thorpej-cfargs2, thorpej-altq-separation-base, thorpej-altq-separation, perseant-exfatfs-base-20240630, perseant-exfatfs-base, perseant-exfatfs, netbsd-10-base, netbsd-10-0-RELEASE, netbsd-10-0-RC6, netbsd-10-0-RC5, netbsd-10-0-RC4, netbsd-10-0-RC3, netbsd-10-0-RC2, netbsd-10-0-RC1, netbsd-10, cjep_sun2x-base1, cjep_sun2x-base, cjep_sun2x, cjep_staticlib_x-base1, cjep_staticlib_x-base, cjep_staticlib_x, bouyer-sunxi-drm-base, bouyer-sunxi-drm, HEAD
Diff to: previous 1.27: preferred, colored
Changes since revision 1.27: +5 -5 lines
prekern: add support for warning messages

As submitted on port-amd64@ (part 1/3)

Tested on NetBSD/amd64.

Revision 1.27: download - view: text, markup, annotated - select for diffs
Thu May 7 17:58:26 2020 UTC (4 years, 6 months ago) by maxv
Branches: MAIN
CVS tags: thorpej-futex-base, thorpej-futex, thorpej-cfargs-base, thorpej-cfargs
Branch point for: thorpej-i2c-spi-conf
Diff to: previous 1.26: preferred, colored
Changes since revision 1.26: +20 -17 lines
Clarify.

Revision 1.26: download - view: text, markup, annotated - select for diffs
Thu May 7 17:10:02 2020 UTC (4 years, 6 months ago) by maxv
Branches: MAIN
Diff to: previous 1.25: preferred, colored
Changes since revision 1.25: +25 -15 lines
Explain more.

Revision 1.22.2.2: download - view: text, markup, annotated - select for diffs
Wed Apr 8 14:07:26 2020 UTC (4 years, 7 months ago) by martin
Branches: phil-wifi
Diff to: previous 1.22.2.1: preferred, colored; branchpoint 1.22: preferred, colored; next MAIN 1.23: preferred, colored
Changes since revision 1.22.2.1: +47 -6 lines
Merge changes from current as of 20200406

Revision 1.24.6.1: download - view: text, markup, annotated - select for diffs
Sat Feb 29 20:18:16 2020 UTC (4 years, 9 months ago) by ad
Branches: ad-namecache
Diff to: previous 1.24: preferred, colored; next MAIN 1.25: preferred, colored
Changes since revision 1.24: +47 -6 lines
Sync with head.

Revision 1.25: download - view: text, markup, annotated - select for diffs
Sat Feb 15 10:41:25 2020 UTC (4 years, 9 months ago) by maxv
Branches: MAIN
CVS tags: phil-wifi-20200421, phil-wifi-20200411, phil-wifi-20200406, is-mlppp-base, is-mlppp, bouyer-xenpvh-base2, bouyer-xenpvh-base1, bouyer-xenpvh-base, bouyer-xenpvh, ad-namecache-base3
Diff to: previous 1.24: preferred, colored
Changes since revision 1.24: +47 -6 lines
Explain more.

Revision 1.22.2.1: download - view: text, markup, annotated - select for diffs
Mon Jun 10 22:05:47 2019 UTC (5 years, 5 months ago) by christos
Branches: phil-wifi
Diff to: previous 1.22: preferred, colored
Changes since revision 1.22: +12 -12 lines
Sync with HEAD

Revision 1.24: download - view: text, markup, annotated - select for diffs
Sat Mar 9 08:42:25 2019 UTC (5 years, 8 months ago) by maxv
Branches: MAIN
CVS tags: phil-wifi-20191119, phil-wifi-20190609, netbsd-9-base, netbsd-9-4-RELEASE, netbsd-9-3-RELEASE, netbsd-9-2-RELEASE, netbsd-9-1-RELEASE, netbsd-9-0-RELEASE, netbsd-9-0-RC2, netbsd-9-0-RC1, netbsd-9, isaki-audio2-base, isaki-audio2, ad-namecache-base2, ad-namecache-base1, ad-namecache-base
Branch point for: ad-namecache
Diff to: previous 1.23: preferred, colored
Changes since revision 1.23: +11 -11 lines
Start replacing the x86 PTE bits.

Revision 1.23: download - view: text, markup, annotated - select for diffs
Thu Mar 7 13:26:24 2019 UTC (5 years, 9 months ago) by maxv
Branches: MAIN
Diff to: previous 1.22: preferred, colored
Changes since revision 1.22: +3 -3 lines
Drop PG_RO, PG_KR and PG_PROT, they are useless and create confusion.

Revision 1.21.2.1: download - view: text, markup, annotated - select for diffs
Mon Jun 25 07:25:38 2018 UTC (6 years, 5 months ago) by pgoyette
Branches: pgoyette-compat
CVS tags: pgoyette-compat-merge-20190127
Diff to: previous 1.21: preferred, colored; next MAIN 1.22: preferred, colored
Changes since revision 1.21: +2 -1 lines
Sync with HEAD

Revision 1.22: download - view: text, markup, annotated - select for diffs
Wed Jun 20 11:49:37 2018 UTC (6 years, 5 months ago) by maxv
Branches: MAIN
CVS tags: phil-wifi-base, pgoyette-compat-20190127, pgoyette-compat-20190118, pgoyette-compat-1226, pgoyette-compat-1126, pgoyette-compat-1020, pgoyette-compat-0930, pgoyette-compat-0906, pgoyette-compat-0728, pgoyette-compat-0625
Branch point for: phil-wifi
Diff to: previous 1.21: preferred, colored
Changes since revision 1.21: +2 -1 lines
Add and use bootspace.smodule. Initialize it in locore/prekern to better
hide the specifics from the "upper" layers. This allows for greater
flexibility.

Revision 1.21: download - view: text, markup, annotated - select for diffs
Thu Dec 21 14:32:06 2017 UTC (6 years, 11 months ago) by maxv
Branches: MAIN
CVS tags: pgoyette-compat-base, pgoyette-compat-0521, pgoyette-compat-0502, pgoyette-compat-0422, pgoyette-compat-0415, pgoyette-compat-0407, pgoyette-compat-0330, pgoyette-compat-0322, pgoyette-compat-0315
Branch point for: pgoyette-compat
Diff to: previous 1.20: preferred, colored
Changes since revision 1.20: +1 -5 lines
Remove unused macros.

Revision 1.20.2.2: download - view: text, markup, annotated - select for diffs
Sun Dec 3 11:35:48 2017 UTC (7 years ago) by jdolecek
Branches: tls-maxphys
Diff to: previous 1.20.2.1: preferred, colored; branchpoint 1.20: preferred, colored; next MAIN 1.21: preferred, colored
Changes since revision 1.20.2.1: +450 -0 lines
update from HEAD

Revision 1.20.2.1
Sun Nov 26 14:29:48 2017 UTC (7 years ago) by jdolecek
Branches: tls-maxphys
FILE REMOVED
Changes since revision 1.20: +0 -450 lines
file mm.c was added on branch tls-maxphys on 2017-12-03 11:35:48 +0000

Revision 1.20: download - view: text, markup, annotated - select for diffs
Sun Nov 26 14:29:48 2017 UTC (7 years ago) by maxv
Branches: MAIN
CVS tags: tls-maxphys-base-20171202
Branch point for: tls-maxphys
Diff to: previous 1.19: preferred, colored
Changes since revision 1.19: +16 -3 lines
Oh, damn. Obviously I forgot one case here: an already-mapped region could
be contained entirely in the region we're trying to create. So go through
another round. While here add mm_reenter_pa, and make sure the va given to
mm_enter_pa does not already point to something.

Revision 1.19: download - view: text, markup, annotated - select for diffs
Sun Nov 26 11:01:09 2017 UTC (7 years ago) by maxv
Branches: MAIN
Diff to: previous 1.18: preferred, colored
Changes since revision 1.18: +4 -11 lines
Add a PRNG for the prekern, based on SHA512. The formula is basically:

	Y0   = SHA512(entropy-file, 256bit rdseed, 64bit rdtsc)
	Yn+1 = SHA512(256bit lowerhalf(Yn), 256bit rdseed, 64bit rdtsc)

On each round, random values are taken from the higher half of Yn. If
rdseed is not available, rdrand is used.

The SHA1 checksum of entropy-file is verified. However, the rndsave_t::data
field is not updated by the prekern, because the area is accessed via the
read-only view we created in locore. I like this design, so it will have
to be updated differently.

Revision 1.18: download - view: text, markup, annotated - select for diffs
Tue Nov 21 07:56:05 2017 UTC (7 years ago) by maxv
Branches: MAIN
Diff to: previous 1.17: preferred, colored
Changes since revision 1.17: +40 -52 lines
Clean up and add some ASSERTs.

Revision 1.17: download - view: text, markup, annotated - select for diffs
Wed Nov 15 20:45:16 2017 UTC (7 years ago) by maxv
Branches: MAIN
Diff to: previous 1.16: preferred, colored
Changes since revision 1.16: +15 -12 lines
Small cleanup.

Revision 1.16: download - view: text, markup, annotated - select for diffs
Wed Nov 15 20:25:29 2017 UTC (7 years ago) by maxv
Branches: MAIN
Diff to: previous 1.15: preferred, colored
Changes since revision 1.15: +2 -2 lines
Mmh, should be <=.

Revision 1.15: download - view: text, markup, annotated - select for diffs
Wed Nov 15 18:44:34 2017 UTC (7 years ago) by maxv
Branches: MAIN
Diff to: previous 1.14: preferred, colored
Changes since revision 1.14: +4 -0 lines
Define MM_PROT_* locally.

Revision 1.14: download - view: text, markup, annotated - select for diffs
Wed Nov 15 18:02:36 2017 UTC (7 years ago) by maxv
Branches: MAIN
Diff to: previous 1.13: preferred, colored
Changes since revision 1.13: +46 -10 lines
Support large pages on KASLR kernels, in a way that does not reduce
randomness, but on the contrary that increases it.

The size of the kernel sub-blocks is changed to be 1MB. This produces a
kernel with sections that are always < 2MB in size, that can fit a large
page.

Each section is put in a 2MB physical chunk. In this chunk, there is a
padding of approximately 1MB. The prekern uses a random offset aligned to
sh_addralign, to shift the section in physical memory.

For example, physical memory layout created by the bootloader for .text.4
and .rodata.0:
 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+
 |+---------------+                  |+---------------+                  |
 ||    .text.4    |       PAD        ||   .rodata.0   |       PAD        |
 |+---------------+                  |+---------------+                  |
 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+
 PA                                  PA+2MB                         PA+4MB

Then, physical memory layout, after having been shifted by the prekern:
 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+
 | P +---------------+               |          +---------------+        |
 | A |    .text.4    |      PAD      |   PAD    |   .rodata.0   |   PAD  |
 | D +---------------+               |          +---------------+        |
 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+
 PA                                  PA+2MB                         PA+4MB

The kernel maps these 2MB physical chunks with 2MB large pages. Therefore,
randomness is enforced at both the virtual and physical levels, and the
resulting entropy is higher than that of our current implementaion until
now.

The padding around the section is filled by the prekern. Not to consume
too much memory, the sections that are smaller than PAGE_SIZE are mapped
with normal pages - because there is no point in optimizing them. In these
normal pages, the same shift is applied.

This change has two additional advantages: (a) the cache attacks based on
the TLB are mostly mitigated, because even if you are able to determine
that a given page-aligned range is mapped as executable you don't know
where exactly within that range the section actually begins, and (b) given
that we are slightly randomizing the physical layout we are making some
rare physical attacks more difficult to conduct.

NOTE: after this change you need to update GENERIC_KASLR / prekern /
bootloader.

Revision 1.13: download - view: text, markup, annotated - select for diffs
Tue Nov 14 07:06:34 2017 UTC (7 years ago) by maxv
Branches: MAIN
Diff to: previous 1.12: preferred, colored
Changes since revision 1.12: +7 -8 lines
Add -Wstrict-prototypes, and fix each warning.

Revision 1.12: download - view: text, markup, annotated - select for diffs
Mon Nov 13 21:14:04 2017 UTC (7 years ago) by maxv
Branches: MAIN
Diff to: previous 1.11: preferred, colored
Changes since revision 1.11: +15 -56 lines
Change the mapping logic: don't group sections of the same type into
segments, and rather map each section independently at a random VA.

In particular, .data and .bss are not merged anymore and reside at
different addresses.

Revision 1.11: download - view: text, markup, annotated - select for diffs
Sat Nov 11 13:50:57 2017 UTC (7 years ago) by maxv
Branches: MAIN
Diff to: previous 1.10: preferred, colored
Changes since revision 1.10: +10 -16 lines
Detect collisions from bootspace directly.

Revision 1.10: download - view: text, markup, annotated - select for diffs
Sat Nov 11 12:51:06 2017 UTC (7 years ago) by maxv
Branches: MAIN
Diff to: previous 1.9: preferred, colored
Changes since revision 1.9: +55 -18 lines
Modify the layout of the bootspace structure, in such a way that it can
contain several kernel segments of the same type (eg several .text
segments). Some parts are still a bit messy but will be cleaned up soon.

I cannot compile-test this change on i386, but it seems fine enough.

NOTE: you need to rebuild and reinstall a new prekern after this change.

Revision 1.9: download - view: text, markup, annotated - select for diffs
Thu Nov 9 15:24:39 2017 UTC (7 years ago) by maxv
Branches: MAIN
Diff to: previous 1.8: preferred, colored
Changes since revision 1.8: +20 -4 lines
Fill in the page padding. Only .text is pre-filled by the ld script, but
this will change in the future.

Revision 1.8: download - view: text, markup, annotated - select for diffs
Sun Nov 5 16:26:15 2017 UTC (7 years, 1 month ago) by maxv
Branches: MAIN
Diff to: previous 1.7: preferred, colored
Changes since revision 1.7: +19 -5 lines
Mprotect the segments in mm.c using bootspace, and remove the now unused
fields of elfinfo.

Revision 1.7: download - view: text, markup, annotated - select for diffs
Sun Oct 29 11:38:43 2017 UTC (7 years, 1 month ago) by maxv
Branches: MAIN
Diff to: previous 1.6: preferred, colored
Changes since revision 1.6: +4 -1 lines
Fix a few error messages, and be a little more verbose.

Revision 1.6: download - view: text, markup, annotated - select for diffs
Sun Oct 29 11:28:30 2017 UTC (7 years, 1 month ago) by maxv
Branches: MAIN
Diff to: previous 1.5: preferred, colored
Changes since revision 1.5: +194 -32 lines
Randomize the kernel segments independently. That is to say, put text,
rodata and data at different addresses (and in a random order).

To achieve that, the mapping order in the prekern is changed. Until now,
we were creating the kernel map the following way:
	-> choose a random VA
	-> map [kernpa_start; kernpa_end[ at this VA
	-> parse the ELF structures from there
	-> determine where exactly the kernel segments are located
	-> relocate etc
Now, we are doing:
	-> create a read-only view of [kernpa_start; kernpa_end[
	-> from this view, compute the size of the "head" region
	-> choose a random VA in the HEAD window, and map the head there
	-> for each region in (text, rodata, data, boot)
		-> compute the size of the region from the RO view
		-> choose a random VA in the KASLR window
		-> map the region there
	-> relocate etc

Each time we map a region, we initialize its bootspace fields right away.

The "head" region must be put before the other regions in memory, because
the kernel uses (headva + sh_offset) to get the addresses of the symbols,
and the offset is unsigned.

Given that the head does not have an mcmodel constraint, its location is
randomized in a window located below the KASLR window.

The rest of the regions being in the same window, we need to detect
collisions.

Note that the module map is embedded in the "boot" region, and that
therefore its location is randomized too.

Revision 1.5: download - view: text, markup, annotated - select for diffs
Sat Oct 28 19:28:11 2017 UTC (7 years, 1 month ago) by maxv
Branches: MAIN
Diff to: previous 1.4: preferred, colored
Changes since revision 1.4: +14 -6 lines
Fix a mistake I made in the very first revision. The calculation of the
number of slots was incorrect in some cases, and it could cause the
prekern to fault right away at boot time, or the kernel to fault when
loading kernel modules near the end of the module map.

The variables are divided by PAGE_SIZE to prevent integer overflows.

Revision 1.4: download - view: text, markup, annotated - select for diffs
Mon Oct 23 06:00:59 2017 UTC (7 years, 1 month ago) by maxv
Branches: MAIN
Diff to: previous 1.3: preferred, colored
Changes since revision 1.3: +2 -2 lines
Add two XXXs, so that people don't get confused, a fifth region is needed
anyway.

Revision 1.3: download - view: text, markup, annotated - select for diffs
Wed Oct 18 17:12:42 2017 UTC (7 years, 1 month ago) by maxv
Branches: MAIN
Diff to: previous 1.2: preferred, colored
Changes since revision 1.2: +35 -22 lines
If a branch is already there, use it and don't create a new one. This way
we can call mm_map_tree twice with neighboring regions.

Revision 1.2: download - view: text, markup, annotated - select for diffs
Sun Oct 15 06:37:32 2017 UTC (7 years, 1 month ago) by maxv
Branches: MAIN
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +38 -57 lines
Descend the page tree from L4 to L1, instead of allocating a separate
branch and linking it at the end. This way we don't need to allocate VA
from the (tiny) prekern map.

Revision 1.1: download - view: text, markup, annotated - select for diffs
Tue Oct 10 09:29:14 2017 UTC (7 years, 1 month ago) by maxv
Branches: MAIN
Add the amd64 prekern. It is a kernel relocator used for Kernel ASLR (see
tech-kern@). It works, but is not yet linked to the build system, because
I can't build a distribution right now.

Diff request

This form allows you to request diffs between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Log view options

CVSweb <webmaster@jp.NetBSD.org>