From nobody Thu Aug 04 13:57:35 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Lz9KC6NxCz4Xv8s; Thu, 4 Aug 2022 13:57:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Lz9KC5s2Qz4NWX; Thu, 4 Aug 2022 13:57:35 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1659621455; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DoUY0FxHnHfPZNBJ44dUNBF9Ux9wZ+QfnoLPUjQasso=; b=h5GqKo6MHs/oIWC0pySrO2+6Ij7n2tBmyKjWNMeR6o6XYt6nzOOqIiSwp90sed9GGkbBp6 Ibzl5OfgTMAW99pYFOD82cGW1/fDYEMkMaumi7gd54tF14LQiIODasJEJQquFsOCulTr1K l7lR/fk/dnD1Xckhys3NombNha1F3vl1Kh47LC9DcIn8PtY7lNL+rFq+omtxyoFnkggT6P fSP54CLBZCt/em76wNAzohHMxqL+ah+roPtMrZHOtFflSi8YNvyOpa8uTQ+/jFuP+SD5qZ lmcrP0Fkb6TrJKFe24zqnADCmfdbin8L3hyB8TzQKtGChbLJX6bHuH0+ROaX+w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Lz9KC4tgRzHM3; Thu, 4 Aug 2022 13:57:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 274DvZHf056478; Thu, 4 Aug 2022 13:57:35 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 274DvZm8056477; Thu, 4 Aug 2022 13:57:35 GMT (envelope-from git) Date: Thu, 4 Aug 2022 13:57:35 GMT Message-Id: <202208041357.274DvZm8056477@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 2f1cdb1e4883 - stable/13 - riscv: Avoid passing invalid addresses to pmap_fault() List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 2f1cdb1e4883a962ff305f7422495122516983df Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1659621455; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DoUY0FxHnHfPZNBJ44dUNBF9Ux9wZ+QfnoLPUjQasso=; b=c///l8bEOVJD/evxuA05fKIzEmcwsC29ebD82GEP0W3+oNXFdkZujquKnZiQqrwScX2v6J 3+ksffljsGTnhgMhe5/Hz9SkP034VgNQ8OrQyun3yDjis7SBL4lnuOPgIQTrnjnil1GvcW fSO7z7vfH9jqHM1DnISQgNcgW1mSx3x8GFF0qIEqYulDiu6Hi1sPLkiz+x54VMkbvcL3It JqwjR/zFrjpHunZN59cXRnyktD9RDt41Ckaca7pjp8wpU58MQgxV8tLX50w6j2fji4To/b akM/dCNaTgsf1fLbjke65In+zbwIXvkLJigxodVQpjRiEtepTF95vR8VkRcfKQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1659621455; a=rsa-sha256; cv=none; b=P1undjJUzWwVdaSBs+oez6Wvki45ETO9PgEL3A+Pw4WvHECIDs0jbPR7pGC/nQbXEUPGcr JxSoMk03mDppSvb7AwaQYylAdy0r24lZjcfr4QFcuZcscrHeEVWFf9z6xaZFEoCIgV6rwY m+/oF7dRh6HOJ4loaPPD/M4OKarpM0qSrsfwSsIpJBiahNe4AvAxQ5zOmxiC1COXq70sy7 SPejxdsRRgR/peok1/DSHpLfK9d6++6SOi7N8CKUkeYBwiMnniCWIU9kTNKuh8cHtrScGw XkwkGPvo054x4Hn7GYTz2LeXIy4H3gqvnv3Ao4iVv2P8bR7peoEMvyKzt7OV/A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=2f1cdb1e4883a962ff305f7422495122516983df commit 2f1cdb1e4883a962ff305f7422495122516983df Author: Mark Johnston AuthorDate: 2022-07-28 13:38:52 +0000 Commit: Mark Johnston CommitDate: 2022-08-04 13:57:15 +0000 riscv: Avoid passing invalid addresses to pmap_fault() After the addition of SV48 support, VIRT_IS_VALID() did not exclude addresses that are in the SV39 address space hole but not in the SV48 address space hole. This can result in mishandling of accesses to that range when in SV39 mode. Fix the problem by modifying VIRT_IS_VALID() to use the runtime address space bounds. Then, if the address is invalid, and pcb_onfault is set, give vm_fault_trap() a chance to veto the access instead of panicking. PR: 265439 Reviewed by: jhb Reported and tested by: Robert Morris Fixes: 31218f3209ac ("riscv: Add support for enabling SV48 mode") Sponsored by: The FreeBSD Foundation (cherry picked from commit 828ea49debe34fddf63cb648b9e57871a34158b6) --- sys/riscv/include/pmap.h | 5 +++++ sys/riscv/include/vmparam.h | 4 ---- sys/riscv/riscv/pmap.c | 2 ++ sys/riscv/riscv/trap.c | 7 ++----- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/sys/riscv/include/pmap.h b/sys/riscv/include/pmap.h index 8ba46f0d61ae..8834c91362ad 100644 --- a/sys/riscv/include/pmap.h +++ b/sys/riscv/include/pmap.h @@ -144,6 +144,11 @@ enum pmap_mode { extern enum pmap_mode pmap_mode; +/* Check if an address resides in a mappable region. */ +#define VIRT_IS_VALID(va) \ + ((va) < (pmap_mode == PMAP_MODE_SV39 ? VM_MAX_USER_ADDRESS_SV39 : \ + VM_MAX_USER_ADDRESS_SV48) || (va) >= VM_MIN_KERNEL_ADDRESS) + struct thread; #define pmap_vm_page_alloc_check(m) diff --git a/sys/riscv/include/vmparam.h b/sys/riscv/include/vmparam.h index f11f02dcb3e6..6e1c9e11a3cc 100644 --- a/sys/riscv/include/vmparam.h +++ b/sys/riscv/include/vmparam.h @@ -202,10 +202,6 @@ #define VM_MINUSER_ADDRESS (VM_MIN_USER_ADDRESS) #define VM_MAXUSER_ADDRESS (VM_MAX_USER_ADDRESS) -/* Check if an address resides in a mappable region. */ -#define VIRT_IS_VALID(va) \ - (((va) < VM_MAX_USER_ADDRESS) || ((va) >= VM_MIN_KERNEL_ADDRESS)) - #define KERNBASE (VM_MIN_KERNEL_ADDRESS) #define SHAREDPAGE_SV39 (VM_MAX_USER_ADDRESS_SV39 - PAGE_SIZE) #define SHAREDPAGE_SV48 (VM_MAX_USER_ADDRESS_SV48 - PAGE_SIZE) diff --git a/sys/riscv/riscv/pmap.c b/sys/riscv/riscv/pmap.c index ee8b332bcb8c..686d4278902a 100644 --- a/sys/riscv/riscv/pmap.c +++ b/sys/riscv/riscv/pmap.c @@ -2606,6 +2606,8 @@ pmap_fault(pmap_t pmap, vm_offset_t va, vm_prot_t ftype) pt_entry_t bits, *pte, oldpte; int rv; + KASSERT(VIRT_IS_VALID(va), ("pmap_fault: invalid va %#lx", va)); + rv = 0; PMAP_LOCK(pmap); l2 = pmap_l2(pmap, va); diff --git a/sys/riscv/riscv/trap.c b/sys/riscv/riscv/trap.c index d378bfe1383d..9a889661b965 100644 --- a/sys/riscv/riscv/trap.c +++ b/sys/riscv/riscv/trap.c @@ -212,10 +212,7 @@ page_fault_handler(struct trapframe *frame, int usermode) */ intr_enable(); - if (!VIRT_IS_VALID(stval)) - goto fatal; - - if (stval >= VM_MAX_USER_ADDRESS) { + if (stval >= VM_MIN_KERNEL_ADDRESS) { map = kernel_map; } else { if (pcb->pcb_onfault == 0) @@ -234,7 +231,7 @@ page_fault_handler(struct trapframe *frame, int usermode) ftype = VM_PROT_READ; } - if (pmap_fault(map->pmap, va, ftype)) + if (VIRT_IS_VALID(va) && pmap_fault(map->pmap, va, ftype)) goto done; error = vm_fault_trap(map, va, ftype, VM_FAULT_NORMAL, &sig, &ucode);