From nobody Thu Jul 28 19:03:15 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Lv0R74tZJz4XcFC; Thu, 28 Jul 2022 19:03:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Lv0R74LQdz3bVJ; Thu, 28 Jul 2022 19:03:15 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1659034995; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=EJs7678Vehq7LTj+hnTMXDjHSj8AZsnB6AC97+Rtg7A=; b=JeO/oRXGE3nPQSDkooS3dZGdgzqZgsMk94JMELoXpB6ynUE6onHdkkf5I5n21vDZ9DdzmC iwMlM1iOrE6cg5UjQq9leInOMju3Dww3OfwMO1+/OmRFI/RDl+M/dndhiq7iObG5w4sboh UWzFnpBFPoh6WD3zW+LPeD+f9rfM1eA5YRPoMp9HOUN7B0l9u0av0mRPItI1b0o1RbBj7i Tp9T6AhvfrLE7UauMvucR0LwfDJgzYdy6fLCgupn9qpHyUmv/CjkdT9amcXRjKTeNY/XWb MSOqpAIm/zKNYGgFj0ulfmVdKoUomFgKz4Be7Nxisveq8004WA5xBxpOdSiNew== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Lv0R73MFTz16Ys; Thu, 28 Jul 2022 19:03:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 26SJ3FrN096639; Thu, 28 Jul 2022 19:03:15 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 26SJ3FwQ096638; Thu, 28 Jul 2022 19:03:15 GMT (envelope-from git) Date: Thu, 28 Jul 2022 19:03:15 GMT Message-Id: <202207281903.26SJ3FwQ096638@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mark Johnston Subject: git: 828ea49debe3 - main - riscv: Avoid passing invalid addresses to pmap_fault() List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 828ea49debe34fddf63cb648b9e57871a34158b6 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1659034995; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=EJs7678Vehq7LTj+hnTMXDjHSj8AZsnB6AC97+Rtg7A=; b=PMC6K8caP2b0toEfAbFYC/tghsLtIsdFC8J0cTugXPj6koBuPhP/sfIpZzz8WIJKVloygq ldOEexU2guiX5ncngxiVQbNz3t+V8DIJ/JUju2h+RmwdNYzLPB/NtnHIsPC9RDBhmvaMIq LRGhcryo/GMXRLfblh3FCNYKBcXSeMaq+4gRwcc66vKrV6fzXRBgzTG3y2b1BE/9ptSZBR tHr5AqQTyyNHtAu0Zcw5OzOFhZu3ODGd2A2Gzb2x6bRMSiqmUPx4qpPXw+oeUpakv+5CbV 4ybSmadPX5mvUsRet0xgWhOuDf92XF5/XeCUZ3tA7xgWFmcixmBuCWaabNu2Zw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1659034995; a=rsa-sha256; cv=none; b=gQwQJE2KRTTVQXmpw69bnD51e/ivlcJiL2yHKmRAqCzHaYaF2Kei+ru5Me3QgNB5g/0Wjg l1rkZdoP8BSh94u+r6lIZjM852yXfh2fNqR75HTsosBxkqtM/6n9wTxP1Iuh8OMjfa/9Dl phbiIZG8hMTOPJh/ZOrlSvjICGitHRKCZ/sIrHCgvolzloUuC0T3lT/iFpoT6OAOMUuFBn 0AEMybcs9iJZBVtvcmMyhw3xDrO2dAe9DxVhAkLJahUs1X9OKdyWjT/y/6VWnPk0WCCBvQ NblbmuyIhIi2RW7wLa/wQ9rEC8u/vbkXrLN3x7/VSqu3CDJPnT8ONWXMqs/23g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=828ea49debe34fddf63cb648b9e57871a34158b6 commit 828ea49debe34fddf63cb648b9e57871a34158b6 Author: Mark Johnston AuthorDate: 2022-07-28 13:38:52 +0000 Commit: Mark Johnston CommitDate: 2022-07-28 18:33:39 +0000 riscv: Avoid passing invalid addresses to pmap_fault() After the addition of SV48 support, VIRT_IS_VALID() did not exclude addresses that are in the SV39 address space hole but not in the SV48 address space hole. This can result in mishandling of accesses to that range when in SV39 mode. Fix the problem by modifying VIRT_IS_VALID() to use the runtime address space bounds. Then, if the address is invalid, and pcb_onfault is set, give vm_fault_trap() a chance to veto the access instead of panicking. PR: 265439 Reviewed by: jhb Reported and tested by: Robert Morris Fixes: 31218f3209ac ("riscv: Add support for enabling SV48 mode") MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D35952 --- sys/riscv/include/pmap.h | 5 +++++ sys/riscv/include/vmparam.h | 4 ---- sys/riscv/riscv/pmap.c | 2 ++ sys/riscv/riscv/trap.c | 7 ++----- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/sys/riscv/include/pmap.h b/sys/riscv/include/pmap.h index 8ba46f0d61ae..8834c91362ad 100644 --- a/sys/riscv/include/pmap.h +++ b/sys/riscv/include/pmap.h @@ -144,6 +144,11 @@ enum pmap_mode { extern enum pmap_mode pmap_mode; +/* Check if an address resides in a mappable region. */ +#define VIRT_IS_VALID(va) \ + ((va) < (pmap_mode == PMAP_MODE_SV39 ? VM_MAX_USER_ADDRESS_SV39 : \ + VM_MAX_USER_ADDRESS_SV48) || (va) >= VM_MIN_KERNEL_ADDRESS) + struct thread; #define pmap_vm_page_alloc_check(m) diff --git a/sys/riscv/include/vmparam.h b/sys/riscv/include/vmparam.h index f11f02dcb3e6..6e1c9e11a3cc 100644 --- a/sys/riscv/include/vmparam.h +++ b/sys/riscv/include/vmparam.h @@ -202,10 +202,6 @@ #define VM_MINUSER_ADDRESS (VM_MIN_USER_ADDRESS) #define VM_MAXUSER_ADDRESS (VM_MAX_USER_ADDRESS) -/* Check if an address resides in a mappable region. */ -#define VIRT_IS_VALID(va) \ - (((va) < VM_MAX_USER_ADDRESS) || ((va) >= VM_MIN_KERNEL_ADDRESS)) - #define KERNBASE (VM_MIN_KERNEL_ADDRESS) #define SHAREDPAGE_SV39 (VM_MAX_USER_ADDRESS_SV39 - PAGE_SIZE) #define SHAREDPAGE_SV48 (VM_MAX_USER_ADDRESS_SV48 - PAGE_SIZE) diff --git a/sys/riscv/riscv/pmap.c b/sys/riscv/riscv/pmap.c index 076e26230eb9..9799b2b7bd91 100644 --- a/sys/riscv/riscv/pmap.c +++ b/sys/riscv/riscv/pmap.c @@ -2606,6 +2606,8 @@ pmap_fault(pmap_t pmap, vm_offset_t va, vm_prot_t ftype) pt_entry_t bits, *pte, oldpte; int rv; + KASSERT(VIRT_IS_VALID(va), ("pmap_fault: invalid va %#lx", va)); + rv = 0; PMAP_LOCK(pmap); l2 = pmap_l2(pmap, va); diff --git a/sys/riscv/riscv/trap.c b/sys/riscv/riscv/trap.c index 0744f5a25fb3..8b709b2de121 100644 --- a/sys/riscv/riscv/trap.c +++ b/sys/riscv/riscv/trap.c @@ -213,10 +213,7 @@ page_fault_handler(struct trapframe *frame, int usermode) */ intr_enable(); - if (!VIRT_IS_VALID(stval)) - goto fatal; - - if (stval >= VM_MAX_USER_ADDRESS) { + if (stval >= VM_MIN_KERNEL_ADDRESS) { map = kernel_map; } else { if (pcb->pcb_onfault == 0) @@ -235,7 +232,7 @@ page_fault_handler(struct trapframe *frame, int usermode) ftype = VM_PROT_READ; } - if (pmap_fault(map->pmap, va, ftype)) + if (VIRT_IS_VALID(va) && pmap_fault(map->pmap, va, ftype)) goto done; error = vm_fault_trap(map, va, ftype, VM_FAULT_NORMAL, &sig, &ucode);