amd64: move proc0's stack

To: tech-kern%netbsd.org@localhost
Subject: amd64: move proc0's stack
From: Maxime Villard <max%m00nbsd.net@localhost>
Date: Sun, 22 May 2016 12:31:37 +0200

The location where proc0's stack is put on amd64 is highly bizarre: it is placed
between two page levels. Which implies that a stack overflow can overwrite a
page level. This patch moves the stack out of the BOOTSTRAP TABLES chunk, puts
it before L4, and maps it independently.

We can then easily apply a redzone on it, the same way the rest of the system
does under DIAGNOSTIC.

I'll commit this patch in a week, unless someone understands why the stack was
placed that way, or unless there's a mistake in the asm.

Index: locore.S
===================================================================
RCS file: /cvsroot/src/sys/arch/amd64/amd64/locore.S,v
retrieving revision 1.93
diff -u -r1.93 locore.S
--- locore.S	22 May 2016 10:11:55 -0000	1.93
+++ locore.S	22 May 2016 10:14:07 -0000
@@ -1,4 +1,4 @@
-/*	$NetBSD: locore.S,v 1.93 2016/05/22 10:11:55 maxv Exp $	*/
+/*	$NetBSD: locore.S,v 1.92 2016/05/15 07:17:53 maxv Exp $	*/

/*

  * Copyright-o-rama!
@@ -203,12 +203,11 @@
 #endif

#define PROC0_PML4_OFF 0

-#define PROC0_STK_OFF	(PROC0_PML4_OFF + 1 * PAGE_SIZE)
-#define PROC0_PTP3_OFF	(PROC0_STK_OFF + UPAGES * PAGE_SIZE)
+#define PROC0_PTP3_OFF	(PROC0_PML4_OFF + 1 * PAGE_SIZE)
 #define PROC0_PTP2_OFF	(PROC0_PTP3_OFF + NKL4_KIMG_ENTRIES * PAGE_SIZE)
 #define PROC0_PTP1_OFF	(PROC0_PTP2_OFF + TABLE_L3_ENTRIES * PAGE_SIZE)
 #define TABLESIZE \
-  ((NKL4_KIMG_ENTRIES + TABLE_L3_ENTRIES + TABLE_L2_ENTRIES + 1 + UPAGES) \
+  ((NKL4_KIMG_ENTRIES + TABLE_L3_ENTRIES + TABLE_L2_ENTRIES + 1) \
     * PAGE_SIZE)

/*

@@ -302,6 +301,7 @@
 END(lapic_isr)
 #endif /* NLAPIC > 0 */

+ .globl _C_LABEL(proc0stack)

 	.globl	_C_LABEL(nox_flag)
 	.globl	_C_LABEL(cpuid_level)
 	.globl	_C_LABEL(esym)
@@ -315,6 +315,9 @@
 	.globl	_C_LABEL(gdtstore)
 	.globl	_C_LABEL(cputype)

+ .type _C_LABEL(proc0stack), @object

+LABEL(proc0stack)	.quad	0	/* physical address of proc0's stack */
+END(proc0stack)
 	.type	_C_LABEL(nox_flag), @object
 LABEL(nox_flag)		.long	0	/* 32bit NOX flag, set if supported */
 END(nox_flag)
@@ -562,20 +565,17 @@
  * be referred to as: L4 -> L3 -> L2 -> L1.
  *
  * Virtual address space of the kernel:
- * +------+--------+------+-----+--------+---------------------+----------
- * | TEXT | RODATA | DATA | BSS | [SYMS] | [PRELOADED MODULES] | L4 ->
- * +------+--------+------+-----+--------+---------------------+----------
- *                             (1)      (2)                   (3)
- *
- * --------------+-----+-----+----+------------+
- * -> PROC0 STK -> L3 -> L2 -> L1 | ISA IO MEM |
- * --------------+-----+-----+----+------------+
- *                               (4)
+ * +------+--------+------+-----+--------+---------------------+-----------+-
+ * | TEXT | RODATA | DATA | BSS | [SYMS] | [PRELOADED MODULES] | PROC0 STK |
+ * +------+--------+------+-----+--------+---------------------+-----------+-
+ *                             (1)      (2)                   (3)         (4)
+ *
+ * -----+-----+-----+----+------------+
+ *  L4 -> L3 -> L2 -> L1 | ISA IO MEM |
+ * -----+-----+-----+----+------------+
+ *                      (5)
  *
- * PROC0 STK is obviously not linked as a page level. It just happens to be
- * caught between L4 and L3.
- *
- * (PROC0 STK + L4 + L3 + L2 + L1) is later referred to as BOOTSTRAP TABLES.
+ * (L4 + L3 + L2 + L1) is later referred to as BOOTSTRAP TABLES.
  *
  * Important note: the kernel segments are properly 4k-aligned
  * (see kern.ldscript), so there's no need to enforce alignment.
@@ -601,11 +601,17 @@
 	movl	%eax,%edi
 1:

- /* We are on (3). Align up for BOOTSTRAP TABLES. */

+	/* We are on (3). Align up for PROC0 STK. */
 	movl	%edi,%esi
 	addl	$PGOFSET,%esi
 	andl	$~PGOFSET,%esi

+ /* Save proc0's stack pa, and allocate it. Brings us on (4). */

+	movl	$RELOC(proc0stack),%ebp
+	movl	%esi,(%ebp)
+	movl	$0,4(%ebp)
+	addl	$USPACE,%esi
+
 	/* We are on the BOOTSTRAP TABLES. Save L4's physical address. */
 	movl	$RELOC(PDPpaddr),%ebp
 	movl	%esi,(%ebp)
@@ -661,12 +667,20 @@

/* Map [SYMS]+[PRELOADED MODULES] RWX. */

 	movl	$RELOC(__kernel_end),%eax
-	movl	%esi,%ecx		/* start of BOOTSTRAP TABLES */
+	movl	RELOC(proc0stack),%ecx	/* start of PROC0 STK */
 	subl	%eax,%ecx
 	shrl	$PGSHIFT,%ecx
 	orl	$(PG_V|PG_KW),%eax
 	fillkpt

+ /* Map PROC0 STK RW. */

+	movl	RELOC(proc0stack),%eax	/* start of PROC0 STK */
+	movl	%esi,%ecx		/* start of BOOTSTRAP TABLES */
+	subl	%eax,%ecx
+	shrl	$PGSHIFT,%ecx
+	orl	$(PG_V|PG_KW),%eax
+	fillkpt_nox
+
 	/* Map the BOOTSTRAP TABLES RW. */
 	movl	%esi,%eax		/* start of BOOTSTRAP TABLES */
 	movl	$TABLESIZE,%ecx		/* length of BOOTSTRAP TABLES */
@@ -674,7 +688,7 @@
 	orl	$(PG_V|PG_KW),%eax
 	fillkpt_nox

- /* We are on (4). Map ISA I/O mem (later atdevbase) RWX. */

+	/* We are on (5). Map ISA I/O mem (later atdevbase) RWX. */
 	movl	$(IOM_BEGIN|PG_V|PG_KW/*|PG_N*/),%eax
 	movl	$(IOM_SIZE>>PGSHIFT),%ecx
 	fillkpt
@@ -836,7 +850,7 @@
 	movq	%rdx,_C_LABEL(atdevbase)(%rip)

/* Set up bootstrap stack. */

-	leaq	(PROC0_STK_OFF)(%rsi),%rax
+	movq	_C_LABEL(proc0stack),%rax
 	addq	%r8,%rax
 	movq	%rax,(_C_LABEL(lwp0)+L_PCB)(%rip) /* XXX L_PCB != uarea */
 	leaq	(USPACE-FRAMESIZE)(%rax),%rsp

Follow-Ups:
- re: amd64: move proc0's stack
  - From: matthew green

Prev by Date: Re: [patch] remove luactl require
Next by Date: re: amd64: move proc0's stack
Previous by Thread: [patch] remove luactl require
Next by Thread: re: amd64: move proc0's stack
Indexes:

Home | Main Index | Thread Index | Old Index