[src/trunk]: src/sys/arch/amd64/amd64 invlpg on a non canonical address is a ...

[jym <jym%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/9996dbf1827d
branches:  trunk
changeset: 779165:9996dbf1827d
user:      jym <jym%NetBSD.org@localhost>
date:      Mon May 07 12:20:27 2012 +0000

description:
invlpg on a non canonical address is a noop, so no chance to invalidate
the TLB and the CPU will not notice the access right change.

This results in write protection faults in supervisor mode when patching
kernel code through ddb(4) (originally mapped as read only).

Bug reported by David Laight on port-amd64@ (thanks!), patch and test by
me.

i386 is unaffected as PG_LGFRAME does not mask the sign bits. For the
sake of correctness, use VA_SIGN_NEG(...) anyway.

XXX this is the patch that will be pulled-up to -5 and -6.

diffstat:

 sys/arch/amd64/amd64/db_memrw.c |  6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diffs (27 lines):

diff -r 06cf2b3d702b -r 9996dbf1827d sys/arch/amd64/amd64/db_memrw.c
--- a/sys/arch/amd64/amd64/db_memrw.c   Mon May 07 12:12:03 2012 +0000
+++ b/sys/arch/amd64/amd64/db_memrw.c   Mon May 07 12:20:27 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: db_memrw.c,v 1.10 2012/05/07 12:12:04 jym Exp $        */
+/*     $NetBSD: db_memrw.c,v 1.11 2012/05/07 12:20:27 jym Exp $        */
 
 /*-
  * Copyright (c) 1996, 2000 The NetBSD Foundation, Inc.
@@ -51,7 +51,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: db_memrw.c,v 1.10 2012/05/07 12:12:04 jym Exp $");
+__KERNEL_RCSID(0, "$NetBSD: db_memrw.c,v 1.11 2012/05/07 12:20:27 jym Exp $");
 
 #include <sys/param.h>
 #include <sys/proc.h>
@@ -123,7 +123,7 @@
                 * Get the VA for the page.
                 */
                if (pte & PG_PS)
-                       pgva = (vaddr_t)dst & PG_LGFRAME;
+                       pgva = VA_SIGN_NEG((vaddr_t)dst & PG_LGFRAME);
                else
                        pgva = x86_trunc_page(dst);