Module Name: src
Committed By: maxv
Date: Sun Aug 2 06:58:16 UTC 2020
Modified Files:
src/sys/arch/aarch64/aarch64: aarch64_machdep.c copyinout.S cpufunc.c
db_interface.c fault.c fusu.S locore.S trap.c
src/sys/arch/aarch64/include: armreg.h asm.h cpufunc.h
src/sys/arch/arm/conf: files.arm
src/sys/arch/evbarm/conf: GENERIC64
Log Message:
Add support for Privileged Access Never (ARMv8.1-PAN).
PAN provides the same functionality as SMAP on x86: it forbids kernel
access to userland pages when PSTATE.PAN=1, and allows such accesses when
PSTATE.PAN=0.
We clear SCTLR_SPAN, to guarantee that PAN=1 each time the kernel is
entered. We catch PAN faults and panic right away without further
processing. In copyin, copyout, etc, we temporarily authorize access to
userland pages.
PAN is a very useful exploit mitigation. Reviewed by ryo@, thanks. Tested
on Qemu. Enabled by default.
To generate a diff of this commit:
cvs rdiff -u -r1.45 -r1.46 src/sys/arch/aarch64/aarch64/aarch64_machdep.c
cvs rdiff -u -r1.10 -r1.11 src/sys/arch/aarch64/aarch64/copyinout.S
cvs rdiff -u -r1.23 -r1.24 src/sys/arch/aarch64/aarch64/cpufunc.c
cvs rdiff -u -r1.7 -r1.8 src/sys/arch/aarch64/aarch64/db_interface.c
cvs rdiff -u -r1.14 -r1.15 src/sys/arch/aarch64/aarch64/fault.c
cvs rdiff -u -r1.6 -r1.7 src/sys/arch/aarch64/aarch64/fusu.S
cvs rdiff -u -r1.68 -r1.69 src/sys/arch/aarch64/aarch64/locore.S
cvs rdiff -u -r1.35 -r1.36 src/sys/arch/aarch64/aarch64/trap.c
cvs rdiff -u -r1.51 -r1.52 src/sys/arch/aarch64/include/armreg.h
cvs rdiff -u -r1.8 -r1.9 src/sys/arch/aarch64/include/asm.h
cvs rdiff -u -r1.16 -r1.17 src/sys/arch/aarch64/include/cpufunc.h
cvs rdiff -u -r1.160 -r1.161 src/sys/arch/arm/conf/files.arm
cvs rdiff -u -r1.160 -r1.161 src/sys/arch/evbarm/conf/GENERIC64
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
