From owner-svn-src-all@FreeBSD.ORG  Mon May  6 15:30:35 2013
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 06AEB744;
 Mon,  6 May 2013 15:30:35 +0000 (UTC)
 (envelope-from gber@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 by mx1.freebsd.org (Postfix) with ESMTP id DDA26D39;
 Mon,  6 May 2013 15:30:34 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.6/8.14.6) with ESMTP id r46FUYEx045026;
 Mon, 6 May 2013 15:30:34 GMT (envelope-from gber@svn.freebsd.org)
Received: (from gber@localhost)
 by svn.freebsd.org (8.14.6/8.14.5/Submit) id r46FUYLh045024;
 Mon, 6 May 2013 15:30:34 GMT (envelope-from gber@svn.freebsd.org)
Message-Id: <201305061530.r46FUYLh045024@svn.freebsd.org>
From: Grzegorz Bernacki <gber@FreeBSD.org>
Date: Mon, 6 May 2013 15:30:34 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r250297 - in head/sys/arm: arm include
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 06 May 2013 15:30:35 -0000

Author: gber
Date: Mon May  6 15:30:34 2013
New Revision: 250297
URL: http://svnweb.freebsd.org/changeset/base/250297

Log:
  Fix L2 PTE access permissions management.
  
  Keep following access permissions:
  
  APX     AP     Kernel     User
   1      01       R         N
   1      10       R         R
   0      01      R/W        N
   0      11      R/W       R/W
  
  Avoid using reserved in ARMv6 APX|AP settings:
  - In case of unprivileged (user) access without permission to write,
    the access permission bits were being set to reserved for ARMv6
    (but valid for ARMv7) value of APX|AP = 111.
  
  Fix-up faulting userland accesses properly:
  - Wrong condition statement in pmap_fault_fixup() caused that
    any genuine, unprivileged access was being fixed-up instead of
    just skip doing anything and return. Staring from now we ensure
    proper reaction for illicit user accesses.
  
  L2_S_PROT_R and L2_S_PROT_U names might be misleading as they do not
  reflect real permission levels. It will be clarified in following
  patches (switch to AP[2:1] permissions model).
  
  Obtained from: Semihalf

Modified:
  head/sys/arm/arm/pmap-v6.c
  head/sys/arm/include/pmap.h

Modified: head/sys/arm/arm/pmap-v6.c
==============================================================================
--- head/sys/arm/arm/pmap-v6.c	Mon May  6 14:57:02 2013	(r250296)
+++ head/sys/arm/arm/pmap-v6.c	Mon May  6 15:30:34 2013	(r250297)
@@ -983,6 +983,7 @@ pmap_set_prot(pt_entry_t *ptep, vm_prot_
 	if (!(prot & VM_PROT_EXECUTE))
 		*ptep |= L2_XN;
 
+	*ptep |= L2_APX;
 	*ptep |= L2_S_PROT_R;
 
 	if (user)
@@ -990,6 +991,8 @@ pmap_set_prot(pt_entry_t *ptep, vm_prot_
 
 	if (prot & VM_PROT_WRITE)
 		*ptep &= ~(L2_APX);
+	else if (user)
+		*ptep &= ~(L2_S_PROT_R);
 }
 
 /*
@@ -1216,7 +1219,7 @@ pmap_fault_fixup(pmap_t pm, vm_offset_t 
 	/*
 	 * Catch a userland access to the vector page mapped at 0x0
 	 */
-	if (user && ((pte & L2_S_PROT_MASK) == L2_S_PROT_U))
+	if (user && !(pte & L2_S_PROT_U))
 		goto out;
 	if (va == vector_page)
 		goto out;
@@ -2649,7 +2652,10 @@ do_l2b_alloc:
 		npte |= L2_TYPE_INV;
 	}
 
+	npte |= L2_APX;
 	npte |= L2_S_PROT_R;
+	if (user)
+		npte |= L2_S_PROT_U;
 
 	if (prot & VM_PROT_WRITE) {
 		npte &= ~(L2_APX);
@@ -2657,11 +2663,8 @@ do_l2b_alloc:
 		if (m != NULL &&
 		    (m->oflags & VPO_UNMANAGED) == 0)
 			vm_page_aflag_set(m, PGA_WRITEABLE);
-	}
-
-	if (user)
-		npte |= L2_S_PROT_U;
-
+	} else if (user)
+		npte &= ~(L2_S_PROT_R);
 
 	if (!(prot & VM_PROT_EXECUTE) && m)
 		npte |= L2_XN;

Modified: head/sys/arm/include/pmap.h
==============================================================================
--- head/sys/arm/include/pmap.h	Mon May  6 14:57:02 2013	(r250296)
+++ head/sys/arm/include/pmap.h	Mon May  6 15:30:34 2013	(r250297)
@@ -352,7 +352,7 @@ extern int pmap_needs_pte_sync;
 #elif (ARM_MMU_V6 + ARM_MMU_V7) != 0
 
 #define	L2_S_PROT_U		(L2_AP0(2))		/* user access */
-#define	L2_S_PROT_R		(L2_APX|L2_AP0(1))	/* read access */
+#define	L2_S_PROT_R		(L2_AP0(1))		/* read access */
 
 #define	L2_S_PROT_MASK		(L2_S_PROT_U|L2_S_PROT_R)
 #define	L2_S_WRITABLE(pte)	(!(pte & L2_APX))