Date: Tue, 17 Sep 2019 10:00:54 +0000 (UTC) From: Andrew Turner <andrew@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r352440 - stable/12/sys/arm64/arm64 Message-ID: <201909171000.x8HA0sx1044602@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: andrew Date: Tue Sep 17 10:00:53 2019 New Revision: 352440 URL: https://svnweb.freebsd.org/changeset/base/352440 Log: MFC r342552: Pass VM_PROT_EXECUTE to vm_fault for instruction faults. We need to tell vm_fault the reason for the fault was because we tried to execute from the memory location. Without this it may return with success as we only request read-only memory, then we return to the same location and try to execute from the same memory address. This leads to an infinite loop raising the same fault and returning to the same invalid location. Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D18511 Modified: stable/12/sys/arm64/arm64/trap.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/arm64/arm64/trap.c ============================================================================== --- stable/12/sys/arm64/arm64/trap.c Tue Sep 17 09:47:35 2019 (r352439) +++ stable/12/sys/arm64/arm64/trap.c Tue Sep 17 10:00:53 2019 (r352440) @@ -151,7 +151,7 @@ svc_handler(struct thread *td, struct trapframe *frame static void data_abort(struct thread *td, struct trapframe *frame, uint64_t esr, - uint64_t far, int lower) + uint64_t far, int lower, int exec) { struct vm_map *map; struct proc *p; @@ -231,6 +231,8 @@ no_pmap_fault: va = trunc_page(far); ftype = ((esr >> 6) & 1) ? VM_PROT_READ | VM_PROT_WRITE : VM_PROT_READ; + if (exec) + ftype |= VM_PROT_EXECUTE; /* Fault in the page. */ error = vm_fault(map, va, ftype, VM_FAULT_NORMAL); @@ -338,7 +340,8 @@ do_el1h_sync(struct thread *td, struct trapframe *fram case EXCP_DATA_ABORT: far = READ_SPECIALREG(far_el1); intr_enable(); - data_abort(td, frame, esr, far, 0); + data_abort(td, frame, esr, far, 0, + exception == EXCP_INSN_ABORT); break; case EXCP_BRK: #ifdef KDTRACE_HOOKS @@ -435,7 +438,8 @@ do_el0_sync(struct thread *td, struct trapframe *frame case EXCP_INSN_ABORT_L: case EXCP_DATA_ABORT_L: case EXCP_DATA_ABORT: - data_abort(td, frame, esr, far, 1); + data_abort(td, frame, esr, far, 1, + exception == EXCP_INSN_ABORT_L); break; case EXCP_UNKNOWN: if (!undef_insn(0, frame))
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201909171000.x8HA0sx1044602>