1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
3 *
4 * Copyright (c) 2010, 2012 Konstantin Belousov <kib@FreeBSD.org>
5 * Copyright (c) 2015 The FreeBSD Foundation
6 * All rights reserved.
7 *
8 * Portions of this software were developed by Konstantin Belousov
9 * under sponsorship from the FreeBSD Foundation.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33 #include <sys/cdefs.h>
34 #include "opt_vm.h"
35
36 #include <sys/param.h>
37 #include <sys/systm.h>
38 #include <sys/kernel.h>
39 #include <sys/lock.h>
40 #include <sys/malloc.h>
41 #include <sys/rwlock.h>
42 #include <sys/stddef.h>
43 #include <sys/sysent.h>
44 #include <sys/sysctl.h>
45 #include <sys/vdso.h>
46
47 #include <vm/vm.h>
48 #include <vm/vm_param.h>
49 #include <vm/pmap.h>
50 #include <vm/vm_extern.h>
51 #include <vm/vm_kern.h>
52 #include <vm/vm_map.h>
53 #include <vm/vm_object.h>
54 #include <vm/vm_page.h>
55 #include <vm/vm_pager.h>
56
57 static struct sx shared_page_alloc_sx;
58 static vm_object_t shared_page_obj;
59 static int shared_page_free;
60 char *shared_page_mapping;
61
62 #ifdef RANDOM_FENESTRASX
63 static struct vdso_fxrng_generation *fxrng_shpage_mapping;
64
65 static bool fxrng_enabled = true;
66 SYSCTL_BOOL(_debug, OID_AUTO, fxrng_vdso_enable, CTLFLAG_RWTUN, &fxrng_enabled,
67 0, "Enable FXRNG VDSO");
68 #endif
69
70 void
shared_page_write(int base,int size,const void * data)71 shared_page_write(int base, int size, const void *data)
72 {
73
74 bcopy(data, shared_page_mapping + base, size);
75 }
76
77 static int
shared_page_alloc_locked(int size,int align)78 shared_page_alloc_locked(int size, int align)
79 {
80 int res;
81
82 res = roundup(shared_page_free, align);
83 if (res + size >= IDX_TO_OFF(shared_page_obj->size))
84 res = -1;
85 else
86 shared_page_free = res + size;
87 return (res);
88 }
89
90 int
shared_page_alloc(int size,int align)91 shared_page_alloc(int size, int align)
92 {
93 int res;
94
95 sx_xlock(&shared_page_alloc_sx);
96 res = shared_page_alloc_locked(size, align);
97 sx_xunlock(&shared_page_alloc_sx);
98 return (res);
99 }
100
101 int
shared_page_fill(int size,int align,const void * data)102 shared_page_fill(int size, int align, const void *data)
103 {
104 int res;
105
106 sx_xlock(&shared_page_alloc_sx);
107 res = shared_page_alloc_locked(size, align);
108 if (res != -1)
109 shared_page_write(res, size, data);
110 sx_xunlock(&shared_page_alloc_sx);
111 return (res);
112 }
113
114 static void
shared_page_init(void * dummy __unused)115 shared_page_init(void *dummy __unused)
116 {
117 vm_page_t m;
118 vm_offset_t addr;
119
120 sx_init(&shared_page_alloc_sx, "shpsx");
121 shared_page_obj = vm_pager_allocate(OBJT_PHYS, 0, PAGE_SIZE,
122 VM_PROT_DEFAULT, 0, NULL);
123 VM_OBJECT_WLOCK(shared_page_obj);
124 m = vm_page_grab(shared_page_obj, 0, VM_ALLOC_ZERO);
125 VM_OBJECT_WUNLOCK(shared_page_obj);
126 vm_page_valid(m);
127 vm_page_xunbusy(m);
128 addr = kva_alloc(PAGE_SIZE);
129 pmap_qenter(addr, &m, 1);
130 shared_page_mapping = (char *)addr;
131 }
132
133 SYSINIT(shp, SI_SUB_EXEC, SI_ORDER_FIRST, shared_page_init, NULL);
134
135 /*
136 * Push the timehands update to the shared page.
137 *
138 * The lockless update scheme is similar to the one used to update the
139 * in-kernel timehands, see sys/kern/kern_tc.c:tc_windup() (which
140 * calls us after the timehands are updated).
141 */
142 static void
timehands_update(struct vdso_sv_tk * svtk)143 timehands_update(struct vdso_sv_tk *svtk)
144 {
145 struct vdso_timehands th;
146 struct vdso_timekeep *tk;
147 uint32_t enabled, idx;
148
149 enabled = tc_fill_vdso_timehands(&th);
150 th.th_gen = 0;
151 idx = svtk->sv_timekeep_curr;
152 if (++idx >= VDSO_TH_NUM)
153 idx = 0;
154 svtk->sv_timekeep_curr = idx;
155 if (++svtk->sv_timekeep_gen == 0)
156 svtk->sv_timekeep_gen = 1;
157
158 tk = (struct vdso_timekeep *)(shared_page_mapping +
159 svtk->sv_timekeep_off);
160 tk->tk_th[idx].th_gen = 0;
161 atomic_thread_fence_rel();
162 if (enabled)
163 tk->tk_th[idx] = th;
164 atomic_store_rel_32(&tk->tk_th[idx].th_gen, svtk->sv_timekeep_gen);
165 atomic_store_rel_32(&tk->tk_current, idx);
166
167 /*
168 * The ordering of the assignment to tk_enabled relative to
169 * the update of the vdso_timehands is not important.
170 */
171 tk->tk_enabled = enabled;
172 }
173
174 #ifdef COMPAT_FREEBSD32
175 static void
timehands_update32(struct vdso_sv_tk * svtk)176 timehands_update32(struct vdso_sv_tk *svtk)
177 {
178 struct vdso_timehands32 th;
179 struct vdso_timekeep32 *tk;
180 uint32_t enabled, idx;
181
182 enabled = tc_fill_vdso_timehands32(&th);
183 th.th_gen = 0;
184 idx = svtk->sv_timekeep_curr;
185 if (++idx >= VDSO_TH_NUM)
186 idx = 0;
187 svtk->sv_timekeep_curr = idx;
188 if (++svtk->sv_timekeep_gen == 0)
189 svtk->sv_timekeep_gen = 1;
190
191 tk = (struct vdso_timekeep32 *)(shared_page_mapping +
192 svtk->sv_timekeep_off);
193 tk->tk_th[idx].th_gen = 0;
194 atomic_thread_fence_rel();
195 if (enabled)
196 tk->tk_th[idx] = th;
197 atomic_store_rel_32(&tk->tk_th[idx].th_gen, svtk->sv_timekeep_gen);
198 atomic_store_rel_32(&tk->tk_current, idx);
199 tk->tk_enabled = enabled;
200 }
201 #endif
202
203 /*
204 * This is hackish, but easiest way to avoid creating list structures
205 * that needs to be iterated over from the hardclock interrupt
206 * context.
207 */
208 static struct vdso_sv_tk *host_svtk;
209 #ifdef COMPAT_FREEBSD32
210 static struct vdso_sv_tk *compat32_svtk;
211 #endif
212
213 void
timekeep_push_vdso(void)214 timekeep_push_vdso(void)
215 {
216
217 if (host_svtk != NULL)
218 timehands_update(host_svtk);
219 #ifdef COMPAT_FREEBSD32
220 if (compat32_svtk != NULL)
221 timehands_update32(compat32_svtk);
222 #endif
223 }
224
225 struct vdso_sv_tk *
alloc_sv_tk(void)226 alloc_sv_tk(void)
227 {
228 struct vdso_sv_tk *svtk;
229 int tk_base;
230 uint32_t tk_ver;
231
232 tk_ver = VDSO_TK_VER_CURR;
233 svtk = malloc(sizeof(struct vdso_sv_tk), M_TEMP, M_WAITOK | M_ZERO);
234 tk_base = shared_page_alloc(sizeof(struct vdso_timekeep) +
235 sizeof(struct vdso_timehands) * VDSO_TH_NUM, 16);
236 KASSERT(tk_base != -1, ("tk_base -1 for native"));
237 shared_page_write(tk_base + offsetof(struct vdso_timekeep, tk_ver),
238 sizeof(uint32_t), &tk_ver);
239 svtk->sv_timekeep_off = tk_base;
240 timekeep_push_vdso();
241 return (svtk);
242 }
243
244 #ifdef COMPAT_FREEBSD32
245 struct vdso_sv_tk *
alloc_sv_tk_compat32(void)246 alloc_sv_tk_compat32(void)
247 {
248 struct vdso_sv_tk *svtk;
249 int tk_base;
250 uint32_t tk_ver;
251
252 svtk = malloc(sizeof(struct vdso_sv_tk), M_TEMP, M_WAITOK | M_ZERO);
253 tk_ver = VDSO_TK_VER_CURR;
254 tk_base = shared_page_alloc(sizeof(struct vdso_timekeep32) +
255 sizeof(struct vdso_timehands32) * VDSO_TH_NUM, 16);
256 KASSERT(tk_base != -1, ("tk_base -1 for 32bit"));
257 shared_page_write(tk_base + offsetof(struct vdso_timekeep32,
258 tk_ver), sizeof(uint32_t), &tk_ver);
259 svtk->sv_timekeep_off = tk_base;
260 timekeep_push_vdso();
261 return (svtk);
262 }
263 #endif
264
265 #ifdef RANDOM_FENESTRASX
266 void
fxrng_push_seed_generation(uint64_t gen)267 fxrng_push_seed_generation(uint64_t gen)
268 {
269 if (fxrng_shpage_mapping == NULL || !fxrng_enabled)
270 return;
271 KASSERT(gen < INT32_MAX,
272 ("fxrng seed version shouldn't roll over a 32-bit counter "
273 "for approximately 456,000 years"));
274 atomic_store_rel_32(&fxrng_shpage_mapping->fx_generation32,
275 (uint32_t)gen);
276 }
277
278 static void
alloc_sv_fxrng_generation(void)279 alloc_sv_fxrng_generation(void)
280 {
281 int base;
282
283 /*
284 * Allocate a full cache line for the fxrng root generation (64-bit
285 * counter, or truncated 32-bit counter on ILP32 userspace). It is
286 * important that the line is not shared with frequently dirtied data,
287 * and the shared page allocator lacks a __read_mostly mechanism.
288 * However, PAGE_SIZE is typically large relative to the amount of
289 * stuff we've got in it so far, so maybe the possible waste isn't an
290 * issue.
291 */
292 base = shared_page_alloc(CACHE_LINE_SIZE, CACHE_LINE_SIZE);
293 KASSERT(base != -1, ("%s: base allocation failed", __func__));
294 fxrng_shpage_mapping = (void *)(shared_page_mapping + base);
295 *fxrng_shpage_mapping = (struct vdso_fxrng_generation) {
296 .fx_vdso_version = VDSO_FXRNG_VER_CURR,
297 };
298 }
299 #endif /* RANDOM_FENESTRASX */
300
301 void
exec_sysvec_init(void * param)302 exec_sysvec_init(void *param)
303 {
304 struct sysentvec *sv;
305 u_int flags;
306 int res;
307
308 sv = param;
309 flags = sv->sv_flags;
310 if ((flags & SV_SHP) == 0)
311 return;
312 MPASS(sv->sv_shared_page_obj == NULL);
313 MPASS(sv->sv_shared_page_base != 0);
314
315 sv->sv_shared_page_obj = shared_page_obj;
316 if ((flags & SV_ABI_MASK) == SV_ABI_FREEBSD) {
317 if ((flags & SV_DSO_SIG) != 0) {
318 res = shared_page_fill((uintptr_t)sv->sv_szsigcode,
319 16, sv->sv_sigcode);
320 if (res == -1)
321 panic("copying vdso to shared page");
322 sv->sv_vdso_offset = res;
323 sv->sv_sigcode_offset = res + sv->sv_sigcodeoff;
324 } else {
325 res = shared_page_fill(*(sv->sv_szsigcode),
326 16, sv->sv_sigcode);
327 if (res == -1)
328 panic("copying sigtramp to shared page");
329 sv->sv_sigcode_offset = res;
330 }
331 }
332 if ((flags & SV_TIMEKEEP) != 0) {
333 #ifdef COMPAT_FREEBSD32
334 if ((flags & SV_ILP32) != 0) {
335 if ((flags & SV_ABI_MASK) == SV_ABI_FREEBSD) {
336 KASSERT(compat32_svtk == NULL,
337 ("Compat32 already registered"));
338 compat32_svtk = alloc_sv_tk_compat32();
339 } else {
340 KASSERT(compat32_svtk != NULL,
341 ("Compat32 not registered"));
342 }
343 sv->sv_timekeep_offset = compat32_svtk->sv_timekeep_off;
344 } else {
345 #endif
346 if ((flags & SV_ABI_MASK) == SV_ABI_FREEBSD) {
347 KASSERT(host_svtk == NULL,
348 ("Host already registered"));
349 host_svtk = alloc_sv_tk();
350 } else {
351 KASSERT(host_svtk != NULL,
352 ("Host not registered"));
353 }
354 sv->sv_timekeep_offset = host_svtk->sv_timekeep_off;
355 #ifdef COMPAT_FREEBSD32
356 }
357 #endif
358 }
359 #ifdef RANDOM_FENESTRASX
360 if ((flags & (SV_ABI_MASK | SV_RNG_SEED_VER)) ==
361 (SV_ABI_FREEBSD | SV_RNG_SEED_VER)) {
362 /*
363 * Only allocate a single VDSO entry for multiple sysentvecs,
364 * i.e., native and COMPAT32.
365 */
366 if (fxrng_shpage_mapping == NULL)
367 alloc_sv_fxrng_generation();
368 sv->sv_fxrng_gen_offset =
369 (char *)fxrng_shpage_mapping - shared_page_mapping;
370 }
371 #endif
372 }
373
374 void
exec_sysvec_init_secondary(struct sysentvec * sv,struct sysentvec * sv2)375 exec_sysvec_init_secondary(struct sysentvec *sv, struct sysentvec *sv2)
376 {
377 MPASS((sv2->sv_flags & SV_ABI_MASK) == (sv->sv_flags & SV_ABI_MASK));
378 MPASS((sv2->sv_flags & SV_TIMEKEEP) == (sv->sv_flags & SV_TIMEKEEP));
379 MPASS((sv2->sv_flags & SV_SHP) != 0 && (sv->sv_flags & SV_SHP) != 0);
380 MPASS((sv2->sv_flags & SV_DSO_SIG) == (sv->sv_flags & SV_DSO_SIG));
381 MPASS((sv2->sv_flags & SV_RNG_SEED_VER) ==
382 (sv->sv_flags & SV_RNG_SEED_VER));
383
384 sv2->sv_shared_page_obj = sv->sv_shared_page_obj;
385 sv2->sv_sigcode_offset = sv->sv_sigcode_offset;
386 sv2->sv_vdso_offset = sv->sv_vdso_offset;
387 if ((sv2->sv_flags & SV_ABI_MASK) != SV_ABI_FREEBSD)
388 return;
389 sv2->sv_timekeep_offset = sv->sv_timekeep_offset;
390 sv2->sv_fxrng_gen_offset = sv->sv_fxrng_gen_offset;
391 }
392