xref: /freebsd/sys/kern/kern_sharedpage.c (revision f9fd7337f63698f33239c58c07bf430198235a22)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3  *
4  * Copyright (c) 2010, 2012 Konstantin Belousov <kib@FreeBSD.org>
5  * Copyright (c) 2015 The FreeBSD Foundation
6  * All rights reserved.
7  *
8  * Portions of this software were developed by Konstantin Belousov
9  * under sponsorship from the FreeBSD Foundation.
10  *
11  * Redistribution and use in source and binary forms, with or without
12  * modification, are permitted provided that the following conditions
13  * are met:
14  * 1. Redistributions of source code must retain the above copyright
15  *    notice, this list of conditions and the following disclaimer.
16  * 2. Redistributions in binary form must reproduce the above copyright
17  *    notice, this list of conditions and the following disclaimer in the
18  *    documentation and/or other materials provided with the distribution.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30  * SUCH DAMAGE.
31  */
32 
33 #include <sys/cdefs.h>
34 __FBSDID("$FreeBSD$");
35 
36 #include "opt_vm.h"
37 
38 #include <sys/param.h>
39 #include <sys/systm.h>
40 #include <sys/kernel.h>
41 #include <sys/lock.h>
42 #include <sys/malloc.h>
43 #include <sys/rwlock.h>
44 #include <sys/stddef.h>
45 #include <sys/sysent.h>
46 #include <sys/sysctl.h>
47 #include <sys/vdso.h>
48 
49 #include <vm/vm.h>
50 #include <vm/vm_param.h>
51 #include <vm/pmap.h>
52 #include <vm/vm_extern.h>
53 #include <vm/vm_kern.h>
54 #include <vm/vm_map.h>
55 #include <vm/vm_object.h>
56 #include <vm/vm_page.h>
57 #include <vm/vm_pager.h>
58 
59 static struct sx shared_page_alloc_sx;
60 static vm_object_t shared_page_obj;
61 static int shared_page_free;
62 char *shared_page_mapping;
63 
64 #ifdef RANDOM_FENESTRASX
65 static struct vdso_fxrng_generation *fxrng_shpage_mapping;
66 
67 static bool fxrng_enabled = true;
68 SYSCTL_BOOL(_debug, OID_AUTO, fxrng_vdso_enable, CTLFLAG_RWTUN, &fxrng_enabled,
69     0, "Enable FXRNG VDSO");
70 #endif
71 
72 void
73 shared_page_write(int base, int size, const void *data)
74 {
75 
76 	bcopy(data, shared_page_mapping + base, size);
77 }
78 
79 static int
80 shared_page_alloc_locked(int size, int align)
81 {
82 	int res;
83 
84 	res = roundup(shared_page_free, align);
85 	if (res + size >= IDX_TO_OFF(shared_page_obj->size))
86 		res = -1;
87 	else
88 		shared_page_free = res + size;
89 	return (res);
90 }
91 
92 int
93 shared_page_alloc(int size, int align)
94 {
95 	int res;
96 
97 	sx_xlock(&shared_page_alloc_sx);
98 	res = shared_page_alloc_locked(size, align);
99 	sx_xunlock(&shared_page_alloc_sx);
100 	return (res);
101 }
102 
103 int
104 shared_page_fill(int size, int align, const void *data)
105 {
106 	int res;
107 
108 	sx_xlock(&shared_page_alloc_sx);
109 	res = shared_page_alloc_locked(size, align);
110 	if (res != -1)
111 		shared_page_write(res, size, data);
112 	sx_xunlock(&shared_page_alloc_sx);
113 	return (res);
114 }
115 
116 static void
117 shared_page_init(void *dummy __unused)
118 {
119 	vm_page_t m;
120 	vm_offset_t addr;
121 
122 	sx_init(&shared_page_alloc_sx, "shpsx");
123 	shared_page_obj = vm_pager_allocate(OBJT_PHYS, 0, PAGE_SIZE,
124 	    VM_PROT_DEFAULT, 0, NULL);
125 	VM_OBJECT_WLOCK(shared_page_obj);
126 	m = vm_page_grab(shared_page_obj, 0, VM_ALLOC_ZERO);
127 	VM_OBJECT_WUNLOCK(shared_page_obj);
128 	vm_page_valid(m);
129 	vm_page_xunbusy(m);
130 	addr = kva_alloc(PAGE_SIZE);
131 	pmap_qenter(addr, &m, 1);
132 	shared_page_mapping = (char *)addr;
133 }
134 
135 SYSINIT(shp, SI_SUB_EXEC, SI_ORDER_FIRST, (sysinit_cfunc_t)shared_page_init,
136     NULL);
137 
138 /*
139  * Push the timehands update to the shared page.
140  *
141  * The lockless update scheme is similar to the one used to update the
142  * in-kernel timehands, see sys/kern/kern_tc.c:tc_windup() (which
143  * calls us after the timehands are updated).
144  */
145 static void
146 timehands_update(struct vdso_sv_tk *svtk)
147 {
148 	struct vdso_timehands th;
149 	struct vdso_timekeep *tk;
150 	uint32_t enabled, idx;
151 
152 	enabled = tc_fill_vdso_timehands(&th);
153 	th.th_gen = 0;
154 	idx = svtk->sv_timekeep_curr;
155 	if (++idx >= VDSO_TH_NUM)
156 		idx = 0;
157 	svtk->sv_timekeep_curr = idx;
158 	if (++svtk->sv_timekeep_gen == 0)
159 		svtk->sv_timekeep_gen = 1;
160 
161 	tk = (struct vdso_timekeep *)(shared_page_mapping +
162 	    svtk->sv_timekeep_off);
163 	tk->tk_th[idx].th_gen = 0;
164 	atomic_thread_fence_rel();
165 	if (enabled)
166 		tk->tk_th[idx] = th;
167 	atomic_store_rel_32(&tk->tk_th[idx].th_gen, svtk->sv_timekeep_gen);
168 	atomic_store_rel_32(&tk->tk_current, idx);
169 
170 	/*
171 	 * The ordering of the assignment to tk_enabled relative to
172 	 * the update of the vdso_timehands is not important.
173 	 */
174 	tk->tk_enabled = enabled;
175 }
176 
177 #ifdef COMPAT_FREEBSD32
178 static void
179 timehands_update32(struct vdso_sv_tk *svtk)
180 {
181 	struct vdso_timehands32 th;
182 	struct vdso_timekeep32 *tk;
183 	uint32_t enabled, idx;
184 
185 	enabled = tc_fill_vdso_timehands32(&th);
186 	th.th_gen = 0;
187 	idx = svtk->sv_timekeep_curr;
188 	if (++idx >= VDSO_TH_NUM)
189 		idx = 0;
190 	svtk->sv_timekeep_curr = idx;
191 	if (++svtk->sv_timekeep_gen == 0)
192 		svtk->sv_timekeep_gen = 1;
193 
194 	tk = (struct vdso_timekeep32 *)(shared_page_mapping +
195 	    svtk->sv_timekeep_off);
196 	tk->tk_th[idx].th_gen = 0;
197 	atomic_thread_fence_rel();
198 	if (enabled)
199 		tk->tk_th[idx] = th;
200 	atomic_store_rel_32(&tk->tk_th[idx].th_gen, svtk->sv_timekeep_gen);
201 	atomic_store_rel_32(&tk->tk_current, idx);
202 	tk->tk_enabled = enabled;
203 }
204 #endif
205 
206 /*
207  * This is hackish, but easiest way to avoid creating list structures
208  * that needs to be iterated over from the hardclock interrupt
209  * context.
210  */
211 static struct vdso_sv_tk *host_svtk;
212 #ifdef COMPAT_FREEBSD32
213 static struct vdso_sv_tk *compat32_svtk;
214 #endif
215 
216 void
217 timekeep_push_vdso(void)
218 {
219 
220 	if (host_svtk != NULL)
221 		timehands_update(host_svtk);
222 #ifdef COMPAT_FREEBSD32
223 	if (compat32_svtk != NULL)
224 		timehands_update32(compat32_svtk);
225 #endif
226 }
227 
228 struct vdso_sv_tk *
229 alloc_sv_tk(void)
230 {
231 	struct vdso_sv_tk *svtk;
232 	int tk_base;
233 	uint32_t tk_ver;
234 
235 	tk_ver = VDSO_TK_VER_CURR;
236 	svtk = malloc(sizeof(struct vdso_sv_tk), M_TEMP, M_WAITOK | M_ZERO);
237 	tk_base = shared_page_alloc(sizeof(struct vdso_timekeep) +
238 	    sizeof(struct vdso_timehands) * VDSO_TH_NUM, 16);
239 	KASSERT(tk_base != -1, ("tk_base -1 for native"));
240 	shared_page_write(tk_base + offsetof(struct vdso_timekeep, tk_ver),
241 	    sizeof(uint32_t), &tk_ver);
242 	svtk->sv_timekeep_off = tk_base;
243 	timekeep_push_vdso();
244 	return (svtk);
245 }
246 
247 #ifdef COMPAT_FREEBSD32
248 struct vdso_sv_tk *
249 alloc_sv_tk_compat32(void)
250 {
251 	struct vdso_sv_tk *svtk;
252 	int tk_base;
253 	uint32_t tk_ver;
254 
255 	svtk = malloc(sizeof(struct vdso_sv_tk), M_TEMP, M_WAITOK | M_ZERO);
256 	tk_ver = VDSO_TK_VER_CURR;
257 	tk_base = shared_page_alloc(sizeof(struct vdso_timekeep32) +
258 	    sizeof(struct vdso_timehands32) * VDSO_TH_NUM, 16);
259 	KASSERT(tk_base != -1, ("tk_base -1 for 32bit"));
260 	shared_page_write(tk_base + offsetof(struct vdso_timekeep32,
261 	    tk_ver), sizeof(uint32_t), &tk_ver);
262 	svtk->sv_timekeep_off = tk_base;
263 	timekeep_push_vdso();
264 	return (svtk);
265 }
266 #endif
267 
268 #ifdef RANDOM_FENESTRASX
269 void
270 fxrng_push_seed_generation(uint64_t gen)
271 {
272 	if (fxrng_shpage_mapping == NULL || !fxrng_enabled)
273 		return;
274 	KASSERT(gen < INT32_MAX,
275 	    ("fxrng seed version shouldn't roll over a 32-bit counter "
276 	     "for approximately 456,000 years"));
277 	atomic_store_rel_32(&fxrng_shpage_mapping->fx_generation32,
278 	    (uint32_t)gen);
279 }
280 
281 static void
282 alloc_sv_fxrng_generation(void)
283 {
284 	int base;
285 
286 	/*
287 	 * Allocate a full cache line for the fxrng root generation (64-bit
288 	 * counter, or truncated 32-bit counter on ILP32 userspace).  It is
289 	 * important that the line is not shared with frequently dirtied data,
290 	 * and the shared page allocator lacks a __read_mostly mechanism.
291 	 * However, PAGE_SIZE is typically large relative to the amount of
292 	 * stuff we've got in it so far, so maybe the possible waste isn't an
293 	 * issue.
294 	 */
295 	base = shared_page_alloc(CACHE_LINE_SIZE, CACHE_LINE_SIZE);
296 	KASSERT(base != -1, ("%s: base allocation failed", __func__));
297 	fxrng_shpage_mapping = (void *)(shared_page_mapping + base);
298 	*fxrng_shpage_mapping = (struct vdso_fxrng_generation) {
299 		.fx_vdso_version = VDSO_FXRNG_VER_CURR,
300 	};
301 }
302 #endif /* RANDOM_FENESTRASX */
303 
304 void
305 exec_sysvec_init(void *param)
306 {
307 	struct sysentvec *sv;
308 #ifdef RANDOM_FENESTRASX
309 	ptrdiff_t base;
310 #endif
311 
312 	sv = (struct sysentvec *)param;
313 	if ((sv->sv_flags & SV_SHP) == 0)
314 		return;
315 	sv->sv_shared_page_obj = shared_page_obj;
316 	sv->sv_sigcode_base = sv->sv_shared_page_base +
317 	    shared_page_fill(*(sv->sv_szsigcode), 16, sv->sv_sigcode);
318 	if ((sv->sv_flags & SV_ABI_MASK) != SV_ABI_FREEBSD)
319 		return;
320 	if ((sv->sv_flags & SV_TIMEKEEP) != 0) {
321 #ifdef COMPAT_FREEBSD32
322 		if ((sv->sv_flags & SV_ILP32) != 0) {
323 			KASSERT(compat32_svtk == NULL,
324 			    ("Compat32 already registered"));
325 			compat32_svtk = alloc_sv_tk_compat32();
326 			sv->sv_timekeep_base = sv->sv_shared_page_base +
327 			    compat32_svtk->sv_timekeep_off;
328 		} else {
329 #endif
330 			KASSERT(host_svtk == NULL, ("Host already registered"));
331 			host_svtk = alloc_sv_tk();
332 			sv->sv_timekeep_base = sv->sv_shared_page_base +
333 			    host_svtk->sv_timekeep_off;
334 #ifdef COMPAT_FREEBSD32
335 		}
336 #endif
337 	}
338 #ifdef RANDOM_FENESTRASX
339 	if ((sv->sv_flags & SV_RNG_SEED_VER) != 0) {
340 		/*
341 		 * Only allocate a single VDSO entry for multiple sysentvecs,
342 		 * i.e., native and COMPAT32.
343 		 */
344 		if (fxrng_shpage_mapping == NULL)
345 			alloc_sv_fxrng_generation();
346 		base = (char *)fxrng_shpage_mapping - shared_page_mapping;
347 		sv->sv_fxrng_gen_base = sv->sv_shared_page_base + base;
348 	}
349 #endif
350 }
351 
352 void
353 exec_sysvec_init_secondary(struct sysentvec *sv, struct sysentvec *sv2)
354 {
355 	MPASS((sv2->sv_flags & SV_ABI_MASK) == (sv->sv_flags & SV_ABI_MASK));
356 	MPASS((sv2->sv_flags & SV_TIMEKEEP) == (sv->sv_flags & SV_TIMEKEEP));
357 	MPASS((sv2->sv_flags & SV_SHP) != 0 && (sv->sv_flags & SV_SHP) != 0);
358 	MPASS((sv2->sv_flags & SV_RNG_SEED_VER) ==
359 	    (sv->sv_flags & SV_RNG_SEED_VER));
360 
361 	sv2->sv_shared_page_obj = sv->sv_shared_page_obj;
362 	sv2->sv_sigcode_base = sv2->sv_shared_page_base +
363 	    (sv->sv_sigcode_base - sv->sv_shared_page_base);
364 	if ((sv2->sv_flags & SV_ABI_MASK) != SV_ABI_FREEBSD)
365 		return;
366 	if ((sv2->sv_flags & SV_TIMEKEEP) != 0) {
367 		sv2->sv_timekeep_base = sv2->sv_shared_page_base +
368 		    (sv->sv_timekeep_base - sv->sv_shared_page_base);
369 	}
370 	if ((sv2->sv_flags & SV_RNG_SEED_VER) != 0) {
371 		sv2->sv_fxrng_gen_base = sv2->sv_shared_page_base +
372 		    (sv->sv_fxrng_gen_base - sv->sv_shared_page_base);
373 	}
374 }
375