Re: CVS commit: src/sys/arch/aarch64
Le 08/08/2018 à 20:13, Ryo Shimizu a écrit : It would be nice to set SCTLR_EL1.WXN, by the way. Yes, It is easy. But should this be synchronized with security.pax.mprotect.enabled? If so, we need a md-hook in the sysctl helper of pax.mprotect.enable. Ah, I misunderstood the meaning of SCTLR_EL1; in fact it also controls EL0. So no, we probably can't set SCTLR_EL1.WXN, because it affects userland too and not just the kernel...
re: CVS commit: src/sys/arch/mips/mips
m...@netbsd.org writes: > Can we use aprint_debug instead? it's not an autoconf message, so, please don't use aprint*(). .mrg. > On Wed, Aug 08, 2018 at 07:50:13AM +, Simon Burge wrote: > > Module Name:src > > Committed By: simonb > > Date: Wed Aug 8 07:50:12 UTC 2018 > > > > Modified Files: > > src/sys/arch/mips/mips: cpu_exec.c > > > > Log Message: > > Make change of ABI printf()s #ifdef DEBUG_EXEC.
Re: CVS commit: src/sys/arch/aarch64
>Also, why don't we tag each userland page with LX_BLKPAG_PXN? Oh... I overlooked that. Certainly, no userland page should not be set executable for kernel. I'll fix. >It would be nice to set SCTLR_EL1.WXN, by the way. Yes, It is easy. But should this be synchronized with security.pax.mprotect.enabled? If so, we need a md-hook in the sysctl helper of pax.mprotect.enable. -- ryo shimizu
Re: CVS commit: src/sys/arch/aarch64
Le 04/08/2018 à 17:24, Ryo Shimizu a écrit : Maybe we should just pass the protection bits in l2_setblocks, and map the kernel text/rodata as RO right away. It would also make it possible to map rodata/data as non executable, with PXN|UXN. (Looking at the code it seems to me rodata/data are executable currently.) We would make three calls, to map .text as RX .rodata as R .data as RW a bit like in amd64[1]. Regarding the DDB ifndef, probably there must be a bit in ARM64 saying "disable page protection", so it could be set when we enter DDB, and we could remove the ifndef. I get it. I need to write db_write_text(), and when I finish, set kernel text/rodata READONLY by default. Ah...I had forgotten deleting execute bit. We need more 2Mbyte alignment between .text/.rodata. I will fix. I see you fixed it, thanks. Also, why don't we tag each userland page with LX_BLKPAG_PXN? It would be nice to set SCTLR_EL1.WXN, by the way.
Re: CVS commit: src/sys/arch/mips/mips
On Wed, Aug 08, 2018 at 10:22:33PM +1000, Simon Burge wrote: > Martin Husemann wrote: > > > On Wed, Aug 08, 2018 at 12:11:39PM +, m...@netbsd.org wrote: > > > On Wed, Aug 08, 2018 at 01:59:46PM +0200, Martin Husemann wrote: > > > > On Wed, Aug 08, 2018 at 11:49:21AM +, m...@netbsd.org wrote: > > > > > Can we use aprint_debug instead? > > > > > > > > It is not even usefull for general debugging IMHO. > > > > > > > > Martin > > > > > > I like the idea of removing the messages entirely. The code was hard to > > > read when I had to do it, and I didn't find those messages helpful. > > > > I meant: I like the way Simon changed it - it will not show up unless > > you are explicitly debugging exec stuff. > > On top of what Martin said, there's a DEBUG_EXEC already in > sys/kern/kern_exec.c . Do these messages still serve a purpose > now that the compat stuff is working? I can't answer that! I can, because I fixed the compat stuff.
Re: CVS commit: src/sys/arch/mips/mips
On Wed, 8 Aug 2018, Martin Husemann wrote: On Wed, Aug 08, 2018 at 12:11:39PM +, m...@netbsd.org wrote: On Wed, Aug 08, 2018 at 01:59:46PM +0200, Martin Husemann wrote: On Wed, Aug 08, 2018 at 11:49:21AM +, m...@netbsd.org wrote: Can we use aprint_debug instead? It is not even usefull for general debugging IMHO. Martin I like the idea of removing the messages entirely. The code was hard to read when I had to do it, and I didn't find those messages helpful. I meant: I like the way Simon changed it - it will not show up unless you are explicitly debugging exec stuff. Well, it could remain conditional, and in addition use aprint_debug() instead of printf(). So even if you've compiled it in, you don't see anything unless you also boot with debug (ie, boot -x). +--+--++ | Paul Goyette | PGP Key fingerprint: | E-mail addresses: | | (Retired)| FA29 0E3B 35AF E8AE 6651 | paul at whooppee dot com | | Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd dot org | +--+--++
Re: CVS commit: src/sys/arch/mips/mips
Martin Husemann wrote: > On Wed, Aug 08, 2018 at 12:11:39PM +, m...@netbsd.org wrote: > > On Wed, Aug 08, 2018 at 01:59:46PM +0200, Martin Husemann wrote: > > > On Wed, Aug 08, 2018 at 11:49:21AM +, m...@netbsd.org wrote: > > > > Can we use aprint_debug instead? > > > > > > It is not even usefull for general debugging IMHO. > > > > > > Martin > > > > I like the idea of removing the messages entirely. The code was hard to > > read when I had to do it, and I didn't find those messages helpful. > > I meant: I like the way Simon changed it - it will not show up unless > you are explicitly debugging exec stuff. On top of what Martin said, there's a DEBUG_EXEC already in sys/kern/kern_exec.c . Do these messages still serve a purpose now that the compat stuff is working? I can't answer that! Cheers, Simon.
Re: CVS commit: src/sys/arch/mips/mips
On Wed, Aug 08, 2018 at 12:11:39PM +, m...@netbsd.org wrote: > On Wed, Aug 08, 2018 at 01:59:46PM +0200, Martin Husemann wrote: > > On Wed, Aug 08, 2018 at 11:49:21AM +, m...@netbsd.org wrote: > > > Can we use aprint_debug instead? > > > > It is not even usefull for general debugging IMHO. > > > > Martin > > I like the idea of removing the messages entirely. The code was hard to > read when I had to do it, and I didn't find those messages helpful. I meant: I like the way Simon changed it - it will not show up unless you are explicitly debugging exec stuff. Martin
Re: CVS commit: src/sys/arch/mips/mips
On Wed, Aug 08, 2018 at 01:59:46PM +0200, Martin Husemann wrote: > On Wed, Aug 08, 2018 at 11:49:21AM +, m...@netbsd.org wrote: > > Can we use aprint_debug instead? > > It is not even usefull for general debugging IMHO. > > Martin I like the idea of removing the messages entirely. The code was hard to read when I had to do it, and I didn't find those messages helpful.
Re: CVS commit: src/sys/arch/mips/mips
On Wed, Aug 08, 2018 at 11:49:21AM +, m...@netbsd.org wrote: > Can we use aprint_debug instead? It is not even usefull for general debugging IMHO. Martin
Re: CVS commit: src/sys/arch/mips/mips
Can we use aprint_debug instead?
On Wed, Aug 08, 2018 at 07:50:13AM +, Simon Burge wrote:
> Module Name: src
> Committed By: simonb
> Date: Wed Aug 8 07:50:12 UTC 2018
>
> Modified Files:
> src/sys/arch/mips/mips: cpu_exec.c
>
> Log Message:
> Make change of ABI printf()s #ifdef DEBUG_EXEC.
>
>
> To generate a diff of this commit:
> cvs rdiff -u -r1.65 -r1.66 src/sys/arch/mips/mips/cpu_exec.c
>
> Please note that diffs are not public domain; they are subject to the
> copyright notices on the relevant files.
>
> Modified files:
>
> Index: src/sys/arch/mips/mips/cpu_exec.c
> diff -u src/sys/arch/mips/mips/cpu_exec.c:1.65
> src/sys/arch/mips/mips/cpu_exec.c:1.66
> --- src/sys/arch/mips/mips/cpu_exec.c:1.65Sun Oct 16 10:57:58 2016
> +++ src/sys/arch/mips/mips/cpu_exec.c Wed Aug 8 07:50:12 2018
> @@ -1,4 +1,4 @@
> -/* $NetBSD: cpu_exec.c,v 1.65 2016/10/16 10:57:58 maxv Exp $ */
> +/* $NetBSD: cpu_exec.c,v 1.66 2018/08/08 07:50:12 simonb Exp $ */
>
> /*
> * Copyright (c) 1992, 1993
> @@ -35,7 +35,7 @@
> */
>
> #include
> -__KERNEL_RCSID(0, "$NetBSD: cpu_exec.c,v 1.65 2016/10/16 10:57:58 maxv Exp
> $");
> +__KERNEL_RCSID(0, "$NetBSD: cpu_exec.c,v 1.66 2018/08/08 07:50:12 simonb Exp
> $");
>
> #include "opt_compat_netbsd.h"
> #include "opt_compat_ultrix.h"
> @@ -96,7 +96,9 @@ mips_netbsd_elf32_probe(struct lwp *l, s
> {
> struct proc * const p = l->l_proc;
> const Elf32_Ehdr * const eh = eh0;
> +#ifdef DEBUG_EXEC
> int old_abi = p->p_md.md_abi;
> +#endif /* DEBUG_EXEC */
> const char *itp_suffix = NULL;
>
> /*
> @@ -138,8 +140,10 @@ mips_netbsd_elf32_probe(struct lwp *l, s
> case EF_MIPS_ABI2:
> itp_suffix = "n32";
> p->p_md.md_abi = _MIPS_BSD_API_N32;
> +#ifdef DEBUG_EXEC
> if (old_abi != p->p_md.md_abi)
> printf("pid %d(%s): ABI set to N32 (e_flags=%#x)\n",
> p->p_pid, p->p_comm, eh->e_flags);
> +#endif /* DEBUG_EXEC */
> break;
> #endif
> #ifdef COMPAT_16
> @@ -150,9 +154,11 @@ mips_netbsd_elf32_probe(struct lwp *l, s
> case EF_MIPS_ABI_O32:
> itp_suffix = "o32";
> p->p_md.md_abi = _MIPS_BSD_API_O32;
> +#ifdef DEBUG_EXEC
> if (old_abi != p->p_md.md_abi)
> printf("pid %d(%s): ABI set to O32 (e_flags=%#x)\n",
> p->p_pid, p->p_comm, eh->e_flags);
> break;
> +#endif /* DEBUG_EXEC */
> default:
> return ENOEXEC;
> }
> @@ -208,7 +214,9 @@ mips_netbsd_elf64_probe(struct lwp *l, s
> {
> struct proc * const p = l->l_proc;
> const Elf64_Ehdr * const eh = eh0;
> +#ifdef DEBUG_EXEC
> int old_abi = p->p_md.md_abi;
> +#endif /* DEBUG_EXEC */
> const char *itp_suffix = NULL;
>
> switch (eh->e_flags & EF_MIPS_ARCH) {
> @@ -247,14 +255,18 @@ mips_netbsd_elf64_probe(struct lwp *l, s
> case 0:
> itp_suffix = "64";
> p->p_md.md_abi = _MIPS_BSD_API_N64;
> +#ifdef DEBUG_EXEC
> if (old_abi != p->p_md.md_abi)
> printf("pid %d(%s): ABI set to N64 (e_flags=%#x)\n",
> p->p_pid, p->p_comm, eh->e_flags);
> +#endif /* DEBUG_EXEC */
> break;
> case EF_MIPS_ABI_O64:
> itp_suffix = "o64";
> p->p_md.md_abi = _MIPS_BSD_API_O64;
> +#ifdef DEBUG_EXEC
> if (old_abi != p->p_md.md_abi)
> printf("pid %d(%s): ABI set to O64 (e_flags=%#x)\n",
> p->p_pid, p->p_comm, eh->e_flags);
> +#endif /* DEBUG_EXEC */
> break;
> default:
> return ENOEXEC;
>
