On amd64 machines without the NX feature enabled, we can't distinguish

between page faults as a result of instruction fetches or normal data
access.  Handle this in the same way as we do on landisk: if handling
the fault with access type PROT_READ fails, retry with PROT_EXEC.
Fortunately we know whether NX is enabled or nor so only do this when
it isn't.  Nobody should be running an amd64 machine without NX!

ok deraadt@, miod@

diff --git a/sys/arch/amd64/amd64/trap.c b/sys/arch/amd64/amd64/trap.c
index 27573bb..09574bc 100644 (file)
--- a/sys/arch/amd64/amd64/trap.c
+++ b/sys/arch/amd64/amd64/trap.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: trap.c,v 1.94 2023/01/16 05:32:04 deraadt Exp $       */
+/*     $OpenBSD: trap.c,v 1.95 2023/01/17 08:03:51 kettenis Exp $      */
 /*     $NetBSD: trap.c,v 1.2 2003/05/04 23:51:56 fvdl Exp $    */
 
 /*-
@@ -178,7 +178,13 @@ upageflttrap(struct trapframe *frame, uint64_t cr2)
        union sigval sv;
        int signal, sicode, error;
 
+       /*
+        * If NX is not enabled, we cant distinguish between PROT_READ
+        * and PROT_EXEC access, so try both.
+        */
        error = uvm_fault(&p->p_vmspace->vm_map, va, 0, access_type);
+       if (pg_nx == 0 && error == EACCES && access_type == PROT_READ)
+               error = uvm_fault(&p->p_vmspace->vm_map, va, 0, PROT_EXEC);
        if (error == 0) {
                uvm_grow(p, va);
                return 1;