From 2d9cac54eb40d2bebf31a1864371a0eb278feab9 Mon Sep 17 00:00:00 2001 From: kettenis Date: Thu, 25 Aug 2016 08:17:57 +0000 Subject: [PATCH] Enable the UWXN bit in the SCTRL register when available. This should prevent the kernel from accidentally executing userland pages that are writable. ok jsg@, patrick@ --- sys/arch/arm/arm/cpufunc.c | 13 ++++++++++++- sys/arch/arm/include/armreg.h | 4 +++- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/sys/arch/arm/arm/cpufunc.c b/sys/arch/arm/arm/cpufunc.c index fbf9c82f25c..f90d13bf4ae 100644 --- a/sys/arch/arm/arm/cpufunc.c +++ b/sys/arch/arm/arm/cpufunc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cpufunc.c,v 1.47 2016/08/22 01:41:59 jsg Exp $ */ +/* $OpenBSD: cpufunc.c,v 1.48 2016/08/25 08:17:57 kettenis Exp $ */ /* $NetBSD: cpufunc.c,v 1.65 2003/11/05 12:53:15 scw Exp $ */ /* @@ -529,6 +529,7 @@ armv7_setup() { uint32_t auxctrl, auxctrlmask; uint32_t cpuctrl, cpuctrlmask; + uint32_t id_pfr1; auxctrl = auxctrlmask = 0; @@ -569,6 +570,16 @@ armv7_setup() if (vector_page == ARM_VECTORS_HIGH) cpuctrl |= CPU_CONTROL_VECRELOC; + /* + * Check for the Virtualization Extensions and enable UWXN of + * those are included. + */ + __asm volatile("mrc p15, 0, %0, c0, c1, 1" : "=r"(id_pfr1)); + if ((id_pfr1 & 0x0000f000) == 0x00001000) { + cpuctrlmask |= CPU_CONTROL_UWXN; + cpuctrl |= CPU_CONTROL_UWXN; + } + /* Clear out the cache */ cpu_idcache_wbinv_all(); diff --git a/sys/arch/arm/include/armreg.h b/sys/arch/arm/include/armreg.h index 542e29bb4c7..5f710634124 100644 --- a/sys/arch/arm/include/armreg.h +++ b/sys/arch/arm/include/armreg.h @@ -1,4 +1,4 @@ -/* $OpenBSD: armreg.h,v 1.36 2016/08/24 13:09:52 kettenis Exp $ */ +/* $OpenBSD: armreg.h,v 1.37 2016/08/25 08:17:57 kettenis Exp $ */ /* $NetBSD: armreg.h,v 1.27 2003/09/06 08:43:02 rearnsha Exp $ */ /* @@ -248,6 +248,8 @@ #define CPU_CONTROL_L2 (1<<25) /* L2: L2 cache enable */ /* added with v7 */ +#define CPU_CONTROL_WXN (1<<19) /* WXN: Write implies XN */ +#define CPU_CONTROL_UWXN (1<<20) /* UWXN: Unpriv write implies XN */ #define CPU_CONTROL_NMFI (1<<27) /* NMFI: Non Maskable fast interrupt */ #define CPU_CONTROL_TRE (1<<28) /* TRE: TEX Remap Enable */ #define CPU_CONTROL_AFE (1<<29) /* AFE: Access Flag Enable */ -- 2.20.1