Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/sun4/os/mlsetup.c
+++ new/usr/src/uts/sun4/os/mlsetup.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 24 */
25 25
26 26 #include <sys/types.h>
27 27 #include <sys/systm.h>
28 28 #include <sys/archsystm.h>
29 29 #include <sys/machsystm.h>
30 30 #include <sys/disp.h>
31 31 #include <sys/autoconf.h>
32 32 #include <sys/promif.h>
33 33 #include <sys/prom_plat.h>
34 34 #include <sys/promimpl.h>
35 35 #include <sys/platform_module.h>
36 36 #include <sys/clock.h>
37 37 #include <sys/pte.h>
38 38 #include <sys/scb.h>
39 39 #include <sys/cpu.h>
40 40 #include <sys/stack.h>
41 41 #include <sys/intreg.h>
42 42 #include <sys/ivintr.h>
43 43 #include <vm/as.h>
44 44 #include <vm/hat_sfmmu.h>
45 45 #include <sys/reboot.h>
46 46 #include <sys/sysmacros.h>
47 47 #include <sys/vtrace.h>
48 48 #include <sys/trap.h>
49 49 #include <sys/machtrap.h>
50 50 #include <sys/privregs.h>
51 51 #include <sys/machpcb.h>
52 52 #include <sys/proc.h>
53 53 #include <sys/cpupart.h>
54 54 #include <sys/pset.h>
55 55 #include <sys/cpu_module.h>
56 56 #include <sys/copyops.h>
57 57 #include <sys/panic.h>
58 58 #include <sys/bootconf.h> /* for bootops */
59 59 #include <sys/pg.h>
60 60 #include <sys/kdi.h>
61 61 #include <sys/fpras.h>
62 62
63 63 #include <sys/prom_debug.h>
64 64 #include <sys/debug.h>
65 65
66 66 #include <sys/sunddi.h>
67 67 #include <sys/lgrp.h>
68 68 #include <sys/traptrace.h>
69 69
70 70 #include <sys/kobj_impl.h>
71 71 #include <sys/kdi_machimpl.h>
72 72
73 73 /*
74 74 * External Routines:
75 75 */
76 76 extern void map_wellknown_devices(void);
77 77 extern void hsvc_setup(void);
78 78 extern void mach_descrip_startup_init(void);
79 79 extern void mach_soft_state_init(void);
80 80
81 81 int dcache_size;
82 82 int dcache_linesize;
83 83 int icache_size;
84 84 int icache_linesize;
85 85 int ecache_size;
86 86 int ecache_alignsize;
87 87 int ecache_associativity;
88 88 int ecache_setsize; /* max possible e$ setsize */
89 89 int cpu_setsize; /* max e$ setsize of configured cpus */
90 90 int dcache_line_mask; /* spitfire only */
91 91 int vac_size; /* cache size in bytes */
92 92 uint_t vac_mask; /* VAC alignment consistency mask */
93 93 int vac_shift; /* log2(vac_size) for ppmapout() */
94 94 int vac = 0; /* virtual address cache type (none == 0) */
95 95
96 96 /*
97 97 * fpRAS. An individual sun4* machine class (or perhaps subclass,
98 98 * eg sun4u/cheetah) must set fpras_implemented to indicate that it implements
99 99 * the fpRAS feature. The feature can be suppressed by setting fpras_disable
100 100 * or the mechanism can be disabled for individual copy operations with
101 101 * fpras_disableids. All these are checked in post_startup() code so
102 102 * fpras_disable and fpras_disableids can be set in /etc/system.
103 103 * If/when fpRAS is implemented on non-sun4 architectures these
104 104 * definitions will need to move up to the common level.
105 105 */
106 106 int fpras_implemented;
107 107 int fpras_disable;
108 108 int fpras_disableids;
109 109
110 110 /*
111 111 * Static Routines:
112 112 */
113 113 static void kern_splr_preprom(void);
114 114 static void kern_splx_postprom(void);
115 115
116 116 /*
117 117 * Setup routine called right before main(). Interposing this function
118 118 * before main() allows us to call it in a machine-independent fashion.
119 119 */
120 120
121 121 void
122 122 mlsetup(struct regs *rp, kfpu_t *fp)
123 123 {
124 124 struct machpcb *mpcb;
125 125
126 126 extern char t0stack[];
127 127 extern struct classfuncs sys_classfuncs;
128 128 extern disp_t cpu0_disp;
129 129 unsigned long long pa;
130 130
131 131 #ifdef TRAPTRACE
132 132 TRAP_TRACE_CTL *ctlp;
133 133 #endif /* TRAPTRACE */
134 134
135 135 /* drop into kmdb on boot -d */
136 136 if (boothowto & RB_DEBUGENTER)
137 137 kmdb_enter();
138 138
139 139 /*
140 140 * initialize cpu_self
141 141 */
142 142 cpu0.cpu_self = &cpu0;
143 143
144 144 /*
145 145 * initialize t0
146 146 */
147 147 t0.t_stk = (caddr_t)rp - REGOFF;
148 148 /* Can't use va_to_pa here - wait until prom_ initialized */
149 149 t0.t_stkbase = t0stack;
150 150 t0.t_pri = maxclsyspri - 3;
151 151 t0.t_schedflag = TS_LOAD | TS_DONT_SWAP;
152 152 t0.t_procp = &p0;
153 153 t0.t_plockp = &p0lock.pl_lock;
154 154 t0.t_lwp = &lwp0;
155 155 t0.t_forw = &t0;
156 156 t0.t_back = &t0;
157 157 t0.t_next = &t0;
158 158 t0.t_prev = &t0;
159 159 t0.t_cpu = &cpu0; /* loaded by _start */
160 160 t0.t_disp_queue = &cpu0_disp;
161 161 t0.t_bind_cpu = PBIND_NONE;
162 162 t0.t_bind_pset = PS_NONE;
163 163 t0.t_bindflag = (uchar_t)default_binding_mode;
164 164 t0.t_cpupart = &cp_default;
165 165 t0.t_clfuncs = &sys_classfuncs.thread;
166 166 t0.t_copyops = NULL;
167 167 THREAD_ONPROC(&t0, CPU);
168 168
169 169 lwp0.lwp_thread = &t0;
170 170 lwp0.lwp_procp = &p0;
171 171 lwp0.lwp_regs = (void *)rp;
172 172 t0.t_tid = p0.p_lwpcnt = p0.p_lwprcnt = p0.p_lwpid = 1;
173 173
174 174 mpcb = lwptompcb(&lwp0);
175 175 mpcb->mpcb_fpu = fp;
176 176 mpcb->mpcb_fpu->fpu_q = mpcb->mpcb_fpu_q;
177 177 mpcb->mpcb_thread = &t0;
178 178 lwp0.lwp_fpu = (void *)mpcb->mpcb_fpu;
179 179
180 180 p0.p_exec = NULL;
181 181 p0.p_stat = SRUN;
|
↓ open down ↓ |
181 lines elided |
↑ open up ↑ |
182 182 p0.p_flag = SSYS;
183 183 p0.p_tlist = &t0;
184 184 p0.p_stksize = 2*PAGESIZE;
185 185 p0.p_stkpageszc = 0;
186 186 p0.p_as = &kas;
187 187 p0.p_lockp = &p0lock;
188 188 p0.p_utraps = NULL;
189 189 p0.p_brkpageszc = 0;
190 190 p0.p_t1_lgrpid = LGRP_NONE;
191 191 p0.p_tr_lgrpid = LGRP_NONE;
192 + psecflags_default(&p0.p_secflags);
192 193 sigorset(&p0.p_ignore, &ignoredefault);
193 194
195 +
194 196 CPU->cpu_thread = &t0;
195 197 CPU->cpu_dispthread = &t0;
196 198 bzero(&cpu0_disp, sizeof (disp_t));
197 199 CPU->cpu_disp = &cpu0_disp;
198 200 CPU->cpu_disp->disp_cpu = CPU;
199 201 CPU->cpu_idle_thread = &t0;
200 202 CPU->cpu_flags = CPU_RUNNING;
201 203 CPU->cpu_id = getprocessorid();
202 204 CPU->cpu_dispatch_pri = t0.t_pri;
203 205
204 206 /*
205 207 * Initialize thread/cpu microstate accounting
206 208 */
207 209 init_mstate(&t0, LMS_SYSTEM);
208 210 init_cpu_mstate(CPU, CMS_SYSTEM);
209 211
210 212 /*
211 213 * Initialize lists of available and active CPUs.
212 214 */
213 215 cpu_list_init(CPU);
214 216
215 217 cpu_vm_data_init(CPU);
216 218
217 219 pg_cpu_bootstrap(CPU);
218 220
219 221 (void) prom_set_preprom(kern_splr_preprom);
220 222 (void) prom_set_postprom(kern_splx_postprom);
221 223 PRM_INFO("mlsetup: now ok to call prom_printf");
222 224
223 225 mpcb->mpcb_pa = va_to_pa(t0.t_stk);
224 226
225 227 /*
226 228 * Claim the physical and virtual resources used by panicbuf,
227 229 * then map panicbuf. This operation removes the phys and
228 230 * virtual addresses from the free lists.
229 231 */
230 232 if (prom_claim_virt(PANICBUFSIZE, panicbuf) != panicbuf)
231 233 prom_panic("Can't claim panicbuf virtual address");
232 234
233 235 if (prom_retain("panicbuf", PANICBUFSIZE, MMU_PAGESIZE, &pa) != 0)
234 236 prom_panic("Can't allocate retained panicbuf physical address");
235 237
236 238 if (prom_map_phys(-1, PANICBUFSIZE, panicbuf, pa) != 0)
237 239 prom_panic("Can't map panicbuf");
238 240
239 241 PRM_DEBUG(panicbuf);
240 242 PRM_DEBUG(pa);
241 243
242 244 /*
243 245 * Negotiate hypervisor services, if any
244 246 */
245 247 hsvc_setup();
246 248 mach_soft_state_init();
247 249
248 250 #ifdef TRAPTRACE
249 251 /*
250 252 * initialize the trap trace buffer for the boot cpu
251 253 * XXX todo, dynamically allocate this buffer too
252 254 */
253 255 ctlp = &trap_trace_ctl[CPU->cpu_id];
254 256 ctlp->d.vaddr_base = trap_tr0;
255 257 ctlp->d.offset = ctlp->d.last_offset = 0;
256 258 ctlp->d.limit = TRAP_TSIZE; /* XXX dynamic someday */
257 259 ctlp->d.paddr_base = va_to_pa(trap_tr0);
258 260 #endif /* TRAPTRACE */
259 261
260 262 /*
261 263 * Initialize the Machine Description kernel framework
262 264 */
263 265
264 266 mach_descrip_startup_init();
265 267
266 268 /*
267 269 * initialize HV trap trace buffer for the boot cpu
268 270 */
269 271 mach_htraptrace_setup(CPU->cpu_id);
270 272 mach_htraptrace_configure(CPU->cpu_id);
271 273
272 274 /*
273 275 * lgroup framework initialization. This must be done prior
274 276 * to devices being mapped.
275 277 */
276 278 lgrp_init(LGRP_INIT_STAGE1);
277 279
278 280 cpu_setup();
279 281
280 282 if (boothowto & RB_HALT) {
281 283 prom_printf("unix: kernel halted by -h flag\n");
282 284 prom_enter_mon();
283 285 }
284 286
285 287 setcputype();
286 288 map_wellknown_devices();
287 289 setcpudelay();
288 290 }
289 291
290 292 /*
291 293 * These routines are called immediately before and
292 294 * immediately after calling into the firmware. The
293 295 * firmware is significantly confused by preemption -
294 296 * particularly on MP machines - but also on UP's too.
295 297 */
296 298
297 299 static int saved_spl;
298 300
299 301 static void
300 302 kern_splr_preprom(void)
301 303 {
302 304 saved_spl = spl7();
303 305 }
304 306
305 307 static void
306 308 kern_splx_postprom(void)
307 309 {
308 310 splx(saved_spl);
309 311 }
310 312
311 313
312 314 /*
313 315 * WARNING
314 316 * The code fom here to the end of mlsetup.c runs before krtld has
315 317 * knitted unix and genunix together. It can call routines in unix,
316 318 * but calls into genunix will fail spectacularly. More specifically,
317 319 * calls to prom_*, bop_* and str* will work, everything else is
318 320 * caveat emptor.
319 321 *
320 322 * Also note that while #ifdef sun4u is generally a bad idea, they
321 323 * exist here to concentrate the dangerous code into a single file.
322 324 */
323 325
324 326 static char *
325 327 getcpulist(void)
326 328 {
327 329 pnode_t node;
328 330 /* big enough for OBP_NAME and for a reasonably sized OBP_COMPATIBLE. */
329 331 static char cpubuf[5 * OBP_MAXDRVNAME];
330 332 int nlen, clen, i;
331 333 #ifdef sun4u
332 334 char dname[OBP_MAXDRVNAME];
333 335 #endif
334 336
335 337 node = prom_findnode_bydevtype(prom_rootnode(), OBP_CPU);
336 338 if (node != OBP_NONODE && node != OBP_BADNODE) {
337 339 if ((nlen = prom_getproplen(node, OBP_NAME)) <= 0 ||
338 340 nlen > sizeof (cpubuf) ||
339 341 prom_getprop(node, OBP_NAME, cpubuf) <= 0)
340 342 prom_panic("no name in cpu node");
341 343
342 344 /* nlen includes the terminating null character */
343 345 #ifdef sun4v
344 346 if ((clen = prom_getproplen(node, OBP_COMPATIBLE)) > 0) {
345 347 #else /* sun4u */
346 348 /*
347 349 * For the CMT case, need check the parent "core"
348 350 * node for the compatible property.
349 351 */
350 352 if ((clen = prom_getproplen(node, OBP_COMPATIBLE)) > 0 ||
351 353 ((node = prom_parentnode(node)) != OBP_NONODE &&
352 354 node != OBP_BADNODE &&
353 355 (clen = prom_getproplen(node, OBP_COMPATIBLE)) > 0 &&
354 356 prom_getprop(node, OBP_DEVICETYPE, dname) > 0 &&
355 357 strcmp(dname, "core") == 0)) {
356 358 #endif
357 359 if ((clen + nlen) > sizeof (cpubuf))
358 360 prom_panic("cpu node \"compatible\" too long");
359 361 /* read in compatible, leaving space for ':' */
360 362 if (prom_getprop(node, OBP_COMPATIBLE,
361 363 &cpubuf[nlen]) != clen)
362 364 prom_panic("cpu node \"compatible\" error");
363 365 clen += nlen; /* total length */
364 366 /* convert all null characters to ':' */
365 367 clen--; /* except the final one... */
366 368 for (i = 0; i < clen; i++)
367 369 if (cpubuf[i] == '\0')
368 370 cpubuf[i] = ':';
369 371 }
370 372 #ifdef sun4u
371 373 /*
372 374 * Some PROMs return SUNW,UltraSPARC when they actually have
373 375 * SUNW,UltraSPARC-II cpus. SInce we're now filtering out all
374 376 * SUNW,UltraSPARC systems during the boot phase, we can safely
375 377 * point the auxv CPU value at SUNW,UltraSPARC-II.
376 378 */
377 379 if (strcmp("SUNW,UltraSPARC", cpubuf) == 0)
378 380 (void) strcpy(cpubuf, "SUNW,UltraSPARC-II");
379 381 #endif
380 382 return (cpubuf);
381 383 } else
382 384 return (NULL);
383 385 }
384 386
385 387 /*
386 388 * called immediately from _start to stich the
387 389 * primary modules together
388 390 */
389 391 void
390 392 kobj_start(void *cif)
391 393 {
392 394 Ehdr *ehdr;
393 395 Phdr *phdr;
394 396 uint32_t eadr, padr;
395 397 val_t bootaux[BA_NUM];
396 398 int i;
397 399
398 400 prom_init("kernel", cif);
399 401 bop_init();
400 402 #ifdef DEBUG
401 403 if (bop_getproplen("stop-me") != -1)
402 404 prom_enter_mon();
403 405 #endif
404 406
405 407 if (bop_getprop("elfheader-address", (caddr_t)&eadr) == -1)
406 408 prom_panic("no ELF image");
407 409 ehdr = (Ehdr *)(uintptr_t)eadr;
408 410 for (i = 0; i < BA_NUM; i++)
409 411 bootaux[i].ba_val = NULL;
410 412 bootaux[BA_PHNUM].ba_val = ehdr->e_phnum;
411 413 bootaux[BA_PHENT].ba_val = ehdr->e_phentsize;
412 414 bootaux[BA_LDNAME].ba_ptr = NULL;
413 415
414 416 padr = eadr + ehdr->e_phoff;
415 417 bootaux[BA_PHDR].ba_ptr = (void *)(uintptr_t)padr;
416 418 for (i = 0; i < ehdr->e_phnum; i++) {
417 419 phdr = (Phdr *)((uintptr_t)padr + i * ehdr->e_phentsize);
418 420 if (phdr->p_type == PT_DYNAMIC) {
419 421 bootaux[BA_DYNAMIC].ba_ptr = (void *)phdr->p_vaddr;
420 422 break;
421 423 }
422 424 }
423 425
424 426 bootaux[BA_LPAGESZ].ba_val = MMU_PAGESIZE4M;
425 427 bootaux[BA_PAGESZ].ba_val = MMU_PAGESIZE;
426 428 bootaux[BA_IFLUSH].ba_val = 1;
427 429 bootaux[BA_CPU].ba_ptr = getcpulist();
428 430 bootaux[BA_MMU].ba_ptr = NULL;
429 431
430 432 kobj_init(cif, NULL, bootops, bootaux);
431 433
432 434 /* kernel stitched together; we can now test #pragma's */
433 435 if (&plat_setprop_enter != NULL) {
434 436 prom_setprop_enter = &plat_setprop_enter;
435 437 prom_setprop_exit = &plat_setprop_exit;
436 438 ASSERT(prom_setprop_exit != NULL);
437 439 }
438 440
439 441 }
440 442
441 443 /*
442 444 * Create modpath from kernel name.
443 445 * If we booted:
444 446 * /platform/`uname -i`/kernel/sparcv9/unix
445 447 * or
446 448 * /platform/`uname -m`/kernel/sparcv9/unix
447 449 *
448 450 * then make the modpath:
449 451 * /platform/`uname -i`/kernel /platform/`uname -m`/kernel
450 452 *
451 453 * otherwise, make the modpath the dir the kernel was
452 454 * loaded from, minus any sparcv9 extension
453 455 *
454 456 * note the sparcv9 dir is optional since a unix -> sparcv9/unix
455 457 * symlink is available as a shortcut.
456 458 */
457 459 void
458 460 mach_modpath(char *path, const char *fname)
459 461 {
460 462 char *p;
461 463 int len, compat;
462 464 const char prefix[] = "/platform/";
463 465 char platname[MAXPATHLEN];
464 466 #ifdef sun4u
465 467 char defname[] = "sun4u";
466 468 #else
467 469 char defname[] = "sun4v";
468 470 #endif
469 471 const char suffix[] = "/kernel";
470 472 const char isastr[] = "/sparcv9";
471 473
472 474 /*
473 475 * check for /platform
474 476 */
475 477 p = (char *)fname;
476 478 if (strncmp(p, prefix, sizeof (prefix) - 1) != 0)
477 479 goto nopath;
478 480 p += sizeof (prefix) - 1;
479 481
480 482 /*
481 483 * check for the default name or the platform name.
482 484 * also see if we used the 'compatible' name
483 485 * (platname == default)
484 486 */
485 487 (void) bop_getprop("impl-arch-name", platname);
486 488 compat = strcmp(platname, defname) == 0;
487 489 len = strlen(platname);
488 490 if (strncmp(p, platname, len) == 0)
489 491 p += len;
490 492 else if (strncmp(p, defname, sizeof (defname) - 1) == 0)
491 493 p += sizeof (defname) - 1;
492 494 else
493 495 goto nopath;
494 496
495 497 /*
496 498 * check for /kernel/sparcv9 or just /kernel
497 499 */
498 500 if (strncmp(p, suffix, sizeof (suffix) - 1) != 0)
499 501 goto nopath;
500 502 p += sizeof (suffix) - 1;
501 503 if (strncmp(p, isastr, sizeof (isastr) - 1) == 0)
502 504 p += sizeof (isastr) - 1;
503 505
504 506 /*
505 507 * check we're at the last component
506 508 */
507 509 if (p != strrchr(fname, '/'))
508 510 goto nopath;
509 511
510 512 /*
511 513 * everything is kosher; setup modpath
512 514 */
513 515 (void) strcpy(path, "/platform/");
514 516 (void) strcat(path, platname);
515 517 (void) strcat(path, "/kernel");
516 518 if (!compat) {
517 519 (void) strcat(path, " /platform/");
518 520 (void) strcat(path, defname);
519 521 (void) strcat(path, "/kernel");
520 522 }
521 523 return;
522 524
523 525 nopath:
524 526 /*
525 527 * Construct the directory path from the filename.
526 528 */
527 529 if ((p = strrchr(fname, '/')) == NULL)
528 530 return;
529 531
530 532 while (p > fname && *(p - 1) == '/')
531 533 p--; /* remove trailing '/' characters */
532 534 if (p == fname)
533 535 p++; /* so "/" -is- the modpath in this case */
534 536
535 537 /*
536 538 * Remove optional isa-dependent directory name - the module
537 539 * subsystem will put this back again (!)
538 540 */
539 541 len = p - fname;
540 542 if (len > sizeof (isastr) - 1 &&
541 543 strncmp(&fname[len - (sizeof (isastr) - 1)], isastr,
542 544 sizeof (isastr) - 1) == 0)
543 545 p -= sizeof (isastr) - 1;
544 546 (void) strncpy(path, fname, p - fname);
545 547 }
|
↓ open down ↓ |
342 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX