CVSROOT: /cvs
Module name: src
Changes by: dera...@cvs.openbsd.org 2023/01/20 09:01:04
Modified files:
sys/arch/amd64/amd64: cpu.c locore.S pmap.c trap.c vector.S
sys/arch/amd64/include: cpufunc.h pte.h
Log message:
On cpu with the PKU feature, prot=PROT_EXEC pages now create pte which
contain PG_XO, which is PKU key1. On every exit from kernel to userland,
force the PKU register to inhibit data read against key1 memory. On
(some) traps into the kernel if the PKU register is changed, abort the
process (processes have no reason to change the PKU register). This
provides us with viable xonly functionality on most modern intel & AMD
cpus. I started with a xsave-based diff from dv@, but discovered the
fpu save/restore logic wasn't a good fit and went to direct register management.
Disabled on HV (vm) systems until we know they handle PKU correctly.
ok kettenis, dv, guenther, etc
