Re: amd64 SMEP SMAP trap panic print

Thu, 09 Jan 2020 03:02:38 -0800 

> Date: Thu, 9 Jan 2020 10:42:55 +0100
> From: Alexander Bluhm <alexander.bl...@gmx.net>
> 
> On Thu, Dec 26, 2019 at 08:12:50PM +0100, Alexander Bluhm wrote:
> > Any more concerns or can this be commited?
> 
> Any ok?
> 
> > Index: arch/amd64/amd64/db_trace.c
> > ===================================================================
> > RCS file: /data/mirror/openbsd/cvs/src/sys/arch/amd64/amd64/db_trace.c,v
> > retrieving revision 1.47
> > diff -u -p -r1.47 db_trace.c
> > --- arch/amd64/amd64/db_trace.c     10 Nov 2019 10:03:33 -0000      1.47
> > +++ arch/amd64/amd64/db_trace.c     26 Dec 2019 19:08:35 -0000
> > @@ -150,7 +150,7 @@ db_stack_trace_print(db_expr_t addr, int
> >                     name = NULL;
> >             }
> >
> > -           if (lastframe == 0 && sym == NULL) {
> > +           if (lastframe == 0 && sym == NULL && callpc != 0) {
> >                     /* Symbol not found, peek at code */
> >                     unsigned long instr = db_get_value(callpc, 8, 0);
> >
> > Index: arch/amd64/amd64/trap.c
> > ===================================================================
> > RCS file: /data/mirror/openbsd/cvs/src/sys/arch/amd64/amd64/trap.c,v
> > retrieving revision 1.77
> > diff -u -p -r1.77 trap.c
> > --- arch/amd64/amd64/trap.c 6 Sep 2019 12:22:01 -0000       1.77
> > +++ arch/amd64/amd64/trap.c 26 Dec 2019 19:08:35 -0000
> > @@ -77,6 +77,7 @@
> >  #include <sys/signal.h>
> >  #include <sys/syscall.h>
> >  #include <sys/syscall_mi.h>
> > +#include <sys/stdarg.h>
> >
> >  #include <uvm/uvm_extern.h>
> >
> > @@ -132,6 +133,24 @@ static inline void verify_smap(const cha
> >  static inline void debug_trap(struct trapframe *_frame, struct proc *_p,
> >      long _type);
> >
> > +static inline int
> > +fault(const char *format, ...)
> > +{
> > +   static char faultbuf[512];
> > +   va_list ap;
> > +
> > +   /*
> > +    * Save the fault info for DDB and retain the kernel lock to keep
> > +    * faultbuf from being overwritten by another CPU.
> > +    */

By splitting this out, the "retain the kernel lock" bit of the
comment doesn't make a lot of sense anymore...

> > +   va_start(ap, format);
> > +   vsnprintf(faultbuf, sizeof faultbuf, format, ap);
> > +   va_end(ap);
> > +   printf("%s\n", faultbuf);
> > +   faultstr = faultbuf;
> > +   return 0;
> > +}
> > +
> >  /*
> >   * pageflttrap(frame, usermode): page fault handler
> >   * Returns non-zero if the fault was handled (possibly by generating
> > @@ -160,16 +179,14 @@ pageflttrap(struct trapframe *frame, int
> >     KERNEL_LOCK();
> >
> >     if (!usermode) {
> > -           extern struct vm_map *kernel_map;
> > -
> >             /* This will only trigger if SMEP is enabled */
> >             if (cr2 <= VM_MAXUSER_ADDRESS && frame->tf_err & PGEX_I)
> > -                   panic("attempt to execute user address %p "
> > +                   return fault("attempt to execute user address %p "
> >                         "in supervisor mode", (void *)cr2);
> >             /* This will only trigger if SMAP is enabled */
> >             if (pcb->pcb_onfault == NULL && cr2 <= VM_MAXUSER_ADDRESS &&
> >                 frame->tf_err & PGEX_P)
> > -                   panic("attempt to access user address %p "
> > +                   return fault("attempt to access user address %p "
> >                         "in supervisor mode", (void *)cr2);
> >
> >             /*
> > @@ -211,18 +228,9 @@ pageflttrap(struct trapframe *frame, int
> >                     frame->tf_rip = (u_int64_t)pcb->pcb_onfault;
> >                     return 1;
> >             } else {
> > -                   /*
> > -                    * Bad memory access in the kernel; save the fault
> > -                    * info for DDB and retain the kernel lock to keep
> > -                    * faultbuf from being overwritten by another CPU.
> > -                    */
> > -                   static char faultbuf[512];
> > -                   snprintf(faultbuf, sizeof faultbuf,
> > -                       "uvm_fault(%p, 0x%llx, 0, %d) -> %x",
> > +                   /* bad memory access in the kernel */
> > +                   return fault("uvm_fault(%p, 0x%llx, 0, %d) -> %x",
> >                         map, cr2, ftype, error);
> > -                   printf("%s\n", faultbuf);
> > -                   faultstr = faultbuf;
> > -                   return 0;
> >             }
> >     } else {
> >             union sigval sv;
> > @@ -395,7 +403,7 @@ trap_print(struct trapframe *frame, int
> >     printf(" in %s mode\n", KERNELMODE(frame->tf_cs, frame->tf_rflags) ?
> >         "supervisor" : "user");
> >     printf("trap type %d code %llx rip %llx cs %llx rflags %llx cr2 "
> > -          " %llx cpl %x rsp %llx\n",
> > +          "%llx cpl %x rsp %llx\n",
> >         type, frame->tf_err, frame->tf_rip, frame->tf_cs,
> >         frame->tf_rflags, rcr2(), curcpu()->ci_ilevel, frame->tf_rsp);
> >     printf("gsbase %p  kgsbase %p\n",
> > Index: ddb/db_examine.c
> > ===================================================================
> > RCS file: /data/mirror/openbsd/cvs/src/sys/ddb/db_examine.c,v
> > retrieving revision 1.26
> > diff -u -p -r1.26 db_examine.c
> > --- ddb/db_examine.c        7 Nov 2019 13:16:25 -0000       1.26
> > +++ ddb/db_examine.c        26 Dec 2019 19:08:35 -0000
> > @@ -288,8 +288,10 @@ void
> >  db_print_loc_and_inst(vaddr_t loc)
> >  {
> >     db_printsym(loc, DB_STGY_PROC, db_printf);
> > -   db_printf(":\t");
> > -   (void) db_disasm(loc, 0);
> > +   if (loc != 0) {
> > +           db_printf(":\t");
> > +           db_disasm(loc, 0);
> > +   }
> >  }
> >
> >  /* local copy is needed here so that we can trace strlcpy() in libkern */
> >
> 
>

Reply via email to