amd64 SMEP SMAP trap panic print

Thu, 19 Dec 2019 17:53:57 -0800 

Hi,

Can we use the regular trap panic for SMEP and SMAP?  pageflttrap()
returns 0 to print a nice reason in kerntrap().  Especially if ddb
is disabled, additional information is printed.

attempt to access user address 0xe27539f1000 in supervisor mode
fatal page fault in supervisor mode
trap type 6 code 3 rip ffffffff819c2665 cs 8 rflags 10202 cr2 e27539f1000 cpl 0 
rsp ffff80001ffbfe28
gsbase 0xffff80001fb63ff0  kgsbase 0x0
panic: trap type 6, code=3, pc=ffffffff819c2665

While there, prevent a double space in output.

If the kernel calls a NULL function, ddb tries to disassmble at 0
after SMEP.  Don't do that to prevent a fault in ddb.

ok?

bluhm

Index: arch/amd64/amd64/trap.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/arch/amd64/amd64/trap.c,v
retrieving revision 1.77
diff -u -p -r1.77 trap.c
--- arch/amd64/amd64/trap.c     6 Sep 2019 12:22:01 -0000       1.77
+++ arch/amd64/amd64/trap.c     19 Dec 2019 23:46:40 -0000
@@ -163,14 +163,18 @@ pageflttrap(struct trapframe *frame, int
                extern struct vm_map *kernel_map;

                /* This will only trigger if SMEP is enabled */
-               if (cr2 <= VM_MAXUSER_ADDRESS && frame->tf_err & PGEX_I)
-                       panic("attempt to execute user address %p "
-                           "in supervisor mode", (void *)cr2);
+               if (cr2 <= VM_MAXUSER_ADDRESS && frame->tf_err & PGEX_I) {
+                       printf("attempt to execute user address %p "
+                           "in supervisor mode\n", (void *)cr2);
+                       return 0;
+               }
                /* This will only trigger if SMAP is enabled */
                if (pcb->pcb_onfault == NULL && cr2 <= VM_MAXUSER_ADDRESS &&
-                   frame->tf_err & PGEX_P)
-                       panic("attempt to access user address %p "
-                           "in supervisor mode", (void *)cr2);
+                   frame->tf_err & PGEX_P) {
+                       printf("attempt to access user address %p "
+                           "in supervisor mode\n", (void *)cr2);
+                       return 0;
+               }

                /*
                 * It is only a kernel address space fault iff:
@@ -395,7 +399,7 @@ trap_print(struct trapframe *frame, int
        printf(" in %s mode\n", KERNELMODE(frame->tf_cs, frame->tf_rflags) ?
            "supervisor" : "user");
        printf("trap type %d code %llx rip %llx cs %llx rflags %llx cr2 "
-              " %llx cpl %x rsp %llx\n",
+              "%llx cpl %x rsp %llx\n",
            type, frame->tf_err, frame->tf_rip, frame->tf_cs,
            frame->tf_rflags, rcr2(), curcpu()->ci_ilevel, frame->tf_rsp);
        printf("gsbase %p  kgsbase %p\n",
Index: ddb/db_examine.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/ddb/db_examine.c,v
retrieving revision 1.26
diff -u -p -r1.26 db_examine.c
--- ddb/db_examine.c    7 Nov 2019 13:16:25 -0000       1.26
+++ ddb/db_examine.c    20 Dec 2019 00:38:11 -0000
@@ -288,8 +288,10 @@ void
 db_print_loc_and_inst(vaddr_t loc)
 {
        db_printsym(loc, DB_STGY_PROC, db_printf);
-       db_printf(":\t");
-       (void) db_disasm(loc, 0);
+       if (loc) {
+               db_printf(":\t");
+               db_disasm(loc, 0);
+       }
 }

 /* local copy is needed here so that we can trace strlcpy() in libkern */

Reply via email to