OS-6239: Simplify SMAP relocations with krtld

Details

Issue Type:Bug
Priority:4 - Normal
Status:Resolved
Created at:2017-07-19T18:26:04.000Z
Updated at:2020-04-07T20:57:38.030Z

People

Created by:Former user
Reported by:Former user
Assigned to:Former user

Resolution

Fixed: A fix for this issue is checked into the tree and tested.
(Resolution Date: 2017-10-10T20:45:12.000Z)

Fix Versions

2017-10-12 Cactaur Island (Release Date: 2017-10-12)

Description

Today, SMAP is enabled and disabled by making a function call to smap_enable and smap_disable at the appropriate times. It would be cleaner, and faster, to simply arrange for the appropriate instructions to appear in place of those calls. We can achieve this in krtld by adjusting the program text in a similar fashion to that used for DTrace SDT probe sites.

Comments

Comment by Former user
Created at 2017-07-19T18:37:45.000Z
Updated at 2017-12-14T17:35:44.615Z

https://cr.joyent.us/#/c/2234/


Comment by Former user
Created at 2017-09-11T18:15:45.000Z
Updated at 2017-12-14T17:35:44.488Z

Summary of Changes


Comment by Former user
Created at 2017-09-11T18:56:29.000Z
Updated at 2017-12-14T17:35:44.688Z

Testing

Because this feature is only supported on AMD64 machines with SMAP it is
important to test several types of machines. Most importantly:

----

Test procedures:

  1. Boot to kmdb
    • Run: startup_smap::dis
    • Success for machines that support SMAP:
      • The "smap_enable" at the end of the function should be replaced with: "clac, nop, nop"
    • Success for machines that do not support SMAP, the "smap_enable" at the end of the function should be replaced with: "nop, nop, nop, nop, nop"
    • Failure: Crash
  2. Boot to login
    • Run: mdb -k; dtrace_copy::dis
    • Success for machines that support SMAP:
      • The "smap_disable" at the beginning of the function should be replaced with: "stac, nop, nop"
      • The "smap_enable" at the end of the function should be replaced with: "clac, nop, nop"
    • Success for machines that do not support SMAP:
      • The "smap_disable" at the beginning of the function should be replaced with: "nop, nop, nop, nop, nop"
      • the "smap_enable" at the end of the function should be replaced with: "nop, nop, nop, nop, nop"
    • Failure: Crash

----

Machines Tested

Further Testing:


Comment by Former user
Created at 2017-09-11T23:21:08.000Z
Updated at 2017-12-14T17:35:44.291Z

@accountid:62431b8f258562006fa2866a shipped me a driver to test out SMAP. Here is the output from a driver that attempts to dereference a userspace address. This proves SMAP is working correctly on machines that support it.

[root@00-0c-29-58-5d-8d /zones/home/vmloop-smap-new]# ./a.out

panic[cpu0]/thread=ffffff01ab3770c0: BAD TRAP: type=e (#pf Page fault) rp=ffffff000468bb70 addr=8050ff0 occurred in module "vmloop" due to an illegal access to a user address

a.out: #pf Page fault
Bad kernel fault at addr=0x8050ff0
pid=108003, pc=0xfffffffff7f40e71, sp=0xffffff000468bc60, eflags=0x10282
cr0: 8005003b<pg,wp,ne,et,ts,mp,pe> cr4: 3406b8<smap,smep,osxsav,xmme,fxsr,pge,pae,pse,de>
cr2: 8050ff0cr3: 1f120000cr8: 0

        rdi:       c500000000 rsi:               42 rdx:          8050ff0
        rcx:           100003  r8: ffffff02100d37e0  r9: ffffff000468be48
        rax: ffffffffc0122f40 rbx: ffffff021c650100 rbp: ffffff000468bc60
        r10:               c5 r11:                0 r12:                3
        r13:               42 r14:          8050ff0 r15:                3
        fsb:                0 gsb: fffffffffbc478e0  ds:               4b
         es:               4b  fs:                0  gs:              1c3
        trp:                e err:                1 rip: fffffffff7f40e71
         cs:               30 rfl:            10282 rsp: ffffff000468bc60
         ss:               38

CPU          ADDRESS    TIMESTAMP TYPE  VC HANDLER          PC
  0 fffffffffbc28e80   c74f6cc3a1 trap   e #pf              vmloop_ioctl+4
  0 fffffffffbc28d08   c74f6caad9 syse  36 ioctl            feee6c35
  0 fffffffffbc28b90   c74f6ae351 syse   5 open32           feee9133
  0 fffffffffbc28a18   c74f6a58ae trap   e #pf              feeb8f31
  0 fffffffffbc288a0   c74f69b77d trap   e #pf              feed17ae
  0 fffffffffbc28728   c74f69842f syse  32 sysi86           feee9185
  0 fffffffffbc285b0   c74f69373f sysc  ac lwp_cond_broadca fefe4527
  0 fffffffffbc28438   c74f6916e1 sysc  ac lwp_cond_broadca fefe4527
  0 fffffffffbc282c0   c74f68886d trap   e #pf              fee5a750
  0 fffffffffbc28148   c74f6858d7 trap   e #pf              fee5a750

ffffff000468ba50 unix:real_mode_stop_cpu_stage2_end+bae4 ()
ffffff000468bb60 unix:trap+17db ()
ffffff000468bb70 unix:_cmntrap+1ca ()
ffffff000468bc60 vmloop:vmloop_ioctl+4 ()
ffffff000468bca0 genunix:cdev_ioctl+39 ()
ffffff000468bcf0 specfs:spec_ioctl+60 ()
ffffff000468bd80 genunix:fop_ioctl+55 ()
ffffff000468bea0 genunix:ioctl+9b ()
ffffff000468bf00 unix:brand_sys_sysenter+2be ()

A machine without SMAP should run the same code without a panic. The following output shows this is the case:

[root@92-49-1a-ba-df-af /var/tmp/sam/vmloop-smap-panic]# sh install.sh
[root@92-49-1a-ba-df-af /var/tmp/sam/vmloop-smap-panic]# ./a.out
ioctl returned 0

Comment by Former user
Created at 2017-10-03T16:54:01.000Z

illumos-joyent commit f408efb (branch master, by Sam Gwydir)

OS-6239 Simplify SMAP relocations with krtld


Comment by Former user
Created at 2019-10-22T11:30:16.632Z

For future reference: I tried upstreaming these changes, but they panic during boot. Without serial console , I couldn't really debug any further.