Page MenuHomeFreeBSD

Add per-arch flags to struct vm_map_entry
AbandonedPublic

Authored by andrew on Apr 6 2023, 4:09 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Nov 5, 9:02 PM
Unknown Object (File)
Sun, Nov 3, 8:59 AM
Unknown Object (File)
Wed, Oct 23, 6:07 AM
Unknown Object (File)
Wed, Oct 23, 6:07 AM
Unknown Object (File)
Wed, Oct 23, 5:47 AM
Unknown Object (File)
Sep 29 2024, 10:10 AM
Unknown Object (File)
Sep 29 2024, 1:23 AM
Unknown Object (File)
Sep 27 2024, 9:55 PM
Subscribers

Details

Reviewers
kib
markj
manu
Group Reviewers
arm64
Summary

And pass it to pmap functions that create or modify page table entries
so they can use it to set page table fields that don't fit into the
memory protection attributes.

Sponsored by: Arm Ltd
Sponsored by: The FreeBSD Foundation

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 50794
Build 47685: arc lint + arc unit

Event Timeline

andrew requested review of this revision.Apr 6 2023, 4:09 PM

I've only added the arm64 pmap changes for now. Will add all architectures if there are no problems with this approach.

When I added PKRU support for amd64, I did not extended vm_map. Instead, I added off-vm_map rangeset (see sys/rangeset.h and kern/subr_rangeset.c) to pmap.

IMO it is more correct WRT layering and does not incur even a small cost on architectures that do not use the new data element.

I've looked at moving it to a rangeset, the main issue with that is we don't know when userspace unmaps protected memory in pmap.c. We can't rely on pmap_remove as it can be called in swapout cases.

Another option would be to reserve VM_PROT_* bits for architecture specific use. We have 3 spare bits there so could add VM_PROT_ARCH, however I'm not sure how that would interact with VM_PROT_ALL.

I've looked at moving it to a rangeset, the main issue with that is we don't know when userspace unmaps protected memory in pmap.c. We can't rely on pmap_remove as it can be called in swapout cases.

If this is the main obstacle, we can add e.g. pmap_unmap() method and call it on vm_map_remove(), or even we can enhance pmap_remove() by informing what specifically is the reason for the call.

Another option would be to reserve VM_PROT_* bits for architecture specific use. We have 3 spare bits there so could add VM_PROT_ARCH, however I'm not sure how that would interact with VM_PROT_ALL.

I've looked at moving it to a rangeset, the main issue with that is we don't know when userspace unmaps protected memory in pmap.c. We can't rely on pmap_remove as it can be called in swapout cases.

Another option would be to reserve VM_PROT_* bits for architecture specific use. We have 3 spare bits there so could add VM_PROT_ARCH, however I'm not sure how that would interact with VM_PROT_ALL.

CheriBSD is using two of those; whilst FreeBSD is technically free to use them, it would be a real pain for us downstream I'm sure, so if that can be avoided it would be best.

I've looked at moving it to a rangeset, the main issue with that is we don't know when userspace unmaps protected memory in pmap.c. We can't rely on pmap_remove as it can be called in swapout cases.

Another option would be to reserve VM_PROT_* bits for architecture specific use. We have 3 spare bits there so could add VM_PROT_ARCH, however I'm not sure how that would interact with VM_PROT_ALL.

CheriBSD is using two of those; whilst FreeBSD is technically free to use them, it would be a real pain for us downstream I'm sure, so if that can be avoided it would be best.

The original issue, that the pmap layer doesn't know when userspace unmaps protected memory, is now handled in principle by having separate pmap_remove() and pmap_map_delete() routines.