Set NX on non-code kernel pages

c47ea542 · Silas Boyd-Wickizer · 769c3a47 · c47ea542 · c47ea542 · c47ea542
--- a/boot.S
+++ b/boot.S
@@ -206,10 +206,11 @@ init32e:
 	movl %eax, %cr3
 	
 	# Enable IA-32e mode by setting IA32_EFER.LME = 1.
-	# Also turn on IA32_EFER.SCE (syscall enable).
+	# Also turn on IA32_EFER.SCE (syscall enable) and
+        # IA32_EFER.NXE (no-execute enable).
 	movl $0xc0000080, %ecx
 	rdmsr
-	orl $0x101, %eax
+	orl $((1<<8)|(1<<0)|(1<<11)), %eax
 	wrmsr

 	# Enable paging by setting CR0.PG = 1.

--- a/hwvm.c
+++ b/hwvm.c
@@ -83,34 +83,28 @@ updatepages(pme_t *pml4, void *begin, void *end, int perm)
  }
 }

-static void
-pgmap(void *va, void *last, paddr pa)
+// Map from 0 to 128Gbytes starting at KBASE.
+void
+initpg(char* (*alloc)(void))
 {
-  pme_t *pdp;
-  pme_t *pd;
-  pme_t *sp;
-
-  for (;;) {
-    pdp = descend(kpml4, va, 0, 1, 3);
-    pd = descend(pdp, va, 0, 1, 2);
-    sp = &pd[PX(1,va)];
-    *sp = pa | PTE_W | PTE_P | PTE_PS;
-    if(va == last)
-      break;
+  extern char end[]; 
+  void *va = (void*)KBASE;
+  paddr pa = 0;
+
+  while (va < (void*)(KBASE+(128ull<<30))) {
+    pme_t *pdp = descend(kpml4, va, 0, 1, 3);
+    pme_t *pd = descend(pdp, va, 0, 1, 2);
+    pme_t *sp = &pd[PX(1,va)];
+    u64 flags = PTE_W | PTE_P | PTE_PS;
+    // Set NX for non-code pages
+    if (va >= (void*) end)
+      flags |= PTE_NX;
+    *sp = pa | flags;
    va += PGSIZE*512;
    pa += PGSIZE*512;
  }
 }

-// set up a page table to get off the ground
-void
-initpg(char* (*alloc)(void))
-{
-  // Map first 4GB to KBASE
-  pgmap((void *) (KBASE+(1ull<<30)), (void *) (KBASE+(128ull<<30)), (1ull<<30));
-  // boot.S maps first 1GB to KBASE and gets us running with kpml4
-}
-
 // Set up kernel part of a page table.
 pml4e_t*
 setupkvm(void)

--- a/kernel.ld
+++ b/kernel.ld
@@ -26,5 +26,7 @@ SECTIONS
 	.bss : {
 		*(.bss)
 	}
+        /* 2MByte align, because we set NX on 2MByte super pages. */
+	. = ALIGN(0x200000);
 	PROVIDE(end = .);
 }
--- a/mmu.h
+++ b/mmu.h
@@ -17,6 +17,7 @@
 #define PTE_PS		0x080	// Page Size
 #define PTE_MBZ		0x180	// Bits must be zero
 #define PTE_COW         0x800   // copy-on-write
+#define PTE_NX		0x8000000000000000ull // No-execute enable

 #define PGROUNDUP(sz)  (((sz)+PGSIZE-1) & ~(PGSIZE-1))
 #define PGROUNDDOWN(a) ((__typeof__(a))((((uptr)(a)) & ~(PGSIZE-1))))