amd64: wrap 64bit sigtramp into vdso

Reviewed by:	emaste
Discussed with:	jrtc27
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	1 month
Differential revision:	https://reviews.freebsd.org/D32960

sys/amd64/amd64/elf_machdep.c

@@ -49,14 +49,21 @@ __FBSDID("$FreeBSD$");
 #include <machine/fpu.h>
 #include <machine/md_var.h>
 
+#include "vdso_offsets.h"
+
+extern const char _binary_elf_vdso_so_1_start[];
+extern const char _binary_elf_vdso_so_1_end[];
+extern char _binary_elf_vdso_so_1_size;
+
 struct sysentvec elf64_freebsd_sysvec_la48 = {
 	.sv_size	= SYS_MAXSYSCALL,
 	.sv_table	= sysent,
 	.sv_transtrap	= NULL,
 	.sv_fixup	= __elfN(freebsd_fixup),
 	.sv_sendsig	= sendsig,
-	.sv_sigcode	= sigcode,
-	.sv_szsigcode	= &szsigcode,
+	.sv_sigcode	= _binary_elf_vdso_so_1_start,
+	.sv_szsigcode	= (int *)&_binary_elf_vdso_so_1_size,
+	.sv_sigcodeoff	= VDSO_SIGCODE_OFFSET,
 	.sv_name	= "FreeBSD ELF64",
 	.sv_coredump	= __elfN(coredump),
 	.sv_elf_core_osabi = ELFOSABI_FREEBSD,
@@ -75,7 +82,7 @@ struct sysentvec elf64_freebsd_sysvec_la48 = {
 	.sv_fixlimit	= NULL,
 	.sv_maxssiz	= NULL,
 	.sv_flags	= SV_ABI_FREEBSD | SV_ASLR | SV_LP64 | SV_SHP |
-			    SV_TIMEKEEP | SV_RNG_SEED_VER,
+			    SV_TIMEKEEP | SV_RNG_SEED_VER | SV_DSO_SIG,
 	.sv_set_syscall_retval = cpu_set_syscall_retval,
 	.sv_fetch_syscall_args = cpu_fetch_syscall_args,
 	.sv_syscallnames = syscallnames,
@@ -96,8 +103,9 @@ struct sysentvec elf64_freebsd_sysvec_la57 = {
 	.sv_transtrap	= NULL,
 	.sv_fixup	= __elfN(freebsd_fixup),
 	.sv_sendsig	= sendsig,
-	.sv_sigcode	= sigcode,
-	.sv_szsigcode	= &szsigcode,
+	.sv_sigcode	= _binary_elf_vdso_so_1_start,
+	.sv_szsigcode	= (int *)&_binary_elf_vdso_so_1_size,
+	.sv_sigcodeoff	= VDSO_SIGCODE_OFFSET,
 	.sv_name	= "FreeBSD ELF64",
 	.sv_coredump	= __elfN(coredump),
 	.sv_elf_core_osabi = ELFOSABI_FREEBSD,
@@ -116,7 +124,7 @@ struct sysentvec elf64_freebsd_sysvec_la57 = {
 	.sv_fixlimit	= NULL,
 	.sv_maxssiz	= NULL,
 	.sv_flags	= SV_ABI_FREEBSD | SV_ASLR | SV_LP64 | SV_SHP |
-			    SV_TIMEKEEP | SV_RNG_SEED_VER,
+			    SV_TIMEKEEP | SV_RNG_SEED_VER | SV_DSO_SIG,
 	.sv_set_syscall_retval = cpu_set_syscall_retval,
 	.sv_fetch_syscall_args = cpu_fetch_syscall_args,
 	.sv_syscallnames = syscallnames,

sys/amd64/amd64/sigtramp.S

@@ -27,18 +27,15 @@
  */
 
 #include <sys/syscall.h>
-
 #include <machine/asmacros.h>
 
 #include "assym.inc"
 
 	.text
-/**********************************************************************
- *
- * Signal trampoline, copied to top of user stack
- *
+/*
+ * Signal trampoline, mapped as vdso into shared page.
  */
-ENTRY(sigcode)
+ENTRY(__vdso_sigcode)
 	call	*SIGF_HANDLER(%rsp)	/* call signal handler */
 	lea	SIGF_UC(%rsp),%rdi	/* get ucontext_t */
 	pushq	$0			/* junk to fake return addr. */
@@ -46,11 +43,6 @@ ENTRY(sigcode)
 	syscall				/* enter kernel with args */
 0:	hlt				/* trap priviliged instruction */
 	jmp	0b
+END(__vdso_sigcode)
 
-	ALIGN_TEXT
-esigcode:
-
-	.data
-	.globl	szsigcode
-szsigcode:
-	.long	esigcode-sigcode
+	.section .note.GNU-stack,"",%progbits

sys/conf/files.amd64

@@ -12,6 +12,12 @@ include 	"conf/files.x86"
 # dependency lines other than the first are silently ignored.
 #
 #
+elf-vdso.so.o			standard				\
+	dependency	"$S/amd64/amd64/sigtramp.S assym.inc $S/tools/amd64_vdso.sh" \
+	compile-with	"env AWK='${AWK}' NM='${NM}' LD='${LD}' CC='${CC}' OBJCOPY='${OBJCOPY}' S='${S}' sh $S/tools/amd64_vdso.sh" \
+	no-implicit-rule before-depend	\
+	clean		"elf-vdso.so.o elf-vdso.so.1 vdso_offsets.h sigtramp.pico"
+#
 ia32_genassym.o			standard				\
 	dependency 	"$S/compat/ia32/ia32_genassym.c offset.inc"		\
 	compile-with	"${CC} ${CFLAGS:N-flto:N-fno-common} -fcommon -c ${.IMPSRC}" \
@@ -75,7 +81,6 @@ amd64/amd64/mp_machdep.c	optional	smp
 amd64/amd64/mpboot.S		optional	smp
 amd64/amd64/pmap.c		standard
 amd64/amd64/ptrace_machdep.c	standard
-amd64/amd64/sigtramp.S		standard
 amd64/amd64/support.S		standard
 amd64/amd64/sys_machdep.c	standard
 amd64/amd64/trap.c		standard

sys/conf/vdso_amd64.ldscript

@@ -0,0 +1,89 @@
+/*-
+ * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
+ *
+ * Copyright (c) 2021 The FreeBSD Foundation
+ *
+ * This software was developed by Konstantin Belousov <kib@FreeBSD.org>
+ * under sponsorship from the FreeBSD Foundation.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Linker script for amd64 vdso.
+ */
+
+PHDRS
+{
+	text		PT_LOAD		FILEHDR PHDRS FLAGS(5); /* PF_R|PF_X */
+	dynamic		PT_DYNAMIC	FLAGS(5);
+	eh_frame_hdr	PT_GNU_EH_FRAME FLAGS(5);
+}
+
+SECTIONS
+{
+	. = . + SIZEOF_HEADERS;
+
+	.hash		: { *(.hash) }			:text
+	.gnu.hash	: { *(.gnu.hash) }		:text
+	.dynsym		: { *(.dynsym) }		:text
+	.dynstr		: { *(.dynstr) }		:text
+	.gnu.version	: { *(.gnu.version) }		:text
+	.gnu.version_d	: { *(.gnu.version_d) }		:text
+	.gnu.version_r	: { *(.gnu.version_r) }		:text
+	.eh_frame_hdr	: { *(.eh_frame_hdr) }		:text	:eh_frame_hdr
+	.eh_frame	: { KEEP (*(.eh_frame)) }	:text
+	.dynamic	: { *(.dynamic) }		:text	:dynamic
+	.rodata		: { *(.rodata*) }		:text
+	.data : {
+	      *(.got.plt) *(.got)
+	} :text
+	/DISCARD/ /* .data */: {
+	      *(.data*)
+	      *(.sdata*)
+	      *(.gnu.linkonce.d.*)
+	      *(.bss*)
+	      *(.dynbss*)
+	      *(.gnu.linkonce.b.*)
+	      *(.ctors)
+	      *(.dtors)
+	      *(.jcr)
+	      *(.init_array)
+	      *(.init)
+	      *(.fini)
+	      *(.debug*)
+	      *(.comment)
+	}
+
+	. = ALIGN(0x10);
+	.text		: { *(.text .text*) }		:text	=0x90909090
+}
+
+VERSION
+{
+	FBSD_1.7 {
+		global:
+			__vdso_sigcode;
+		local:
+			*;
+	};
+}

sys/kern/kern_proc.c

@@ -3099,7 +3099,9 @@ sysctl_kern_proc_sigtramp(SYSCTL_HANDLER_ARGS)
 			if (sv->sv_sigcode_base != 0) {
 				kst32.ksigtramp_start = sv->sv_sigcode_base;
 				kst32.ksigtramp_end = sv->sv_sigcode_base +
-				    *sv->sv_szsigcode;
+				    ((sv->sv_flags & SV_DSO_SIG) == 0 ?
+				    *sv->sv_szsigcode :
+				    (uintptr_t)sv->sv_szsigcode);
 			} else {
 				kst32.ksigtramp_start = sv->sv_psstrings -
 				    *sv->sv_szsigcode;
@@ -3115,7 +3117,8 @@ sysctl_kern_proc_sigtramp(SYSCTL_HANDLER_ARGS)
 	if (sv->sv_sigcode_base != 0) {
 		kst.ksigtramp_start = (char *)sv->sv_sigcode_base;
 		kst.ksigtramp_end = (char *)sv->sv_sigcode_base +
-		    *sv->sv_szsigcode;
+		    ((sv->sv_flags & SV_DSO_SIG) == 0 ? *sv->sv_szsigcode :
+		    (uintptr_t)sv->sv_szsigcode);
 	} else {
 		kst.ksigtramp_start = (char *)sv->sv_psstrings -
 		    *sv->sv_szsigcode;

sys/kern/kern_sharedpage.c

@@ -305,10 +305,12 @@ void
 exec_sysvec_init(void *param)
 {
 	struct sysentvec *sv;
+	vm_offset_t sb;
 #ifdef RANDOM_FENESTRASX
 	ptrdiff_t base;
 #endif
 	u_int flags;
+	int res;
 
 	sv = param;
 	flags = sv->sv_flags;
@@ -319,8 +321,20 @@ exec_sysvec_init(void *param)
 
 	sv->sv_shared_page_obj = shared_page_obj;
 	if ((flags & SV_ABI_MASK) == SV_ABI_FREEBSD) {
-		sv->sv_sigcode_base = sv->sv_shared_page_base +
-		    shared_page_fill(*(sv->sv_szsigcode), 16, sv->sv_sigcode);
+		if ((flags & SV_DSO_SIG) != 0) {
+			sb = sv->sv_shared_page_base;
+			res = shared_page_fill((uintptr_t)sv->sv_szsigcode,
+			    16, sv->sv_sigcode);
+			if (res == -1)
+				panic("copying sigtramp to shared page");
+			sb += res;
+			sb += sv->sv_sigcodeoff;
+			sv->sv_sigcode_base = sb;
+		} else {
+			sv->sv_sigcode_base = sv->sv_shared_page_base +
+			    shared_page_fill(*(sv->sv_szsigcode), 16,
+			    sv->sv_sigcode);
+		}
 	}
 	if ((flags & SV_TIMEKEEP) != 0) {
 #ifdef COMPAT_FREEBSD32

sys/sys/sysent.h

@@ -109,8 +109,9 @@ struct sysentvec {
 					/* stack fixup function */
 	void		(*sv_sendsig)(void (*)(int), struct ksiginfo *, struct __sigset *);
 			    		/* send signal */
-	char 		*sv_sigcode;	/* start of sigtramp code */
+	const char 	*sv_sigcode;	/* start of sigtramp code */
 	int 		*sv_szsigcode;	/* size of sigtramp code */
+	int		sv_sigcodeoff;
 	char		*sv_name;	/* name of binary type */
 	int		(*sv_coredump)(struct thread *, struct vnode *, off_t, int);
 					/* function to dump core, or NULL */
@@ -171,6 +172,7 @@ struct sysentvec {
 #define	SV_RNG_SEED_VER	0x100000	/* random(4) reseed generation. */
 #define	SV_SIG_DISCIGN	0x200000	/* Do not discard ignored signals */
 #define	SV_SIG_WAITNDQ	0x400000	/* Wait does not dequeue SIGCHLD */
+#define	SV_DSO_SIG	0x800000	/* Signal trampoline packed in dso */
 
 #define	SV_ABI_MASK	0xff
 #define	SV_PROC_FLAG(p, x)	((p)->p_sysent->sv_flags & (x))

sys/tools/amd64_vdso.sh

@@ -0,0 +1,59 @@
+#!/bin/sh
+# SPDX-License-Identifier: BSD-2-Clause-FreeBSD
+#
+# Copyright (c) 2021 The FreeBSD Foundation
+# All rights reserved.
+#
+# This software was developed by Konstantin Belousov <kib@FreeBSD.org>
+# under sponsorship from the FreeBSD Foundation.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+
+set -e
+
+${CC} -x assembler-with-cpp -DLOCORE -fPIC -nostdinc -c \
+   -o sigtramp.pico -I. -I"${S}" -include opt_global.h \
+   "${S}"/amd64/amd64/sigtramp.S
+
+# We need to make vdso as compact as possible, for it to leave space
+# for other things in the shared page.  For this, we pack everything
+# into single loadable segment.
+#
+# -z rodynamic is undocumented lld-specific option, seemingly required
+# for lld to avoid putting dynamic into dedicated writeable segment,
+# despite ldscript placement.  It is ignored by ld.bfd but ldscript
+# alone is enough there.
+#
+${LD} --shared -Bsymbolic -soname="elf-vdso.so.1" \
+   -T "${S}"/conf/vdso_amd64.ldscript \
+   --eh-frame-hdr --no-undefined -z rodynamic -z norelro -nmagic \
+   --hash-style=sysv --fatal-warnings --strip-all \
+   -o elf-vdso.so.1 sigtramp.pico
+
+${CC} -x assembler-with-cpp -DLOCORE -fPIC -nostdinc -c \
+   -o elf-vdso.so.o -I. -I"${S}" -include opt_global.h \
+   -DVDSO_NAME=elf_vdso_so_1 -DVDSO_FILE=elf-vdso.so.1 \
+   "${S}"/tools/vdso_wrap.S
+
+${NM} -D elf-vdso.so.1 | \
+   awk '/__vdso_sigcode/{printf "#define VDSO_SIGCODE_OFFSET 0x%s\n",$1}' \
+   >vdso_offsets.h

sys/tools/vdso_wrap.S

@@ -0,0 +1,48 @@
+/*-
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2021 The FreeBSD Foundation
+ *
+ * This software was developed by Konstantin Belousov <kib@FreeBSD.org>
+ * under sponsorship from the FreeBSD Foundation.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+
+#define	VDSO_BLOB_START(S)	__CONCAT(_binary_, __CONCAT(S, _start))
+#define	VDSO_BLOB_END(S)	__CONCAT(_binary_, __CONCAT(S, _end))
+#define	VDSO_BLOB_SIZE(S)	__CONCAT(_binary_, __CONCAT(S, _size))
+
+	.section .rodata, "a", %progbits
+	.globl	VDSO_BLOB_START(VDSO_NAME)
+	.type	VDSO_BLOB_START(VDSO_NAME), %object
+	.size	VDSO_BLOB_START(VDSO_NAME), 0
+VDSO_BLOB_START(VDSO_NAME):
+	.incbin	__XSTRING(VDSO_FILE)
+	.globl	VDSO_BLOB_END(VDSO_NAME)
+	.type	VDSO_BLOB_END(VDSO_NAME), %object
+	.size	VDSO_BLOB_END(VDSO_NAME), 0
+VDSO_BLOB_END(VDSO_NAME):
+	.globl	VDSO_BLOB_SIZE(VDSO_NAME)
+	.set	VDSO_BLOB_SIZE(VDSO_NAME), . - VDSO_BLOB_START(VDSO_NAME)