svn commit: r338632 - head/sys/dev/xen/privcmd
Roger Pau Monné
royger at FreeBSD.org
Thu Sep 13 07:15:03 UTC 2018
Author: royger
Date: Thu Sep 13 07:15:02 2018
New Revision: 338632
URL: https://svnweb.freebsd.org/changeset/base/338632
Log:
xen: temporary disable SMAP when forwarding hypercalls from user-space
The Xen page-table walker used to resolve the virtual addresses in the
hypercalls will refuse to access user-space pages when SMAP is enabled
unless the AC flag in EFLAGS is set (just like normal hardware with
SMAP support would do).
Since privcmd allows forwarding hypercalls (and buffers) from
user-space into Xen make sure SMAP is temporary disabled for the
duration of the hypercall from user-space.
Approved by: re (gjb)
Sponsored by: Citrix Systems R&D
Modified:
head/sys/dev/xen/privcmd/privcmd.c
Modified: head/sys/dev/xen/privcmd/privcmd.c
==============================================================================
--- head/sys/dev/xen/privcmd/privcmd.c Thu Sep 13 07:14:11 2018 (r338631)
+++ head/sys/dev/xen/privcmd/privcmd.c Thu Sep 13 07:15:02 2018 (r338632)
@@ -232,9 +232,21 @@ privcmd_ioctl(struct cdev *dev, unsigned long cmd, cad
struct ioctl_privcmd_hypercall *hcall;
hcall = (struct ioctl_privcmd_hypercall *)arg;
-
+#ifdef __amd64__
+ /*
+ * The hypervisor page table walker will refuse to access
+ * user-space pages if SMAP is enabled, so temporary disable it
+ * while performing the hypercall.
+ */
+ if (cpu_stdext_feature & CPUID_STDEXT_SMAP)
+ stac();
+#endif
error = privcmd_hypercall(hcall->op, hcall->arg[0],
hcall->arg[1], hcall->arg[2], hcall->arg[3], hcall->arg[4]);
+#ifdef __amd64__
+ if (cpu_stdext_feature & CPUID_STDEXT_SMAP)
+ clac();
+#endif
if (error >= 0) {
hcall->retval = error;
error = 0;
More information about the svn-src-all
mailing list