From owner-dev-commits-src-all@freebsd.org Wed Apr 21 20:57:47 2021 Return-Path: Delivered-To: dev-commits-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BE5C45F1A58; Wed, 21 Apr 2021 20:57:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4FQXtz4Qwsz4TrM; Wed, 21 Apr 2021 20:57:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 869104EC7; Wed, 21 Apr 2021 20:57:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 13LKvlmU056083; Wed, 21 Apr 2021 20:57:47 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 13LKvlYw056082; Wed, 21 Apr 2021 20:57:47 GMT (envelope-from git) Date: Wed, 21 Apr 2021 20:57:47 GMT Message-Id: <202104212057.13LKvlYw056082@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: John Baldwin Subject: git: 753bcca440a4 - main - riscv: Clear SUM in SSTATUS for supervisor mode exceptions. MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 753bcca440a4d2c95f48536b586131b84c0bb87e Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for all branches of the src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Apr 2021 20:57:47 -0000 The branch main has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=753bcca440a4d2c95f48536b586131b84c0bb87e commit 753bcca440a4d2c95f48536b586131b84c0bb87e Author: John Baldwin AuthorDate: 2021-04-21 20:57:04 +0000 Commit: John Baldwin CommitDate: 2021-04-21 20:57:04 +0000 riscv: Clear SUM in SSTATUS for supervisor mode exceptions. Previously, a page fault taken during copyin/out and related functions would run the entire fault handler while permitting direct access to user addresses. This could also leak across context switches (e.g. if the page fault handler was preempted by an interrupt or slept for disk I/O). To fix, clear SUM in assembly after saving the original version of SSTATUS in the supervisor mode trapframe. Reviewed by: mhorne, jrtc27 Sponsored by: DARPA Differential Revision: https://reviews.freebsd.org/D29763 --- sys/riscv/riscv/exception.S | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/sys/riscv/riscv/exception.S b/sys/riscv/riscv/exception.S index 50134980c7af..abd1307174f1 100644 --- a/sys/riscv/riscv/exception.S +++ b/sys/riscv/riscv/exception.S @@ -104,6 +104,11 @@ __FBSDID("$FreeBSD$"); sd t0, (TF_SEPC)(sp) csrr t0, sstatus sd t0, (TF_SSTATUS)(sp) +.if \mode == 1 + /* Disable user address access for supervisor mode exceptions. */ + li t0, SSTATUS_SUM + csrc sstatus, t0 +.endif csrr t0, stval sd t0, (TF_STVAL)(sp) csrr t0, scause