Date: Tue, 3 Jun 2014 09:41:06 GMT From: op@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r269001 - soc2014/op/freebsd-base/sys/amd64/amd64 Message-ID: <201406030941.s539f6ad076433@socsvn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: op Date: Tue Jun 3 09:41:05 2014 New Revision: 269001 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=269001 Log: SMAP AMD64: added related trap handler git: https://github.com/opntr/opBSD/commits/op/gsoc2014/smap Signed-off-by: Oliver Pinter <oliver.pntr@gmail.com> Modified: soc2014/op/freebsd-base/sys/amd64/amd64/trap.c Modified: soc2014/op/freebsd-base/sys/amd64/amd64/trap.c ============================================================================== --- soc2014/op/freebsd-base/sys/amd64/amd64/trap.c Tue Jun 3 09:40:30 2014 (r269000) +++ soc2014/op/freebsd-base/sys/amd64/amd64/trap.c Tue Jun 3 09:41:05 2014 (r269001) @@ -103,6 +103,7 @@ static int trap_pfault(struct trapframe *, int); static void trap_fatal(struct trapframe *, vm_offset_t); +static bool smap_access_violation(struct trapframe *, int usermode); #define MAX_TRAP_MSG 32 static char *trap_msg[] = { @@ -692,6 +693,16 @@ map = &vm->vm_map; /* + * If CPL < 3, SMAP protections are disabled if EFLAGS.AC = 1. + * If CPL = 3, SMAP applies to all supervisor-mode data accesses + * (these are implicit supervisor accesses) regardless of the + * value of EFLAGS.AC." - Intel Ref. # 319433-014 9.3.2 + */ + if (__predict_false(smap_access_violation(frame, usermode))) { + panic("SMAP!"); + } + + /* * When accessing a usermode address, kernel must be * ready to accept the page fault, and provide a * handling routine. Since accessing the address @@ -862,6 +873,32 @@ panic("unknown/reserved trap"); } + +/* + * Supervisor Mode Access Prevention violation + * + * If CPL < 3, SMAP protections are disabled if EFLAGS.AC = 1. + * If CPL = 3, SMAP applies to all supervisor-mode data accesses + * (these are implicit supervisor accesses) regardless of the + * value of EFLAGS.AC." - Intel Ref. # 319433-014 9.3.2 + */ +static bool +smap_access_violation(struct trapframe *frame, int usermode) +{ + /* SMAP disabled */ + if ((cpu_stdext_feature & CPUID_STDEXT_SMAP) == 0) + return (false); + + /* CPL == 3 or EFLAGS.AC == 1 */ + if (usermode || (frame->tf_rflags & PSL_AC) != 0) + return (false); + + /* + * CPL < 3 and EFLAGS.AC == 0 + */ + return (true); +} + /* * Double fault handler. Called when a fault occurs while writing * a frame for a trap/exception onto the stack. This usually occurs
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201406030941.s539f6ad076433>