From owner-svn-src-head@freebsd.org Thu Sep 13 07:15:03 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B8FCE10A823F; Thu, 13 Sep 2018 07:15:03 +0000 (UTC) (envelope-from royger@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6EA36841D0; Thu, 13 Sep 2018 07:15:03 +0000 (UTC) (envelope-from royger@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6991B1245F; Thu, 13 Sep 2018 07:15:03 +0000 (UTC) (envelope-from royger@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w8D7F3F7028054; Thu, 13 Sep 2018 07:15:03 GMT (envelope-from royger@FreeBSD.org) Received: (from royger@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w8D7F3K1028052; Thu, 13 Sep 2018 07:15:03 GMT (envelope-from royger@FreeBSD.org) Message-Id: <201809130715.w8D7F3K1028052@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: royger set sender to royger@FreeBSD.org using -f From: =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= Date: Thu, 13 Sep 2018 07:15:03 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r338632 - head/sys/dev/xen/privcmd X-SVN-Group: head X-SVN-Commit-Author: royger X-SVN-Commit-Paths: head/sys/dev/xen/privcmd X-SVN-Commit-Revision: 338632 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Sep 2018 07:15:03 -0000 Author: royger Date: Thu Sep 13 07:15:02 2018 New Revision: 338632 URL: https://svnweb.freebsd.org/changeset/base/338632 Log: xen: temporary disable SMAP when forwarding hypercalls from user-space The Xen page-table walker used to resolve the virtual addresses in the hypercalls will refuse to access user-space pages when SMAP is enabled unless the AC flag in EFLAGS is set (just like normal hardware with SMAP support would do). Since privcmd allows forwarding hypercalls (and buffers) from user-space into Xen make sure SMAP is temporary disabled for the duration of the hypercall from user-space. Approved by: re (gjb) Sponsored by: Citrix Systems R&D Modified: head/sys/dev/xen/privcmd/privcmd.c Modified: head/sys/dev/xen/privcmd/privcmd.c ============================================================================== --- head/sys/dev/xen/privcmd/privcmd.c Thu Sep 13 07:14:11 2018 (r338631) +++ head/sys/dev/xen/privcmd/privcmd.c Thu Sep 13 07:15:02 2018 (r338632) @@ -232,9 +232,21 @@ privcmd_ioctl(struct cdev *dev, unsigned long cmd, cad struct ioctl_privcmd_hypercall *hcall; hcall = (struct ioctl_privcmd_hypercall *)arg; - +#ifdef __amd64__ + /* + * The hypervisor page table walker will refuse to access + * user-space pages if SMAP is enabled, so temporary disable it + * while performing the hypercall. + */ + if (cpu_stdext_feature & CPUID_STDEXT_SMAP) + stac(); +#endif error = privcmd_hypercall(hcall->op, hcall->arg[0], hcall->arg[1], hcall->arg[2], hcall->arg[3], hcall->arg[4]); +#ifdef __amd64__ + if (cpu_stdext_feature & CPUID_STDEXT_SMAP) + clac(); +#endif if (error >= 0) { hcall->retval = error; error = 0;