[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v1 2/6] x86: Temporary disable SMAP to legally access user pages in kernel mode

To: "Tian, Kevin" <kevin.tian@xxxxxxxxx>, "JBeulich@xxxxxxxx" <JBeulich@xxxxxxxx>, "Ian.Campbell@xxxxxxxxxx" <Ian.Campbell@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>
From: "Wu, Feng" <feng.wu@xxxxxxxxx>
Date: Tue, 15 Apr 2014 06:20:34 +0000
Accept-language: en-US
Cc: "Dong, Eddie" <eddie.dong@xxxxxxxxx>, "Nakajima, Jun" <jun.nakajima@xxxxxxxxx>
Delivery-date: Tue, 15 Apr 2014 06:21:05 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>
Thread-index: AQHPWGhkhPNIYDBvLUiE3jSm5KUXUZsSMKCQgAADd4A=
Thread-topic: [Xen-devel] [PATCH v1 2/6] x86: Temporary disable SMAP to legally access user pages in kernel mode


> -----Original Message-----
> From: Tian, Kevin
> Sent: Tuesday, April 15, 2014 2:08 PM
> To: Wu, Feng; JBeulich@xxxxxxxx; Ian.Campbell@xxxxxxxxxx;
> xen-devel@xxxxxxxxxxxxx
> Cc: Wu, Feng; Dong, Eddie; Nakajima, Jun
> Subject: RE: [Xen-devel] [PATCH v1 2/6] x86: Temporary disable SMAP to legally
> access user pages in kernel mode
> 
> > From: Feng Wu
> > Sent: Tuesday, April 15, 2014 9:02 PM
> >
> > Use STAC/CLAC to temporary disable SMAP to allow legal accesses to
> > user pages in kernel mode
> >
> > Signed-off-by: Feng Wu <feng.wu@xxxxxxxxx>
> > ---
> >  xen/arch/x86/clear_page.S           |  3 +++
> >  xen/arch/x86/domain_build.c         | 16 ++++++++++++++++
> >  xen/arch/x86/usercopy.c             |  6 ++++++
> >  xen/arch/x86/x86_64/compat/entry.S  |  2 ++
> >  xen/arch/x86/x86_64/entry.S         |  4 ++++
> >  xen/include/asm-x86/uaccess.h       |  4 ++++
> >  xen/include/asm-x86/x86_64/system.h |  2 ++
> >  7 files changed, 37 insertions(+)
> >
> > diff --git a/xen/arch/x86/domain_build.c b/xen/arch/x86/domain_build.c
> > index 84ce392..1ba138b 100644
> > --- a/xen/arch/x86/domain_build.c
> > +++ b/xen/arch/x86/domain_build.c
> > @@ -789,8 +789,10 @@ int __init construct_dom0(
> >              rc = -1;
> >              goto out;
> >          }
> > +        stac();
> >          hypercall_page_initialise(
> >              d, (void *)(unsigned long)parms.virt_hypercall);
> > +        clac();
> >      }
> 
> construct_dom0 happens before dom0 starts execution. It should be fine to
> keep AC cleared in the whole phase.

construct_dom0() accesses user pages in the supervisor mode, so I added the 
stac()/clac()
one by one, otherwise, Xen hypervisor will receive an SMAP violation.

> 
> Thanks
> Kevin

Thanks,
Feng

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v1 2/6] x86: Temporary disable SMAP to legally access user pages in kernel mode
  - From: Tian, Kevin

References:
- [Xen-devel] [PATCH v1 2/6] x86: Temporary disable SMAP to legally access user pages in kernel mode
  - From: Feng Wu
- Re: [Xen-devel] [PATCH v1 2/6] x86: Temporary disable SMAP to legally access user pages in kernel mode
  - From: Tian, Kevin

Prev by Date: Re: [Xen-devel] [PATCH v1 2/6] x86: Temporary disable SMAP to legally access user pages in kernel mode
Next by Date: Re: [Xen-devel] [PATCH v1 2/6] x86: Temporary disable SMAP to legally access user pages in kernel mode
Previous by thread: Re: [Xen-devel] [PATCH v1 2/6] x86: Temporary disable SMAP to legally access user pages in kernel mode
Next by thread: Re: [Xen-devel] [PATCH v1 2/6] x86: Temporary disable SMAP to legally access user pages in kernel mode
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.