[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2 3/7] x86: Temporary disable SMAP to legally access user pages in kernel mode
>>> On 23.04.14 at 15:43, <feng.wu@xxxxxxxxx> wrote: >> From: Andrew Cooper [mailto:andrew.cooper3@xxxxxxxxxx] >> On 23/04/14 15:35, Feng Wu wrote: >> > --- a/xen/arch/x86/domain_build.c >> > +++ b/xen/arch/x86/domain_build.c >> > @@ -778,6 +778,7 @@ int __init construct_dom0( >> > } >> > bootstrap_map(NULL); >> > >> > + stac(); >> >> As constructing dom0 is trusted, this should be near the top of top of >> the function > > We cannot call stac() near the top of the function, because construct_dom0() > calls > elf_load_binary() which calls copy_from_user(), we can only add stac() after > calling > elf_load_binary(), otherwise the AC bit will remain cleared after > elf_load_binary(). > > I just sugguest another method in another mail, can you please have a look? But that other method widened the scope even further, so would suffer the same issue. How about enabling SMAP only after having built Dom0? Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |