[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2 3/7] x86: Temporary disable SMAP to legally access user pages in kernel mode
> -----Original Message----- > From: Jan Beulich [mailto:JBeulich@xxxxxxxx] > Sent: Wednesday, April 23, 2014 10:13 PM > To: Andrew Cooper; Wu, Feng > Cc: ian.campbell@xxxxxxxxxx; Dong, Eddie; Nakajima, Jun; Tian, Kevin; > xen-devel@xxxxxxxxxxxxx > Subject: RE: [PATCH v2 3/7] x86: Temporary disable SMAP to legally access user > pages in kernel mode > > >>> On 23.04.14 at 15:43, <feng.wu@xxxxxxxxx> wrote: > >> From: Andrew Cooper [mailto:andrew.cooper3@xxxxxxxxxx] > >> On 23/04/14 15:35, Feng Wu wrote: > >> > --- a/xen/arch/x86/domain_build.c > >> > +++ b/xen/arch/x86/domain_build.c > >> > @@ -778,6 +778,7 @@ int __init construct_dom0( > >> > } > >> > bootstrap_map(NULL); > >> > > >> > + stac(); > >> > >> As constructing dom0 is trusted, this should be near the top of top of > >> the function > > > > We cannot call stac() near the top of the function, because construct_dom0() > > calls > > elf_load_binary() which calls copy_from_user(), we can only add stac() after > > calling > > elf_load_binary(), otherwise the AC bit will remain cleared after > > elf_load_binary(). > > > > I just sugguest another method in another mail, can you please have a look? > > But that other method widened the scope even further, so would suffer > the same issue. How about enabling SMAP only after having built Dom0? Yes, it suffers the same problem. Enabling SMAP after constructing dom0 may be a good suggestion. > > Jan Thanks, Feng _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |