amd64: do not enable PKRU if user disabled saving PKRU register in xsave mask

This is done by reverting CR4_PKE bit, because we perform %CR4 initialization in initializecpu(), and the function is called before xsave_mask is read. To not redo the whole early initialization sequence for the corner case, this should be good enough. Reported by: jhb Reviewed by: jhb, markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D38219
2023-01-27 12:45:02 +02:00 · 2023-01-27 12:45:02 +02:00 · 153643a5bc
commit 153643a5bc
parent 11989314dc
1 changed files with 17 additions and 1 deletions
--- a/sys/amd64/amd64/fpu.c
+++ b/sys/amd64/amd64/fpu.c
@ -372,6 +372,7 @@ void
 fpuinit(void)
 {
 	register_t saveintr;
+	uint64_t cr4;
 	u_int mxcsr;
 	u_short control;

@ -379,7 +380,22 @@ fpuinit(void)
 		fpuinit_bsp1();

 	if (use_xsave) {
-		load_cr4(rcr4() | CR4_XSAVE);
+		cr4 = rcr4();
+
+		/*
+		 * Revert enablement of PKRU if user disabled its
+		 * saving on context switches by clearing the bit in
+		 * the xsave mask.  Also redundantly clear the bit in
+		 * cpu_stdext_feature2 to prevent pmap from ever
+		 * trying to set the page table bits.
+		 */
+		if ((cpu_stdext_feature2 & CPUID_STDEXT2_PKU) != 0 &&
+		    (xsave_mask & XFEATURE_ENABLED_PKRU) == 0) {
+			cr4 &= ~CR4_PKE;
+			cpu_stdext_feature2 &= ~CPUID_STDEXT2_PKU;
+		}
+
+		load_cr4(cr4 | CR4_XSAVE);
 		load_xcr(XCR0, xsave_mask);
 	}