xen: temporary disable SMAP when forwarding hypercalls from user-space

The Xen page-table walker used to resolve the virtual addresses in the hypercalls will refuse to access user-space pages when SMAP is enabled unless the AC flag in EFLAGS is set (just like normal hardware with SMAP support would do). Since privcmd allows forwarding hypercalls (and buffers) from user-space into Xen make sure SMAP is temporary disabled for the duration of the hypercall from user-space. Approved by: re (gjb) Sponsored by: Citrix Systems R&D
svn path=/head/; revision=338632
2018-09-13 07:15:02 +00:00 · 2018-09-13 07:15:02 +00:00 · 5ff6c7f363 · 2020-12-20 02:59:44 +00:00
commit 5ff6c7f363
parent a74cdf4e74
1 changed files with 13 additions and 1 deletions
--- a/sys/dev/xen/privcmd/privcmd.c
+++ b/sys/dev/xen/privcmd/privcmd.c
@ -232,9 +232,21 @@ privcmd_ioctl(struct cdev *dev, unsigned long cmd, caddr_t arg,
 		struct ioctl_privcmd_hypercall *hcall;

 		hcall = (struct ioctl_privcmd_hypercall *)arg;
-
+#ifdef __amd64__
+		/*
+		 * The hypervisor page table walker will refuse to access
+		 * user-space pages if SMAP is enabled, so temporary disable it
+		 * while performing the hypercall.
+		 */
+		if (cpu_stdext_feature & CPUID_STDEXT_SMAP)
+			stac();
+#endif
 		error = privcmd_hypercall(hcall->op, hcall->arg[0],
 		    hcall->arg[1], hcall->arg[2], hcall->arg[3], hcall->arg[4]);
+#ifdef __amd64__
+		if (cpu_stdext_feature & CPUID_STDEXT_SMAP)
+			clac();
+#endif
 		if (error >= 0) {
 			hcall->retval = error;
 			error = 0;