riscv: Clear SUM in SSTATUS for supervisor mode exceptions.

Previously, a page fault taken during copyin/out and related functions would run the entire fault handler while permitting direct access to user addresses. This could also leak across context switches (e.g. if the page fault handler was preempted by an interrupt or slept for disk I/O). To fix, clear SUM in assembly after saving the original version of SSTATUS in the supervisor mode trapframe. Reviewed by: mhorne, jrtc27 Sponsored by: DARPA Differential Revision: https://reviews.freebsd.org/D29763
2021-04-21 13:57:04 -07:00 · 2021-04-21 13:57:04 -07:00 · 753bcca440
commit 753bcca440
parent c4473add1d
1 changed files with 5 additions and 0 deletions
--- a/sys/riscv/riscv/exception.S
+++ b/sys/riscv/riscv/exception.S
@ -104,6 +104,11 @@ __FBSDID("$FreeBSD$");
 	sd	t0, (TF_SEPC)(sp)
 	csrr	t0, sstatus
 	sd	t0, (TF_SSTATUS)(sp)
+.if \mode == 1
+	/* Disable user address access for supervisor mode exceptions. */
+	li	t0, SSTATUS_SUM
+	csrc	sstatus, t0
+.endif
 	csrr	t0, stval
 	sd	t0, (TF_STVAL)(sp)
 	csrr	t0, scause