git: e1d8f7fc1d94 - stable/13 - riscv: Clear SUM in SSTATUS for supervisor mode exceptions.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 23 Nov 2021 23:48:54 UTC
The branch stable/13 has been updated by jhb:
URL: https://cgit.FreeBSD.org/src/commit/?id=e1d8f7fc1d9457c5db18d1639f1fdfb244476106
commit e1d8f7fc1d9457c5db18d1639f1fdfb244476106
Author: John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2021-04-21 20:57:04 +0000
Commit: John Baldwin <jhb@FreeBSD.org>
CommitDate: 2021-11-23 23:47:52 +0000
riscv: Clear SUM in SSTATUS for supervisor mode exceptions.
Previously, a page fault taken during copyin/out and related functions
would run the entire fault handler while permitting direct access to
user addresses. This could also leak across context switches (e.g. if
the page fault handler was preempted by an interrupt or slept for disk
I/O).
To fix, clear SUM in assembly after saving the original version of
SSTATUS in the supervisor mode trapframe.
Reviewed by: mhorne, jrtc27
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D29763
(cherry picked from commit 753bcca440a4d2c95f48536b586131b84c0bb87e)
---
sys/riscv/riscv/exception.S | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/sys/riscv/riscv/exception.S b/sys/riscv/riscv/exception.S
index 50134980c7af..abd1307174f1 100644
--- a/sys/riscv/riscv/exception.S
+++ b/sys/riscv/riscv/exception.S
@@ -104,6 +104,11 @@ __FBSDID("$FreeBSD$");
sd t0, (TF_SEPC)(sp)
csrr t0, sstatus
sd t0, (TF_SSTATUS)(sp)
+.if \mode == 1
+ /* Disable user address access for supervisor mode exceptions. */
+ li t0, SSTATUS_SUM
+ csrc sstatus, t0
+.endif
csrr t0, stval
sd t0, (TF_STVAL)(sp)
csrr t0, scause