git: 753bcca440a4 - main - riscv: Clear SUM in SSTATUS for supervisor mode exceptions.

[John Baldwin]

The branch main has been updated by jhb:

URL: https://cgit.FreeBSD.org/src/commit/?id=753bcca440a4d2c95f48536b586131b84c0bb87e

commit 753bcca440a4d2c95f48536b586131b84c0bb87e
Author:     John Baldwin <jhb at FreeBSD.org>
AuthorDate: 2021-04-21 20:57:04 +0000
Commit:     John Baldwin <jhb at FreeBSD.org>
CommitDate: 2021-04-21 20:57:04 +0000

    riscv: Clear SUM in SSTATUS for supervisor mode exceptions.
    
    Previously, a page fault taken during copyin/out and related functions
    would run the entire fault handler while permitting direct access to
    user addresses.  This could also leak across context switches (e.g. if
    the page fault handler was preempted by an interrupt or slept for disk
    I/O).
    
    To fix, clear SUM in assembly after saving the original version of
    SSTATUS in the supervisor mode trapframe.
    
    Reviewed by:    mhorne, jrtc27
    Sponsored by:   DARPA
    Differential Revision:  https://reviews.freebsd.org/D29763
---
 sys/riscv/riscv/exception.S | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/sys/riscv/riscv/exception.S b/sys/riscv/riscv/exception.S
index 50134980c7af..abd1307174f1 100644
--- a/sys/riscv/riscv/exception.S
+++ b/sys/riscv/riscv/exception.S
@@ -104,6 +104,11 @@ __FBSDID("$FreeBSD$");
 	sd	t0, (TF_SEPC)(sp)
 	csrr	t0, sstatus
 	sd	t0, (TF_SSTATUS)(sp)
+.if \mode == 1
+	/* Disable user address access for supervisor mode exceptions. */
+	li	t0, SSTATUS_SUM
+	csrc	sstatus, t0
+.endif
 	csrr	t0, stval
 	sd	t0, (TF_STVAL)(sp)
 	csrr	t0, scause