socsvn commit: r269487 - soc2014/op/freebsd-base/sys/i386/i386
op at FreeBSD.org
op at FreeBSD.org
Thu Jun 12 22:30:16 UTC 2014
Author: op
Date: Thu Jun 12 22:30:15 2014
New Revision: 269487
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=269487
Log:
SMAP i386: added related trap handler
git: https://github.com/opntr/opBSD/tree/op/gsoc2014/smap
Signed-off-by: Oliver Pinter <oliver.pntr at gmail.com>
Modified:
soc2014/op/freebsd-base/sys/i386/i386/trap.c
Modified: soc2014/op/freebsd-base/sys/i386/i386/trap.c
==============================================================================
--- soc2014/op/freebsd-base/sys/i386/i386/trap.c Thu Jun 12 22:29:50 2014 (r269486)
+++ soc2014/op/freebsd-base/sys/i386/i386/trap.c Thu Jun 12 22:30:15 2014 (r269487)
@@ -860,6 +860,16 @@
map = &vm->vm_map;
/*
+ * If CPL < 3, SMAP protections are disabled if EFLAGS.AC = 1.
+ * If CPL = 3, SMAP applies to all supervisor-mode data accesses
+ * (these are implicit supervisor accesses) regardless of the
+ * value of EFLAGS.AC." - Intel Ref. # 319433-014 9.3.2
+ */
+ if (__predict_false(smap_access_violation(frame, usermode))) {
+ panic("SMAP!");
+ }
+
+ /*
* When accessing a user-space address, kernel must be
* ready to accept the page fault, and provide a
* handling routine. Since accessing the address
@@ -1020,6 +1030,32 @@
panic("unknown/reserved trap");
}
+
+/*
+ * Supervisor Mode Access Prevention violation
+ *
+ * If CPL < 3, SMAP protections are disabled if EFLAGS.AC = 1.
+ * If CPL = 3, SMAP applies to all supervisor-mode data accesses
+ * (these are implicit supervisor accesses) regardless of the
+ * value of EFLAGS.AC." - Intel Ref. # 319433-014 9.3.2
+ */
+static bool
+smap_access_violation(struct trapframe *frame, int usermode)
+{
+ /* SMAP disabled */
+ if ((cpu_stdext_feature & CPUID_STDEXT_SMAP) == 0)
+ return (false);
+
+ /* CPL == 3 or EFLAGS.AC == 1 */
+ if (usermode || (frame->tf_rflags & PSL_AC) != 0)
+ return (false);
+
+ /*
+ * CPL < 3 and EFLAGS.AC == 0
+ */
+ return (true);
+}
+
/*
* Double fault handler. Called when a fault occurs while writing
* a frame for a trap/exception onto the stack. This usually occurs
More information about the svn-soc-all
mailing list