[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2 3/7] x86: Temporary disable SMAP to legally access user pages in kernel mode



>>> On 23.04.14 at 15:43, <feng.wu@xxxxxxxxx> wrote:
>> From: Andrew Cooper [mailto:andrew.cooper3@xxxxxxxxxx]
>> On 23/04/14 15:35, Feng Wu wrote:
>> > --- a/xen/arch/x86/domain_build.c
>> > +++ b/xen/arch/x86/domain_build.c
>> > @@ -778,6 +778,7 @@ int __init construct_dom0(
>> >      }
>> >      bootstrap_map(NULL);
>> >
>> > +    stac();
>> 
>> As constructing dom0 is trusted, this should be near the top of top of
>> the function
> 
> We cannot call stac() near the top of the function, because construct_dom0() 
> calls
> elf_load_binary() which calls copy_from_user(), we can only add stac() after 
> calling
> elf_load_binary(), otherwise the AC bit will remain cleared after 
> elf_load_binary().
> 
> I just sugguest another method in another mail, can you please have a look?

But that other method widened the scope even further, so would suffer
the same issue. How about enabling SMAP only after having built Dom0?

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.