diff options
authorJohn Baldwin <jhb@FreeBSD.org>2021-04-21 20:57:04 +0000
committerJohn Baldwin <jhb@FreeBSD.org>2021-04-21 20:57:04 +0000
commit753bcca440a4d2c95f48536b586131b84c0bb87e (patch)
parentc4473add1d3d588d8747cab86796d2f2d4c8847c (diff)
riscv: Clear SUM in SSTATUS for supervisor mode exceptions.
Previously, a page fault taken during copyin/out and related functions would run the entire fault handler while permitting direct access to user addresses. This could also leak across context switches (e.g. if the page fault handler was preempted by an interrupt or slept for disk I/O). To fix, clear SUM in assembly after saving the original version of SSTATUS in the supervisor mode trapframe. Reviewed by: mhorne, jrtc27 Sponsored by: DARPA Differential Revision: https://reviews.freebsd.org/D29763
1 files changed, 5 insertions, 0 deletions
diff --git a/sys/riscv/riscv/exception.S b/sys/riscv/riscv/exception.S
index 50134980c7af..abd1307174f1 100644
--- a/sys/riscv/riscv/exception.S
+++ b/sys/riscv/riscv/exception.S
@@ -104,6 +104,11 @@ __FBSDID("$FreeBSD$");
sd t0, (TF_SEPC)(sp)
csrr t0, sstatus
sd t0, (TF_SSTATUS)(sp)
+.if \mode == 1
+ /* Disable user address access for supervisor mode exceptions. */
+ li t0, SSTATUS_SUM
+ csrc sstatus, t0
csrr t0, stval
sd t0, (TF_STVAL)(sp)
csrr t0, scause