aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn Baldwin <jhb@FreeBSD.org>2021-04-21 20:57:04 +0000
committerJohn Baldwin <jhb@FreeBSD.org>2021-04-21 20:57:04 +0000
commit753bcca440a4d2c95f48536b586131b84c0bb87e (patch)
treeb6da388034995ff22f1a02635a70beff9ef6fc47
parentc4473add1d3d588d8747cab86796d2f2d4c8847c (diff)
downloadsrc-753bcca440a4d2c95f48536b586131b84c0bb87e.tar.gz
src-753bcca440a4d2c95f48536b586131b84c0bb87e.zip
riscv: Clear SUM in SSTATUS for supervisor mode exceptions.
Previously, a page fault taken during copyin/out and related functions would run the entire fault handler while permitting direct access to user addresses. This could also leak across context switches (e.g. if the page fault handler was preempted by an interrupt or slept for disk I/O). To fix, clear SUM in assembly after saving the original version of SSTATUS in the supervisor mode trapframe. Reviewed by: mhorne, jrtc27 Sponsored by: DARPA Differential Revision: https://reviews.freebsd.org/D29763
-rw-r--r--sys/riscv/riscv/exception.S5
1 files changed, 5 insertions, 0 deletions
diff --git a/sys/riscv/riscv/exception.S b/sys/riscv/riscv/exception.S
index 50134980c7af..abd1307174f1 100644
--- a/sys/riscv/riscv/exception.S
+++ b/sys/riscv/riscv/exception.S
@@ -104,6 +104,11 @@ __FBSDID("$FreeBSD$");
sd t0, (TF_SEPC)(sp)
csrr t0, sstatus
sd t0, (TF_SSTATUS)(sp)
+.if \mode == 1
+ /* Disable user address access for supervisor mode exceptions. */
+ li t0, SSTATUS_SUM
+ csrc sstatus, t0
+.endif
csrr t0, stval
sd t0, (TF_STVAL)(sp)
csrr t0, scause