kernel - Implement support for SMAP and SMEP security (2)
authorMatthew Dillon <dillon@apollo.backplane.com>
Fri, 17 May 2019 00:37:48 +0000 (17:37 -0700)
committerMatthew Dillon <dillon@apollo.backplane.com>
Fri, 17 May 2019 00:37:48 +0000 (17:37 -0700)
* Oops.  Do the CR4 initialization in the correct place, so it is
  applied to all CPUs.

sys/platform/pc64/x86_64/pmap.c

index 12bf0c3..cd6f803 100644 (file)
@@ -1115,17 +1115,6 @@ pmap_bootstrap(vm_paddr_t *firstaddr)
         */
        x86_64_protection_init();
 
-       /*
-        * Check for SMAP support and enable if available.  Must be done
-        * after cr3 is loaded.
-        */
-       if (cpu_stdext_feature & CPUID_STDEXT_SMAP) {
-               load_cr4(rcr4() | CR4_SMAP);
-       }
-       if (cpu_stdext_feature & CPUID_STDEXT_SMEP) {
-               load_cr4(rcr4() | CR4_SMEP);
-       }
-
        /*
         * The kernel's pmap is statically allocated so we don't have to use
         * pmap_create, which is unlikely to work correctly at this part of
@@ -1279,6 +1268,17 @@ pmap_set_opt(void)
                if (mycpu->gd_cpuid == 0)       /* only on BSP */
                        cpu_invltlb();
        }
+
+       /*
+        * Check for SMAP support and enable if available.  Must be done
+        * after cr3 is loaded, and on all cores.
+        */
+       if (cpu_stdext_feature & CPUID_STDEXT_SMAP) {
+               load_cr4(rcr4() | CR4_SMAP);
+       }
+       if (cpu_stdext_feature & CPUID_STDEXT_SMEP) {
+               load_cr4(rcr4() | CR4_SMEP);
+       }
 }
 
 /*