From: Matthew Dillon Date: Fri, 17 May 2019 01:44:28 +0000 (-0700) Subject: kernel - Implement support for SMAP and SMEP security (3) X-Git-Tag: v5.7.0~85 X-Git-Url: https://gitweb.dragonflybsd.org/dragonfly.git/commitdiff_plain/cd9c4877bff3c40b941020e435f2b558ccc5ea12 kernel - Implement support for SMAP and SMEP security (3) * Issue clac after the push on all traps, interrupts, and exceptions. * Improve code documentation. --- diff --git a/sys/cpu/x86_64/include/asmacros.h b/sys/cpu/x86_64/include/asmacros.h index c1c0ceea9c..a82d49c5e2 100644 --- a/sys/cpu/x86_64/include/asmacros.h +++ b/sys/cpu/x86_64/include/asmacros.h @@ -390,7 +390,8 @@ KMMUENTER_TFRIP ; /* from userland */ \ 1: \ subq $TF_RIP,%rsp ; \ - PUSH_FRAME_REGS \ + PUSH_FRAME_REGS ; \ + SMAP_CLOSE \ #define PUSH_FRAME_TFERR \ testb $SEL_RPL_MASK,TF_CS-TF_ERR(%rsp) ; /* from userland? */ \ @@ -399,7 +400,8 @@ KMMUENTER_TFERR ; /* from userland */ \ 1: \ subq $TF_ERR,%rsp ; \ - PUSH_FRAME_REGS \ + PUSH_FRAME_REGS ; \ + SMAP_CLOSE \ #define PUSH_FRAME_TFERR_SAVECR2 \ testb $SEL_RPL_MASK,TF_CS-TF_ERR(%rsp) ; \ @@ -415,7 +417,8 @@ PUSH_FRAME_REGS ; \ movq %cr2, %r10 ; \ 2: \ - movq %r10, TF_ADDR(%rsp) + movq %r10, TF_ADDR(%rsp) ; \ + SMAP_CLOSE \ /* * POP_FRAME is issued just prior to the iretq, or just prior to a diff --git a/sys/platform/pc64/x86_64/machdep.c b/sys/platform/pc64/x86_64/machdep.c index 0e62f23078..1922277101 100644 --- a/sys/platform/pc64/x86_64/machdep.c +++ b/sys/platform/pc64/x86_64/machdep.c @@ -3505,13 +3505,13 @@ cpu_implement_smap(void) { char **scan; - for (scan = SET_BEGIN(smap_open); + for (scan = SET_BEGIN(smap_open); /* nop -> stac */ scan < SET_LIMIT(smap_open); ++scan) { (*scan)[0] = 0x0F; (*scan)[1] = 0x01; (*scan)[2] = 0xCB; } - for (scan = SET_BEGIN(smap_close); + for (scan = SET_BEGIN(smap_close); /* nop -> clac */ scan < SET_LIMIT(smap_close); ++scan) { (*scan)[0] = 0x0F; (*scan)[1] = 0x01;