forked from SLFO-pool/xen
128 lines
3.9 KiB
Diff
128 lines
3.9 KiB
Diff
# Commit fb1658221a31ec1db33253a80001191391e73b17
|
|
# Date 2024-08-28 19:59:07 +0100
|
|
# Author Roger Pau Monne <roger.pau@citrix.com>
|
|
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
|
|
x86/dom0: disable SMAP for PV domain building only
|
|
|
|
Move the logic that disables SMAP so it's only performed when building a PV
|
|
dom0, PVH dom0 builder doesn't require disabling SMAP.
|
|
|
|
The fixes tag is to account for the wrong usage of cpu_has_smap in
|
|
create_dom0(), it should instead have used
|
|
boot_cpu_has(X86_FEATURE_XEN_SMAP). Fix while moving the logic to apply to PV
|
|
only.
|
|
|
|
While there also make cr4_pv32_mask __ro_after_init.
|
|
|
|
Fixes: 493ab190e5b1 ('xen/sm{e, a}p: allow disabling sm{e, a}p for Xen itself')
|
|
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
|
|
Reviewed-by: Jan Beulich <jbeulich@suse.com>
|
|
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
|
|
|
--- a/xen/arch/x86/include/asm/setup.h
|
|
+++ b/xen/arch/x86/include/asm/setup.h
|
|
@@ -64,6 +64,8 @@ extern bool opt_dom0_verbose;
|
|
extern bool opt_dom0_cpuid_faulting;
|
|
extern bool opt_dom0_msr_relaxed;
|
|
|
|
+extern unsigned long cr4_pv32_mask;
|
|
+
|
|
#define max_init_domid (0)
|
|
|
|
#endif
|
|
--- a/xen/arch/x86/pv/dom0_build.c
|
|
+++ b/xen/arch/x86/pv/dom0_build.c
|
|
@@ -354,11 +354,11 @@ static struct page_info * __init alloc_c
|
|
return page;
|
|
}
|
|
|
|
-int __init dom0_construct_pv(struct domain *d,
|
|
- const module_t *image,
|
|
- unsigned long image_headroom,
|
|
- module_t *initrd,
|
|
- const char *cmdline)
|
|
+static int __init dom0_construct(struct domain *d,
|
|
+ const module_t *image,
|
|
+ unsigned long image_headroom,
|
|
+ module_t *initrd,
|
|
+ const char *cmdline)
|
|
{
|
|
int i, rc, order, machine;
|
|
bool compatible, compat;
|
|
@@ -1048,6 +1048,36 @@ out:
|
|
|
|
return rc;
|
|
}
|
|
+
|
|
+int __init dom0_construct_pv(struct domain *d,
|
|
+ const module_t *image,
|
|
+ unsigned long image_headroom,
|
|
+ module_t *initrd,
|
|
+ const char *cmdline)
|
|
+{
|
|
+ int rc;
|
|
+
|
|
+ /*
|
|
+ * Clear SMAP in CR4 to allow user-accesses in construct_dom0(). This
|
|
+ * prevents us needing to rewrite construct_dom0() in terms of
|
|
+ * copy_{to,from}_user().
|
|
+ */
|
|
+ if ( boot_cpu_has(X86_FEATURE_XEN_SMAP) )
|
|
+ {
|
|
+ cr4_pv32_mask &= ~X86_CR4_SMAP;
|
|
+ write_cr4(read_cr4() & ~X86_CR4_SMAP);
|
|
+ }
|
|
+
|
|
+ rc = dom0_construct(d, image, image_headroom, initrd, cmdline);
|
|
+
|
|
+ if ( boot_cpu_has(X86_FEATURE_XEN_SMAP) )
|
|
+ {
|
|
+ write_cr4(read_cr4() | X86_CR4_SMAP);
|
|
+ cr4_pv32_mask |= X86_CR4_SMAP;
|
|
+ }
|
|
+
|
|
+ return rc;
|
|
+}
|
|
|
|
/*
|
|
* Local variables:
|
|
--- a/xen/arch/x86/setup.c
|
|
+++ b/xen/arch/x86/setup.c
|
|
@@ -79,8 +79,7 @@ bool __read_mostly use_invpcid;
|
|
int8_t __initdata opt_probe_port_aliases = -1;
|
|
boolean_param("probe-port-aliases", opt_probe_port_aliases);
|
|
|
|
-/* Only used in asm code and within this source file */
|
|
-unsigned long asmlinkage __read_mostly cr4_pv32_mask;
|
|
+unsigned long __ro_after_init cr4_pv32_mask;
|
|
|
|
/* **** Linux config option: propagated to domain0. */
|
|
/* "acpi=off": Sisables both ACPI table parsing and interpreter. */
|
|
@@ -955,26 +954,9 @@ static struct domain *__init create_dom0
|
|
}
|
|
}
|
|
|
|
- /*
|
|
- * Temporarily clear SMAP in CR4 to allow user-accesses in construct_dom0().
|
|
- * This saves a large number of corner cases interactions with
|
|
- * copy_from_user().
|
|
- */
|
|
- if ( cpu_has_smap )
|
|
- {
|
|
- cr4_pv32_mask &= ~X86_CR4_SMAP;
|
|
- write_cr4(read_cr4() & ~X86_CR4_SMAP);
|
|
- }
|
|
-
|
|
if ( construct_dom0(d, image, headroom, initrd, cmdline) != 0 )
|
|
panic("Could not construct domain 0\n");
|
|
|
|
- if ( cpu_has_smap )
|
|
- {
|
|
- write_cr4(read_cr4() | X86_CR4_SMAP);
|
|
- cr4_pv32_mask |= X86_CR4_SMAP;
|
|
- }
|
|
-
|
|
return d;
|
|
}
|
|
|