On 28.08.2024 13:30, Roger Pau Monne wrote:
> Move the logic that disables SMAP so it's only performed when building a PV
> dom0, PVH dom0 builder doesn't require disabling SMAP.
>
> The fixes tag is to account for the wrong usage of cpu_has_smap in
> create_dom0(), it should instead have used
> boot_cpu_has(X86_FEATURE_XEN_SMAP). Fix while moving the logic to apply to PV
> only.
>
> While there also make cr4_pv32_mask __ro_after_init.
>
> Fixes: 493ab190e5b1 ('xen/sm{e, a}p: allow disabling sm{e, a}p for Xen
> itself')
> Signed-off-by: Roger Pau Monné <[email protected]>
Reviewed-by: Jan Beulich <[email protected]>
preferably with ...
> @@ -1051,6 +1051,34 @@ out:
> return rc;
> }
>
> +int __init dom0_construct_pv(struct domain *d,
> + const module_t *image,
> + unsigned long image_headroom,
> + module_t *initrd,
> + const char *cmdline)
> +{
> + int rc;
> +
> + /*
> + * Temporarily clear SMAP in CR4 to allow user-accesses in
> + * construct_dom0(). This saves a large number of corner cases
... the final 's' dropped here and ...
> + * interactions with copy_from_user().
> + */
> + if ( boot_cpu_has(X86_FEATURE_XEN_SMAP) )
> + {
> + cr4_pv32_mask &= ~X86_CR4_SMAP;
> + write_cr4(read_cr4() & ~X86_CR4_SMAP);
> + }
> + rc = dom0_construct(d, image, image_headroom, initrd, cmdline);
> + if ( boot_cpu_has(X86_FEATURE_XEN_SMAP) )
... blank lines added around the function call. Happy to adjust while
committing, so long as you agree.
Jan
