Enabling SMEP and SMAP #473
Conversation
CLAC should be cleared in every exception handler so that any event handler that is invoked while executing in kernel mode can transition to EFLAGS.AC=0 while it is executing. The #HV handler is no exception. Every event handler that wants to access user-mode code should explicitly be required to execute STAC when user-mode access is expected, and the #HV handler is no different. You have put CLAC in the right place. |
|
Why are the |
Perfect, thanks! |
I was more looking for feedback here. I had the feeling that it was worth enabling smap and smep by default since all modern CPUs have it, but was a bit unsure. The argument of testing without them rings a bell now and very makes sense to me. I'm switching to enable them by default. |
p4zuu
force-pushed
the
smep_smap
branch
4 times, most recently
from
fe09d11
to
f7b9d74
Compare
Yes, please enable the features by default. |
We could use PageFaultError in different places, instead of a hardcoded const. Signed-off-by: Thomas Leroy <[email protected]>
SMEP can be enable by setting bit 20 of CR4. A #PF will be raised if the CPU tries to fetch an instruction from a user page while running in CPL < 3. Signed-off-by: Thomas Leroy <[email protected]>
Enable SMAP if supported. If supported, SMAP is enabled if CR4.SMAP bit is set, and if RFLAGS.AC is unset. It means that we need to clear RFLAGS.AC in entries, to have the kernel running with RFLAGS.AC = 0. Two asm macros (asm_clac and asn_stac) have been created to respectively clear and set RFLAGS.AC from assembly. Two Rust functions have also been created to perform exactly the same but from Rust code. This is still unused but it will will be useful when we'll have CPL3 support, to be able to read/write in userspace (eg. in syscall handlers, or even with user #VC). Signed-off-by: Thomas Leroy <[email protected]>
Enabling SMEP and SMAP if supported by the CPU.
To enable these,
smepandsmapfeatures have to be specifically enabled, but this could be changed in the future since I think all modern CPUs support SMEP and SMAP.I stole the way to give the CFG_SMAP bool to assembly from #455. This will likely cause a small conflict in
kernel/src/cpu/idt/svsm.rs:265when one of the two PR is merged.This also conflict with the userspace PR since SMAP has to be temporary disabled to fetch user-provided pointers in syscalls arguments.
Finally, SMAP requires RFLAGS.AC to be unset to be enabled so I added a
clacinstruction in different entries, including #HV entry for which I don't really know if this is required, and if this could break something in the future. @msft-jlange could you please take a look?