Revert "x86/dom0: delay setting SMAP after dom0 build is done"

This reverts commit ac6b9309694de9b2b5163886656282f6ada71565. The
change crashes Xen on boot on SMAP-capable systems.

diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
index a7a85e94e3c86db8e85f6348f499594b038f3dad..eee20bb1753c4acf0c1f78cb82f77b81ed9ea957 100644 (file)
--- a/xen/arch/x86/setup.c
+++ b/xen/arch/x86/setup.c
@@ -80,7 +80,7 @@ int8_t __initdata opt_probe_port_aliases = -1;
 boolean_param("probe-port-aliases", opt_probe_port_aliases);
 
 /* Only used in asm code and within this source file */
-unsigned long asmlinkage __ro_after_init cr4_pv32_mask;
+unsigned long asmlinkage __read_mostly cr4_pv32_mask;
 
 /* **** Linux config option: propagated to domain0. */
 /* "acpi=off":    Sisables both ACPI table parsing and interpreter. */
@@ -955,9 +955,26 @@ static struct domain *__init create_dom0(const module_t *image,
         }
     }
 
+    /*
+     * Temporarily clear SMAP in CR4 to allow user-accesses in construct_dom0().
+     * This saves a large number of corner cases interactions with
+     * copy_from_user().
+     */
+    if ( cpu_has_smap )
+    {
+        cr4_pv32_mask &= ~X86_CR4_SMAP;
+        write_cr4(read_cr4() & ~X86_CR4_SMAP);
+    }
+
     if ( construct_dom0(d, image, headroom, initrd, cmdline) != 0 )
         panic("Could not construct domain 0\n");
 
+    if ( cpu_has_smap )
+    {
+        write_cr4(read_cr4() | X86_CR4_SMAP);
+        cr4_pv32_mask |= X86_CR4_SMAP;
+    }
+
     return d;
 }
 
@@ -1890,26 +1907,16 @@ void asmlinkage __init noreturn __start_xen(unsigned long mbi_p)
     if ( cpu_has_smep && opt_smep != SMEP_HVM_ONLY )
         setup_force_cpu_cap(X86_FEATURE_XEN_SMEP);
     if ( boot_cpu_has(X86_FEATURE_XEN_SMEP) )
-    {
         set_in_cr4(X86_CR4_SMEP);
-        BUILD_BUG_ON(!(X86_CR4_SMEP & XEN_CR4_PV32_BITS));
-        cr4_pv32_mask |= X86_CR4_SMEP;
-    }
 
     if ( !opt_smap )
         setup_clear_cpu_cap(X86_FEATURE_SMAP);
     if ( cpu_has_smap && opt_smap != SMAP_HVM_ONLY )
         setup_force_cpu_cap(X86_FEATURE_XEN_SMAP);
     if ( boot_cpu_has(X86_FEATURE_XEN_SMAP) )
-        /*
-         * Set SMAP on the %cr4 mask so that it's set for APs on bringup, but
-         * don't set for the BSP until domain building is done.
-         *
-         * Don't set it in cr4_pv32_mask either, until it's also set on the
-         * BSP.  Otherwise the BUG in cr4_pv32_restore would trigger for events
-         * received on the BSP.
-         */
-        mmu_cr4_features |= X86_CR4_SMAP;
+        set_in_cr4(X86_CR4_SMAP);
+
+    cr4_pv32_mask = mmu_cr4_features & XEN_CR4_PV32_BITS;
 
     if ( boot_cpu_has(X86_FEATURE_FSGSBASE) )
         set_in_cr4(X86_CR4_FSGSBASE);
@@ -2041,19 +2048,6 @@ void asmlinkage __init noreturn __start_xen(unsigned long mbi_p)
     if ( !dom0 )
         panic("Could not set up DOM0 guest OS\n");
 
-    /*
-     * Enable SMAP only after being done with the domain building phase, as the
-     * PV builder switches to the domain page-tables and must be run with SMAP
-     * disabled.
-     */
-    if ( boot_cpu_has(X86_FEATURE_XEN_SMAP) )
-    {
-        ASSERT(mmu_cr4_features & X86_CR4_SMAP);
-        write_cr4(read_cr4() | X86_CR4_SMAP);
-        BUILD_BUG_ON(!(X86_CR4_SMAP & XEN_CR4_PV32_BITS));
-        cr4_pv32_mask |= X86_CR4_SMAP;
-    }
-
     heap_init_late();
 
     init_trace_bufs();