Commit 068ae701 authored Jul 05, 2016 by Catalin Marinas Committed by Amit Pundir Oct 24, 2016

FROMLIST: arm64: xen: Enable user access before a privcmd hvc call



Privcmd calls are issued by the userspace. The kernel needs to enable
access to TTBR0_EL1 as the hypervisor would issue stage 1 translations
to user memory via AT instructions. Since AT instructions are not
affected by the PAN bit (ARMv8.1), we only need the explicit
uaccess_enable/disable if the TTBR0 PAN option is enabled.

Reviewed-by: Julien Grall <julien.grall@arm.com>
Acked-by: Stefano Stabellini <sstabellini@kernel.org>
Cc: Will Deacon <will.deacon@arm.com>
Cc: James Morse <james.morse@arm.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>

Change-Id: I927f14076ba94c83e609b19f46dd373287e11fc4
(cherry picked from commit 8cc1f33d2c9f206b6505bedba41aed2b33c203c0)
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>

parent 138dcc21

arch/arm64/xen/hypercall.S

+19 −0

Original line number	Diff line number	Diff line
		@@ -49,6 +49,7 @@

		#include <linux/linkage.h>
		#include <asm/assembler.h>
		#include <asm/uaccess.h>
		#include <xen/interface/xen.h>


		@@ -91,6 +92,24 @@ ENTRY(privcmd_call)
		mov x2, x3
		mov x3, x4
		mov x4, x5
		#ifdef CONFIG_ARM64_SW_TTBR0_PAN
		/*
		* Privcmd calls are issued by the userspace. The kernel needs to
		* enable access to TTBR0_EL1 as the hypervisor would issue stage 1
		* translations to user memory via AT instructions. Since AT
		* instructions are not affected by the PAN bit (ARMv8.1), we only
		* need the explicit uaccess_enable/disable if the TTBR0 PAN emulation
		* is enabled (it implies that hardware UAO and PAN disabled).
		*/
		uaccess_enable_not_uao x6, x7
		#endif
		hvc XEN_IMM

		#ifdef CONFIG_ARM64_SW_TTBR0_PAN
		/*
		* Disable userspace access from kernel once the hyp call completed.
		*/
		uaccess_disable_not_uao x6
		#endif
		ret
		ENDPROC(privcmd_call);