Commit 078c0454 authored Apr 12, 2012 by Jonathan Austin Committed by Russell King Apr 15, 2012

ARM: 7384/1: ThumbEE: Disable userspace TEEHBR access for !CONFIG_ARM_THUMBEE



Currently when ThumbEE is not enabled (!CONFIG_ARM_THUMBEE) the ThumbEE
register states are not saved/restored at context switch. The default state
of the ThumbEE Ctrl register (TEECR) allows userspace accesses to the
ThumbEE Base Handler register (TEEHBR). This can cause unexpected behaviour
when people use ThumbEE on !CONFIG_ARM_THUMBEE kernels, as well as allowing
covert communication - eg between userspace tasks running inside chroot
jails.

This patch sets up TEECR in order to prevent user-space access to TEEHBR
when !CONFIG_ARM_THUMBEE. In this case, tasks are sent SIGILL if they try to
access TEEHBR.

Cc: stable@vger.kernel.org
Reviewed-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Jonathan Austin <jonathan.austin@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>

parent e5ab8580

arch/arm/mm/proc-v7.S

+12 −0

Original line number	Original line	Diff line number	Diff line
	@@ -254,6 +254,18 @@ __v7_setup:
	ldr r6, =NMRR @ NMRR		ldr r6, =NMRR @ NMRR
	mcr p15, 0, r5, c10, c2, 0 @ write PRRR		mcr p15, 0, r5, c10, c2, 0 @ write PRRR
	mcr p15, 0, r6, c10, c2, 1 @ write NMRR		mcr p15, 0, r6, c10, c2, 1 @ write NMRR
			#endif
			#ifndef CONFIG_ARM_THUMBEE
			mrc p15, 0, r0, c0, c1, 0 @ read ID_PFR0 for ThumbEE
			and r0, r0, #(0xf << 12) @ ThumbEE enabled field
			teq r0, #(1 << 12) @ check if ThumbEE is present
			bne 1f
			mov r5, #0
			mcr p14, 6, r5, c1, c0, 0 @ Initialize TEEHBR to 0
			mrc p14, 6, r0, c0, c0, 0 @ load TEECR
			orr r0, r0, #1 @ set the 1st bit in order to
			mcr p14, 6, r0, c0, c0, 0 @ stop userspace TEEHBR access
			1:
	#endif		#endif
	adr r5, v7_crval		adr r5, v7_crval
	ldmia r5, {r5, r6}		ldmia r5, {r5, r6}