From: julien.grall@citrix.com (Julien Grall)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] arm/xen: Enable user access to the kernel before issuing a privcmd call
Date: Fri, 11 Sep 2015 15:56:38 +0100 [thread overview]
Message-ID: <55F2EBA6.6060008@citrix.com> (raw)
In-Reply-To: <1441983304.3549.73.camel@citrix.com>
On 11/09/15 15:55, Ian Campbell wrote:
> On Fri, 2015-09-11 at 15:45 +0100, Julien Grall wrote:
>> On 11/09/15 15:29, Ian Campbell wrote:
>>> On Fri, 2015-09-11 at 15:16 +0100, Julien Grall wrote:
>>>> When Xen is copyin data to/from the guest it will check if the kernel
>>>
>>> "copying"
>>>
>>>> has the right to do the access. If not, the hypercall will return an
>>>> error.
>>>>
>>>> After the commit a5e090acbf545c0a3b04080f8a488b17ec41fe02 "ARM:
>>>> software-based priviledged-no-access support", the kernel can't
>>>> access
>>>
>>> "privileged"
>>>
>>>> anymore the user space by default. This will result to fail on every
>>>
>>> "any more" (or "any longer")
>>>
>>>> hypercall made by the userspace (i.e via privcmd).
>>>>
>>>> We have to enable the userspace access and then restore the correct
>>>> permission everytime the privmcd is used to made an hypercall.
>>>
>>> "every time" and "privcmd"
>>>
>>>> HYPERCALL1(tmem_op);
>>>> HYPERCALL2(multicall);
>>>>
>>>> -ENTRY(privcmd_call)
>>>> +ENTRY(__privcmd_call)
>>>
>>> arch/arm/include/asm/assembler.h seems to contain uaccess_* macros
>>> which
>>> could be used right here directly I think? That would be preferable to
>>> wrapping I think.
>>
>> Looking to the uaccess_save macro:
>
> I was thinking more about uaccess_enable/disable.
Well, we can't assume that the function will be called with uaccess
disabled. So we have to save the state and restore it after issuing the
hypercall.
Regards,
--
Julien Grall
WARNING: multiple messages have this Message-ID (diff)
From: Julien Grall <julien.grall@citrix.com>
To: Ian Campbell <ian.campbell@citrix.com>, <xen-devel@lists.xenproject.org>
Cc: <linux-arm-kernel@lists.infradead.org>,
<stefano.stabellini@eu.citrix.com>,
<linux-kernel@vger.kernel.org>,
"Riku Voipio" <riku.voipio@linaro.org>,
Russell King <linux@arm.linux.org.uk>
Subject: Re: [PATCH] arm/xen: Enable user access to the kernel before issuing a privcmd call
Date: Fri, 11 Sep 2015 15:56:38 +0100 [thread overview]
Message-ID: <55F2EBA6.6060008@citrix.com> (raw)
In-Reply-To: <1441983304.3549.73.camel@citrix.com>
On 11/09/15 15:55, Ian Campbell wrote:
> On Fri, 2015-09-11 at 15:45 +0100, Julien Grall wrote:
>> On 11/09/15 15:29, Ian Campbell wrote:
>>> On Fri, 2015-09-11 at 15:16 +0100, Julien Grall wrote:
>>>> When Xen is copyin data to/from the guest it will check if the kernel
>>>
>>> "copying"
>>>
>>>> has the right to do the access. If not, the hypercall will return an
>>>> error.
>>>>
>>>> After the commit a5e090acbf545c0a3b04080f8a488b17ec41fe02 "ARM:
>>>> software-based priviledged-no-access support", the kernel can't
>>>> access
>>>
>>> "privileged"
>>>
>>>> anymore the user space by default. This will result to fail on every
>>>
>>> "any more" (or "any longer")
>>>
>>>> hypercall made by the userspace (i.e via privcmd).
>>>>
>>>> We have to enable the userspace access and then restore the correct
>>>> permission everytime the privmcd is used to made an hypercall.
>>>
>>> "every time" and "privcmd"
>>>
>>>> HYPERCALL1(tmem_op);
>>>> HYPERCALL2(multicall);
>>>>
>>>> -ENTRY(privcmd_call)
>>>> +ENTRY(__privcmd_call)
>>>
>>> arch/arm/include/asm/assembler.h seems to contain uaccess_* macros
>>> which
>>> could be used right here directly I think? That would be preferable to
>>> wrapping I think.
>>
>> Looking to the uaccess_save macro:
>
> I was thinking more about uaccess_enable/disable.
Well, we can't assume that the function will be called with uaccess
disabled. So we have to save the state and restore it after issuing the
hypercall.
Regards,
--
Julien Grall
next prev parent reply other threads:[~2015-09-11 14:56 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-11 14:16 [PATCH] arm/xen: Enable user access to the kernel before issuing a privcmd call Julien Grall
2015-09-11 14:16 ` Julien Grall
2015-09-11 14:29 ` Ian Campbell
2015-09-11 14:29 ` Ian Campbell
2015-09-11 14:29 ` Ian Campbell
2015-09-11 14:45 ` Julien Grall
2015-09-11 14:45 ` Julien Grall
2015-09-11 14:55 ` Ian Campbell
2015-09-11 14:55 ` Ian Campbell
2015-09-11 14:56 ` Julien Grall
2015-09-11 14:56 ` Julien Grall [this message]
2015-09-11 14:56 ` Julien Grall
2015-09-11 15:25 ` Russell King - ARM Linux
2015-09-11 15:25 ` Russell King - ARM Linux
2015-09-11 15:25 ` Russell King - ARM Linux
2015-09-11 15:36 ` Julien Grall
2015-09-11 15:36 ` Julien Grall
2015-09-11 15:36 ` Julien Grall
2015-09-11 14:55 ` Ian Campbell
2015-09-11 15:20 ` Russell King - ARM Linux
2015-09-11 15:20 ` Russell King - ARM Linux
2015-09-11 15:20 ` Russell King - ARM Linux
2015-09-11 14:45 ` Julien Grall
2015-09-11 16:22 ` Julien Grall
2015-09-11 16:22 ` Julien Grall
2015-09-11 16:22 ` Julien Grall
-- strict thread matches above, loose matches on Subject: below --
2015-09-11 14:16 Julien Grall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55F2EBA6.6060008@citrix.com \
--to=julien.grall@citrix.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.