From mboxrd@z Thu Jan 1 00:00:00 1970 From: julien.grall@citrix.com (Julien Grall) Date: Fri, 11 Sep 2015 18:32:27 +0100 Subject: [PATCH v2] arm/xen: Enable user access to the kernel before issuing a privcmd call In-Reply-To: <20150911170027.GX21084@n2100.arm.linux.org.uk> References: <1441988759-4572-1-git-send-email-julien.grall@citrix.com> <20150911170027.GX21084@n2100.arm.linux.org.uk> Message-ID: <55F3102B.3090309@citrix.com> To: linux-arm-kernel@lists.infradead.org List-Id: linux-arm-kernel.lists.infradead.org On 11/09/15 18:00, Russell King - ARM Linux wrote: > On Fri, Sep 11, 2015 at 05:25:59PM +0100, Julien Grall wrote: >> + /* >> + * Privcmd calls are issued by the userspace. We need to allow the >> + * kernel to access the userspace memory before issuing the hypercall. >> + */ >> + uaccess_enable r4 >> + >> + /* r4 is loaded now as we use it as scratch register before */ >> ldr r4, [sp, #4] > > As I mentioned in one of my previous mails, "ip" should be safe to use > here - it's a caller-corrupted register, just like r0-r3 and lr. So, > you could do: > > ldr r4, [sp, #4] > + uaccess_enable ip The register ip (aka r12) is used to store the hypercall number. So we can't reuse it as scratch register. The easiest one is r4. > > which fractionally tightens the window. > > However, there's nothing actually wrong with your version - there's no > way we could've got this far with sp pointing at userspace. > > I'm happy with either version, so: > > Acked-by: Russell King > > How do you want to handle the patch? I already have some other uaccess > fixes queued up to send to Linus before the merge window closes. > >> __HVC(XEN_IMM) >> + >> + /* >> + * Disable userspace access from kernel. This is fine to do it >> + * unconditionally as no set_fs(KERNEL_DS)/set_fs(get_ds()) is >> + * called before. >> + */ >> + uaccess_disable r4 >> + >> ldm sp!, {r4} >> ret lr >> ENDPROC(privcmd_call); >> -- >> 2.1.4 >> > -- Julien Grall From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753593AbbIKRdl (ORCPT ); Fri, 11 Sep 2015 13:33:41 -0400 Received: from smtp.citrix.com ([66.165.176.89]:3897 "EHLO SMTP.CITRIX.COM" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753417AbbIKRdj (ORCPT ); Fri, 11 Sep 2015 13:33:39 -0400 X-IronPort-AV: E=Sophos;i="5.17,512,1437436800"; d="scan'208";a="299500792" Message-ID: <55F3102B.3090309@citrix.com> Date: Fri, 11 Sep 2015 18:32:27 +0100 From: Julien Grall User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.8.0 MIME-Version: 1.0 To: Russell King - ARM Linux CC: , , , , , Riku Voipio Subject: Re: [PATCH v2] arm/xen: Enable user access to the kernel before issuing a privcmd call References: <1441988759-4572-1-git-send-email-julien.grall@citrix.com> <20150911170027.GX21084@n2100.arm.linux.org.uk> In-Reply-To: <20150911170027.GX21084@n2100.arm.linux.org.uk> Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: 7bit X-DLP: MIA2 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 11/09/15 18:00, Russell King - ARM Linux wrote: > On Fri, Sep 11, 2015 at 05:25:59PM +0100, Julien Grall wrote: >> + /* >> + * Privcmd calls are issued by the userspace. We need to allow the >> + * kernel to access the userspace memory before issuing the hypercall. >> + */ >> + uaccess_enable r4 >> + >> + /* r4 is loaded now as we use it as scratch register before */ >> ldr r4, [sp, #4] > > As I mentioned in one of my previous mails, "ip" should be safe to use > here - it's a caller-corrupted register, just like r0-r3 and lr. So, > you could do: > > ldr r4, [sp, #4] > + uaccess_enable ip The register ip (aka r12) is used to store the hypercall number. So we can't reuse it as scratch register. The easiest one is r4. > > which fractionally tightens the window. > > However, there's nothing actually wrong with your version - there's no > way we could've got this far with sp pointing at userspace. > > I'm happy with either version, so: > > Acked-by: Russell King > > How do you want to handle the patch? I already have some other uaccess > fixes queued up to send to Linus before the merge window closes. > >> __HVC(XEN_IMM) >> + >> + /* >> + * Disable userspace access from kernel. This is fine to do it >> + * unconditionally as no set_fs(KERNEL_DS)/set_fs(get_ds()) is >> + * called before. >> + */ >> + uaccess_disable r4 >> + >> ldm sp!, {r4} >> ret lr >> ENDPROC(privcmd_call); >> -- >> 2.1.4 >> > -- Julien Grall