From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753184AbbIKOqs (ORCPT <rfc822;w@1wt.eu>);
	Fri, 11 Sep 2015 10:46:48 -0400
Received: from smtp.citrix.com ([66.165.176.89]:17649 "EHLO SMTP.CITRIX.COM"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751907AbbIKOqr (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Fri, 11 Sep 2015 10:46:47 -0400
X-IronPort-AV: E=Sophos;i="5.17,511,1437436800"; 
   d="scan'208";a="299458445"
Message-ID: <55F2E909.70600@citrix.com>
Date: Fri, 11 Sep 2015 15:45:29 +0100
From: Julien Grall <julien.grall@citrix.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.8.0
MIME-Version: 1.0
To: Ian Campbell <ian.campbell@citrix.com>, <xen-devel@lists.xenproject.org>
CC: <linux-arm-kernel@lists.infradead.org>, <stefano.stabellini@eu.citrix.com>,
        <linux-kernel@vger.kernel.org>, "Riku Voipio" <riku.voipio@linaro.org>,
        Russell King <linux@arm.linux.org.uk>
Subject: Re: [PATCH] arm/xen: Enable user access to the kernel before issuing
 a privcmd call
References: <1441980963-9002-1-git-send-email-julien.grall@citrix.com>
 <1441981760.3549.57.camel@citrix.com>
In-Reply-To: <1441981760.3549.57.camel@citrix.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-DLP: MIA1
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 11/09/15 15:29, Ian Campbell wrote:
> On Fri, 2015-09-11 at 15:16 +0100, Julien Grall wrote:
>> When Xen is copyin data to/from the guest it will check if the kernel
> 
> "copying"
> 
>> has the right to do the access. If not, the hypercall will return an
>> error.
>>
>> After the commit a5e090acbf545c0a3b04080f8a488b17ec41fe02 "ARM:
>> software-based priviledged-no-access support", the kernel can't access
> 
> "privileged"
> 
>> anymore the user space by default. This will result to fail on every
> 
> "any more" (or "any longer")
> 
>> hypercall made by the userspace (i.e via privcmd).
>>
>> We have to enable the userspace access and then restore the correct
>> permission everytime the privmcd is used to made an hypercall.
> 
> "every time" and "privcmd"
> 
>>  HYPERCALL1(tmem_op);
>>  HYPERCALL2(multicall);
>>  
>> -ENTRY(privcmd_call)
>> +ENTRY(__privcmd_call)
> 
> arch/arm/include/asm/assembler.h seems to contain uaccess_* macros which
> could be used right here directly I think? That would be preferable to
> wrapping I think.

Looking to the uaccess_save macro:

        .macro  uaccess_save, tmp
#ifdef CONFIG_CPU_SW_DOMAIN_PAN
        mrc     p15, 0, \tmp, c3, c0, 0
        str     \tmp, [sp, #S_FRAME_SIZE]
#endif
        .endm


It's saving the register on the Stack with an offset S_FRAME_SIZE.
AFAICT, S_FRAME_SIZE is the size of the pt_regs structure.

So it looks like to me that they are unusable for any assembly functions
but entry point.

I though about using a static inline for privcmd_call but it was
introducing changes on the arm64 in order to decouple hypercall.h (it's
common right now).

Regards,

-- 
Julien Grall