mirror of
git://git.yoctoproject.org/linux-yocto.git
synced 2025-07-05 05:15:23 +02:00
8884c41bae
commit 7f9bbc1140ff8796230bc2634055763e271fd692 upstream. dm_op hypercalls might come from userspace and pass memory addresses as parameters. The memory addresses typically correspond to buffers allocated in userspace to hold extra hypercall parameters. On ARM, when CONFIG_ARM64_SW_TTBR0_PAN is enabled, they might not be accessible by Xen, as a result ioreq hypercalls might fail. See the existing comment in arch/arm64/xen/hypercall.S regarding privcmd_call for reference. For privcmd_call, Linux calls uaccess_ttbr0_enable before issuing the hypercall thanks to commit9cf09d68b8. We need to do the same for dm_op. This resolves the problem. Cc: stable@kernel.org Fixes:9cf09d68b8("arm64: xen: Enable user access before a privcmd hvc call") Signed-off-by: Stefano Stabellini <stefano.stabellini@amd.com> Reviewed-by: Juergen Gross <jgross@suse.com> Message-ID: <alpine.DEB.2.22.394.2505121446370.8380@ubuntu-linux-20-04-desktop> Signed-off-by: Juergen Gross <jgross@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
131 lines
4.2 KiB
ArmAsm
131 lines
4.2 KiB
ArmAsm
/******************************************************************************
|
|
* hypercall.S
|
|
*
|
|
* Xen hypercall wrappers
|
|
*
|
|
* Stefano Stabellini <stefano.stabellini@eu.citrix.com>, Citrix, 2012
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License version 2
|
|
* as published by the Free Software Foundation; or, when distributed
|
|
* separately from the Linux kernel or incorporated into other
|
|
* software packages, subject to the following license:
|
|
*
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
* of this source file (the "Software"), to deal in the Software without
|
|
* restriction, including without limitation the rights to use, copy, modify,
|
|
* merge, publish, distribute, sublicense, and/or sell copies of the Software,
|
|
* and to permit persons to whom the Software is furnished to do so, subject to
|
|
* the following conditions:
|
|
*
|
|
* The above copyright notice and this permission notice shall be included in
|
|
* all copies or substantial portions of the Software.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
|
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
|
|
* IN THE SOFTWARE.
|
|
*/
|
|
|
|
/*
|
|
* The Xen hypercall calling convention is very similar to the procedure
|
|
* call standard for the ARM 64-bit architecture: the first parameter is
|
|
* passed in x0, the second in x1, the third in x2, the fourth in x3 and
|
|
* the fifth in x4.
|
|
*
|
|
* The hypercall number is passed in x16.
|
|
*
|
|
* The return value is in x0.
|
|
*
|
|
* The hvc ISS is required to be 0xEA1, that is the Xen specific ARM
|
|
* hypercall tag.
|
|
*
|
|
* Parameter structs passed to hypercalls are laid out according to
|
|
* the ARM 64-bit EABI standard.
|
|
*/
|
|
|
|
#include <linux/linkage.h>
|
|
#include <asm/assembler.h>
|
|
#include <asm/asm-uaccess.h>
|
|
#include <xen/interface/xen.h>
|
|
|
|
|
|
#define XEN_IMM 0xEA1
|
|
|
|
#define HYPERCALL_SIMPLE(hypercall) \
|
|
SYM_FUNC_START(HYPERVISOR_##hypercall) \
|
|
mov x16, #__HYPERVISOR_##hypercall; \
|
|
hvc XEN_IMM; \
|
|
ret; \
|
|
SYM_FUNC_END(HYPERVISOR_##hypercall)
|
|
|
|
#define HYPERCALL0 HYPERCALL_SIMPLE
|
|
#define HYPERCALL1 HYPERCALL_SIMPLE
|
|
#define HYPERCALL2 HYPERCALL_SIMPLE
|
|
#define HYPERCALL3 HYPERCALL_SIMPLE
|
|
#define HYPERCALL4 HYPERCALL_SIMPLE
|
|
#define HYPERCALL5 HYPERCALL_SIMPLE
|
|
|
|
.text
|
|
|
|
HYPERCALL2(xen_version);
|
|
HYPERCALL3(console_io);
|
|
HYPERCALL3(grant_table_op);
|
|
HYPERCALL2(sched_op);
|
|
HYPERCALL2(event_channel_op);
|
|
HYPERCALL2(hvm_op);
|
|
HYPERCALL2(memory_op);
|
|
HYPERCALL2(physdev_op);
|
|
HYPERCALL3(vcpu_op);
|
|
HYPERCALL1(platform_op_raw);
|
|
HYPERCALL2(multicall);
|
|
HYPERCALL2(vm_assist);
|
|
|
|
SYM_FUNC_START(HYPERVISOR_dm_op)
|
|
mov x16, #__HYPERVISOR_dm_op; \
|
|
/*
|
|
* dm_op hypercalls are issued by the userspace. The kernel needs to
|
|
* enable access to TTBR0_EL1 as the hypervisor would issue stage 1
|
|
* translations to user memory via AT instructions. Since AT
|
|
* instructions are not affected by the PAN bit (ARMv8.1), we only
|
|
* need the explicit uaccess_enable/disable if the TTBR0 PAN emulation
|
|
* is enabled (it implies that hardware UAO and PAN disabled).
|
|
*/
|
|
uaccess_ttbr0_enable x6, x7, x8
|
|
hvc XEN_IMM
|
|
|
|
/*
|
|
* Disable userspace access from kernel once the hyp call completed.
|
|
*/
|
|
uaccess_ttbr0_disable x6, x7
|
|
ret
|
|
SYM_FUNC_END(HYPERVISOR_dm_op);
|
|
|
|
SYM_FUNC_START(privcmd_call)
|
|
mov x16, x0
|
|
mov x0, x1
|
|
mov x1, x2
|
|
mov x2, x3
|
|
mov x3, x4
|
|
mov x4, x5
|
|
/*
|
|
* Privcmd calls are issued by the userspace. The kernel needs to
|
|
* enable access to TTBR0_EL1 as the hypervisor would issue stage 1
|
|
* translations to user memory via AT instructions. Since AT
|
|
* instructions are not affected by the PAN bit (ARMv8.1), we only
|
|
* need the explicit uaccess_enable/disable if the TTBR0 PAN emulation
|
|
* is enabled (it implies that hardware UAO and PAN disabled).
|
|
*/
|
|
uaccess_ttbr0_enable x6, x7, x8
|
|
hvc XEN_IMM
|
|
|
|
/*
|
|
* Disable userspace access from kernel once the hyp call completed.
|
|
*/
|
|
uaccess_ttbr0_disable x6, x7
|
|
ret
|
|
SYM_FUNC_END(privcmd_call);
|