Linux-libre 4.3.2-gnu

author: André Fabian Silva Delgado <emulatorman@parabola.nu> 2015-12-15 14:52:16 -0300
committer: André Fabian Silva Delgado <emulatorman@parabola.nu> 2015-12-15 14:52:16 -0300
commit: 8d91c1e411f55d7ea91b1183a2e9f8088fb4d5be (patch)
tree: e9891aa6c295060d065adffd610c4f49ecf884f3 /arch/arm/xen/hypercall.S
parent: a71852147516bc1cb5b0b3cbd13639bfd4022dc8 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/arch/arm/xen/hypercall.S b/arch/arm/xen/hypercall.S
index f00e08075..10fd99c56 100644
--- a/arch/arm/xen/hypercall.S
+++ b/arch/arm/xen/hypercall.S
@@ -98,8 +98,23 @@ ENTRY(privcmd_call)
 	mov r1, r2
 	mov r2, r3
 	ldr r3, [sp, #8]
+	/*
+	 * Privcmd calls are issued by the userspace. We need to allow the
+	 * kernel to access the userspace memory before issuing the hypercall.
+	 */
+	uaccess_enable r4
+
+	/* r4 is loaded now as we use it as scratch register before */
 	ldr r4, [sp, #4]
 	__HVC(XEN_IMM)
+
+	/*
+	 * Disable userspace access from kernel. This is fine to do it
+	 * unconditionally as no set_fs(KERNEL_DS)/set_fs(get_ds()) is
+	 * called before.
+	 */
+	uaccess_disable r4
+
 	ldm sp!, {r4}
 	ret lr
 ENDPROC(privcmd_call);
author	André Fabian Silva Delgado <emulatorman@parabola.nu>	2015-12-15 14:52:16 -0300
committer	André Fabian Silva Delgado <emulatorman@parabola.nu>	2015-12-15 14:52:16 -0300
commit	8d91c1e411f55d7ea91b1183a2e9f8088fb4d5be (patch)
tree	e9891aa6c295060d065adffd610c4f49ecf884f3 /arch/arm/xen/hypercall.S
parent	a71852147516bc1cb5b0b3cbd13639bfd4022dc8 (diff)