From patchwork Mon Jun 26 12:49:46 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Marek_Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
X-Patchwork-Id: 9809613
Return-Path: <xen-devel-bounces@lists.xen.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	C426E60329 for <patchwork-xen-devel@patchwork.kernel.org>;
	Mon, 26 Jun 2017 12:53:23 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C88F427F97
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Mon, 26 Jun 2017 12:53:23 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id BC7A52857D; Mon, 26 Jun 2017 12:53:23 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 3307D27F97
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Mon, 26 Jun 2017 12:53:22 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <xen-devel-bounces@lists.xen.org>)
	id 1dPTT0-0004N6-6v; Mon, 26 Jun 2017 12:50:10 +0000
Received: from mail6.bemta3.messagelabs.com ([195.245.230.39])
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <marmarek@invisiblethingslab.com>) id 1dPTSy-0004Mz-PU
	for xen-devel@lists.xenproject.org; Mon, 26 Jun 2017 12:50:08 +0000
Received: from [85.158.137.68] by server-13.bemta-3.messagelabs.com id
	21/1A-17076-FF201595; Mon, 26 Jun 2017 12:50:07 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrFIsWRWlGSWpSXmKPExsXilM8irfufKTD
	S4N1mZYvvWyYzOTB6HP5whSWAMYo1My8pvyKBNaN98Tb2gl6eiocXuxkbGBdzdTFycQgJrGKU
	2PLzBFMXIyeQky3x9PpmNpAEi8AkVonPBz8xgyQkBDwlVqzcxNLFyAFkO0tca0qEaD7EKLFyw
	lGwGjaBUIn27TNYQWwRASWJe6smM4EUMQvMZJK49uAZ2AZhAVeJzo8NjCA2i4CqxJdns1hAbF
	4BP4mtYA0gy+Qkbp7rBBvKKaArse/aHkaI63QkHp7vY4WoF5Q4OfMJ2EHMAuoS6+cJgYT5gfZ
	uW38ZrJxZQF6ieets5gmMwrOQdMxC6JiFpGoBI/MqRo3i1KKy1CJdIxO9pKLM9IyS3MTMHF1D
	A2O93NTi4sT01JzEpGK95PzcTYzAMK9nYGDcwfjquN8hRkkOJiVRXo4nAZFCfEn5KZUZicUZ8
	UWlOanFhxhlODiUJHgVGQMjhQSLUtNTK9Iyc4ARB5OW4OBREuEV/QvUyltckJhbnJkOkTrFqC
	glzqsNjFMhAZBERmkeXBssyi8xykoJ8zIyMDAI8RSkFuVmlqDKv2IU52BUEubVZgCawpOZVwI
	3/RXQYiagxSzzwBaXJCKkpBoYy+u1vlQ0OPZkrYrg2v3t69obq+4UadTxcJ95P+G9uAffowTz
	Cz+8ynJdav+rtx9/d3+NxHxfgUd/LPtFT5x+VFX+NVyA4fmcE1f2H2rkDZu3pT5HW22+C2+15
	ArHjZavN23MWKG1l/nSRb66D9wpX60SfmW5rZbPe+l2c/dBzv/tEUt03ZZuUmIpzkg01GIuKk
	4EAMr2x+ztAgAA
X-Env-Sender: marmarek@invisiblethingslab.com
X-Msg-Ref: server-11.tower-31.messagelabs.com!1498481406!76523713!1
X-Originating-IP: [66.111.4.27]
X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor:
	VHJ1c3RlZCBJUDogNjYuMTExLjQuMjcgPT4gODQ2Mw==\n
X-StarScan-Received: 
X-StarScan-Version: 9.4.19; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 23565 invoked from network); 26 Jun 2017 12:50:07 -0000
Received: from out3-smtp.messagingengine.com (HELO
	out3-smtp.messagingengine.com) (66.111.4.27)
	by server-11.tower-31.messagelabs.com with DHE-RSA-AES256-GCM-SHA384
	encrypted SMTP; 26 Jun 2017 12:50:07 -0000
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47])
	by mailout.nyi.internal (Postfix) with ESMTP id 50BEC20964;
	Mon, 26 Jun 2017 08:50:06 -0400 (EDT)
Received: from frontend1 ([10.202.2.160])
	by compute7.internal (MEProxy); Mon, 26 Jun 2017 08:50:06 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-transfer-encoding:content-type
	:date:from:in-reply-to:message-id:mime-version:references
	:subject:to:x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s=
	fm1; bh=1+0lVKo0yN1wmFURgvD0NvANsWU/czm9mR1oAOQa1DE=; b=OAUpiMpS
	CHXWj5bEa0AWel7Hh1li1ODS++N64uABfATfeNQbI/6ajgRi4P1B2rKABo58+SIu
	Oa1UP23X42WdR5py18OZC/kSTtW03+zEO00y5cgYDIG1gcAY/kWrQDDsVr32vpLV
	UpL/6wxhRW60W1cZ3rAqvEMyW884ieO9PnTdyhr438dkNbBAUe79X5oZ4ujOgnq7
	JCIFDlbGjIjO88le+0i7XWU+/M4zXFKunz0PJpGVxU70In1XIZNhQHD9VYXhCa7A
	BVKipcAeCXuFPaA7+zNL566CEoIpBKJWBwTCBZPJ+7K4JYcH13Yf2ks0ljc8blqw
	sGt+KSwDax3pzw==
X-ME-Sender: <xms:_gJRWbSK_vIZO_N2Teztj7oSWmbBOI5P0R4voy4R2lgZsKyeTFPreg>
X-Sasl-enc: aZmr3L7XBH6htkSnLalxMCaeMHOoipJHiTKHFTb50wS+ 1498481405
Received: from devel-3rdparty.localdomain (89-70-103-23.dynamic.chello.pl
	[89.70.103.23])
	by mail.messagingengine.com (Postfix) with ESMTPA id D457D7E807;
	Mon, 26 Jun 2017 08:50:04 -0400 (EDT)
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
	<marmarek@invisiblethingslab.com>
To: xen-devel@lists.xenproject.org
Date: Mon, 26 Jun 2017 14:49:46 +0200
Message-Id: <1498481386-8704-1-git-send-email-marmarek@invisiblethingslab.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <20170626124505.GV1268@mail-itl>
References: <20170626124505.GV1268@mail-itl>
MIME-Version: 1.0
Organization: Invisible Things Lab
Cc: Juergen Gross <jgross@suse.com>,
	Andrew Cooper <andrew.cooper3@citrix.com>,
	x86@kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org,
	=?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
	<marmarek@invisiblethingslab.com>,
	Boris Ostrovsky <boris.ostrovsky@oracle.com>
Subject: [Xen-devel] [PATCH v2] x86/xen: allow userspace access during
	hypercalls
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xen.org>
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
X-Virus-Scanned: ClamAV using ClamSMTP

Userspace application can do a hypercall through /dev/xen/privcmd, and
some for some hypercalls argument is a pointers to user-provided
structure. When SMAP is supported and enabled, hypervisor can't access.
So, lets allow it.

The same applies to HYPERVISOR_dm_op, where additionally privcmd driver
carefully verify buffer addresses.

Cc: stable@vger.kernel.org
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
---
 arch/x86/include/asm/xen/hypercall.h | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

Changes since v1:
 - add HYPERVISOR_dm_op

diff --git a/arch/x86/include/asm/xen/hypercall.h b/arch/x86/include/asm/xen/hypercall.h
index f6d20f6..32b74a8 100644
--- a/arch/x86/include/asm/xen/hypercall.h
+++ b/arch/x86/include/asm/xen/hypercall.h
@@ -43,6 +43,7 @@
 
 #include <asm/page.h>
 #include <asm/pgtable.h>
+#include <asm/smap.h>
 
 #include <xen/interface/xen.h>
 #include <xen/interface/sched.h>
@@ -214,10 +215,12 @@ privcmd_call(unsigned call,
 	__HYPERCALL_DECLS;
 	__HYPERCALL_5ARG(a1, a2, a3, a4, a5);
 
+	stac();
 	asm volatile("call *%[call]"
 		     : __HYPERCALL_5PARAM
 		     : [call] "a" (&hypercall_page[call])
 		     : __HYPERCALL_CLOBBER5);
+	clac();
 
 	return (long)__res;
 }
@@ -476,7 +479,11 @@ static inline int
 HYPERVISOR_dm_op(
 	domid_t dom, unsigned int nr_bufs, void *bufs)
 {
-	return _hypercall3(int, dm_op, dom, nr_bufs, bufs);
+	int ret;
+	stac();
+	ret = _hypercall3(int, dm_op, dom, nr_bufs, bufs);
+	clac();
+	return ret;
 }
 
 static inline void