7054419600
If a CPU supports both Privileged Access Never (PAN) and User Access Override (UAO), we don't need to disable/re-enable PAN round all copy_to_user() like calls. UAO alternatives cause these calls to use the 'unprivileged' load/store instructions, which are overridden to be the privileged kind when fs==KERNEL_DS. This patch changes the copy_to_user() calls to have their PAN toggling depend on a new composite 'feature' ARM64_ALT_PAN_NOT_UAO. If both features are detected, PAN will be enabled, but the copy_to_user() alternatives will not be applied. This means PAN will be enabled all the time for these functions. If only PAN is detected, the toggling will be enabled as normal. This will save the time taken to disable/re-enable PAN, and allow us to catch copy_to_user() accesses that occur with fs==KERNEL_DS. Futex and swp-emulation code continue to hang their PAN toggling code on ARM64_HAS_PAN. Signed-off-by: James Morse <james.morse@arm.com> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
67 lines
1.8 KiB
ArmAsm
67 lines
1.8 KiB
ArmAsm
/*
|
|
* Based on arch/arm/lib/clear_user.S
|
|
*
|
|
* Copyright (C) 2012 ARM Ltd.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
#include <linux/linkage.h>
|
|
|
|
#include <asm/alternative.h>
|
|
#include <asm/assembler.h>
|
|
#include <asm/cpufeature.h>
|
|
#include <asm/sysreg.h>
|
|
|
|
.text
|
|
|
|
/* Prototype: int __clear_user(void *addr, size_t sz)
|
|
* Purpose : clear some user memory
|
|
* Params : addr - user memory address to clear
|
|
* : sz - number of bytes to clear
|
|
* Returns : number of bytes NOT cleared
|
|
*
|
|
* Alignment fixed up by hardware.
|
|
*/
|
|
ENTRY(__clear_user)
|
|
ALTERNATIVE("nop", __stringify(SET_PSTATE_PAN(0)), ARM64_ALT_PAN_NOT_UAO, \
|
|
CONFIG_ARM64_PAN)
|
|
mov x2, x1 // save the size for fixup return
|
|
subs x1, x1, #8
|
|
b.mi 2f
|
|
1:
|
|
uao_user_alternative 9f, str, sttr, xzr, x0, 8
|
|
subs x1, x1, #8
|
|
b.pl 1b
|
|
2: adds x1, x1, #4
|
|
b.mi 3f
|
|
uao_user_alternative 9f, str, sttr, wzr, x0, 4
|
|
sub x1, x1, #4
|
|
3: adds x1, x1, #2
|
|
b.mi 4f
|
|
uao_user_alternative 9f, strh, sttrh, wzr, x0, 2
|
|
sub x1, x1, #2
|
|
4: adds x1, x1, #1
|
|
b.mi 5f
|
|
uao_user_alternative 9f, strb, sttrb, wzr, x0, 0
|
|
5: mov x0, #0
|
|
ALTERNATIVE("nop", __stringify(SET_PSTATE_PAN(1)), ARM64_ALT_PAN_NOT_UAO, \
|
|
CONFIG_ARM64_PAN)
|
|
ret
|
|
ENDPROC(__clear_user)
|
|
|
|
.section .fixup,"ax"
|
|
.align 2
|
|
9: mov x0, x2 // return the original size
|
|
ret
|
|
.previous
|