--- /dev/null
+From c54590cac51db8ab5fd30156bdaba34af915e629 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
+ <marmarek@invisiblethingslab.com>
+Date: Mon, 26 Jun 2017 14:49:46 +0200
+Subject: x86/xen: allow userspace access during hypercalls
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
+
+commit c54590cac51db8ab5fd30156bdaba34af915e629 upstream.
+
+Userspace application can do a hypercall through /dev/xen/privcmd, and
+some for some hypercalls argument is a pointers to user-provided
+structure. When SMAP is supported and enabled, hypervisor can't access.
+So, lets allow it.
+
+The same applies to HYPERVISOR_dm_op, where additionally privcmd driver
+carefully verify buffer addresses.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
+Reviewed-by: Juergen Gross <jgross@suse.com>
+[HYPERVISOR_dm_op dropped - not present until 4.11]
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/include/asm/xen/hypercall.h | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/arch/x86/include/asm/xen/hypercall.h
++++ b/arch/x86/include/asm/xen/hypercall.h
+@@ -43,6 +43,7 @@
+
+ #include <asm/page.h>
+ #include <asm/pgtable.h>
++#include <asm/smap.h>
+
+ #include <xen/interface/xen.h>
+ #include <xen/interface/sched.h>
+@@ -214,10 +215,12 @@ privcmd_call(unsigned call,
+ __HYPERCALL_DECLS;
+ __HYPERCALL_5ARG(a1, a2, a3, a4, a5);
+
++ stac();
+ asm volatile("call *%[call]"
+ : __HYPERCALL_5PARAM
+ : [call] "a" (&hypercall_page[call])
+ : __HYPERCALL_CLOBBER5);
++ clac();
+
+ return (long)__res;
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
