linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Sasha Levin <Alexander.Levin@microsoft.com>
To: "stable@vger.kernel.org" <stable@vger.kernel.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Cc: Marc Zyngier <marc.zyngier@arm.com>,
	Will Deacon <will.deacon@arm.com>,
	Sasha Levin <Alexander.Levin@microsoft.com>
Subject: [PATCH AUTOSEL 4.14 23/25] arm/arm64: smccc-1.1: Handle function result as parameters
Date: Thu, 20 Sep 2018 02:48:32 +0000	[thread overview]
Message-ID: <20180920024810.58594-23-alexander.levin@microsoft.com> (raw)
In-Reply-To: <20180920024810.58594-1-alexander.levin@microsoft.com>

From: Marc Zyngier <marc.zyngier@arm.com>

[ Upstream commit 755a8bf5579d22eb5636685c516d8dede799e27b ]

If someone has the silly idea to write something along those lines:

	extern u64 foo(void);

	void bar(struct arm_smccc_res *res)
	{
		arm_smccc_1_1_smc(0xbad, foo(), res);
	}

they are in for a surprise, as this gets compiled as:

	0000000000000588 <bar>:
	 588:   a9be7bfd        stp     x29, x30, [sp, #-32]!
	 58c:   910003fd        mov     x29, sp
	 590:   f9000bf3        str     x19, [sp, #16]
	 594:   aa0003f3        mov     x19, x0
	 598:   aa1e03e0        mov     x0, x30
	 59c:   94000000        bl      0 <_mcount>
	 5a0:   94000000        bl      0 <foo>
	 5a4:   aa0003e1        mov     x1, x0
	 5a8:   d4000003        smc     #0x0
	 5ac:   b4000073        cbz     x19, 5b8 <bar+0x30>
	 5b0:   a9000660        stp     x0, x1, [x19]
	 5b4:   a9010e62        stp     x2, x3, [x19, #16]
	 5b8:   f9400bf3        ldr     x19, [sp, #16]
	 5bc:   a8c27bfd        ldp     x29, x30, [sp], #32
	 5c0:   d65f03c0        ret
	 5c4:   d503201f        nop

The call to foo "overwrites" the x0 register for the return value,
and we end up calling the wrong secure service.

A solution is to evaluate all the parameters before assigning
anything to specific registers, leading to the expected result:

	0000000000000588 <bar>:
	 588:   a9be7bfd        stp     x29, x30, [sp, #-32]!
	 58c:   910003fd        mov     x29, sp
	 590:   f9000bf3        str     x19, [sp, #16]
	 594:   aa0003f3        mov     x19, x0
	 598:   aa1e03e0        mov     x0, x30
	 59c:   94000000        bl      0 <_mcount>
	 5a0:   94000000        bl      0 <foo>
	 5a4:   aa0003e1        mov     x1, x0
	 5a8:   d28175a0        mov     x0, #0xbad
	 5ac:   d4000003        smc     #0x0
	 5b0:   b4000073        cbz     x19, 5bc <bar+0x34>
	 5b4:   a9000660        stp     x0, x1, [x19]
	 5b8:   a9010e62        stp     x2, x3, [x19, #16]
	 5bc:   f9400bf3        ldr     x19, [sp, #16]
	 5c0:   a8c27bfd        ldp     x29, x30, [sp], #32
	 5c4:   d65f03c0        ret

Reported-by: Julien Grall <julien.grall@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
 include/linux/arm-smccc.h | 30 ++++++++++++++++++++----------
 1 file changed, 20 insertions(+), 10 deletions(-)

diff --git a/include/linux/arm-smccc.h b/include/linux/arm-smccc.h
index 5a91ff33720b..18863d56273c 100644
--- a/include/linux/arm-smccc.h
+++ b/include/linux/arm-smccc.h
@@ -205,41 +205,51 @@ asmlinkage void __arm_smccc_hvc(unsigned long a0, unsigned long a1,
 	register unsigned long r3 asm("r3")
 
 #define __declare_arg_1(a0, a1, res)					\
+	typeof(a1) __a1 = a1;						\
 	struct arm_smccc_res   *___res = res;				\
 	register unsigned long r0 asm("r0") = (u32)a0;			\
-	register unsigned long r1 asm("r1") = a1;			\
+	register unsigned long r1 asm("r1") = __a1;			\
 	register unsigned long r2 asm("r2");				\
 	register unsigned long r3 asm("r3")
 
 #define __declare_arg_2(a0, a1, a2, res)				\
+	typeof(a1) __a1 = a1;						\
+	typeof(a2) __a2 = a2;						\
 	struct arm_smccc_res   *___res = res;				\
 	register unsigned long r0 asm("r0") = (u32)a0;			\
-	register unsigned long r1 asm("r1") = a1;			\
-	register unsigned long r2 asm("r2") = a2;			\
+	register unsigned long r1 asm("r1") = __a1;			\
+	register unsigned long r2 asm("r2") = __a2;			\
 	register unsigned long r3 asm("r3")
 
 #define __declare_arg_3(a0, a1, a2, a3, res)				\
+	typeof(a1) __a1 = a1;						\
+	typeof(a2) __a2 = a2;						\
+	typeof(a3) __a3 = a3;						\
 	struct arm_smccc_res   *___res = res;				\
 	register unsigned long r0 asm("r0") = (u32)a0;			\
-	register unsigned long r1 asm("r1") = a1;			\
-	register unsigned long r2 asm("r2") = a2;			\
-	register unsigned long r3 asm("r3") = a3
+	register unsigned long r1 asm("r1") = __a1;			\
+	register unsigned long r2 asm("r2") = __a2;			\
+	register unsigned long r3 asm("r3") = __a3
 
 #define __declare_arg_4(a0, a1, a2, a3, a4, res)			\
+	typeof(a4) __a4 = a4;						\
 	__declare_arg_3(a0, a1, a2, a3, res);				\
-	register typeof(a4) r4 asm("r4") = a4
+	register unsigned long r4 asm("r4") = __a4
 
 #define __declare_arg_5(a0, a1, a2, a3, a4, a5, res)			\
+	typeof(a5) __a5 = a5;						\
 	__declare_arg_4(a0, a1, a2, a3, a4, res);			\
-	register typeof(a5) r5 asm("r5") = a5
+	register unsigned long r5 asm("r5") = __a5
 
 #define __declare_arg_6(a0, a1, a2, a3, a4, a5, a6, res)		\
+	typeof(a6) __a6 = a6;						\
 	__declare_arg_5(a0, a1, a2, a3, a4, a5, res);			\
-	register typeof(a6) r6 asm("r6") = a6
+	register unsigned long r6 asm("r6") = __a6
 
 #define __declare_arg_7(a0, a1, a2, a3, a4, a5, a6, a7, res)		\
+	typeof(a7) __a7 = a7;						\
 	__declare_arg_6(a0, a1, a2, a3, a4, a5, a6, res);		\
-	register typeof(a7) r7 asm("r7") = a7
+	register unsigned long r7 asm("r7") = __a7
 
 #define ___declare_args(count, ...) __declare_arg_ ## count(__VA_ARGS__)
 #define __declare_args(count, ...)  ___declare_args(count, __VA_ARGS__)
-- 
2.17.1

  parent reply	other threads:[~2018-09-20  2:49 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-09-20  2:48 [PATCH AUTOSEL 4.14 01/25] qed: Wait for ready indication before rereading the shmem Sasha Levin
2018-09-20  2:48 ` [PATCH AUTOSEL 4.14 02/25] qed: Wait for MCP halt and resume commands to take place Sasha Levin
2018-09-20  2:48 ` [PATCH AUTOSEL 4.14 03/25] qed: Prevent a possible deadlock during driver load and unload Sasha Levin
2018-09-20  2:48 ` [PATCH AUTOSEL 4.14 05/25] thermal: of-thermal: disable passive polling when thermal zone is disabled Sasha Levin
2018-09-20  2:48 ` [PATCH AUTOSEL 4.14 04/25] qed: Avoid sending mailbox commands when MFW is not responsive Sasha Levin
2018-09-20  2:48 ` [PATCH AUTOSEL 4.14 06/25] isofs: reject hardware sector size > 2048 bytes Sasha Levin
2018-09-20  2:48 ` [PATCH AUTOSEL 4.14 07/25] tls: possible hang when do_tcp_sendpages hits sndbuf is full case Sasha Levin
2018-09-20  2:48 ` [PATCH AUTOSEL 4.14 08/25] bpf: sockmap: write_space events need to be passed to TCP handler Sasha Levin
2018-09-20  2:48 ` [PATCH AUTOSEL 4.14 09/25] net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES Sasha Levin
2018-09-20  2:48 ` [PATCH AUTOSEL 4.14 10/25] net: hns: fix skb->truesize underestimation Sasha Levin
2018-09-20  2:48 ` [PATCH AUTOSEL 4.14 11/25] e1000: check on netif_running() before calling e1000_up() Sasha Levin
2018-09-20  2:48 ` [PATCH AUTOSEL 4.14 12/25] e1000: ensure to free old tx/rx rings in set_ringparam() Sasha Levin
2018-09-20  2:48 ` [PATCH AUTOSEL 4.14 13/25] crypto: cavium/nitrox - fix for command corruption in queue full case with backlog submissions Sasha Levin
2018-09-20  2:48 ` [PATCH AUTOSEL 4.14 14/25] hwmon: (ina2xx) fix sysfs shunt resistor read access Sasha Levin
2018-09-20  2:48 ` [PATCH AUTOSEL 4.14 15/25] hwmon: (adt7475) Make adt7475_read_word() return errors Sasha Levin
2018-09-20  2:48 ` [PATCH AUTOSEL 4.14 16/25] Revert "ARM: dts: imx7d: Invert legacy PCI irq mapping" Sasha Levin
2018-09-20  2:48 ` [PATCH AUTOSEL 4.14 17/25] drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode Sasha Levin
2018-09-20  2:48 ` [PATCH AUTOSEL 4.14 18/25] drm/amdgpu: Update power state at the end of smu hw_init Sasha Levin
2018-09-20  2:48 ` [PATCH AUTOSEL 4.14 19/25] ata: ftide010: Add a quirk for SQ201 Sasha Levin
2018-09-20  2:48 ` [PATCH AUTOSEL 4.14 20/25] nvme-fcloop: Fix dropped LS's to removed target port Sasha Levin
2018-09-20  2:48 ` [PATCH AUTOSEL 4.14 21/25] ARM: dts: omap4-droid4: Fix emmc errors seen on some devices Sasha Levin
2018-09-20  2:48 ` [PATCH AUTOSEL 4.14 22/25] arm/arm64: smccc-1.1: Make return values unsigned long Sasha Levin
2018-09-20  2:48 ` [PATCH AUTOSEL 4.14 24/25] i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus Sasha Levin
2018-09-20  2:48 ` Sasha Levin [this message]
2018-09-20  2:48 ` [PATCH AUTOSEL 4.14 25/25] x86/pti: Fix section mismatch warning/error Sasha Levin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180920024810.58594-23-alexander.levin@microsoft.com \
    --to=alexander.levin@microsoft.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=marc.zyngier@arm.com \
    --cc=stable@vger.kernel.org \
    --cc=will.deacon@arm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).