This is a note to let you know that I've just added the patch titled

    ARM: 7384/1: ThumbEE: Disable userspace TEEHBR access for 
!CONFIG_ARM_THUMBEE

to the 3.3-stable tree which can be found at:
    
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     
arm-7384-1-thumbee-disable-userspace-teehbr-access-for-config_arm_thumbee.patch
and it can be found in the queue-3.3 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.


>From 078c04545ba56da21567728a909a496df5ff730d Mon Sep 17 00:00:00 2001
From: Jonathan Austin <[email protected]>
Date: Thu, 12 Apr 2012 17:45:25 +0100
Subject: ARM: 7384/1: ThumbEE: Disable userspace TEEHBR access for 
!CONFIG_ARM_THUMBEE

From: Jonathan Austin <[email protected]>

commit 078c04545ba56da21567728a909a496df5ff730d upstream.

Currently when ThumbEE is not enabled (!CONFIG_ARM_THUMBEE) the ThumbEE
register states are not saved/restored at context switch. The default state
of the ThumbEE Ctrl register (TEECR) allows userspace accesses to the
ThumbEE Base Handler register (TEEHBR). This can cause unexpected behaviour
when people use ThumbEE on !CONFIG_ARM_THUMBEE kernels, as well as allowing
covert communication - eg between userspace tasks running inside chroot
jails.

This patch sets up TEECR in order to prevent user-space access to TEEHBR
when !CONFIG_ARM_THUMBEE. In this case, tasks are sent SIGILL if they try to
access TEEHBR.

Reviewed-by: Will Deacon <[email protected]>
Signed-off-by: Jonathan Austin <[email protected]>
Signed-off-by: Russell King <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
 arch/arm/mm/proc-v7.S |   12 ++++++++++++
 1 file changed, 12 insertions(+)

--- a/arch/arm/mm/proc-v7.S
+++ b/arch/arm/mm/proc-v7.S
@@ -255,6 +255,18 @@ __v7_setup:
        mcr     p15, 0, r5, c10, c2, 0          @ write PRRR
        mcr     p15, 0, r6, c10, c2, 1          @ write NMRR
 #endif
+#ifndef CONFIG_ARM_THUMBEE
+       mrc     p15, 0, r0, c0, c1, 0           @ read ID_PFR0 for ThumbEE
+       and     r0, r0, #(0xf << 12)            @ ThumbEE enabled field
+       teq     r0, #(1 << 12)                  @ check if ThumbEE is present
+       bne     1f
+       mov     r5, #0
+       mcr     p14, 6, r5, c1, c0, 0           @ Initialize TEEHBR to 0
+       mrc     p14, 6, r0, c0, c0, 0           @ load TEECR
+       orr     r0, r0, #1                      @ set the 1st bit in order to
+       mcr     p14, 6, r0, c0, c0, 0           @ stop userspace TEEHBR access
+1:
+#endif
        adr     r5, v7_crval
        ldmia   r5, {r5, r6}
 #ifdef CONFIG_CPU_ENDIAN_BE8


Patches currently in stable-queue which might be from [email protected] 
are

queue-3.3/arm-7384-1-thumbee-disable-userspace-teehbr-access-for-config_arm_thumbee.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to