提交 a4780ade 编写于 作者: A André Hentschel 提交者: Russell King

ARM: 7735/2: Preserve the user r/w register TPIDRURW on context switch and fork

Since commit 6a1c5312 the user writeable TLS register was zeroed to
prevent it from being used as a covert channel between two tasks.

There are more and more applications coming to Windows RT,
Wine could support them, but mostly they expect to have
the thread environment block (TEB) in TPIDRURW.

This patch preserves that register per thread instead of clearing it.
Unlike the TPIDRURO, which is already switched, the TPIDRURW
can be updated from userspace so needs careful treatment in the case that we
modify TPIDRURW and call fork(). To avoid this we must always read
TPIDRURW in copy_thread.
Signed-off-by: NAndré Hentschel <nerv@dawncrow.de>
Signed-off-by: NWill Deacon <will.deacon@arm.com>
Signed-off-by: NJonathan Austin <jonathan.austin@arm.com>
Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>
上级 4a1b5733
...@@ -58,7 +58,7 @@ struct thread_info { ...@@ -58,7 +58,7 @@ struct thread_info {
struct cpu_context_save cpu_context; /* cpu context */ struct cpu_context_save cpu_context; /* cpu context */
__u32 syscall; /* syscall number */ __u32 syscall; /* syscall number */
__u8 used_cp[16]; /* thread used copro */ __u8 used_cp[16]; /* thread used copro */
unsigned long tp_value; unsigned long tp_value[2]; /* TLS registers */
#ifdef CONFIG_CRUNCH #ifdef CONFIG_CRUNCH
struct crunch_state crunchstate; struct crunch_state crunchstate;
#endif #endif
......
...@@ -2,27 +2,30 @@ ...@@ -2,27 +2,30 @@
#define __ASMARM_TLS_H #define __ASMARM_TLS_H
#ifdef __ASSEMBLY__ #ifdef __ASSEMBLY__
.macro set_tls_none, tp, tmp1, tmp2 #include <asm/asm-offsets.h>
.macro switch_tls_none, base, tp, tpuser, tmp1, tmp2
.endm .endm
.macro set_tls_v6k, tp, tmp1, tmp2 .macro switch_tls_v6k, base, tp, tpuser, tmp1, tmp2
mrc p15, 0, \tmp2, c13, c0, 2 @ get the user r/w register
mcr p15, 0, \tp, c13, c0, 3 @ set TLS register mcr p15, 0, \tp, c13, c0, 3 @ set TLS register
mov \tmp1, #0 mcr p15, 0, \tpuser, c13, c0, 2 @ and the user r/w register
mcr p15, 0, \tmp1, c13, c0, 2 @ clear user r/w TLS register str \tmp2, [\base, #TI_TP_VALUE + 4] @ save it
.endm .endm
.macro set_tls_v6, tp, tmp1, tmp2 .macro switch_tls_v6, base, tp, tpuser, tmp1, tmp2
ldr \tmp1, =elf_hwcap ldr \tmp1, =elf_hwcap
ldr \tmp1, [\tmp1, #0] ldr \tmp1, [\tmp1, #0]
mov \tmp2, #0xffff0fff mov \tmp2, #0xffff0fff
tst \tmp1, #HWCAP_TLS @ hardware TLS available? tst \tmp1, #HWCAP_TLS @ hardware TLS available?
mcrne p15, 0, \tp, c13, c0, 3 @ yes, set TLS register
movne \tmp1, #0
mcrne p15, 0, \tmp1, c13, c0, 2 @ clear user r/w TLS register
streq \tp, [\tmp2, #-15] @ set TLS value at 0xffff0ff0 streq \tp, [\tmp2, #-15] @ set TLS value at 0xffff0ff0
mrcne p15, 0, \tmp2, c13, c0, 2 @ get the user r/w register
mcrne p15, 0, \tp, c13, c0, 3 @ yes, set TLS register
mcrne p15, 0, \tpuser, c13, c0, 2 @ set user r/w register
strne \tmp2, [\base, #TI_TP_VALUE + 4] @ save it
.endm .endm
.macro set_tls_software, tp, tmp1, tmp2 .macro switch_tls_software, base, tp, tpuser, tmp1, tmp2
mov \tmp1, #0xffff0fff mov \tmp1, #0xffff0fff
str \tp, [\tmp1, #-15] @ set TLS value at 0xffff0ff0 str \tp, [\tmp1, #-15] @ set TLS value at 0xffff0ff0
.endm .endm
...@@ -31,19 +34,30 @@ ...@@ -31,19 +34,30 @@
#ifdef CONFIG_TLS_REG_EMUL #ifdef CONFIG_TLS_REG_EMUL
#define tls_emu 1 #define tls_emu 1
#define has_tls_reg 1 #define has_tls_reg 1
#define set_tls set_tls_none #define switch_tls switch_tls_none
#elif defined(CONFIG_CPU_V6) #elif defined(CONFIG_CPU_V6)
#define tls_emu 0 #define tls_emu 0
#define has_tls_reg (elf_hwcap & HWCAP_TLS) #define has_tls_reg (elf_hwcap & HWCAP_TLS)
#define set_tls set_tls_v6 #define switch_tls switch_tls_v6
#elif defined(CONFIG_CPU_32v6K) #elif defined(CONFIG_CPU_32v6K)
#define tls_emu 0 #define tls_emu 0
#define has_tls_reg 1 #define has_tls_reg 1
#define set_tls set_tls_v6k #define switch_tls switch_tls_v6k
#else #else
#define tls_emu 0 #define tls_emu 0
#define has_tls_reg 0 #define has_tls_reg 0
#define set_tls set_tls_software #define switch_tls switch_tls_software
#endif #endif
#ifndef __ASSEMBLY__
static inline unsigned long get_tpuser(void)
{
unsigned long reg = 0;
if (has_tls_reg && !tls_emu)
__asm__("mrc p15, 0, %0, c13, c0, 2" : "=r" (reg));
return reg;
}
#endif
#endif /* __ASMARM_TLS_H */ #endif /* __ASMARM_TLS_H */
...@@ -685,15 +685,16 @@ ENTRY(__switch_to) ...@@ -685,15 +685,16 @@ ENTRY(__switch_to)
UNWIND(.fnstart ) UNWIND(.fnstart )
UNWIND(.cantunwind ) UNWIND(.cantunwind )
add ip, r1, #TI_CPU_SAVE add ip, r1, #TI_CPU_SAVE
ldr r3, [r2, #TI_TP_VALUE]
ARM( stmia ip!, {r4 - sl, fp, sp, lr} ) @ Store most regs on stack ARM( stmia ip!, {r4 - sl, fp, sp, lr} ) @ Store most regs on stack
THUMB( stmia ip!, {r4 - sl, fp} ) @ Store most regs on stack THUMB( stmia ip!, {r4 - sl, fp} ) @ Store most regs on stack
THUMB( str sp, [ip], #4 ) THUMB( str sp, [ip], #4 )
THUMB( str lr, [ip], #4 ) THUMB( str lr, [ip], #4 )
ldr r4, [r2, #TI_TP_VALUE]
ldr r5, [r2, #TI_TP_VALUE + 4]
#ifdef CONFIG_CPU_USE_DOMAINS #ifdef CONFIG_CPU_USE_DOMAINS
ldr r6, [r2, #TI_CPU_DOMAIN] ldr r6, [r2, #TI_CPU_DOMAIN]
#endif #endif
set_tls r3, r4, r5 switch_tls r1, r4, r5, r3, r7
#if defined(CONFIG_CC_STACKPROTECTOR) && !defined(CONFIG_SMP) #if defined(CONFIG_CC_STACKPROTECTOR) && !defined(CONFIG_SMP)
ldr r7, [r2, #TI_TASK] ldr r7, [r2, #TI_TASK]
ldr r8, =__stack_chk_guard ldr r8, =__stack_chk_guard
......
...@@ -39,6 +39,7 @@ ...@@ -39,6 +39,7 @@
#include <asm/thread_notify.h> #include <asm/thread_notify.h>
#include <asm/stacktrace.h> #include <asm/stacktrace.h>
#include <asm/mach/time.h> #include <asm/mach/time.h>
#include <asm/tls.h>
#ifdef CONFIG_CC_STACKPROTECTOR #ifdef CONFIG_CC_STACKPROTECTOR
#include <linux/stackprotector.h> #include <linux/stackprotector.h>
...@@ -343,7 +344,8 @@ copy_thread(unsigned long clone_flags, unsigned long stack_start, ...@@ -343,7 +344,8 @@ copy_thread(unsigned long clone_flags, unsigned long stack_start,
clear_ptrace_hw_breakpoint(p); clear_ptrace_hw_breakpoint(p);
if (clone_flags & CLONE_SETTLS) if (clone_flags & CLONE_SETTLS)
thread->tp_value = childregs->ARM_r3; thread->tp_value[0] = childregs->ARM_r3;
thread->tp_value[1] = get_tpuser();
thread_notify(THREAD_NOTIFY_COPY, thread); thread_notify(THREAD_NOTIFY_COPY, thread);
......
...@@ -849,7 +849,7 @@ long arch_ptrace(struct task_struct *child, long request, ...@@ -849,7 +849,7 @@ long arch_ptrace(struct task_struct *child, long request,
#endif #endif
case PTRACE_GET_THREAD_AREA: case PTRACE_GET_THREAD_AREA:
ret = put_user(task_thread_info(child)->tp_value, ret = put_user(task_thread_info(child)->tp_value[0],
datap); datap);
break; break;
......
...@@ -581,7 +581,7 @@ asmlinkage int arm_syscall(int no, struct pt_regs *regs) ...@@ -581,7 +581,7 @@ asmlinkage int arm_syscall(int no, struct pt_regs *regs)
return regs->ARM_r0; return regs->ARM_r0;
case NR(set_tls): case NR(set_tls):
thread->tp_value = regs->ARM_r0; thread->tp_value[0] = regs->ARM_r0;
if (tls_emu) if (tls_emu)
return 0; return 0;
if (has_tls_reg) { if (has_tls_reg) {
...@@ -699,7 +699,7 @@ static int get_tp_trap(struct pt_regs *regs, unsigned int instr) ...@@ -699,7 +699,7 @@ static int get_tp_trap(struct pt_regs *regs, unsigned int instr)
int reg = (instr >> 12) & 15; int reg = (instr >> 12) & 15;
if (reg == 15) if (reg == 15)
return 1; return 1;
regs->uregs[reg] = current_thread_info()->tp_value; regs->uregs[reg] = current_thread_info()->tp_value[0];
regs->ARM_pc += 4; regs->ARM_pc += 4;
return 0; return 0;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册