diff options
author | James Morse <james.morse@arm.com> | 2020-05-19 20:21:08 +0200 |
---|---|---|
committer | Will Deacon <will@kernel.org> | 2020-05-20 10:36:01 +0200 |
commit | 472de63b0b8383565e103f809f5df37d1c4390ab (patch) | |
tree | d2bc2eb495a0b2e8a8bde740987a2a7104c0d9d4 /drivers/firmware | |
parent | firmware: arm_sdei: remove unused interfaces (diff) | |
download | linux-472de63b0b8383565e103f809f5df37d1c4390ab.tar.xz linux-472de63b0b8383565e103f809f5df37d1c4390ab.zip |
firmware: arm_sdei: Document the motivation behind these set_fs() calls
The SDEI handler save/restores the addr_limit using set_fs(). It isn't
very clear why. The reason is to mirror the arch code's entry assembly.
The arch code does this because perf may access user-space, and
inheriting the addr_limit may be a problem.
Add a comment explaining why this is here.
Suggested-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: James Morse <james.morse@arm.com>
Link: https://bugs.chromium.org/p/project-zero/issues/detail?id=822
Link: https://lore.kernel.org/r/20200519182108.13693-4-james.morse@arm.com
Signed-off-by: Will Deacon <will@kernel.org>
Diffstat (limited to 'drivers/firmware')
-rw-r--r-- | drivers/firmware/arm_sdei.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/drivers/firmware/arm_sdei.c b/drivers/firmware/arm_sdei.c index b12b99a19f66..e7e36aab2386 100644 --- a/drivers/firmware/arm_sdei.c +++ b/drivers/firmware/arm_sdei.c @@ -1128,6 +1128,14 @@ int sdei_event_handler(struct pt_regs *regs, mm_segment_t orig_addr_limit; u32 event_num = arg->event_num; + /* + * Save restore 'fs'. + * The architecture's entry code save/restores 'fs' when taking an + * exception from the kernel. This ensures addr_limit isn't inherited + * if you interrupted something that allowed the uaccess routines to + * access kernel memory. + * Do the same here because this doesn't come via the same entry code. + */ orig_addr_limit = get_fs(); set_fs(USER_DS); |