From: Ian Campbell <ian.campbell@citrix.com>
Date: Tue, 12 Aug 2014 13:32:27 +0000 (+0200)
Subject: xen: arm: handle AArch32 userspace when dumping 64-bit guest state.
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~4533
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=fc0cafeab30fe93963457fafbad7a01c7f55ea5f;p=xen.git

xen: arm: handle AArch32 userspace when dumping 64-bit guest state.

A 64-bit guest can still be in 32-bit mode when running userspace,
handle this case by dumping the correct 32-bit state.

Note that on ARM it is not possible to change mode without the help
of the next exception level, hence there is no way a 64-bit guest can
be running in 32-bit kernel modes.

This is part of CVE-2014-5147 / XSA-102.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Julien Grall <julien.grall@linaro.org>
---

diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
index 76a9586aa2..5adf1253d6 100644
--- a/xen/arch/arm/traps.c
+++ b/xen/arch/arm/traps.c
@@ -697,7 +697,17 @@ static void _show_registers(struct cpu_user_regs *regs,
             show_registers_32(regs, ctxt, guest_mode, v);
 #ifdef CONFIG_ARM_64
         else if ( is_64bit_domain(v->domain) )
-            show_registers_64(regs, ctxt, guest_mode, v);
+        {
+            if ( psr_mode_is_32bit(regs->cpsr) )
+            {
+                BUG_ON(!usr_mode(regs));
+                show_registers_32(regs, ctxt, guest_mode, v);
+            }
+            else
+            {
+                show_registers_64(regs, ctxt, guest_mode, v);
+            }
+        }
 #endif
     }
     else