arm64: KVM: Fix user access for debug registers

When setting the debug register from userspace, make sure that copy_from_user() is called with its parameters in the expected order. It otherwise doesn't do what you think. Fixes: 84e690bfbed1 ("KVM: arm64: introduce vcpu->arch.debug_ptr") Reported-by: Peter Maydell <peter.maydell@linaro.org> Cc: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
author: Marc Zyngier <marc.zyngier@arm.com> 2015-09-16 05:54:37 -0400
committer: Marc Zyngier <marc.zyngier@arm.com> 2015-09-16 09:50:04 -0400
commit: 1713e5aa05fff3951e747548b373bd2c81be4e7a (patch)
tree: d8d1c9a4e9ae3b81de11343139c56b29c7d2e043
parent: 43297dda0a51e4ffed0888ce727c218cfb7474b6 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
index b41607d270ac..1d0463e6a9e3 100644
--- a/arch/arm64/kvm/sys_regs.c
+++ b/arch/arm64/kvm/sys_regs.c
@@ -272,7 +272,7 @@ static int set_bvr(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
 {
        __u64 *r = &vcpu->arch.vcpu_debug_state.dbg_bvr[rd->reg];
-        if (copy_from_user(uaddr, r, KVM_REG_SIZE(reg->id)) != 0)
+        if (copy_from_user(r, uaddr, KVM_REG_SIZE(reg->id)) != 0)
                return -EFAULT;
        return 0;
 }
@@ -314,7 +314,7 @@ static int set_bcr(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
 {
        __u64 *r = &vcpu->arch.vcpu_debug_state.dbg_bcr[rd->reg];
-        if (copy_from_user(uaddr, r, KVM_REG_SIZE(reg->id)) != 0)
+        if (copy_from_user(r, uaddr, KVM_REG_SIZE(reg->id)) != 0)
                return -EFAULT;
        return 0;
@@ -358,7 +358,7 @@ static int set_wvr(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
 {
        __u64 *r = &vcpu->arch.vcpu_debug_state.dbg_wvr[rd->reg];
-        if (copy_from_user(uaddr, r, KVM_REG_SIZE(reg->id)) != 0)
+        if (copy_from_user(r, uaddr, KVM_REG_SIZE(reg->id)) != 0)
                return -EFAULT;
        return 0;
 }
@@ -400,7 +400,7 @@ static int set_wcr(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
 {
        __u64 *r = &vcpu->arch.vcpu_debug_state.dbg_wcr[rd->reg];
-        if (copy_from_user(uaddr, r, KVM_REG_SIZE(reg->id)) != 0)
+        if (copy_from_user(r, uaddr, KVM_REG_SIZE(reg->id)) != 0)
                return -EFAULT;
        return 0;
 }
author	Marc Zyngier <marc.zyngier@arm.com>	2015-09-16 05:54:37 -0400
committer	Marc Zyngier <marc.zyngier@arm.com>	2015-09-16 09:50:04 -0400
commit	1713e5aa05fff3951e747548b373bd2c81be4e7a (patch)
tree	d8d1c9a4e9ae3b81de11343139c56b29c7d2e043
parent	43297dda0a51e4ffed0888ce727c218cfb7474b6 (diff)

diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index b41607d270ac..1d0463e6a9e3 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c
@@ -272,7 +272,7 @@ static int set_bvr(struct kvm_vcpu vcpu, const struct sys_reg_desc rd,
272	{	272	{
273	__u64 *r = &vcpu->arch.vcpu_debug_state.dbg_bvr[rd->reg];	273	__u64 *r = &vcpu->arch.vcpu_debug_state.dbg_bvr[rd->reg];
274		274
275	if (copy_from_user(uaddr, r, KVM_REG_SIZE(reg->id)) != 0)	275	if (copy_from_user(r, uaddr, KVM_REG_SIZE(reg->id)) != 0)
276	return -EFAULT;	276	return -EFAULT;
277	return 0;	277	return 0;
278	}	278	}
@@ -314,7 +314,7 @@ static int set_bcr(struct kvm_vcpu vcpu, const struct sys_reg_desc rd,
314	{	314	{
315	__u64 *r = &vcpu->arch.vcpu_debug_state.dbg_bcr[rd->reg];	315	__u64 *r = &vcpu->arch.vcpu_debug_state.dbg_bcr[rd->reg];
316		316
317	if (copy_from_user(uaddr, r, KVM_REG_SIZE(reg->id)) != 0)	317	if (copy_from_user(r, uaddr, KVM_REG_SIZE(reg->id)) != 0)
318	return -EFAULT;	318	return -EFAULT;
319		319
320	return 0;	320	return 0;
@@ -358,7 +358,7 @@ static int set_wvr(struct kvm_vcpu vcpu, const struct sys_reg_desc rd,
358	{	358	{
359	__u64 *r = &vcpu->arch.vcpu_debug_state.dbg_wvr[rd->reg];	359	__u64 *r = &vcpu->arch.vcpu_debug_state.dbg_wvr[rd->reg];
360		360
361	if (copy_from_user(uaddr, r, KVM_REG_SIZE(reg->id)) != 0)	361	if (copy_from_user(r, uaddr, KVM_REG_SIZE(reg->id)) != 0)
362	return -EFAULT;	362	return -EFAULT;
363	return 0;	363	return 0;
364	}	364	}
@@ -400,7 +400,7 @@ static int set_wcr(struct kvm_vcpu vcpu, const struct sys_reg_desc rd,
400	{	400	{
401	__u64 *r = &vcpu->arch.vcpu_debug_state.dbg_wcr[rd->reg];	401	__u64 *r = &vcpu->arch.vcpu_debug_state.dbg_wcr[rd->reg];
402		402
403	if (copy_from_user(uaddr, r, KVM_REG_SIZE(reg->id)) != 0)	403	if (copy_from_user(r, uaddr, KVM_REG_SIZE(reg->id)) != 0)
404	return -EFAULT;	404	return -EFAULT;
405	return 0;	405	return 0;
406	}	406	}