arm64: entry: Don't assume tramp_vectors is the start of the vectors

stable inclusion from stable-v4.19.236 commit af484e69b5e83095609d8b5c8abaf13a5460229e category: bugfix bugzilla: 186460, https://gitee.com/src-openeuler/kernel/issues/I53MHA CVE: CVE-2022-23960 -------------------------------- commit ed50da77 upstream. The tramp_ventry macro uses tramp_vectors as the address of the vectors when calculating which ventry in the 'full fat' vectors to branch to. While there is one set of tramp_vectors, this will be true. Adding multiple sets of vectors will break this assumption. Move the generation of the vectors to a macro, and pass the start of the vectors as an argument to tramp_ventry. Reviewed-by: N Russell King (Oracle) <rmk+kernel@armlinux.org.uk> Reviewed-by: N Catalin Marinas <catalin.marinas@arm.com> Signed-off-by: N James Morse <james.morse@arm.com> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: N Chen Jiahao <chenjiahao16@huawei.com> Reviewed-by: N Hanjun Guo <guohanjun@huawei.com> Reviewed-by: N Liao Chang <liaochang1@huawei.com> Signed-off-by: N Yongqiang Liu <liuyongqiang13@huawei.com>

arm64: entry: Don't assume tramp_vectors is the start of the vectors
stable inclusion from stable-v4.19.236 commit af484e69b5e83095609d8b5c8abaf13a5460229e category: bugfix bugzilla: 186460, https://gitee.com/src-openeuler/kernel/issues/I53MHA CVE: CVE-2022-23960 -------------------------------- commit ed50da77 upstream. The tramp_ventry macro uses tramp_vectors as the address of the vectors when calculating which ventry in the 'full fat' vectors to branch to. While there is one set of tramp_vectors, this will be true. Adding multiple sets of vectors will break this assumption. Move the generation of the vectors to a macro, and pass the start of the vectors as an argument to tramp_ventry. Reviewed-by: N Russell King (Oracle) <rmk+kernel@armlinux.org.uk> Reviewed-by: N Catalin Marinas <catalin.marinas@arm.com> Signed-off-by: N James Morse <james.morse@arm.com> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: N Chen Jiahao <chenjiahao16@huawei.com> Reviewed-by: N Hanjun Guo <guohanjun@huawei.com> Reviewed-by: N Liao Chang <liaochang1@huawei.com> Signed-off-by: N Yongqiang Liu <liuyongqiang13@huawei.com>
c13aede9 · James Morse · Yongqiang Liu · 656f57bd · c13aede9
隐藏空白更改
内联并排

Showing with 15 addition and 13 deletion

arch/arm64/kernel/entry.S arch/arm64/kernel/entry.S +15 -13

未找到文件。
--- a/arch/arm64/kernel/entry.S
+++ b/arch/arm64/kernel/entry.S
@@ -1075,7 +1075,7 @@ alternative_else_nop_endif
 	sub	\dst, \dst, PAGE_SIZE
 	.endm

-	.macro tramp_ventry, regsize = 64
+	.macro tramp_ventry, vector_start, regsize
 	.align	7
 1:
 	.if	\regsize == 64
@@ -1097,9 +1097,9 @@ alternative_insn isb, nop, ARM64_WORKAROUND_QCOM_FALKOR_E1003
 #else
 	ldr	x30, =vectors
 #endif
-	prfm	plil1strm, [x30, #(1b - tramp_vectors)]
+	prfm	plil1strm, [x30, #(1b - \vector_start)]
 	msr	vbar_el1, x30
-	add	x30, x30, #(1b - tramp_vectors + 4)
+	add	x30, x30, #(1b - \vector_start + 4)
 	isb
 	ret
 .org 1b + 128	// Did we overflow the ventry slot?
@@ -1117,19 +1117,21 @@ alternative_insn isb, nop, ARM64_WORKAROUND_QCOM_FALKOR_E1003
 	eret
 	.endm

-	.align	11
-ENTRY(tramp_vectors)
+	.macro	generate_tramp_vector
+.Lvector_start\@:
 	.space	0x400

-	tramp_ventry
-	tramp_ventry
-	tramp_ventry
-	tramp_ventry
+	.rept	4
+	tramp_ventry	.Lvector_start\@, 64
+	.endr
+	.rept	4
+	tramp_ventry	.Lvector_start\@, 32
+	.endr
+	.endm

-	tramp_ventry	32
-	tramp_ventry	32
-	tramp_ventry	32
-	tramp_ventry	32
+	.align	11
+ENTRY(tramp_vectors)
+	generate_tramp_vector
 END(tramp_vectors)

 ENTRY(tramp_exit_native)