linux-arm-kernel.lists.infradead.org archive mirror
 help / color / mirror / Atom feed
* [stable:PATCH v4.9.323] arm64: entry: Restore tramp_map_kernel ISB
@ 2022-07-14 16:22 James Morse
  2022-07-14 18:33 ` Patch "arm64: entry: Restore tramp_map_kernel ISB" has been added to the 4.9-stable tree gregkh
  2022-07-14 18:33 ` [stable:PATCH v4.9.323] arm64: entry: Restore tramp_map_kernel ISB Greg KH
  0 siblings, 2 replies; 3+ messages in thread
From: James Morse @ 2022-07-14 16:22 UTC (permalink / raw)
  To: stable, linux-arm-kernel; +Cc: Catalin Marinas, James Morse, Sumit Gupta

Summit reports that the BHB backports for v4.9 prevent vulnerable
platforms from booting when CONFIG_RANDOMIZE_BASE is enabled.

This is because the trampoline code takes a translation fault when
accessing the data page, because the TTBR write hasn't been completed
by an ISB before the access is made.

Upstream has a complex erratum workaround for QCOM_FALKOR_E1003 in
this area, which removes the ISB when the workaround has been applied.
v4.9 lacks this workaround, but should still have the ISB.

Restore the barrier.

Fixes: aee10c2dd013 ("arm64: entry: Add macro for reading symbol addresses from the trampoline")
Reported-by: Sumit Gupta <sumitg@nvidia.com>
Tested-by: Sumit Gupta <sumitg@nvidia.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: James Morse <james.morse@arm.com>
---
This only applies to the v4.9 backport, as v4.14 has the QCOM_FALKOR_E1003
workaround.

 arch/arm64/kernel/entry.S | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
index 1f79abb1e5dd..4551c0f35fc4 100644
--- a/arch/arm64/kernel/entry.S
+++ b/arch/arm64/kernel/entry.S
@@ -964,6 +964,7 @@ __ni_sys_trace:
 	b	.
 2:
 	tramp_map_kernel	x30
+	isb
 	tramp_data_read_var	x30, vectors
 	prfm	plil1strm, [x30, #(1b - \vector_start)]
 	msr	vbar_el1, x30
-- 
2.30.2


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Patch "arm64: entry: Restore tramp_map_kernel ISB" has been added to the 4.9-stable tree
  2022-07-14 16:22 [stable:PATCH v4.9.323] arm64: entry: Restore tramp_map_kernel ISB James Morse
@ 2022-07-14 18:33 ` gregkh
  2022-07-14 18:33 ` [stable:PATCH v4.9.323] arm64: entry: Restore tramp_map_kernel ISB Greg KH
  1 sibling, 0 replies; 3+ messages in thread
From: gregkh @ 2022-07-14 18:33 UTC (permalink / raw)
  To: catalin.marinas, gregkh, james.morse, linux-arm-kernel, sumitg
  Cc: stable-commits


This is a note to let you know that I've just added the patch titled

    arm64: entry: Restore tramp_map_kernel ISB

to the 4.9-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     arm64-entry-restore-tramp_map_kernel-isb.patch
and it can be found in the queue-4.9 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


From james.morse@arm.com  Thu Jul 14 20:32:47 2022
From: James Morse <james.morse@arm.com>
Date: Thu, 14 Jul 2022 17:22:25 +0100
Subject: arm64: entry: Restore tramp_map_kernel ISB
To: stable@vger.kernel.org, linux-arm-kernel@lists.infradead.org
Cc: Catalin Marinas <catalin.marinas@arm.com>, James Morse <james.morse@arm.com>, Sumit Gupta <sumitg@nvidia.com>
Message-ID: <20220714162225.280073-1-james.morse@arm.com>

From: James Morse <james.morse@arm.com>

Summit reports that the BHB backports for v4.9 prevent vulnerable
platforms from booting when CONFIG_RANDOMIZE_BASE is enabled.

This is because the trampoline code takes a translation fault when
accessing the data page, because the TTBR write hasn't been completed
by an ISB before the access is made.

Upstream has a complex erratum workaround for QCOM_FALKOR_E1003 in
this area, which removes the ISB when the workaround has been applied.
v4.9 lacks this workaround, but should still have the ISB.

Restore the barrier.

Fixes: aee10c2dd013 ("arm64: entry: Add macro for reading symbol addresses from the trampoline")
Reported-by: Sumit Gupta <sumitg@nvidia.com>
Tested-by: Sumit Gupta <sumitg@nvidia.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/arm64/kernel/entry.S |    1 +
 1 file changed, 1 insertion(+)

--- a/arch/arm64/kernel/entry.S
+++ b/arch/arm64/kernel/entry.S
@@ -964,6 +964,7 @@ __ni_sys_trace:
 	b	.
 2:
 	tramp_map_kernel	x30
+	isb
 	tramp_data_read_var	x30, vectors
 	prfm	plil1strm, [x30, #(1b - \vector_start)]
 	msr	vbar_el1, x30


Patches currently in stable-queue which might be from james.morse@arm.com are

queue-4.9/arm64-entry-restore-tramp_map_kernel-isb.patch

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [stable:PATCH v4.9.323] arm64: entry: Restore tramp_map_kernel ISB
  2022-07-14 16:22 [stable:PATCH v4.9.323] arm64: entry: Restore tramp_map_kernel ISB James Morse
  2022-07-14 18:33 ` Patch "arm64: entry: Restore tramp_map_kernel ISB" has been added to the 4.9-stable tree gregkh
@ 2022-07-14 18:33 ` Greg KH
  1 sibling, 0 replies; 3+ messages in thread
From: Greg KH @ 2022-07-14 18:33 UTC (permalink / raw)
  To: James Morse; +Cc: stable, linux-arm-kernel, Catalin Marinas, Sumit Gupta

On Thu, Jul 14, 2022 at 05:22:25PM +0100, James Morse wrote:
> Summit reports that the BHB backports for v4.9 prevent vulnerable
> platforms from booting when CONFIG_RANDOMIZE_BASE is enabled.
> 
> This is because the trampoline code takes a translation fault when
> accessing the data page, because the TTBR write hasn't been completed
> by an ISB before the access is made.
> 
> Upstream has a complex erratum workaround for QCOM_FALKOR_E1003 in
> this area, which removes the ISB when the workaround has been applied.
> v4.9 lacks this workaround, but should still have the ISB.
> 
> Restore the barrier.
> 
> Fixes: aee10c2dd013 ("arm64: entry: Add macro for reading symbol addresses from the trampoline")
> Reported-by: Sumit Gupta <sumitg@nvidia.com>
> Tested-by: Sumit Gupta <sumitg@nvidia.com>
> Cc: <stable@vger.kernel.org>
> Signed-off-by: James Morse <james.morse@arm.com>
> ---
> This only applies to the v4.9 backport, as v4.14 has the QCOM_FALKOR_E1003
> workaround.
> 
>  arch/arm64/kernel/entry.S | 1 +
>  1 file changed, 1 insertion(+)

Now queued up, thanks.

greg k-h

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-07-14 18:36 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-07-14 16:22 [stable:PATCH v4.9.323] arm64: entry: Restore tramp_map_kernel ISB James Morse
2022-07-14 18:33 ` Patch "arm64: entry: Restore tramp_map_kernel ISB" has been added to the 4.9-stable tree gregkh
2022-07-14 18:33 ` [stable:PATCH v4.9.323] arm64: entry: Restore tramp_map_kernel ISB Greg KH

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).