diff options
| author | James Morse <james.morse@arm.com> | 2022-07-14 17:22:25 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2022-07-21 20:40:30 +0200 |
| commit | 7b2290c612c479608858ef3923b38265c4503cd6 (patch) | |
| tree | c3d2dbcac463abead478c1a579f108f2df2f83c8 | |
| parent | dadca36da71766becf9553b5f54fcfa5ba5fa4b0 (diff) | |
| download | linux-7b2290c612c479608858ef3923b38265c4503cd6.tar.gz linux-7b2290c612c479608858ef3923b38265c4503cd6.tar.bz2 linux-7b2290c612c479608858ef3923b38265c4503cd6.zip | |
arm64: entry: Restore tramp_map_kernel ISB
Summit reports that the BHB backports for v4.9 prevent vulnerable
platforms from booting when CONFIG_RANDOMIZE_BASE is enabled.
This is because the trampoline code takes a translation fault when
accessing the data page, because the TTBR write hasn't been completed
by an ISB before the access is made.
Upstream has a complex erratum workaround for QCOM_FALKOR_E1003 in
this area, which removes the ISB when the workaround has been applied.
v4.9 lacks this workaround, but should still have the ISB.
Restore the barrier.
Fixes: aee10c2dd013 ("arm64: entry: Add macro for reading symbol addresses from the trampoline")
Reported-by: Sumit Gupta <sumitg@nvidia.com>
Tested-by: Sumit Gupta <sumitg@nvidia.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | arch/arm64/kernel/entry.S | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index 1f79abb1e5dd..4551c0f35fc4 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -964,6 +964,7 @@ __ni_sys_trace: b . 2: tramp_map_kernel x30 + isb tramp_data_read_var x30, vectors prfm plil1strm, [x30, #(1b - \vector_start)] msr vbar_el1, x30 |