tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull arm64 fixes from Will Deacon:
"A couple of late fixes here, but one that we've been sitting on for a
few weeks while the details were worked out. Specifically, we now
enforce USER_DS on taking exceptions whilst in the kernel, which
avoids leaking kernel data to userspace through things like perf. The
other patch is an update to a workaround for a hardware erratum on
some Cavium SoCs.

Summary:

- Enforce USER_DS on exception entry from EL1

- Apply workaround for Cavium errata #27456 on Thunderx-81xx parts"

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: Enable workaround for Cavium erratum 27456 on thunderx-81xx
arm64: kernel: Save and restore UAO and addr_limit on exception entry

Linus Torvalds 267ba964 a017f583

+30 -3
+2
arch/arm64/include/asm/cputype.h
··· 80 80 #define APM_CPU_PART_POTENZA 0x000 81 81 82 82 #define CAVIUM_CPU_PART_THUNDERX 0x0A1 83 + #define CAVIUM_CPU_PART_THUNDERX_81XX 0x0A2 83 84 84 85 #define BRCM_CPU_PART_VULCAN 0x516 85 86 86 87 #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53) 87 88 #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57) 88 89 #define MIDR_THUNDERX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX) 90 + #define MIDR_THUNDERX_81XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_81XX) 89 91 90 92 #ifndef __ASSEMBLY__ 91 93
+2
arch/arm64/include/asm/ptrace.h
··· 117 117 }; 118 118 u64 orig_x0; 119 119 u64 syscallno; 120 + u64 orig_addr_limit; 121 + u64 unused; // maintain 16 byte alignment 120 122 }; 121 123 122 124 #define arch_has_single_step() (1)
+1
arch/arm64/kernel/asm-offsets.c
··· 60 60 DEFINE(S_PC, offsetof(struct pt_regs, pc)); 61 61 DEFINE(S_ORIG_X0, offsetof(struct pt_regs, orig_x0)); 62 62 DEFINE(S_SYSCALLNO, offsetof(struct pt_regs, syscallno)); 63 + DEFINE(S_ORIG_ADDR_LIMIT, offsetof(struct pt_regs, orig_addr_limit)); 63 64 DEFINE(S_FRAME_SIZE, sizeof(struct pt_regs)); 64 65 BLANK(); 65 66 DEFINE(MM_CONTEXT_ID, offsetof(struct mm_struct, context.id.counter));
+6
arch/arm64/kernel/cpu_errata.c
··· 98 98 MIDR_RANGE(MIDR_THUNDERX, 0x00, 99 99 (1 << MIDR_VARIANT_SHIFT) | 1), 100 100 }, 101 + { 102 + /* Cavium ThunderX, T81 pass 1.0 */ 103 + .desc = "Cavium erratum 27456", 104 + .capability = ARM64_WORKAROUND_CAVIUM_27456, 105 + MIDR_RANGE(MIDR_THUNDERX_81XX, 0x00, 0x00), 106 + }, 101 107 #endif 102 108 { 103 109 }
+17 -2
arch/arm64/kernel/entry.S
··· 28 28 #include <asm/errno.h> 29 29 #include <asm/esr.h> 30 30 #include <asm/irq.h> 31 + #include <asm/memory.h> 31 32 #include <asm/thread_info.h> 32 33 #include <asm/unistd.h> 33 34 ··· 98 97 mov x29, xzr // fp pointed to user-space 99 98 .else 100 99 add x21, sp, #S_FRAME_SIZE 101 - .endif 100 + get_thread_info tsk 101 + /* Save the task's original addr_limit and set USER_DS (TASK_SIZE_64) */ 102 + ldr x20, [tsk, #TI_ADDR_LIMIT] 103 + str x20, [sp, #S_ORIG_ADDR_LIMIT] 104 + mov x20, #TASK_SIZE_64 105 + str x20, [tsk, #TI_ADDR_LIMIT] 106 + ALTERNATIVE(nop, SET_PSTATE_UAO(0), ARM64_HAS_UAO, CONFIG_ARM64_UAO) 107 + .endif /* \el == 0 */ 102 108 mrs x22, elr_el1 103 109 mrs x23, spsr_el1 104 110 stp lr, x21, [sp, #S_LR] ··· 136 128 .endm 137 129 138 130 .macro kernel_exit, el 131 + .if \el != 0 132 + /* Restore the task's original addr_limit. */ 133 + ldr x20, [sp, #S_ORIG_ADDR_LIMIT] 134 + str x20, [tsk, #TI_ADDR_LIMIT] 135 + 136 + /* No need to restore UAO, it will be restored from SPSR_EL1 */ 137 + .endif 138 + 139 139 ldp x21, x22, [sp, #S_PC] // load ELR, SPSR 140 140 .if \el == 0 141 141 ct_user_enter ··· 422 406 bl trace_hardirqs_off 423 407 #endif 424 408 425 - get_thread_info tsk 426 409 irq_handler 427 410 428 411 #ifdef CONFIG_PREEMPT
+2 -1
arch/arm64/mm/fault.c
··· 280 280 } 281 281 282 282 if (permission_fault(esr) && (addr < USER_DS)) { 283 - if (get_fs() == KERNEL_DS) 283 + /* regs->orig_addr_limit may be 0 if we entered from EL0 */ 284 + if (regs->orig_addr_limit == KERNEL_DS) 284 285 die("Accessing user space memory with fs=KERNEL_DS", regs, esr); 285 286 286 287 if (!search_exception_tables(regs->pc))