| Message ID | 20220714162225.280073-1-james.morse@arm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [stable:PATCH,v4.9.323] arm64: entry: Restore tramp_map_kernel ISB | expand |
On Thu, Jul 14, 2022 at 05:22:25PM +0100, James Morse wrote: > Summit reports that the BHB backports for v4.9 prevent vulnerable > platforms from booting when CONFIG_RANDOMIZE_BASE is enabled. > > This is because the trampoline code takes a translation fault when > accessing the data page, because the TTBR write hasn't been completed > by an ISB before the access is made. > > Upstream has a complex erratum workaround for QCOM_FALKOR_E1003 in > this area, which removes the ISB when the workaround has been applied. > v4.9 lacks this workaround, but should still have the ISB. > > Restore the barrier. > > Fixes: aee10c2dd013 ("arm64: entry: Add macro for reading symbol addresses from the trampoline") > Reported-by: Sumit Gupta <sumitg@nvidia.com> > Tested-by: Sumit Gupta <sumitg@nvidia.com> > Cc: <stable@vger.kernel.org> > Signed-off-by: James Morse <james.morse@arm.com> > --- > This only applies to the v4.9 backport, as v4.14 has the QCOM_FALKOR_E1003 > workaround. > > arch/arm64/kernel/entry.S | 1 + > 1 file changed, 1 insertion(+) Now queued up, thanks. greg k-h
diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index 1f79abb1e5dd..4551c0f35fc4 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -964,6 +964,7 @@ __ni_sys_trace: b . 2: tramp_map_kernel x30 + isb tramp_data_read_var x30, vectors prfm plil1strm, [x30, #(1b - \vector_start)] msr vbar_el1, x30
Summit reports that the BHB backports for v4.9 prevent vulnerable platforms from booting when CONFIG_RANDOMIZE_BASE is enabled. This is because the trampoline code takes a translation fault when accessing the data page, because the TTBR write hasn't been completed by an ISB before the access is made. Upstream has a complex erratum workaround for QCOM_FALKOR_E1003 in this area, which removes the ISB when the workaround has been applied. v4.9 lacks this workaround, but should still have the ISB. Restore the barrier. Fixes: aee10c2dd013 ("arm64: entry: Add macro for reading symbol addresses from the trampoline") Reported-by: Sumit Gupta <sumitg@nvidia.com> Tested-by: Sumit Gupta <sumitg@nvidia.com> Cc: <stable@vger.kernel.org> Signed-off-by: James Morse <james.morse@arm.com> --- This only applies to the v4.9 backport, as v4.14 has the QCOM_FALKOR_E1003 workaround. arch/arm64/kernel/entry.S | 1 + 1 file changed, 1 insertion(+)