| Message ID | 20220902001551.2349544-2-scott@os.amperecomputing.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Work around missing `bti c` in modules | expand |
On Thu, Sep 01, 2022 at 05:15:50PM -0700, D Scott Phillips wrote: > Send BTI exceptions to the do_bti handler, killing the current task with > SIGSEGV instead of panicking. This is to allow a later patch to apply a > compiler bug workaround. There's arguments either way here - this is less destructive, but you could say that since these exceptions are supposed to indicate a security issue stopping the whole kernel has some safety advantages, though it does also open up DoS opportunities. I don't have a strong opinion here, I mildly prefer this approach. Reviewed-by: Mark Brown <broonie@kernel.org>
diff --git a/arch/arm64/kernel/entry-common.c b/arch/arm64/kernel/entry-common.c index c75ca36b4a49..dad27e854d8c 100644 --- a/arch/arm64/kernel/entry-common.c +++ b/arch/arm64/kernel/entry-common.c @@ -388,6 +388,15 @@ static void noinstr el1_undef(struct pt_regs *regs) exit_to_kernel_mode(regs); } +static void noinstr el1_bti(struct pt_regs *regs) +{ + enter_from_kernel_mode(regs); + local_daif_inherit(regs); + do_bti(regs); + local_daif_mask(); + exit_to_kernel_mode(regs); +} + static void noinstr el1_dbg(struct pt_regs *regs, unsigned long esr) { unsigned long far = read_sysreg(far_el1); @@ -427,6 +436,9 @@ asmlinkage void noinstr el1h_64_sync_handler(struct pt_regs *regs) case ESR_ELx_EC_UNKNOWN: el1_undef(regs); break; + case ESR_ELx_EC_BTI: + el1_bti(regs); + break; case ESR_ELx_EC_BREAKPT_CUR: case ESR_ELx_EC_SOFTSTP_CUR: case ESR_ELx_EC_WATCHPT_CUR: diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c index b7fed33981f7..56e1782fcf54 100644 --- a/arch/arm64/kernel/traps.c +++ b/arch/arm64/kernel/traps.c @@ -501,8 +501,12 @@ NOKPROBE_SYMBOL(do_undefinstr); void do_bti(struct pt_regs *regs) { - BUG_ON(!user_mode(regs)); - force_signal_inject(SIGILL, ILL_ILLOPC, regs->pc, 0); + if (user_mode(regs)) { + force_signal_inject(SIGILL, ILL_ILLOPC, regs->pc, 0); + return; + } + + die("Oops - BTI", regs, 0); } NOKPROBE_SYMBOL(do_bti);
Send BTI exceptions to the do_bti handler, killing the current task with SIGSEGV instead of panicking. This is to allow a later patch to apply a compiler bug workaround. Signed-off-by: D Scott Phillips <scott@os.amperecomputing.com> --- arch/arm64/kernel/entry-common.c | 12 ++++++++++++ arch/arm64/kernel/traps.c | 8 ++++++-- 2 files changed, 18 insertions(+), 2 deletions(-)