Commit 4b1b238c authored Apr 27, 2022 by James Morse Committed by Zheng Zengkai Apr 27, 2022

arm64: entry.S: Add ventry overflow sanity checks

stable inclusion
from stable-v5.10.105
commit dc5b630c0d532140e194997d350f587dbcc78bfb
category: bugfix
bugzilla: 186460 https://gitee.com/src-openeuler/kernel/issues/I53MHA
CVE: CVE-2022-23960

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=dc5b630c0d53



--------------------------------

commit 4330e2c5 upstream.

Subsequent patches add even more code to the ventry slots.
Ensure kernels that overflow a ventry slot don't get built.

Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Chen Jiahao <chenjiahao16@huawei.com>
Reviewed-by: Liao Chang <liaochang1@huawei.com>
Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com>

parent 3c6cc32a

arch/arm64/kernel/entry.S

+3 −0

Original line number	Diff line number	Diff line
		@@ -62,6 +62,7 @@

		.macro kernel_ventry, el, label, regsize = 64
		.align 7
		.Lventry_start\@:
		#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
		.if \el == 0
		alternative_if ARM64_UNMAP_KERNEL_AT_EL0
		@@ -120,6 +121,7 @@ alternative_else_nop_endif
		mrs x0, tpidrro_el0
		#endif
		b el\()\el\()_\label
		.org .Lventry_start\@ + 128 // Did we overflow the ventry slot?
		.endm

		.macro tramp_alias, dst, sym
		@@ -820,6 +822,7 @@ alternative_else_nop_endif
		add x30, x30, #(1b - tramp_vectors)
		isb
		ret
		.org 1b + 128 // Did we overflow the ventry slot?
		.endm

		.macro tramp_exit, regsize = 64