Commit 96eb7232 authored by James Morse's avatar James Morse Committed by Zheng Zengkai
Browse files

arm64: entry: Allow tramp_alias to access symbols after the 4K boundary 

stable inclusion
from stable-v5.10.105
commit 5275fb5ea5f573ce1ecd2bf0bcd928abb916b43d
category: bugfix
bugzilla: 186460 https://gitee.com/src-openeuler/kernel/issues/I53MHA
CVE: CVE-2022-23960

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=5275fb5ea5f5



--------------------------------

commit 6c5bf79b upstream.

Systems using kpti enter and exit the kernel through a trampoline mapping
that is always mapped, even when the kernel is not. tramp_valias is a macro
to find the address of a symbol in the trampoline mapping.

Adding extra sets of vectors will expand the size of the entry.tramp.text
section to beyond 4K. tramp_valias will be unable to generate addresses
for symbols beyond 4K as it uses the 12 bit immediate of the add
instruction.

As there are now two registers available when tramp_alias is called,
use the extra register to avoid the 4K limit of the 12 bit immediate.

Reviewed-by: default avatarRussell King (Oracle) <rmk+kernel@armlinux.org.uk>
Reviewed-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
Signed-off-by: default avatarJames Morse <james.morse@arm.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarChen Jiahao <chenjiahao16@huawei.com>
Reviewed-by: default avatarLiao Chang <liaochang1@huawei.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parent 5fe0225a

arch/arm64/kernel/entry.S

+8 −5
Original line number Diff line number Diff line
@@ -128,9 +128,12 @@ 
.org .Lventry_start\@ + 128	// Did we overflow the ventry slot?

	.endm



	.macro tramp_alias, dst, sym

	.macro tramp_alias, dst, sym, tmp

	mov_q	\dst, TRAMP_VALIAS

	add	\dst, \dst, #(\sym - .entry.tramp.text)

	adr_l	\tmp, \sym

	add	\dst, \dst, \tmp

	adr_l	\tmp, .entry.tramp.text

	sub	\dst, \dst, \tmp

	.endm



	/*
@@ -355,10 +358,10 @@ alternative_else_nop_endif 
#ifdef CONFIG_UNMAP_KERNEL_AT_EL0

	bne	4f

	msr	far_el1, x29

	tramp_alias	x30, tramp_exit_native

	tramp_alias	x30, tramp_exit_native, x29

	br	x30

4:

	tramp_alias	x30, tramp_exit_compat

	tramp_alias	x30, tramp_exit_compat, x29

	br	x30

#endif

	.else
@@ -1118,7 +1121,7 @@ alternative_if_not ARM64_UNMAP_KERNEL_AT_EL0 
alternative_else_nop_endif



#ifdef CONFIG_UNMAP_KERNEL_AT_EL0

	tramp_alias	dst=x5, sym=__sdei_asm_exit_trampoline

	tramp_alias	dst=x5, sym=__sdei_asm_exit_trampoline, tmp=x3

	br	x5

#endif

SYM_CODE_END(__sdei_asm_handler)