linux/arch/arm64/lib
Catalin Marinas 6b88a32c7a arm64: kpti: Fix the interaction between ASID switching and software PAN
With ARM64_SW_TTBR0_PAN enabled, the exception entry code checks the
active ASID to decide whether user access was enabled (non-zero ASID)
when the exception was taken. On return from exception, if user access
was previously disabled, it re-instates TTBR0_EL1 from the per-thread
saved value (updated in switch_mm() or efi_set_pgd()).

Commit 7655abb953 ("arm64: mm: Move ASID from TTBR0 to TTBR1") makes a
TTBR0_EL1 + ASID switching non-atomic. Subsequently, commit 27a921e757
("arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN") changes the
__uaccess_ttbr0_disable() function and asm macro to first write the
reserved TTBR0_EL1 followed by the ASID=0 update in TTBR1_EL1. If an
exception occurs between these two, the exception return code will
re-instate a valid TTBR0_EL1. Similar scenario can happen in
cpu_switch_mm() between setting the reserved TTBR0_EL1 and the ASID
update in cpu_do_switch_mm().

This patch reverts the entry.S check for ASID == 0 to TTBR0_EL1 and
disables the interrupts around the TTBR0_EL1 and ASID switching code in
__uaccess_ttbr0_disable(). It also ensures that, when returning from the
EFI runtime services, efi_set_pgd() doesn't leave a non-zero ASID in
TTBR1_EL1 by using uaccess_ttbr0_{enable,disable}.

The accesses to current_thread_info()->ttbr0 are updated to use
READ_ONCE/WRITE_ONCE.

As a safety measure, __uaccess_ttbr0_enable() always masks out any
existing non-zero ASID TTBR1_EL1 before writing in the new ASID.

Fixes: 27a921e757 ("arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN")
Acked-by: Will Deacon <will.deacon@arm.com>
Reported-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: James Morse <james.morse@arm.com>
Tested-by: James Morse <james.morse@arm.com>
Co-developed-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2018-01-16 17:37:48 +00:00
..
atomic_ll_sc.c arm64: introduce CONFIG_ARM64_LSE_ATOMICS as fallback to ll/sc atomics 2015-07-27 15:28:50 +01:00
bitops.S arm64: atomics: prefetch the destination word for write prior to stxr 2015-07-27 15:28:53 +01:00
clear_page.S
clear_user.S arm64: kpti: Fix the interaction between ASID switching and software PAN 2018-01-16 17:37:48 +00:00
copy_from_user.S arm64: kpti: Fix the interaction between ASID switching and software PAN 2018-01-16 17:37:48 +00:00
copy_in_user.S arm64: kpti: Fix the interaction between ASID switching and software PAN 2018-01-16 17:37:48 +00:00
copy_page.S arm64/lib: copy_page: use consistent prefetch stride 2017-07-25 10:04:42 +01:00
copy_template.S scripts/spelling.txt: add "overwritting" pattern and fix typo instances 2017-02-27 18:43:47 -08:00
copy_to_user.S arm64: kpti: Fix the interaction between ASID switching and software PAN 2018-01-16 17:37:48 +00:00
delay.c arm64: use WFE for long delays 2017-10-13 18:56:15 +01:00
Makefile arm64 updates for 4.15 2017-11-15 10:56:56 -08:00
memchr.S arm64: use ENDPIPROC() to annotate position independent assembler routines 2015-10-12 16:19:45 +01:00
memcmp.S arm64: Fix misspellings in comments. 2016-03-04 18:19:17 +00:00
memcpy.S arm64: add KASAN support 2015-10-12 17:46:36 +01:00
memmove.S arm64: add KASAN support 2015-10-12 17:46:36 +01:00
memset.S arm64: add KASAN support 2015-10-12 17:46:36 +01:00
strchr.S arm64: klib: Optimised string functions 2013-03-21 17:39:30 +00:00
strcmp.S arm64: use ENDPIPROC() to annotate position independent assembler routines 2015-10-12 16:19:45 +01:00
strlen.S arm64: use ENDPIPROC() to annotate position independent assembler routines 2015-10-12 16:19:45 +01:00
strncmp.S arm64: use ENDPIPROC() to annotate position independent assembler routines 2015-10-12 16:19:45 +01:00
strnlen.S arm64/efi: Make strnlen() available to the EFI namespace 2016-02-16 10:32:10 +00:00
strrchr.S arm64: klib: Optimised string functions 2013-03-21 17:39:30 +00:00
tishift.S arm64: make label allocation style consistent in tishift 2018-01-02 14:22:18 +00:00
uaccess_flushcache.c arm64: uaccess: Add the uaccess_flushcache.c file 2017-08-10 10:49:21 +01:00