linux/arch
Andre Przywara 87261d1904 arm64: Cortex-A53 errata workaround: check for kernel addresses
Commit 7dd01aef05 ("arm64: trap userspace "dc cvau" cache operation on
errata-affected core") adds code to execute cache maintenance instructions
in the kernel on behalf of userland on CPUs with certain ARM CPU errata.
It turns out that the address hasn't been checked to be a valid user
space address, allowing userland to clean cache lines in kernel space.
Fix this by introducing an address check before executing the
instructions on behalf of userland.

Since the address doesn't come via a syscall parameter, we can't just
reject tagged pointers and instead have to remove the tag when checking
against the user address limit.

Cc: <stable@vger.kernel.org>
Fixes: 7dd01aef05 ("arm64: trap userspace "dc cvau" cache operation on errata-affected core")
Reported-by: Kristina Martsenko <kristina.martsenko@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
[will: rework commit message + replace access_ok with max_user_addr()]
Signed-off-by: Will Deacon <will.deacon@arm.com>
2016-10-20 09:50:49 +01:00
..
alpha Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-10-14 18:19:05 -07:00
arc Merge branch 'work.uaccess' into for-linus 2016-10-14 20:42:44 -04:00
arm Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-10-14 18:19:05 -07:00
arm64 arm64: Cortex-A53 errata workaround: check for kernel addresses 2016-10-20 09:50:49 +01:00
avr32 Merge branch 'akpm' (patches from Andrew) 2016-10-07 21:38:00 -07:00
blackfin Merge branch 'work.uaccess' into for-linus 2016-10-14 20:42:44 -04:00
c6x nmi_backtrace: generate one-line reports for idle cpus 2016-10-07 18:46:30 -07:00
cris CRIS changes for 4.9 2016-10-10 11:28:35 -07:00
frv Merge branch 'work.uaccess2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-10-11 23:38:39 -07:00
h8300 nmi_backtrace: generate one-line reports for idle cpus 2016-10-07 18:46:30 -07:00
hexagon nmi_backtrace: generate one-line reports for idle cpus 2016-10-07 18:46:30 -07:00
ia64 Merge branch 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild 2016-10-14 14:26:58 -07:00
m32r nmi_backtrace: generate one-line reports for idle cpus 2016-10-07 18:46:30 -07:00
m68k Merge branch 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild 2016-10-14 14:26:58 -07:00
metag Metag architecture fixes for v4.9-rc1 2016-10-14 11:11:39 -07:00
microblaze Merge branch 'work.uaccess2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-10-11 23:38:39 -07:00
mips Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2016-10-15 09:26:12 -07:00
mn10300 Merge branch 'work.uaccess2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-10-11 23:38:39 -07:00
nios2 nios2 update for v4.9-rc1 2016-10-10 11:31:19 -07:00
openrisc Merge branch 'work.uaccess2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-10-11 23:38:39 -07:00
parisc Merge branch 'parisc-4.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux 2016-10-11 23:59:07 -07:00
powerpc This adds a new gcc plugin named "latent_entropy". It is designed to 2016-10-15 10:03:15 -07:00
s390 Merge branch 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild 2016-10-14 14:26:58 -07:00
score Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-10-14 18:19:05 -07:00
sh Merge branch 'work.uaccess2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-10-11 23:38:39 -07:00
sparc Merge branch 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild 2016-10-14 14:26:58 -07:00
tile tile: use simpler API for random address requests 2016-10-11 15:06:32 -07:00
um nmi_backtrace: generate one-line reports for idle cpus 2016-10-07 18:46:30 -07:00
unicore32 unicore32: use simpler API for random address requests 2016-10-11 15:06:32 -07:00
x86 Merge branch 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild 2016-10-14 14:26:58 -07:00
xtensa Merge branch 'work.uaccess2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-10-11 23:38:39 -07:00
.gitignore
Kconfig This adds a new gcc plugin named "latent_entropy". It is designed to 2016-10-15 10:03:15 -07:00