6b88a32c7a
With ARM64_SW_TTBR0_PAN enabled, the exception entry code checks the active ASID to decide whether user access was enabled (non-zero ASID) when the exception was taken. On return from exception, if user access was previously disabled, it re-instates TTBR0_EL1 from the per-thread saved value (updated in switch_mm() or efi_set_pgd()). Commit7655abb953
("arm64: mm: Move ASID from TTBR0 to TTBR1") makes a TTBR0_EL1 + ASID switching non-atomic. Subsequently, commit27a921e757
("arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN") changes the __uaccess_ttbr0_disable() function and asm macro to first write the reserved TTBR0_EL1 followed by the ASID=0 update in TTBR1_EL1. If an exception occurs between these two, the exception return code will re-instate a valid TTBR0_EL1. Similar scenario can happen in cpu_switch_mm() between setting the reserved TTBR0_EL1 and the ASID update in cpu_do_switch_mm(). This patch reverts the entry.S check for ASID == 0 to TTBR0_EL1 and disables the interrupts around the TTBR0_EL1 and ASID switching code in __uaccess_ttbr0_disable(). It also ensures that, when returning from the EFI runtime services, efi_set_pgd() doesn't leave a non-zero ASID in TTBR1_EL1 by using uaccess_ttbr0_{enable,disable}. The accesses to current_thread_info()->ttbr0 are updated to use READ_ONCE/WRITE_ONCE. As a safety measure, __uaccess_ttbr0_enable() always masks out any existing non-zero ASID TTBR1_EL1 before writing in the new ASID. Fixes:27a921e757
("arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN") Acked-by: Will Deacon <will.deacon@arm.com> Reported-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: James Morse <james.morse@arm.com> Tested-by: James Morse <james.morse@arm.com> Co-developed-by: Marc Zyngier <marc.zyngier@arm.com> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
79 lines
1.8 KiB
ArmAsm
79 lines
1.8 KiB
ArmAsm
/*
|
|
* Copyright (C) 2012 ARM Ltd.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include <linux/linkage.h>
|
|
|
|
#include <asm/cache.h>
|
|
#include <asm/asm-uaccess.h>
|
|
|
|
/*
|
|
* Copy to user space from a kernel buffer (alignment handled by the hardware)
|
|
*
|
|
* Parameters:
|
|
* x0 - to
|
|
* x1 - from
|
|
* x2 - n
|
|
* Returns:
|
|
* x0 - bytes not copied
|
|
*/
|
|
.macro ldrb1 ptr, regB, val
|
|
ldrb \ptr, [\regB], \val
|
|
.endm
|
|
|
|
.macro strb1 ptr, regB, val
|
|
uao_user_alternative 9998f, strb, sttrb, \ptr, \regB, \val
|
|
.endm
|
|
|
|
.macro ldrh1 ptr, regB, val
|
|
ldrh \ptr, [\regB], \val
|
|
.endm
|
|
|
|
.macro strh1 ptr, regB, val
|
|
uao_user_alternative 9998f, strh, sttrh, \ptr, \regB, \val
|
|
.endm
|
|
|
|
.macro ldr1 ptr, regB, val
|
|
ldr \ptr, [\regB], \val
|
|
.endm
|
|
|
|
.macro str1 ptr, regB, val
|
|
uao_user_alternative 9998f, str, sttr, \ptr, \regB, \val
|
|
.endm
|
|
|
|
.macro ldp1 ptr, regB, regC, val
|
|
ldp \ptr, \regB, [\regC], \val
|
|
.endm
|
|
|
|
.macro stp1 ptr, regB, regC, val
|
|
uao_stp 9998f, \ptr, \regB, \regC, \val
|
|
.endm
|
|
|
|
end .req x5
|
|
ENTRY(__arch_copy_to_user)
|
|
uaccess_enable_not_uao x3, x4, x5
|
|
add end, x0, x2
|
|
#include "copy_template.S"
|
|
uaccess_disable_not_uao x3, x4
|
|
mov x0, #0
|
|
ret
|
|
ENDPROC(__arch_copy_to_user)
|
|
|
|
.section .fixup,"ax"
|
|
.align 2
|
|
9998: sub x0, end, dst // bytes not copied
|
|
ret
|
|
.previous
|