[PATCH openEuler-5.10 19/42] arm64: entry.S: Add ventry overflow sanity checks

27 Apr 2022

From: James Morse james.morse@arm.com
stable inclusion
from stable-v5.10.105
commit dc5b630c0d532140e194997d350f587dbcc78bfb
category: bugfix
bugzilla: 186460 https://gitee.com/src-openeuler/kernel/issues/I53MHA
CVE: CVE-2022-23960
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...
--------------------------------
commit 4330e2c5c04c27bebf89d34e0bc14e6943413067 upstream.
Subsequent patches add even more code to the ventry slots.
Ensure kernels that overflow a ventry slot don't get built.
Reviewed-by: Russell King (Oracle) rmk+kernel@armlinux.org.uk
Reviewed-by: Catalin Marinas catalin.marinas@arm.com
Signed-off-by: James Morse james.morse@arm.com
Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
Signed-off-by: Chen Jiahao chenjiahao16@huawei.com
Reviewed-by: Liao Chang liaochang1@huawei.com
Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com
---
 arch/arm64/kernel/entry.S | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
index 21bcf1e79e8f..d3290d609cdd 100644
--- a/arch/arm64/kernel/entry.S
+++ b/arch/arm64/kernel/entry.S
@@ -62,6 +62,7 @@
.macro kernel_ventry, el, label, regsize = 64
    .align 7
+.Lventry_start@:
 #ifdef CONFIG_UNMAP_KERNEL_AT_EL0
    .if	\el == 0
 alternative_if ARM64_UNMAP_KERNEL_AT_EL0
@@ -120,6 +121,7 @@ alternative_else_nop_endif
    mrs	x0, tpidrro_el0
 #endif
    b	el()\el()_\label
+.org .Lventry_start@ + 128	// Did we overflow the ventry slot?
    .endm
.macro tramp_alias, dst, sym
@@ -820,6 +822,7 @@ alternative_else_nop_endif
    add	x30, x30, #(1b - tramp_vectors)
    isb
    ret
+.org 1b + 128	// Did we overflow the ventry slot?
    .endm
.macro tramp_exit, regsize = 64
-- 
2.20.1

    

2024

2023

2022

2021

2020

2019

[PATCH openEuler-5.10 19/42] arm64: entry.S: Add ventry overflow sanity checks