Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp1084429ybl; Wed, 14 Aug 2019 10:26:29 -0700 (PDT) X-Google-Smtp-Source: APXvYqw4JM2pGgCYU4kg9hdhMS3j8W5JSIY9JlEMX0zC9+GvrSlpByOgSzsILqQvsDsiD9MABvMw X-Received: by 2002:a65:6552:: with SMTP id a18mr272504pgw.208.1565803589797; Wed, 14 Aug 2019 10:26:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565803589; cv=none; d=google.com; s=arc-20160816; b=HRbESJpnAJn7KSDDkW9JPdVZh0qfIOUAVCdXHCsmguV2LX2kblSPj6edvdY1lx4eri 9dUH2wOHqh5VmzSl/ML4SiHzhsjyyjdZdmQuMNRJSLIsAZkAjS2FRTpGmMaBqM7HN9W6 wJiA1xWLnk9kZGtmZW+xWMY4+hdoxBy2qDbLz7Pze4rsWOJ+L/Qnzpg2foQ7laSrJyJ6 3WvXXN8yF6hnohVFTBMwfjGFrcRbzirh/AGdJjaTL3Cc6ikfeYpgLRdr7/WzNDIKPvlO LhZEZEwkPlV3xZE2/BThvnLYevsL1dNyxWp4l92cfBwUicRcUjwcwTii1aUiCUlL4LcC 6kWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=MSfuiWNwAiuNBK1TQWYQQLwlCGegy6T6w1n9Zg5wBTI=; b=cUY7GsPAhybzUoe3xBup2kPonBc8Myp1uOfsgNsYXe1TKdH5TRq9rfXNnob6vQQtbJ 5865eMSlcib1+b1G75S+xVGPqtCPAqohQgBvU8kvwj2LFOWT01SxOpTeN8YTo8meQUhV aIX50C9P+pMjZtRH1YNN2Pai3wAFJRC4Q2+0EGsR5aOc8WHbNlY8MQvM9YR0ebH8G4wq t0SbSk9+co7umogQ6p3IFKlxXBOvuxqjejZDe25cHD3qbdc2oPf7IxLOBymrbQPCrmE2 KOWuVGDhl9epxzvqnW9rei58bk+0nAz+3VcOZ0JYkRzabJk09zPIauqW+EhI5C4Bw/Z3 hY4w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=clGseUUy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h16si196187pgl.318.2019.08.14.10.26.12; Wed, 14 Aug 2019 10:26:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=clGseUUy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729542AbfHNRZl (ORCPT + 99 others); Wed, 14 Aug 2019 13:25:41 -0400 Received: from mail.kernel.org ([198.145.29.99]:54482 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728927AbfHNRFd (ORCPT ); Wed, 14 Aug 2019 13:05:33 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2BCE42173B; Wed, 14 Aug 2019 17:05:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1565802332; bh=2HQjwaVMDMIgYTuzXW6A+YlByo/D1x2TfmII9Duz3NA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=clGseUUy2M8Zi8fzRiARJGG8BEHyRrCfnqQZDe6YCxJmTd1xEXZqopKxRg8NU9wQf 0Jw/6u2sohyOmBbXkMil+0nLpyxGg19VoLaDrsdKNC5gBcFSy3Bu9YZ22ieRJELNsM GFwKvXqk7snlYqqo7bKI/PFjfE0kb3VDwxe2HLVU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, James Morse , Will Deacon , Sasha Levin Subject: [PATCH 5.2 084/144] arm64: entry: SP Alignment Fault doesnt write to FAR_EL1 Date: Wed, 14 Aug 2019 19:00:40 +0200 Message-Id: <20190814165803.386114946@linuxfoundation.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190814165759.466811854@linuxfoundation.org> References: <20190814165759.466811854@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [ Upstream commit 40ca0ce56d4bb889dc43b455c55398468115569a ] Comparing the arm-arm's pseudocode for AArch64.PCAlignmentFault() with AArch64.SPAlignmentFault() shows that SP faults don't copy the faulty-SP to FAR_EL1, but this is where we read from, and the address we provide to user-space with the BUS_ADRALN signal. For user-space this value will be UNKNOWN due to the previous ERET to user-space. If the last value is preserved, on systems with KASLR or KPTI this will be the user-space link-register left in FAR_EL1 by tramp_exit(). Fix this to retrieve the original sp_el0 value, and pass this to do_sp_pc_fault(). SP alignment faults from EL1 will cause us to take the fault again when trying to store the pt_regs. This eventually takes us to the overflow stack. Remove the ESR_ELx_EC_SP_ALIGN check as we will never make it this far. Fixes: 60ffc30d5652 ("arm64: Exception handling") Signed-off-by: James Morse [will: change label name and fleshed out comment] Signed-off-by: Will Deacon Signed-off-by: Sasha Levin --- arch/arm64/kernel/entry.S | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index 9cdc4592da3ef..320a30dbe35ef 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -586,10 +586,8 @@ el1_sync: b.eq el1_ia cmp x24, #ESR_ELx_EC_SYS64 // configurable trap b.eq el1_undef - cmp x24, #ESR_ELx_EC_SP_ALIGN // stack alignment exception - b.eq el1_sp_pc cmp x24, #ESR_ELx_EC_PC_ALIGN // pc alignment exception - b.eq el1_sp_pc + b.eq el1_pc cmp x24, #ESR_ELx_EC_UNKNOWN // unknown exception in EL1 b.eq el1_undef cmp x24, #ESR_ELx_EC_BREAKPT_CUR // debug exception in EL1 @@ -611,9 +609,11 @@ el1_da: bl do_mem_abort kernel_exit 1 -el1_sp_pc: +el1_pc: /* - * Stack or PC alignment exception handling + * PC alignment exception handling. We don't handle SP alignment faults, + * since we will have hit a recursive exception when trying to push the + * initial pt_regs. */ mrs x0, far_el1 inherit_daif pstate=x23, tmp=x2 @@ -732,9 +732,9 @@ el0_sync: ccmp x24, #ESR_ELx_EC_WFx, #4, ne b.eq el0_sys cmp x24, #ESR_ELx_EC_SP_ALIGN // stack alignment exception - b.eq el0_sp_pc + b.eq el0_sp cmp x24, #ESR_ELx_EC_PC_ALIGN // pc alignment exception - b.eq el0_sp_pc + b.eq el0_pc cmp x24, #ESR_ELx_EC_UNKNOWN // unknown exception in EL0 b.eq el0_undef cmp x24, #ESR_ELx_EC_BREAKPT_LOW // debug exception in EL0 @@ -758,7 +758,7 @@ el0_sync_compat: cmp x24, #ESR_ELx_EC_FP_EXC32 // FP/ASIMD exception b.eq el0_fpsimd_exc cmp x24, #ESR_ELx_EC_PC_ALIGN // pc alignment exception - b.eq el0_sp_pc + b.eq el0_pc cmp x24, #ESR_ELx_EC_UNKNOWN // unknown exception in EL0 b.eq el0_undef cmp x24, #ESR_ELx_EC_CP15_32 // CP15 MRC/MCR trap @@ -858,11 +858,15 @@ el0_fpsimd_exc: mov x1, sp bl do_fpsimd_exc b ret_to_user +el0_sp: + ldr x26, [sp, #S_SP] + b el0_sp_pc +el0_pc: + mrs x26, far_el1 el0_sp_pc: /* * Stack or PC alignment exception handling */ - mrs x26, far_el1 gic_prio_kentry_setup tmp=x0 enable_da_f #ifdef CONFIG_TRACE_IRQFLAGS -- 2.20.1