git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	Will Deacon <will.deacon@arm.com>
	Fri, 2 Feb 2018 17:31:40 +0000 (17:31 +0000)
committer	Seth Forshee <seth.forshee@canonical.com>
	Thu, 22 Feb 2018 14:15:49 +0000 (08:15 -0600)
commit	38987f38afb420c70b87963bac0d63834b361934
tree	641d0dfdcd357771db31f97b3ad402ee9b17c6a0	tree
parent	0505ec9248f1debcebde40e7faf203d7a31f90a6	commit \| diff

arm64: entry: Apply BP hardening for suspicious interrupts from EL0

BugLink: http://bugs.launchpad.net/bugs/1751064
Commit 30d88c0e3ace upstream.

It is possible to take an IRQ from EL0 following a branch to a kernel
address in such a way that the IRQ is prioritised over the instruction
abort. Whilst an attacker would need to get the stars to align here,
it might be sufficient with enough calibration so perform BP hardening
in the rare case that we see a kernel address in the ELR when handling
an IRQ from EL0.

Reported-by: Dan Hettena <dhettena@nvidia.com>
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>

arch/arm64/kernel/entry.S		diff \| blob \| blame \| history
arch/arm64/mm/fault.c		diff \| blob \| blame \| history