git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit

author	Will Deacon <will.deacon@arm.com>
	Tue, 14 Nov 2017 14:14:17 +0000 (14:14 +0000)
committer	Khalid Elmously <khalid.elmously@canonical.com>
	Tue, 27 Feb 2018 16:32:42 +0000 (11:32 -0500)
commit	5b67eccdfd17ea1cdd0b1fafafbdea5bce049a51
tree	ac91b7cc42a406a34af17042891dc54a44ee7af5	tree
parent	447c79fe231ae732d7a047c9bd6dfe0b22a94927	commit \| diff

arm64: mm: Map entry trampoline into trampoline and kernel page tables

Commit 51a0048beb44 upstream.

The exception entry trampoline needs to be mapped at the same virtual
address in both the trampoline page table (which maps nothing else)
and also the kernel page table, so that we can swizzle TTBR1_EL1 on
exceptions from and return to EL0.

This patch maps the trampoline at a fixed virtual address in the fixmap
area of the kernel virtual address space, which allows the kernel proper
to be randomized with respect to the trampoline when KASLR is enabled.

Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Tested-by: Laura Abbott <labbott@redhat.com>
Tested-by: Shanker Donthineni <shankerd@codeaurora.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 63d13760abd7a819b6e95793c795cdc155bfff44)

CVE-2017-5753
CVE-2017-5715
CVE-2017-5754

Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Acked-by: Brad Figg <brad.figg@canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>

arch/arm64/include/asm/fixmap.h		diff \| blob \| blame \| history
arch/arm64/include/asm/pgtable.h		diff \| blob \| blame \| history
arch/arm64/kernel/asm-offsets.c		diff \| blob \| blame \| history
arch/arm64/mm/mmu.c		diff \| blob \| blame \| history