Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7b2290c6 authored by James Morse's avatar James Morse Committed by Greg Kroah-Hartman
Browse files

arm64: entry: Restore tramp_map_kernel ISB 



Summit reports that the BHB backports for v4.9 prevent vulnerable
platforms from booting when CONFIG_RANDOMIZE_BASE is enabled.

This is because the trampoline code takes a translation fault when
accessing the data page, because the TTBR write hasn't been completed
by an ISB before the access is made.

Upstream has a complex erratum workaround for QCOM_FALKOR_E1003 in
this area, which removes the ISB when the workaround has been applied.
v4.9 lacks this workaround, but should still have the ISB.

Restore the barrier.

Fixes: aee10c2d ("arm64: entry: Add macro for reading symbol addresses from the trampoline")
Reported-by: default avatarSumit Gupta <sumitg@nvidia.com>
Tested-by: default avatarSumit Gupta <sumitg@nvidia.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: default avatarJames Morse <james.morse@arm.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent dadca36d

arch/arm64/kernel/entry.S

+1 −0
Original line number Diff line number Diff line
@@ -964,6 +964,7 @@ __ni_sys_trace: 
	b	.

2:

	tramp_map_kernel	x30

	isb

	tramp_data_read_var	x30, vectors

	prfm	plil1strm, [x30, #(1b - \vector_start)]

	msr	vbar_el1, x30