Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 947e357d authored by Sami Tolvanen's avatar Sami Tolvanen Committed by Alistair Delva
Browse files

FROMLIST: arm64: efi: restore x18 if it was corrupted 

If we detect a corrupted x18 and SCS is enabled, restore the register
before jumping back to instrumented code. This is safe, because the
wrapper is called with preemption disabled and a separate shadow stack
is used for interrupt handling.

Bug: 145210207
Change-Id: Ie83578cef27e1656a234d1500581eaf9de6c2365
(am from https://lore.kernel.org/patchwork/patch/1149060/

)
Reviewed-by: default avatarKees Cook <keescook@chromium.org>
Signed-off-by: default avatarSami Tolvanen <samitolvanen@google.com>
parent b3953e15

arch/arm64/kernel/efi-rt-wrapper.S

+10 −1
Original line number Diff line number Diff line
@@ -37,5 +37,14 @@ ENTRY(__efi_rt_asm_wrapper) 
	ldp	x29, x30, [sp], #32

	b.ne	0f

	ret

0:	b	efi_handle_corrupted_x18	// tail call

0:

#ifdef CONFIG_SHADOW_CALL_STACK

	/*

	 * Restore x18 before returning to instrumented code. This is

	 * safe because the wrapper is called with preemption disabled and

	 * a separate shadow stack is used for interrupts.

	 */

	mov	x18, x2

#endif

	b	efi_handle_corrupted_x18	// tail call

ENDPROC(__efi_rt_asm_wrapper)