From patchwork Mon Mar 21 17:35:11 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 64119 Delivered-To: patch@linaro.org Received: by 10.112.199.169 with SMTP id jl9csp1543110lbc; Mon, 21 Mar 2016 10:37:17 -0700 (PDT) X-Received: by 10.66.147.103 with SMTP id tj7mr47389073pab.72.1458581834949; Mon, 21 Mar 2016 10:37:14 -0700 (PDT) Return-Path: Received: from bombadil.infradead.org (bombadil.infradead.org. [2001:1868:205::9]) by mx.google.com with ESMTPS id n63si19963747pfj.185.2016.03.21.10.37.14 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 21 Mar 2016 10:37:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org designates 2001:1868:205::9 as permitted sender) client-ip=2001:1868:205::9; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org designates 2001:1868:205::9 as permitted sender) smtp.mailfrom=linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org; dkim=neutral (body hash did not verify) header.i=@linaro.org Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1ai3ke-0006vH-T1; Mon, 21 Mar 2016 17:36:24 +0000 Received: from mail-wm0-x236.google.com ([2a00:1450:400c:c09::236]) by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1ai3kb-0006h5-1m for linux-arm-kernel@lists.infradead.org; Mon, 21 Mar 2016 17:36:22 +0000 Received: by mail-wm0-x236.google.com with SMTP id l68so160930931wml.0 for ; Mon, 21 Mar 2016 10:35:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=0MLBEjz+5FUPzRpjENDVywPaAaNBhscYG7OekozZ68A=; b=hJwikkaB5wMJPfN1+IQsQZaCVrwL/UBMm2mkDh5605kOIUbxnrMqTIMuT3qFOrp16A lfn8UctrtiOHZnloza9hmbzQYeDZS0sA8hqB29chXaInMB1936lZCYBk/IVu+1+18prK UhrFV+vMxMAWMNWISrzBCE+GoYqHNc0jJ4+6k= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=0MLBEjz+5FUPzRpjENDVywPaAaNBhscYG7OekozZ68A=; b=Rc0T8FOagbLcCUZAYVaSEud7xQvZbIzI9QuvO87iovurpeIVdQ74/9U++/tI6as72P P2qRuVaVGwTso0yDA4q7OUt8EGc6/uJleBBMIFt+1nWap7rxacRbhkBBzaeLhKCSF2xm D5U0CUnbvZa8K+s2c8exdX6mdlhl3fueC5GMehwoqKeuecAkgS1zkwMmPY0j9RrYQS4t kY7sSWf8hQSieUgtnHiVvUoHO0ydHn6DZRmZOErP3dqkBGYIh+jaDmq9hmbjH42QAlkj w9/9spqvEWZC9SrTjdsAdfNQ2g9TR7EGabrgjAWAlEpJ3P8+PmIpvvPlqu/KtOE5s2DR aazA== X-Gm-Message-State: AD7BkJLdjVp1+DKjCEbiFVOv1m/5fWWifdBsijPT2sSP+EsWr8VO8ezY6RmuNm/0LUwaosEU X-Received: by 10.28.48.216 with SMTP id w207mr14582321wmw.69.1458581758269; Mon, 21 Mar 2016 10:35:58 -0700 (PDT) Received: from localhost.localdomain (106.202.154.77.rev.sfr.net. [77.154.202.106]) by smtp.gmail.com with ESMTPSA id y72sm13489336wmh.21.2016.03.21.10.35.56 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 21 Mar 2016 10:35:57 -0700 (PDT) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org, catalin.marinas@arm.com Subject: [PATCH] arm64: kaslr: use callee saved register to preserve SCTLR across C call Date: Mon, 21 Mar 2016 18:35:11 +0100 Message-Id: <1458581711-13950-1-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 1.9.1 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20160321_103621_419897_47EA6AF0 X-CRM114-Status: GOOD ( 13.06 ) X-Spam-Score: -2.7 (--) X-Spam-Report: SpamAssassin version 3.4.0 on bombadil.infradead.org summary: Content analysis details: (-2.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [2a00:1450:400c:c09:0:0:0:236 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ard Biesheuvel MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org The KASLR code incorrectly expects the contents of x18 to be preserved across a call into C code, and uses it to stash the contents of SCTLR_EL1 before enabling the MMU. If the MMU needs to be disabled again to create the randomized kernel mapping, x18 is written back to SCTLR_EL1, which is likely to crash the system if x18 has been clobbered by kasan_early_init() or kaslr_early_init(). So use x22 instead, which is not in use so far in head.S Signed-off-by: Ard Biesheuvel --- arch/arm64/kernel/head.S | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- 1.9.1 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S index 5728ba6878e0..f03101064f52 100644 --- a/arch/arm64/kernel/head.S +++ b/arch/arm64/kernel/head.S @@ -763,7 +763,7 @@ ENTRY(__early_cpu_boot_status) */ .section ".idmap.text", "ax" __enable_mmu: - mrs x18, sctlr_el1 // preserve old SCTLR_EL1 value + mrs x22, sctlr_el1 // preserve old SCTLR_EL1 value mrs x1, ID_AA64MMFR0_EL1 ubfx x2, x1, #ID_AA64MMFR0_TGRAN_SHIFT, 4 cmp x2, #ID_AA64MMFR0_TGRAN_SUPPORTED @@ -792,7 +792,7 @@ __enable_mmu: * to take into account by discarding the current kernel mapping and * creating a new one. */ - msr sctlr_el1, x18 // disable the MMU + msr sctlr_el1, x22 // disable the MMU isb bl __create_page_tables // recreate kernel mapping