4.15-stable patches

added patches:
	arm64-__show_regs-only-resolve-kernel-symbols-when-running-at-el1.patch

diff --git a/queue-4.15/arm64-__show_regs-only-resolve-kernel-symbols-when-running-at-el1.patch b/queue-4.15/arm64-__show_regs-only-resolve-kernel-symbols-when-running-at-el1.patch
new file mode 100644 (file)
index 0000000..fc743a5
--- /dev/null
+++ b/queue-4.15/arm64-__show_regs-only-resolve-kernel-symbols-when-running-at-el1.patch
@@ -0,0 +1,46 @@
+From a06f818a70de21b4b3b4186816094208fc7accf9 Mon Sep 17 00:00:00 2001
+From: Will Deacon <will.deacon@arm.com>
+Date: Mon, 19 Feb 2018 16:46:57 +0000
+Subject: arm64: __show_regs: Only resolve kernel symbols when running at EL1
+
+From: Will Deacon <will.deacon@arm.com>
+
+commit a06f818a70de21b4b3b4186816094208fc7accf9 upstream.
+
+__show_regs pretty prints PC and LR by attempting to map them to kernel
+function names to improve the utility of crash reports. Unfortunately,
+this mapping is applied even when the pt_regs corresponds to user mode,
+resulting in a KASLR oracle.
+
+Avoid this issue by only looking up the function symbols when the register
+state indicates that we're actually running at EL1.
+
+Cc: <stable@vger.kernel.org>
+Reported-by: NCSC Security <security@ncsc.gov.uk>
+Signed-off-by: Will Deacon <will.deacon@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/kernel/process.c |   11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+--- a/arch/arm64/kernel/process.c
++++ b/arch/arm64/kernel/process.c
+@@ -221,8 +221,15 @@ void __show_regs(struct pt_regs *regs)
+ 
+       show_regs_print_info(KERN_DEFAULT);
+       print_pstate(regs);
+-      print_symbol("pc : %s\n", regs->pc);
+-      print_symbol("lr : %s\n", lr);
++
++      if (!user_mode(regs)) {
++              print_symbol("pc : %s\n", regs->pc);
++              print_symbol("lr : %s\n", lr);
++      } else {
++              printk("pc : %016llx\n", regs->pc);
++              printk("lr : %016llx\n", lr);
++      }
++
+       printk("sp : %016llx\n", sp);
+ 
+       i = top_reg;

diff --git a/queue-4.15/series b/queue-4.15/series
index 11fe7ec4adc37fba6d592f272991d65603b8b293..64f3e69190c920e5743939b438e5376bddc95354 100644 (file)
--- a/queue-4.15/series
+++ b/queue-4.15/series
@@ -60,3 +60,4 @@ drm-amdgpu-only-check-mmbif_iov_func_identifier-on-tonga-fiji.patch
 drm-amdgpu-add-atpx-quirk-handling-v2.patch
 drm-amdgpu-avoid-leaking-pm-domain-on-driver-unbind-v2.patch
 drm-amdgpu-add-new-device-to-use-atpx-quirk.patch
+arm64-__show_regs-only-resolve-kernel-symbols-when-running-at-el1.patch