From: Greg Kroah-Hartman Date: Tue, 20 Feb 2024 15:31:47 +0000 (+0100) Subject: 5.10-stable patches X-Git-Tag: v4.19.307~53 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=45d75eff4a438e36100afb59e72628b4107d2ae0;p=thirdparty%2Fkernel%2Fstable-queue.git 5.10-stable patches added patches: revert-arm64-stash-shadow-stack-pointer-in-the-task-struct-on-interrupt.patch --- diff --git a/queue-5.10/revert-arm64-stash-shadow-stack-pointer-in-the-task-struct-on-interrupt.patch b/queue-5.10/revert-arm64-stash-shadow-stack-pointer-in-the-task-struct-on-interrupt.patch new file mode 100644 index 00000000000..571d3d2a645 --- /dev/null +++ b/queue-5.10/revert-arm64-stash-shadow-stack-pointer-in-the-task-struct-on-interrupt.patch @@ -0,0 +1,69 @@ +From xiangyang3@huawei.com Tue Feb 20 16:30:54 2024 +From: Xiang Yang +Date: Mon, 19 Feb 2024 21:21:53 +0800 +Subject: Revert "arm64: Stash shadow stack pointer in the task struct on interrupt" +To: , , , +Cc: , , , , , , +Message-ID: <20240219132153.378265-1-xiangyang3@huawei.com> + + +This reverts commit 3f225f29c69c13ce1cbdb1d607a42efeef080056 which is +commit 59b37fe52f49955791a460752c37145f1afdcad1 upstream. + +The shadow call stack for irq now is stored in current task's thread info +in irq_stack_entry. There is a possibility that we have some soft irqs +pending at the end of hard irq, and when we process softirq with the irq +enabled, irq_stack_entry will enter again and overwrite the shadow call +stack whitch stored in current task's thread info, leading to the +incorrect shadow call stack restoration for the first entry of the hard +IRQ, then the system end up with a panic. + +task A | task A +-------------------------------------+------------------------------------ +el1_irq //irq1 enter | + irq_handler //save scs_sp1 | + gic_handle_irq | + irq_exit | + __do_softirq | + | el1_irq //irq2 enter + | irq_handler //save scs_sp2 + | //overwrite scs_sp1 + | ... + | irq_stack_exit //restore scs_sp2 + irq_stack_exit //restore wrong | + //scs_sp2 | + +So revert this commit to fix it. + +Fixes: 3f225f29c69c ("arm64: Stash shadow stack pointer in the task struct on interrupt") +Signed-off-by: Xiang Yang +Acked-by: Ard Biesheuvel +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm64/kernel/entry.S | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/arch/arm64/kernel/entry.S ++++ b/arch/arm64/kernel/entry.S +@@ -431,7 +431,9 @@ SYM_CODE_END(__swpan_exit_el0) + + .macro irq_stack_entry + mov x19, sp // preserve the original sp +- scs_save tsk // preserve the original shadow stack ++#ifdef CONFIG_SHADOW_CALL_STACK ++ mov x24, scs_sp // preserve the original shadow stack ++#endif + + /* + * Compare sp with the base of the task stack. +@@ -465,7 +467,9 @@ SYM_CODE_END(__swpan_exit_el0) + */ + .macro irq_stack_exit + mov sp, x19 +- scs_load_current ++#ifdef CONFIG_SHADOW_CALL_STACK ++ mov scs_sp, x24 ++#endif + .endm + + /* GPRs used by entry code */ diff --git a/queue-5.10/series b/queue-5.10/series index 255523b08f0..c60b526b641 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -367,3 +367,4 @@ scripts-decode_stacktrace.sh-optionally-use-llvm-uti.patch netfilter-ipset-fix-performance-regression-in-swap-operation.patch netfilter-ipset-missing-gc-cancellations-fixed.patch hrtimer-ignore-slack-time-for-rt-tasks-in-schedule_hrtimeout_range.patch +revert-arm64-stash-shadow-stack-pointer-in-the-task-struct-on-interrupt.patch