From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 14 Jul 2022 18:33:37 +0000 (+0200)
Subject: 4.9-stable patches
X-Git-Tag: v5.18.12~6^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5e369b13a382fa058d273a5a550724b7f18e4456;p=thirdparty%2Fkernel%2Fstable-queue.git

4.9-stable patches

added patches:
	arm64-entry-restore-tramp_map_kernel-isb.patch
---

diff --git a/queue-4.9/arm64-entry-restore-tramp_map_kernel-isb.patch b/queue-4.9/arm64-entry-restore-tramp_map_kernel-isb.patch
new file mode 100644
index 00000000000..9c1883fd228
--- /dev/null
+++ b/queue-4.9/arm64-entry-restore-tramp_map_kernel-isb.patch
@@ -0,0 +1,43 @@
+From james.morse@arm.com  Thu Jul 14 20:32:47 2022
+From: James Morse <james.morse@arm.com>
+Date: Thu, 14 Jul 2022 17:22:25 +0100
+Subject: arm64: entry: Restore tramp_map_kernel ISB
+To: stable@vger.kernel.org, linux-arm-kernel@lists.infradead.org
+Cc: Catalin Marinas <catalin.marinas@arm.com>, James Morse <james.morse@arm.com>, Sumit Gupta <sumitg@nvidia.com>
+Message-ID: <20220714162225.280073-1-james.morse@arm.com>
+
+From: James Morse <james.morse@arm.com>
+
+Summit reports that the BHB backports for v4.9 prevent vulnerable
+platforms from booting when CONFIG_RANDOMIZE_BASE is enabled.
+
+This is because the trampoline code takes a translation fault when
+accessing the data page, because the TTBR write hasn't been completed
+by an ISB before the access is made.
+
+Upstream has a complex erratum workaround for QCOM_FALKOR_E1003 in
+this area, which removes the ISB when the workaround has been applied.
+v4.9 lacks this workaround, but should still have the ISB.
+
+Restore the barrier.
+
+Fixes: aee10c2dd013 ("arm64: entry: Add macro for reading symbol addresses from the trampoline")
+Reported-by: Sumit Gupta <sumitg@nvidia.com>
+Tested-by: Sumit Gupta <sumitg@nvidia.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: James Morse <james.morse@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm64/kernel/entry.S |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/arch/arm64/kernel/entry.S
++++ b/arch/arm64/kernel/entry.S
+@@ -964,6 +964,7 @@ __ni_sys_trace:
+ 	b	.
+ 2:
+ 	tramp_map_kernel	x30
++	isb
+ 	tramp_data_read_var	x30, vectors
+ 	prfm	plil1strm, [x30, #(1b - \vector_start)]
+ 	msr	vbar_el1, x30
diff --git a/queue-4.9/series b/queue-4.9/series
index e69de29bb2d..5a1d522c86f 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -0,0 +1 @@
+arm64-entry-restore-tramp_map_kernel-isb.patch