• Andre Przywara's avatar
    arm64: Cortex-A53 errata workaround: check for kernel addresses · 87261d19
    Andre Przywara authored
    Commit 7dd01aef ("arm64: trap userspace "dc cvau" cache operation on
    errata-affected core") adds code to execute cache maintenance instructions
    in the kernel on behalf of userland on CPUs with certain ARM CPU errata.
    It turns out that the address hasn't been checked to be a valid user
    space address, allowing userland to clean cache lines in kernel space.
    Fix this by introducing an address check before executing the
    instructions on behalf of userland.
    
    Since the address doesn't come via a syscall parameter, we can't just
    reject tagged pointers and instead have to remove the tag when checking
    against the user address limit.
    
    Cc: <stable@vger.kernel.org>
    Fixes: 7dd01aef ("arm64: trap userspace "dc cvau" cache operation on errata-affected core")
    Reported-by: default avatarKristina Martsenko <kristina.martsenko@arm.com>
    Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
    [will: rework commit message + replace access_ok with max_user_addr()]
    Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
    87261d19
traps.c 17 KB