linux-hardened/arch/arm64/include/asm
Will Deacon 0adbdfde8c arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm
update_saved_ttbr0 mandates that mm->pgd is not swapper, since swapper
contains kernel mappings and should never be installed into ttbr0. However,
this means that callers must avoid passing the init_mm to update_saved_ttbr0
which in turn can cause the saved ttbr0 value to be out-of-date in the context
of the idle thread. For example, EFI runtime services may leave the saved ttbr0
pointing at the EFI page table, and kernel threads may end up with stale
references to freed page tables.

This patch changes update_saved_ttbr0 so that the init_mm points the saved
ttbr0 value to the empty zero page, which always exists and never contains
valid translations. EFI and switch can then call into update_saved_ttbr0
unconditionally.

Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Vinayak Menon <vinmenon@codeaurora.org>
Cc: <stable@vger.kernel.org>
Fixes: 39bc88e5e3 ("arm64: Disable TTBR0_EL1 during normal kernel execution")
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Reported-by: Vinayak Menon <vinmenon@codeaurora.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2017-12-06 18:28:10 +00:00
..
xen License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
acenv.h
acpi.h arm64: mm: Remove arch_apei_flush_tlb_one() 2017-11-07 12:13:33 +01:00
alternative.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
arch_gicv3.h irqchip/gic-v3: Add support for Range Selector (RS) feature 2017-10-19 11:22:34 +01:00
arch_timer.h First batch of KVM changes for 4.15 2017-11-16 13:00:24 -08:00
arm-cci.h
asm-bug.h arm64: asm-bug: Renumber macro local labels to avoid clashes 2017-10-25 15:57:15 +01:00
asm-offsets.h
asm-uaccess.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
assembler.h arm64: entry.S: convert elX_irq 2017-11-02 15:55:41 +00:00
atomic.h
atomic_ll_sc.h arm64: Remove redundant mov from LL/SC cmpxchg 2017-05-15 18:30:10 +01:00
atomic_lse.h arm64: atomics: Remove '&' from '+&' asm constraint in lse atomics 2017-07-20 10:20:54 +01:00
barrier.h arm64: sysreg: Move SPE registers and PSB into common header files 2017-10-18 12:53:32 +01:00
bitops.h
bitrev.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
boot.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
brk-imm.h
bug.h arm64: Add ASM_BUG() 2017-08-08 16:28:13 +01:00
cache.h arm64: cache: Identify VPIPT I-caches 2017-03-20 16:17:02 +00:00
cacheflush.h arm64: mm: cleanup stale AIVIVT references 2017-11-28 18:13:18 +00:00
checksum.h arm64: add missing conversion to __wsum in ip_fast_csum() 2017-06-29 16:32:43 +01:00
clocksource.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
cmpxchg.h arm64: xchg: hazard against entire exchange variable 2017-05-09 17:44:50 +01:00
compat.h fcntl: don't cap l_start and l_end values for F_GETLK64 in compat syscall 2017-11-15 08:08:36 -05:00
compiler.h
cpu.h arm64/sve: Probe SVE capabilities and usable vector lengths 2017-11-03 15:24:17 +00:00
cpu_ops.h
cpucaps.h arm64/sve: Detect SVE and activate runtime support 2017-11-03 15:24:21 +00:00
cpufeature.h arm64/sve: Detect SVE and activate runtime support 2017-11-03 15:24:21 +00:00
cpuidle.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
cputype.h arm64: Add MIDR values for Cavium cn83XX SoCs 2017-06-15 09:45:04 +01:00
current.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
daifflags.h arm64: Move the async/fiq helpers to explicitly set process context flags 2017-11-02 15:55:41 +00:00
dcc.h
debug-monitors.h arm64: Add uprobe support 2016-11-07 18:15:21 +00:00
device.h xen/arm,arm64: fix xen_dma_ops after 815dd18 "Consolidate get_dma_ops..." 2017-05-02 11:14:42 +02:00
dma-mapping.h This is the first pull request for the new dma-mapping subsystem 2017-07-06 19:20:54 -07:00
dmi.h
efi.h arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm 2017-12-06 18:28:10 +00:00
elf.h arm64: elf.h: Correct comment about READ_IMPLIES_EXEC propagation 2017-10-09 10:00:23 +01:00
esr.h arm64/sve: System register and exception syndrome definitions 2017-11-03 15:24:13 +00:00
exception.h
exec.h arm64: suspend: Reconfigure PSTATE after resume from idle 2016-10-20 09:50:54 +01:00
extable.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fb.h
fixmap.h ACPI / APEI: Replace ioremap_page_range() with fixmap 2017-11-07 12:12:44 +01:00
fpsimd.h arm64/sve: KVM: Prevent guests from using SVE 2017-11-03 15:24:19 +00:00
fpsimdmacros.h arm64/sve: Low-level SVE architectural state manipulation functions 2017-11-03 15:24:14 +00:00
ftrace.h
futex.h futex: Remove duplicated code and fix undefined behaviour 2017-08-25 22:49:59 +02:00
hardirq.h arm64: kdump: implement machine_crash_shutdown() 2017-04-05 18:29:15 +01:00
hugetlb.h arm64: hugetlb: Override set_huge_swap_pte_at() to support contiguous hugepages 2017-08-22 17:47:11 +01:00
hw_breakpoint.h arm64: cpufeature: Make ID reg accessor naming less counterintuitive 2017-04-04 16:55:41 +01:00
hwcap.h
hypervisor.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
insn.h arm64: Prevent cpu hotplug rwsem recursion 2017-05-26 10:10:45 +02:00
io.h ARM64: Implement pci_remap_cfgspace() interface 2017-04-24 13:53:13 -05:00
irq.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
irq_work.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
irqflags.h arm64: Move the async/fiq helpers to explicitly set process context flags 2017-11-02 15:55:41 +00:00
jump_label.h
kasan.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Kbuild locking/qrwlock, arm64: Move rwlock implementation over to qrwlocks 2017-10-25 10:57:25 +02:00
kernel-pgtable.h arm64: Introduce uaccess_{disable,enable} functionality based on TTBR0_EL1 2016-11-21 18:48:53 +00:00
kexec.h arm64: kdump: implement machine_crash_shutdown() 2017-04-05 18:29:15 +01:00
kgdb.h
kprobes.h kprobes: move kprobe declarations to asm-generic/kprobes.h 2017-02-27 18:43:45 -08:00
kvm_arm.h arm64/sve: KVM: Prevent guests from using SVE 2017-11-03 15:24:19 +00:00
kvm_asm.h KVM: arm/arm64: Move timer save/restore out of the hyp code 2017-11-06 16:23:13 +01:00
kvm_coproc.h
kvm_emulate.h KVM: arm/arm64: fix the incompatible matching for external abort 2017-11-06 16:23:20 +01:00
kvm_host.h arm64/sve: KVM: Prevent guests from using SVE 2017-11-03 15:24:19 +00:00
kvm_hyp.h KVM: arm/arm64: Move timer save/restore out of the hyp code 2017-11-06 16:23:13 +01:00
kvm_mmio.h
kvm_mmu.h kvm: arm64: Convert kvm_set_s2pte_readonly() from inline asm to cmpxchg() 2017-08-21 11:12:39 +01:00
kvm_psci.h
linkage.h arm64: relax assembly code alignment from 16 byte to 4 byte 2017-09-18 11:20:19 +01:00
lse.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
memblock.h
memory.h arm64 updates for 4.15 2017-11-15 10:56:56 -08:00
mmu.h arm64: introduce separated bits for mm_context_t flags 2017-08-22 18:13:04 +01:00
mmu_context.h arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm 2017-12-06 18:28:10 +00:00
mmzone.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
module.h arm64: ftrace: emit ftrace-mod.o contents through code 2017-12-01 13:04:59 +00:00
neon.h arm64: neon: Temporarily add a kernel_mode_begin_partial() definition 2017-08-04 15:10:12 +01:00
numa.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
page-def.h arm64: factor out PAGE_* and CONT_* definitions 2017-08-15 18:35:00 +01:00
page.h arm64: factor out PAGE_* and CONT_* definitions 2017-08-15 18:35:00 +01:00
paravirt.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pci.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
percpu.h arm64: factor out current_stack_pointer 2016-11-11 18:25:43 +00:00
perf_event.h arm64 updates for 4.10: 2016-12-13 16:39:21 -08:00
pgalloc.h kmemcheck: stop using GFP_NOTRACK and SLAB_NOTRACK 2017-11-15 18:21:04 -08:00
pgtable-hwdef.h
pgtable-prot.h arm64: Move PTE_RDONLY bit handling out of set_pte_at() 2017-08-21 11:12:50 +01:00
pgtable-types.h arch, mm: convert all architectures to use 5level-fixup.h 2017-03-09 11:48:47 -08:00
pgtable.h mm: switch to 'define pmd_write' instead of __HAVE_ARCH_PMD_WRITE 2017-11-29 18:40:42 -08:00
probes.h arm64: Remove reference to asm/opcodes.h 2016-12-05 10:42:34 +00:00
proc-fns.h
processor.h arm64/sve: Add prctl controls for userspace vector length management 2017-11-03 15:24:19 +00:00
ptdump.h arm64: dump: Add checking for writable and exectuable pages 2016-11-07 18:15:04 +00:00
ptrace.h Merge branch 'arm64/exception-stack' of git://git.kernel.org/pub/scm/linux/kernel/git/mark/linux into for-next/core 2017-08-09 15:37:49 +01:00
seccomp.h
sections.h arm64: mmu: apply strict permissions to .init.text and .init.data 2017-03-23 13:54:50 +00:00
shmparam.h
signal32.h arm64: compat: Remove leftover variable declaration 2017-08-10 18:17:32 +01:00
simd.h arm64: neon: Forbid when irqs are disabled 2017-08-09 15:05:59 +01:00
smp.h arm64: kexec: have own crash_smp_send_stop() for crash dump for nonpanic cores 2017-08-21 18:01:04 +01:00
smp_plat.h
sparsemem.h
spinlock.h locking/qrwlock, arm64: Move rwlock implementation over to qrwlocks 2017-10-25 10:57:25 +02:00
spinlock_types.h locking/qrwlock, arm64: Move rwlock implementation over to qrwlocks 2017-10-25 10:57:25 +02:00
stack_pointer.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
stackprotector.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
stacktrace.h arm64: add VMAP_STACK overflow detection 2017-08-15 18:36:18 +01:00
stage2_pgtable-nopmd.h
stage2_pgtable-nopud.h
stage2_pgtable.h
stat.h
string.h arm64: uaccess: Implement *_flushcache variants 2017-08-09 12:16:26 +01:00
suspend.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sync_bitops.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
syscall.h
sysreg.h arm64/sve: System register and exception syndrome definitions 2017-11-03 15:24:13 +00:00
system_misc.h Merge branch 'aarch64/for-next/ras-apei' into aarch64/for-next/core 2017-06-26 10:54:27 +01:00
thread_info.h arm64/sve: Support vector length resetting for new processes 2017-11-03 15:24:16 +00:00
timex.h arm64: Use physical counter for in-kernel reads when booted in EL2 2017-11-06 16:23:09 +01:00
tlb.h
tlbflush.h arm64: Work around Falkor erratum 1009 2017-02-01 15:41:50 +00:00
topology.h Merge branch 'pm-cpufreq' 2017-11-13 01:34:49 +01:00
traps.h arm64/sve: Core task context handling 2017-11-03 15:24:15 +00:00
uaccess.h arm64 updates for 4.14: 2017-09-05 09:53:37 -07:00
unistd.h Remove compat_sys_getdents64() 2017-04-17 12:52:22 -04:00
unistd32.h Remove compat_sys_getdents64() 2017-04-17 12:52:22 -04:00
uprobes.h arm64: Add uprobe support 2016-11-07 18:15:21 +00:00
vdso.h
vdso_datapage.h
virt.h arm64: hyp-stub/KVM: Kill __hyp_get_vectors 2017-04-09 07:49:34 -07:00
word-at-a-time.h Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00