git.baikalelectronics.ru Git - kernel.git/commit

author	Will Deacon <will.deacon@arm.com>
	Fri, 2 Feb 2018 17:31:40 +0000 (17:31 +0000)
committer	Catalin Marinas <catalin.marinas@arm.com>
	Tue, 6 Feb 2018 22:53:46 +0000 (22:53 +0000)
commit	d064277e7cb058d31f6555c20f72aaaa447abaa9
tree	84996f5e1a90fe3e95cd54b821da1e624007970d	tree \| snapshot
parent	6a77cd868db983adee7f01ca0f6f3a72f4731b34	commit \| diff

arm64: entry: Apply BP hardening for suspicious interrupts from EL0

It is possible to take an IRQ from EL0 following a branch to a kernel
address in such a way that the IRQ is prioritised over the instruction
abort. Whilst an attacker would need to get the stars to align here,
it might be sufficient with enough calibration so perform BP hardening
in the rare case that we see a kernel address in the ELR when handling
an IRQ from EL0.

Reported-by: Dan Hettena <dhettena@nvidia.com>
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>

arch/arm64/kernel/entry.S		diff \| blob \| history
arch/arm64/mm/fault.c		diff \| blob \| history