Patch "arm64: mm: don't write garbage into TTBR1_EL1 register" has been added to the 4.4-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Mon, 26 Feb 2018 14:02:54 +0100

This is a note to let you know that I've just added the patch titled

    arm64: mm: don't write garbage into TTBR1_EL1 register

to the 4.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     arm64-mm-don-t-write-garbage-into-ttbr1_el1-register.patch
and it can be found in the queue-4.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From ard.biesheuvel@xxxxxxxxxx  Mon Feb 26 13:53:22 2018
From: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>
Date: Fri, 23 Feb 2018 18:29:02 +0000
Subject: arm64: mm: don't write garbage into TTBR1_EL1 register
To: linux-arm-kernel@xxxxxxxxxxxxxxxxxxx
Cc: catalin.marinas@xxxxxxx, will.deacon@xxxxxxx, marc.zyngier@xxxxxxx, mark.rutland@xxxxxxx, nicolas.dechesne@xxxxxxxxxx, gregkh@xxxxxxxxxxxxxxxxxxx, Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>
Message-ID: <20180223182902.24873-1-ard.biesheuvel@xxxxxxxxxx>

From: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>

Stable backport commit 173358a49173 ("arm64: kpti: Add ->enable callback
to remap swapper using nG mappings") of upstream commit f992b4dfd58b did
not survive the backporting process unscathed, and ends up writing garbage
into the TTBR1_EL1 register, rather than pointing it to the zero page to
disable translations. Fix that.

Cc: <stable@xxxxxxxxxxxxxxx> #v4.14
Reported-by: Nicolas Dechesne <nicolas.dechesne@xxxxxxxxxx>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>
Acked-by: Will Deacon <will.deacon@xxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 arch/arm64/mm/proc.S | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S
index 08572f95bd8a..2b473ddeb7a3 100644
--- a/arch/arm64/mm/proc.S
+++ b/arch/arm64/mm/proc.S
@@ -155,7 +155,7 @@ ENDPROC(cpu_do_switch_mm)
 
 .macro	__idmap_cpu_set_reserved_ttbr1, tmp1, tmp2
 	adrp	\tmp1, empty_zero_page
-	msr	ttbr1_el1, \tmp2
+	msr	ttbr1_el1, \tmp1
 	isb
 	tlbi	vmalle1
 	dsb	nsh
-- 
2.11.0



Patches currently in stable-queue which might be from ard.biesheuvel@xxxxxxxxxx are

queue-4.4/arm64-mm-don-t-write-garbage-into-ttbr1_el1-register.patch






