On Thu, Jul 14, 2022 at 05:22:25PM +0100, James Morse wrote:
> Summit reports that the BHB backports for v4.9 prevent vulnerable
> platforms from booting when CONFIG_RANDOMIZE_BASE is enabled.
>
> This is because the trampoline code takes a translation fault when
> accessing the data page, because the TTBR write hasn't been completed
> by an ISB before the access is made.
>
> Upstream has a complex erratum workaround for QCOM_FALKOR_E1003 in
> this area, which removes the ISB when the workaround has been applied.
> v4.9 lacks this workaround, but should still have the ISB.
>
> Restore the barrier.
>
> Fixes: aee10c2dd013 ("arm64: entry: Add macro for reading symbol addresses from the trampoline")
> Reported-by: Sumit Gupta <sumitg@xxxxxxxxxx>
> Tested-by: Sumit Gupta <sumitg@xxxxxxxxxx>
> Cc: <stable@xxxxxxxxxxxxxxx>
> Signed-off-by: James Morse <james.morse@xxxxxxx>
> ---
> This only applies to the v4.9 backport, as v4.14 has the QCOM_FALKOR_E1003
> workaround.
>
> arch/arm64/kernel/entry.S | 1 +
> 1 file changed, 1 insertion(+)
Now queued up, thanks.
greg k-h
