Thanks, I will send a v2 with the revert patch. 在 2024/2/18 18:06, Ard Biesheuvel 写道: > On Sun, 18 Feb 2024 at 03:33, Xiang Yang <xiangyang3@xxxxxxxxxx> wrote: >> >> The shadow call stack for irq now stored in current task's thread info >> may restored incorrectly, so backport call_on_irq_stack from mainline to >> fix it. >> >> Ard Biesheuvel (1): >> arm64: Stash shadow stack pointer in the task struct on interrupt >> >> Mark Rutland (3): >> arm64: entry: move arm64_preempt_schedule_irq to entry-common.c >> arm64: entry: add a call_on_irq_stack helper >> arm64: entry: convert IRQ+FIQ handlers to C >> >> Xiang Yang (1): >> Revert "arm64: Stash shadow stack pointer in the task struct on >> interrupt" >> > > Backporting this was a mistake. Not only was the backport flawed, the > original issue (stashing the shadow call stack pointer onto the normal > stack) was not even present, at least not to the same extent. > > Stashing the shadow call stack pointer in register X24 works around > the original issue, except for the case where a hardirq is taken while > softirqs are being processed. In this case, X24 will be preserved on > the stack by the hardirq handling logic, and restored after. > Theoretically, that creates a window where the shadow call stack > pointer could be corrupted deliberately, but it seems unlikely to me > that this is exploitable in practice. > > So in the light of this, I think doing only the revert here should be > sufficient, and there is no need for the other backports in this > series. > .
