mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-10 02:29:01 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers
History
Mark Rutland 823e02ea7b efi/libstub/arm64: Handle randomized TEXT_OFFSET 
[ Upstream commit 4f74d72aa7 ]

When CONFIG_RANDOMIZE_TEXT_OFFSET=y, TEXT_OFFSET is an arbitrary
multiple of PAGE_SIZE in the interval [0, 2MB).

The EFI stub does not account for the potential misalignment of
TEXT_OFFSET relative to EFI_KIMG_ALIGN, and produces a randomized
physical offset which is always a round multiple of EFI_KIMG_ALIGN.
This may result in statically allocated objects whose alignment exceeds
PAGE_SIZE to appear misaligned in memory. This has been observed to
result in spurious stack overflow reports and failure to make use of
the IRQ stacks, and theoretically could result in a number of other
issues.

We can OR in the low bits of TEXT_OFFSET to ensure that we have the
necessary offset (and hence preserve the misalignment of TEXT_OFFSET
relative to EFI_KIMG_ALIGN), so let's do that.

Reported-by: Kim Phillips <kim.phillips@arm.com>
Tested-by: Kim Phillips <kim.phillips@arm.com>
[ardb: clarify comment and commit log, drop unneeded parens]
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Fixes: 6f26b36711 ("arm64: kaslr: increase randomization granularity")
Link: http://lkml.kernel.org/r/20180518140841.9731-2-ard.biesheuvel@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-06-21 04:03:01 +09:00
..
accessibility
acpi ACPI / watchdog: Prefer iTCO_wdt on Lenovo Z50-70 2018-06-21 04:02:47 +09:00
amba ARM: amba: Don't read past the end of sysfs "driver_override" buffer 2018-05-01 12:58:21 -07:00
android ANDROID: binder: prevent transactions into own process. 2018-05-01 12:58:20 -07:00
ata driver core: add __printf verification to __ata_ehi_pushv_desc 2018-06-21 04:02:55 +09:00
atm atm: zatm: Fix potential Spectre v1 2018-05-16 10:10:29 +02:00
auxdisplay auxdisplay: img-ascii-lcd: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE 2018-02-07 11:12:20 -08:00
base regmap: Correct comparison in regmap_cached 2018-05-30 07:52:41 +02:00
bcma
block block: null_blk: fix 'Invalid parameters' when loading module 2018-05-30 07:52:36 +02:00
bluetooth Bluetooth: btusb: Add device ID for RTL8822BE 2018-05-25 16:17:42 +02:00
bus
cdrom cdrom: do not call check_disk_change() inside cdrom_open() 2018-05-30 07:52:34 +02:00
char agp: uninorth: make two functions static 2018-06-21 04:02:56 +09:00
clk clk: imx6ull: use OSC clock during AXI rate change 2018-06-21 04:03:00 +09:00
clocksource clocksource/drivers/imx-tpm: Correct some registers operation flow 2018-06-21 04:02:40 +09:00
connector
cpufreq cpufreq: Reorder cpufreq_online() error code path 2018-05-30 07:52:38 +02:00
cpuidle
crypto crypto: omap-sham - fix memleak 2018-06-16 09:45:18 +02:00
dax
dca
devfreq PM / devfreq: Fix potential NULL pointer dereference in governor_store 2018-04-12 12:32:13 +02:00
dio
dma dmaengine: qcom: bam_dma: get num-channels and num-ees from dt 2018-05-30 07:52:37 +02:00
dma-buf dma-buf: remove redundant initialization of sg_table 2018-06-05 11:41:57 +02:00
edac x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type 2018-04-19 08:56:20 +02:00
eisa
extcon extcon: intel-cht-wc: Set direction and drv flags for V5 boost GPIO 2018-04-24 09:36:29 +02:00
firewire firewire-ohci: work around oversized DMA reads on JMicron controllers 2018-04-26 11:02:03 +02:00
firmware efi/libstub/arm64: Handle randomized TEXT_OFFSET 2018-06-21 04:03:01 +09:00
fmc
fpga fpga-manager: altera-ps-spi: preserve nCONFIG state 2018-05-01 12:58:24 -07:00
fsi
gpio gpio: No NULL owner 2018-06-16 09:45:14 +02:00
gpu drm/dumb-buffers: Integer overflow in drm_mode_create_ioctl() 2018-06-21 04:03:00 +09:00
hid HID: intel-ish-hid: use put_device() instead of kfree() 2018-06-21 04:02:48 +09:00
hsi
hv Drivers: hv: vmbus: do not mark HV_PCIE as perf_device 2018-04-19 08:56:16 +02:00
hwmon hwmon: (pmbus/adm1275) Accept negative page register values 2018-05-30 07:52:34 +02:00
hwspinlock
hwtracing intel_th: Use correct device when freeing buffers 2018-06-05 11:41:59 +02:00
i2c i2c: viperboard: return message count on master_xfer success 2018-06-21 04:03:00 +09:00
ide cdrom: do not call check_disk_change() inside cdrom_open() 2018-05-30 07:52:34 +02:00
idle
iio iio: adc: select buffer for at91-sama5d2_adc 2018-06-05 11:41:58 +02:00
infiniband RDMA/cma: Do not query GID during QP state transition to RTR 2018-06-21 04:02:54 +09:00
input Input: atmel_mxt_ts - fix the firmware update 2018-06-21 04:02:52 +09:00
iommu iommu/vt-d: fix shift-out-of-bounds in bug checking 2018-06-21 04:02:53 +09:00
ipack
irqchip irqchip/qcom: Fix check for spurious interrupts 2018-05-09 09:51:56 +02:00
isdn isdn: eicon: fix a missing-check bug 2018-06-11 22:49:19 +02:00
leds leds: pm8058: Silence pointer to integer size warning 2018-03-19 08:42:50 +01:00
lightnvm
macintosh drivers: macintosh: rack-meter: really fix bogus memsets 2018-05-30 07:52:27 +02:00
mailbox
mcb
md bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set 2018-05-30 07:52:30 +02:00
media media: cx25821: prevent out-of-bounds read on array card 2018-05-25 16:17:58 +02:00
memory
memstick
message scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo() 2018-05-25 16:17:47 +02:00
mfd
misc vmw_balloon: fixing double free when batching mode is off 2018-06-16 09:45:16 +02:00
mmc mmc: sdhci-iproc: add SDHCI_QUIRK2_HOST_OFF_CARD_ON for cygnus 2018-05-30 07:51:48 +02:00
mtd mtd: rawnand: tango: Fix struct clk memory leak 2018-05-01 12:58:19 -07:00
mux
net ixgbe: return error on unsupported SFP module when resetting 2018-06-21 04:02:57 +09:00
nfc NFC: pn533: don't send USB data off of the stack 2018-06-16 09:45:15 +02:00
ntb ntb_transport: Fix bug with max_mw_size parameter 2018-04-26 11:02:13 +02:00
nubus
nvdimm libnvdimm, namespace: use a safe lookup for dimm device name 2018-04-24 09:36:32 +02:00
nvme nvme: Set integrity flag for user passthrough commands 2018-06-21 04:02:53 +09:00
nvmem
of earlycon: Use a pointer table to fix __earlycon_table stride 2018-05-01 12:58:24 -07:00
oprofile
parisc parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode 2018-05-30 07:52:28 +02:00
parport parport_pc: Add support for WCH CH382L PCI-E single parallel port card. 2018-04-08 14:26:31 +02:00
pci PCI: kirin: Fix reset gpio name 2018-06-21 04:02:42 +09:00
pcmcia PCMCIA / PM: Avoid noirq suspend aborts during suspend-to-idle 2018-05-30 07:52:39 +02:00
perf
phy phy: qcom-qusb2: Fix crash if nvmem cell not specified 2018-06-16 09:45:16 +02:00
pinctrl Revert "pinctrl: msm: Use dynamic GPIO numbering" 2018-06-05 11:41:55 +02:00
platform platform/chrome: cros_ec_lpc: remove redundant pointer request 2018-06-05 11:41:57 +02:00
pnp
power power: supply: ltc2941-battery-gauge: Fix temperature units 2018-05-30 07:52:38 +02:00
powercap
pps
ps3
ptp
pwm pwm: rcar: Fix a condition to prevent mismatch value setting to duty 2018-04-24 09:36:34 +02:00
rapidio
ras
regulator regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()' 2018-05-30 07:52:41 +02:00
remoteproc remoteproc: qcom: Fix potential device node leaks 2018-06-21 04:02:48 +09:00
reset
rpmsg rpmsg: added MODULE_ALIAS for rpmsg_char 2018-06-21 04:02:48 +09:00
rtc rtc: goldfish: Add missing MODULE_LICENSE 2018-05-25 16:18:02 +02:00
s390 s390/smsgiucv: disable SMSG on module unload 2018-06-21 04:02:41 +09:00
sbus
scsi scsi: vmw-pvscsi: return DID_BUS_BUSY for adapter-initated aborts 2018-06-21 04:02:52 +09:00
sfi
sh
sn
soc soc: bcm: raspberrypi-power: Fix use of __packed 2018-06-21 04:02:42 +09:00
spi spi: bcm2835aux: ensure interrupts are enabled for shared handler 2018-06-21 04:02:54 +09:00
spmi
ssb
staging staging: android: ion: Switch to pr_warn_once in ion_buffer_destroy 2018-06-16 09:45:15 +02:00
target scsi: target: fix crash with iscsi target and dvd 2018-06-21 04:02:43 +09:00
tc
tee tee: check shm references are consistent in offset/size 2018-06-21 04:02:54 +09:00
thermal thermal: int3403_thermal: Fix NULL pointer deref on module load / probe 2018-06-21 04:02:47 +09:00
thunderbolt thunderbolt: Prevent crash when ICM firmware is not running 2018-04-24 09:36:29 +02:00
tty tty: pl011: Avoid spuriously stuck-off interrupts 2018-06-16 09:45:16 +02:00
uio uio_hv_generic: check that host supports monitor page 2018-04-12 12:32:19 +02:00
usb usb: musb: fix remote wakeup racing with suspend 2018-06-21 04:02:59 +09:00
uwb
vfio vfio/pci: Virtualize Maximum Read Request Size 2018-04-24 09:36:34 +02:00
vhost vhost: synchronize IOTLB message with dev cleanup 2018-06-11 22:49:21 +02:00
video fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper(). 2018-05-30 07:52:12 +02:00
virt
virtio virtio_ring: fix num_free handling in error case 2018-03-15 10:54:32 +01:00
vlynq
vme
w1
watchdog watchdog: asm9260_wdt: fix error handling in asm9260_wdt_probe() 2018-05-30 07:52:36 +02:00
xen xen: xenbus_dev_frontend: Really return response string 2018-06-21 04:02:42 +09:00
zorro zorro: Set up z->dev.dma_mask for the DMA API 2018-05-30 07:52:30 +02:00
Kconfig
Makefile usb: build drivers/usb/common/ when USB_SUPPORT is set 2018-02-25 11:07:53 +01:00