git.fsl.cs.sunysb.edu Git - wrapfs-5.10.y.git/commit

author	Mark Rutland <mark.rutland@arm.com>
	Mon, 16 May 2022 16:07:35 +0000 (17:07 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 25 May 2022 07:59:08 +0000 (09:59 +0200)
commit	3f0915975c201dedfe52ab02bf3a396c01bfc54a
tree	c1a31faab6d9d14c3b1b4173cba83d4b43f5fc13	tree \| snapshot
parent	8d20af6cdd1639c1e14346d4cb1d7b1d19fee34b	commit \| diff

arm64: kexec: load from kimage prior to clobbering

[ Upstream commit eb3d8ea3e1f03f4b0b72d8f5ed9eb7c3165862e8 ]

In arm64_relocate_new_kernel() we load some fields out of the kimage
structure after relocation has occurred. As the kimage structure isn't
allocated to be relocation-safe, it may be clobbered during relocation,
and we may load junk values out of the structure.

Due to this, kexec may fail when the kimage allocation happens to fall
within a PA range that an object will be relocated to. This has been
observed to occur for regular kexec on a QEMU TCG 'virt' machine with
2GiB of RAM, where the PA range of the new kernel image overlaps the
kimage structure.

Avoid this by ensuring we load all values from the kimage structure
prior to relocation.

I've tested this atop v5.16 and v5.18-rc6.

Fixes: 878fdbd70486 ("arm64: kexec: pass kimage as the only argument to relocation function")
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: James Morse <james.morse@arm.com>
Cc: Pasha Tatashin <pasha.tatashin@soleen.com>
Cc: Will Deacon <will@kernel.org>
Reviewed-by: Pasha Tatashin <pasha.tatashin@soleen.com>
Link: https://lore.kernel.org/r/20220516160735.731404-1-mark.rutland@arm.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>