From: James Morse james.morse@arm.com
Summit reports that the BHB backports for v4.9 prevent vulnerable platforms from booting when CONFIG_RANDOMIZE_BASE is enabled.
This is because the trampoline code takes a translation fault when accessing the data page, because the TTBR write hasn't been completed by an ISB before the access is made.
Upstream has a complex erratum workaround for QCOM_FALKOR_E1003 in this area, which removes the ISB when the workaround has been applied. v4.9 lacks this workaround, but should still have the ISB.
Restore the barrier.
Fixes: aee10c2dd013 ("arm64: entry: Add macro for reading symbol addresses from the trampoline") Reported-by: Sumit Gupta sumitg@nvidia.com Tested-by: Sumit Gupta sumitg@nvidia.com Cc: stable@vger.kernel.org Signed-off-by: James Morse james.morse@arm.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- arch/arm64/kernel/entry.S | 1 + 1 file changed, 1 insertion(+)
--- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -964,6 +964,7 @@ __ni_sys_trace: b . 2: tramp_map_kernel x30 + isb tramp_data_read_var x30, vectors prfm plil1strm, [x30, #(1b - \vector_start)] msr vbar_el1, x30