Cve 2017 5754 #2048
Merged
Cve 2017 5754 #2048
Commits on Jan 10, 2018
-
core: make core_mmu.h asm friendly
Makes core_mmu.h assembly friendly by excluding C code with #ifndef ASM Reviewed-by: Etienne Carriere <[email protected]> Reviewed-by: Jerome Forissier <[email protected]> Acked-by: Andrew Davis <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
-
core: refactor ASID management
Refactors Address Space Identifier management. The field in struct user_ta_ctx is moved into struct tee_mmu_info and renamed to asid. Allocation refactored internally with asid_alloc() and asid_free() functions, based on bitstring.h macros. ASIDs starts at 2, and is always an even number. ASIDs with the lowest bit set is reserved for as the second ASID when using ASIDs in pairs. Reviewed-by: Etienne Carriere <[email protected]> Acked-by: Jerome Forissier <[email protected]> Acked-by: Andrew Davis <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
-
core: tlbi_asid() handle kernel mode ASID too
When invalidating an ASID (lowest bit 0), clear the paired ASID (lowest bit 1)too. Reviewed-by: Etienne Carriere <[email protected]> Reviewed-by: Jerome Forissier <[email protected]> Acked-by: Andrew Davis <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
-
Adds mobj_tee_ram to describe TEE RAM mapping inside a user mapping. Reviewed-by: Etienne Carriere <[email protected]> Reviewed-by: Jerome Forissier <[email protected]> Acked-by: Andrew Davis <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
-
core: thread: add thread_get_user_kcode()
Adds thread_get_user_kcode() to report required kernel mapping (exception vector and some associated code in the same section as the vector) inside a user mapping. Reviewed-by: Etienne Carriere <[email protected]> Reviewed-by: Jerome Forissier <[email protected]> Acked-by: Andrew Davis <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
-
core: mm: add kernel mapping to user map
Adds a minimal kernel mapping needed when user mapping is active. Reviewed-by: Etienne Carriere <[email protected]> Acked-by: Andrew Davis <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
-
core: user mode translation table
Adds a second translation table to be used while in user mode containing user mode mapping and a minimal kernel mapping. Reviewed-by: Etienne Carriere <[email protected]> Acked-by: Andrew Davis <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
-
core: arm32: exception handlers in one section
Moves all exception handlers into the section of the vector, .text.thread_vect_table. This makes it possible to later map just the exception vector and the closest associated code while in user mode. Reviewed-by: Etienne Carriere <[email protected]> Reviewed-by: Jerome Forissier <[email protected]> Acked-by: Andrew Davis <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
-
core: thread_a32.S: move intr handler macros
Moves the interrupt handler macros closer to the vector. Reviewed-by: Etienne Carriere <[email protected]> Reviewed-by: Jerome Forissier <[email protected]> Acked-by: Andrew Davis <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
-
core: use minimal kernel map in user space
Adds a trampoline in the exception vector to switch to a minimal kernel map when in user mode. When returning to kernel mode the full kernel mode map is restored. Arm32 tries to mimic the arm64 exception model somewhat by letting each exception handler run with disabled asynchronous aborts, irq and fiq. Form arm32 accesses to the cpus thread_core_local is only done via the stack pointer in abort mode. Entry of user mode is only done via abort mode, that means that the abort mode spsr register carries the new cpsr. Care is taken to have all exceptions disabled while using abort mode. ASIDs are paired with a user mode ASID with lowest bit sset and a kernel mode ASID with the lowest bit cleared. ASID 0 is reserved for kernel mode use when there's no user mode mapping active. With this change an active used mode mapping while in kernel mode uses (asid | 0), and while in user mode (asid | 1). The switch is done via the trampoline in the vector. Acked-by: Etienne Carriere <[email protected]> Acked-by: Jerome Forissier <[email protected]> Acked-by: Andrew Davis <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
-
core: make all mapping non-global
Makes all mapping non-global to avoid the otherwise required tlb invalidation when switching to user mode. This change makes the fix for CVE-2017-5754 complete. Reviewed-by: Etienne Carriere <[email protected]> Acked-by: Andrew Davis <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
-
core: rename mattr_uflags_to_str()
Renames mattr_uflags_to_str() to mattr_perm_to_str() and report all permission bits using a 7 bytes long string instead. This allows observing the permissions of the minimal kernel mapping added to the user space context. Reviewed-by: Etienne Carriere <[email protected]> Acked-by: Andrew Davis <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
-
documentation: mmu and switch to/from user space
This only describes the already documented legacy ARMv7 (short) table format. Acked-by: Jerome Forissier <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.