releases/5.9.5/powerpc-powermac-fix-low_sleep_handler-with-kuap-and-kuep.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 2c637d2df4ee4830e9d3eb2bd5412250522ce96e Mon Sep 17 00:00:00 2001
 From: Christophe Leroy <christophe.leroy@csgroup.eu>
 Date: Fri, 11 Sep 2020 10:29:15 +0000
 Subject: powerpc/powermac: Fix low_sleep_handler with KUAP and KUEP

 From: Christophe Leroy <christophe.leroy@csgroup.eu>

 commit 2c637d2df4ee4830e9d3eb2bd5412250522ce96e upstream.

 low_sleep_handler() has an hardcoded restore of segment registers
 that doesn't take KUAP and KUEP into account.

 Use head_32's load_segment_registers() routine instead.

 Fixes: a68c31fc01ef ("powerpc/32s: Implement Kernel Userspace Access Protection")
 Fixes: 31ed2b13c48d ("powerpc/32s: Implement Kernel Userspace Execution Prevention.")
 Cc: stable@vger.kernel.org
 Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
 Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
 Link: https://lore.kernel.org/r/21b05f7298c1b18f73e6e5b4cd5005aafa24b6da.1599820109.git.christophe.leroy@csgroup.eu
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 ---
  arch/powerpc/kernel/head_32.S           |    2 +-
  arch/powerpc/platforms/powermac/sleep.S |    9 +--------
  2 files changed, 2 insertions(+), 9 deletions(-)

 --- a/arch/powerpc/kernel/head_32.S
 +++ b/arch/powerpc/kernel/head_32.S
 @@ -1002,7 +1002,7 @@ BEGIN_MMU_FTR_SECTION
  END_MMU_FTR_SECTION_IFSET(MMU_FTR_USE_HIGH_BATS)
  	blr

 -load_segment_registers:
 +_GLOBAL(load_segment_registers)
  	li	r0, NUM_USER_SEGMENTS /* load up user segment register values */
  	mtctr	r0		/* for context 0 */
  	li	r3, 0		/* Kp = 0, Ks = 0, VSID = 0 */
 --- a/arch/powerpc/platforms/powermac/sleep.S
 +++ b/arch/powerpc/platforms/powermac/sleep.S
 @@ -294,14 +294,7 @@ grackle_wake_up:
  	 * we do any r1 memory access as we are not sure they
  	 * are in a sane state above the first 256Mb region
  	 */
 -	li	r0,16		/* load up segment register values */
 -	mtctr	r0		/* for context 0 */
 -	lis	r3,0x2000	/* Ku = 1, VSID = 0 */
 -	li	r4,0
 -3:	mtsrin	r3,r4
 -	addi	r3,r3,0x111	/* increment VSID */
 -	addis	r4,r4,0x1000	/* address of next segment */
 -	bdnz	3b
 +	bl	load_segment_registers
  	sync
  	isync
	From 2c637d2df4ee4830e9d3eb2bd5412250522ce96e Mon Sep 17 00:00:00 2001
	From: Christophe Leroy <christophe.leroy@csgroup.eu>
	Date: Fri, 11 Sep 2020 10:29:15 +0000
	Subject: powerpc/powermac: Fix low_sleep_handler with KUAP and KUEP

	From: Christophe Leroy <christophe.leroy@csgroup.eu>

	commit 2c637d2df4ee4830e9d3eb2bd5412250522ce96e upstream.

	low_sleep_handler() has an hardcoded restore of segment registers
	that doesn't take KUAP and KUEP into account.

	Use head_32's load_segment_registers() routine instead.

	Fixes: a68c31fc01ef ("powerpc/32s: Implement Kernel Userspace Access Protection")
	Fixes: 31ed2b13c48d ("powerpc/32s: Implement Kernel Userspace Execution Prevention.")
	Cc: stable@vger.kernel.org
	Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
	Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
	Link: https://lore.kernel.org/r/21b05f7298c1b18f73e6e5b4cd5005aafa24b6da.1599820109.git.christophe.leroy@csgroup.eu
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

	---
	arch/powerpc/kernel/head_32.S \| 2 +-
	arch/powerpc/platforms/powermac/sleep.S \| 9 +--------
	2 files changed, 2 insertions(+), 9 deletions(-)

	--- a/arch/powerpc/kernel/head_32.S
	+++ b/arch/powerpc/kernel/head_32.S
	@@ -1002,7 +1002,7 @@ BEGIN_MMU_FTR_SECTION
	END_MMU_FTR_SECTION_IFSET(MMU_FTR_USE_HIGH_BATS)
	blr

	-load_segment_registers:
	+_GLOBAL(load_segment_registers)
	li r0, NUM_USER_SEGMENTS /* load up user segment register values */
	mtctr r0 /* for context 0 */
	li r3, 0 /* Kp = 0, Ks = 0, VSID = 0 */
	--- a/arch/powerpc/platforms/powermac/sleep.S
	+++ b/arch/powerpc/platforms/powermac/sleep.S
	@@ -294,14 +294,7 @@ grackle_wake_up:
	* we do any r1 memory access as we are not sure they
	* are in a sane state above the first 256Mb region
	*/
	- li r0,16 /* load up segment register values */
	- mtctr r0 /* for context 0 */
	- lis r3,0x2000 /* Ku = 1, VSID = 0 */
	- li r4,0
	-3: mtsrin r3,r4
	- addi r3,r3,0x111 /* increment VSID */
	- addis r4,r4,0x1000 /* address of next segment */
	- bdnz 3b
	+ bl load_segment_registers
	sync
	isync