• Will Deacon's avatar
    arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm · 0adbdfde
    Will Deacon authored
    update_saved_ttbr0 mandates that mm->pgd is not swapper, since swapper
    contains kernel mappings and should never be installed into ttbr0. However,
    this means that callers must avoid passing the init_mm to update_saved_ttbr0
    which in turn can cause the saved ttbr0 value to be out-of-date in the context
    of the idle thread. For example, EFI runtime services may leave the saved ttbr0
    pointing at the EFI page table, and kernel threads may end up with stale
    references to freed page tables.
    
    This patch changes update_saved_ttbr0 so that the init_mm points the saved
    ttbr0 value to the empty zero page, which always exists and never contains
    valid translations. EFI and switch can then call into update_saved_ttbr0
    unconditionally.
    
    Cc: Mark Rutland <mark.rutland@arm.com>
    Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
    Cc: Vinayak Menon <vinmenon@codeaurora.org>
    Cc: <stable@vger.kernel.org>
    Fixes: 39bc88e5 ("arm64: Disable TTBR0_EL1 during normal kernel execution")
    Reviewed-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
    Reviewed-by: default avatarMark Rutland <mark.rutland@arm.com>
    Reported-by: default avatarVinayak Menon <vinmenon@codeaurora.org>
    Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
    0adbdfde
mmu_context.h 6.26 KB