From fe5482c04312791bb19202e47f8a7751d476251e Mon Sep 17 00:00:00 2001
From: Nicholas Piggin <npiggin@gmail.com>
Date: Sun, 21 May 2017 23:15:44 +1000
Subject: [PATCH] powerpc/64s: SLB miss already has CTR saved for relocatable
kernel
References: CVE-2020-4788 bsc#1177666
Patch-mainline: v4.13-rc1
Git-commit: fe5482c04312791bb19202e47f8a7751d476251e
The EXCEPTION_PROLOG_1 used by SLB miss already saves CTR when the
kernel is built with CONFIG_RELOCATABLE. So it does not have to be
saved and reloaded when branching to slb_miss_realmode. It can be
restored from the PACA as usual.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Acked-by: Michal Suchanek <msuchanek@suse.de>
---
arch/powerpc/kernel/exceptions-64s.S | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
--- a/arch/powerpc/kernel/exceptions-64s.S
+++ b/arch/powerpc/kernel/exceptions-64s.S
@@ -522,7 +522,6 @@ EXC_REAL_BEGIN(data_access_slb, 0x380, 0
* because the distance from here to there depends on where
* the kernel ends up being put.
*/
- mfctr r11
LOAD_HANDLER(r10, slb_miss_realmode)
mtctr r10
bctr
@@ -545,7 +544,6 @@ EXC_VIRT_BEGIN(data_access_slb, 0x4380,
* because the distance from here to there depends on where
* the kernel ends up being put.
*/
- mfctr r11
LOAD_HANDLER(r10, slb_miss_realmode)
mtctr r10
bctr
@@ -585,7 +583,6 @@ EXC_REAL_BEGIN(instruction_access_slb, 0
#ifndef CONFIG_RELOCATABLE
b slb_miss_realmode
#else
- mfctr r11
LOAD_HANDLER(r10, slb_miss_realmode)
mtctr r10
bctr
@@ -603,7 +600,6 @@ EXC_VIRT_BEGIN(instruction_access_slb, 0
#ifndef CONFIG_RELOCATABLE
b slb_miss_realmode
#else
- mfctr r11
LOAD_HANDLER(r10, slb_miss_realmode)
mtctr r10
bctr
@@ -625,10 +621,6 @@ EXC_COMMON_BEGIN(slb_miss_realmode)
* procedure.
*/
mflr r10
-#ifdef CONFIG_RELOCATABLE
- mtctr r11
-#endif
-
stw r9,PACA_EXSLB+EX_CCR(r13) /* save CR in exc. frame */
std r10,PACA_EXSLB+EX_LR(r13) /* save LR */
std r3,PACA_EXSLB+EX_DAR(r13)
@@ -659,6 +651,7 @@ END_MMU_FTR_SECTION_IFCLR(MMU_FTR_TYPE_R
mtcrf 0x01,r9 /* slb_allocate uses cr0 and cr7 */
.machine pop
+ RESTORE_CTR(r9, PACA_EXSLB)
RESTORE_PPR_PACA(PACA_EXSLB, r9)
ld r9,PACA_EXSLB+EX_R9(r13)
ld r10,PACA_EXSLB+EX_R10(r13)