1 files changed, 12 insertions, 2 deletions

diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c
index c8beaa0da7df..05d2bd776c69 100644
--- a/arch/arm64/mm/fault.c
+++ b/arch/arm64/mm/fault.c
@@ -153,6 +153,11 @@ int ptep_set_access_flags(struct vm_area_struct *vma,
 }
 #endif
 
+static bool is_el1_instruction_abort(unsigned int esr)
+{
+        return ESR_ELx_EC(esr) == ESR_ELx_EC_IABT_CUR;
+}
+
 /*
  * The kernel tried to access some page that wasn't present.
  */
@@ -161,8 +166,9 @@ static void __do_kernel_fault(struct mm_struct *mm, unsigned long addr,
 {
         /*
          * Are we prepared to handle this kernel fault?
+         * We are almost certainly not prepared to handle instruction faults.
          */
-        if (fixup_exception(regs))
+        if (!is_el1_instruction_abort(esr) && fixup_exception(regs))
                 return;
 
         /*
@@ -267,7 +273,8 @@ static inline bool is_permission_fault(unsigned int esr)
         unsigned int ec       = ESR_ELx_EC(esr);
         unsigned int fsc_type = esr & ESR_ELx_FSC_TYPE;
 
-        return (ec == ESR_ELx_EC_DABT_CUR && fsc_type == ESR_ELx_FSC_PERM);
+        return (ec == ESR_ELx_EC_DABT_CUR && fsc_type == ESR_ELx_FSC_PERM) ||
+               (ec == ESR_ELx_EC_IABT_CUR && fsc_type == ESR_ELx_FSC_PERM);
 }
 
 static bool is_el0_instruction_abort(unsigned int esr)
@@ -312,6 +319,9 @@ static int __kprobes do_page_fault(unsigned long addr, unsigned int esr,
                 if (regs->orig_addr_limit == KERNEL_DS)
                         die("Accessing user space memory with fs=KERNEL_DS", regs, esr);
 
+                if (is_el1_instruction_abort(esr))
+                        die("Attempting to execute userspace memory", regs, esr);
+
                 if (!search_exception_tables(regs->pc))
                         die("Accessing user space memory outside uaccess.h routines", regs, esr);
         }