From e4f7066169b2e0152145838cf743286cd9da6a1a Mon Sep 17 00:00:00 2001
From: starlet-dx <15929766099@163.com>
Date: Tue, 23 Jan 2024 10:41:41 +0800
Subject: [PATCH] Fix CVE-2023-49100

---
 CVE-2023-49100.patch      | 37 +++++++++++++++++++++++++++++++++++++
 arm-trusted-firmware.spec | 19 +++++++++++++++----
 2 files changed, 52 insertions(+), 4 deletions(-)
 create mode 100644 CVE-2023-49100.patch

diff --git a/CVE-2023-49100.patch b/CVE-2023-49100.patch
new file mode 100644
index 0000000..0afed3b
--- /dev/null
+++ b/CVE-2023-49100.patch
@@ -0,0 +1,37 @@
+From a7eff3477dcf3624c74f5217419b1a27b7ebd2aa Mon Sep 17 00:00:00 2001
+From: Manish Pandey <manish.pandey2@arm.com>
+Date: Thu, 26 Oct 2023 11:14:21 +0100
+Subject: fix(sdei): ensure that interrupt ID is valid
+
+As per SDEI spec (section 5.1.14.1), SDEI_INTERRUPT_BIND interface
+expects a valid PPI or SPI. SGI's are not allowed to be bounded.
+Current check in the code only checks for an SGI and returns invalid
+ID. This check is insufficient as it will not catch architecturally
+invalid interrupt IDs.
+
+Modify the check to ensure that interrupt is either PPI or SPI.
+
+Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
+Change-Id: I52eb0a6d7f88a12f6816cff9b68fb3a7ca12cbb7
+---
+ services/std_svc/sdei/sdei_main.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/services/std_svc/sdei/sdei_main.c b/services/std_svc/sdei/sdei_main.c
+index 44178eddd3..0fd3c1d32c 100644
+--- a/services/std_svc/sdei/sdei_main.c
++++ b/services/std_svc/sdei/sdei_main.c
+@@ -710,8 +710,8 @@ static int sdei_interrupt_bind(unsigned int intr_num)
+ 	sdei_ev_map_t *map;
+ 	bool retry = true, shared_mapping;
+ 
+-	/* SGIs are not allowed to be bound */
+-	if (plat_ic_is_sgi(intr_num) != 0)
++	/* Interrupt must be either PPI or SPI */
++	if (!(plat_ic_is_ppi(intr_num) || plat_ic_is_spi(intr_num)))
+ 		return SDEI_EINVAL;
+ 
+ 	shared_mapping = (plat_ic_is_spi(intr_num) != 0);
+-- 
+cgit v1.2.3
+
diff --git a/arm-trusted-firmware.spec b/arm-trusted-firmware.spec
index 731859b..77bc94b 100644
--- a/arm-trusted-firmware.spec
+++ b/arm-trusted-firmware.spec
@@ -2,7 +2,7 @@
 
 Name:          arm-trusted-firmware
 Version:       2.3
-Release:       2
+Release:       4
 Summary:       ARM Trusted Firmware
 License:       BSD
 URL:           https://github.com/ARM-software/arm-trusted-firmware/wiki
@@ -15,6 +15,8 @@ Patch0001:     CVE-2022-47630-2.patch
 Patch0002:     CVE-2022-47630-3.patch
 # https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=abb8f936fd0ad085
 Patch0003:     CVE-2022-47630-4.patch
+# https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=a7eff3477dcf3624
+Patch0004:     CVE-2023-49100.patch
 ExclusiveArch: aarch64
 BuildRequires: dtc
 
@@ -35,7 +37,7 @@ sed -i 's/arm-none-eabi-/arm-linux-gnu-/' plat/rockchip/rk3399/drivers/m0/Makefi
 %build
 for soc in hikey hikey960 imx8qm imx8qx juno rk3368 rk3328 rpi3 sun50i_a64 sun50i_h6 zynqmp
 do
-make HOSTCC="gcc $RPM_OPT_FLAGS" CROSS_COMPILE="" PLAT=$(echo $soc) bl31
+make HOSTCC="gcc $RPM_OPT_FLAGS -fPIE -Wl,-z,relro,-z,now" CROSS_COMPILE="" PLAT=$(echo $soc) bl31
 done
 
 
@@ -60,16 +62,25 @@ do
 done
 done
 
+strip %{buildroot}/%{_datadir}/%{name}/rk3328/bl31.elf
+strip %{buildroot}/%{_datadir}/%{name}/rk3368/bl31.elf
+
 %files -n arm-trusted-firmware-armv8
 %license license.rst
 %doc readme.rst
 %{_datadir}/%{name}
 
 %changelog
-* Mon Dec 04 2023 yaoxin <yao_xin001@hoperun.com> - 2.3-2
+* Tue Jan 23 2024 yaoxin <yao_xin001@hoperun.com> - 2.3-4
+- Fix CVE-2023-49100
+
+* Fri Dec 01 2023 yaoxin <yao_xin001@hoperun.com> - 2.3-3
 - Fix CVE-2022-47630
 
-* Tue Jan 05 2021 huanghaitao <huanghaitao8@huawei.com> - 2.3-1
+* Wed Dec 07 2022 yaoxin <yaoxin30@h-partners.com> -2.3-2
+- Add RELRO,PIE,BIND_NOW flags and fix not striped problem
+
+* Tue Jan 5 2021 huanghaitao <huanghaitao8@huawei.com> - 2.3-1
 - Update to 2.3 release
 
 * Wed Sep 16 2020 wangyue <wangyue92@huawei.com> - 1.6-2
-- 
Gitee