From patchwork Mon Feb 26 08:20:01 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alex Shi X-Patchwork-Id: 129580 Delivered-To: patch@linaro.org Received: by 10.46.66.2 with SMTP id p2csp3357513lja; Mon, 26 Feb 2018 00:24:29 -0800 (PST) X-Google-Smtp-Source: AG47ELtp+2HeE2tZ2RAZDejy8YrUAteAU0wqT0PcMruZZwuiPiM5+iAfVK/NGzfQs+KdvLsQ/GEf X-Received: by 2002:a17:902:2ec1:: with SMTP id r59-v6mr6847637plb.416.1519633468951; Mon, 26 Feb 2018 00:24:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519633468; cv=none; d=google.com; s=arc-20160816; b=ZP42TWw2o0EpLCA+DIxCvKASd/9anDjInHxloL7L3viDUSEWyHR48ePQONj278svPL fV3ioEa/kRKSBf43OaKOxaLnX+OPePlGz0T2Qx9Duchl9WjNyR14IsqxDo9xKpB7VqhL k34hny4Nc/+2Otxf0UUpo2ZtvihM5meW8QCdntJaoh3SvMDuYG9eCSwav4DsqsuXR8Fn J5lyeJRCI9yQNe8sdZBBzeU+Th0R7Mi2DNk3y+mBxy4CxZ0dK8Sl3r5O8xm25Bqi6zmN tCNgOux2SJV6U8GnrDS93uhOR6FEYjD0/8/cUF2tLNdYJ1GdTakdMTOPgkhjvwYRF55j hlKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:to:from:dkim-signature:arc-authentication-results; bh=o9wt4qxRgviZ/SM2aAeUByaDVo70FE/AaFiMiokIiaM=; b=EOuDxLZhZV48S+smS3bcllYAFFDkkk0gRt/wDSzhd7A5Il0i3qtT5ooWjSBlYBtM+D zvMhZ5cNRaRYHlUA8Sa4fiX16g0Yp9wjXW+aZE1CMXDYrI2EjRY0UQP9JgCKeRvkaUlL 9ukJOSoUS6l1jYawoTuzYv4PcMu7WeZQeViQBBi0Wh6dxhADm68C3GLtEnggKOzX+7un UMQ1q94zf1K85/uxlW6FDeRjwDh71fkB5tFgIKCTgoqgInBcuis8z5xdczncZ1zSybbI KoLK1RZtMKonXGpFxnORDzalBhpKUw9Ocpgkh/BORbtvYdMbQnSXwpcHNRL7PT3oKG3Z ukRg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=VvoK62Rd; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b11si5249076pgr.612.2018.02.26.00.24.28; Mon, 26 Feb 2018 00:24:28 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=VvoK62Rd; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752588AbeBZIY1 (ORCPT + 10 others); Mon, 26 Feb 2018 03:24:27 -0500 Received: from mail-pf0-f193.google.com ([209.85.192.193]:46870 "EHLO mail-pf0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752403AbeBZIYV (ORCPT ); Mon, 26 Feb 2018 03:24:21 -0500 Received: by mail-pf0-f193.google.com with SMTP id z10so1882356pfh.13 for ; Mon, 26 Feb 2018 00:24:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:subject:date:message-id:in-reply-to:references; bh=o9wt4qxRgviZ/SM2aAeUByaDVo70FE/AaFiMiokIiaM=; b=VvoK62RdimsjFNioD0qO4HEfqCyUJIJ9M2jhDIjHESfeUVHOkEjXfgJMAXJZd5ck9+ qTgilUPggg9D7JIGYSvMKzvcPruQbr3MJXtGojoj4lpAukymCQJ8jXiiXihqyxYx0uwY DeSxtOjkxcnR5y9oPPdVdUuXhWC/y33qFfjWY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=o9wt4qxRgviZ/SM2aAeUByaDVo70FE/AaFiMiokIiaM=; b=b3IUJycbs4SDnTwfZ9hTeCS8nLfkKJ57w0oD2NkcssIs6xj0O7HIuTB39C/N7TjZTA RLm3pyUPALgxfjpR5wm6cLfwkwBbHL4nvWLqScjqzp1UpHyj+pGp4SQEl+wlojN/XrHn 4A0TcwRuUz1ZapJcAdb+Jc+ZC9xqyG3hY7Mgd/zwxdJuBOANs/jEknEWu4nt3TW2MkVM dkiAx6/SInjJePcn9RM6ZLLoDJDBJW0m1zXyLTliSnteEdHq0yJlKJmR35IiZx9F6tm4 McXZiE0TVH6Hvq1r+RO7ibRbRZs2MGaE4OfunN1Zf4wQ8GKqm2SwyyQLJlWPD9Ozq+p3 271A== X-Gm-Message-State: APf1xPCkpz6vwcSmYW3xzH1UANQd3EzboWDuXyLPUR1PkhEZnb6JCBuU 1/HfgSJKsk6lrvTMkv3oRrzxGA== X-Received: by 10.99.122.86 with SMTP id j22mr7824959pgn.351.1519633461042; Mon, 26 Feb 2018 00:24:21 -0800 (PST) Received: from localhost.localdomain (176.122.172.82.16clouds.com. [176.122.172.82]) by smtp.gmail.com with ESMTPSA id o86sm1422706pfi.87.2018.02.26.00.24.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 26 Feb 2018 00:24:20 -0800 (PST) From: Alex Shi To: Marc Zyngier , Will Deacon , Ard Biesheuvel , Catalin Marinas , stable@vger.kernel.org, linux-arm-kernel@lists.infradead.org (moderated list:ARM64 PORT (AARCH64 ARCHITECTURE)), linux-kernel@vger.kernel.org (open list) Subject: [PATCH 27/52] arm64: entry: Apply BP hardening for suspicious interrupts from EL0 Date: Mon, 26 Feb 2018 16:20:01 +0800 Message-Id: <1519633227-29832-28-git-send-email-alex.shi@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1519633227-29832-1-git-send-email-alex.shi@linaro.org> References: <1519633227-29832-1-git-send-email-alex.shi@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon commit 30d88c0e3ace upstream. It is possible to take an IRQ from EL0 following a branch to a kernel address in such a way that the IRQ is prioritised over the instruction abort. Whilst an attacker would need to get the stars to align here, it might be sufficient with enough calibration so perform BP hardening in the rare case that we see a kernel address in the ELR when handling an IRQ from EL0. Reported-by: Dan Hettena Reviewed-by: Marc Zyngier Signed-off-by: Will Deacon Signed-off-by: Catalin Marinas Signed-off-by: Alex Shi --- arch/arm64/kernel/entry.S | 5 +++++ arch/arm64/mm/fault.c | 6 ++++++ 2 files changed, 11 insertions(+) -- 2.7.4 diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index d50c2fe..e26a114 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -646,6 +646,11 @@ el0_irq_naked: #endif ct_user_exit +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + tbz x22, #55, 1f + bl do_el0_irq_bp_hardening +1: +#endif irq_handler #ifdef CONFIG_TRACE_IRQFLAGS diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c index 6120a14..ad49ae8 100644 --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -590,6 +590,12 @@ asmlinkage void __exception do_mem_abort(unsigned long addr, unsigned int esr, arm64_notify_die("", regs, &info, esr); } +asmlinkage void __exception do_el0_irq_bp_hardening(void) +{ + /* PC has already been checked in entry.S */ + arm64_apply_bp_hardening(); +} + asmlinkage void __exception do_el0_ia_bp_hardening(unsigned long addr, unsigned int esr, struct pt_regs *regs)