From patchwork Mon Oct 15 15:32:12 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 148868 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp3934041lji; Mon, 15 Oct 2018 08:32:40 -0700 (PDT) X-Received: by 2002:a37:93c3:: with SMTP id v186-v6mr16506621qkd.186.1539617560725; Mon, 15 Oct 2018 08:32:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539617560; cv=none; d=google.com; s=arc-20160816; b=q164zVBP0v+qJItjokHUm40R6ULPJr0AVIJr3SFW9N4QEr+DS50Z4ZohX0yT6lE41E GTs0DBm/EGKS1RfXIz6iHUSOxRhUG+NQc41gHUvDwPhr4MNWs0FgOBbQnh0T9oFL9xfL Ej840yCzt7xhuEAaVs119frqtgc2bupvIXFviuKrqvTrrZzgmGAyoUIK+GlJ+LKGMKj2 RnjHvKxOyzJGbN0xDg4uJ7Gg+8gurQYjVNUR/+U/bj2Ki8HyGB6TEQLXsAXT9q9jOmzv Y7q6Blx9dpyI1ytUHllnLCXfLEOoLALNSFZYa2NgujiFz/gFqAKFtudHz7ZV4Mx8zQuv GhEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=+9xS253ESmQi2N9KJec3RnoUm4hqHmdpmNbEOOb70ZI=; b=zz3X+VePLIuhn7qIBf0e3J6zmSYXPtMLPdpBvcTBEgSouZ85e8H/kknnjQB0if52y9 VgJXBHroXAIUVnKOPtm3OYkNFLYinu4+LiIlH1njVzGPMfhlN2vmDeo9KZHjA2wwkXch aF5K5O5Qsfu4jnBrK+Xr/kD/RCtx7j6nmEd9cup74FIEGfXVPe+BlWQyhbXO4WSxykXF ge3Y6a1bR4vE18odD8ppP+cV9QNxOCxjY9noEOF8bM6qxg8cDcWYAXdIb0ny5h2pHToZ Mpr2YOez6OIBfaYZjoTJxjsEjH5ibwVJQGQOXVUAupUDYvljkG4nzOPjym6k0rdqY1kK C6GQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=MPckbBOt; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id 65-v6sor5736421qkd.113.2018.10.15.08.32.40 for (Google Transport Security); Mon, 15 Oct 2018 08:32:40 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=MPckbBOt; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=+9xS253ESmQi2N9KJec3RnoUm4hqHmdpmNbEOOb70ZI=; b=MPckbBOttyz+Omh3XDcS/nGCX1y93pxrz0uyNQQ6dB3LI/o79Cxu0QONI1YN9wLRYA 5ZiLFXSCo7XQCMs0pLlsY6A4TsWjWqYSlIxYbKv59inJQ6IospLVNmCdPV0ECKRf3vTQ z7vLjpdpWHqPwjcWb//1lYH3Eg8bWfYKvfh6s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=+9xS253ESmQi2N9KJec3RnoUm4hqHmdpmNbEOOb70ZI=; b=rZCPGg4g1IisT5ypwow9ORL1aeJToVfPyae+GJRL38QB2dMuR7VJJlzWeKt1L2J7mW jQ9ATvJrNcIaHJ2QyK9BbvS+qpH5PZsUQ/yrm/CwVeYq38zFwBNgzOkCaWALeoCbml9v 1mklHGEQ5FMfMoNp0vFkxs49WGA8yqKSJ33cv5Xuio2xbXmG2OCBCjTC86UKpwVwu0nk orB1Dz6ZM/+QzcvykIJMKU8tblnS5KBvckYg6Fj7S8cuAOwUBUJhDt+whfB25HXLSeyu kprVYUJelDt4Jk1kh9gu2JWdUByfdyudCu0w0ESGnlJAO5w2GYqR9WqVL2tp3hm99BjL ZMcw== X-Gm-Message-State: ABuFfojxu8gQOh1H6kh6Cw/+zvMjKBWy7pkz3dTxZnqjTNgVP+wfdPDw TKIeVhk1yHUI3v8+c5JhmtiMVW+/ X-Google-Smtp-Source: ACcGV61PlpqC+QXymLrR4DEOkJzFVVfzfvmiRYXF09vRZK4JDtziOYLcptSnCGiaLaGrYHhNJubKjQ== X-Received: by 2002:a37:411:: with SMTP id 17-v6mr16411617qke.68.1539617560317; Mon, 15 Oct 2018 08:32:40 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([72.71.243.63]) by smtp.googlemail.com with ESMTPSA id g82-v6sm10087768qkh.24.2018.10.15.08.32.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Oct 2018 08:32:39 -0700 (PDT) From: David Long To: , Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.14 18/24] ARM: spectre-v1: fix syscall entry Date: Mon, 15 Oct 2018 11:32:12 -0400 Message-Id: <1539617538-22328-19-git-send-email-dave.long@linaro.org> X-Mailer: git-send-email 2.5.0 In-Reply-To: <1539617538-22328-1-git-send-email-dave.long@linaro.org> References: <1539617538-22328-1-git-send-email-dave.long@linaro.org> From: Russell King Commit 10573ae547c85b2c61417ff1a106cffbfceada35 upstream. Prevent speculation at the syscall table decoding by clamping the index used to zero on invalid system call numbers, and using the csdb speculative barrier. Signed-off-by: Russell King Acked-by: Mark Rutland Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Signed-off-by: David A. Long --- arch/arm/kernel/entry-common.S | 18 +++++++----------- arch/arm/kernel/entry-header.S | 25 +++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 11 deletions(-) -- 2.5.0 diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S index 99c9082..54c1050 100644 --- a/arch/arm/kernel/entry-common.S +++ b/arch/arm/kernel/entry-common.S @@ -241,9 +241,7 @@ local_restart: tst r10, #_TIF_SYSCALL_WORK @ are we tracing syscalls? bne __sys_trace - cmp scno, #NR_syscalls @ check upper syscall limit - badr lr, ret_fast_syscall @ return address - ldrcc pc, [tbl, scno, lsl #2] @ call sys_* routine + invoke_syscall tbl, scno, r10, ret_fast_syscall add r1, sp, #S_OFF 2: cmp scno, #(__ARM_NR_BASE - __NR_SYSCALL_BASE) @@ -277,14 +275,8 @@ __sys_trace: mov r1, scno add r0, sp, #S_OFF bl syscall_trace_enter - - badr lr, __sys_trace_return @ return address - mov scno, r0 @ syscall number (possibly new) - add r1, sp, #S_R0 + S_OFF @ pointer to regs - cmp scno, #NR_syscalls @ check upper syscall limit - ldmccia r1, {r0 - r6} @ have to reload r0 - r6 - stmccia sp, {r4, r5} @ and update the stack args - ldrcc pc, [tbl, scno, lsl #2] @ call sys_* routine + mov scno, r0 + invoke_syscall tbl, scno, r10, __sys_trace_return, reload=1 cmp scno, #-1 @ skip the syscall? bne 2b add sp, sp, #S_OFF @ restore stack @@ -362,6 +354,10 @@ sys_syscall: bic scno, r0, #__NR_OABI_SYSCALL_BASE cmp scno, #__NR_syscall - __NR_SYSCALL_BASE cmpne scno, #NR_syscalls @ check range +#ifdef CONFIG_CPU_SPECTRE + movhs scno, #0 + csdb +#endif stmloia sp, {r5, r6} @ shuffle args movlo r0, r1 movlo r1, r2 diff --git a/arch/arm/kernel/entry-header.S b/arch/arm/kernel/entry-header.S index 0f07579..7734248 100644 --- a/arch/arm/kernel/entry-header.S +++ b/arch/arm/kernel/entry-header.S @@ -378,6 +378,31 @@ #endif .endm + .macro invoke_syscall, table, nr, tmp, ret, reload=0 +#ifdef CONFIG_CPU_SPECTRE + mov \tmp, \nr + cmp \tmp, #NR_syscalls @ check upper syscall limit + movcs \tmp, #0 + csdb + badr lr, \ret @ return address + .if \reload + add r1, sp, #S_R0 + S_OFF @ pointer to regs + ldmccia r1, {r0 - r6} @ reload r0-r6 + stmccia sp, {r4, r5} @ update stack arguments + .endif + ldrcc pc, [\table, \tmp, lsl #2] @ call sys_* routine +#else + cmp \nr, #NR_syscalls @ check upper syscall limit + badr lr, \ret @ return address + .if \reload + add r1, sp, #S_R0 + S_OFF @ pointer to regs + ldmccia r1, {r0 - r6} @ reload r0-r6 + stmccia sp, {r4, r5} @ update stack arguments + .endif + ldrcc pc, [\table, \nr, lsl #2] @ call sys_* routine +#endif + .endm + /* * These are the registers used in the syscall handler, and allow us to * have in theory up to 7 arguments to a function - r0 to r6.