From patchwork Wed Oct 31 13:57:07 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 149812 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp6826709ljp; Wed, 31 Oct 2018 06:57:40 -0700 (PDT) X-Received: by 2002:a1f:34c8:: with SMTP id b191mr1281382vka.52.1540994260077; Wed, 31 Oct 2018 06:57:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540994260; cv=none; d=google.com; s=arc-20160816; b=HxH7RPyunqzlCEuW15Q9X1Xsqb5bT6uowEZijBumNMOmdK4DQAzaMH/mqGpgknCfsE TRlov5p/ki/lfqM6bBbLALkNqs+vB4DJYmUo68bBmd2/s26GYDwt/oPtnK1UzN4nbIsi Ll2mjVF8F/X1jf83F67Gz69Z4ndbIsCok4w8aHTBf7cWrmdvED/QK2xnLhZzIzYwoof4 +uJb5TlvdddJnAbYpQPu2nvObHDobUdcLjn/0tEjEYa2c8c0ehg4BtHSqpktzS3SLdOa C4cm6DCouQ7mISg/rQZbXBnLGlRCcRfQAmwsiLYuNwuy9S33zTKS/xRitxxGCdO+pizX hDxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=f6qevJAuwVI43jXNput2zaCKf5/0mDp50KdvP90bOIg=; b=PJ+SRjsFnu3VOhHuOnMAUgFqRf0QytVweVu4GN9HiD8c1Y2EUOO82TzI/K9IU68Ac8 P/8psTipcfY8YELMrzuuQ8LHScgWPzAw2S+AkBSPA2UZFcJ26y1yKbXqvGUcNuxMvBb9 uXkyFyjzJzIFsD45j7xJe84jftJ8qgPx3NJDnoZYl4IfZN3cthMT/VFAONx9RjVKNohD HQMJ6X8OwiCaIJ5UsCe6OGEV1YN557Le8gt26E+fzKeqLxNtsfQyIneRdDiCdrJG7VJg hJqssay3TMLn/k/6Awnn9PAG7DihCPUgMl6G7LeuAME/iKiIfmg7Og3DPtaTTflV6OCT DBCQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=WB57YZFz; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id z9sor812621vse.68.2018.10.31.06.57.39 for (Google Transport Security); Wed, 31 Oct 2018 06:57:40 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=WB57YZFz; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=f6qevJAuwVI43jXNput2zaCKf5/0mDp50KdvP90bOIg=; b=WB57YZFznAUlEWQsQYhGdyTnM3ylMvYGQKYyVtLUV7te5ltfmZPcTrum7M7e7UvOFf xYnb12+UIq9ig0IolLQ+bHfBzNYtGi/xF8RPyZxZqJQ3QIXOppjXZxq6sFDBoZE2BoSP ZfV9KvT8QRkkhlvMEE0SS54TgHUKZOw8EqnJw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=f6qevJAuwVI43jXNput2zaCKf5/0mDp50KdvP90bOIg=; b=kLyYUOm9FtGHv7CP3+WMljzgXvIqwLlinx2MsIgojAQwicWA41PIvvPnnwmjed/Ex5 187xcLVTyKHnEWzjo4rphvgYb0/R38Viw1YVvn2eP3GGTBZ5gEYP5V44dh8r1GW/jJoS vjSb9EIFwPzZRKUIjLHSr4fze8GG1oQQDU1aq8E5tyc4ThehJXukp6GdqQGhgGOVgO9M dGRO3JBOEq9hTWXiYo2WhGvCuLnws+VTq7vl53iO6y1J3d26SWiqbUPJJkrIK8MJlHO8 vP1lzl2m6kLbXGHqeuxxfHGMVr+kdsygLpZtZ18rWIRHaU192ZGqhTqc6lmxa2nTzOiE ifdQ== X-Gm-Message-State: AGRZ1gLU7aeIu5MhtDfwm0D2iz9jnh1A7MmlgOhoavPpq8RVHZAWYHnf ACCZoCpx4YjHo2Jzigk9EUpgzfR9 X-Google-Smtp-Source: AJdET5fssOnVshzZ5eOFZEsR0yXCVm3ZaFzNhOuu4CE4no5CqfKRyEsNUPaepikhEtXYgoEF/mRzWA== X-Received: by 2002:a67:1081:: with SMTP id 123mr1294836vsq.214.1540994259472; Wed, 31 Oct 2018 06:57:39 -0700 (PDT) Return-Path: Received: from dave-Dell-System-XPS-L502X.hsd1.nh.comcast.net ([2603:3005:3403:7100:2c71:8680:34e1:a6aa]) by smtp.googlemail.com with ESMTPSA id s85-v6sm2275624vse.29.2018.10.31.06.57.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Oct 2018 06:57:38 -0700 (PDT) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 18/24] ARM: spectre-v1: fix syscall entry Date: Wed, 31 Oct 2018 09:57:07 -0400 Message-Id: <20181031135713.2873-19-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181031135713.2873-1-dave.long@linaro.org> References: <20181031135713.2873-1-dave.long@linaro.org> From: Russell King Commit 10573ae547c85b2c61417ff1a106cffbfceada35 upstream. Prevent speculation at the syscall table decoding by clamping the index used to zero on invalid system call numbers, and using the csdb speculative barrier. Signed-off-by: Russell King Acked-by: Mark Rutland Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Signed-off-by: David A. Long --- arch/arm/kernel/entry-common.S | 18 +++++++----------- arch/arm/kernel/entry-header.S | 25 +++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 11 deletions(-) -- 2.17.1 diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S index 10c3283d6c19..56be67ecf0fa 100644 --- a/arch/arm/kernel/entry-common.S +++ b/arch/arm/kernel/entry-common.S @@ -223,9 +223,7 @@ local_restart: tst r10, #_TIF_SYSCALL_WORK @ are we tracing syscalls? bne __sys_trace - cmp scno, #NR_syscalls @ check upper syscall limit - badr lr, ret_fast_syscall @ return address - ldrcc pc, [tbl, scno, lsl #2] @ call sys_* routine + invoke_syscall tbl, scno, r10, ret_fast_syscall add r1, sp, #S_OFF 2: cmp scno, #(__ARM_NR_BASE - __NR_SYSCALL_BASE) @@ -258,14 +256,8 @@ __sys_trace: mov r1, scno add r0, sp, #S_OFF bl syscall_trace_enter - - badr lr, __sys_trace_return @ return address - mov scno, r0 @ syscall number (possibly new) - add r1, sp, #S_R0 + S_OFF @ pointer to regs - cmp scno, #NR_syscalls @ check upper syscall limit - ldmccia r1, {r0 - r6} @ have to reload r0 - r6 - stmccia sp, {r4, r5} @ and update the stack args - ldrcc pc, [tbl, scno, lsl #2] @ call sys_* routine + mov scno, r0 + invoke_syscall tbl, scno, r10, __sys_trace_return, reload=1 cmp scno, #-1 @ skip the syscall? bne 2b add sp, sp, #S_OFF @ restore stack @@ -317,6 +309,10 @@ sys_syscall: bic scno, r0, #__NR_OABI_SYSCALL_BASE cmp scno, #__NR_syscall - __NR_SYSCALL_BASE cmpne scno, #NR_syscalls @ check range +#ifdef CONFIG_CPU_SPECTRE + movhs scno, #0 + csdb +#endif stmloia sp, {r5, r6} @ shuffle args movlo r0, r1 movlo r1, r2 diff --git a/arch/arm/kernel/entry-header.S b/arch/arm/kernel/entry-header.S index e056c9a9aa9d..fa7c6e5c17e7 100644 --- a/arch/arm/kernel/entry-header.S +++ b/arch/arm/kernel/entry-header.S @@ -377,6 +377,31 @@ #endif .endm + .macro invoke_syscall, table, nr, tmp, ret, reload=0 +#ifdef CONFIG_CPU_SPECTRE + mov \tmp, \nr + cmp \tmp, #NR_syscalls @ check upper syscall limit + movcs \tmp, #0 + csdb + badr lr, \ret @ return address + .if \reload + add r1, sp, #S_R0 + S_OFF @ pointer to regs + ldmccia r1, {r0 - r6} @ reload r0-r6 + stmccia sp, {r4, r5} @ update stack arguments + .endif + ldrcc pc, [\table, \tmp, lsl #2] @ call sys_* routine +#else + cmp \nr, #NR_syscalls @ check upper syscall limit + badr lr, \ret @ return address + .if \reload + add r1, sp, #S_R0 + S_OFF @ pointer to regs + ldmccia r1, {r0 - r6} @ reload r0-r6 + stmccia sp, {r4, r5} @ update stack arguments + .endif + ldrcc pc, [\table, \nr, lsl #2] @ call sys_* routine +#endif + .endm + /* * These are the registers used in the syscall handler, and allow us to * have in theory up to 7 arguments to a function - r0 to r6.