From patchwork Wed Oct 31 14:04:30 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 149831 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp6836321ljp; Wed, 31 Oct 2018 07:04:58 -0700 (PDT) X-Received: by 2002:a67:38d8:: with SMTP id n85mr1341799vsi.30.1540994698370; Wed, 31 Oct 2018 07:04:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540994698; cv=none; d=google.com; s=arc-20160816; b=jyxGDscmbdO/x7Okz70rBZCq7Z9+deQ4vH2jHol6DW434UvAnifjf51Jh1fE4YC2HA G500TJZYKOjjvTeRTNxb9A10XLTZa/zDDV8F5FPLP11EQAgCb+3bWDq0Sdv2mR0SX5Zt CdANSI1IxeRVVJ0yflCpRoxCAIwpM1oTHoUKycU7LgMJVulnPlfxj1VXXFQR/ZJoNn31 kjIql0kQyX8djlQ53rvHHEtizKr5xT2+aRPdF/VDRTfP0SHq+Q0F3fE9yJ0Jnt5t3l/U h/DMtKt5zFP5eP/R7iwUmreCpBTUqVv+gKVHwcKHFHcp2at7dUQPiRzPJo7efzX4lXBU Fy2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=867jEO/qR6LH2/a6FnPf5KwETFlGxEbyzbFnAsxeVQY=; b=G8Bx64ALGL1fr4HF8g6TAINVPHeM0H9jyocKH+2+Hi8caHpEwyyp+mLGXSZZK3T57o nn12Yo5YvwkEr2MtdMyTqs907xpm3ejji8/2VIrH4tss+8cqk0IQ7pBozzmONz8sEvHE dijyaI/TjZbwFb/wGF3TgRn/JCeaCmH0LHEeyRmFduIo/4MJr0r6K4mRm3E41wv02x70 WW8ibWDfIUVxXB4xancOZvGPSq35aLSTkwDP2Y5WKpDBzFm8OtYgOQHs4DxqKwSghNVt UyJEpSTXwJ57ygd5qJTyLV9yFdQQLAJwvdqAcZx2qmzh71cuflg8i3xOQyg5daOr+Fvz ChBw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=adCmGBkC; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id l14sor14499028vso.79.2018.10.31.07.04.58 for (Google Transport Security); Wed, 31 Oct 2018 07:04:58 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=adCmGBkC; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=867jEO/qR6LH2/a6FnPf5KwETFlGxEbyzbFnAsxeVQY=; b=adCmGBkCUzGh0WnRjJNUzc02Y8fMpWf3j/+MHXR0zOA3RJObp4CgabZXBzbe6uqo/H 4DYTmW2I++xtOqwrrdVtumuwH2oroaAxV8Mo97w8Whrtx8VcHLa+gGU6TI1vf0SBw9Lw MChsRVR+1oeRFbWhEZU+H0kShm1K443TddEQw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=867jEO/qR6LH2/a6FnPf5KwETFlGxEbyzbFnAsxeVQY=; b=KvJuFVRcDrCWh4CM2G3PuuiqUoNfuMY08w+HhrqvlrwFeyXtPJYU4Zg849fhFKOn+p OVUBR5Zobp5/oRg9iagYzJFz6NdGxw2MUGpQuUw9jzkM0HCnrK2ElOfeW3NWuX5BFyoI 2FjttUdsRhwI7Xb380p9rdiobl6J4A0burQL+YHFL7dlOkGJ5yGkQ6IT8gfZFEG+qbS0 N4K7d8Sh6h4UQkXdCmrpLLyM5s3ycW+ZslPwuELq2LkdDqvtTnNCMj+14GWIAJsG1qog i5gA0oTAW1ddzLju65tlcKTyNbmKcDbPCfoanJOonLfL83C+BlSdt8/Nr9R6PLweU9xd uFZw== X-Gm-Message-State: AGRZ1gLJg/m10qa+FgdfZyHk/UxpqTI/cURu1IsrHoHoo2kRq1Z2UQYC gt7pMAx6AMGH7SoFfZ1mjaNzdKmT X-Google-Smtp-Source: AJdET5flonwCERw1ldH0o8gogVeGNkbajl/XnuRoXLfhJfQ3QzZoMTPeba5AyXWy60wNjZeHC/MEog== X-Received: by 2002:a67:32c6:: with SMTP id y189mr1321041vsy.105.1540994697514; Wed, 31 Oct 2018 07:04:57 -0700 (PDT) Return-Path: Received: from dave-Dell-System-XPS-L502X.hsd1.nh.comcast.net ([2603:3005:3403:7100:2c71:8680:34e1:a6aa]) by smtp.googlemail.com with ESMTPSA id 6sm6795632vsy.25.2018.10.31.07.04.55 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Oct 2018 07:04:56 -0700 (PDT) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.4 12/18] ARM: spectre-v1: fix syscall entry Date: Wed, 31 Oct 2018 10:04:30 -0400 Message-Id: <20181031140436.2964-13-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181031140436.2964-1-dave.long@linaro.org> References: <20181031140436.2964-1-dave.long@linaro.org> From: Russell King Commit 10573ae547c85b2c61417ff1a106cffbfceada35 upstream. Prevent speculation at the syscall table decoding by clamping the index used to zero on invalid system call numbers, and using the csdb speculative barrier. Signed-off-by: Russell King Acked-by: Mark Rutland Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Signed-off-by: David A. Long --- arch/arm/kernel/entry-common.S | 18 +++++++----------- arch/arm/kernel/entry-header.S | 25 +++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 11 deletions(-) -- 2.17.1 diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S index 30a7228eaceb..e969b18d9ff9 100644 --- a/arch/arm/kernel/entry-common.S +++ b/arch/arm/kernel/entry-common.S @@ -223,9 +223,7 @@ local_restart: tst r10, #_TIF_SYSCALL_WORK @ are we tracing syscalls? bne __sys_trace - cmp scno, #NR_syscalls @ check upper syscall limit - badr lr, ret_fast_syscall @ return address - ldrcc pc, [tbl, scno, lsl #2] @ call sys_* routine + invoke_syscall tbl, scno, r10, ret_fast_syscall add r1, sp, #S_OFF 2: cmp scno, #(__ARM_NR_BASE - __NR_SYSCALL_BASE) @@ -258,14 +256,8 @@ __sys_trace: mov r1, scno add r0, sp, #S_OFF bl syscall_trace_enter - - badr lr, __sys_trace_return @ return address - mov scno, r0 @ syscall number (possibly new) - add r1, sp, #S_R0 + S_OFF @ pointer to regs - cmp scno, #NR_syscalls @ check upper syscall limit - ldmccia r1, {r0 - r6} @ have to reload r0 - r6 - stmccia sp, {r4, r5} @ and update the stack args - ldrcc pc, [tbl, scno, lsl #2] @ call sys_* routine + mov scno, r0 + invoke_syscall tbl, scno, r10, __sys_trace_return, reload=1 cmp scno, #-1 @ skip the syscall? bne 2b add sp, sp, #S_OFF @ restore stack @@ -317,6 +309,10 @@ sys_syscall: bic scno, r0, #__NR_OABI_SYSCALL_BASE cmp scno, #__NR_syscall - __NR_SYSCALL_BASE cmpne scno, #NR_syscalls @ check range +#ifdef CONFIG_CPU_SPECTRE + movhs scno, #0 + csdb +#endif stmloia sp, {r5, r6} @ shuffle args movlo r0, r1 movlo r1, r2 diff --git a/arch/arm/kernel/entry-header.S b/arch/arm/kernel/entry-header.S index 6d243e830516..86dfee487e24 100644 --- a/arch/arm/kernel/entry-header.S +++ b/arch/arm/kernel/entry-header.S @@ -373,6 +373,31 @@ #endif .endm + .macro invoke_syscall, table, nr, tmp, ret, reload=0 +#ifdef CONFIG_CPU_SPECTRE + mov \tmp, \nr + cmp \tmp, #NR_syscalls @ check upper syscall limit + movcs \tmp, #0 + csdb + badr lr, \ret @ return address + .if \reload + add r1, sp, #S_R0 + S_OFF @ pointer to regs + ldmccia r1, {r0 - r6} @ reload r0-r6 + stmccia sp, {r4, r5} @ update stack arguments + .endif + ldrcc pc, [\table, \tmp, lsl #2] @ call sys_* routine +#else + cmp \nr, #NR_syscalls @ check upper syscall limit + badr lr, \ret @ return address + .if \reload + add r1, sp, #S_R0 + S_OFF @ pointer to regs + ldmccia r1, {r0 - r6} @ reload r0-r6 + stmccia sp, {r4, r5} @ update stack arguments + .endif + ldrcc pc, [\table, \nr, lsl #2] @ call sys_* routine +#endif + .endm + /* * These are the registers used in the syscall handler, and allow us to * have in theory up to 7 arguments to a function - r0 to r6.