From patchwork Wed Nov 7 16:43:56 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 150433 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp5387498ljp; Wed, 7 Nov 2018 08:44:27 -0800 (PST) X-Received: by 2002:ad4:5282:: with SMTP id v2mr954128qvr.195.1541609067048; Wed, 07 Nov 2018 08:44:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541609067; cv=none; d=google.com; s=arc-20160816; b=WRm4IfnBPW3efk6O1dP5ZrQBX2fuY3sHT7Zg0p8N25VTNyE5b5dT/m+DQcLFbdK1vU 1G0NCEOSasxuOKbIofmjEm1nlhMPwo+aIN5mt8sFDOz5TcmY/DDIO73LB4QZvdelyZ0R vmdnMQUd++iasd/pyknFp0yiyUAMl+/UMLLaGpaOafuymnrrvGwhaKTBN2Zd+W+4YiMM HR+jFXH7gCQQqXm6+FCf577E1dE/MmhchuCfRhWkncdU1G3pQPpJvRE4RZ01yskyrmtK KW2hnf6gQq9MlOXrffFiW2apacOh7nMFcUm8XyACmeO4ILAR4YwlXUYtJcoNMr6fpobt QB5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=f6qevJAuwVI43jXNput2zaCKf5/0mDp50KdvP90bOIg=; b=QWUeSozYdvupu45uotu1yycydU3QHEWcQUD454SBtjWkeGBuct24GGjJITx8wr2T7a D0FL7N9HVx2x1/VrEm2T6k/0bfyldIzn1wGKpPxBXIcAAGJ+Xq6eC/SdJXZhorkAjeAb bjmtw4/ErzFo8tP5Ovbe3CKY+g0Yf/IK6XZJoTQJ75xMaa9QyOFt9HBVrAcqBohW0uTJ 0PLB9p5fp0yj8qN3oAH6GPO107uX96T/AB0SwUUV/CklvqMaPMydH5i9FdEKon7eHP2J JrRrPb1/+b+6dd6Px6PbloMVX+edaJ780/vlPV+L+FAgtq29sMjmwPfm6U6VxZKOtRoO zpAw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="SE8oCy/B"; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id w127sor644836qkb.70.2018.11.07.08.44.26 for (Google Transport Security); Wed, 07 Nov 2018 08:44:27 -0800 (PST) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="SE8oCy/B"; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=f6qevJAuwVI43jXNput2zaCKf5/0mDp50KdvP90bOIg=; b=SE8oCy/B8pHjl+gQYXGLeqOSmtHR591dtPGpcd38y3QjKHnB3f+HzFG+upUS8jcI7w vjKTJje4goM8mbSCg+qumWUgvyZTTc7+T4S5ixtlB4CaikJH0Cg8PJ2sCOPZM1YS4cD+ S18fGAXmDptBevUlxHjyA/6DSQpvPU/jMXWlk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=f6qevJAuwVI43jXNput2zaCKf5/0mDp50KdvP90bOIg=; b=SQkdMUhPLti39m7iUBWExOYPWWxgrEddSF9ItXrPXrX+2t2D/sZbmqTMG1xznNXs1b 2WgJpuTKkh8903r8WsmqepCMUohCQwYidx/V/N6etPuJJvfyabrQpoGOLueTuRKW8iDc 31rnVcUZWzG8Xo4fweffNYqpJs5d+1KrGkrcPdSoziMGVrQYIg8MtVXHVp5zg+bFuBiO GgFqqg1JQpG3H0xpxOBTIQkZCIWKpk2oADgPoE6CLs+CJdskFUVlmJAEm4iaNE0nSLbc myKlvOvV86omZuDbqKap9MBGSqz/MjYS0akd8VZ2Q86SRAJAxcQj7zXSAdNjKa5FgY6e m2IQ== X-Gm-Message-State: AGRZ1gKSEmuUIxyVzUuiIOJMoqeEUq5QQimp88D4fgtgGlj0v1Ez/TR9 hspAprT9/0zFA2A3EeB+kEtVpxL9 X-Google-Smtp-Source: AJdET5e6AwNrzygPB5ZXwpIpxhDFq1qMptMifWm2SHqavBMKgl668jM09KnDftKc89U9uYa3duJmdw== X-Received: by 2002:a37:b805:: with SMTP id i5mr903333qkf.141.1541609066432; Wed, 07 Nov 2018 08:44:26 -0800 (PST) Return-Path: Received: from localhost.localdomain (pool-72-71-243-63.cncdnh.fast00.myfairpoint.net. [72.71.243.63]) by smtp.googlemail.com with ESMTPSA id 96-v6sm681817qtc.56.2018.11.07.08.44.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 08:44:25 -0800 (PST) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 V2 18/24] ARM: spectre-v1: fix syscall entry Date: Wed, 7 Nov 2018 11:43:56 -0500 Message-Id: <20181107164402.9380-19-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181107164402.9380-1-dave.long@linaro.org> References: <20181107164402.9380-1-dave.long@linaro.org> From: Russell King Commit 10573ae547c85b2c61417ff1a106cffbfceada35 upstream. Prevent speculation at the syscall table decoding by clamping the index used to zero on invalid system call numbers, and using the csdb speculative barrier. Signed-off-by: Russell King Acked-by: Mark Rutland Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Signed-off-by: David A. Long --- arch/arm/kernel/entry-common.S | 18 +++++++----------- arch/arm/kernel/entry-header.S | 25 +++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 11 deletions(-) -- 2.17.1 diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S index 10c3283d6c19..56be67ecf0fa 100644 --- a/arch/arm/kernel/entry-common.S +++ b/arch/arm/kernel/entry-common.S @@ -223,9 +223,7 @@ local_restart: tst r10, #_TIF_SYSCALL_WORK @ are we tracing syscalls? bne __sys_trace - cmp scno, #NR_syscalls @ check upper syscall limit - badr lr, ret_fast_syscall @ return address - ldrcc pc, [tbl, scno, lsl #2] @ call sys_* routine + invoke_syscall tbl, scno, r10, ret_fast_syscall add r1, sp, #S_OFF 2: cmp scno, #(__ARM_NR_BASE - __NR_SYSCALL_BASE) @@ -258,14 +256,8 @@ __sys_trace: mov r1, scno add r0, sp, #S_OFF bl syscall_trace_enter - - badr lr, __sys_trace_return @ return address - mov scno, r0 @ syscall number (possibly new) - add r1, sp, #S_R0 + S_OFF @ pointer to regs - cmp scno, #NR_syscalls @ check upper syscall limit - ldmccia r1, {r0 - r6} @ have to reload r0 - r6 - stmccia sp, {r4, r5} @ and update the stack args - ldrcc pc, [tbl, scno, lsl #2] @ call sys_* routine + mov scno, r0 + invoke_syscall tbl, scno, r10, __sys_trace_return, reload=1 cmp scno, #-1 @ skip the syscall? bne 2b add sp, sp, #S_OFF @ restore stack @@ -317,6 +309,10 @@ sys_syscall: bic scno, r0, #__NR_OABI_SYSCALL_BASE cmp scno, #__NR_syscall - __NR_SYSCALL_BASE cmpne scno, #NR_syscalls @ check range +#ifdef CONFIG_CPU_SPECTRE + movhs scno, #0 + csdb +#endif stmloia sp, {r5, r6} @ shuffle args movlo r0, r1 movlo r1, r2 diff --git a/arch/arm/kernel/entry-header.S b/arch/arm/kernel/entry-header.S index e056c9a9aa9d..fa7c6e5c17e7 100644 --- a/arch/arm/kernel/entry-header.S +++ b/arch/arm/kernel/entry-header.S @@ -377,6 +377,31 @@ #endif .endm + .macro invoke_syscall, table, nr, tmp, ret, reload=0 +#ifdef CONFIG_CPU_SPECTRE + mov \tmp, \nr + cmp \tmp, #NR_syscalls @ check upper syscall limit + movcs \tmp, #0 + csdb + badr lr, \ret @ return address + .if \reload + add r1, sp, #S_R0 + S_OFF @ pointer to regs + ldmccia r1, {r0 - r6} @ reload r0-r6 + stmccia sp, {r4, r5} @ update stack arguments + .endif + ldrcc pc, [\table, \tmp, lsl #2] @ call sys_* routine +#else + cmp \nr, #NR_syscalls @ check upper syscall limit + badr lr, \ret @ return address + .if \reload + add r1, sp, #S_R0 + S_OFF @ pointer to regs + ldmccia r1, {r0 - r6} @ reload r0-r6 + stmccia sp, {r4, r5} @ update stack arguments + .endif + ldrcc pc, [\table, \nr, lsl #2] @ call sys_* routine +#endif + .endm + /* * These are the registers used in the syscall handler, and allow us to * have in theory up to 7 arguments to a function - r0 to r6.