From patchwork Fri Jun 14 03:08:05 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Viresh Kumar X-Patchwork-Id: 166760 Delivered-To: patch@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp1505862ilk; Thu, 13 Jun 2019 20:12:54 -0700 (PDT) X-Google-Smtp-Source: APXvYqwt0KrTSRK+e+Iwhpvj+vvhpMBsqZ25srUVsf6n2+nqQomup/Z16QzUbHxyL3B+/c+1W4nk X-Received: by 2002:a17:902:25ab:: with SMTP id y40mr34848779pla.268.1560481973936; Thu, 13 Jun 2019 20:12:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560481973; cv=none; d=google.com; s=arc-20160816; b=HK8rHvsKsv0x9XyHsqgYEE9WVe00WmzptDNEQ4nGI5Th/R/CfXFTE6yn8hshY40hLE ZVWrImkcGHj+R+M48S4mIpmnB/ICR3Fb11MaCivvnYPAjBJPpdMaT6UWR0kR5dUS8OBD TH9LhD4gm+moUsu4ZDOyjaEfnWIqKAg5tkpJwwF0mSo0XHwuC5W+oq2XOjlr5wD1nqpE KabYm/NULLg97071wh0Tw6ZY8cVEy2/Lg+lj2/YcZfd1frAOXsAk9xpG51LZcVF6yYQ9 NSOqpPAYZnp9cIwu3TmyuDbuCrrFC1mFF3StX2y0p6i06PLE1wac2l8UYyD3txPSV33S Me8A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=kL4bvpTkIxzXH8Y5LirqPgKQFts/fgCJz2Uk/H1BBsA=; b=idN/60LISC2G52WFaZH4pYoxi0Gh8PFKAGeBLhOgrEX/QT6g2yo3fRzlFmbPKGeT27 EOUeaLFB7TtKmCycdNFDr89517+uVrkqgYalspmgVYMzBs6H3S3UdXMOq8g1Q7KzPUEf SGy4iyUOVBi7AEl8HRmbZ4ei73Vychx+qCOCKQyB8zGFVcXbBkWCUaTT+Wn2ncE3bN+J FsMbC+0o5VFxLVwS46tohdf9OYRDHhaN4heqDxGCXAiAwtHD66x0HKNcXRTrcLqNK9My A2+b3X8EMI+jwcrEmokTzcJ8lpF9i2IDHVSbv2WzgjpU80jPf22DRL27MC16adX2QXjr FyuQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=u+88Jdi7; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e8si1073936plb.420.2019.06.13.20.12.53; Thu, 13 Jun 2019 20:12:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=u+88Jdi7; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726635AbfFNDMx (ORCPT + 14 others); Thu, 13 Jun 2019 23:12:53 -0400 Received: from mail-pl1-f196.google.com ([209.85.214.196]:41544 "EHLO mail-pl1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725819AbfFNDMx (ORCPT ); Thu, 13 Jun 2019 23:12:53 -0400 Received: by mail-pl1-f196.google.com with SMTP id s24so372475plr.8 for ; Thu, 13 Jun 2019 20:12:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=kL4bvpTkIxzXH8Y5LirqPgKQFts/fgCJz2Uk/H1BBsA=; b=u+88Jdi7Q2EeMON1v99eEjm9+dO5INKlFqJHoLqKGVOyh3nEcQXjS35XfEJ5A2VEHA 2I2MGN7Qk32wlEFIVDoAvNMIWA2oa2fapQk441nt2HlgF5Glw/iQBurHguBosW2Lc7kE OinAbfXHPRwyDF0uukWdCxCAtavKB6z0DAEZljHgQyVFJeU9ZPuJKcRFdlQ9xL7pNS6f r7RJoFG4+NLPymu0kCH6ak1l0U9tGg6Jgo0Ftbtpkpt83EZ62NHHyZiQxxn+IBMOjsXz 1fQJd8ESeOJ1gaJV/g9qWIQ8aivYfHWco/LFd+4P2r1Ainssb/eNVPTAZkXVvG1HmXYi QRog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=kL4bvpTkIxzXH8Y5LirqPgKQFts/fgCJz2Uk/H1BBsA=; b=lq2Oj1x6XlwxnSE3g3j/gCB/LpNVOGClw2q+kFBsy/+UMK/XiK6PbEh/17HALEBd1e VoXdAMniyh8pHaLRSwEPMc2KNa7NaXTpZFMpfLLFT57ctL42Yj1GMeMHNKW0O2kPuOmi 6x2Wt+o/59cS01fAU4TCC3PLsZgCL9P+DtFjMY5E+AaubmBeWGg65X+J++2livMDreP6 gAtXBe50RuSMTGdC8AUG0K6xlGpjHJE2yHpje/s0Tosruc21UrO6N7uKIJrCV9iHmu5x 7VMmE88JmU8MtP6yHAkGyEUxjkqyYOpKbtEDku/m3jJ925WoagcqlkVPf/tlyW5sgTPb DJxQ== X-Gm-Message-State: APjAAAUd9YD16WT+qOeY1pAiMPPLiQVtBOy0UJCG0o55sddtD6H8t+VC MaJmUwHeb78Z4tlq6VjtqisFEg== X-Received: by 2002:a17:902:8a94:: with SMTP id p20mr71883806plo.312.1560481972488; Thu, 13 Jun 2019 20:12:52 -0700 (PDT) Received: from localhost ([122.172.66.84]) by smtp.gmail.com with ESMTPSA id b6sm1044511pjo.25.2019.06.13.20.12.51 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 13 Jun 2019 20:12:52 -0700 (PDT) From: Viresh Kumar To: linux-arm-kernel@lists.infradead.org, Julien Thierry Cc: Viresh Kumar , stable@vger.kernel.org, Catalin Marinas , Marc Zyngier , Mark Rutland , Will Deacon , Russell King , Vincent Guittot , mark.brown@arm.com Subject: [PATCH v4.4 22/45] arm64: entry: Apply BP hardening for suspicious interrupts from EL0 Date: Fri, 14 Jun 2019 08:38:05 +0530 Message-Id: X-Mailer: git-send-email 2.21.0.rc0.269.g1a574e7a288b In-Reply-To: References: MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon commit 30d88c0e3ace625a92eead9ca0ad94093a8f59fe upstream. It is possible to take an IRQ from EL0 following a branch to a kernel address in such a way that the IRQ is prioritised over the instruction abort. Whilst an attacker would need to get the stars to align here, it might be sufficient with enough calibration so perform BP hardening in the rare case that we see a kernel address in the ELR when handling an IRQ from EL0. Reported-by: Dan Hettena Reviewed-by: Marc Zyngier Signed-off-by: Will Deacon Signed-off-by: Catalin Marinas Signed-off-by: Viresh Kumar --- arch/arm64/kernel/entry.S | 5 +++++ arch/arm64/mm/fault.c | 6 ++++++ 2 files changed, 11 insertions(+) -- 2.21.0.rc0.269.g1a574e7a288b diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index 42a141f01f3b..1548be9732ce 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -582,6 +582,11 @@ ENDPROC(el0_sync) #endif ct_user_exit +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + tbz x22, #55, 1f + bl do_el0_irq_bp_hardening +1: +#endif irq_handler #ifdef CONFIG_TRACE_IRQFLAGS diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c index 082f385b6592..9ff48d083c4c 100644 --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -535,6 +535,12 @@ asmlinkage void __exception do_mem_abort(unsigned long addr, unsigned int esr, arm64_notify_die("", regs, &info, esr); } +asmlinkage void __exception do_el0_irq_bp_hardening(void) +{ + /* PC has already been checked in entry.S */ + arm64_apply_bp_hardening(); +} + asmlinkage void __exception do_el0_ia_bp_hardening(unsigned long addr, unsigned int esr, struct pt_regs *regs)