From patchwork Mon Oct 15 15:31:55 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 148851 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp3933691lji; Mon, 15 Oct 2018 08:32:23 -0700 (PDT) X-Received: by 2002:ac8:3a64:: with SMTP id w91-v6mr16809266qte.144.1539617543094; Mon, 15 Oct 2018 08:32:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539617543; cv=none; d=google.com; s=arc-20160816; b=wK8QIty3fma6EV6T+UpTjOW3ty5FiVSx8TwNW4W1e2F0NqpxZX1S9/ecqIJ42qQ4CD i0Iz6V2GlxL8XFrYk79BmE2x22DhQu/h1V8Kjq8CDWxQsmNs7fwaFpe8IYYOv4tB3VHG bakelY5lEkWI3oPERJpUIgvVhmEXR0ARPmPms0d7wkZszWfO0dGAXMrcxxOmE2VEIL5e z2AeBVRhxRCS2B3DWejn/yARPHuOfB2qD97aLybVCgX+cv/k7FXYbcSEfnvHrO1wjxe8 eGvj54p6Z+Ly43kZjtFMh3WUcsbgOYPWD9MfaqCpCFWLMoTzOBY3zzEzXrRBYnrm1vtN Mr6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=/p1KMezAua6/+V010/BZnMlCywF2yxvwECwWKgzvn6E=; b=c6xrzSv0cq0mI4ZwiBAfLp7pSxBEKdCw/i2PMq7i76vNZSZIrKhT3ezp/nB9HbeBtC 7T9S3MoeRDuoPXJuSNbOfT7dRUVhLe8h+FjqvIaEuLuO/T3geekx3nOULdohZ87u8l1u UD0YVfBOjgnJ1MSzLSXqV5RGs65tyC1O8y4dfKlj6jFw+IckkIuw11R/nCIrl3sSQST4 3b4uQawLGy2cTEjjMV7GDyuqvoPisckl1LBY2KFAoMTLGzuVnlIQmGxmCklzMVbgFI5P 1P5UHGk30W9TMCyHkAoM3g1awfqbByTl3CaGgDg+Kal/3dpXSIu3q6YHxFHomBtIsXz6 QGiw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=gBYXLbHF; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id d37sor12086629qvc.48.2018.10.15.08.32.22 for (Google Transport Security); Mon, 15 Oct 2018 08:32:22 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=gBYXLbHF; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=/p1KMezAua6/+V010/BZnMlCywF2yxvwECwWKgzvn6E=; b=gBYXLbHFv5ZCQzXv8a+5DL2NsVrFuTdkfS0c4EE8fIctHFaObf9UwJxSERFKdJD5Jw gv60pmOzQW9AX5r8REI1KiPcuqaEIajPkm7f+MsxYHu5g7W86XNTb/2HnARugD19qC1n PigE0es4q4IPUxzGG50vFh+A3nH5LbWchKGSY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=/p1KMezAua6/+V010/BZnMlCywF2yxvwECwWKgzvn6E=; b=HCH4fFxcfj/jhIwxh4VHJWWbqYCy5vBJHHkI492OhBSzjgTLqje8TreZ/byaZ7DsFi nSq+Vd68ZxS3YIA38EPh2Xy/y95H5EO56HZwXl+SJRApj+8lZYoxUlBEAUqAtWbDBfBi cKKyngXNFz1iEoFZcu8yWPJB8ZkxHq/PvFhIfEXS/UiH0ZB+Lj2eL9shAG1zhYpwgXNr osaULoVpfDkX3z4ox6RcIQ5IjevPOgErqiG2UeBDTzTQR6HhGtWpfG3Lgv6VpycqFrxE u/1zDifcuHfQYTMVyNXGbkCRXmr5ZYDUsLKN3SJollITTGI7GKo2muhb8uLy4aJ4hOLl YwTA== X-Gm-Message-State: ABuFfogplCTg+niuy+olW8XjicedtCxwVV5x2hkez2EXr5GhZst16O1t QikZqAtEPvUojNlci1tdo2SyKjfE X-Google-Smtp-Source: ACcGV62t6t7oUo+1WeEJHv2d0o1BE8NNPF3paAcd9t8/9tV3Yf4iLY5heQJmpBb0AFO+qjWZ8os3XQ== X-Received: by 2002:a0c:a983:: with SMTP id a3mr1487757qvb.53.1539617542644; Mon, 15 Oct 2018 08:32:22 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([72.71.243.63]) by smtp.googlemail.com with ESMTPSA id g82-v6sm10087768qkh.24.2018.10.15.08.32.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Oct 2018 08:32:21 -0700 (PDT) From: David Long To: , Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.14 01/24] ARM: add more CPU part numbers for Cortex and Brahma B15 CPUs Date: Mon, 15 Oct 2018 11:31:55 -0400 Message-Id: <1539617538-22328-2-git-send-email-dave.long@linaro.org> X-Mailer: git-send-email 2.5.0 In-Reply-To: <1539617538-22328-1-git-send-email-dave.long@linaro.org> References: <1539617538-22328-1-git-send-email-dave.long@linaro.org> From: Russell King Commit f5683e76f35b4ec5891031b6a29036efe0a1ff84 upstream. Add CPU part numbers for Cortex A53, A57, A72, A73, A75 and the Broadcom Brahma B15 CPU. Signed-off-by: Russell King Acked-by: Florian Fainelli Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Acked-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/include/asm/cputype.h | 8 ++++++++ 1 file changed, 8 insertions(+) -- 2.5.0 diff --git a/arch/arm/include/asm/cputype.h b/arch/arm/include/asm/cputype.h index 4419333..3379c2c 100644 --- a/arch/arm/include/asm/cputype.h +++ b/arch/arm/include/asm/cputype.h @@ -77,8 +77,16 @@ #define ARM_CPU_PART_CORTEX_A12 0x4100c0d0 #define ARM_CPU_PART_CORTEX_A17 0x4100c0e0 #define ARM_CPU_PART_CORTEX_A15 0x4100c0f0 +#define ARM_CPU_PART_CORTEX_A53 0x4100d030 +#define ARM_CPU_PART_CORTEX_A57 0x4100d070 +#define ARM_CPU_PART_CORTEX_A72 0x4100d080 +#define ARM_CPU_PART_CORTEX_A73 0x4100d090 +#define ARM_CPU_PART_CORTEX_A75 0x4100d0a0 #define ARM_CPU_PART_MASK 0xff00fff0 +/* Broadcom cores */ +#define ARM_CPU_PART_BRAHMA_B15 0x420000f0 + /* DEC implemented cores */ #define ARM_CPU_PART_SA1100 0x4400a110 From patchwork Mon Oct 15 15:31:56 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 148852 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp3933703lji; Mon, 15 Oct 2018 08:32:24 -0700 (PDT) X-Received: by 2002:a37:3ac8:: with SMTP id h191-v6mr15794859qka.43.1539617544043; Mon, 15 Oct 2018 08:32:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539617544; cv=none; d=google.com; s=arc-20160816; b=p3c1QC4sgfNoxTVMImPs7Iz7YogSWyQRJtJTGsnKyD6eKyygy9F7MIfId+fivhDjkf DTIeWqG/zi23BT06u2lIleCCIsDqJL08iNjpV2Jb1ta9LMEr8WJr+usqH9BmPu8STq5M 9ak0YtUVwof+nfQ7hUVciglWGG1lsI4sCKLLVUjohWTMm4uJ20gsxTEA3q7OpETIXxd2 +OS/IMOs+HUuzdUq4aD8DcpDf56Q3OU/sdtVUBMeMuqhxoubA9naqUIHMbxLb5Yx9o64 GPENHDrLPtGTbxXsjfV/VmZHW+ks7i1AnpPZgXo6VW4Cd6cfONkb6XCcUvGb9ATX7OPt 1cOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=qjoAgXvElD1E6z6x3JoEg1QXJ8FYnxif9vVfX6pXACk=; b=w1hWCTUmQFiPcnokFS000MkXS50okA8SrXK8Xv/iHU2jQc6OSdPL4dl/8rGWGGbW8S zLDtyMu0Y0yhr+qcGpOjRRU0elJRc9eHlnFIXOqTNVptmwfLrD/iaJ/FV39aLK6V8Ai3 UBNb0V+HDTvAQhG1DYFWvPsku2uCD1wWR/9X9rQX4+cv/S2shemMFdWlaeiDpNCqK+ON slhQKBfKtuRQbArAKrAnyxLBDP622dzIPmPwQWXzZGPKi2os4CQwB5oG0F9r7MM2g/+S Qjlfj5MAAnYM+DYGPoFA/RuvUchFZ9v93NwgzEVz2/rrecHWcRbKyARlI+NgAaLzeK/0 YJqA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=AGzKm+sD; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id u190-v6sor6395543qkf.82.2018.10.15.08.32.23 for (Google Transport Security); Mon, 15 Oct 2018 08:32:23 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=AGzKm+sD; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=qjoAgXvElD1E6z6x3JoEg1QXJ8FYnxif9vVfX6pXACk=; b=AGzKm+sD5AkE4NMhiubB+V4hvShbDREuZHDYDyGJWGJsZk6FEiqlJWql0hlqEAaj7X VqybZ9dmHzTViOPFH93aWkQs7f2tmWGK18OsXk/ocUrUxtJkdw56if+lgKbeT1Mj6kZI HN6lyibKP/vCU9ux+9a5it7915vHHoPPofIfs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=qjoAgXvElD1E6z6x3JoEg1QXJ8FYnxif9vVfX6pXACk=; b=MUYLZP/4+2GQD/N0Hug2m9znk8y9a/h0smB496ZGJL6AdeRNZ6qyfg8aNb6EoMdWmw GN0h1VCuQoGwVDFlbX+4IoWJCJdWezFlR0YSZNG2LhSfXfRt3qfqJcFutmXR/gcsvHaq 8oVTKYVfaCoXYLUhm5K5EISbBlTDSLIJ0bP9pscT/UuBWyS97o7HTby1E+9OWCEvZR75 7PnO8piSoy4cj6evt27HB8PVxNFCpw9saSQPjEDKcQNmF6D0mIJNUBroUhPbb7DYDUfy bOZ/IpCvZi+9e+IPSh3sr7KmlBMCnHHc8nrhhBoXIELpmzWLlk1XfpHgzG1VmB92IRQM BrDQ== X-Gm-Message-State: ABuFfojmZ+mEQnezIgRn2CzfWWj81+Xq408VIhMe/kc2EYzYGjiDqX+w BQIdE4wxtrUrwWiIQee6ZvTdfy8G X-Google-Smtp-Source: ACcGV60Q+DSFIeeUoiQvpxZfBXFJvbHg3HiIuYYuRKCPEeWGkTS65VWvDj4+8Z1wDkB/CtW2J5vjLA== X-Received: by 2002:a37:6845:: with SMTP id d66-v6mr17064884qkc.9.1539617543538; Mon, 15 Oct 2018 08:32:23 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([72.71.243.63]) by smtp.googlemail.com with ESMTPSA id g82-v6sm10087768qkh.24.2018.10.15.08.32.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Oct 2018 08:32:23 -0700 (PDT) From: David Long To: , Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.14 02/24] ARM: bugs: prepare processor bug infrastructure Date: Mon, 15 Oct 2018 11:31:56 -0400 Message-Id: <1539617538-22328-3-git-send-email-dave.long@linaro.org> X-Mailer: git-send-email 2.5.0 In-Reply-To: <1539617538-22328-1-git-send-email-dave.long@linaro.org> References: <1539617538-22328-1-git-send-email-dave.long@linaro.org> From: Russell King Commit a5b9177f69329314721aa7022b7e69dab23fa1f0 upstream. Prepare the processor bug infrastructure so that it can be expanded to check for per-processor bugs. Signed-off-by: Russell King Reviewed-by: Florian Fainelli Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Acked-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/include/asm/bugs.h | 4 ++-- arch/arm/kernel/Makefile | 1 + arch/arm/kernel/bugs.c | 9 +++++++++ 3 files changed, 12 insertions(+), 2 deletions(-) create mode 100644 arch/arm/kernel/bugs.c -- 2.5.0 diff --git a/arch/arm/include/asm/bugs.h b/arch/arm/include/asm/bugs.h index a97f1ea..ed122d2 100644 --- a/arch/arm/include/asm/bugs.h +++ b/arch/arm/include/asm/bugs.h @@ -10,10 +10,10 @@ #ifndef __ASM_BUGS_H #define __ASM_BUGS_H -#ifdef CONFIG_MMU extern void check_writebuffer_bugs(void); -#define check_bugs() check_writebuffer_bugs() +#ifdef CONFIG_MMU +extern void check_bugs(void); #else #define check_bugs() do { } while (0) #endif diff --git a/arch/arm/kernel/Makefile b/arch/arm/kernel/Makefile index 499f978..50de918 100644 --- a/arch/arm/kernel/Makefile +++ b/arch/arm/kernel/Makefile @@ -31,6 +31,7 @@ else obj-y += entry-armv.o endif +obj-$(CONFIG_MMU) += bugs.o obj-$(CONFIG_CPU_IDLE) += cpuidle.o obj-$(CONFIG_ISA_DMA_API) += dma.o obj-$(CONFIG_FIQ) += fiq.o fiqasm.o diff --git a/arch/arm/kernel/bugs.c b/arch/arm/kernel/bugs.c new file mode 100644 index 0000000..8802402 --- /dev/null +++ b/arch/arm/kernel/bugs.c @@ -0,0 +1,9 @@ +// SPDX-Identifier: GPL-2.0 +#include +#include +#include + +void __init check_bugs(void) +{ + check_writebuffer_bugs(); +} From patchwork Mon Oct 15 15:31:57 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 148853 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp3933727lji; Mon, 15 Oct 2018 08:32:25 -0700 (PDT) X-Received: by 2002:ac8:76d6:: with SMTP id q22-v6mr17039212qtr.351.1539617544923; Mon, 15 Oct 2018 08:32:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539617544; cv=none; d=google.com; s=arc-20160816; b=EUq/gqnvSKRwULfyhtNmTQcCOahN0HCI4hwScz7/Qv6HyBMTjyZWHAMb3CLKtyQ39g Powd7OUJ1tcEhhDCRRWzEQftswgCwxiJJj76RoWpu7h9Mxo1d+56IJChK68HVmbb0eWo Lg6ln7U8e+kjeOGYxpMj2mrLN4sxlQJwOeNNgIXHSeVmGxD0fc+LhV4dblK9OoY71Ybj dt16S2sRuXbnzN4ilUpDovmhzArtzCN/bk6AXweMQe0tKomxdnDaKezPYDyvJx3h5qMn 6Br2XA6ODRecfUMusgiF8SRW3JQ3K/k3x7vd1XDjfhsNjoblNF9BLaNz+5oOGsmMF6XN SfWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=VXjSAahQybg56aFMST5v/2dlSctjHTG6nZ4CM4xKejw=; b=S7Oe/Qq7qyLs4rgqICzVwb8rhfB5biuXpLiIgxa89ifpI93GzhNhhBr+JeHbMnCN0E t4vJwAKVHCSwVY966tqi49ESqSpIDB1z8qY1rbLp4X03xOQt38OyyVsZ1tuJy0mD/nVW pOwdAMWu/mlujpyRlUaktJryxjD+Ij/4F1A3NXmnMRGRvUdiG0lhFc2pZ+kyhklfy6hm eiu6Wgd6PSNCkvC+BJgH9tGdTOcpuJTeN26wkwRVukYvnAQ785099nI12EjX7zwg2L/t MVFfJSV39H6yuUT2DdTRs3MEkMkt05n5dHaVmFbsNUZBMAzfR493z2Gc5Aba7IlRWmaj qnIg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=HkOpPPsi; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id w7-v6sor12077118qvf.25.2018.10.15.08.32.24 for (Google Transport Security); Mon, 15 Oct 2018 08:32:24 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=HkOpPPsi; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=VXjSAahQybg56aFMST5v/2dlSctjHTG6nZ4CM4xKejw=; b=HkOpPPsi8YNe0fv9BBZwSM9VQa6iKTRoV+yTJs7oG+p2Brer46PcbUd9PqojbhS58A Apxp1fu0AnPkF3QEQ8vHKPgp+0ATUd0SEArXNSf4pC13qqtXKk1DVK2hg136XgB0+AHb HD2Pp2fqIN/JukxNmbAdh9T9Ych2jPti6for8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=VXjSAahQybg56aFMST5v/2dlSctjHTG6nZ4CM4xKejw=; b=LoARVeaw+oPmclLnJ9TMi4El2kxBlXa98A700tq6qQZp5EkSEUD5LJoEAv4FrQ8CZj bbha/vpP79mB002fhOQOHaM7I2AALCqWTwocZU67xHKfJpw2MRewCjOo/WYJgd6mzDje 9VRTMzqVNUP+nOterPiS74fS4zt2Wpoq4K8MxsLqD+wv30PDN3XLFrFm15CUQpTlNllB PusCblT2g7iVMqX7v/rVvTpRa5TUR46t9Y05DilOdYuT/T+sPxJ8uVGa7wWU390nZjqA QnOvGPrIT5G9jknZFjjGXWPwhfMGCEnl2XWCbVc8jX5vaN8Z24tGteojzNPQ8s7MuIDW iWRQ== X-Gm-Message-State: ABuFfoi4muw4SuNRCfZn0wDFTPq6JL951INpVvr06WIdOCMh3nq/qVNv RWbq4Q3NsTyoeJHo/5cb6sP0yE0S X-Google-Smtp-Source: ACcGV636GOz6XdoHfPL3pRQplqhZgqxV4H6i8Pm84zUHEZel0PmVIfo4/5RXYXCb8tkROdUXpR6IHg== X-Received: by 2002:a0c:d78e:: with SMTP id z14-v6mr17066966qvi.92.1539617544525; Mon, 15 Oct 2018 08:32:24 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([72.71.243.63]) by smtp.googlemail.com with ESMTPSA id g82-v6sm10087768qkh.24.2018.10.15.08.32.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Oct 2018 08:32:24 -0700 (PDT) From: David Long To: , Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.14 03/24] ARM: bugs: hook processor bug checking into SMP and suspend paths Date: Mon, 15 Oct 2018 11:31:57 -0400 Message-Id: <1539617538-22328-4-git-send-email-dave.long@linaro.org> X-Mailer: git-send-email 2.5.0 In-Reply-To: <1539617538-22328-1-git-send-email-dave.long@linaro.org> References: <1539617538-22328-1-git-send-email-dave.long@linaro.org> From: Russell King Commit 26602161b5ba795928a5a719fe1d5d9f2ab5c3ef upstream. Check for CPU bugs when secondary processors are being brought online, and also when CPUs are resuming from a low power mode. This gives an opportunity to check that processor specific bug workarounds are correctly enabled for all paths that a CPU re-enters the kernel. Signed-off-by: Russell King Reviewed-by: Florian Fainelli Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Acked-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/include/asm/bugs.h | 2 ++ arch/arm/kernel/bugs.c | 5 +++++ arch/arm/kernel/smp.c | 4 ++++ arch/arm/kernel/suspend.c | 2 ++ 4 files changed, 13 insertions(+) -- 2.5.0 diff --git a/arch/arm/include/asm/bugs.h b/arch/arm/include/asm/bugs.h index ed122d2..73a99c7 100644 --- a/arch/arm/include/asm/bugs.h +++ b/arch/arm/include/asm/bugs.h @@ -14,8 +14,10 @@ extern void check_writebuffer_bugs(void); #ifdef CONFIG_MMU extern void check_bugs(void); +extern void check_other_bugs(void); #else #define check_bugs() do { } while (0) +#define check_other_bugs() do { } while (0) #endif #endif diff --git a/arch/arm/kernel/bugs.c b/arch/arm/kernel/bugs.c index 8802402..16e7ba2 100644 --- a/arch/arm/kernel/bugs.c +++ b/arch/arm/kernel/bugs.c @@ -3,7 +3,12 @@ #include #include +void check_other_bugs(void) +{ +} + void __init check_bugs(void) { check_writebuffer_bugs(); + check_other_bugs(); } diff --git a/arch/arm/kernel/smp.c b/arch/arm/kernel/smp.c index c9a0a52..e61af06 100644 --- a/arch/arm/kernel/smp.c +++ b/arch/arm/kernel/smp.c @@ -31,6 +31,7 @@ #include #include +#include #include #include #include @@ -402,6 +403,9 @@ asmlinkage void secondary_start_kernel(void) * before we continue - which happens after __cpu_up returns. */ set_cpu_online(cpu, true); + + check_other_bugs(); + complete(&cpu_running); local_irq_enable(); diff --git a/arch/arm/kernel/suspend.c b/arch/arm/kernel/suspend.c index a40ebb7..d080992 100644 --- a/arch/arm/kernel/suspend.c +++ b/arch/arm/kernel/suspend.c @@ -3,6 +3,7 @@ #include #include +#include #include #include #include @@ -36,6 +37,7 @@ int cpu_suspend(unsigned long arg, int (*fn)(unsigned long)) cpu_switch_mm(mm->pgd, mm); local_flush_bp_all(); local_flush_tlb_all(); + check_other_bugs(); } return ret; From patchwork Mon Oct 15 15:31:58 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 148854 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp3933748lji; Mon, 15 Oct 2018 08:32:25 -0700 (PDT) X-Received: by 2002:ac8:4297:: with SMTP id o23-v6mr16311471qtl.389.1539617545855; Mon, 15 Oct 2018 08:32:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539617545; cv=none; d=google.com; s=arc-20160816; b=PLVX5Y4EKUoPMwoVs2vObCXnwNR5Dm21wYUI2hyuZ8aj7dRm+e57b3eR+qXH0IdZb1 P6jS53B2Z9sebpaJ1vhMa+5IUJHPoz2RncMp5ZYSCC2YRug5jCgwwBeRh7BukzvLmXaX Wz3/1RL9g7oJB2d2yRiVm7oz10YiSoIGiawYXrJ1/toemqIcE2GffODt74hEjXrt11e7 UdAYqff/5mJIf7LxDYqi+31o5fz5B7HK37lJiWnm2TiyWrGUbYwhim8S67JUL4dDFW3U z7K+Cfn0RcwaQQJs818tPezoX545U9AyG/jQUyFL4hfPhawME5hMXIidOQdkkUWZQDeO L8fg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=0YPZkRY98qJSZM112i0kzySKIaSL6QV++zUV918JKOY=; b=APGLGN9pDNlhC/LcuYb0OxKFQCBSm39c2AXX540itfT1aYZngc6p+v1i7UU++hU2P/ VYOAviKvDG/5WgtbYY8z53wpkqgDq3r3GNg5E4rpkvGakwALrC/uw3TMs1kL7paHa3xn KUfLUpmvOh83XcKsbC0wSMPb/86BCFKuLs80IdL1dDk1aPGHVGLyRaQs9m6DJDvAXYjZ hhwQH1JeVXwxpgue+zEr99oaBlfRuKfv85p/P0spmlZspoMQOyFTOrlxLku3e9EdpMG6 zpb324LAyV1Mp/6ANHk6wroelf1c/Od+RgGWdJR4IvWBemb3mQ1ImA6ztPT0zj7ajdCn 8IoQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=bTpJSm7Q; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id u14-v6sor12117833qvg.23.2018.10.15.08.32.25 for (Google Transport Security); Mon, 15 Oct 2018 08:32:25 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=bTpJSm7Q; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=0YPZkRY98qJSZM112i0kzySKIaSL6QV++zUV918JKOY=; b=bTpJSm7QyCEzl7B6hLPbHlCsymc3X6wN3jqTqK/aUEcbNnVxU8AVkdiHOaHSX+v4O+ +vo87wS1UDHlo7oViFN6jOg//oZQYoCF5Fc4Mxgz/cgNoBmVEtZyvChaXZg3Ve50O3FF mopGZtdGiBSErt06zl7Khgugpapb9pX1WtwmU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=0YPZkRY98qJSZM112i0kzySKIaSL6QV++zUV918JKOY=; b=p8OLoYlw7Tcmjb0U3UAJI7HezxSu6bosunXTgPlG6VBN3xtgT1SLW6PAox7pAUUMsZ wqcPUGQEI0EuYzwGmJJl2ekJaWBNZrp7jibcM7DBVZiJGKoIrKJNeKz3f6/PXLSNYV2j d++Xv8a2L3cYRkMYKyJ9TIxwXHVNSNFdDif+j2+MNzA3lZxkpm8oEhAaeFsFSxvLi6MW Wkzj6mKsc7fjKTsSDhFe+xc17Ipxx3AHxVfsPgrXKLYpInZxBdRGNh7V/5/NxgbCVVhI 5XMMhN13Qc1VgG4dN8xDIP+cYKsvE8f9PPinwmZZjWzgLikNso6VSBljU2M736rzX0pV TMSw== X-Gm-Message-State: ABuFfoh25KTnl0RgrMAIgUwfVJTrYICOr3/igN1atoNykXndV4VtaCx9 o9PQrp5n6Tfm8+TBPktTcwcFCYTf X-Google-Smtp-Source: ACcGV63W2aYm3w2we/ooCSxgqYsAW+OXS9pDypj7g6U5zPkrCrgSAJkoqt/kl8GYgP4UqQg3C8IK2A== X-Received: by 2002:a0c:de02:: with SMTP id t2mr17600861qvk.117.1539617545436; Mon, 15 Oct 2018 08:32:25 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([72.71.243.63]) by smtp.googlemail.com with ESMTPSA id g82-v6sm10087768qkh.24.2018.10.15.08.32.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Oct 2018 08:32:25 -0700 (PDT) From: David Long To: , Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.14 04/24] ARM: bugs: add support for per-processor bug checking Date: Mon, 15 Oct 2018 11:31:58 -0400 Message-Id: <1539617538-22328-5-git-send-email-dave.long@linaro.org> X-Mailer: git-send-email 2.5.0 In-Reply-To: <1539617538-22328-1-git-send-email-dave.long@linaro.org> References: <1539617538-22328-1-git-send-email-dave.long@linaro.org> From: Russell King Commit 9d3a04925deeabb97c8e26d940b501a2873e8af3 upstream. Add support for per-processor bug checking - each processor function descriptor gains a function pointer for this check, which must not be an __init function. If non-NULL, this will be called whenever a CPU enters the kernel via which ever path (boot CPU, secondary CPU startup, CPU resuming, etc.) This allows processor specific bug checks to validate that workaround bits are properly enabled by firmware via all entry paths to the kernel. Signed-off-by: Russell King Reviewed-by: Florian Fainelli Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Acked-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/include/asm/proc-fns.h | 4 ++++ arch/arm/kernel/bugs.c | 4 ++++ arch/arm/mm/proc-macros.S | 3 ++- 3 files changed, 10 insertions(+), 1 deletion(-) -- 2.5.0 diff --git a/arch/arm/include/asm/proc-fns.h b/arch/arm/include/asm/proc-fns.h index f2e1af4..e25f439 100644 --- a/arch/arm/include/asm/proc-fns.h +++ b/arch/arm/include/asm/proc-fns.h @@ -37,6 +37,10 @@ extern struct processor { */ void (*_proc_init)(void); /* + * Check for processor bugs + */ + void (*check_bugs)(void); + /* * Disable any processor specifics */ void (*_proc_fin)(void); diff --git a/arch/arm/kernel/bugs.c b/arch/arm/kernel/bugs.c index 16e7ba2..7be5113 100644 --- a/arch/arm/kernel/bugs.c +++ b/arch/arm/kernel/bugs.c @@ -5,6 +5,10 @@ void check_other_bugs(void) { +#ifdef MULTI_CPU + if (processor.check_bugs) + processor.check_bugs(); +#endif } void __init check_bugs(void) diff --git a/arch/arm/mm/proc-macros.S b/arch/arm/mm/proc-macros.S index f10e31d..81d0efb 100644 --- a/arch/arm/mm/proc-macros.S +++ b/arch/arm/mm/proc-macros.S @@ -273,13 +273,14 @@ mcr p15, 0, ip, c7, c10, 4 @ data write barrier .endm -.macro define_processor_functions name:req, dabort:req, pabort:req, nommu=0, suspend=0 +.macro define_processor_functions name:req, dabort:req, pabort:req, nommu=0, suspend=0, bugs=0 .type \name\()_processor_functions, #object .align 2 ENTRY(\name\()_processor_functions) .word \dabort .word \pabort .word cpu_\name\()_proc_init + .word \bugs .word cpu_\name\()_proc_fin .word cpu_\name\()_reset .word cpu_\name\()_do_idle From patchwork Mon Oct 15 15:31:59 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 148855 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp3933767lji; Mon, 15 Oct 2018 08:32:26 -0700 (PDT) X-Received: by 2002:ac8:33d6:: with SMTP id d22-v6mr16422216qtb.313.1539617546725; Mon, 15 Oct 2018 08:32:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539617546; cv=none; d=google.com; s=arc-20160816; b=T7un+WFlvV6SMfDnNqMpfVdzkjA95S/RcWSKTQtn+faQa2bi2JH4pl/33YMGnROcv3 1hpOkxAu7CZzKM/Biw9iGUNZ5U+0tjzZ9/DIF28EO6YxxYt6v1E2P87fULTtF/pd7M9/ xqMeIVOSxy0fKI0TbAcIFehAIZGlpO/deULZjAkIGPE51dv19+mtX1VuKIbn/q/G4WDX 06aEC6AYqeFxdzWZ4UjHJF32BKPZH/tTmGi28/bBHrrkvTbTfis1fB1DiApeEaKwAfMK BC+ONI2L+krT2kaBkjTNYfnWejnY18PwlNMfwxqnbzeCBTFsN/1urawdJZ2k2/hbOEGR JvWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Jk/8JjrwqCQQ9d7/yKmimwgykzqXDFqUVF4LDZjbIG0=; b=cs9w5xifOteP1CKeQT53wFKMr/wfQ/9VSGS+SwVi4XOmz39yLvITO5NhrXIXcG4Xfg xxtOv099Rn7fwdw+MX88Fgvf+wNH+Y/ZMB0w4H+vM/EglTtk1OmrGFAuNRURGbS4+pcf M7s2C1zirgcEsXUDUP0on64k1zgx0S5CP7ssgIXvW46YCcL+xhZ0ZfK1JjZJRtlNRzTK NByAxe01aNf+D0vCbwuOLMCszEZvuMRj8rI92MB9Zc9i/yTS+p4dVBZKasaZEIdsPuQz +KC/GghVd1DoqNqb2bW1QjFWFMigrDi9x7vMNjuWrPfGoO5hk59TFfL5kkAdINjMAGO4 A64w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=hNJgBCFU; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id 11-v6sor6464090qkz.22.2018.10.15.08.32.26 for (Google Transport Security); Mon, 15 Oct 2018 08:32:26 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=hNJgBCFU; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Jk/8JjrwqCQQ9d7/yKmimwgykzqXDFqUVF4LDZjbIG0=; b=hNJgBCFUiQEnKbjKQxiHkpb6kRgudo0AZN/juXCWR7yg9UFZoJHwTywCqamPPC+pba 7il30tEzZvicBzVgs73Qi5nX34XuEC0ZtHLySy5+nrtw73MoAugfMa3HMlcWdJTHBp+f u+S3wmjV7NPCwdIGh4gnXTfcIK4LVlbUVik50= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Jk/8JjrwqCQQ9d7/yKmimwgykzqXDFqUVF4LDZjbIG0=; b=GeLM2ev75EKiAXDToTRfJvPgkUIHhgaKUoCdZtThxCTVvA0pXPHcSmbvmPbUoVFOG0 6BsCwUrMxk65LA7CRlFOVNphrTWRv5AxLh4Ieczj230eMSCK6zbpWbJWhjR8OFpOUIsH cOCm3m+YU+Sl7Tj+aTSX5cSYifDTf7jOK86sGZX+jOjHj55rQ+j/AnT5TkIcFsk3t/YF +IF1M5U48w1kSwLVAa0Gq07bWoHJcq2IXtXjqo65kchVIu87z4z9oYSTE2AM0fsIMr3H zsNpY7rZWrnmhtUnEIUe5thQfneLrjCCjYjBvae1WFgmA1finTafNe153vb1ADIHMlWH +BDw== X-Gm-Message-State: ABuFfoioYE5OcIpk+5OLeLOUjO4ZDExDIIPsvf2wpa7pO85sbcqZV8nj BJuJj7AtfhbLK7ubOsYmCvfxFCMq X-Google-Smtp-Source: ACcGV61qMdpPglI9Fj9Kcgf59Ymq2Dr/sBVeZWYwKGr3HnqWdA9vqCyAjPsbGEwHlaDzgeZ2KxN5UA== X-Received: by 2002:a37:f8c:: with SMTP id 12-v6mr16649847qkp.224.1539617546352; Mon, 15 Oct 2018 08:32:26 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([72.71.243.63]) by smtp.googlemail.com with ESMTPSA id g82-v6sm10087768qkh.24.2018.10.15.08.32.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Oct 2018 08:32:25 -0700 (PDT) From: David Long To: , Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.14 05/24] ARM: spectre: add Kconfig symbol for CPUs vulnerable to Spectre Date: Mon, 15 Oct 2018 11:31:59 -0400 Message-Id: <1539617538-22328-6-git-send-email-dave.long@linaro.org> X-Mailer: git-send-email 2.5.0 In-Reply-To: <1539617538-22328-1-git-send-email-dave.long@linaro.org> References: <1539617538-22328-1-git-send-email-dave.long@linaro.org> From: Russell King Commit c58d237d0852a57fde9bc2c310972e8f4e3d155d upstream. Add a Kconfig symbol for CPUs which are vulnerable to the Spectre attacks. Signed-off-by: Russell King Reviewed-by: Florian Fainelli Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Acked-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/mm/Kconfig | 4 ++++ 1 file changed, 4 insertions(+) -- 2.5.0 diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig index fd9077a..575e11d 100644 --- a/arch/arm/mm/Kconfig +++ b/arch/arm/mm/Kconfig @@ -415,6 +415,7 @@ config CPU_V7 select CPU_CP15_MPU if !MMU select CPU_HAS_ASID if MMU select CPU_PABRT_V7 + select CPU_SPECTRE if MMU select CPU_THUMB_CAPABLE select CPU_TLB_V7 if MMU @@ -826,6 +827,9 @@ config CPU_BPREDICT_DISABLE help Say Y here to disable branch prediction. If unsure, say N. +config CPU_SPECTRE + bool + config TLS_REG_EMUL bool select NEED_KUSER_HELPERS From patchwork Mon Oct 15 15:32:00 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 148856 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp3933788lji; Mon, 15 Oct 2018 08:32:27 -0700 (PDT) X-Received: by 2002:ac8:1644:: with SMTP id x4-v6mr17052517qtk.67.1539617547816; Mon, 15 Oct 2018 08:32:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539617547; cv=none; d=google.com; s=arc-20160816; b=s28/oKKcquHephz39xAtnRMKKeBSP8K89tvaeJlf/jtLaBhvR0mnokDdzT1hRq9+Wf U7Rf8yG8HG5vHQZLLO4q9ECsXT/W+91pYryKFyNQH/JqIXYFhl8+w+YjmmfXMhbKV6M9 qAHIEhEFt6ol1jail4c/r+Y4KHMw2jYiDMPcJm6m5eseaC7WdNi7vgELSIZANUvZBlV5 XWJhAVZQNPXmCslltIdXer8q09zwB+jX2opdd8dUdss1/XCcvO0aPEWuH1YuKW7h8wym 8iLRG2b7cqllmgzGjncIHnPpgQoBOMTPQc0S7mvFld61ppmHQzGkz4l8ONeX1BberGWR 2fvw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=xznBxHGFXLvKW2aWbyqjPLViyeJxev9xWfVV0N1nH64=; b=JeaNUG6SfO0Y0kmXv2aPJCnn6WKKFVyu1D7p3D9w05T6Ps8fw1qP2MhUkLFu/AxNTx 9KEldWaSqSBtZcww3zAvGmuf4DBd16JifNjvA/O2h29J54VQde/QDSasOnWWmbLC0gU4 zzGKf+vP75wch3UIwAXrv1pvDjGgkFFuEFq5eO3KbFABSEDJuRlXJbojrTGMoO3K1Yj/ hTzKPc/IU6V307qSbeNLihe37pZONlnTgfaespP0aCFwMR6pJmMWVhoId+fUR21Wcsfs 5zr/Rv4O/kWHmDxqD2Oi3H8PwW315cFHksfGROu9acg0fbaohmV1w677FlzSV2JgJCaU gsFg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="eQ//zaXJ"; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.41 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f41.google.com (mail-sor-f41.google.com. [209.85.220.41]) by mx.google.com with SMTPS id o21sor1624207qvf.18.2018.10.15.08.32.27 for (Google Transport Security); Mon, 15 Oct 2018 08:32:27 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.41 as permitted sender) client-ip=209.85.220.41; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="eQ//zaXJ"; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.41 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=xznBxHGFXLvKW2aWbyqjPLViyeJxev9xWfVV0N1nH64=; b=eQ//zaXJBfF9VU2yPlLudwlYWHsWzBVTU2D5oz08rQtrUlS6RNs+/gEARQhyQ9DH7C mp6O3ZQv1Y6Qd6z09hAesphPS24OTQjQ/pd7dK6l9R0BT7X43EQO5XjOo5TXclSjEIgG gWsNjCcTbX9mHamKge5w9/8Y7e6lqRWUdIE7o= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=xznBxHGFXLvKW2aWbyqjPLViyeJxev9xWfVV0N1nH64=; b=ia2CDwYkPTFjbOA0m5+QSTsOPXnegSucSfNhT4wiDRhpetIvWXplxFkdmYSrYZN8R/ 9ltPw3SzqfWRzEShZ+TjkDoUch5nrpyJlPUSstREu+m4lTuxOX/fTnwk6OM5B1i4QIrN 2HSLNsv2/KL6402Hns98bt3pLvlxAkWS8vFoA2ABEykfwxa+cqI54U5iz2hGEFJGh9d9 Ei3WGbvXnp8uAUj3rrf/T6VrZGYrVp0DShOlEP5utwaU86wo9bX/+rrWEqvKJTxfNs0m jTwmvdAYCzsCqIEQp9RbPHI5JvfoOAJS61J7znfbXWMEI8sz6yx7P1rL18yegbZp0Hlb T63A== X-Gm-Message-State: ABuFfogdgVZV+/9rN4aJes3DXLhB1lUFUCP0w8lOh+qSBNdsntjvetuW c3h+nmVS+Bp0cIsPymVNHl4i85aW X-Google-Smtp-Source: ACcGV63xvKdP0Zkp7C78EwoRjX1T6WWnN0xvHdONWDSUnpw6g5cTFG+ElxY7mCuNfBL+IuM706UfHQ== X-Received: by 2002:a0c:c204:: with SMTP id l4mr17657986qvh.212.1539617547384; Mon, 15 Oct 2018 08:32:27 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([72.71.243.63]) by smtp.googlemail.com with ESMTPSA id g82-v6sm10087768qkh.24.2018.10.15.08.32.26 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Oct 2018 08:32:26 -0700 (PDT) From: David Long To: , Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.14 06/24] ARM: spectre-v2: harden branch predictor on context switches Date: Mon, 15 Oct 2018 11:32:00 -0400 Message-Id: <1539617538-22328-7-git-send-email-dave.long@linaro.org> X-Mailer: git-send-email 2.5.0 In-Reply-To: <1539617538-22328-1-git-send-email-dave.long@linaro.org> References: <1539617538-22328-1-git-send-email-dave.long@linaro.org> From: Russell King Commit 06c23f5ffe7ad45b908d0fff604dae08a7e334b9 upstream. Required manual merge of arch/arm/mm/proc-v7.S. Harden the branch predictor against Spectre v2 attacks on context switches for ARMv7 and later CPUs. We do this by: Cortex A9, A12, A17, A73, A75: invalidating the BTB. Cortex A15, Brahma B15: invalidating the instruction cache. Cortex A57 and Cortex A72 are not addressed in this patch. Cortex R7 and Cortex R8 are also not addressed as we do not enforce memory protection on these cores. Signed-off-by: Russell King Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Acked-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/mm/Kconfig | 19 +++++++ arch/arm/mm/proc-v7-2level.S | 6 --- arch/arm/mm/proc-v7.S | 125 +++++++++++++++++++++++++++++++++---------- 3 files changed, 115 insertions(+), 35 deletions(-) -- 2.5.0 diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig index 575e11d..50e0b45 100644 --- a/arch/arm/mm/Kconfig +++ b/arch/arm/mm/Kconfig @@ -830,6 +830,25 @@ config CPU_BPREDICT_DISABLE config CPU_SPECTRE bool +config HARDEN_BRANCH_PREDICTOR + bool "Harden the branch predictor against aliasing attacks" if EXPERT + depends on CPU_SPECTRE + default y + help + Speculation attacks against some high-performance processors rely + on being able to manipulate the branch predictor for a victim + context by executing aliasing branches in the attacker context. + Such attacks can be partially mitigated against by clearing + internal branch predictor state and limiting the prediction + logic in some situations. + + This config option will take CPU-specific actions to harden + the branch predictor against aliasing attacks and may rely on + specific instruction sequences or control bits being set by + the system firmware. + + If unsure, say Y. + config TLS_REG_EMUL bool select NEED_KUSER_HELPERS diff --git a/arch/arm/mm/proc-v7-2level.S b/arch/arm/mm/proc-v7-2level.S index c6141a5..f8d45ad 100644 --- a/arch/arm/mm/proc-v7-2level.S +++ b/arch/arm/mm/proc-v7-2level.S @@ -41,11 +41,6 @@ * even on Cortex-A8 revisions not affected by 430973. * If IBE is not set, the flush BTAC/BTB won't do anything. */ -ENTRY(cpu_ca8_switch_mm) -#ifdef CONFIG_MMU - mov r2, #0 - mcr p15, 0, r2, c7, c5, 6 @ flush BTAC/BTB -#endif ENTRY(cpu_v7_switch_mm) #ifdef CONFIG_MMU mmid r1, r1 @ get mm->context.id @@ -66,7 +61,6 @@ ENTRY(cpu_v7_switch_mm) #endif bx lr ENDPROC(cpu_v7_switch_mm) -ENDPROC(cpu_ca8_switch_mm) /* * cpu_v7_set_pte_ext(ptep, pte) diff --git a/arch/arm/mm/proc-v7.S b/arch/arm/mm/proc-v7.S index 01d64c0..53ba294 100644 --- a/arch/arm/mm/proc-v7.S +++ b/arch/arm/mm/proc-v7.S @@ -93,6 +93,17 @@ ENTRY(cpu_v7_dcache_clean_area) ret lr ENDPROC(cpu_v7_dcache_clean_area) +ENTRY(cpu_v7_iciallu_switch_mm) + mov r3, #0 + mcr p15, 0, r3, c7, c5, 0 @ ICIALLU + b cpu_v7_switch_mm +ENDPROC(cpu_v7_iciallu_switch_mm) +ENTRY(cpu_v7_bpiall_switch_mm) + mov r3, #0 + mcr p15, 0, r3, c7, c5, 6 @ flush BTAC/BTB + b cpu_v7_switch_mm +ENDPROC(cpu_v7_bpiall_switch_mm) + string cpu_v7_name, "ARMv7 Processor" .align @@ -158,31 +169,6 @@ ENTRY(cpu_v7_do_resume) ENDPROC(cpu_v7_do_resume) #endif -/* - * Cortex-A8 - */ - globl_equ cpu_ca8_proc_init, cpu_v7_proc_init - globl_equ cpu_ca8_proc_fin, cpu_v7_proc_fin - globl_equ cpu_ca8_reset, cpu_v7_reset - globl_equ cpu_ca8_do_idle, cpu_v7_do_idle - globl_equ cpu_ca8_dcache_clean_area, cpu_v7_dcache_clean_area - globl_equ cpu_ca8_set_pte_ext, cpu_v7_set_pte_ext - globl_equ cpu_ca8_suspend_size, cpu_v7_suspend_size -#ifdef CONFIG_ARM_CPU_SUSPEND - globl_equ cpu_ca8_do_suspend, cpu_v7_do_suspend - globl_equ cpu_ca8_do_resume, cpu_v7_do_resume -#endif - -/* - * Cortex-A9 processor functions - */ - globl_equ cpu_ca9mp_proc_init, cpu_v7_proc_init - globl_equ cpu_ca9mp_proc_fin, cpu_v7_proc_fin - globl_equ cpu_ca9mp_reset, cpu_v7_reset - globl_equ cpu_ca9mp_do_idle, cpu_v7_do_idle - globl_equ cpu_ca9mp_dcache_clean_area, cpu_v7_dcache_clean_area - globl_equ cpu_ca9mp_switch_mm, cpu_v7_switch_mm - globl_equ cpu_ca9mp_set_pte_ext, cpu_v7_set_pte_ext .globl cpu_ca9mp_suspend_size .equ cpu_ca9mp_suspend_size, cpu_v7_suspend_size + 4 * 2 #ifdef CONFIG_ARM_CPU_SUSPEND @@ -548,10 +534,75 @@ __v7_setup_stack: @ define struct processor (see and proc-macros.S) define_processor_functions v7, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 + +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + @ generic v7 bpiall on context switch + globl_equ cpu_v7_bpiall_proc_init, cpu_v7_proc_init + globl_equ cpu_v7_bpiall_proc_fin, cpu_v7_proc_fin + globl_equ cpu_v7_bpiall_reset, cpu_v7_reset + globl_equ cpu_v7_bpiall_do_idle, cpu_v7_do_idle + globl_equ cpu_v7_bpiall_dcache_clean_area, cpu_v7_dcache_clean_area + globl_equ cpu_v7_bpiall_set_pte_ext, cpu_v7_set_pte_ext + globl_equ cpu_v7_bpiall_suspend_size, cpu_v7_suspend_size +#ifdef CONFIG_ARM_CPU_SUSPEND + globl_equ cpu_v7_bpiall_do_suspend, cpu_v7_do_suspend + globl_equ cpu_v7_bpiall_do_resume, cpu_v7_do_resume +#endif + define_processor_functions v7_bpiall, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 + +#define HARDENED_BPIALL_PROCESSOR_FUNCTIONS v7_bpiall_processor_functions +#else +#define HARDENED_BPIALL_PROCESSOR_FUNCTIONS v7_processor_functions +#endif + #ifndef CONFIG_ARM_LPAE + @ Cortex-A8 - always needs bpiall switch_mm implementation + globl_equ cpu_ca8_proc_init, cpu_v7_proc_init + globl_equ cpu_ca8_proc_fin, cpu_v7_proc_fin + globl_equ cpu_ca8_reset, cpu_v7_reset + globl_equ cpu_ca8_do_idle, cpu_v7_do_idle + globl_equ cpu_ca8_dcache_clean_area, cpu_v7_dcache_clean_area + globl_equ cpu_ca8_set_pte_ext, cpu_v7_set_pte_ext + globl_equ cpu_ca8_switch_mm, cpu_v7_bpiall_switch_mm + globl_equ cpu_ca8_suspend_size, cpu_v7_suspend_size +#ifdef CONFIG_ARM_CPU_SUSPEND + globl_equ cpu_ca8_do_suspend, cpu_v7_do_suspend + globl_equ cpu_ca8_do_resume, cpu_v7_do_resume +#endif define_processor_functions ca8, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 + + @ Cortex-A9 - needs more registers preserved across suspend/resume + @ and bpiall switch_mm for hardening + globl_equ cpu_ca9mp_proc_init, cpu_v7_proc_init + globl_equ cpu_ca9mp_proc_fin, cpu_v7_proc_fin + globl_equ cpu_ca9mp_reset, cpu_v7_reset + globl_equ cpu_ca9mp_do_idle, cpu_v7_do_idle + globl_equ cpu_ca9mp_dcache_clean_area, cpu_v7_dcache_clean_area +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + globl_equ cpu_ca9mp_switch_mm, cpu_v7_bpiall_switch_mm +#else + globl_equ cpu_ca9mp_switch_mm, cpu_v7_switch_mm +#endif + globl_equ cpu_ca9mp_set_pte_ext, cpu_v7_set_pte_ext define_processor_functions ca9mp, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 #endif + + @ Cortex-A15 - needs iciallu switch_mm for hardening + globl_equ cpu_ca15_proc_init, cpu_v7_proc_init + globl_equ cpu_ca15_proc_fin, cpu_v7_proc_fin + globl_equ cpu_ca15_reset, cpu_v7_reset + globl_equ cpu_ca15_do_idle, cpu_v7_do_idle + globl_equ cpu_ca15_dcache_clean_area, cpu_v7_dcache_clean_area +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + globl_equ cpu_ca15_switch_mm, cpu_v7_iciallu_switch_mm +#else + globl_equ cpu_ca15_switch_mm, cpu_v7_switch_mm +#endif + globl_equ cpu_ca15_set_pte_ext, cpu_v7_set_pte_ext + globl_equ cpu_ca15_suspend_size, cpu_v7_suspend_size + globl_equ cpu_ca15_do_suspend, cpu_v7_do_suspend + globl_equ cpu_ca15_do_resume, cpu_v7_do_resume + define_processor_functions ca15, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 #ifdef CONFIG_CPU_PJ4B define_processor_functions pj4b, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 #endif @@ -658,7 +709,7 @@ __v7_ca7mp_proc_info: __v7_ca12mp_proc_info: .long 0x410fc0d0 .long 0xff0ffff0 - __v7_proc __v7_ca12mp_proc_info, __v7_ca12mp_setup + __v7_proc __v7_ca12mp_proc_info, __v7_ca12mp_setup, proc_fns = HARDENED_BPIALL_PROCESSOR_FUNCTIONS .size __v7_ca12mp_proc_info, . - __v7_ca12mp_proc_info /* @@ -668,7 +719,7 @@ __v7_ca12mp_proc_info: __v7_ca15mp_proc_info: .long 0x410fc0f0 .long 0xff0ffff0 - __v7_proc __v7_ca15mp_proc_info, __v7_ca15mp_setup + __v7_proc __v7_ca15mp_proc_info, __v7_ca15mp_setup, proc_fns = ca15_processor_functions .size __v7_ca15mp_proc_info, . - __v7_ca15mp_proc_info /* @@ -678,7 +729,7 @@ __v7_ca15mp_proc_info: __v7_b15mp_proc_info: .long 0x420f00f0 .long 0xff0ffff0 - __v7_proc __v7_b15mp_proc_info, __v7_b15mp_setup + __v7_proc __v7_b15mp_proc_info, __v7_b15mp_setup, proc_fns = ca15_processor_functions .size __v7_b15mp_proc_info, . - __v7_b15mp_proc_info /* @@ -688,9 +739,25 @@ __v7_b15mp_proc_info: __v7_ca17mp_proc_info: .long 0x410fc0e0 .long 0xff0ffff0 - __v7_proc __v7_ca17mp_proc_info, __v7_ca17mp_setup + __v7_proc __v7_ca17mp_proc_info, __v7_ca17mp_setup, proc_fns = HARDENED_BPIALL_PROCESSOR_FUNCTIONS .size __v7_ca17mp_proc_info, . - __v7_ca17mp_proc_info + /* ARM Ltd. Cortex A73 processor */ + .type __v7_ca73_proc_info, #object +__v7_ca73_proc_info: + .long 0x410fd090 + .long 0xff0ffff0 + __v7_proc __v7_ca73_proc_info, __v7_setup, proc_fns = HARDENED_BPIALL_PROCESSOR_FUNCTIONS + .size __v7_ca73_proc_info, . - __v7_ca73_proc_info + + /* ARM Ltd. Cortex A75 processor */ + .type __v7_ca75_proc_info, #object +__v7_ca75_proc_info: + .long 0x410fd0a0 + .long 0xff0ffff0 + __v7_proc __v7_ca75_proc_info, __v7_setup, proc_fns = HARDENED_BPIALL_PROCESSOR_FUNCTIONS + .size __v7_ca75_proc_info, . - __v7_ca75_proc_info + /* * Qualcomm Inc. Krait processors. */ From patchwork Mon Oct 15 15:32:01 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 148857 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp3933814lji; Mon, 15 Oct 2018 08:32:29 -0700 (PDT) X-Received: by 2002:a0c:983d:: with SMTP id c58-v6mr17777093qvd.86.1539617548899; Mon, 15 Oct 2018 08:32:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539617548; cv=none; d=google.com; s=arc-20160816; b=ys6dOYh5Ltkii+a9K+6m0K6xuLeTytjZeJi/h7l/fypCuW67RNSAIiJyEReez5pwI8 RVTmKTp1VDmSP6QN+QdVEFKzZvX0fxi8aBRb99qXAuTy4jdGtzfb5Opa3vaBB6eFWw6C JGDY8DtILQsaqA54dEJo/15E5IOWGafmCTB2YuCKTwa4WPQJZcynkKZTGnc/hDTvgJjK BrehOQ8cwjfoB80h1BYf6FUaBD2lzrSlcappNNWIIRVmm3moT3TkHcASD1wlR0RBvvZJ nAaem4ODDSDrbdX8+Kf+k4iNJOeO8fH110x/CKOZiB/vOR04PrgKFreFvLrYN+0lDmLN AQiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=V18jL+rD6+z43/5Ke7KrCYrZTqudTBXIDUYSJkRILLs=; b=rT+OePB1C6EVTAf3Np0j06kGb4XywrAhBKDnbF/aKuU0mmdOpQN6/tX7k4E/Nh/sDt aQ94Wrwn3EtYdTvqHCX1pgrLuW9SDG65fza1XrN3/jvPuJrBn4i+dzKwNW4fWD3b2TUk QGssN/47n2A2CLq+5j8WSjkD7HqwZcMstwdr8vJrMTRQtAo4NEX+6jzcwDN/s9EBV7xu BgDXcYOU3SfV0iCceW+hYNPv/YD5Qe1wAU8q5TevnnLee3GoHFFG/F8Y/3HVFFHD1s6H /PnDFngaCZyjE1Rk0h+VoiMIOmUggx0NAGdibN3p6fkiuRBqGPhk/z6wdQTr5Lz/Rgwp wy+Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=BO5M9wA9; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id b54-v6sor12462789qtk.58.2018.10.15.08.32.28 for (Google Transport Security); Mon, 15 Oct 2018 08:32:28 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=BO5M9wA9; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=V18jL+rD6+z43/5Ke7KrCYrZTqudTBXIDUYSJkRILLs=; b=BO5M9wA9NDKJ+cxL/nupwTBANEl5Zb8+BLuAlTrDaoTM0dxLPWVuxOfckS6pHXXXk5 Yi8qpomvkqAsb7AGemh3SUeKJ0SWRlqGPPGV/f3/BXBVLWSp4c8AIezJLZh+VBP5VqRI kTB7hjMH14nW1Ryr8p4wACkmX0IFaIZAF1EcM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=V18jL+rD6+z43/5Ke7KrCYrZTqudTBXIDUYSJkRILLs=; b=lDITCEXIn7vslH1Lirxg7OhIgB8Rewr+X/pIBb7o0xHi+yst7Y8wdE/kmVT8DJINTi nf8zDDuXQJLdkjlDG1euNZ8OJ+CJOY7w4J2kwnWn5XfLgJUlKQkb9EiN6LvVJ5MZHUP8 gA7Tm862qZvcfdaTFTIUOJfYYpE7WG+3wwVOdN7jswg+fGxYOj5xGXGJ4AvH+0J0rACC 2PlJcBi+YXIWDCZFgCmMiK1T2HtUwtfdBAzSF3hNDU1nuD++gXG7GQhalpAAnSfyhQxE ToKzCDCiscDiAs+Ywz3IJjIo2b1SyI3O+vF4qdCL3wgfBbhIko/xQlRUGTwp4mpz7/NA MQNA== X-Gm-Message-State: ABuFfogOf1YjMWodR8W2CSrydM6PNVgvEoewl4UvuD/1Xq/6w+AYc2Th LCyynKOTsSc4eT/Bjc9a/Pqg8X7C X-Google-Smtp-Source: ACcGV63rgmmcCuy20CIkcu/qKO6yoaPncAQoor18gIgIUPfGy0TCLO8Yrg4ZQ4H/lDDIYKfdhMfgSQ== X-Received: by 2002:aed:2905:: with SMTP id s5-v6mr16681911qtd.101.1539617548467; Mon, 15 Oct 2018 08:32:28 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([72.71.243.63]) by smtp.googlemail.com with ESMTPSA id g82-v6sm10087768qkh.24.2018.10.15.08.32.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Oct 2018 08:32:27 -0700 (PDT) From: David Long To: , Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.14 07/24] ARM: spectre-v2: add Cortex A8 and A15 validation of the IBE bit Date: Mon, 15 Oct 2018 11:32:01 -0400 Message-Id: <1539617538-22328-8-git-send-email-dave.long@linaro.org> X-Mailer: git-send-email 2.5.0 In-Reply-To: <1539617538-22328-1-git-send-email-dave.long@linaro.org> References: <1539617538-22328-1-git-send-email-dave.long@linaro.org> From: Russell King Commit e388b80288aade31135aca23d32eee93dd106795 upstream. When the branch predictor hardening is enabled, firmware must have set the IBE bit in the auxiliary control register. If this bit has not been set, the Spectre workarounds will not be functional. Add validation that this bit is set, and print a warning at alert level if this is not the case. Signed-off-by: Russell King Reviewed-by: Florian Fainelli Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Signed-off-by: David A. Long --- arch/arm/mm/Makefile | 2 +- arch/arm/mm/proc-v7-bugs.c | 36 ++++++++++++++++++++++++++++++++++++ arch/arm/mm/proc-v7.S | 4 ++-- 3 files changed, 39 insertions(+), 3 deletions(-) create mode 100644 arch/arm/mm/proc-v7-bugs.c -- 2.5.0 diff --git a/arch/arm/mm/Makefile b/arch/arm/mm/Makefile index f353ee5..93a622a 100644 --- a/arch/arm/mm/Makefile +++ b/arch/arm/mm/Makefile @@ -95,7 +95,7 @@ obj-$(CONFIG_CPU_MOHAWK) += proc-mohawk.o obj-$(CONFIG_CPU_FEROCEON) += proc-feroceon.o obj-$(CONFIG_CPU_V6) += proc-v6.o obj-$(CONFIG_CPU_V6K) += proc-v6.o -obj-$(CONFIG_CPU_V7) += proc-v7.o +obj-$(CONFIG_CPU_V7) += proc-v7.o proc-v7-bugs.o obj-$(CONFIG_CPU_V7M) += proc-v7m.o AFLAGS_proc-v6.o :=-Wa,-march=armv6 diff --git a/arch/arm/mm/proc-v7-bugs.c b/arch/arm/mm/proc-v7-bugs.c new file mode 100644 index 0000000..e46557d --- /dev/null +++ b/arch/arm/mm/proc-v7-bugs.c @@ -0,0 +1,36 @@ +// SPDX-License-Identifier: GPL-2.0 +#include +#include + +static __maybe_unused void cpu_v7_check_auxcr_set(bool *warned, + u32 mask, const char *msg) +{ + u32 aux_cr; + + asm("mrc p15, 0, %0, c1, c0, 1" : "=r" (aux_cr)); + + if ((aux_cr & mask) != mask) { + if (!*warned) + pr_err("CPU%u: %s", smp_processor_id(), msg); + *warned = true; + } +} + +static DEFINE_PER_CPU(bool, spectre_warned); + +static void check_spectre_auxcr(bool *warned, u32 bit) +{ + if (IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR) && + cpu_v7_check_auxcr_set(warned, bit, + "Spectre v2: firmware did not set auxiliary control register IBE bit, system vulnerable\n"); +} + +void cpu_v7_ca8_ibe(void) +{ + check_spectre_auxcr(this_cpu_ptr(&spectre_warned), BIT(6)); +} + +void cpu_v7_ca15_ibe(void) +{ + check_spectre_auxcr(this_cpu_ptr(&spectre_warned), BIT(0)); +} diff --git a/arch/arm/mm/proc-v7.S b/arch/arm/mm/proc-v7.S index 53ba294..14cb0db 100644 --- a/arch/arm/mm/proc-v7.S +++ b/arch/arm/mm/proc-v7.S @@ -569,7 +569,7 @@ __v7_setup_stack: globl_equ cpu_ca8_do_suspend, cpu_v7_do_suspend globl_equ cpu_ca8_do_resume, cpu_v7_do_resume #endif - define_processor_functions ca8, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 + define_processor_functions ca8, dabort=v7_early_abort, pabort=v7_pabort, suspend=1, bugs=cpu_v7_ca8_ibe @ Cortex-A9 - needs more registers preserved across suspend/resume @ and bpiall switch_mm for hardening @@ -602,7 +602,7 @@ __v7_setup_stack: globl_equ cpu_ca15_suspend_size, cpu_v7_suspend_size globl_equ cpu_ca15_do_suspend, cpu_v7_do_suspend globl_equ cpu_ca15_do_resume, cpu_v7_do_resume - define_processor_functions ca15, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 + define_processor_functions ca15, dabort=v7_early_abort, pabort=v7_pabort, suspend=1, bugs=cpu_v7_ca15_ibe #ifdef CONFIG_CPU_PJ4B define_processor_functions pj4b, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 #endif From patchwork Mon Oct 15 15:32:02 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 148858 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp3933842lji; Mon, 15 Oct 2018 08:32:30 -0700 (PDT) X-Received: by 2002:aed:2a0d:: with SMTP id c13-v6mr16437800qtd.147.1539617550476; Mon, 15 Oct 2018 08:32:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539617550; cv=none; d=google.com; s=arc-20160816; b=dHSfz7tCqoUscwFg4FIFy2a+rHS6iJn3JcGaBqJeCyJv7IG9druu+NUx7hqmYpI/h6 LAVzLaDmyPWiB7T6+CZk5CGPvjsPDXc3e3asiQ1ekq19czYBpoE+ccHeSxdNWiq86QuS folF/6ZKwFHJFGnoHBKTvpwcFmmG45ZPRXDlIAGz+Tltgssn1iHCaO+Mwr8jPvIuABjW Ga9ojKC/nvA4CANjAk2mugzgT95tGKvea+uzzs/YdLTydytLlrzor3zV5aUyUjnkD8kz o+mUM/nmAS7nv4DgzJGhYjzlK+/voim5vQQd94IWjrHqB4kLbqJxYP7w9VcuC7tX0Z9H sZFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=T9MxWaCiPfMqpI2OW0ZWINtS/BWNv1Zawk6UObiFt+E=; b=LI2i5uRO19L3F/BQ5gbKKqer3LWCGeGAeiUX2MLHcKETRBGl8FUbd3glSgpcHqAbcI J9o99+rYLAErTsuHvg5kaZ48o6qP/eQNcSqXU4FWL/ebTYKcmfu6TdGPLckIxJ1EW5nk jH7JsOhKX/6wkXjQMI38D26SNy2Ah/HMwMldwgVMNMHp+xgR6suc2w/XXFFyOVPGOEQ0 QJyb6q+Axf+9/JVqwR6pRdmvoF5LJfOAs1M0jvf6UoVjE4w7z6HBxoJ//EjKBloGWDWw d/L6K2KIMMuackalIbCbo7ZasGsIV47Z7QPMaJavrCx3bsw+DHw2e8BPXYAh1KRsHPOU 7Qag== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=HHCM5Zim; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.41 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f41.google.com (mail-sor-f41.google.com. [209.85.220.41]) by mx.google.com with SMTPS id b54-v6sor12462893qtk.58.2018.10.15.08.32.30 for (Google Transport Security); Mon, 15 Oct 2018 08:32:30 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.41 as permitted sender) client-ip=209.85.220.41; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=HHCM5Zim; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.41 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=T9MxWaCiPfMqpI2OW0ZWINtS/BWNv1Zawk6UObiFt+E=; b=HHCM5ZimpdUPFGL14JrmrsgiQ+oZVeQQUvblUF/rR1eG7RSFYCWdTVgIx7YmX6aHn9 Em1Os4CR5E1VmoHQgJLV4AP7B9qkg3tuimCo/HlqgPWszoXEPR1daOAnxs8+jOqn+Y4x mx2gW5u4ZMV9T5IXGI+GcC2Eg7roWVoxOIWl8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=T9MxWaCiPfMqpI2OW0ZWINtS/BWNv1Zawk6UObiFt+E=; b=AkOxD8WrvUAaUJkqI9wQu+N+0I8Bjt2nJmTlAM+U288lt3uJNb2/lMkeLAe6F/6Tyd URKfggJvnEoOo8DhzMitGSS+hCae/phpQIZwiU3VblzFgyCIZGesNkRkaZKgCAo//AAd NoZT8gYNet/9EcaxAsGhfrk6kKLlprETQVKjS7VvjdSnTP7IyjC+X8v4AKygx0y7JdUt WodaiUsS51dOXeD08kWJTY3a2on5Qe0vrW6WE25HDQKNt25nxYn9wM5k1+/ByXuDEJ/C GG3N8d9WrYS9xcZU1oYwrUhDuBV2TukQwOmxRPPsXs7wAJripCLgMWpfdwqDc2LuiKAl zOmw== X-Gm-Message-State: ABuFfoj8r+VzJy/9blWAkQlvafA86XnP3hlgMdy+inkh9cjelwb5E/KA dhRTX9GzvBeo/SfPIm0SbLfXtBXk X-Google-Smtp-Source: ACcGV60o94FE+mamxfBhq1suvQ+pPrVVfcKnhbq5MgfkuwJtdmJIPrqupAqCEIsUQoLMj8qTfRoCrQ== X-Received: by 2002:ac8:7153:: with SMTP id h19-v6mr16994837qtp.361.1539617550016; Mon, 15 Oct 2018 08:32:30 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([72.71.243.63]) by smtp.googlemail.com with ESMTPSA id g82-v6sm10087768qkh.24.2018.10.15.08.32.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Oct 2018 08:32:29 -0700 (PDT) From: David Long To: , Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.14 08/24] ARM: spectre-v2: harden user aborts in kernel space Date: Mon, 15 Oct 2018 11:32:02 -0400 Message-Id: <1539617538-22328-9-git-send-email-dave.long@linaro.org> X-Mailer: git-send-email 2.5.0 In-Reply-To: <1539617538-22328-1-git-send-email-dave.long@linaro.org> References: <1539617538-22328-1-git-send-email-dave.long@linaro.org> From: Russell King Commit f5fe12b1eaee220ce62ff9afb8b90929c396595f upstream. In order to prevent aliasing attacks on the branch predictor, invalidate the BTB or instruction cache on CPUs that are known to be affected when taking an abort on a address that is outside of a user task limit: Cortex A8, A9, A12, A17, A73, A75: flush BTB. Cortex A15, Brahma B15: invalidate icache. If the IBE bit is not set, then there is little point to enabling the workaround. Signed-off-by: Russell King Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Signed-off-by: David A. Long --- arch/arm/include/asm/cp15.h | 3 ++ arch/arm/include/asm/system_misc.h | 15 ++++++++ arch/arm/mm/fault.c | 3 ++ arch/arm/mm/proc-v7-bugs.c | 73 +++++++++++++++++++++++++++++++++++--- arch/arm/mm/proc-v7.S | 8 +++-- 5 files changed, 94 insertions(+), 8 deletions(-) -- 2.5.0 diff --git a/arch/arm/include/asm/cp15.h b/arch/arm/include/asm/cp15.h index 4c9fa72..07e27f2 100644 --- a/arch/arm/include/asm/cp15.h +++ b/arch/arm/include/asm/cp15.h @@ -65,6 +65,9 @@ #define __write_sysreg(v, r, w, c, t) asm volatile(w " " c : : "r" ((t)(v))) #define write_sysreg(v, ...) __write_sysreg(v, __VA_ARGS__) +#define BPIALL __ACCESS_CP15(c7, 0, c5, 6) +#define ICIALLU __ACCESS_CP15(c7, 0, c5, 0) + extern unsigned long cr_alignment; /* defined in entry-armv.S */ static inline unsigned long get_cr(void) diff --git a/arch/arm/include/asm/system_misc.h b/arch/arm/include/asm/system_misc.h index 78f6db1..8e76db8 100644 --- a/arch/arm/include/asm/system_misc.h +++ b/arch/arm/include/asm/system_misc.h @@ -8,6 +8,7 @@ #include #include #include +#include extern void cpu_init(void); @@ -15,6 +16,20 @@ void soft_restart(unsigned long); extern void (*arm_pm_restart)(enum reboot_mode reboot_mode, const char *cmd); extern void (*arm_pm_idle)(void); +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR +typedef void (*harden_branch_predictor_fn_t)(void); +DECLARE_PER_CPU(harden_branch_predictor_fn_t, harden_branch_predictor_fn); +static inline void harden_branch_predictor(void) +{ + harden_branch_predictor_fn_t fn = per_cpu(harden_branch_predictor_fn, + smp_processor_id()); + if (fn) + fn(); +} +#else +#define harden_branch_predictor() do { } while (0) +#endif + #define UDBG_UNDEFINED (1 << 0) #define UDBG_SYSCALL (1 << 1) #define UDBG_BADABORT (1 << 2) diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c index 42f5853..49b1b80 100644 --- a/arch/arm/mm/fault.c +++ b/arch/arm/mm/fault.c @@ -164,6 +164,9 @@ __do_user_fault(struct task_struct *tsk, unsigned long addr, { struct siginfo si; + if (addr > TASK_SIZE) + harden_branch_predictor(); + #ifdef CONFIG_DEBUG_USER if (((user_debug & UDBG_SEGV) && (sig == SIGSEGV)) || ((user_debug & UDBG_BUS) && (sig == SIGBUS))) { diff --git a/arch/arm/mm/proc-v7-bugs.c b/arch/arm/mm/proc-v7-bugs.c index e46557d..85a2e3d 100644 --- a/arch/arm/mm/proc-v7-bugs.c +++ b/arch/arm/mm/proc-v7-bugs.c @@ -2,7 +2,61 @@ #include #include -static __maybe_unused void cpu_v7_check_auxcr_set(bool *warned, +#include +#include +#include + +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR +DEFINE_PER_CPU(harden_branch_predictor_fn_t, harden_branch_predictor_fn); + +static void harden_branch_predictor_bpiall(void) +{ + write_sysreg(0, BPIALL); +} + +static void harden_branch_predictor_iciallu(void) +{ + write_sysreg(0, ICIALLU); +} + +static void cpu_v7_spectre_init(void) +{ + const char *spectre_v2_method = NULL; + int cpu = smp_processor_id(); + + if (per_cpu(harden_branch_predictor_fn, cpu)) + return; + + switch (read_cpuid_part()) { + case ARM_CPU_PART_CORTEX_A8: + case ARM_CPU_PART_CORTEX_A9: + case ARM_CPU_PART_CORTEX_A12: + case ARM_CPU_PART_CORTEX_A17: + case ARM_CPU_PART_CORTEX_A73: + case ARM_CPU_PART_CORTEX_A75: + per_cpu(harden_branch_predictor_fn, cpu) = + harden_branch_predictor_bpiall; + spectre_v2_method = "BPIALL"; + break; + + case ARM_CPU_PART_CORTEX_A15: + case ARM_CPU_PART_BRAHMA_B15: + per_cpu(harden_branch_predictor_fn, cpu) = + harden_branch_predictor_iciallu; + spectre_v2_method = "ICIALLU"; + break; + } + if (spectre_v2_method) + pr_info("CPU%u: Spectre v2: using %s workaround\n", + smp_processor_id(), spectre_v2_method); +} +#else +static void cpu_v7_spectre_init(void) +{ +} +#endif + +static __maybe_unused bool cpu_v7_check_auxcr_set(bool *warned, u32 mask, const char *msg) { u32 aux_cr; @@ -13,24 +67,33 @@ static __maybe_unused void cpu_v7_check_auxcr_set(bool *warned, if (!*warned) pr_err("CPU%u: %s", smp_processor_id(), msg); *warned = true; + return false; } + return true; } static DEFINE_PER_CPU(bool, spectre_warned); -static void check_spectre_auxcr(bool *warned, u32 bit) +static bool check_spectre_auxcr(bool *warned, u32 bit) { - if (IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR) && + return IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR) && cpu_v7_check_auxcr_set(warned, bit, "Spectre v2: firmware did not set auxiliary control register IBE bit, system vulnerable\n"); } void cpu_v7_ca8_ibe(void) { - check_spectre_auxcr(this_cpu_ptr(&spectre_warned), BIT(6)); + if (check_spectre_auxcr(this_cpu_ptr(&spectre_warned), BIT(6))) + cpu_v7_spectre_init(); } void cpu_v7_ca15_ibe(void) { - check_spectre_auxcr(this_cpu_ptr(&spectre_warned), BIT(0)); + if (check_spectre_auxcr(this_cpu_ptr(&spectre_warned), BIT(0))) + cpu_v7_spectre_init(); +} + +void cpu_v7_bugs_init(void) +{ + cpu_v7_spectre_init(); } diff --git a/arch/arm/mm/proc-v7.S b/arch/arm/mm/proc-v7.S index 14cb0db..562bcf2 100644 --- a/arch/arm/mm/proc-v7.S +++ b/arch/arm/mm/proc-v7.S @@ -532,8 +532,10 @@ __v7_setup_stack: __INITDATA + .weak cpu_v7_bugs_init + @ define struct processor (see and proc-macros.S) - define_processor_functions v7, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 + define_processor_functions v7, dabort=v7_early_abort, pabort=v7_pabort, suspend=1, bugs=cpu_v7_bugs_init #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR @ generic v7 bpiall on context switch @@ -548,7 +550,7 @@ __v7_setup_stack: globl_equ cpu_v7_bpiall_do_suspend, cpu_v7_do_suspend globl_equ cpu_v7_bpiall_do_resume, cpu_v7_do_resume #endif - define_processor_functions v7_bpiall, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 + define_processor_functions v7_bpiall, dabort=v7_early_abort, pabort=v7_pabort, suspend=1, bugs=cpu_v7_bugs_init #define HARDENED_BPIALL_PROCESSOR_FUNCTIONS v7_bpiall_processor_functions #else @@ -584,7 +586,7 @@ __v7_setup_stack: globl_equ cpu_ca9mp_switch_mm, cpu_v7_switch_mm #endif globl_equ cpu_ca9mp_set_pte_ext, cpu_v7_set_pte_ext - define_processor_functions ca9mp, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 + define_processor_functions ca9mp, dabort=v7_early_abort, pabort=v7_pabort, suspend=1, bugs=cpu_v7_bugs_init #endif @ Cortex-A15 - needs iciallu switch_mm for hardening From patchwork Mon Oct 15 15:32:03 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 148859 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp3933866lji; Mon, 15 Oct 2018 08:32:31 -0700 (PDT) X-Received: by 2002:aed:2d45:: with SMTP id h63-v6mr16281172qtd.52.1539617551433; Mon, 15 Oct 2018 08:32:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539617551; cv=none; d=google.com; s=arc-20160816; b=T3H8yTYytPowK4zfs173CqoNrXwJmL83cSr85LYGt0S3JlHEEJekwR1KgtB0LwFfW5 OgB2ApaCcls43bYHwMNJxdOuECmmBhn7Fsq89R45o6dUrvrrtb+UlZVWF0fXUw9eAvZJ FBSkhkCtvV63uehfEMlfl7hIBk5thKLCkZZpG04miwcBL2v/Pqvhbl1nN5hyeNgcuMJQ TsZ2zWQPNjLhhENLEl45XxShoGl9qGvhBvGFHDWKZb8i1ScafsUbLeJOYb897wW/bUXs EL2e//4MO1ui/EpERG/uZBKFNvA3m5oinILsiMdbdoy6iWbr792mmkMA4dk9zSSvUVZM qVJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=2Lkt9TaEtzqDJASQ+tBfr0620p290qhpRrsYnjOHP1k=; b=ec7SJOEPQyBaomGl48s6yg/rECT2CP8tFsGeUv6yEwiBdtMoeAcTWm0E+3ipl5WnUG NABHJLBv0cP/2pdScecTr4vK4ckQ2LKuZL5KJKmrEk9SQT3MQ5OeX47a6jWXYxdCiMnC tKHkE98ON78oUm1BvPawxeT2kzvDHxpgE31WY/hpPNVIaMkIC5Czcagubh39Gdl4pY0v A+11djL+VlCZcz3QWEmCoGgkk4Rfrs+j+oG0Ll4V0z8hIr/xo65Tl04i3Sm9j4blTM+E rLIce9AyFguaF5QPgddzL4rHJOlGqjWpK1ln1pZIK0rYSTmquzaeqYMNZeM6s3nhInVI P6Vg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="J2Zo0z6/"; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id n31sor12009912qvn.11.2018.10.15.08.32.31 for (Google Transport Security); Mon, 15 Oct 2018 08:32:31 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="J2Zo0z6/"; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=2Lkt9TaEtzqDJASQ+tBfr0620p290qhpRrsYnjOHP1k=; b=J2Zo0z6/rGNp7CbKm1B572PvZPSe3FOZLFUhyZMwRP/YAa2EZpFSJFg5UcVoQ0ytc5 0gpmc/0CfLsgk4zF3NeiC3UU25+wbrsNZdFNsawPtfNbRZxECGRHyvJbMQKdaiUrgI6G D7+hnj1rQmoLunN5k7JPLp+HIbQOpIgNOTnIA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=2Lkt9TaEtzqDJASQ+tBfr0620p290qhpRrsYnjOHP1k=; b=dArC2tgsbP1Ut/AneKYPoKEgr+VV17X9M86h99b5FGYSBopFElcZt+OIDGJsCHiCFN fHI3U9LDVW21WzElH1qgdYoLISOqtExynJJi9PgfJt10xHSztZaLA2aFMPOZ+QwWqfx4 OBMN+c4yhdl33tUiABn3Dmh59VZv9XJYtpwpgw63B+hIH6HpcJA47VhNKqQ8QUNDbGdU Ux24oWV4mhmSQzYOQ8g61TCPU7p08IWldHXJjPzA3ssZYk0MXvZzPyNuWGdAPZ/qHOBN oWCWGoNnyFGWsfIYdEQIJxr2XnJ/Mw3Md6ETkmI2H0JvCBQNHpWH+l1pLcvW5+JsY5fI GqmA== X-Gm-Message-State: ABuFfojVjN+NYOb8Q4JWUACckbBq2ISnBs/y1v36W5f93NVGRQkCgEU2 zOsC3M/uIk2VxzncPh+mzTbYfJb+ X-Google-Smtp-Source: ACcGV63JatlNPbVL0j2IpbF9gHrTmWN67sRbEXOXFQsVjX+m/OXRbHlNk4feIja90C7QUiSwB4WkiA== X-Received: by 2002:a0c:ba2e:: with SMTP id w46-v6mr17445512qvf.32.1539617551023; Mon, 15 Oct 2018 08:32:31 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([72.71.243.63]) by smtp.googlemail.com with ESMTPSA id g82-v6sm10087768qkh.24.2018.10.15.08.32.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Oct 2018 08:32:30 -0700 (PDT) From: David Long To: , Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.14 09/24] ARM: spectre-v2: add firmware based hardening Date: Mon, 15 Oct 2018 11:32:03 -0400 Message-Id: <1539617538-22328-10-git-send-email-dave.long@linaro.org> X-Mailer: git-send-email 2.5.0 In-Reply-To: <1539617538-22328-1-git-send-email-dave.long@linaro.org> References: <1539617538-22328-1-git-send-email-dave.long@linaro.org> From: Russell King Commit 10115105cb3aa17b5da1cb726ae8dd5f6854bd93 upstream. Add firmware based hardening for cores that require more complex handling in firmware. Signed-off-by: Russell King Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Reviewed-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/mm/proc-v7-bugs.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++ arch/arm/mm/proc-v7.S | 21 ++++++++++++++++ 2 files changed, 81 insertions(+) -- 2.5.0 diff --git a/arch/arm/mm/proc-v7-bugs.c b/arch/arm/mm/proc-v7-bugs.c index 85a2e3d..da25a38 100644 --- a/arch/arm/mm/proc-v7-bugs.c +++ b/arch/arm/mm/proc-v7-bugs.c @@ -1,14 +1,20 @@ // SPDX-License-Identifier: GPL-2.0 +#include #include +#include #include #include #include +#include #include #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR DEFINE_PER_CPU(harden_branch_predictor_fn_t, harden_branch_predictor_fn); +extern void cpu_v7_smc_switch_mm(phys_addr_t pgd_phys, struct mm_struct *mm); +extern void cpu_v7_hvc_switch_mm(phys_addr_t pgd_phys, struct mm_struct *mm); + static void harden_branch_predictor_bpiall(void) { write_sysreg(0, BPIALL); @@ -19,6 +25,16 @@ static void harden_branch_predictor_iciallu(void) write_sysreg(0, ICIALLU); } +static void __maybe_unused call_smc_arch_workaround_1(void) +{ + arm_smccc_1_1_smc(ARM_SMCCC_ARCH_WORKAROUND_1, NULL); +} + +static void __maybe_unused call_hvc_arch_workaround_1(void) +{ + arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_WORKAROUND_1, NULL); +} + static void cpu_v7_spectre_init(void) { const char *spectre_v2_method = NULL; @@ -45,7 +61,51 @@ static void cpu_v7_spectre_init(void) harden_branch_predictor_iciallu; spectre_v2_method = "ICIALLU"; break; + +#ifdef CONFIG_ARM_PSCI + default: + /* Other ARM CPUs require no workaround */ + if (read_cpuid_implementor() == ARM_CPU_IMP_ARM) + break; + /* fallthrough */ + /* Cortex A57/A72 require firmware workaround */ + case ARM_CPU_PART_CORTEX_A57: + case ARM_CPU_PART_CORTEX_A72: { + struct arm_smccc_res res; + + if (psci_ops.smccc_version == SMCCC_VERSION_1_0) + break; + + switch (psci_ops.conduit) { + case PSCI_CONDUIT_HVC: + arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, + ARM_SMCCC_ARCH_WORKAROUND_1, &res); + if ((int)res.a0 != 0) + break; + per_cpu(harden_branch_predictor_fn, cpu) = + call_hvc_arch_workaround_1; + processor.switch_mm = cpu_v7_hvc_switch_mm; + spectre_v2_method = "hypervisor"; + break; + + case PSCI_CONDUIT_SMC: + arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, + ARM_SMCCC_ARCH_WORKAROUND_1, &res); + if ((int)res.a0 != 0) + break; + per_cpu(harden_branch_predictor_fn, cpu) = + call_smc_arch_workaround_1; + processor.switch_mm = cpu_v7_smc_switch_mm; + spectre_v2_method = "firmware"; + break; + + default: + break; + } } +#endif + } + if (spectre_v2_method) pr_info("CPU%u: Spectre v2: using %s workaround\n", smp_processor_id(), spectre_v2_method); diff --git a/arch/arm/mm/proc-v7.S b/arch/arm/mm/proc-v7.S index 562bcf2..12468d9 100644 --- a/arch/arm/mm/proc-v7.S +++ b/arch/arm/mm/proc-v7.S @@ -9,6 +9,7 @@ * * This is the "shell" of the ARMv7 processor support. */ +#include #include #include #include @@ -93,6 +94,26 @@ ENTRY(cpu_v7_dcache_clean_area) ret lr ENDPROC(cpu_v7_dcache_clean_area) +#ifdef CONFIG_ARM_PSCI + .arch_extension sec +ENTRY(cpu_v7_smc_switch_mm) + stmfd sp!, {r0 - r3} + movw r0, #:lower16:ARM_SMCCC_ARCH_WORKAROUND_1 + movt r0, #:upper16:ARM_SMCCC_ARCH_WORKAROUND_1 + smc #0 + ldmfd sp!, {r0 - r3} + b cpu_v7_switch_mm +ENDPROC(cpu_v7_smc_switch_mm) + .arch_extension virt +ENTRY(cpu_v7_hvc_switch_mm) + stmfd sp!, {r0 - r3} + movw r0, #:lower16:ARM_SMCCC_ARCH_WORKAROUND_1 + movt r0, #:upper16:ARM_SMCCC_ARCH_WORKAROUND_1 + hvc #0 + ldmfd sp!, {r0 - r3} + b cpu_v7_switch_mm +ENDPROC(cpu_v7_smc_switch_mm) +#endif ENTRY(cpu_v7_iciallu_switch_mm) mov r3, #0 mcr p15, 0, r3, c7, c5, 0 @ ICIALLU From patchwork Mon Oct 15 15:32:04 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 148860 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp3933878lji; Mon, 15 Oct 2018 08:32:32 -0700 (PDT) X-Received: by 2002:a37:1413:: with SMTP id e19-v6mr15860801qkh.295.1539617552406; Mon, 15 Oct 2018 08:32:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539617552; cv=none; d=google.com; s=arc-20160816; b=Uh7Kd34CDvBSh0D4kiOEAqFulQv1TsUBlF9QBI/SrvdXJ4V4R8PElp9GoHUhIlEyMp 7by0gUifolyCr4YIQTyPU+9KfKOP6FAE8mpA26wL8b2SBigoPvezUGECHV7q6e9uFdiU u5ETNCUw/a9zVZantTklMof69OYFtMDcwSE9rY/Sg8it59ucEoirXKhNpqb58HZYtbAA IQ7afWccP3xFNcXlH3nqZX7c/EudIxctPJHcGJrykxgMEGvPVw+h7yIPyJkVT57Pe0PL nzMFeGh5Md7ezlKA3YxD3TbKpMGZplUPrQ7z/2nDagRr3Ef09fN6V1YUy3n2wiAJugHk kv7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=kX1aRmUed2abMvyaC7oMZXimOrRg7sG0R42YkGEm2uI=; b=YlVorL6A7JbNNwHMp4HNFNyeYh9PfHOdFibG6Lcl9hjwAS8Co8/xj/LZya6wnVSFXg bhs45F855736mjHVJmZb6X7fu16vgmAUtdz8sgzZYia2YqsO/hGysOq9cm/gGoG2K67r AYtfsRh+qdNois3VyfQ7OQl7jpEn9TgfYV1NvkqOprT8UlquQNjE4krooJJi9wY4/Zd6 hjugMvhAuDPI5/QCY64OHhml48nh1zXtgTb03M3WR27i3Ny0ydwjZwaVjZwHiX762wL/ brFCEy9tGp6WRVAX8wnfyveDo38q49u0ckdKkgX7GeYGCSaD9Z5z7a9fooLpVvUmG3dp G9uQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=YH0dbbgh; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id q68-v6sor6400996qkb.47.2018.10.15.08.32.32 for (Google Transport Security); Mon, 15 Oct 2018 08:32:32 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=YH0dbbgh; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=kX1aRmUed2abMvyaC7oMZXimOrRg7sG0R42YkGEm2uI=; b=YH0dbbghvOwhYhLcKLIVxKkZ0F8PwoWjv8yRNlp2pzk/39N8FXGku7WIxKFrX9unJR 9ui9dsQ2nizuMg1Tqlm8Z7Q4Q+uMofwnsMXQapZjt3K6UYxtzcWvygjN4Mm4YepSF6W6 /34KP8OeTAWtoMOo1I89mh/7vRhy4OFH8xr4k= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=kX1aRmUed2abMvyaC7oMZXimOrRg7sG0R42YkGEm2uI=; b=Sy7vyFDY7ld1Z5XLmii3KeOj23y2oFpWAP9dUsQA0rRVQqHDGz13ucj2M9gmuMXUWI uZnXwHuf+lEsrgJH1pUgsf32p1Cac66vgP6i6H7xtoyD7sBVrptMb2Jl9NBTUYv7MOL8 Nw6jHFLBt0reUBHqNUy4egyfg2vGOl9n0uRyWy64Q0BGb9NWc70i8MwFWWjmrvNPxm+9 BtaPQhL4Vh8X9lPJr/zY3+YClzMphN7obFh5RqfiC+jnqRV4wXPxTXFPvQ3Bh0sinjvi RuxkjyytVRz0uhb+Sbct75xSZATuQxdN/Vb4gMQoPRlS74dtaJrPzKvjav9bHC+jJfsX 2RBA== X-Gm-Message-State: ABuFfoga4TQ/qrFbIWeTc2Lo1FQqytuSheW8YB42dzP6M0dx1x5UQ83F B03HcY1AcngJmsMUMWWTQWVeyXUh X-Google-Smtp-Source: ACcGV62d75RNqt9CUr/gtd7PttQX54Rq0JAKLcrRzp4VoWG79TZOZGmmmPgsuv3cB7WKKhYWWEb6OQ== X-Received: by 2002:a37:5b83:: with SMTP id p125-v6mr15562060qkb.88.1539617552013; Mon, 15 Oct 2018 08:32:32 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([72.71.243.63]) by smtp.googlemail.com with ESMTPSA id g82-v6sm10087768qkh.24.2018.10.15.08.32.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Oct 2018 08:32:31 -0700 (PDT) From: David Long To: , Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.14 10/24] ARM: spectre-v2: warn about incorrect context switching functions Date: Mon, 15 Oct 2018 11:32:04 -0400 Message-Id: <1539617538-22328-11-git-send-email-dave.long@linaro.org> X-Mailer: git-send-email 2.5.0 In-Reply-To: <1539617538-22328-1-git-send-email-dave.long@linaro.org> References: <1539617538-22328-1-git-send-email-dave.long@linaro.org> From: Russell King Commit c44f366ea7c85e1be27d08f2f0880f4120698125 upstream. Warn at error level if the context switching function is not what we are expecting. This can happen with big.Little systems, which we currently do not support. Signed-off-by: Russell King Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Acked-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/mm/proc-v7-bugs.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) -- 2.5.0 diff --git a/arch/arm/mm/proc-v7-bugs.c b/arch/arm/mm/proc-v7-bugs.c index da25a38..5544b82 100644 --- a/arch/arm/mm/proc-v7-bugs.c +++ b/arch/arm/mm/proc-v7-bugs.c @@ -12,6 +12,8 @@ #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR DEFINE_PER_CPU(harden_branch_predictor_fn_t, harden_branch_predictor_fn); +extern void cpu_v7_iciallu_switch_mm(phys_addr_t pgd_phys, struct mm_struct *mm); +extern void cpu_v7_bpiall_switch_mm(phys_addr_t pgd_phys, struct mm_struct *mm); extern void cpu_v7_smc_switch_mm(phys_addr_t pgd_phys, struct mm_struct *mm); extern void cpu_v7_hvc_switch_mm(phys_addr_t pgd_phys, struct mm_struct *mm); @@ -50,6 +52,8 @@ static void cpu_v7_spectre_init(void) case ARM_CPU_PART_CORTEX_A17: case ARM_CPU_PART_CORTEX_A73: case ARM_CPU_PART_CORTEX_A75: + if (processor.switch_mm != cpu_v7_bpiall_switch_mm) + goto bl_error; per_cpu(harden_branch_predictor_fn, cpu) = harden_branch_predictor_bpiall; spectre_v2_method = "BPIALL"; @@ -57,6 +61,8 @@ static void cpu_v7_spectre_init(void) case ARM_CPU_PART_CORTEX_A15: case ARM_CPU_PART_BRAHMA_B15: + if (processor.switch_mm != cpu_v7_iciallu_switch_mm) + goto bl_error; per_cpu(harden_branch_predictor_fn, cpu) = harden_branch_predictor_iciallu; spectre_v2_method = "ICIALLU"; @@ -82,6 +88,8 @@ static void cpu_v7_spectre_init(void) ARM_SMCCC_ARCH_WORKAROUND_1, &res); if ((int)res.a0 != 0) break; + if (processor.switch_mm != cpu_v7_hvc_switch_mm && cpu) + goto bl_error; per_cpu(harden_branch_predictor_fn, cpu) = call_hvc_arch_workaround_1; processor.switch_mm = cpu_v7_hvc_switch_mm; @@ -93,6 +101,8 @@ static void cpu_v7_spectre_init(void) ARM_SMCCC_ARCH_WORKAROUND_1, &res); if ((int)res.a0 != 0) break; + if (processor.switch_mm != cpu_v7_smc_switch_mm && cpu) + goto bl_error; per_cpu(harden_branch_predictor_fn, cpu) = call_smc_arch_workaround_1; processor.switch_mm = cpu_v7_smc_switch_mm; @@ -109,6 +119,11 @@ static void cpu_v7_spectre_init(void) if (spectre_v2_method) pr_info("CPU%u: Spectre v2: using %s workaround\n", smp_processor_id(), spectre_v2_method); + return; + +bl_error: + pr_err("CPU%u: Spectre v2: incorrect context switching function, system vulnerable\n", + cpu); } #else static void cpu_v7_spectre_init(void) From patchwork Mon Oct 15 15:32:05 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 148861 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp3933893lji; Mon, 15 Oct 2018 08:32:33 -0700 (PDT) X-Received: by 2002:a0c:9425:: with SMTP id h34mr18091811qvh.0.1539617553439; Mon, 15 Oct 2018 08:32:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539617553; cv=none; d=google.com; s=arc-20160816; b=pJq7IJL0b3f6qd35kjkhifyuvgvT+QejrRr6Vb+U+HGhGup3ZOGL2nGFrQMWvyenQI oAdxEd7POITkPEToRRsycqqQFMV7Yo0s8Do5ordi0dkrZHbjtmUtU5+6DNevKOkC8pHa dJMGJ97hi5G9Kere7oFvj3rr0cA2lnEu8HxK4foTxVh4TScdbjvKBdXUgCpNcGVVz7BG Bbl6UBZVyPwyTw8MbW6A4UND0u5WW4PFZn7N2d18GgJ4a0dIXshBGiarICL7i6tXEi4z 1cN5v693MnnqsIQQBd3MpxaAScz4smNjBUmSqRGm1h+VC9UYT5gi5PPNN7mPpWsCch7/ 2qjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=k0g3bZJ1niqzlT2RYDHwLj98YGSAxcR3RA1D6vBxzl8=; b=tXHwHLqc/N1/ZsmvCGmzg2NBzPr676yFMxlctFRW8MC3SlFTSjS7K9IYEP0jYqx7Bw uss0UKwrqX4E4zybvXMIUxJpbAAcuHF17EflZaaB/95VXJK92mWlijUjecpDb/Itr1mo 1DP9SQOrgF8rvnBrkV/D8/wjvi4SO2rdVLhRgWGjrnrqa5ygq6aYHhPNOLul0RNZEhy1 uZzi0AqztNIyuZCu+Rf55O2lZMpEMYrHDQlufdc52G28OURhqb7qbCaBjL1rGqwoPXL5 P0iafAjxukleCHmMjKwtt1+P7PiKqX6CjMCUakIcAwkqmYdNyPuhl6291WsgrJNUqI6M HcEg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=kDgF9uXa; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id v9sor1338847qvf.0.2018.10.15.08.32.33 for (Google Transport Security); Mon, 15 Oct 2018 08:32:33 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=kDgF9uXa; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=k0g3bZJ1niqzlT2RYDHwLj98YGSAxcR3RA1D6vBxzl8=; b=kDgF9uXaoxGdsE6Dl+DC3F8CyEIrOltiSYY0naFS2veh3gl544h7BwEACM6dq4FpZW zE5Y5srH1Z4wHPHtYRBEzlQ2zXMR1cvRFWL1bqFdhhfs7ZkbIezHUffbVkaJOZbLrm+v otcTJgR6bhOOM9hYKiKquh5DeuaJmNxAaKMwI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=k0g3bZJ1niqzlT2RYDHwLj98YGSAxcR3RA1D6vBxzl8=; b=V2morGqE2v4RlnDjDMrSn4BT4n0fe56D2orBfqPvizP94k0CHIdAVkLKOBX0CLb5lG k8yMtTU2j+fOJWNKuqpB1whzEJ6vXUQaTOvJ0loXM0GZ2/9FJgxCARlmiUEtKmQkg7Dk AVVqglbwyWGu7JgZxQOFRdSfhTu1KaXKZKh7To8u0QaZBvO9hzUcOsbBSRiocVwz0aA2 Jt/sQZ9N/UzXLyFQdWoxqW6Eo0vmmdL3oh9SGsyflciKWNDSc6nlRwzseeoMCa85l2RS xRjd4jsQsfwNFGUv1Le3wGSB6mw6TjfKm2mto1FgA/VaxR37EdVi+fEGrEhucNt0ypyC FrCg== X-Gm-Message-State: ABuFfoi30/fL6WTMPFs01NRRcBtoal9TyaMNy+eR9wCHM/aoyIfr+rjQ EtELig9MBJDbotCYECAG7UDTv+k4 X-Google-Smtp-Source: ACcGV60PoOahUFK6SS8jtOtunzWgTE01mb31dn3hsXQ5XuGt2Qn4iUkrp2ZCyNJ9CL40dR+VTbncSQ== X-Received: by 2002:ad4:4048:: with SMTP id r8mr17278898qvp.23.1539617552995; Mon, 15 Oct 2018 08:32:32 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([72.71.243.63]) by smtp.googlemail.com with ESMTPSA id g82-v6sm10087768qkh.24.2018.10.15.08.32.32 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Oct 2018 08:32:32 -0700 (PDT) From: David Long To: , Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.14 11/24] ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17 Date: Mon, 15 Oct 2018 11:32:05 -0400 Message-Id: <1539617538-22328-12-git-send-email-dave.long@linaro.org> X-Mailer: git-send-email 2.5.0 In-Reply-To: <1539617538-22328-1-git-send-email-dave.long@linaro.org> References: <1539617538-22328-1-git-send-email-dave.long@linaro.org> From: Marc Zyngier Commit 3f7e8e2e1ebda787f156ce46e3f0a9ce2833fa4f upstream. In order to avoid aliasing attacks against the branch predictor, let's invalidate the BTB on guest exit. This is made complicated by the fact that we cannot take a branch before invalidating the BTB. We only apply this to A12 and A17, which are the only two ARM cores on which this useful. Signed-off-by: Marc Zyngier Signed-off-by: Russell King Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Signed-off-by: David A. Long --- arch/arm/include/asm/kvm_asm.h | 2 -- arch/arm/include/asm/kvm_mmu.h | 17 +++++++++- arch/arm/kvm/hyp/hyp-entry.S | 71 ++++++++++++++++++++++++++++++++++++++++-- 3 files changed, 85 insertions(+), 5 deletions(-) -- 2.5.0 diff --git a/arch/arm/include/asm/kvm_asm.h b/arch/arm/include/asm/kvm_asm.h index 14d68a4..b598e66 100644 --- a/arch/arm/include/asm/kvm_asm.h +++ b/arch/arm/include/asm/kvm_asm.h @@ -61,8 +61,6 @@ struct kvm_vcpu; extern char __kvm_hyp_init[]; extern char __kvm_hyp_init_end[]; -extern char __kvm_hyp_vector[]; - extern void __kvm_flush_vm_context(void); extern void __kvm_tlb_flush_vmid_ipa(struct kvm *kvm, phys_addr_t ipa); extern void __kvm_tlb_flush_vmid(struct kvm *kvm); diff --git a/arch/arm/include/asm/kvm_mmu.h b/arch/arm/include/asm/kvm_mmu.h index 8a098e6..85d48c9 100644 --- a/arch/arm/include/asm/kvm_mmu.h +++ b/arch/arm/include/asm/kvm_mmu.h @@ -246,7 +246,22 @@ static inline int kvm_read_guest_lock(struct kvm *kvm, static inline void *kvm_get_hyp_vector(void) { - return kvm_ksym_ref(__kvm_hyp_vector); + switch(read_cpuid_part()) { +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + case ARM_CPU_PART_CORTEX_A12: + case ARM_CPU_PART_CORTEX_A17: + { + extern char __kvm_hyp_vector_bp_inv[]; + return kvm_ksym_ref(__kvm_hyp_vector_bp_inv); + } + +#endif + default: + { + extern char __kvm_hyp_vector[]; + return kvm_ksym_ref(__kvm_hyp_vector); + } + } } static inline int kvm_map_vectors(void) diff --git a/arch/arm/kvm/hyp/hyp-entry.S b/arch/arm/kvm/hyp/hyp-entry.S index 95a2fae..e789f52 100644 --- a/arch/arm/kvm/hyp/hyp-entry.S +++ b/arch/arm/kvm/hyp/hyp-entry.S @@ -71,6 +71,66 @@ __kvm_hyp_vector: W(b) hyp_irq W(b) hyp_fiq +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + .align 5 +__kvm_hyp_vector_bp_inv: + .global __kvm_hyp_vector_bp_inv + + /* + * We encode the exception entry in the bottom 3 bits of + * SP, and we have to guarantee to be 8 bytes aligned. + */ + W(add) sp, sp, #1 /* Reset 7 */ + W(add) sp, sp, #1 /* Undef 6 */ + W(add) sp, sp, #1 /* Syscall 5 */ + W(add) sp, sp, #1 /* Prefetch abort 4 */ + W(add) sp, sp, #1 /* Data abort 3 */ + W(add) sp, sp, #1 /* HVC 2 */ + W(add) sp, sp, #1 /* IRQ 1 */ + W(nop) /* FIQ 0 */ + + mcr p15, 0, r0, c7, c5, 6 /* BPIALL */ + isb + +#ifdef CONFIG_THUMB2_KERNEL + /* + * Yet another silly hack: Use VPIDR as a temp register. + * Thumb2 is really a pain, as SP cannot be used with most + * of the bitwise instructions. The vect_br macro ensures + * things gets cleaned-up. + */ + mcr p15, 4, r0, c0, c0, 0 /* VPIDR */ + mov r0, sp + and r0, r0, #7 + sub sp, sp, r0 + push {r1, r2} + mov r1, r0 + mrc p15, 4, r0, c0, c0, 0 /* VPIDR */ + mrc p15, 0, r2, c0, c0, 0 /* MIDR */ + mcr p15, 4, r2, c0, c0, 0 /* VPIDR */ +#endif + +.macro vect_br val, targ +ARM( eor sp, sp, #\val ) +ARM( tst sp, #7 ) +ARM( eorne sp, sp, #\val ) + +THUMB( cmp r1, #\val ) +THUMB( popeq {r1, r2} ) + + beq \targ +.endm + + vect_br 0, hyp_fiq + vect_br 1, hyp_irq + vect_br 2, hyp_hvc + vect_br 3, hyp_dabt + vect_br 4, hyp_pabt + vect_br 5, hyp_svc + vect_br 6, hyp_undef + vect_br 7, hyp_reset +#endif + .macro invalid_vector label, cause .align \label: mov r0, #\cause @@ -149,7 +209,14 @@ hyp_hvc: bx ip 1: - push {lr} + /* + * Pushing r2 here is just a way of keeping the stack aligned to + * 8 bytes on any path that can trigger a HYP exception. Here, + * we may well be about to jump into the guest, and the guest + * exit would otherwise be badly decoded by our fancy + * "decode-exception-without-a-branch" code... + */ + push {r2, lr} mov lr, r0 mov r0, r1 @@ -159,7 +226,7 @@ hyp_hvc: THUMB( orr lr, #1) blx lr @ Call the HYP function - pop {lr} + pop {r2, lr} eret guest_trap: From patchwork Mon Oct 15 15:32:06 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 148862 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp3933911lji; Mon, 15 Oct 2018 08:32:34 -0700 (PDT) X-Received: by 2002:a0c:aa06:: with SMTP id d6-v6mr17436809qvb.26.1539617554404; Mon, 15 Oct 2018 08:32:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539617554; cv=none; d=google.com; s=arc-20160816; b=H6Fc2d8bMXQ34PIeHpxpQr6DmTWpNBgW+RA8Ot5ZjLbdLNJjBzHzDtFxzoPNR5ONPO jjJrtAOJck/W2KRSSrQk//OCEJpNeA8hiVMEPRdWK/v586ANTBBBV3XYmdzaGVG4JFTe 2SYVbAHuX+QDjK/JNT1RmoCe42oarZAQ2tkPJBeoMlQMEyu316qwBvgCgVwbx2WjUiZm XLpw1FDNUSv0bI7neO7SziiqrkEjyY9d2g1H5Zja+t6OPxlCFRbCgCk4l5NiMf1V8ies LpI0NV3aEGWLJR2TUVNC3Bzuwlxy4fY54CmQQjtseY/ew4yl8GhZaILQbFIYQ9GeEqNQ ZkQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=lOxhVwiZMGTDMExac/LzweOoDpoIyRiEe92zktpSuQs=; b=awQ+uB93yasQEwPZqvb8QSPn/+qu2t2pf5uihPm66XooZiBBt9Vjw1XWCUThPI+LiT y76ZzDWevRiOUrvLW+IBQRyzjFg+4mOxKxddq6PUVdqaEl4m7YkXTnbKvRSF9IcFitty LnkPmrt3c0/rx7N9Lc3a+4LnehJp/M5KENmXzxEUpjvuInhNAp9v7v/hZGzunvz9ZwIp WQ4dLPGy6yt9TuTEgcDcbIxDbXzDRMj+FkO6+y81+BGoLLFZJGXiaFVA7XH/w8YNYNu+ KOuVbPIRw2stPU1VhJ86uaTgCQulexTeTaVABUEM1lZPp8OnZLYqob/9HZxnc6q4ux3+ FgTw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=UHAS4B48; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id p35-v6sor12066792qve.50.2018.10.15.08.32.34 for (Google Transport Security); Mon, 15 Oct 2018 08:32:34 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=UHAS4B48; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=lOxhVwiZMGTDMExac/LzweOoDpoIyRiEe92zktpSuQs=; b=UHAS4B48IwK2TiceCVi8EA8lJkIcZ77RoitAnjTkU+88dtZtAa5ylg3il/QWHDPFiX GXLLpbB2wsMnGTYrtIndUetmA6DN5bWTytpFdtH2plZA3jJ2GgqQWgFF7taJqM7xl8SI R37e8FeozuGhkqdyk760ZO26OsHIxKbc0NlPk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=lOxhVwiZMGTDMExac/LzweOoDpoIyRiEe92zktpSuQs=; b=eSh1wfHNx9rALKjyGItSAZoy/lj34Y7f4HQRpXOu8G0fssU2hkfPQlrDCKnErsQo4x Gj0sMS8GGzb3vHWE8+65DXk1bUXv+eUh/fAg/zSNPgsHqwcdkYZIcW468KRzpcRQd+U7 EnOP2ypuhv4izE8YIHYxYNXw8ZGuer2DC5akK09faAfyk8DcrAXQKqa9uP2FqdNTANM+ 9USZzqompVedHMq78ABJ/RmsgN7vzr3UhP5T9Z6S03F2qYQ7kNjiwHib5I9f/RG3LDvn 5dChRI2VwCr9/3OKQLHp5YQMM+BC6E2STIA8mnCJmYTS+5DVJmvhhFgPXLNoAJjkZAHT 9r0A== X-Gm-Message-State: ABuFfojFWM7FCP1ESMwcK3Tx90fCTOHY09q2JF0gii5ZjMHVYkcqif83 94wBP6mg+fZ5K76xulC3mlVhgmf9 X-Google-Smtp-Source: ACcGV63FxdvcEgaaPkYhYZhUgd7LA6pZgGkJib/YG/lFvg6cXt5HjpQOSUKTxpeJhDvWeTH138nLdA== X-Received: by 2002:a0c:d78e:: with SMTP id z14-v6mr17067564qvi.92.1539617554004; Mon, 15 Oct 2018 08:32:34 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([72.71.243.63]) by smtp.googlemail.com with ESMTPSA id g82-v6sm10087768qkh.24.2018.10.15.08.32.33 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Oct 2018 08:32:33 -0700 (PDT) From: David Long To: , Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.14 12/24] ARM: KVM: invalidate icache on guest exit for Cortex-A15 Date: Mon, 15 Oct 2018 11:32:06 -0400 Message-Id: <1539617538-22328-13-git-send-email-dave.long@linaro.org> X-Mailer: git-send-email 2.5.0 In-Reply-To: <1539617538-22328-1-git-send-email-dave.long@linaro.org> References: <1539617538-22328-1-git-send-email-dave.long@linaro.org> From: Marc Zyngier Commit 0c47ac8cd157727e7a532d665d6fb1b5fd333977 upstream. In order to avoid aliasing attacks against the branch predictor on Cortex-A15, let's invalidate the BTB on guest exit, which can only be done by invalidating the icache (with ACTLR[0] being set). We use the same hack as for A12/A17 to perform the vector decoding. Signed-off-by: Marc Zyngier Signed-off-by: Russell King Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Signed-off-by: David A. Long --- arch/arm/include/asm/kvm_mmu.h | 5 +++++ arch/arm/kvm/hyp/hyp-entry.S | 24 ++++++++++++++++++++++++ 2 files changed, 29 insertions(+) -- 2.5.0 diff --git a/arch/arm/include/asm/kvm_mmu.h b/arch/arm/include/asm/kvm_mmu.h index 85d48c9..082b286 100644 --- a/arch/arm/include/asm/kvm_mmu.h +++ b/arch/arm/include/asm/kvm_mmu.h @@ -255,6 +255,11 @@ static inline void *kvm_get_hyp_vector(void) return kvm_ksym_ref(__kvm_hyp_vector_bp_inv); } + case ARM_CPU_PART_CORTEX_A15: + { + extern char __kvm_hyp_vector_ic_inv[]; + return kvm_ksym_ref(__kvm_hyp_vector_ic_inv); + } #endif default: { diff --git a/arch/arm/kvm/hyp/hyp-entry.S b/arch/arm/kvm/hyp/hyp-entry.S index e789f52..918a05d 100644 --- a/arch/arm/kvm/hyp/hyp-entry.S +++ b/arch/arm/kvm/hyp/hyp-entry.S @@ -73,6 +73,28 @@ __kvm_hyp_vector: #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR .align 5 +__kvm_hyp_vector_ic_inv: + .global __kvm_hyp_vector_ic_inv + + /* + * We encode the exception entry in the bottom 3 bits of + * SP, and we have to guarantee to be 8 bytes aligned. + */ + W(add) sp, sp, #1 /* Reset 7 */ + W(add) sp, sp, #1 /* Undef 6 */ + W(add) sp, sp, #1 /* Syscall 5 */ + W(add) sp, sp, #1 /* Prefetch abort 4 */ + W(add) sp, sp, #1 /* Data abort 3 */ + W(add) sp, sp, #1 /* HVC 2 */ + W(add) sp, sp, #1 /* IRQ 1 */ + W(nop) /* FIQ 0 */ + + mcr p15, 0, r0, c7, c5, 0 /* ICIALLU */ + isb + + b decode_vectors + + .align 5 __kvm_hyp_vector_bp_inv: .global __kvm_hyp_vector_bp_inv @@ -92,6 +114,8 @@ __kvm_hyp_vector_bp_inv: mcr p15, 0, r0, c7, c5, 6 /* BPIALL */ isb +decode_vectors: + #ifdef CONFIG_THUMB2_KERNEL /* * Yet another silly hack: Use VPIDR as a temp register. From patchwork Mon Oct 15 15:32:07 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 148863 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp3933934lji; Mon, 15 Oct 2018 08:32:35 -0700 (PDT) X-Received: by 2002:ac8:48d9:: with SMTP id l25-v6mr16497640qtr.235.1539617555509; Mon, 15 Oct 2018 08:32:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539617555; cv=none; d=google.com; s=arc-20160816; b=dfqQq4QF6kFirQLFZUfIuOCvnBNYfnOYq0utx3I0F9kzedy8ISwblBbpvtyWwzGmBL Jvf9ATnOtSx2tt9z8zALhJwC44MT101kyA5lF31a7NJ2fKj8qNflR6S+F2OZvp//j30F isGfcPmpNhvtcfQRV5A6ie/xvtmm5PkIrR03t2TWJyjoVO1sYZSi/zoHvC3zX4onNb8m eauNBwkLCDFhdvFl67mlXu1MnQ9Nhih6KV8+kRVCjYR2IOr280nDEJao/24NIi3G72et QejSzmWnp3Zd6e3Cm7lK8viDZM9bH9HmXtOiQlBS1xM7HhbNxP9YGVBnRZ1+VY8ZnjU2 OE0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=klZhF6UJ0WpeSfnI2dnKkrRtNYPuTeDnCRK2bi958Io=; b=jG+gYZVGsFXBpL7HSAmdq+QeBj9pdqcHd0g89Csy9w+jOYt/VGZV8gbP3m/Uts6oxk c7h95SeE+ui6NMMzorwK8J232l/7bag3ujThwlpk87Yc32y0T7ekLtiLbC1GTKdai7Kq pK6oX/xG2xapg+KN+AJWZMMS0CljIMVLe40OZZVDAX3HH5/+ITeU2mYe1Uh5T4T0DjEt q6KuGmr0PxG5h35kCDE7kgCz8ifdWYrHpb7xm0DE53eNuvM58CqbtDbY1GFnD1pTXEd+ HwogqzGvLGLNnU5/K91Et7j0TM1+XFuYRdH2dhPo3p+5FMqb9kI8yxjxS1vwKaslz78Q uyuw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=NDf5bD4h; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id d23-v6sor12082041qve.3.2018.10.15.08.32.35 for (Google Transport Security); Mon, 15 Oct 2018 08:32:35 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=NDf5bD4h; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=klZhF6UJ0WpeSfnI2dnKkrRtNYPuTeDnCRK2bi958Io=; b=NDf5bD4hRFUNNFafhQmQTJ5FX6WT2IHAMFYmulvnEQZCFs72HVcMH99Y4KZYhhK/3H y+RibmjZX3PeaRpp9D4TcKKdm+qknkiTlpw29tZD4HjOdLtBpBk2Io982C+/Wt1KAiHi ZYEnumu/Ve/9oGvRSdn4YFPWSSP2TTC8flrNg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=klZhF6UJ0WpeSfnI2dnKkrRtNYPuTeDnCRK2bi958Io=; b=fcQ0BsZDO9bH22jDmCI43MnNF3mShM5lQIb/Yax3Zly3KsQWbHXMjDNDDF96NAHazf s8ExKNU142UPB8GirBoJyRotm8FAqCn5AHWFRreAq9EdlJh7oOO7n8quD9jzDdKs5GUV 5hEXgJ/wY38vVniAgrvIi32XGdz5xXjQMJBB0aL8xXN1aEtN5aM6AF0Wf+20b8y5GZXy E2b1fq90OCGqN3K8gHnVUxJ4+SeU/S/eSKxk0obRsXZeim9HbNCvLWaYWdLAGNdNaS5z 0XrRUaAtY0Uomr5XffFrQmcQAegHxHoNIkF2UDp3UIXi7G3UuicNnysogfDpWHaHiVwO Dm/g== X-Gm-Message-State: ABuFfojHySpCAdR5GpMf9DKzIPxuxpmcMkZD+xzLsSv+BvL+bbZl/Q9B xArJW3fMSyc3nmz5U/BvDzA5dY20 X-Google-Smtp-Source: ACcGV63oqSSmZoQJxA6/D2du4d//rArzqgr8/PwRe4Efr1C3jkMKUD8wxKc1KUetHkj4tu/GgrYOFA== X-Received: by 2002:a0c:9c09:: with SMTP id v9mr17254097qve.186.1539617555118; Mon, 15 Oct 2018 08:32:35 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([72.71.243.63]) by smtp.googlemail.com with ESMTPSA id g82-v6sm10087768qkh.24.2018.10.15.08.32.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Oct 2018 08:32:34 -0700 (PDT) From: David Long To: , Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.14 13/24] ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 Date: Mon, 15 Oct 2018 11:32:07 -0400 Message-Id: <1539617538-22328-14-git-send-email-dave.long@linaro.org> X-Mailer: git-send-email 2.5.0 In-Reply-To: <1539617538-22328-1-git-send-email-dave.long@linaro.org> References: <1539617538-22328-1-git-send-email-dave.long@linaro.org> From: Russell King Commit 3c908e16396d130608e831b7fac4b167a2ede6ba upstream. Include Brahma B15 in the Spectre v2 KVM workarounds. Signed-off-by: Russell King Acked-by: Florian Fainelli Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Acked-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/include/asm/kvm_mmu.h | 1 + 1 file changed, 1 insertion(+) -- 2.5.0 diff --git a/arch/arm/include/asm/kvm_mmu.h b/arch/arm/include/asm/kvm_mmu.h index 082b286..ca62f95 100644 --- a/arch/arm/include/asm/kvm_mmu.h +++ b/arch/arm/include/asm/kvm_mmu.h @@ -255,6 +255,7 @@ static inline void *kvm_get_hyp_vector(void) return kvm_ksym_ref(__kvm_hyp_vector_bp_inv); } + case ARM_CPU_PART_BRAHMA_B15: case ARM_CPU_PART_CORTEX_A15: { extern char __kvm_hyp_vector_ic_inv[]; From patchwork Mon Oct 15 15:32:08 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 148864 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp3933943lji; Mon, 15 Oct 2018 08:32:36 -0700 (PDT) X-Received: by 2002:ac8:23ad:: with SMTP id q42-v6mr16777582qtq.322.1539617556519; Mon, 15 Oct 2018 08:32:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539617556; cv=none; d=google.com; s=arc-20160816; b=zGZZ6P6VRn6d4imHsdnS0eJ12FPuvPxl4wQk5SSpniIkLLFty0tzg0RRvkkLOFeoqf JhX5bfZ6Kihn2Q6Pi5qHGyJzq91appJOGWBOZnbHGV2559WdsVPokuU+rczSFZCtph+7 gy+UtyCM3Oc7AR1pLQuu2YGCntp2gMKFZ9fm3ikTfa3j0pNAkNUNVqYbmzJNkej7boMQ Cd4/uqx+8PdIYU4eEhA3LQdeyGugJyMDMA79UINXw0NDBdWlY+ckZPt+fKIyoC3GLRsz v4O6zFkN9LNVWrvxHlU00LkT49lHM9fX/SJCbwqEaMb4dSIb1aXYGhHwdRPsJNeSPY8K OeUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=l0F/4WOicKz2bJZ4mYYrCaB4xT07LccxO7VX90vuudg=; b=dQc3YGIT3sdR/kasviJlRFx4LmBjkt5hBzNp5KqJIJuMLr6oW/UGZi6QZH5llrJnjW LcEMH4T+uSFB9JvnubnMcPD+5rdHF+pgl7+aU1pHEeHRkBBLo8EJUwtwF3Ap9kMuI87w qVzzjeHbJvsEDhmdyPqfRYslid/HfItZHh5jgR7PLkUBgmSNvJfYtNfYy0CD7DB0HMrr 28FE8GD0LstMYPJzQ40DZtmAwl1zzP1qt43zK9ahoGSKcJV87BdB9+sdMVqw3kEWSWCb NzBEd2K/VxloOhEJ7YqZuezkNv1I5IpeTgc+KlWOzqNqeVIstrUIJjfbPkytGsLUiwFQ wFTA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=C6QEMfax; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id m21-v6sor12611875qtb.3.2018.10.15.08.32.36 for (Google Transport Security); Mon, 15 Oct 2018 08:32:36 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=C6QEMfax; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=l0F/4WOicKz2bJZ4mYYrCaB4xT07LccxO7VX90vuudg=; b=C6QEMfaxHfS8luBNlJ18N5G7mZ9/N2cvDxwqdl6X3Mm15h2VrR5V5GwNvN0frlhLha HKbmEqDdRryT+FetdiJGkc4+wCFxMm+mGzlGZBROYTTZuo9uEUuDbuOhKeHcTt9ttRUL suzjBjib3VVQpfytzr3nJYoEaKGTfC4hT33KM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=l0F/4WOicKz2bJZ4mYYrCaB4xT07LccxO7VX90vuudg=; b=Josl/CjsqAkY3LZF5MeNVJJmXaTgj5YZCRCtGqDsr/mRRkRKX26BDY1TyncKV1lmRv o7zf5DCV4MqEN2+FnI3E9lunDE3lOhx7OEzNHc+BATsfhM3UUowROwyxT2EgiibJwRTz jbKJiw1CvH/kT+NcqSTSj25FeUJo0t7W7KqoR4xzZMN7wDjq+vjlDT8zYY/jjwdSkzyB SNGNZEcynhGm2fJj2MFX3a7GJCTJxjfrQO83tN6dtlPdLd1kUiSn4tg582jITTyG7FSn 1xh3Xg29DYXABPQ0AHY8Y0UqHaveTgmSgTvx07g2F3cOU3lapW+yjziYQ2ixEuRsk5/C 9QSw== X-Gm-Message-State: ABuFfoij57EmUfEgwHPYdUo6/7uXft2mgNmmAKk/Esq3U5UM1Tdl6suE Lc4OPBGunsWemHiSBLAgAILEy3Yb X-Google-Smtp-Source: ACcGV60m73tTgBMWb2qJMFUG865pB5TM1Bajc+494tyzwo8QTj8nhxbrSATEZ3qhhOYmJzYCq8XQvQ== X-Received: by 2002:ac8:3026:: with SMTP id f35-v6mr16329706qte.45.1539617556117; Mon, 15 Oct 2018 08:32:36 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([72.71.243.63]) by smtp.googlemail.com with ESMTPSA id g82-v6sm10087768qkh.24.2018.10.15.08.32.35 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Oct 2018 08:32:35 -0700 (PDT) From: David Long To: , Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.14 14/24] ARM: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling Date: Mon, 15 Oct 2018 11:32:08 -0400 Message-Id: <1539617538-22328-15-git-send-email-dave.long@linaro.org> X-Mailer: git-send-email 2.5.0 In-Reply-To: <1539617538-22328-1-git-send-email-dave.long@linaro.org> References: <1539617538-22328-1-git-send-email-dave.long@linaro.org> From: Russell King Commit b800acfc70d9fb81fbd6df70f2cf5e20f70023d0 upstream. We want SMCCC_ARCH_WORKAROUND_1 to be fast. As fast as possible. So let's intercept it as early as we can by testing for the function call number as soon as we've identified a HVC call coming from the guest. Signed-off-by: Russell King Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Reviewed-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/kvm/hyp/hyp-entry.S | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) -- 2.5.0 diff --git a/arch/arm/kvm/hyp/hyp-entry.S b/arch/arm/kvm/hyp/hyp-entry.S index 918a05d..aa3f9a9 100644 --- a/arch/arm/kvm/hyp/hyp-entry.S +++ b/arch/arm/kvm/hyp/hyp-entry.S @@ -16,6 +16,7 @@ * Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ +#include #include #include #include @@ -202,7 +203,7 @@ hyp_hvc: lsr r2, r2, #16 and r2, r2, #0xff cmp r2, #0 - bne guest_trap @ Guest called HVC + bne guest_hvc_trap @ Guest called HVC /* * Getting here means host called HVC, we shift parameters and branch @@ -253,6 +254,20 @@ THUMB( orr lr, #1) pop {r2, lr} eret +guest_hvc_trap: + movw r2, #:lower16:ARM_SMCCC_ARCH_WORKAROUND_1 + movt r2, #:upper16:ARM_SMCCC_ARCH_WORKAROUND_1 + ldr r0, [sp] @ Guest's r0 + teq r0, r2 + bne guest_trap + add sp, sp, #12 + @ Returns: + @ r0 = 0 + @ r1 = HSR value (perfectly predictable) + @ r2 = ARM_SMCCC_ARCH_WORKAROUND_1 + mov r0, #0 + eret + guest_trap: load_vcpu r0 @ Load VCPU pointer to r0 From patchwork Mon Oct 15 15:32:09 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 148865 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp3933968lji; Mon, 15 Oct 2018 08:32:37 -0700 (PDT) X-Received: by 2002:ac8:7153:: with SMTP id h19-v6mr16995356qtp.361.1539617557596; Mon, 15 Oct 2018 08:32:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539617557; cv=none; d=google.com; s=arc-20160816; b=VTe1J+DltMVJzaIgxQWUCIYMKg5b5HfbHWGIIpYC27ZjZR2mCTyxJoJ6dmPTb8N9Rj RSde2Jpq749WtGDgmv7RQoT7s9g88rzaIm/x6pLJclcZjeoHPeYUkiSw+47W1EBcCC+r VpJbdajcVjEHGiuKfHPNkJW2OXJnLAI3zT4JKiFgcazZhqnglmGt5CWLnzz07ogMgrPe pSxBEM3A3vMmKW9uS1aTV4zcF1L1ohZ9kffM3WlcMX3iV8HIXzfJjA1AACwrCgQzyJ0w ZyR8g8nBuYsfZqnF/A+DT8r7fit5gAVzqtYKIRyPXsddGEuTXIWagWi4d3PoDRwiCHLn wjUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=3Fm5Jvq4FwOjNNyTxRV0dOHGMHYMUmlG6M5JCHvD4V0=; b=Pd18ZZ4iPcq4IHaQlMDcFVo8/7MSjA/44WGlCllM5kfUDLvM7T11yipLa6Td46/Rcx Lux0dVRBGSzeZke8xzwOzkuf9ldT+JihhWsAxqpToXS54pXGvnczE5d4uptadz+V1zIu oxd8KfHTNZLudC1kSRF8PLuFiO26a/R/rcQsoxDRKFlm22d+rhi2uu527/f78AKiRQql 3LHzhxM+HdfHP9QXHPhwT8+3TBJ9EY33+adE3e0UfRBoULytLp29YvwtFAesJWcz4xIo rYjFSeO6lIjiTDmNlvwn5CPIqzIV7VY50LhDkT4UWDz7mT2/jl7scEgI0P7XY/dw4dk0 iSJQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=KI2tZEuf; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id o12-v6sor12538500qtb.68.2018.10.15.08.32.37 for (Google Transport Security); Mon, 15 Oct 2018 08:32:37 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=KI2tZEuf; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=3Fm5Jvq4FwOjNNyTxRV0dOHGMHYMUmlG6M5JCHvD4V0=; b=KI2tZEufut/6UHBkxnspwhA2/gu4zTs1dQ6egPJkGC2KVoeEBm6XAnDda+DWDQZbRv 1a8oa0JxS/iT0S+76eHBmcQ3d8NWYwpKYHTLlkDdosirUFlQhdDVXiKjXmwe948l9Sxa 3CQdTZEbgHJSNAlY0Q5QNvf8CXbQj0sjgwJrA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=3Fm5Jvq4FwOjNNyTxRV0dOHGMHYMUmlG6M5JCHvD4V0=; b=mIiKzlTbsY1RvPCYjwu+EGLtpv8ZXYCHZNZphOsmNfPaMZ9K/AY5ZfetfZG47H3acG xJXKqSJ+2agQgZrEYvDFzjsQVvRXS88YkN7rAwrqLVJ++9cVPZH4dFDb/xcyXYQbz8fj +z1OV7YqhzCy1CnyHPs46w1c23ZbkxK5UTHoto+cMXNRdGTjbSNhaDMO9iO4vWkF0t5S cBcPq/9dBLFaxlaIzcnJMsHcLb+Ck+7S4A7iWYgf8jyECR2/5I6pcvnsyYKpYmTiCQ4y T5U0PO9ZRH8QVh7T1+Etdiw7ROmv0EE/+URdHBbphfSba+ETH6SB6wge6LDQObhSecOR HPQg== X-Gm-Message-State: ABuFfogFNvP8xwFwngIvY9mXf+1lY3dwPFwRDAIrmMgHl+rKJtyuKRxC 56kMO8cnE3yIzWiKne/i1yQ32jAk X-Google-Smtp-Source: ACcGV61ODYhkBH5tTGRMnFRrAzBUjkDiSseTtb9BLjsbQERXGv6KBZ17LW671cTwGonRdApbazFD7g== X-Received: by 2002:ac8:6b07:: with SMTP id w7-v6mr15958595qts.287.1539617557220; Mon, 15 Oct 2018 08:32:37 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([72.71.243.63]) by smtp.googlemail.com with ESMTPSA id g82-v6sm10087768qkh.24.2018.10.15.08.32.36 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Oct 2018 08:32:36 -0700 (PDT) From: David Long To: , Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.14 15/24] ARM: KVM: report support for SMCCC_ARCH_WORKAROUND_1 Date: Mon, 15 Oct 2018 11:32:09 -0400 Message-Id: <1539617538-22328-16-git-send-email-dave.long@linaro.org> X-Mailer: git-send-email 2.5.0 In-Reply-To: <1539617538-22328-1-git-send-email-dave.long@linaro.org> References: <1539617538-22328-1-git-send-email-dave.long@linaro.org> From: Russell King Commit add5609877c6785cc002c6ed7e008b1d61064439 upstream. Report support for SMCCC_ARCH_WORKAROUND_1 to KVM guests for affected CPUs. Signed-off-by: Russell King Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Reviewed-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/include/asm/kvm_host.h | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) -- 2.5.0 diff --git a/arch/arm/include/asm/kvm_host.h b/arch/arm/include/asm/kvm_host.h index 65572e1..b602326 100644 --- a/arch/arm/include/asm/kvm_host.h +++ b/arch/arm/include/asm/kvm_host.h @@ -21,6 +21,7 @@ #include #include +#include #include #include #include @@ -298,8 +299,17 @@ int kvm_arm_vcpu_arch_has_attr(struct kvm_vcpu *vcpu, static inline bool kvm_arm_harden_branch_predictor(void) { - /* No way to detect it yet, pretend it is not there. */ - return false; + switch(read_cpuid_part()) { +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + case ARM_CPU_PART_BRAHMA_B15: + case ARM_CPU_PART_CORTEX_A12: + case ARM_CPU_PART_CORTEX_A15: + case ARM_CPU_PART_CORTEX_A17: + return true; +#endif + default: + return false; + } } #define KVM_SSBD_UNKNOWN -1 From patchwork Mon Oct 15 15:32:10 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 148866 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp3933996lji; Mon, 15 Oct 2018 08:32:38 -0700 (PDT) X-Received: by 2002:ae9:f810:: with SMTP id x16-v6mr1638785qkh.334.1539617558522; Mon, 15 Oct 2018 08:32:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539617558; cv=none; d=google.com; s=arc-20160816; b=I7QHK0GbethXj8KmIS3bkhfoWgBIPDAGogfANTkndlqpb1csp8yMRdmLv+m0tikAAb U9IZBXU+388hnm4eyWNL4MTnjl6QjAcELLI1YjBZ6OOORJHnZn9p+UOWn+KrXNiij2Lr ceccYCHnt0rqEZEJOuFBxeWq+bYS5FiPLaIyTTTPFO7yxqmQNPhKpxvwTgqnDPpZFmt5 N+Zy0ProgbFLrF/hw6ZnA3M7JeVyDvrqlGV1QroObG3KDHmXPHE21DiyrQxFo6n+YzCe OUL30CZZrNXcovA0j8r+8eMoV2G+mlm5bG5x4+FU/tOeIcIsx2Z+FX+IrTAVeVQcpd9a BO8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=L+5yAe/iipO5lZy2PCQQfiQAFb3CHUNg0Jsea1KQFGM=; b=qs2Mr7k4eaxmnK/udQfG6+NHeZkflPMUZ4HjB1EmCnUd7LitSoycdZ15RsS1KZbvfy 1883/wrpoTB2wc564/EzSRhcuzc7JHjmqK/r3GPIJgTojisCL97y4AJI+Rc4ckU/3eZ1 zjddqzx7VreHIOzGUOvz0dHS9btFWC1FklV6LfGe3igaJZWxcbj7pQ3pjplS2skCIkru X49bI8Sm4qJ1wk6fFC+5m1607xgoBBhx5HMWHcg1ptYS7jQZ22AW2ie29xCLJ33Y2e8O iBZscwrJCumMO9nZCqjPF0riuG2dL8jBB3jMXCU1nW/YArUKFT2/hfBTL10HjfuRUxxX vkSw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=M2y8u9x9; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id w7-v6sor12078029qvf.25.2018.10.15.08.32.38 for (Google Transport Security); Mon, 15 Oct 2018 08:32:38 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=M2y8u9x9; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=L+5yAe/iipO5lZy2PCQQfiQAFb3CHUNg0Jsea1KQFGM=; b=M2y8u9x9N6B1oXJDHgflyC1mK7EH5hJINXnHmWSVnHLXAQeJ8yhdaTSeBybG7FCzjA 5mtwZoydbfIVTIlgLeA3qWdR1HN1Tv8vbnEfJqWsZ8oyHTcYHAyP8SJ8H031gzR48yh4 XxwH+WH85xISVS+gvPnUACUmTJHzFrhErAct8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=L+5yAe/iipO5lZy2PCQQfiQAFb3CHUNg0Jsea1KQFGM=; b=suz+o+0PfncyB1p5dRvEowgViDj7MOumlU351kr668qgmjCGWT+iQrAcbYY7qZDYzz QEacIFjuhz3DE/hD11qlPnoj3LtK7f0+wdHc683+MzFiYpYnlXLeoqOebh8JqOJyeBXu nCIk4TbP5B0XqVoPlj0+QfRn45QfzKI2UCpBoW/tj5Wnh7iCEPzPd7PcoYg2o5rQxYMg hzOneJNGORJ+nqTw9z6FbTQnYa2qysGFOfOjq40OULxt+YGp9FqVf8IlIt4pxc1xZGUn fxJwm5HuFDCgtZZZhydpji2PYexmg57ddDt4DGWUru1CBa4ZXe5mhemolpcLwXVT/sSV N6Qw== X-Gm-Message-State: ABuFfogpavEPhn6EFsMbLePFkC+mf87t9EpMg64Ofk0Fr4Wme5gaP18Q W9HQxFsYKa2LC9DMfwyfvOZzPaYL X-Google-Smtp-Source: ACcGV6220DIQx+qgq57oilWBeR/+o27Cb/TKPxzqaib6NS6YBzAUHm36ELweQVyXXl1zyXvW9g+npA== X-Received: by 2002:a0c:98a6:: with SMTP id f35mr2359821qvd.224.1539617558140; Mon, 15 Oct 2018 08:32:38 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([72.71.243.63]) by smtp.googlemail.com with ESMTPSA id g82-v6sm10087768qkh.24.2018.10.15.08.32.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Oct 2018 08:32:37 -0700 (PDT) From: David Long To: , Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.14 16/24] ARM: spectre-v1: add speculation barrier (csdb) macros Date: Mon, 15 Oct 2018 11:32:10 -0400 Message-Id: <1539617538-22328-17-git-send-email-dave.long@linaro.org> X-Mailer: git-send-email 2.5.0 In-Reply-To: <1539617538-22328-1-git-send-email-dave.long@linaro.org> References: <1539617538-22328-1-git-send-email-dave.long@linaro.org> From: Russell King Commit a78d156587931a2c3b354534aa772febf6c9e855 upstream. Add assembly and C macros for the new CSDB instruction. Signed-off-by: Russell King Acked-by: Mark Rutland Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Signed-off-by: David A. Long --- arch/arm/include/asm/assembler.h | 8 ++++++++ arch/arm/include/asm/barrier.h | 13 +++++++++++++ 2 files changed, 21 insertions(+) -- 2.5.0 diff --git a/arch/arm/include/asm/assembler.h b/arch/arm/include/asm/assembler.h index 9342904..0cd4dcc 100644 --- a/arch/arm/include/asm/assembler.h +++ b/arch/arm/include/asm/assembler.h @@ -447,6 +447,14 @@ THUMB( orr \reg , \reg , #PSR_T_BIT ) .size \name , . - \name .endm + .macro csdb +#ifdef CONFIG_THUMB2_KERNEL + .inst.w 0xf3af8014 +#else + .inst 0xe320f014 +#endif + .endm + .macro check_uaccess, addr:req, size:req, limit:req, tmp:req, bad:req #ifndef CONFIG_CPU_USE_DOMAINS adds \tmp, \addr, #\size - 1 diff --git a/arch/arm/include/asm/barrier.h b/arch/arm/include/asm/barrier.h index 40f5c41..3d9c1d4 100644 --- a/arch/arm/include/asm/barrier.h +++ b/arch/arm/include/asm/barrier.h @@ -17,6 +17,12 @@ #define isb(option) __asm__ __volatile__ ("isb " #option : : : "memory") #define dsb(option) __asm__ __volatile__ ("dsb " #option : : : "memory") #define dmb(option) __asm__ __volatile__ ("dmb " #option : : : "memory") +#ifdef CONFIG_THUMB2_KERNEL +#define CSDB ".inst.w 0xf3af8014" +#else +#define CSDB ".inst 0xe320f014" +#endif +#define csdb() __asm__ __volatile__(CSDB : : : "memory") #elif defined(CONFIG_CPU_XSC3) || __LINUX_ARM_ARCH__ == 6 #define isb(x) __asm__ __volatile__ ("mcr p15, 0, %0, c7, c5, 4" \ : : "r" (0) : "memory") @@ -37,6 +43,13 @@ #define dmb(x) __asm__ __volatile__ ("" : : : "memory") #endif +#ifndef CSDB +#define CSDB +#endif +#ifndef csdb +#define csdb() +#endif + #ifdef CONFIG_ARM_HEAVY_MB extern void (*soc_mb)(void); extern void arm_heavy_mb(void); From patchwork Mon Oct 15 15:32:11 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 148867 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp3934018lji; Mon, 15 Oct 2018 08:32:39 -0700 (PDT) X-Received: by 2002:ac8:3775:: with SMTP id p50-v6mr16583820qtb.220.1539617559786; Mon, 15 Oct 2018 08:32:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539617559; cv=none; d=google.com; s=arc-20160816; b=Sgf3VKkiYhoXUAE3s2osbItPve0cSZV6HmKyfr1UtPcuHPJaGZGNt/yqvbQQx1S3O9 3Gf0K0keT5zkAdE3Vvi5dtXp394SoENm4l0mTZFkopmbO8KnArjLc+1SVC1tbwiFF/a8 4UQHnMS8Hivpkvu2nKVUI+U41aZZU60OrSdyW6If3Z4ZtEBFtmPZ5O3VuerWQtUKbWEI 0do9IV0Hm5ps6xrpUFjtZ24fj6JNssA/Dd81vJe4ItvIpWPATCIKdk0LO4xFNvzB93kt F6gVIDrxF7l30IbahZHjPzBzX3AtqoKR1vjosUOMPLGmwdy6O5f/dsZ6nf9e7SDXRfwD 9WLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=IK07FGdiT49t5RG4yYBjI5Av5y7V6yw5Er9ypNEcTYs=; b=0ofLcR0N9UCZauxypZ+R94rDdTG+t/H2xDV813z9cxozY8LTzedH+nU+TP+gLT3hNh Uvmg1ryfxJiXWDixPbriabAfL9HCgyBeYFfmAYzkCHxUmMTYJxgBG3w6ZjIIV+r5HmyZ /IF6S6S4BaRp22T8cFYxb+DkwW/tfDg3pOUPNRr9gGkWjuNBiJekJcl2f7d68wG10+AE 6WtCfW1D5WhNg9aYMjX8mJAGu3KgJOX3S0wBnF47K2GMgdYNvKSqPpTs/ePrS003Uv7p goa4avpRnpFGxYtMeb6sJlDBD3lkn1QzGPphDMFGK3HNPXS+sfDcd9e6kuiM8L7NBTGD 2AMA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=M09IRZhO; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id t7-v6sor4262804qkb.40.2018.10.15.08.32.39 for (Google Transport Security); Mon, 15 Oct 2018 08:32:39 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=M09IRZhO; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=IK07FGdiT49t5RG4yYBjI5Av5y7V6yw5Er9ypNEcTYs=; b=M09IRZhOm4+Lf8/oNiVVvpTNUSuhgWskMBwLK7Ve+/ommLAzmQpLrSXJ0QS6Ga7fbQ dxvC0jVwJ1bsMRBOy1NITgH0HwEEWirMHczOKBB7WSVyGsIIeaFKYhxF5o5YzVu1Ixl6 jEmEoBgwF/rJ+wW1toiwfLOOXnOI3n1qVgESI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=IK07FGdiT49t5RG4yYBjI5Av5y7V6yw5Er9ypNEcTYs=; b=k4VZS0RT4BhtoN8piT+FsJrEcmFSTFcIX9I0gq4IBLwug5SffHYGjFNHhU5ETiaLHo lurBCiJOBhUqI+JdyEMexO4hVWIJxoS6ILhW5A1QfVZ9QLxYpgj+muEyrMRT7P7/lOIX klo/+l/g8bbA09bQMyLFGJMJB/wtPju8TPWqrsbAcQMla5udRvvmu21j8wdXcavsKJYU IV9Ji6aYEdKgVDLk9IE6cKfGfa+Rnkg5VNj0sLQYd6LjfQtvXdgrjOIhofL4erVxy5uV dH4neG0Sa8nK6385c8xdzNDx1xIjuWRgmH5Ey0DFVd1/KkUmQ8Bp+kArGqnC2S8YHxHV igoQ== X-Gm-Message-State: ABuFfoiaTuTMlPJVPIAT8OTCYwrnrXWpWbAFzRP1IosOiFubzFwstQ+o pNOYkpodhIS2K9PXcMTgRMYLcq6E X-Google-Smtp-Source: ACcGV6103iVVV2eI4H/0tnuvYoPXykTvDdHd0DE8sepFlcvH39fdpPXsQuZ/n6yWHL7pp3vZTpl/xQ== X-Received: by 2002:a37:bc03:: with SMTP id m3-v6mr16472508qkf.114.1539617559385; Mon, 15 Oct 2018 08:32:39 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([72.71.243.63]) by smtp.googlemail.com with ESMTPSA id g82-v6sm10087768qkh.24.2018.10.15.08.32.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Oct 2018 08:32:38 -0700 (PDT) From: David Long To: , Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.14 17/24] ARM: spectre-v1: add array_index_mask_nospec() implementation Date: Mon, 15 Oct 2018 11:32:11 -0400 Message-Id: <1539617538-22328-18-git-send-email-dave.long@linaro.org> X-Mailer: git-send-email 2.5.0 In-Reply-To: <1539617538-22328-1-git-send-email-dave.long@linaro.org> References: <1539617538-22328-1-git-send-email-dave.long@linaro.org> From: Russell King Commit 1d4238c56f9816ce0f9c8dbe42d7f2ad81cb6613 upstream. Add an implementation of the array_index_mask_nospec() function for mitigating Spectre variant 1 throughout the kernel. Signed-off-by: Russell King Acked-by: Mark Rutland Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Signed-off-by: David A. Long --- arch/arm/include/asm/barrier.h | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) -- 2.5.0 diff --git a/arch/arm/include/asm/barrier.h b/arch/arm/include/asm/barrier.h index 3d9c1d4..69772e7 100644 --- a/arch/arm/include/asm/barrier.h +++ b/arch/arm/include/asm/barrier.h @@ -76,6 +76,25 @@ extern void arm_heavy_mb(void); #define __smp_rmb() __smp_mb() #define __smp_wmb() dmb(ishst) +#ifdef CONFIG_CPU_SPECTRE +static inline unsigned long array_index_mask_nospec(unsigned long idx, + unsigned long sz) +{ + unsigned long mask; + + asm volatile( + "cmp %1, %2\n" + " sbc %0, %1, %1\n" + CSDB + : "=r" (mask) + : "r" (idx), "Ir" (sz) + : "cc"); + + return mask; +} +#define array_index_mask_nospec array_index_mask_nospec +#endif + #include #endif /* !__ASSEMBLY__ */ From patchwork Mon Oct 15 15:32:12 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 148868 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp3934041lji; Mon, 15 Oct 2018 08:32:40 -0700 (PDT) X-Received: by 2002:a37:93c3:: with SMTP id v186-v6mr16506621qkd.186.1539617560725; Mon, 15 Oct 2018 08:32:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539617560; cv=none; d=google.com; s=arc-20160816; b=q164zVBP0v+qJItjokHUm40R6ULPJr0AVIJr3SFW9N4QEr+DS50Z4ZohX0yT6lE41E GTs0DBm/EGKS1RfXIz6iHUSOxRhUG+NQc41gHUvDwPhr4MNWs0FgOBbQnh0T9oFL9xfL Ej840yCzt7xhuEAaVs119frqtgc2bupvIXFviuKrqvTrrZzgmGAyoUIK+GlJ+LKGMKj2 RnjHvKxOyzJGbN0xDg4uJ7Gg+8gurQYjVNUR/+U/bj2Ki8HyGB6TEQLXsAXT9q9jOmzv Y7q6Blx9dpyI1ytUHllnLCXfLEOoLALNSFZYa2NgujiFz/gFqAKFtudHz7ZV4Mx8zQuv GhEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=+9xS253ESmQi2N9KJec3RnoUm4hqHmdpmNbEOOb70ZI=; b=zz3X+VePLIuhn7qIBf0e3J6zmSYXPtMLPdpBvcTBEgSouZ85e8H/kknnjQB0if52y9 VgJXBHroXAIUVnKOPtm3OYkNFLYinu4+LiIlH1njVzGPMfhlN2vmDeo9KZHjA2wwkXch aF5K5O5Qsfu4jnBrK+Xr/kD/RCtx7j6nmEd9cup74FIEGfXVPe+BlWQyhbXO4WSxykXF ge3Y6a1bR4vE18odD8ppP+cV9QNxOCxjY9noEOF8bM6qxg8cDcWYAXdIb0ny5h2pHToZ Mpr2YOez6OIBfaYZjoTJxjsEjH5ibwVJQGQOXVUAupUDYvljkG4nzOPjym6k0rdqY1kK C6GQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=MPckbBOt; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id 65-v6sor5736421qkd.113.2018.10.15.08.32.40 for (Google Transport Security); Mon, 15 Oct 2018 08:32:40 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=MPckbBOt; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=+9xS253ESmQi2N9KJec3RnoUm4hqHmdpmNbEOOb70ZI=; b=MPckbBOttyz+Omh3XDcS/nGCX1y93pxrz0uyNQQ6dB3LI/o79Cxu0QONI1YN9wLRYA 5ZiLFXSCo7XQCMs0pLlsY6A4TsWjWqYSlIxYbKv59inJQ6IospLVNmCdPV0ECKRf3vTQ z7vLjpdpWHqPwjcWb//1lYH3Eg8bWfYKvfh6s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=+9xS253ESmQi2N9KJec3RnoUm4hqHmdpmNbEOOb70ZI=; b=rZCPGg4g1IisT5ypwow9ORL1aeJToVfPyae+GJRL38QB2dMuR7VJJlzWeKt1L2J7mW jQ9ATvJrNcIaHJ2QyK9BbvS+qpH5PZsUQ/yrm/CwVeYq38zFwBNgzOkCaWALeoCbml9v 1mklHGEQ5FMfMoNp0vFkxs49WGA8yqKSJ33cv5Xuio2xbXmG2OCBCjTC86UKpwVwu0nk orB1Dz6ZM/+QzcvykIJMKU8tblnS5KBvckYg6Fj7S8cuAOwUBUJhDt+whfB25HXLSeyu kprVYUJelDt4Jk1kh9gu2JWdUByfdyudCu0w0ESGnlJAO5w2GYqR9WqVL2tp3hm99BjL ZMcw== X-Gm-Message-State: ABuFfojxu8gQOh1H6kh6Cw/+zvMjKBWy7pkz3dTxZnqjTNgVP+wfdPDw TKIeVhk1yHUI3v8+c5JhmtiMVW+/ X-Google-Smtp-Source: ACcGV61PlpqC+QXymLrR4DEOkJzFVVfzfvmiRYXF09vRZK4JDtziOYLcptSnCGiaLaGrYHhNJubKjQ== X-Received: by 2002:a37:411:: with SMTP id 17-v6mr16411617qke.68.1539617560317; Mon, 15 Oct 2018 08:32:40 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([72.71.243.63]) by smtp.googlemail.com with ESMTPSA id g82-v6sm10087768qkh.24.2018.10.15.08.32.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Oct 2018 08:32:39 -0700 (PDT) From: David Long To: , Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.14 18/24] ARM: spectre-v1: fix syscall entry Date: Mon, 15 Oct 2018 11:32:12 -0400 Message-Id: <1539617538-22328-19-git-send-email-dave.long@linaro.org> X-Mailer: git-send-email 2.5.0 In-Reply-To: <1539617538-22328-1-git-send-email-dave.long@linaro.org> References: <1539617538-22328-1-git-send-email-dave.long@linaro.org> From: Russell King Commit 10573ae547c85b2c61417ff1a106cffbfceada35 upstream. Prevent speculation at the syscall table decoding by clamping the index used to zero on invalid system call numbers, and using the csdb speculative barrier. Signed-off-by: Russell King Acked-by: Mark Rutland Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Signed-off-by: David A. Long --- arch/arm/kernel/entry-common.S | 18 +++++++----------- arch/arm/kernel/entry-header.S | 25 +++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 11 deletions(-) -- 2.5.0 diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S index 99c9082..54c1050 100644 --- a/arch/arm/kernel/entry-common.S +++ b/arch/arm/kernel/entry-common.S @@ -241,9 +241,7 @@ local_restart: tst r10, #_TIF_SYSCALL_WORK @ are we tracing syscalls? bne __sys_trace - cmp scno, #NR_syscalls @ check upper syscall limit - badr lr, ret_fast_syscall @ return address - ldrcc pc, [tbl, scno, lsl #2] @ call sys_* routine + invoke_syscall tbl, scno, r10, ret_fast_syscall add r1, sp, #S_OFF 2: cmp scno, #(__ARM_NR_BASE - __NR_SYSCALL_BASE) @@ -277,14 +275,8 @@ __sys_trace: mov r1, scno add r0, sp, #S_OFF bl syscall_trace_enter - - badr lr, __sys_trace_return @ return address - mov scno, r0 @ syscall number (possibly new) - add r1, sp, #S_R0 + S_OFF @ pointer to regs - cmp scno, #NR_syscalls @ check upper syscall limit - ldmccia r1, {r0 - r6} @ have to reload r0 - r6 - stmccia sp, {r4, r5} @ and update the stack args - ldrcc pc, [tbl, scno, lsl #2] @ call sys_* routine + mov scno, r0 + invoke_syscall tbl, scno, r10, __sys_trace_return, reload=1 cmp scno, #-1 @ skip the syscall? bne 2b add sp, sp, #S_OFF @ restore stack @@ -362,6 +354,10 @@ sys_syscall: bic scno, r0, #__NR_OABI_SYSCALL_BASE cmp scno, #__NR_syscall - __NR_SYSCALL_BASE cmpne scno, #NR_syscalls @ check range +#ifdef CONFIG_CPU_SPECTRE + movhs scno, #0 + csdb +#endif stmloia sp, {r5, r6} @ shuffle args movlo r0, r1 movlo r1, r2 diff --git a/arch/arm/kernel/entry-header.S b/arch/arm/kernel/entry-header.S index 0f07579..7734248 100644 --- a/arch/arm/kernel/entry-header.S +++ b/arch/arm/kernel/entry-header.S @@ -378,6 +378,31 @@ #endif .endm + .macro invoke_syscall, table, nr, tmp, ret, reload=0 +#ifdef CONFIG_CPU_SPECTRE + mov \tmp, \nr + cmp \tmp, #NR_syscalls @ check upper syscall limit + movcs \tmp, #0 + csdb + badr lr, \ret @ return address + .if \reload + add r1, sp, #S_R0 + S_OFF @ pointer to regs + ldmccia r1, {r0 - r6} @ reload r0-r6 + stmccia sp, {r4, r5} @ update stack arguments + .endif + ldrcc pc, [\table, \tmp, lsl #2] @ call sys_* routine +#else + cmp \nr, #NR_syscalls @ check upper syscall limit + badr lr, \ret @ return address + .if \reload + add r1, sp, #S_R0 + S_OFF @ pointer to regs + ldmccia r1, {r0 - r6} @ reload r0-r6 + stmccia sp, {r4, r5} @ update stack arguments + .endif + ldrcc pc, [\table, \nr, lsl #2] @ call sys_* routine +#endif + .endm + /* * These are the registers used in the syscall handler, and allow us to * have in theory up to 7 arguments to a function - r0 to r6. From patchwork Mon Oct 15 15:32:13 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 148869 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp3934061lji; Mon, 15 Oct 2018 08:32:41 -0700 (PDT) X-Received: by 2002:ad4:4391:: with SMTP id s17mr17594347qvr.101.1539617561748; Mon, 15 Oct 2018 08:32:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539617561; cv=none; d=google.com; s=arc-20160816; b=KH3wPUoViXCkEMQG1+qWHmCptohl/mFJJgNadF2Igd4rvLhHN+3DTn+4h6ASOfrUYJ jYA43PW0Z4HkZeZ178YP5J1noP5Zu8GStJN3R4rvntbRxmrGhCrlgSkoOInOPYkr/oA1 hq1MLftB0M7cpQc0PSr3HBAtEAawJCS5KrxbsPYfOxp9UyMkHdWPx/HQn/pKK6NuqXTI Xc3mfDsRyam5Mgo376pxV/xs3SRyyyVE3IjxwqqJhYZBocsQpJmb3Oe54AdxRCY+eS+G dRmGKuhflv7fPD2shE0AF/HLKFyfTChjphlv9O9dA6EWWXX/AeRduIgTpdV/qqozVC78 HCrQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=H7Y7LEmxjOP5HU3UFuuzTdNEsm0Ewkd8zNhrxh1KSL4=; b=uPAZ/hkry1pwGdK9tNwrDkunygluDjL2TJnbAxW8bPtbQjQWaWbX+Y3Hkxik1AIWyL j5fHHe9TZKczNZKXxy0UuiNzY7sTe8FEMxlXtuth1GWLf7ZJqNp24RXi8rTv0p+NH0Hw gYCAtmpDkV8KZemcUXvrDZOhbrxO75AyBOgG1sbQ/z9zyMv7liBna4ZvyfLDKjI19tS2 ETl2o3CakawFRHyXhx6dwcUT4jgru3bHk4NTgOVoZm92+lr2yUS6fmh9GdZlCZTPsADk XKv19FHhKeayaTRAI3+qqWpikNbrl5s/aWv8Lsph/4/nQ+SiuZczQDhpwNigO0qj8Fu3 +CHw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=YGzBw2eq; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id d5-v6sor5732815qkg.19.2018.10.15.08.32.41 for (Google Transport Security); Mon, 15 Oct 2018 08:32:41 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=YGzBw2eq; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=H7Y7LEmxjOP5HU3UFuuzTdNEsm0Ewkd8zNhrxh1KSL4=; b=YGzBw2eqf59EdP/hi9FuzcLQRamJ4LohrHE1YWiuMx0hNwRtkZmppQyxIsvLrk9UGt 7jCGpr+9oy61l1rnxEIH9xAt0mEGrM1Co2JoVBbGIwNOT3DHZr+VYCYa6/x7rgHQJDLM QwIhvOBQ1VQZRgDbklYh2s/Lhr5dBnP3DRPgU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=H7Y7LEmxjOP5HU3UFuuzTdNEsm0Ewkd8zNhrxh1KSL4=; b=IerMF+0HTPMsjBHJam5Q7dGDYzhcTRpMCFb2JK+4xUEKuxPSV77QUrIOze/MIyy5fG g5rUVzyTQsr+Se+G4B/jdE8rJ4eOV9cDlCF7fvkQDEDWBcQ2txpBbTDW7QydwHNSZf7D EdIWR5QnDubCbU3L4HydsYppX0Vc1rybnf/PwfKveZ8HYpYLfrZkqdMcMRa68sjw0w0F wzhQWf7bnpygadG+3FdXxzQvbUhiIXFp2ZDTyCg6O6sfKkxboTfP4aO5Wb+0LIHUIjE1 Z5KMuRZwDKk4G058eD/EdZ8jjhu8gKbA8OiUCIqgyZLswuj2k+GlaKMCgt46qvcCbkps jcaw== X-Gm-Message-State: ABuFfogugrM4NmrcDarZesa4uJyDt381hMeaQZNb1NtYkWQwUiGFXg2W Q27BVD6vhCE5FQknkIRhGd5mm9ng X-Google-Smtp-Source: ACcGV62G51eQB9J4ws0zDbXZ2PBPY/KTWK2kF+qplb5DDJrR3lm7CHWACnF9DR3DxxJwh0iW6na+3w== X-Received: by 2002:a37:a0c2:: with SMTP id j185-v6mr16168013qke.74.1539617561358; Mon, 15 Oct 2018 08:32:41 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([72.71.243.63]) by smtp.googlemail.com with ESMTPSA id g82-v6sm10087768qkh.24.2018.10.15.08.32.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Oct 2018 08:32:40 -0700 (PDT) From: David Long To: , Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.14 19/24] ARM: signal: copy registers using __copy_from_user() Date: Mon, 15 Oct 2018 11:32:13 -0400 Message-Id: <1539617538-22328-20-git-send-email-dave.long@linaro.org> X-Mailer: git-send-email 2.5.0 In-Reply-To: <1539617538-22328-1-git-send-email-dave.long@linaro.org> References: <1539617538-22328-1-git-send-email-dave.long@linaro.org> From: Russell King Commit c32cd419d6650e42b9cdebb83c672ec945e6bd7e upstream. __get_user_error() is used as a fast accessor to make copying structure members in the signal handling path as efficient as possible. However, with software PAN and the recent Spectre variant 1, the efficiency is reduced as these are no longer fast accessors. In the case of software PAN, it has to switch the domain register around each access, and with Spectre variant 1, it would have to repeat the access_ok() check for each access. It becomes much more efficient to use __copy_from_user() instead, so let's use this for the ARM integer registers. Acked-by: Mark Rutland Signed-off-by: Russell King Signed-off-by: David A. Long --- arch/arm/kernel/signal.c | 38 +++++++++++++++++++++----------------- 1 file changed, 21 insertions(+), 17 deletions(-) -- 2.5.0 diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c index b67ae12..80da0cd 100644 --- a/arch/arm/kernel/signal.c +++ b/arch/arm/kernel/signal.c @@ -184,6 +184,7 @@ struct rt_sigframe { static int restore_sigframe(struct pt_regs *regs, struct sigframe __user *sf) { + struct sigcontext context; char __user *aux; sigset_t set; int err; @@ -192,23 +193,26 @@ static int restore_sigframe(struct pt_regs *regs, struct sigframe __user *sf) if (err == 0) set_current_blocked(&set); - __get_user_error(regs->ARM_r0, &sf->uc.uc_mcontext.arm_r0, err); - __get_user_error(regs->ARM_r1, &sf->uc.uc_mcontext.arm_r1, err); - __get_user_error(regs->ARM_r2, &sf->uc.uc_mcontext.arm_r2, err); - __get_user_error(regs->ARM_r3, &sf->uc.uc_mcontext.arm_r3, err); - __get_user_error(regs->ARM_r4, &sf->uc.uc_mcontext.arm_r4, err); - __get_user_error(regs->ARM_r5, &sf->uc.uc_mcontext.arm_r5, err); - __get_user_error(regs->ARM_r6, &sf->uc.uc_mcontext.arm_r6, err); - __get_user_error(regs->ARM_r7, &sf->uc.uc_mcontext.arm_r7, err); - __get_user_error(regs->ARM_r8, &sf->uc.uc_mcontext.arm_r8, err); - __get_user_error(regs->ARM_r9, &sf->uc.uc_mcontext.arm_r9, err); - __get_user_error(regs->ARM_r10, &sf->uc.uc_mcontext.arm_r10, err); - __get_user_error(regs->ARM_fp, &sf->uc.uc_mcontext.arm_fp, err); - __get_user_error(regs->ARM_ip, &sf->uc.uc_mcontext.arm_ip, err); - __get_user_error(regs->ARM_sp, &sf->uc.uc_mcontext.arm_sp, err); - __get_user_error(regs->ARM_lr, &sf->uc.uc_mcontext.arm_lr, err); - __get_user_error(regs->ARM_pc, &sf->uc.uc_mcontext.arm_pc, err); - __get_user_error(regs->ARM_cpsr, &sf->uc.uc_mcontext.arm_cpsr, err); + err |= __copy_from_user(&context, &sf->uc.uc_mcontext, sizeof(context)); + if (err == 0) { + regs->ARM_r0 = context.arm_r0; + regs->ARM_r1 = context.arm_r1; + regs->ARM_r2 = context.arm_r2; + regs->ARM_r3 = context.arm_r3; + regs->ARM_r4 = context.arm_r4; + regs->ARM_r5 = context.arm_r5; + regs->ARM_r6 = context.arm_r6; + regs->ARM_r7 = context.arm_r7; + regs->ARM_r8 = context.arm_r8; + regs->ARM_r9 = context.arm_r9; + regs->ARM_r10 = context.arm_r10; + regs->ARM_fp = context.arm_fp; + regs->ARM_ip = context.arm_ip; + regs->ARM_sp = context.arm_sp; + regs->ARM_lr = context.arm_lr; + regs->ARM_pc = context.arm_pc; + regs->ARM_cpsr = context.arm_cpsr; + } err |= !valid_user_regs(regs); From patchwork Mon Oct 15 15:32:14 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 148870 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp3934084lji; Mon, 15 Oct 2018 08:32:42 -0700 (PDT) X-Received: by 2002:ac8:5314:: with SMTP id t20-v6mr16269237qtn.309.1539617562737; Mon, 15 Oct 2018 08:32:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539617562; cv=none; d=google.com; s=arc-20160816; b=ZSbRkAinVSfVEJbHZLodSRgj3K9kUqnYAZkfCCoW1WLWTnKXjQbdAUR1WX5ptaAgsI l0viUBp8lsJQY3XaevZEpWUmm8lB9Dp2ZggE+gefTI259RNj8QcQ3PZWg9Z/d1qKMRla MzduuHYYmvmeFdbnFfSM/rovpx6zXc1NzbFWQ5ZdIof1AwJnzNBv18L/aFqv/97c110P AM3PaNyqCRB4ejfwz4HTIBZt8XGHv4UfVqQWy1iU4Wmm3IMRrECkHAXiS2oD0V6KYuLQ AdjaZ10q1hE6dGgKDSf1rXHWoJWnRZsxrpYCAqpK0fSt2wdg7YpPeP+BrRw3JV07Zc/0 V34w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=jXzS1hOgnsqVT/8BqS8xcGLGCsKl0FR3F0fdq+38RJI=; b=H439RWTvUR+AZetNN+eJddIzmL5LAetrEpDsXB2WUxiarMflgGy7DWdySnciDbtolp ANduZeUed04t5CZIF40KtRcMf/SqRTT6pI0rpTZGDCR6EXuA9CAPdxmLh9SQNkmrTZC9 yFNDcyocpqym772siu66RPAhjtHbEUU0XP4RbyPd6gJ1fvFWwq9IFkOTzvsHA73z9SIS JOsy88I34QnNCR9evSyoYDpTSRKiG2BrpDDmXqRoCu1xiJBeAlhvqMj+ZyaPYMTUmAc5 Si+tXl4zCkjAyhatNLacTxwob0gM21QS+S0uFABYJwWBVDqP6RolaKWqR/CDU3sBGxNo l8dQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZUnNYo4W; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id d16sor12039828qvd.28.2018.10.15.08.32.42 for (Google Transport Security); Mon, 15 Oct 2018 08:32:42 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZUnNYo4W; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=jXzS1hOgnsqVT/8BqS8xcGLGCsKl0FR3F0fdq+38RJI=; b=ZUnNYo4WdZc8dQks5isWQbJjGOO3KJ352FdtnSFWCr8TkW9RXf6AhUitkfI6wTIPY6 KpdIOGpEy6SCaNuLTkZKqp0wE+EFpUhKz36ztHU45xYoYpdakYiy13GCLcnH74SI7pCf cnHFzxcMjcka8OXKlF3eY7bPPp0GoUxpbyp3s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=jXzS1hOgnsqVT/8BqS8xcGLGCsKl0FR3F0fdq+38RJI=; b=q07zatI55CKqlmsEVo1Lw64BzW5K7TaQa0kuoCGhVrvhy02WOnNfRzORpKmza6d9DL XXaC32RAzV98uca40FV0HrBdMyNM+ZFcGTPX52PjaXYo5ytM5rpoNpwfWE+s16L/cbGu 2KE80TDTUFbHGXUwXaBqlayHOzsv/86bFUllBjli1NxSU6EAPjZZ9iDJYoUKSOGpXDZ9 xz4Mk9B28H0QBfHcR+jYIiC8xHc6TRw3unywwdY+xg+M4PMcNc8207BQUtZOjFOHU8Zs VD4cDuhAthv9fvLPJUVaDYFTkplIH4wnJ8P0fLwNaCOgGVyIEIzki5+u1r/HM1huUuQP DUlQ== X-Gm-Message-State: ABuFfoi6Pg/AjCtgpuS9hRDTsqCbAwAbqjZbXGfcm9U7jcs8UxZf+hY6 HKN9PAFWmJswqP6/7X03WkvSfg5l X-Google-Smtp-Source: ACcGV60LS79e9RQE50nGfkWN3O+qyiu7SwBp8nldwjG5j1rXlceSBHd88b7pNoIKExNhXI6u3azGIA== X-Received: by 2002:a0c:953a:: with SMTP id l55mr17445514qvl.22.1539617562294; Mon, 15 Oct 2018 08:32:42 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([72.71.243.63]) by smtp.googlemail.com with ESMTPSA id g82-v6sm10087768qkh.24.2018.10.15.08.32.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Oct 2018 08:32:41 -0700 (PDT) From: David Long To: , Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.14 20/24] ARM: vfp: use __copy_from_user() when restoring VFP state Date: Mon, 15 Oct 2018 11:32:14 -0400 Message-Id: <1539617538-22328-21-git-send-email-dave.long@linaro.org> X-Mailer: git-send-email 2.5.0 In-Reply-To: <1539617538-22328-1-git-send-email-dave.long@linaro.org> References: <1539617538-22328-1-git-send-email-dave.long@linaro.org> From: Russell King Commit 42019fc50dfadb219f9e6ddf4c354f3837057d80 upstream. __get_user_error() is used as a fast accessor to make copying structure members in the signal handling path as efficient as possible. However, with software PAN and the recent Spectre variant 1, the efficiency is reduced as these are no longer fast accessors. In the case of software PAN, it has to switch the domain register around each access, and with Spectre variant 1, it would have to repeat the access_ok() check for each access. Use __copy_from_user() rather than __get_user_err() for individual members when restoring VFP state. Acked-by: Mark Rutland Signed-off-by: Russell King Signed-off-by: David A. Long --- arch/arm/include/asm/thread_info.h | 4 ++-- arch/arm/kernel/signal.c | 20 ++++++++------------ arch/arm/vfp/vfpmodule.c | 17 +++++++---------- 3 files changed, 17 insertions(+), 24 deletions(-) -- 2.5.0 diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h index 776757d..57d2ad9 100644 --- a/arch/arm/include/asm/thread_info.h +++ b/arch/arm/include/asm/thread_info.h @@ -126,8 +126,8 @@ struct user_vfp_exc; extern int vfp_preserve_user_clear_hwstate(struct user_vfp __user *, struct user_vfp_exc __user *); -extern int vfp_restore_user_hwstate(struct user_vfp __user *, - struct user_vfp_exc __user *); +extern int vfp_restore_user_hwstate(struct user_vfp *, + struct user_vfp_exc *); #endif /* diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c index 80da0cd..cdfe52b 100644 --- a/arch/arm/kernel/signal.c +++ b/arch/arm/kernel/signal.c @@ -149,22 +149,18 @@ static int preserve_vfp_context(struct vfp_sigframe __user *frame) static int restore_vfp_context(char __user **auxp) { - struct vfp_sigframe __user *frame = - (struct vfp_sigframe __user *)*auxp; - unsigned long magic; - unsigned long size; - int err = 0; - - __get_user_error(magic, &frame->magic, err); - __get_user_error(size, &frame->size, err); + struct vfp_sigframe frame; + int err; + err = __copy_from_user(&frame, *auxp, sizeof(frame)); if (err) - return -EFAULT; - if (magic != VFP_MAGIC || size != VFP_STORAGE_SIZE) + return err; + + if (frame.magic != VFP_MAGIC || frame.size != VFP_STORAGE_SIZE) return -EINVAL; - *auxp += size; - return vfp_restore_user_hwstate(&frame->ufp, &frame->ufp_exc); + *auxp += sizeof(frame); + return vfp_restore_user_hwstate(&frame.ufp, &frame.ufp_exc); } #endif diff --git a/arch/arm/vfp/vfpmodule.c b/arch/arm/vfp/vfpmodule.c index aa7496b..6abcd4a 100644 --- a/arch/arm/vfp/vfpmodule.c +++ b/arch/arm/vfp/vfpmodule.c @@ -597,13 +597,11 @@ int vfp_preserve_user_clear_hwstate(struct user_vfp __user *ufp, } /* Sanitise and restore the current VFP state from the provided structures. */ -int vfp_restore_user_hwstate(struct user_vfp __user *ufp, - struct user_vfp_exc __user *ufp_exc) +int vfp_restore_user_hwstate(struct user_vfp *ufp, struct user_vfp_exc *ufp_exc) { struct thread_info *thread = current_thread_info(); struct vfp_hard_struct *hwstate = &thread->vfpstate.hard; unsigned long fpexc; - int err = 0; /* Disable VFP to avoid corrupting the new thread state. */ vfp_flush_hwstate(thread); @@ -612,17 +610,16 @@ int vfp_restore_user_hwstate(struct user_vfp __user *ufp, * Copy the floating point registers. There can be unused * registers see asm/hwcap.h for details. */ - err |= __copy_from_user(&hwstate->fpregs, &ufp->fpregs, - sizeof(hwstate->fpregs)); + memcpy(&hwstate->fpregs, &ufp->fpregs, sizeof(hwstate->fpregs)); /* * Copy the status and control register. */ - __get_user_error(hwstate->fpscr, &ufp->fpscr, err); + hwstate->fpscr = ufp->fpscr; /* * Sanitise and restore the exception registers. */ - __get_user_error(fpexc, &ufp_exc->fpexc, err); + fpexc = ufp_exc->fpexc; /* Ensure the VFP is enabled. */ fpexc |= FPEXC_EN; @@ -631,10 +628,10 @@ int vfp_restore_user_hwstate(struct user_vfp __user *ufp, fpexc &= ~(FPEXC_EX | FPEXC_FP2V); hwstate->fpexc = fpexc; - __get_user_error(hwstate->fpinst, &ufp_exc->fpinst, err); - __get_user_error(hwstate->fpinst2, &ufp_exc->fpinst2, err); + hwstate->fpinst = ufp_exc->fpinst; + hwstate->fpinst2 = ufp_exc->fpinst2; - return err ? -EFAULT : 0; + return 0; } /* From patchwork Mon Oct 15 15:32:15 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 148871 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp3934107lji; Mon, 15 Oct 2018 08:32:44 -0700 (PDT) X-Received: by 2002:a0c:92f3:: with SMTP id c48mr17209385qvc.39.1539617563928; Mon, 15 Oct 2018 08:32:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539617563; cv=none; d=google.com; s=arc-20160816; b=u0tiWkztnehuAkWWEbVLbi1ueePOjHWyG3mYuW4xlAlHwgvob4bxaI0oiUm9TcFHcd DgXHiCCO9dvG9RuTyDPCg/J19xzkYM1d1ovHca6cW067qStSB30/R0yNqFCsHsi882fy jfpDfa0wkwfG3bPirpOR82TUbsGWGZ5I4A/1UNxqDcWG2sHuR5Ey0VZIG8WHbW56In+f RAChHyDnUjYpQ49ARegJj1JvNdp6eoGZVaUECCT3GYisbn3XepHIluuiaN8bLg83YSWY XfVoSYnWI3SA/6YEumBx4iJY+y7i2Z3orWzf2mxZrdjNIY4VDc12/RVZOhGtw8n6ayvY y7eA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=kaYwyiLiqbp3ApLMSp+XwtWz/du68dLedeyXm7UQOlc=; b=F3p80hLf3LVVMVU7U/na8JqoGvTl9qnqHpLMTeJntEyiuH5RgLrF0gXCkAng1Dy1VU xS/pbMKXB0wTqobwU5SbkQK2kFZjC8O1PCKM4hcROk/ZdURtXaqzfj3isyCceAbVigeR DivkdS9Mp3HwAx2L8z/J8jwpkXoiJBQHVTQ/CUcXCjXJAT3xdfgHwfLfl84xGdj9DRff wTdl9NCR0eWx0xaxVq4ABJdFH1lJKJsiJdeDjRCFezMhOL8gnkXayAwr/IaSdjbbuvlq JTeVdVLx1ze7OvE3g5WFkM3h5+Mv+17uvE0QdQhFuJepDk4EVYVcUe4mp4ryfj40RMKC rr8w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=DNbi8CQ0; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id x83-v6sor6408845qkb.86.2018.10.15.08.32.43 for (Google Transport Security); Mon, 15 Oct 2018 08:32:43 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=DNbi8CQ0; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=kaYwyiLiqbp3ApLMSp+XwtWz/du68dLedeyXm7UQOlc=; b=DNbi8CQ0einghyYn5cNh2uNm6eJmEayXWVkT1W81UwBKVY7t9az1PCv/X3z+wtPuRk C493pK70z/PHyZQZWajHZU/2HbaXrTNQ1yI/7KZHZ4M0vnTJXQvU8pm+zo/yE1z0HaAb kMZneoMinOEHMo8Coy1ppz7CR2heK+4Xq2194= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=kaYwyiLiqbp3ApLMSp+XwtWz/du68dLedeyXm7UQOlc=; b=obBNSWwuMDYaRJm/XsI+VDCs/rkWW+kb1kywOgESq2NSfoNykYKGJ6SvCMtuSIYiw0 ri3t8h8+tDpDXSMDI3aQfkxkvT1o8SWQFcbPkASmcaDQn2zII2b0uLiyMfOQDVMzJDEr G48ia1X/6AmkYEbuZcr68KrzRk8YyDtsihFrlg2USN2wEKHaC8nCzYZtELhnN4FGYhUf 0ffarzeZa/rJtk0pdiuNLyB2vO7qvHiLFGW5eOh4k5dvSBwcaUReYaCNwrr870r/E6hC L1jdm5G8jrqmG0m988RJrnc5BwutDevTueUyID7riDs7lt5c5DyocQWVumDDiyFirTwr 4VtQ== X-Gm-Message-State: ABuFfohi2U6cPy40Hn7Znp0qqlPP17CGpwt2sexIluUUUhy/hgTuS2+s ILtrLJmF55Jz/YsOnq7++vCLNYQ+ X-Google-Smtp-Source: ACcGV63vHFczBSqwD+9Ary+9ZskBJLDF8FrBY/2MVsYoQc73HH40NEtV2InR8BYPXKvwzAZGAPNTXg== X-Received: by 2002:a37:15e7:: with SMTP id 100-v6mr16686190qkv.151.1539617563278; Mon, 15 Oct 2018 08:32:43 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([72.71.243.63]) by smtp.googlemail.com with ESMTPSA id g82-v6sm10087768qkh.24.2018.10.15.08.32.42 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Oct 2018 08:32:42 -0700 (PDT) From: David Long To: , Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.14 21/24] ARM: oabi-compat: copy semops using __copy_from_user() Date: Mon, 15 Oct 2018 11:32:15 -0400 Message-Id: <1539617538-22328-22-git-send-email-dave.long@linaro.org> X-Mailer: git-send-email 2.5.0 In-Reply-To: <1539617538-22328-1-git-send-email-dave.long@linaro.org> References: <1539617538-22328-1-git-send-email-dave.long@linaro.org> From: Russell King Commit 8c8484a1c18e3231648f5ba7cc5ffb7fd70b3ca4 upstream. __get_user_error() is used as a fast accessor to make copying structure members as efficient as possible. However, with software PAN and the recent Spectre variant 1, the efficiency is reduced as these are no longer fast accessors. In the case of software PAN, it has to switch the domain register around each access, and with Spectre variant 1, it would have to repeat the access_ok() check for each access. Rather than using __get_user_error() to copy each semops element member, copy each semops element in full using __copy_from_user(). Acked-by: Mark Rutland Signed-off-by: Russell King Signed-off-by: David A. Long --- arch/arm/kernel/sys_oabi-compat.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) -- 2.5.0 diff --git a/arch/arm/kernel/sys_oabi-compat.c b/arch/arm/kernel/sys_oabi-compat.c index b9786f4..4abe490 100644 --- a/arch/arm/kernel/sys_oabi-compat.c +++ b/arch/arm/kernel/sys_oabi-compat.c @@ -329,9 +329,11 @@ asmlinkage long sys_oabi_semtimedop(int semid, return -ENOMEM; err = 0; for (i = 0; i < nsops; i++) { - __get_user_error(sops[i].sem_num, &tsops->sem_num, err); - __get_user_error(sops[i].sem_op, &tsops->sem_op, err); - __get_user_error(sops[i].sem_flg, &tsops->sem_flg, err); + struct oabi_sembuf osb; + err |= __copy_from_user(&osb, tsops, sizeof(osb)); + sops[i].sem_num = osb.sem_num; + sops[i].sem_op = osb.sem_op; + sops[i].sem_flg = osb.sem_flg; tsops++; } if (timeout) { From patchwork Mon Oct 15 15:32:16 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 148872 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp3934124lji; Mon, 15 Oct 2018 08:32:44 -0700 (PDT) X-Received: by 2002:a37:cfc7:: with SMTP id v68-v6mr16386099qkl.35.1539617564870; Mon, 15 Oct 2018 08:32:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539617564; cv=none; d=google.com; s=arc-20160816; b=j7LOHBWpwsnOE+lXE4hyo8FppPY7zwk5AX3CZj82yD/4tA6pPfpKp9LFWKIxlgg7J9 48Bhc/iLnwlh0wu9NTudO/3kiz1x4CO/58vU5b7U2oVusnQZ1+R/C/YljavBLMLUIkwU il9xI2ybJ7pfQBaV4ToRE0hAp55p5ILvsnW9km6XTmzFljtcHn+JT1BMZii9iqVc7Maw j3aIdFgZ0UH2q8vobFLHtEYUFOjsQ1npvZS6xwf1KffolgtDjfXV64RbYEd7XEXqMWLJ Z4iXpdiv3GYwehbOzCxToovPtXpZXiNwmXyeUALe3MYjNEVJKBbkB+SW1SniVQutApr4 PVMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=eIwJIocQo8va5lpAwcQJo6X+9iu1+obJxDFLeyPtjSM=; b=R6ZixCiuCep4pHLByyxudRscc2sF2UYxjdHXkQ4Z+raHhnZqIJAj7b7aDusdfGRWDL lxZu0vV9NAs9wpc/Y06zV3UvoCiphvUqJeK9t63Tgccirp6Hm9tJuPqtOtwYKPoyeYp3 7yb9g9amQqDyH6Z5M9qXbIGFMRJ04sUUTPL4Z1LqPIurzuqF2GFgIzwUvXjTa5gjvrFB pO8lhPkJr0LRiynUvG2lakYECTzIJJt9hJQUqUymttkqsZvHGEQhr2xUDWnFEZjVzzUi EPVJR7STQWrjXXfuu7TggCH7M+X/ZEqvkQbD9zFkM/Nw6lcARSLkDfE7BSSFCzN2gZvg t3QQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Q62PTFSv; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id w20-v6sor12582362qtj.37.2018.10.15.08.32.44 for (Google Transport Security); Mon, 15 Oct 2018 08:32:44 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Q62PTFSv; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=eIwJIocQo8va5lpAwcQJo6X+9iu1+obJxDFLeyPtjSM=; b=Q62PTFSvOJBC4fXit01yZqldYdMbhZYSxiZVlNmbIU2oP/9mW3K5/m4iyKRRzEuN8+ QDJPV2zmG3v3UUbDhH9HM3TT4woEzkry3CE5d2JVd5B+NCH2LT+mLgI2rxkoOPXateQ5 /NCkmmcUrEc6Ty2MC9m6VqVQf6STuWdkX++7I= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=eIwJIocQo8va5lpAwcQJo6X+9iu1+obJxDFLeyPtjSM=; b=KtiJTZlg94774UpH100mmyrLKrwmz5sxrJFr4XD9sr0I8OhSMjfBcLO21ZY4drNnJL clTWNkoiOhI7Q32/WDTewhB9/S6nhXj38H0owOmYI0qybe8gSSKJDZpQVVkXh9bvaMgG eXpUObkPBvyLAO5+k6iuKETn/ZqlSoziXToeHQCH6rqDppG/Q3uoZ5AWd7YA26xh9IQq LsCJGamp2xFW5Q1hincCp6owTkjAn4mIlfZVBZztc8ZxTj1sohBA2hZ9TkQsQcnUVDOY GdCuzFpTGuPBH7Hz/A0zmejQfQLxy1DhjR7kGMKvOT/6lnn2xr0QnnN3vE49LsiRWm0t 25VA== X-Gm-Message-State: ABuFfogQ7vW8Yrv2Hos7pa3crd4kunXAUlvhWlwdv3dvvhvduGOyMDgp HEuA2zOLYC4+B/SgmCBpTJ3e6oI8 X-Google-Smtp-Source: ACcGV63Td2IpmfTA0lHKuiaH+lAQDPHK1TJ5Z/VmeoIGP7HGaHvgM+A1tXV/eK1VPv8kSKCcgo1UvQ== X-Received: by 2002:ac8:1af4:: with SMTP id h49-v6mr16375899qtk.258.1539617564485; Mon, 15 Oct 2018 08:32:44 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([72.71.243.63]) by smtp.googlemail.com with ESMTPSA id g82-v6sm10087768qkh.24.2018.10.15.08.32.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Oct 2018 08:32:44 -0700 (PDT) From: David Long To: , Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.14 22/24] ARM: use __inttype() in get_user() Date: Mon, 15 Oct 2018 11:32:16 -0400 Message-Id: <1539617538-22328-23-git-send-email-dave.long@linaro.org> X-Mailer: git-send-email 2.5.0 In-Reply-To: <1539617538-22328-1-git-send-email-dave.long@linaro.org> References: <1539617538-22328-1-git-send-email-dave.long@linaro.org> From: Russell King Commit d09fbb327d670737ab40fd8bbb0765ae06b8b739 upstream. Borrow the x86 implementation of __inttype() to use in get_user() to select an integer type suitable to temporarily hold the result value. This is necessary to avoid propagating the volatile nature of the result argument, which can cause the following warning: lib/iov_iter.c:413:5: warning: optimization may eliminate reads and/or writes to register variables [-Wvolatile-register-var] Acked-by: Mark Rutland Signed-off-by: Russell King Signed-off-by: David A. Long --- arch/arm/include/asm/uaccess.h | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) -- 2.5.0 diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h index 0bf2347..29fa6f3 100644 --- a/arch/arm/include/asm/uaccess.h +++ b/arch/arm/include/asm/uaccess.h @@ -85,6 +85,13 @@ static inline void set_fs(mm_segment_t fs) flag; }) /* + * This is a type: either unsigned long, if the argument fits into + * that type, or otherwise unsigned long long. + */ +#define __inttype(x) \ + __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL)) + +/* * Single-value transfer routines. They automatically use the right * size if we just have the right pointer type. Note that the functions * which read from user space (*get_*) need to take care not to leak @@ -153,7 +160,7 @@ extern int __get_user_64t_4(void *); ({ \ unsigned long __limit = current_thread_info()->addr_limit - 1; \ register const typeof(*(p)) __user *__p asm("r0") = (p);\ - register typeof(x) __r2 asm("r2"); \ + register __inttype(x) __r2 asm("r2"); \ register unsigned long __l asm("r1") = __limit; \ register int __e asm("r0"); \ unsigned int __ua_flags = uaccess_save_and_enable(); \ From patchwork Mon Oct 15 15:32:17 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 148873 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp3934145lji; Mon, 15 Oct 2018 08:32:46 -0700 (PDT) X-Received: by 2002:aed:22e1:: with SMTP id q30-v6mr17087241qtc.145.1539617565923; Mon, 15 Oct 2018 08:32:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539617565; cv=none; d=google.com; s=arc-20160816; b=QR0LWb2rO3Xc82gvZ4mybZTFblrxReHv/9CMBGvtwa/GsnHNaHB4+M708mSojUf2n5 TPHfj4apTxH1vtHFKW4hx6a7K/+geHT5LHP2vXNzboKdIhIAMkzvjUal069Axnkd70t/ w8V8/GUSneV510fspfT38e6UCz9ApDQ/GNOx5hCO2ZojRb6ZYdY6fb6/maz56RMWt7jz MCrwY9Zx5V7Gx1oOkP/VNDVoyI+6zMRyFFAWujGl3ixqhVG3ucQxbucR3G+kgqa92ntx vWGvV46YQoGPP+Z1nnJQZr5fhlYHGMwxFVaABqVBO0dYtggS32MRFgri8pKyIIPq4/hy Sa8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=VHHUxUa/5XuUHKRpfF7BKbpSDxY0tH8ku5ZXmftxiNk=; b=Ecu2zxQcWes1pQPQP5X5mEfDLSfSZ9jYlT6Ko8PPCzBS0+fIgKasyFNSYrfFPZ25zC /3MuB7PaZ85EI/ldtSwPEa3lkfWKUKyrkwWnAK3mosHNv8D/TUKeQXS8yZL/pdCnPGaP USJfHMhEjn8ZeTQnEQK7AC1n+BtxQR0yKB9BeetAu61nIYALd/vSIW20JaEmOZX7c++9 Wh5AbWeHh4K8Ka4SfVaZDJg/yuJB+ZxhouhRnY3RIy5GnFgMIZo6xyt1NiriQ9TRaCVE AHRzNC5QjFX/2VzCD8RHBXIjdbnlI9CT4AXptlR66qGQKhT9XaJlGXQFFI7k2LmXkRcV AHew== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=PMShWdG+; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id p15-v6sor6329834qkh.70.2018.10.15.08.32.45 for (Google Transport Security); Mon, 15 Oct 2018 08:32:45 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=PMShWdG+; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=VHHUxUa/5XuUHKRpfF7BKbpSDxY0tH8ku5ZXmftxiNk=; b=PMShWdG+7ZBhMmM8eGXLEhmcmoKs1aigCQn8nwzopjaCyyGQ1k3T8wYY3TZilRt5P7 GeErZdQRqLT5fSHDt05WrEJ32Mw2Ns+y2z+INzc++Kaq3LSHTmh52kIXR7xHz3tLsdTV 1fjGXaZvzEmMmuOLg8XN/IgHmbq7RPFlWcwLw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=VHHUxUa/5XuUHKRpfF7BKbpSDxY0tH8ku5ZXmftxiNk=; b=dabyxBNGF+o8BcmxwlvF+ojM/KPNpktRLFGNwXRpXdLkxhoofIaQ9PWAlEqkAbqQ4k o8BSswPv4OO+umcLbrdzTPbAKblxnB1rXxE2Te9njOX0CJxHjrdBO8Lcerq7h/sbyrZU qP1+83Bgf6XkrN2CG6TCRO65ORy0FGNW4r54NmuQXaodQJlLqrxUHucpFoYDsig6GUCV z/bCHIs9OHR/FRY0UuIvvK+pb/IAsd6EiFZ+0a2bSuS8+o0qAInmzJuFvSBsND/YqwRM 2a9o1A+Ai10Cxqtvt9sR5hiRd14UxTtZL4oVotA485kd2uRztMlvkmrdtQ9EVTpygrKL lELw== X-Gm-Message-State: ABuFfoj2rsiV6f4d++S2VL/1HELZxGHT2Td+CNxYfb4JeRv/xwPkAKaQ x4FFaXg6Cd+z78Ru3YoZ23D1GBs2 X-Google-Smtp-Source: ACcGV61u84ohS99v2zLo6t6QL2UqAhjml96XRRgqNOUMa/iMPv6ElnbfbzRSpV6Nxn/e+F/iMMXGrw== X-Received: by 2002:a37:c085:: with SMTP id v5-v6mr16077537qkv.317.1539617565515; Mon, 15 Oct 2018 08:32:45 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([72.71.243.63]) by smtp.googlemail.com with ESMTPSA id g82-v6sm10087768qkh.24.2018.10.15.08.32.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Oct 2018 08:32:45 -0700 (PDT) From: David Long To: , Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.14 23/24] ARM: spectre-v1: use get_user() for __get_user() Date: Mon, 15 Oct 2018 11:32:17 -0400 Message-Id: <1539617538-22328-24-git-send-email-dave.long@linaro.org> X-Mailer: git-send-email 2.5.0 In-Reply-To: <1539617538-22328-1-git-send-email-dave.long@linaro.org> References: <1539617538-22328-1-git-send-email-dave.long@linaro.org> From: Russell King Commit b1cd0a14806321721aae45f5446ed83a3647c914 upstream. Fixing __get_user() for spectre variant 1 is not sane: we would have to add address space bounds checking in order to validate that the location should be accessed, and then zero the address if found to be invalid. Since __get_user() is supposed to avoid the bounds check, and this is exactly what get_user() does, there's no point having two different implementations that are doing the same thing. So, when the Spectre workarounds are required, make __get_user() an alias of get_user(). Acked-by: Mark Rutland Signed-off-by: Russell King Signed-off-by: David A. Long --- arch/arm/include/asm/uaccess.h | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) -- 2.5.0 diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h index 29fa6f3..4140be4 100644 --- a/arch/arm/include/asm/uaccess.h +++ b/arch/arm/include/asm/uaccess.h @@ -250,6 +250,16 @@ static inline void set_fs(mm_segment_t fs) #define user_addr_max() \ (uaccess_kernel() ? ~0UL : get_fs()) +#ifdef CONFIG_CPU_SPECTRE +/* + * When mitigating Spectre variant 1, it is not worth fixing the non- + * verifying accessors, because we need to add verification of the + * address space there. Force these to use the standard get_user() + * version instead. + */ +#define __get_user(x, ptr) get_user(x, ptr) +#else + /* * The "__xxx" versions of the user access functions do not verify the * address space - it must have been done previously with a separate @@ -266,12 +276,6 @@ static inline void set_fs(mm_segment_t fs) __gu_err; \ }) -#define __get_user_error(x, ptr, err) \ -({ \ - __get_user_err((x), (ptr), err); \ - (void) 0; \ -}) - #define __get_user_err(x, ptr, err) \ do { \ unsigned long __gu_addr = (unsigned long)(ptr); \ @@ -331,6 +335,7 @@ do { \ #define __get_user_asm_word(x, addr, err) \ __get_user_asm(x, addr, err, ldr) +#endif #define __put_user_switch(x, ptr, __err, __fn) \ From patchwork Mon Oct 15 15:32:18 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 148874 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp3934173lji; Mon, 15 Oct 2018 08:32:47 -0700 (PDT) X-Received: by 2002:ac8:362a:: with SMTP id m39-v6mr16419635qtb.210.1539617566948; Mon, 15 Oct 2018 08:32:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539617566; cv=none; d=google.com; s=arc-20160816; b=ZMfMbGSZWHDWVe6AM4Wz4nMVDN4uDqEWMYY7Rsxv1JT/HSM/tB8+BrX22oaQsWtpP5 /AiR822v3q2fuuPWDqLo+rblmkKe+DRnoIJrU9Um+AYPqSH+qGURBmE5zqls7hPDSUZO akxyl0TGamZ9XtRIhMQqX0LuNsasAR59zDhXm/YPhC69Hc8Bv/lXIBMQBIzqH/ztFde3 6zvPS+TvwmH08kd21yi3k6qXAnizUtXb+SE/9ANqtfRfhiyxIMsCZTcY48fRLz2e30E6 5lbbpzXlhlwzfmj6h+RboNXxyNTa78MGc+34F504vAKk1kAvqZkflLkw3kKtO++YaeG3 d+Ew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=mZMxc3sfnyTN9AzmzT7TYJkRGuQ0WgsBYynPwhKvf9A=; b=nbTPxqU2Jupo3A87TlNAWcnb64KNhh4XJVcVPrkzo6FwikTHPcKJKqkhuVtMtVbV7I KqdjmvVqRbLOXtNWV/zE4Cj7vAe1zejWR7Ro9pK2horsU/STrZSlUDi0TMm5NU1iTQXH bX5P7lx89U96CDwYpRZ8IuOwYgY4qMcfxkZR8XriCbb9WdJQL13E3MdicWOaYj+cSN70 AC+H+9hJhsWYQOyGAW8LZ/KDmDPkhQJ18WpoywQiWVwYpgLwMGqrbhi6MO9E/DT+rVX9 QjCMsXoSksOlLxMSkpuKWCUYPWh59stjBVN8sXqxU36iqeFCW6jqHwluj4MgjsuOiXDn RzaA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=R8+Ztg0P; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id d24-v6sor12495911qtc.20.2018.10.15.08.32.46 for (Google Transport Security); Mon, 15 Oct 2018 08:32:46 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=R8+Ztg0P; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=mZMxc3sfnyTN9AzmzT7TYJkRGuQ0WgsBYynPwhKvf9A=; b=R8+Ztg0PkpXhT8Kgb8O567nuLk3D53HA4jqDUDmv6rAVkiWyuQRvKkf49WER0dBTJb taEJ2ViQH8NLpc1RT83XeBqDI21YDdZjhkxKaBMYCoFffEVMPB0N0iP8sqSSsi1G0uK5 udixeg1xcLhxZv3a91h34GHA4+GmDPX9QuRkE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=mZMxc3sfnyTN9AzmzT7TYJkRGuQ0WgsBYynPwhKvf9A=; b=ZUOwNAU8lyIAipeKSQlPUKrbmd4kD7sOCS81xl8DLQpgAAH0kuV9bhZmV2FbM2TnoJ ggQ5YK+3eLhx/NH4hgX4TsLly7tye+Lw6zydB7tDnMmarph7RTtuoq3iajF5qjSUVUWa QGuIBjpHP6o1D/e4uzMD02MiskRNZvpAT0BDgdjwejcPt0qeweqzip7smXCdCkHv1Iln hm6qQAlKroO+k1gGrNMHHTQAFUl1m6eRMuwYoHdHfAVnpJmp9C1Hwdhmb+BPUCW6DJNe ljePdba8T02IB/3ZPdke2dT1qOSe0l6Rgk5J8gkpjmLcPdQPMGXHf2evWiyttvVn4D2O fXVQ== X-Gm-Message-State: ABuFfohiNoV1ORBRSDoMVYqhzAY+b7WrusO5V1V7wdXy+nkN0mCFuT+i sLUD+3UBhQS+8XsYV0GS13qjNsan X-Google-Smtp-Source: ACcGV60cz7vprpNZ0j04GmBozsTZ/2DB68jeD01MNcEVz+VeXfSHGHpjcPbM7bCsdCDUliJR7cRZRQ== X-Received: by 2002:ac8:3026:: with SMTP id f35-v6mr16330375qte.45.1539617566416; Mon, 15 Oct 2018 08:32:46 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([72.71.243.63]) by smtp.googlemail.com with ESMTPSA id g82-v6sm10087768qkh.24.2018.10.15.08.32.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Oct 2018 08:32:46 -0700 (PDT) From: David Long To: , Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.14 24/24] ARM: spectre-v1: mitigate user accesses Date: Mon, 15 Oct 2018 11:32:18 -0400 Message-Id: <1539617538-22328-25-git-send-email-dave.long@linaro.org> X-Mailer: git-send-email 2.5.0 In-Reply-To: <1539617538-22328-1-git-send-email-dave.long@linaro.org> References: <1539617538-22328-1-git-send-email-dave.long@linaro.org> From: Russell King Commit a3c0f84765bb429ba0fd23de1c57b5e1591c9389 upstream. Spectre variant 1 attacks are about this sequence of pseudo-code: index = load(user-manipulated pointer); access(base + index * stride); In order for the cache side-channel to work, the access() must me made to memory which userspace can detect whether cache lines have been loaded. On 32-bit ARM, this must be either user accessible memory, or a kernel mapping of that same user accessible memory. The problem occurs when the load() speculatively loads privileged data, and the subsequent access() is made to user accessible memory. Any load() which makes use of a user-maniplated pointer is a potential problem if the data it has loaded is used in a subsequent access. This also applies for the access() if the data loaded by that access is used by a subsequent access. Harden the get_user() accessors against Spectre attacks by forcing out of bounds addresses to a NULL pointer. This prevents get_user() being used as the load() step above. As a side effect, put_user() will also be affected even though it isn't implicated. Also harden copy_from_user() by redoing the bounds check within the arm_copy_from_user() code, and NULLing the pointer if out of bounds. Acked-by: Mark Rutland Signed-off-by: Russell King Signed-off-by: David A. Long --- arch/arm/include/asm/assembler.h | 4 ++++ arch/arm/lib/copy_from_user.S | 9 +++++++++ 2 files changed, 13 insertions(+) -- 2.5.0 diff --git a/arch/arm/include/asm/assembler.h b/arch/arm/include/asm/assembler.h index 0cd4dcc..b17ee03 100644 --- a/arch/arm/include/asm/assembler.h +++ b/arch/arm/include/asm/assembler.h @@ -460,6 +460,10 @@ THUMB( orr \reg , \reg , #PSR_T_BIT ) adds \tmp, \addr, #\size - 1 sbcccs \tmp, \tmp, \limit bcs \bad +#ifdef CONFIG_CPU_SPECTRE + movcs \addr, #0 + csdb +#endif #endif .endm diff --git a/arch/arm/lib/copy_from_user.S b/arch/arm/lib/copy_from_user.S index 7a4b060..a826df3 100644 --- a/arch/arm/lib/copy_from_user.S +++ b/arch/arm/lib/copy_from_user.S @@ -90,6 +90,15 @@ .text ENTRY(arm_copy_from_user) +#ifdef CONFIG_CPU_SPECTRE + get_thread_info r3 + ldr r3, [r3, #TI_ADDR_LIMIT] + adds ip, r1, r2 @ ip=addr+size + sub r3, r3, #1 @ addr_limit - 1 + cmpcc ip, r3 @ if (addr+size > addr_limit - 1) + movcs r1, #0 @ addr = NULL + csdb +#endif #include "copy_template.S"