From patchwork Wed Nov 7 16:44:01 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 150438 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp5387612ljp; Wed, 7 Nov 2018 08:44:32 -0800 (PST) X-Received: by 2002:aed:38c6:: with SMTP id k64mr747915qte.97.1541609072274; Wed, 07 Nov 2018 08:44:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541609072; cv=none; d=google.com; s=arc-20160816; b=TXRi1fOk8ZxB5d2McXC4LtUuzQwG79dkHCs1cakyFba9TMnuqV/KFVu1Fanjhyfs7k 033f6yU/KP5DwUGqWmr+LdASNrvAVlDZiEeIVIumnSyQD3bW3WbIz24RuvfwgiVRi7L7 3HCQWDT36qBspJtjeMmkiynjxD8Y+UYpBIroSS+TKzBBMgGgIgerKoccH8NYJGnHziNx b8KPiuudx1+4Qj1cmgunQ1GgozUYiqJobvUNVt4lVNxZxqlF4X6HnB+MNilwQFyOXj0r 6UKWND7Y48Q8H9PKt9n/dn7Vk00Mkna00/6X+dj+i+BvaJF+iXKpBAaI+AdE2y/61IBB X92g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=NgpDbEEIVQNDaGmylLr91S8vRe2oycD1Ffr64haQrrw=; b=TuEZMaWnsQU2mMKGF/NVQEqmMzZHicaTX1VwCm5mtDEYs4m665BZVrrk8bDwV9Emlp 9YFxdS2t9OuuNMzR7Zq/ndjIt0iR7QEKe/drEF35CIG+gYUwIwIjuE7dl+zLasXyEsbC QE87SOIlNDK8j/BYZjDihaxEPyOXVhpQ4KeymXg9zEtlTfpxVWA0CRcyQIzO2JDmtHlF sbssyHMwH6rm3r5IyB6UObV0wv23teAycTwrzll7MkdtaCfrQ/Eu/BuD3jla0T+t5ikx bBr+lRYOeJ27KTCInO5jSXDqj8W2wUX0ZkcJJVwMm2FPErTYTWIX9dTR3ApcpgX1Y083 52bg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=bVEwQKBr; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id j124sor654994qka.0.2018.11.07.08.44.32 for (Google Transport Security); Wed, 07 Nov 2018 08:44:32 -0800 (PST) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=bVEwQKBr; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=NgpDbEEIVQNDaGmylLr91S8vRe2oycD1Ffr64haQrrw=; b=bVEwQKBrLqM4qzzHgcxrqetJMrn2B5Wed3gFIIfzCT223T6JXUJtxkepjasLpPzJsf VaF1Ew1XFLbVp4pslk0cuWnAugSb/4MOaHarcmbH1jazAZ9T64Mvk57dg6fipC75J1U7 IL+rhBg5qKYpc5vBFR8jc2OILIZnEhedR7YEw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=NgpDbEEIVQNDaGmylLr91S8vRe2oycD1Ffr64haQrrw=; b=Qa4ZZAA0NXCXx4eUqNT3U+gVLeRaO0Q1P3qZsxJ+BUgkoDe5DYurx9xvDnhrYD6Goc 5j1Jazn6IC4q+EcN0ZhmTgRsfOsw2CU/JQGPywxMyMIkhBcxCB4tCIwy1gxcma0V0SR2 TUEO6wFaD2ujlKYBENu/p29nwBho0jpzEVCcr0L5ddJ2CQpSm81WK47CGDJ+uCAhBlUs 5C36nbvBkceFbF2jc9AJ3KQgI98N7NYibrrwlB/DXA8JpkFnN6Q2XrC2FKhpifJGxOPT YrMZ7aiO4CKkIRzsjxzYPWSxFZLVOvpHhLf2CvvjRxptGlPm559idGQyl9abJ/UFfVHJ 3HGw== X-Gm-Message-State: AGRZ1gLnuHL7WjnXF7chGwSi4EpNDu5v3aKEubJTAHhvbR0vuWD/NhRW uh/GoBGHvN8Qlmjj0fJhH7m/Du4bVW99nQ== X-Google-Smtp-Source: AJdET5fNxMtLZwlSk07rTlmIbHMgXqXZThsJRfjHRX6IhwB/88SqDdbNrv2WVLiYi9F46cafcTyjWQ== X-Received: by 2002:ae9:eb96:: with SMTP id b144mr887466qkg.127.1541609071744; Wed, 07 Nov 2018 08:44:31 -0800 (PST) Return-Path: Received: from localhost.localdomain (pool-72-71-243-63.cncdnh.fast00.myfairpoint.net. [72.71.243.63]) by smtp.googlemail.com with ESMTPSA id 96-v6sm681817qtc.56.2018.11.07.08.44.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 08:44:31 -0800 (PST) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 V2 23/24] ARM: spectre-v1: use get_user() for __get_user() Date: Wed, 7 Nov 2018 11:44:01 -0500 Message-Id: <20181107164402.9380-24-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181107164402.9380-1-dave.long@linaro.org> References: <20181107164402.9380-1-dave.long@linaro.org> From: Russell King Commit b1cd0a14806321721aae45f5446ed83a3647c914 upstream. Fixing __get_user() for spectre variant 1 is not sane: we would have to add address space bounds checking in order to validate that the location should be accessed, and then zero the address if found to be invalid. Since __get_user() is supposed to avoid the bounds check, and this is exactly what get_user() does, there's no point having two different implementations that are doing the same thing. So, when the Spectre workarounds are required, make __get_user() an alias of get_user(). Acked-by: Mark Rutland Signed-off-by: Russell King Signed-off-by: David A. Long --- arch/arm/include/asm/uaccess.h | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) -- 2.17.1 diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h index 4a61f36c7397..7b17460127fd 100644 --- a/arch/arm/include/asm/uaccess.h +++ b/arch/arm/include/asm/uaccess.h @@ -280,6 +280,16 @@ static inline void set_fs(mm_segment_t fs) #define user_addr_max() \ (segment_eq(get_fs(), KERNEL_DS) ? ~0UL : get_fs()) +#ifdef CONFIG_CPU_SPECTRE +/* + * When mitigating Spectre variant 1, it is not worth fixing the non- + * verifying accessors, because we need to add verification of the + * address space there. Force these to use the standard get_user() + * version instead. + */ +#define __get_user(x, ptr) get_user(x, ptr) +#else + /* * The "__xxx" versions of the user access functions do not verify the * address space - it must have been done previously with a separate @@ -296,12 +306,6 @@ static inline void set_fs(mm_segment_t fs) __gu_err; \ }) -#define __get_user_error(x, ptr, err) \ -({ \ - __get_user_err((x), (ptr), err); \ - (void) 0; \ -}) - #define __get_user_err(x, ptr, err) \ do { \ unsigned long __gu_addr = (unsigned long)(ptr); \ @@ -361,6 +365,7 @@ do { \ #define __get_user_asm_word(x, addr, err) \ __get_user_asm(x, addr, err, ldr) +#endif #define __put_user_switch(x, ptr, __err, __fn) \