From patchwork Thu Feb 14 14:49:22 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 158402 Delivered-To: patches@linaro.org Received: by 2002:a02:48:0:0:0:0:0 with SMTP id 69csp1462254jaa; Thu, 14 Feb 2019 06:49:44 -0800 (PST) X-Received: by 2002:a37:4145:: with SMTP id o66mr2956095qka.129.1550155784128; Thu, 14 Feb 2019 06:49:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550155784; cv=none; d=google.com; s=arc-20160816; b=Y+m9NIY6w4t2rU9hndjtxmdZktvyiAH0FclzeVGDoj+XysJlXfOeRxkI/G1cLfbyDa SgpWsVME5aMv4Ddf8usy6J4LwQuT6+VtFnlTgeesgrnIRcBhpyO+szQKa9P1oTupWoV+ 4c5d5QUXreQHO1G80nl389XFMruOa9PqBIftN+++eoHaVj0KVcJgyYSHgnntlmtyuVnl +Yr+TTLDULfwge+mpl8Ic4PV2kqX57QUoaHwZSqVuHHAQrzwoVJD1ceJuJhChNiggxiD m8+miIB0rJ6Kw7Nn3bnvn8mheBbgWwYYog3x/lUdlU1Bps/8zYRHIiDQmI6bnk6Zroky FUTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=jAX1WYClvTF68HOuBDHcjdNU9Y05TUeERF66yDaIHEY=; b=RB1sXQkxQhKFpOfYhY3SSrRXOf1XX5G/OrMlg4DsSZQ11rfHvgD96AuA1tfGrE+E97 MzSooZVXEAvFEqAfJj8Vk7wq+iEsaL4MSLQjpw4rZaRsobAiGdZMNzoGSW59dIUZsQpT Q+azupSRISdhOjDqgF64eXDS1qPlvrZMDdA3e02QUmFRrG4XzGgZo/kgfaF2LNePo8GY O5tTtv+CjLYEzFHLRuGN5xM4m0BBcH+j+g+j+WXWh6ScmG7POiYIRKsk5WRBt78WZrcK gSc7BipZnS5/lY1r6dunI1lmvWb1eQDk2hki1GVPLD7KAZlBdRlmrFOZfBuqozOCiVuW bzVg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=L9Zyo6Tb; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.41 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f41.google.com (mail-sor-f41.google.com. [209.85.220.41]) by mx.google.com with SMTPS id m16sor2918310qvi.34.2019.02.14.06.49.44 for (Google Transport Security); Thu, 14 Feb 2019 06:49:44 -0800 (PST) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.41 as permitted sender) client-ip=209.85.220.41; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=L9Zyo6Tb; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.41 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=jAX1WYClvTF68HOuBDHcjdNU9Y05TUeERF66yDaIHEY=; b=L9Zyo6Tbln45JAT9duHaa+RG+kna2YWVG18IgdQaCAkBuqKBSBxHfhQYFLpRMM8q1K vUa5hlIrngpOLZW+qnMs4VuoUfnCEsQ8QxTdLgJikfw0oKlPGC2wF7N9/vONBVBkHRI8 PLv/3iQp2q0UUqgl74XpHUyWSiX7XrTCpx2A1g+oIOlkL5BsVShfZejJdh3E113twJaL OhOYZRHHWMvpr9PmmDc21N/5M4qbpSzIoNN7B+SPJDKXtYQdPKa0La9A/QihDG27PZRU /YtPIr/EcA97zw3ydKdalfgLpb3aR+9hGt9vP+ZVRlPS8dz0moSsZaR4qJHjdEPTh7zZ w3CA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=jAX1WYClvTF68HOuBDHcjdNU9Y05TUeERF66yDaIHEY=; b=USxkgewNsXyHj7bjJkyrbUrcITIaYTrPil/CUJlUUN9TrDLxvPP7foAYMfh6oQHEFh i/ejuHpOodyw+tBKmXzAk+5clNAOO3MqSNVsE6kQNZL57Q8a9rNLv0p6nEE4sxn8x9Xw qOLtZtHVWA/M+Zda3JXZJOWN+iTY1zlZQRi/UuAGCZHrGf/0BG58HJZh8x4+NloGbkVj 633IrMrUlvU5rv4GhvFrvfONdrI1fMmvvlKKR7RNlBUPiP/g2kh79DUjq2baanXLH5BF +2416tIt3++0/rqWo1hl97jXM3cnUg/8e9vJ3qyamvv+4kmLL9midsUfcb+xZcr2rKem zbaQ== X-Gm-Message-State: AHQUAuagpqUPuEgcLRBmoBFq9SK183ZAs6Olh6kgyI1siaiY4iJScgV9 VVO5XIgNmLYyGCJ3V41tR2VyMoT6 X-Google-Smtp-Source: AHgI3IZBiST25lvmOi9NkLs7JajuZ3z+j1YbEwfnS8qIJALn9pNb8XJFarQiroh+0yPSG0KDVtHeoQ== X-Received: by 2002:a0c:d124:: with SMTP id a33mr3194125qvh.19.1550155783894; Thu, 14 Feb 2019 06:49:43 -0800 (PST) Return-Path: Received: from localhost.localdomain (pool-72-71-243-63.cncdnh.fast00.myfairpoint.net. [72.71.243.63]) by smtp.googlemail.com with ESMTPSA id k66sm1498919qkc.25.2019.02.14.06.49.42 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 14 Feb 2019 06:49:43 -0800 (PST) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Julien Thierry , Tony Lindgren , Marc Zyngier , Greg KH , Mark Rutland Cc: Will Deacon , Mark Brown , linux-kernel@vger.kernel.org Subject: [PATCH 4.9 08/16] ARM: 8797/1: spectre-v1.1: harden __copy_to_user Date: Thu, 14 Feb 2019 09:49:22 -0500 Message-Id: <20190214144930.27539-9-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190214144930.27539-1-dave.long@linaro.org> References: <20190214144930.27539-1-dave.long@linaro.org> From: Julien Thierry Commit a1d09e074250fad24f1b993f327b18cc6812eb7a upstream. Sanitize user pointer given to __copy_to_user, both for standard version and memcopy version of the user accessor. Signed-off-by: Julien Thierry Signed-off-by: Russell King Signed-off-by: David A. Long --- arch/arm/lib/copy_to_user.S | 6 +++++- arch/arm/lib/uaccess_with_memcpy.c | 3 ++- 2 files changed, 7 insertions(+), 2 deletions(-) -- 2.17.1 diff --git a/arch/arm/lib/copy_to_user.S b/arch/arm/lib/copy_to_user.S index caf5019d8161..970abe521197 100644 --- a/arch/arm/lib/copy_to_user.S +++ b/arch/arm/lib/copy_to_user.S @@ -94,6 +94,11 @@ ENTRY(__copy_to_user_std) WEAK(arm_copy_to_user) +#ifdef CONFIG_CPU_SPECTRE + get_thread_info r3 + ldr r3, [r3, #TI_ADDR_LIMIT] + uaccess_mask_range_ptr r0, r2, r3, ip +#endif #include "copy_template.S" @@ -108,4 +113,3 @@ ENDPROC(__copy_to_user_std) rsb r0, r0, r2 copy_abort_end .popsection - diff --git a/arch/arm/lib/uaccess_with_memcpy.c b/arch/arm/lib/uaccess_with_memcpy.c index 6bd1089b07e0..f598d792bace 100644 --- a/arch/arm/lib/uaccess_with_memcpy.c +++ b/arch/arm/lib/uaccess_with_memcpy.c @@ -152,7 +152,8 @@ arm_copy_to_user(void __user *to, const void *from, unsigned long n) n = __copy_to_user_std(to, from, n); uaccess_restore(ua_flags); } else { - n = __copy_to_user_memcpy(to, from, n); + n = __copy_to_user_memcpy(uaccess_mask_range_ptr(to, n), + from, n); } return n; }