From patchwork Fri Jul 12 05:28:15 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Viresh Kumar X-Patchwork-Id: 168886 Delivered-To: patch@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp395308ilk; Thu, 11 Jul 2019 22:30:15 -0700 (PDT) X-Google-Smtp-Source: APXvYqx0vnQSVhfjc2ja+k+XFumJJzQuzUDnq7BTRPtzy8YHo7woPVoZ/cnEUhGvE0pwSY7QMjrD X-Received: by 2002:a17:902:1081:: with SMTP id c1mr9308191pla.200.1562909414706; Thu, 11 Jul 2019 22:30:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562909414; cv=none; d=google.com; s=arc-20160816; b=obq+n1ZyTT9RY1t6zyE0XXWZaYQ83La83aTtG6WFIXx7En4NrvDMmYn9i1KuL00rcI e3tzoE4+/xL73a76JGCitMJLNBO/VDJaUYZU0eumexBf6Z6i7HOabZJqY+Drr1W5KSTq g/XNF8aRtOXXZWkNSXa7T8fCym4EvuJb5cU5Ryt8Z04Lhpm5Pk6sNFoUlkCE8KOWUqD2 c7rouKaMkvGf7vDZ2EtjU4onQcpknekyGwYmdoBMV6PmF/ynyuwUvJgUXEX18m6TjKdL OyHbB+TsTsxXD7/fBKxcSDdyZKifgwzb0V7gVge7SgWzXb3NdKVO73q13IMdrQ89D0Kz Y2Ww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=kL4bvpTkIxzXH8Y5LirqPgKQFts/fgCJz2Uk/H1BBsA=; b=WusluHxfOyZlWkuJwqM4n0jINl4FrCYXxgZCx8eag/i3ZjcjRZkQbCIzr0hnT5iNvR RuqvS02JZIbl9gGdcAWX3pUZoxlvesBa79agtEB00SE6Ahhilx1QOquxpoWVU7ONEDzJ wSWokXJPznwpD053bYf5kGiLilSSnB763LpQUyJOUUjhv0TtOpZEMZ0j4BCZblvY5WWU LX55nVXY2mXPd1trxMgn5U5iwYVcRoAlcqtUL0QlDkjaMOm3VLb9L3vbNcRbP0NahZnR Tol1axn5Vt5RfSdhEcJVTy50aZeEITmbikwgV861AkejDqWMCG9P2W6kkOGOTpJh4YTz a9AA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=y9XIy3wT; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e36si5303191pgm.17.2019.07.11.22.30.14; Thu, 11 Jul 2019 22:30:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=y9XIy3wT; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726084AbfGLFaN (ORCPT + 13 others); Fri, 12 Jul 2019 01:30:13 -0400 Received: from mail-pl1-f195.google.com ([209.85.214.195]:43991 "EHLO mail-pl1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725791AbfGLFaN (ORCPT ); Fri, 12 Jul 2019 01:30:13 -0400 Received: by mail-pl1-f195.google.com with SMTP id cl9so4184234plb.10 for ; Thu, 11 Jul 2019 22:30:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=kL4bvpTkIxzXH8Y5LirqPgKQFts/fgCJz2Uk/H1BBsA=; b=y9XIy3wTk60NXWrXhru0mUO9/FiIQPREsZdlokiU8JNb99L26GCt/yZIG2IBNB1WJg Kn89bWYn63fAPyCXVRrqjeEMRm+D73cSM1bBSF2Fpc+SGlMyBlN3M4u2xYr6pxEiIzLd 6Gv2JiHmZ5cDQF2BNlHUn62gP7cXHnpLypPt9ePeql3gi7+CzsagsMbfy1H721NCE0KK e878J9lQ1hyCCnI1gCkFdRECRGv0ZYVS+qNN5zmgumqJ+IBujvctwv3tIikLMsI0cP3O luRcEbquQ0y/S7UTqt9xwzfWjyT42vXfWK8WpJcBNXChxvHVMfw3c9m+up/a1itGbWyc DlTg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=kL4bvpTkIxzXH8Y5LirqPgKQFts/fgCJz2Uk/H1BBsA=; b=Jolz1qROAhARztd4ZTFwdrTsMuIvPn9Bx38c1AgPK/pj3m1wXQLq0g/97K+NT3OQQx IZC3iId0b6UxJfNy+wMd7kzwFS9f2nyXUtREl6Ova5Qt4KZksVJSnc5EgYKpoet2PSn6 TgwyU+D87cUWT+qokPvdXp6fNhoW7xKIOV0syUl0cbVlgzdzaiuuDrFXkdPjS6rX0AQR y3YL/z9my0qiU6jmBfgEOoIlLZT+zoNKtia1tE4U51X5tpP2VyeLyethT80OgglBsdN9 8x5/ZvEkaAPBCwbm+Uot7VRrXMg4JX7Nj7Ug2sXYDx1jiOJbvS6l/G7DL7W0qJminNOc qHDg== X-Gm-Message-State: APjAAAV3Yvk2d5hq8GOMy9cnUtKgHkuf/uS4T/o2I/lYbC3wL3I9yKOz 9NhPQwNLYkA3v2t65mTam6JRZhpPrjM= X-Received: by 2002:a17:902:4c88:: with SMTP id b8mr9462899ple.29.1562909412745; Thu, 11 Jul 2019 22:30:12 -0700 (PDT) Received: from localhost ([122.172.28.117]) by smtp.gmail.com with ESMTPSA id m9sm14607083pgr.24.2019.07.11.22.30.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 11 Jul 2019 22:30:12 -0700 (PDT) From: Viresh Kumar To: stable@vger.kernel.org, Julien Thierry Cc: Viresh Kumar , linux-arm-kernel@lists.infradead.org, Catalin Marinas , Marc Zyngier , Mark Rutland , Will Deacon , Russell King , Vincent Guittot , mark.brown@arm.com Subject: [PATCH v4.4 V2 27/43] arm64: entry: Apply BP hardening for suspicious interrupts from EL0 Date: Fri, 12 Jul 2019 10:58:15 +0530 Message-Id: <5de9501d4e24fe45bb5938c4eacad6ab56b1ae55.1562908075.git.viresh.kumar@linaro.org> X-Mailer: git-send-email 2.21.0.rc0.269.g1a574e7a288b In-Reply-To: References: MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon commit 30d88c0e3ace625a92eead9ca0ad94093a8f59fe upstream. It is possible to take an IRQ from EL0 following a branch to a kernel address in such a way that the IRQ is prioritised over the instruction abort. Whilst an attacker would need to get the stars to align here, it might be sufficient with enough calibration so perform BP hardening in the rare case that we see a kernel address in the ELR when handling an IRQ from EL0. Reported-by: Dan Hettena Reviewed-by: Marc Zyngier Signed-off-by: Will Deacon Signed-off-by: Catalin Marinas Signed-off-by: Viresh Kumar --- arch/arm64/kernel/entry.S | 5 +++++ arch/arm64/mm/fault.c | 6 ++++++ 2 files changed, 11 insertions(+) -- 2.21.0.rc0.269.g1a574e7a288b diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index 42a141f01f3b..1548be9732ce 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -582,6 +582,11 @@ ENDPROC(el0_sync) #endif ct_user_exit +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + tbz x22, #55, 1f + bl do_el0_irq_bp_hardening +1: +#endif irq_handler #ifdef CONFIG_TRACE_IRQFLAGS diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c index 082f385b6592..9ff48d083c4c 100644 --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -535,6 +535,12 @@ asmlinkage void __exception do_mem_abort(unsigned long addr, unsigned int esr, arm64_notify_die("", regs, &info, esr); } +asmlinkage void __exception do_el0_irq_bp_hardening(void) +{ + /* PC has already been checked in entry.S */ + arm64_apply_bp_hardening(); +} + asmlinkage void __exception do_el0_ia_bp_hardening(unsigned long addr, unsigned int esr, struct pt_regs *regs)