From patchwork Thu Aug 1 08:16:05 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Viresh Kumar X-Patchwork-Id: 170330 Delivered-To: patch@linaro.org Received: by 2002:a92:512:0:0:0:0:0 with SMTP id q18csp5086046ile; Thu, 1 Aug 2019 01:20:32 -0700 (PDT) X-Google-Smtp-Source: APXvYqxz01ELiO8vcTsBpUzhhF7FWd4ja/Fo9owL4sp18QnKscILtZjNhdLpuO1OY/T4qbLxrZj1 X-Received: by 2002:a63:c44c:: with SMTP id m12mr78608615pgg.396.1564647632372; Thu, 01 Aug 2019 01:20:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564647632; cv=none; d=google.com; s=arc-20160816; b=Ea77n77tDkEp4XlFaV4VBBcVV8td+4wAdIku1bf4Z8KvVXZpMTW12dIGvi4IRhWyfH Wx+FicMbu+kr27FV1Dyr97P2pl4k+0Uu4vnzvEuuY8Aezck9qftVqPTFTYniDxs71y0Y T6tSWQlgL7BzvtV1mgOiuT3k69Sf04ZnVPpbc0XSB4A29CBnvGlOHwjI/f9gb5p8Vfr/ FYwCRWIHylUHBDC5zZHVBawNijPqYyOI6xG+fAW1s1gHh3Xb/qn6LP7gecjEAG9i4r+l CCIYblQI8FoCktXxkiYPUb0vwbMI1LF3gvzj9+JtZMY+69fOGqajmxqz1KDx1NGxaDBB HEDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=kLSGaDTr3EMSfGVKyIoCGH7cLmpO8I4it2r2qsg5/0U=; b=gyfYp6gMxXD0JNCWQbuNcpL7SLgA5W8+qp6E/SDcGbHRmYsAapA9HWu9WW+0WcXBWO az5CJnEVtROgpMgvzNKX0x5Yf1JU9xLI+eYFl0ysfXEfEbapDLeatPvOPWrZgb3ipyUQ WMLGB0Ub9xmy0GT0rgR3cIVMNRAeP3BxSpGEwTdE1p24Zum6FCd+LLWNX04150aZxJuI 3BqgCReuBypR/1cm247cUBTF3/xSnUmxgSkCJzF3f7X8gUwKXkEYk9eUqkck/P0pEAIa j4N0qyKaeyLgbAAd5sgyQL6NVvTA6MHW+7KW3XpxH8o+FZ0WoNlu52bAYY5cqheFS8sG O+BQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=S4Wz6Hsr; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f10si37407577pfq.194.2019.08.01.01.20.31; Thu, 01 Aug 2019 01:20:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=S4Wz6Hsr; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731082AbfHAIUb (ORCPT + 14 others); Thu, 1 Aug 2019 04:20:31 -0400 Received: from mail-pf1-f193.google.com ([209.85.210.193]:34906 "EHLO mail-pf1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731077AbfHAIUb (ORCPT ); Thu, 1 Aug 2019 04:20:31 -0400 Received: by mail-pf1-f193.google.com with SMTP id u14so33623662pfn.2 for ; Thu, 01 Aug 2019 01:20:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=kLSGaDTr3EMSfGVKyIoCGH7cLmpO8I4it2r2qsg5/0U=; b=S4Wz6HsrBZ4tFip1H1Xoh71BhAkngC7SSsG3Z60MGcWvZ1nYmLBFkZTCNc/gGBmYqp IvV13zZFKByRQ8qi8CH0XXNBfuFpCJIJLwbTMKFqjgMGKK/Q4D/xvBcx878dgpzncKb2 I0T8P4TIuMTI9CQMhnwtBZulf8EcnVFJrTMqHvdD90TUaF6WWzyoL6U9mkF7srlQQjFa jrrGAfvzswQqiIE12EfSt7xGgA6uDsQhoKBwYmwaCADnasmiqQOzxOV2+9PQBa/QRjk8 skcU3J2/Dw8xQoAvBxZXQBYWI3VkPxRydxL9jSpqww1lQY8LN2GiMi62LdIm56nUincD Senw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=kLSGaDTr3EMSfGVKyIoCGH7cLmpO8I4it2r2qsg5/0U=; b=QwWpKo36W4H/xDz3OLiL9yQc//hftDTTbWT9HO81gF1pbR0xFMjS8SfGp4pYNoG3hK Lu/DwDIBFz6LXl1KA6R3ngVAGgnIKgH3G1FWDTI6QqRrJsorMgnK8rRcWCsIjq0newCh kfVZhVttah9Ue43tBgVKoW17HPjawIygBHI7ZoHKiW5D8QMwi2KuJkqekKsj0x2WDKW5 q/5dtFjrYZlST6RvO56j2fTLGDhsrUTjBVX/lYXr0WFwT0fi/17TsBOjKxqSuxLt+IlD oLDFrE1wNnPzl5HcNeKF016dGeHa79alVPlmNvxIqhPybd13lOtVUayq3K9cBb8s9/gv kn/A== X-Gm-Message-State: APjAAAVe3PWAthI9/eh94gXKy4oF9V0Tu6LFzgqp2usR32GZAtHMl686 WPUCnl5gb57KjwJVa6qNt99Ws1p+DU8= X-Received: by 2002:a63:db47:: with SMTP id x7mr117148117pgi.375.1564647630247; Thu, 01 Aug 2019 01:20:30 -0700 (PDT) Received: from localhost ([122.172.28.117]) by smtp.gmail.com with ESMTPSA id v185sm80565687pfb.14.2019.08.01.01.20.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 01 Aug 2019 01:20:29 -0700 (PDT) From: Viresh Kumar To: stable@vger.kernel.org Cc: Viresh Kumar , Julien Thierry , linux-arm-kernel@lists.infradead.org, Catalin Marinas , Marc Zyngier , Mark Rutland , Will Deacon , Russell King , Vincent Guittot , mark.brown@arm.com, guohanjun@huawei.com Subject: [PATCH ARM32 v4.4 V2 21/47] ARM: spectre-v1: fix syscall entry Date: Thu, 1 Aug 2019 13:46:05 +0530 Message-Id: <64408fb0ea37930f27bb2135b8c7f11a3d16fe7a.1564646727.git.viresh.kumar@linaro.org> X-Mailer: git-send-email 2.21.0.rc0.269.g1a574e7a288b In-Reply-To: References: MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Russell King Commit 10573ae547c85b2c61417ff1a106cffbfceada35 upstream. Prevent speculation at the syscall table decoding by clamping the index used to zero on invalid system call numbers, and using the csdb speculative barrier. Signed-off-by: Russell King Acked-by: Mark Rutland Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Signed-off-by: David A. Long Signed-off-by: Viresh Kumar --- arch/arm/kernel/entry-common.S | 18 +++++++----------- arch/arm/kernel/entry-header.S | 25 +++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 11 deletions(-) -- 2.21.0.rc0.269.g1a574e7a288b diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S index 30a7228eaceb..e969b18d9ff9 100644 --- a/arch/arm/kernel/entry-common.S +++ b/arch/arm/kernel/entry-common.S @@ -223,9 +223,7 @@ ENTRY(vector_swi) tst r10, #_TIF_SYSCALL_WORK @ are we tracing syscalls? bne __sys_trace - cmp scno, #NR_syscalls @ check upper syscall limit - badr lr, ret_fast_syscall @ return address - ldrcc pc, [tbl, scno, lsl #2] @ call sys_* routine + invoke_syscall tbl, scno, r10, ret_fast_syscall add r1, sp, #S_OFF 2: cmp scno, #(__ARM_NR_BASE - __NR_SYSCALL_BASE) @@ -258,14 +256,8 @@ ENDPROC(vector_swi) mov r1, scno add r0, sp, #S_OFF bl syscall_trace_enter - - badr lr, __sys_trace_return @ return address - mov scno, r0 @ syscall number (possibly new) - add r1, sp, #S_R0 + S_OFF @ pointer to regs - cmp scno, #NR_syscalls @ check upper syscall limit - ldmccia r1, {r0 - r6} @ have to reload r0 - r6 - stmccia sp, {r4, r5} @ and update the stack args - ldrcc pc, [tbl, scno, lsl #2] @ call sys_* routine + mov scno, r0 + invoke_syscall tbl, scno, r10, __sys_trace_return, reload=1 cmp scno, #-1 @ skip the syscall? bne 2b add sp, sp, #S_OFF @ restore stack @@ -317,6 +309,10 @@ ENTRY(sys_call_table) bic scno, r0, #__NR_OABI_SYSCALL_BASE cmp scno, #__NR_syscall - __NR_SYSCALL_BASE cmpne scno, #NR_syscalls @ check range +#ifdef CONFIG_CPU_SPECTRE + movhs scno, #0 + csdb +#endif stmloia sp, {r5, r6} @ shuffle args movlo r0, r1 movlo r1, r2 diff --git a/arch/arm/kernel/entry-header.S b/arch/arm/kernel/entry-header.S index 6d243e830516..86dfee487e24 100644 --- a/arch/arm/kernel/entry-header.S +++ b/arch/arm/kernel/entry-header.S @@ -373,6 +373,31 @@ #endif .endm + .macro invoke_syscall, table, nr, tmp, ret, reload=0 +#ifdef CONFIG_CPU_SPECTRE + mov \tmp, \nr + cmp \tmp, #NR_syscalls @ check upper syscall limit + movcs \tmp, #0 + csdb + badr lr, \ret @ return address + .if \reload + add r1, sp, #S_R0 + S_OFF @ pointer to regs + ldmccia r1, {r0 - r6} @ reload r0-r6 + stmccia sp, {r4, r5} @ update stack arguments + .endif + ldrcc pc, [\table, \tmp, lsl #2] @ call sys_* routine +#else + cmp \nr, #NR_syscalls @ check upper syscall limit + badr lr, \ret @ return address + .if \reload + add r1, sp, #S_R0 + S_OFF @ pointer to regs + ldmccia r1, {r0 - r6} @ reload r0-r6 + stmccia sp, {r4, r5} @ update stack arguments + .endif + ldrcc pc, [\table, \nr, lsl #2] @ call sys_* routine +#endif + .endm + /* * These are the registers used in the syscall handler, and allow us to * have in theory up to 7 arguments to a function - r0 to r6.