From patchwork Thu Aug 29 11:34:13 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Viresh Kumar X-Patchwork-Id: 172605 Delivered-To: patch@linaro.org Received: by 2002:a92:d204:0:0:0:0:0 with SMTP id y4csp2092288ily; Thu, 29 Aug 2019 04:36:09 -0700 (PDT) X-Google-Smtp-Source: APXvYqws0ReeJ+UwxatzdXj6dEtJKch7ILvnGtIYJu8wf8hczSqIhkSVF8rDoYgqJADrWe9sBu66 X-Received: by 2002:a62:ee0e:: with SMTP id e14mr11035031pfi.31.1567078569110; Thu, 29 Aug 2019 04:36:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1567078569; cv=none; d=google.com; s=arc-20160816; b=Ue6t7C+IBQOcr6W9fWwi90kYWEUkftSlhUfUUVFCdIeYA8AlWUIENuJS6GqF87zZLM AUISutUwLjnuxkNnyKzVcDTKe6Ifxse0vpnwjQ7OK8kpUZt31smD+kFrav5H3XCgZoY5 PiiWIDLyoN/CDDw/lDv93T0dw1qeP7+pxP9DuPQK1UPvgPaIlU+LeJQtzXnjYuDTLRnA FJw3kXtO8z3Ob8q5CFdIpAd8Y0T0DrzdaZ94GA6wQRf1DiZhBkofN1yfgflHO7naYDFI 8SO15uTzyOuXKnmKYXV49qWNh+YbX9cU9q65CAmXe0Dqhukm0k7misXA3Lvm0OktUyoZ 6kcA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=kL4bvpTkIxzXH8Y5LirqPgKQFts/fgCJz2Uk/H1BBsA=; b=C4FodW4EFQ3CAlem56IRDl27AA6ofxj89LlBBBotK/IYMgc3M/81nNp6lgjdQkrgUr n9pi5yjeALjOtB1oqwPzCymkoIRVXcDNYILwRq12cH27ppc2zmbAy2uX73/9cFG1TrlN HaNZR0yWTvrU0NkTukRwFn1y67oJ9Sqb7gkhlQuuEd5Nt4xE7xT7vG3J5grBvrJGysFF /N9G4dO3IOHyVmhozOrG9KMd1S2UfsQpdhGM+OWkOQtn2h8+POFZjvrpbGiJE0vV5cVr 22oertH7uGR9mpm3VbCc81T24PSnbPMKHEIYoh9v6X++dUmi7xqvbmfPaoGs6EdL96v2 ndRg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=uQR2nK9A; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c67si2276378pfb.211.2019.08.29.04.36.08; Thu, 29 Aug 2019 04:36:09 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=uQR2nK9A; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727087AbfH2LgI (ORCPT + 14 others); Thu, 29 Aug 2019 07:36:08 -0400 Received: from mail-pl1-f195.google.com ([209.85.214.195]:46132 "EHLO mail-pl1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727072AbfH2LgI (ORCPT ); Thu, 29 Aug 2019 07:36:08 -0400 Received: by mail-pl1-f195.google.com with SMTP id o3so1429115plb.13 for ; Thu, 29 Aug 2019 04:36:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=kL4bvpTkIxzXH8Y5LirqPgKQFts/fgCJz2Uk/H1BBsA=; b=uQR2nK9Abh6tvSTERRD5xBq9uwIxsZobXq4VEfEob3EK6BxdIufTOc5Wx3Y/FVU4uc JWR1NrqBH7lUEVzldljV3kwsB+S09nQFWAzzaR3VX9uxPnRn8IXDKjrv2CwTLnMaYHYb /Oz0Ek425YEemXc/7qOYG6eSOdf2MaBTXINhNAnGlqFpjO/CPx6xeW4x0phOm4w4AAnU MhjlHro4CJmTRlEKwdlqXVEI9OZZvBTPuJbLamLy9gPjCo8VToC1yGgADlXvtZjfOZ+b io0G7yJ1Xb4O27IQJpP/v2qJpHKzTFev0xrvzTrIGNbhswhr+mNOJcu8WS95sQRWCZb8 blkg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=kL4bvpTkIxzXH8Y5LirqPgKQFts/fgCJz2Uk/H1BBsA=; b=ejLIbnrZ3SpNp5XEkKPad4u/MsSfEfDsBflVpKhDH1jX+jg3/edNIkR0ljz1I46WoM NsVKsBBmVX8L8NIJiaSQudyvisHMcdL2xXE6mJhaDD3s2pW3D4CGqqEUnz7BCuUvFVqQ MSKzPerptVcksG4ll2UTxQpTIVU4P/q8ORmltrC+T2h7xRxxlTKXmDAt8n0gaWhq7NdL pTlzeO3iViXw/sjYpUGQK3KEAWFIBzJSm9RdD1Mjdp8D4qav/Aqc7BppEbY78HOacVxO ouuDmvF1X9Kvu69w9Rd0Tzt0RSlE2ZjA7JMHHcMj6Wnzbfd5vZ1e08If01iglrm+2wsg LHuQ== X-Gm-Message-State: APjAAAWJRkpMTysuVz7W2CyjMhU6SIWSk48HdmIbVANQ7W4zvGgWbTex qeW9es8aDK9lhGgzCSwypd2EA3d04Gs= X-Received: by 2002:a17:902:7c8b:: with SMTP id y11mr9687584pll.259.1567078567353; Thu, 29 Aug 2019 04:36:07 -0700 (PDT) Received: from localhost ([122.167.132.221]) by smtp.gmail.com with ESMTPSA id g14sm2587953pfo.41.2019.08.29.04.36.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 29 Aug 2019 04:36:06 -0700 (PDT) From: Viresh Kumar To: stable@vger.kernel.org, Julien Thierry , Mark Rutland Cc: Viresh Kumar , linux-arm-kernel@lists.infradead.org, Catalin Marinas , Marc Zyngier , Will Deacon , Russell King , Vincent Guittot , mark.brown@arm.com Subject: [PATCH ARM64 v4.4 V3 28/44] arm64: entry: Apply BP hardening for suspicious interrupts from EL0 Date: Thu, 29 Aug 2019 17:04:13 +0530 Message-Id: <16be0cb9c5bbcff5cfe74cf8d47c5a4084e45b5e.1567077734.git.viresh.kumar@linaro.org> X-Mailer: git-send-email 2.21.0.rc0.269.g1a574e7a288b In-Reply-To: References: MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon commit 30d88c0e3ace625a92eead9ca0ad94093a8f59fe upstream. It is possible to take an IRQ from EL0 following a branch to a kernel address in such a way that the IRQ is prioritised over the instruction abort. Whilst an attacker would need to get the stars to align here, it might be sufficient with enough calibration so perform BP hardening in the rare case that we see a kernel address in the ELR when handling an IRQ from EL0. Reported-by: Dan Hettena Reviewed-by: Marc Zyngier Signed-off-by: Will Deacon Signed-off-by: Catalin Marinas Signed-off-by: Viresh Kumar --- arch/arm64/kernel/entry.S | 5 +++++ arch/arm64/mm/fault.c | 6 ++++++ 2 files changed, 11 insertions(+) -- 2.21.0.rc0.269.g1a574e7a288b diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index 42a141f01f3b..1548be9732ce 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -582,6 +582,11 @@ ENDPROC(el0_sync) #endif ct_user_exit +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + tbz x22, #55, 1f + bl do_el0_irq_bp_hardening +1: +#endif irq_handler #ifdef CONFIG_TRACE_IRQFLAGS diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c index 082f385b6592..9ff48d083c4c 100644 --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -535,6 +535,12 @@ asmlinkage void __exception do_mem_abort(unsigned long addr, unsigned int esr, arm64_notify_die("", regs, &info, esr); } +asmlinkage void __exception do_el0_irq_bp_hardening(void) +{ + /* PC has already been checked in entry.S */ + arm64_apply_bp_hardening(); +} + asmlinkage void __exception do_el0_ia_bp_hardening(unsigned long addr, unsigned int esr, struct pt_regs *regs)