From patchwork Wed Jan 10 12:11:36 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 124070 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp5196941qgn; Wed, 10 Jan 2018 04:11:55 -0800 (PST) X-Google-Smtp-Source: ACJfBosQJ2K3RSxW9UcxM3pui6w6hRSUkJjElNLd7C/IC0oImHUOhTfokssioyEJ88WfpNUmTY2y X-Received: by 10.159.197.6 with SMTP id bj6mr2951573plb.87.1515586315254; Wed, 10 Jan 2018 04:11:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1515586315; cv=none; d=google.com; s=arc-20160816; b=m9qEDCLVZDBfTmhJsFPD3p+NDNiaz5chxDR0MwU2Fm0OapqBzADXqBGFruy0IGihH0 wu9V2G3nvBrCjma2czEseiLK2zI2racYAd4yGS5LBk/PoyVwK71FKxGv0bINEDOI7UEL mxpS9Qa5itcvoQPBf+goA1DRQ6ucM3IFOfYX82aFcmj5Y/WfdRDjEfpLpKAADQeB0Ke0 jFy6OeQPm3XB3Aw/TLFtwEyUbwwcsWn7KUOpuQ73+q2nRf0T1vwKuFLZUzediMD0gtSh sMNj+FzpeW5YlVZX3BXyIT0FA0rTBAsrlmeIq/MaPxIz9nH3J/nib06OA72P+yCAYR7o uvSg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=2ilW7WNjraUY/HnEDEKZ/4rPlXyuM8aTkU4t7xgVeTw=; b=E/JeRA4QOkB76REI+wPeUYjKvlZjSYuiNwE2EV8O9NImK7LRAPNguW/XvF6a6m9sL1 AI7/xOeKABmKoHEs20s8TN/FA0Fb7a16ddzEpGYszXfq7oxJHzvyap5YVdvcAN6MtkjC DdV32sXP2PSNulOwWKFWg83am6hA9M1UOZXIwiuEw/9uPWPOkRaEu2Xpvfk612hSu6QI 3XCDpf10XuRAWDIXOR5d7ckG+kufINM4xn4FJICwrO8AFISH0xwLvCP2jTm0gh3kpzj6 1DxML4xO7gr5KLLj+OlIXBDUygmN4B8hEaqrZ+tb33atf97rWplZSm1UEgqr1SmAGg4j 7exA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=G+HBkFQ2; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b1si1686333pld.641.2018.01.10.04.11.55; Wed, 10 Jan 2018 04:11:55 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=G+HBkFQ2; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754585AbeAJMLy (ORCPT + 1 other); Wed, 10 Jan 2018 07:11:54 -0500 Received: from mail-wm0-f67.google.com ([74.125.82.67]:35092 "EHLO mail-wm0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751352AbeAJMLx (ORCPT ); Wed, 10 Jan 2018 07:11:53 -0500 Received: by mail-wm0-f67.google.com with SMTP id r78so1362071wme.0 for ; Wed, 10 Jan 2018 04:11:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=2ilW7WNjraUY/HnEDEKZ/4rPlXyuM8aTkU4t7xgVeTw=; b=G+HBkFQ2B8iH+11SyMAASYTWNxR/rUer+mnC9Ryk/esRfIJd3WotPVRBBkGCldy6RT mFoXNLdB3rnii/XCN2EeQhcB0vZUHK9c4sW4zb5+l0L9fn7mSI3bN51q3BGDmseQWiKr bd6yirDvVAv5zp/21CzlM3F8COZ4/6d9qOqTk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=2ilW7WNjraUY/HnEDEKZ/4rPlXyuM8aTkU4t7xgVeTw=; b=miOV7GGbPgGZWpOr7h+ewgT8eMtAzgwu4Zv1RGkH9q9BpfZxQmOG6tocIji06fMR9I wnbtvixRZfNDBt3fXR1LX6div9BR2LuvI9CGyqVZ89NVtbp7An9/zyLTuz7Y1T0KlbHy 3/cPuE9rmp7Sm3BmqUbidopG+h+jlE0WzLTMkslxnUD9E11n937Mp30xw9n1Tl+itsS6 EkR43aVI8gsaI6T8awHuyyVF22ICUs6hzIhoP+C+sOQ35tOJCCHDhmgey9aURon49+GZ wDiU1yVGclYxu/ykEOOZnyClas7KHr0rjwsF+QUKudNxnMSrBs1pKVTP407fJNk9ze5b 0oow== X-Gm-Message-State: AKGB3mIbfYS0FuPQ3P0+tvCITmUttlXR826njQc47IxOSI5eWFg8LNl0 iViGTuu09CF9fMvQ9+dJmOPgOw== X-Received: by 10.28.91.142 with SMTP id p136mr14207945wmb.55.1515586312352; Wed, 10 Jan 2018 04:11:52 -0800 (PST) Received: from localhost.localdomain ([154.144.231.40]) by smtp.gmail.com with ESMTPSA id l72sm1261615wmi.4.2018.01.10.04.11.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 Jan 2018 04:11:51 -0800 (PST) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org, linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, will.deacon@arm.com, catalin.marinas@arm.com, marc.zyngier@arm.com, mark.rutland@arm.com, dann.frazier@canonical.com, steve.capper@linaro.org, Ard Biesheuvel Subject: [PATCH 1/7] arm64: kernel: avoid executable literal pools Date: Wed, 10 Jan 2018 12:11:36 +0000 Message-Id: <20180110121142.18291-2-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180110121142.18291-1-ard.biesheuvel@linaro.org> References: <20180110121142.18291-1-ard.biesheuvel@linaro.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Recent versions of GCC will emit literals into a separate .rodata section rather than interspersed with the instruction stream. We disabled this in commit 67dfa1751ce71 ("arm64: errata: Add -mpc-relative-literal-loads to build flags"), because it uses adrp/add pairs to reference these literals even when building with -mcmodel=large, which breaks module loading when we have the mitigation for Cortex-A53 erratum #843419 enabled. However, due to the recent discoveries regarding speculative execution, we should avoid putting data into executable sections, to prevent creating speculative gadgets inadvertently. So set -mpc-relative-literal-loads only for modules, and only if the A53 erratum is enabled. Signed-off-by: Ard Biesheuvel --- arch/arm64/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- 2.11.0 diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile index b481b4a7c011..bd7cb205e28a 100644 --- a/arch/arm64/Makefile +++ b/arch/arm64/Makefile @@ -26,7 +26,8 @@ ifeq ($(CONFIG_ARM64_ERRATUM_843419),y) ifeq ($(call ld-option, --fix-cortex-a53-843419),) $(warning ld does not support --fix-cortex-a53-843419; kernel may be susceptible to erratum) else -LDFLAGS_vmlinux += --fix-cortex-a53-843419 +LDFLAGS_vmlinux += --fix-cortex-a53-843419 +KBUILD_CFLAGS_MODULE += $(call cc-option, -mpc-relative-literal-loads) endif endif @@ -51,7 +52,6 @@ endif KBUILD_CFLAGS += -mgeneral-regs-only $(lseinstr) $(brokengasinst) KBUILD_CFLAGS += -fno-asynchronous-unwind-tables -KBUILD_CFLAGS += $(call cc-option, -mpc-relative-literal-loads) KBUILD_AFLAGS += $(lseinstr) $(brokengasinst) KBUILD_CFLAGS += $(call cc-option,-mabi=lp64)