From patchwork Thu Mar 1 12:54:04 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alex Shi X-Patchwork-Id: 130205 Delivered-To: patch@linaro.org Received: by 10.80.172.228 with SMTP id x91csp2763414edc; Thu, 1 Mar 2018 04:59:14 -0800 (PST) X-Google-Smtp-Source: AG47ELtedbmf3rICrtGNafOg00jg2fTgp391HvAWzSWJ5hnJWcvE/ZPW6vSti0UeC1sZmZZxJGUy X-Received: by 10.98.35.195 with SMTP id q64mr1831459pfj.161.1519909154278; Thu, 01 Mar 2018 04:59:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519909154; cv=none; d=google.com; s=arc-20160816; b=dqBrUcdBH0RcMa8KGn+Qd5U1AlisidRBPovoRonMUftXT8wAcELVCXCTkO5DQrfPD9 +r8skfoyWuNvQ2999PQ7rMiPnqP0R3rGCXqMEU1JRnpDXB9pZ/HxKOQ6BFZMdt77biBs Pn0SesA4T6dvVN/O4WzhGmQTApu2ewnjz8cgjnP0dpNgY2ajSpYcqAgnBCyD3UtJQor0 4sGQRnJ6IUoVSs6yTLiw5LRJx7ritT7aSHPONb3IN41a7uzFjeSTUNNihsAu4bL511WC ehZofjep9lCg1QnJWeSB/ChjJSiSOFKhg39TqmIbbPAWuHsb5nOgOoiFE1/sNxQr8TR8 q/aA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=o9wt4qxRgviZ/SM2aAeUByaDVo70FE/AaFiMiokIiaM=; b=uq2MRcidl4UTVuiRZ8kF9YKOeJJl9AoeZSzLZO276YMnExq5//zxLTz/2Pxtj+3qcn iGuSVAYinRhV/d7mHKJ2jZUMlWk9YUWklmdJ65vBThCb2fOZQLBiKqAkgoKnxqMBjD4D mc9ptVMUSvIFElWvSVwBkju5Qu3eRIrlwcr/KxUaSCWddW3WENnVFKtbVXyihJzTMn3T I52OVAUXzE6Im1QKZm45B+4h615tXcmAe8kbN5YYHv/6kX+luk7arYX2oEK/GWbjsMGP ZPCkvSMhMHW3MFVrzUxQpW04iIatENt3qIVmwKTTb7Z8RQmoh+Gqucoh2mo1u76yqPMn nrtA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=g3bSVM/I; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r12si2461227pgt.200.2018.03.01.04.59.14; Thu, 01 Mar 2018 04:59:14 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=g3bSVM/I; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1030984AbeCAM7L (ORCPT + 28 others); Thu, 1 Mar 2018 07:59:11 -0500 Received: from mail-pl0-f65.google.com ([209.85.160.65]:43380 "EHLO mail-pl0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1030779AbeCAM7H (ORCPT ); Thu, 1 Mar 2018 07:59:07 -0500 Received: by mail-pl0-f65.google.com with SMTP id f23-v6so3586608plr.10 for ; Thu, 01 Mar 2018 04:59:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=o9wt4qxRgviZ/SM2aAeUByaDVo70FE/AaFiMiokIiaM=; b=g3bSVM/I2Ae2TbP7y3xsFIsoL2bwk7RAYi8r/DuRx7AjqOtNXe+Q6Xd1PH5lyobZL4 Mmx5Am3+envCjO0U75QBoyfZVpFiLmfHRHvLnM0rhcGlPyHIyrSg3lKYvbkMWojhlmoa IoYJWNjH8Z8T5/nDjbnU3kPco/m9bQ9NK8uzg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=o9wt4qxRgviZ/SM2aAeUByaDVo70FE/AaFiMiokIiaM=; b=Z1MS+9Qa84/S5ZgOM8kUmbAWwrX8qVgEOpCYUhV2P5UTrbBI4TLTtC8FxLWtIryriJ /IbfN+t6p7pQXRiddZ4OTQN3tLN+xezE+n3DYwIP4BoRAgLg6WjbWjXPbRqga2wa+hds FD0fTv//ljMFpXwIqajmnM/XBlsQvFcJshSWaUtQnRr3RHPfGIYOmPcL6kCBn+4dAMfm +ZmubG73T0nMKOrCGydKE4A0o+fIQy7C9bGAUCTS6FvnxQ3itOwJkTOJkujLwB6Efz6P 0iPR2vQHWw1PHxeWh+E4CbdAwyZ7FHaCEwRy5oBpa2D1MmMAB5UZNeXQF3nHZDLXcAEE njnA== X-Gm-Message-State: APf1xPB8fYzZca+47jdi9Dbte763tABu+eqSWSbPVDzuGpmlfHRxulRY FO0Gv/+1kpYLX0ULpDsMZaEYZQ== X-Received: by 2002:a17:902:22f:: with SMTP id 44-v6mr1843963plc.418.1519909147140; Thu, 01 Mar 2018 04:59:07 -0800 (PST) Received: from localhost.localdomain (176.122.172.82.16clouds.com. [176.122.172.82]) by smtp.gmail.com with ESMTPSA id x4sm2289655pfb.46.2018.03.01.04.59.00 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 01 Mar 2018 04:59:06 -0800 (PST) From: Alex Shi To: Marc Zyngier , Will Deacon , Ard Biesheuvel , Catalin Marinas , stable@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Cc: Alex Shi Subject: [PATCH 27/45] arm64: entry: Apply BP hardening for suspicious interrupts from EL0 Date: Thu, 1 Mar 2018 20:54:04 +0800 Message-Id: <1519908862-11425-28-git-send-email-alex.shi@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1519908862-11425-1-git-send-email-alex.shi@linaro.org> References: <1519908862-11425-1-git-send-email-alex.shi@linaro.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Will Deacon commit 30d88c0e3ace upstream. It is possible to take an IRQ from EL0 following a branch to a kernel address in such a way that the IRQ is prioritised over the instruction abort. Whilst an attacker would need to get the stars to align here, it might be sufficient with enough calibration so perform BP hardening in the rare case that we see a kernel address in the ELR when handling an IRQ from EL0. Reported-by: Dan Hettena Reviewed-by: Marc Zyngier Signed-off-by: Will Deacon Signed-off-by: Catalin Marinas Signed-off-by: Alex Shi --- arch/arm64/kernel/entry.S | 5 +++++ arch/arm64/mm/fault.c | 6 ++++++ 2 files changed, 11 insertions(+) -- 2.7.4 diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index d50c2fe..e26a114 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -646,6 +646,11 @@ el0_irq_naked: #endif ct_user_exit +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + tbz x22, #55, 1f + bl do_el0_irq_bp_hardening +1: +#endif irq_handler #ifdef CONFIG_TRACE_IRQFLAGS diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c index 6120a14..ad49ae8 100644 --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -590,6 +590,12 @@ asmlinkage void __exception do_mem_abort(unsigned long addr, unsigned int esr, arm64_notify_die("", regs, &info, esr); } +asmlinkage void __exception do_el0_irq_bp_hardening(void) +{ + /* PC has already been checked in entry.S */ + arm64_apply_bp_hardening(); +} + asmlinkage void __exception do_el0_ia_bp_hardening(unsigned long addr, unsigned int esr, struct pt_regs *regs)