From patchwork Wed Oct 31 13:57:09 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: David Long <dave.long@linaro.org>
X-Patchwork-Id: 149814
Delivered-To: patches@linaro.org
Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp6826757ljp;
 Wed, 31 Oct 2018 06:57:42 -0700 (PDT)
X-Received: by 2002:a1f:710:: with SMTP id 16mr1373586vkh.42.1540994262375; 
 Wed, 31 Oct 2018 06:57:42 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1540994262; cv=none;
 d=google.com; s=arc-20160816;
 b=V2uzZ3dmuNot51jKtcPFRFfPP5yqbCqYK6oEbdWzf+Q8YkErZhre8elF+2QBioMHeZ
 gvfGyAcVosmM0Fw9jcbCXWyTLCcnv+EQQA+1Wn1fuKBnH3NnXrqDI6WubL60xB7QtnHJ
 4eJ0S6B2SRxirbUbOgzub/mJ5Plel52IXR7H/bpfaqlfeQvAGq9LM/yKjOHucE01s3Uk
 bwzMY3iYXndbN0Qd0IPlWazP+OHYE4DTBEJMb0hR/X6RNIjwcMbv9empL8/D7ziLQzi+
 0J9VIAahzOpzc7H5q7Uk2rQ1lgr7KrPPYLKB+r53o+nMLSlpHdd+W3OH6wHMsiE2vGNz
 msow==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=references:in-reply-to:message-id:date:subject:cc:to:from
 :dkim-signature;
 bh=WU9LGXkuIzC4CcOmIihXYGuiNacUrn4d35aRch3bjb8=;
 b=VCPGWqkDl9sIIaoAmQSBpPaKESGTdomzQJunlo5hC9FUfPYKAFTAkZKf6O/bMQjlLu
 luWjhDDpph8XfpEqLB44pCdQZ7QPPgVl3jqrYA7Sc3PKwqZFE87WYbXAd7mtaKFt4YC7
 TIzGTnXGi/xLnz1fs3ev02Bqpa6DJ/4Vy6jaOUOizXToNm7fLEP++zQo6TAy+lAIPWQu
 9vu5+kyYemIXKQSsF+2mjYpKEHYQe/iDcfoWiMoj+n96CL5yVRrbstQbGaT9B/kMhI+7
 0A7VznfnbcEPF9VJMDi88wOTD2P9VZpZPUxA6RfqjaqgUEtpw6BGsw3mqydvSZcfJIww
 dp9Q==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=aaeBm1hi;
 spf=pass (google.com: domain of dave.long@linaro.org designates
 209.85.220.65 as permitted sender)
 smtp.mailfrom=dave.long@linaro.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <dave.long@linaro.org>
Received: from mail-sor-f65.google.com (mail-sor-f65.google.com.
 [209.85.220.65]) by mx.google.com with SMTPS id
 f10sor4535625uad.56.2018.10.31.06.57.42 for <patches@linaro.org>
 (Google Transport Security); Wed, 31 Oct 2018 06:57:42 -0700 (PDT)
Received-SPF: pass (google.com: domain of dave.long@linaro.org designates
 209.85.220.65 as permitted sender) client-ip=209.85.220.65; 
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=aaeBm1hi;
 spf=pass (google.com: domain of dave.long@linaro.org designates
 209.85.220.65 as permitted sender)
 smtp.mailfrom=dave.long@linaro.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=WU9LGXkuIzC4CcOmIihXYGuiNacUrn4d35aRch3bjb8=;
 b=aaeBm1hifdo58e8AsXGlAPXtQvSHBx5jLxH6qbm+ou7SimbQ1Vktqo7gQzXVotw5QR
 SEXA2Btk8BgIcRWznYDqGyjMAdyEkBuPlLeViWgSownueY7OnUV9J7srhOBaR0j4aFyP
 ASLtChQpCFWFCPZGN1mPMKIbezKO43Ww0B9gg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=WU9LGXkuIzC4CcOmIihXYGuiNacUrn4d35aRch3bjb8=;
 b=WUjPJzZyAKzMm4uLY9fyOYt2wLoVf2ESPgWokqODmtjkz3AKrHr7En3CfXkqE3yxTE
 JP7JtiUZ49uYa4VCcONC6G/3avaa6Ayx1JXUoJAoDwMOfJAdUZnlwfMAoqHf4wcqUcR9
 i2/bkdcF7fFlwmeb/I9lgu9MPb+MGsr4SRAKfMGN3zli5KIrftjH5n4ZLefoONKGpEjU
 AmeOy/hmCCFhbYlElrlg2jkobLlxec3PQQfPetOuYze03hOrgnsDVrKZYl7lsfFmUHA7
 ZxKubPzVJxUjBKa6ugzIQmaYXVPrSp+3w/rh/w5eKTweVTvpKDWotx1wvtACQMZ+D6mm
 zMig==
X-Gm-Message-State: AGRZ1gKL18uWSLahKkrmU2l5HtI+vs/Jk+GDsHA052bxhuwVWMdvBY/i
 flIifr9KU85grbbYJpqdHVkrh1nbaqO01g==
X-Google-Smtp-Source: AJdET5eg3rWGrJ6SituV67itgE5rafkKInVOdyxw0jdBiF38SOglknYtqk6nzEVJtrAGd9G64Ctqew==
X-Received: by 2002:a9f:35a2:: with SMTP id t31mr1343015uad.98.1540994261730; 
 Wed, 31 Oct 2018 06:57:41 -0700 (PDT)
Return-Path: <dave.long@linaro.org>
Received: from dave-Dell-System-XPS-L502X.hsd1.nh.comcast.net
 ([2603:3005:3403:7100:2c71:8680:34e1:a6aa])
 by smtp.googlemail.com with ESMTPSA id
 s85-v6sm2275624vse.29.2018.10.31.06.57.40
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Wed, 31 Oct 2018 06:57:41 -0700 (PDT)
From: David Long <dave.long@linaro.org>
To: stable@vger.kernel.org, Russell King - ARM Linux <linux@armlinux.org.uk>, 
 Florian Fainelli <f.fainelli@gmail.com>,
 Tony Lindgren <tony@atomide.com>, Marc Zyngier <marc.zyngier@arm.com>,
 Mark Rutland <mark.rutland@arm.com>
Cc: Greg KH <gregkh@linuxfoundation.org>,
	Mark Brown <broonie@kernel.org>
Subject: [PATCH 4.9 20/24] ARM: vfp: use __copy_from_user() when restoring
 VFP state
Date: Wed, 31 Oct 2018 09:57:09 -0400
Message-Id: <20181031135713.2873-21-dave.long@linaro.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20181031135713.2873-1-dave.long@linaro.org>
References: <20181031135713.2873-1-dave.long@linaro.org>

From: Russell King <rmk+kernel@armlinux.org.uk>

Commit 42019fc50dfadb219f9e6ddf4c354f3837057d80 upstream.

__get_user_error() is used as a fast accessor to make copying structure
members in the signal handling path as efficient as possible.  However,
with software PAN and the recent Spectre variant 1, the efficiency is
reduced as these are no longer fast accessors.

In the case of software PAN, it has to switch the domain register around
each access, and with Spectre variant 1, it would have to repeat the
access_ok() check for each access.

Use __copy_from_user() rather than __get_user_err() for individual
members when restoring VFP state.

Acked-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: David A. Long <dave.long@linaro.org>
---
 arch/arm/include/asm/thread_info.h |  4 ++--
 arch/arm/kernel/signal.c           | 17 ++++++++---------
 arch/arm/vfp/vfpmodule.c           | 17 +++++++----------
 3 files changed, 17 insertions(+), 21 deletions(-)

-- 
2.17.1

diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h
index 776757d1604a..57d2ad9c75ca 100644
--- a/arch/arm/include/asm/thread_info.h
+++ b/arch/arm/include/asm/thread_info.h
@@ -126,8 +126,8 @@ struct user_vfp_exc;
 
 extern int vfp_preserve_user_clear_hwstate(struct user_vfp __user *,
 					   struct user_vfp_exc __user *);
-extern int vfp_restore_user_hwstate(struct user_vfp __user *,
-				    struct user_vfp_exc __user *);
+extern int vfp_restore_user_hwstate(struct user_vfp *,
+				    struct user_vfp_exc *);
 #endif
 
 /*
diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c
index a592bc0287f8..6bee5c9b1133 100644
--- a/arch/arm/kernel/signal.c
+++ b/arch/arm/kernel/signal.c
@@ -107,21 +107,20 @@ static int preserve_vfp_context(struct vfp_sigframe __user *frame)
 	return vfp_preserve_user_clear_hwstate(&frame->ufp, &frame->ufp_exc);
 }
 
-static int restore_vfp_context(struct vfp_sigframe __user *frame)
+static int restore_vfp_context(struct vfp_sigframe __user *auxp)
 {
-	unsigned long magic;
-	unsigned long size;
-	int err = 0;
+	struct vfp_sigframe frame;
+	int err;
 
-	__get_user_error(magic, &frame->magic, err);
-	__get_user_error(size, &frame->size, err);
+	err = __copy_from_user(&frame, (char __user *) auxp, sizeof(frame));
 
 	if (err)
-		return -EFAULT;
-	if (magic != VFP_MAGIC || size != VFP_STORAGE_SIZE)
+		return err;
+
+	if (frame.magic != VFP_MAGIC || frame.size != VFP_STORAGE_SIZE)
 		return -EINVAL;
 
-	return vfp_restore_user_hwstate(&frame->ufp, &frame->ufp_exc);
+	return vfp_restore_user_hwstate(&frame.ufp, &frame.ufp_exc);
 }
 
 #endif
diff --git a/arch/arm/vfp/vfpmodule.c b/arch/arm/vfp/vfpmodule.c
index 5629d7580973..8e5e97989fda 100644
--- a/arch/arm/vfp/vfpmodule.c
+++ b/arch/arm/vfp/vfpmodule.c
@@ -597,13 +597,11 @@ int vfp_preserve_user_clear_hwstate(struct user_vfp __user *ufp,
 }
 
 /* Sanitise and restore the current VFP state from the provided structures. */
-int vfp_restore_user_hwstate(struct user_vfp __user *ufp,
-			     struct user_vfp_exc __user *ufp_exc)
+int vfp_restore_user_hwstate(struct user_vfp *ufp, struct user_vfp_exc *ufp_exc)
 {
 	struct thread_info *thread = current_thread_info();
 	struct vfp_hard_struct *hwstate = &thread->vfpstate.hard;
 	unsigned long fpexc;
-	int err = 0;
 
 	/* Disable VFP to avoid corrupting the new thread state. */
 	vfp_flush_hwstate(thread);
@@ -612,17 +610,16 @@ int vfp_restore_user_hwstate(struct user_vfp __user *ufp,
 	 * Copy the floating point registers. There can be unused
 	 * registers see asm/hwcap.h for details.
 	 */
-	err |= __copy_from_user(&hwstate->fpregs, &ufp->fpregs,
-				sizeof(hwstate->fpregs));
+	memcpy(&hwstate->fpregs, &ufp->fpregs, sizeof(hwstate->fpregs));
 	/*
 	 * Copy the status and control register.
 	 */
-	__get_user_error(hwstate->fpscr, &ufp->fpscr, err);
+	hwstate->fpscr = ufp->fpscr;
 
 	/*
 	 * Sanitise and restore the exception registers.
 	 */
-	__get_user_error(fpexc, &ufp_exc->fpexc, err);
+	fpexc = ufp_exc->fpexc;
 
 	/* Ensure the VFP is enabled. */
 	fpexc |= FPEXC_EN;
@@ -631,10 +628,10 @@ int vfp_restore_user_hwstate(struct user_vfp __user *ufp,
 	fpexc &= ~(FPEXC_EX | FPEXC_FP2V);
 	hwstate->fpexc = fpexc;
 
-	__get_user_error(hwstate->fpinst, &ufp_exc->fpinst, err);
-	__get_user_error(hwstate->fpinst2, &ufp_exc->fpinst2, err);
+	hwstate->fpinst = ufp_exc->fpinst;
+	hwstate->fpinst2 = ufp_exc->fpinst2;
 
-	return err ? -EFAULT : 0;
+	return 0;
 }
 
 /*