From patchwork Thu Aug 1 08:16:07 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Viresh Kumar X-Patchwork-Id: 170357 Delivered-To: patch@linaro.org Received: by 2002:a92:512:0:0:0:0:0 with SMTP id q18csp5088473ile; Thu, 1 Aug 2019 01:22:48 -0700 (PDT) X-Google-Smtp-Source: APXvYqyIKi5T3P7NYfOIiF6vssxCn/q73KadiWLdM5DPKxymQWdIoHFyNX5tT9hjey5QjT2sHrCa X-Received: by 2002:a62:7a8a:: with SMTP id v132mr51781463pfc.103.1564647637721; Thu, 01 Aug 2019 01:20:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564647637; cv=none; d=google.com; s=arc-20160816; b=XKuAWXDeYwBFwgxemK+lyJZNLqbYGG6EpgbgGDVgp9pZ5gyJB7fgR2tVoHTzLFbH+M OR4+biwqg7CoJfK6IXGrHxoavO3GBqVktgEwhPmVatiJbpkfc5pyUPa/wxM8Nn+1SZ9T HCd3d5ElQklogKWvKGxNnFxqM6MJHmnfm/LCodKSsuH1HscL4+ot+thr/0CLb6PFzibj r+2G5Jx5zFOzXFobUcfVynaGmoYHd09DGKoy45Kx73292uGawUN8yVfbmNusx5hNbxqJ 1c3hhrY6xdhLm6Q4Hh8bnnLVHO7z90nxMZYJfvj0TAezJ+FpaRyRIqT4P1FWBlNPPIZl ooJA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=uRyk3zcBxn+kArv7clzkKBJGfRbp0pIX9juxiKGvE2U=; b=lcn3UVQLujbtC1Memf9eiSlIfHwMbRmBLge2oAp43xrHi2B0rLpXw3V3LObRSTaNaq 4KgE2zb6kf0hc2a+gRM6T9LuTOQed7Zf4DFGhSPG355hKNr5Kz4KrCnoH0vLi4bzmFS2 QA74IvgGiPokPOq28/wQHYnr5WnNsbpdP1hWrAwIN0Nw+o1pEIDT+FDbk2S0Xv7Phabd 4QzA7gnr5IyVzHZQC1jY1xA5M2u8aOvBufyNbM0FNVLnruRovGyHHGW2IM6Sf/AP7wdJ nJEc0XuEiKxcFCXcz8VvqPUPD+4W6jofiz8bzJtySLq25fOZf1W+34hreNKl3aIqGSit iylg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="b2McCC/W"; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f10si37407577pfq.194.2019.08.01.01.20.37; Thu, 01 Aug 2019 01:20:37 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="b2McCC/W"; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730473AbfHAIUh (ORCPT + 14 others); Thu, 1 Aug 2019 04:20:37 -0400 Received: from mail-pg1-f193.google.com ([209.85.215.193]:44304 "EHLO mail-pg1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731089AbfHAIUg (ORCPT ); Thu, 1 Aug 2019 04:20:36 -0400 Received: by mail-pg1-f193.google.com with SMTP id i18so33734644pgl.11 for ; Thu, 01 Aug 2019 01:20:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=uRyk3zcBxn+kArv7clzkKBJGfRbp0pIX9juxiKGvE2U=; b=b2McCC/WCcGBPzkhtxUUkoJMeMcdJguyRODCBJ0WTu/VoS9DEEque4sOadkrF9Nbft lPCrVhWn8e8vlLv2WWnVQZJRuv3ttph1yCzYhXrPNBvES/oMHX2J1WpCdT1oG9MQMP+D Jt/0F9x460JOvtbf5koGqj6pES0Ec3SdobEldPLHFvYJvGZET5aHonfh2gMfP5ZT/VLg EJFEuXzxVGFfmlErLRbS0l/WPAPQuTGoCIH/i0Z5vanbDpw4ZjXJQREgsoYvtVVpVzbM eVc3rMqWzX0hfKrrk3QsXMlXzD6NdG5EZbR19l0oj43J9RBgyjDLk2+iB6/q7m5FMEvc 9xtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=uRyk3zcBxn+kArv7clzkKBJGfRbp0pIX9juxiKGvE2U=; b=kLqfenlKphL3DUeNjCNhHJpGoIWUWeHu7Y9AP55oX9DtMlBlu7o8APazRjQTUFnhqT M3mVA9w57Lz+ATvSnna+YvInIdB26/5V6pHjqr/6LHxjVUI1qL5vGTymh0qsve5wJlYC vDPUcgZGPj07Q3FFRdY4yuwA+71QDJe2vokhSBHq5zwYGnHE/eoI9MGk6fx1PW7MKfWX NHbbjk98MyQLcEVhjSd/QWtc3me2j2Ofy5VmkQnztAibwlM0nT96SQVJ9cxuiDr0ZUFi sCM8/AD1C2x5ONqNnxB88+R47eUOzKX15cNTWtTPRGLY9IBuff8Vti2VCSUOfdD8zwqL 6O4g== X-Gm-Message-State: APjAAAXLQE0BSYlAebtzTn0FmV66OLAehKGXuww5XdXw/fy3vmynXzNx ZTWg0C6Zb3Q5q7rgV2JDqoR7uFL9Y+8= X-Received: by 2002:aa7:9dcd:: with SMTP id g13mr53047380pfq.204.1564647635649; Thu, 01 Aug 2019 01:20:35 -0700 (PDT) Received: from localhost ([122.172.28.117]) by smtp.gmail.com with ESMTPSA id n17sm74761757pfq.182.2019.08.01.01.20.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 01 Aug 2019 01:20:35 -0700 (PDT) From: Viresh Kumar To: stable@vger.kernel.org Cc: Viresh Kumar , Julien Thierry , linux-arm-kernel@lists.infradead.org, Catalin Marinas , Marc Zyngier , Mark Rutland , Will Deacon , Russell King , Vincent Guittot , mark.brown@arm.com, guohanjun@huawei.com Subject: [PATCH ARM32 v4.4 V2 23/47] ARM: vfp: use __copy_from_user() when restoring VFP state Date: Thu, 1 Aug 2019 13:46:07 +0530 Message-Id: <8476fc23988444fda761ae9d99563cea0b21c191.1564646727.git.viresh.kumar@linaro.org> X-Mailer: git-send-email 2.21.0.rc0.269.g1a574e7a288b In-Reply-To: References: MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Russell King Commit 42019fc50dfadb219f9e6ddf4c354f3837057d80 upstream. __get_user_error() is used as a fast accessor to make copying structure members in the signal handling path as efficient as possible. However, with software PAN and the recent Spectre variant 1, the efficiency is reduced as these are no longer fast accessors. In the case of software PAN, it has to switch the domain register around each access, and with Spectre variant 1, it would have to repeat the access_ok() check for each access. Use __copy_from_user() rather than __get_user_err() for individual members when restoring VFP state. Acked-by: Mark Rutland Signed-off-by: Russell King Signed-off-by: David A. Long Signed-off-by: Viresh Kumar --- arch/arm/include/asm/thread_info.h | 4 ++-- arch/arm/kernel/signal.c | 18 ++++++++---------- arch/arm/vfp/vfpmodule.c | 17 +++++++---------- 3 files changed, 17 insertions(+), 22 deletions(-) -- 2.21.0.rc0.269.g1a574e7a288b diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h index 776757d1604a..57d2ad9c75ca 100644 --- a/arch/arm/include/asm/thread_info.h +++ b/arch/arm/include/asm/thread_info.h @@ -126,8 +126,8 @@ struct user_vfp_exc; extern int vfp_preserve_user_clear_hwstate(struct user_vfp __user *, struct user_vfp_exc __user *); -extern int vfp_restore_user_hwstate(struct user_vfp __user *, - struct user_vfp_exc __user *); +extern int vfp_restore_user_hwstate(struct user_vfp *, + struct user_vfp_exc *); #endif /* diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c index a592bc0287f8..76f85c38f2b8 100644 --- a/arch/arm/kernel/signal.c +++ b/arch/arm/kernel/signal.c @@ -107,21 +107,19 @@ static int preserve_vfp_context(struct vfp_sigframe __user *frame) return vfp_preserve_user_clear_hwstate(&frame->ufp, &frame->ufp_exc); } -static int restore_vfp_context(struct vfp_sigframe __user *frame) +static int restore_vfp_context(struct vfp_sigframe __user *auxp) { - unsigned long magic; - unsigned long size; - int err = 0; - - __get_user_error(magic, &frame->magic, err); - __get_user_error(size, &frame->size, err); + struct vfp_sigframe frame; + int err; + err = __copy_from_user(&frame, (char __user *) auxp, sizeof(frame)); if (err) - return -EFAULT; - if (magic != VFP_MAGIC || size != VFP_STORAGE_SIZE) + return err; + + if (frame.magic != VFP_MAGIC || frame.size != VFP_STORAGE_SIZE) return -EINVAL; - return vfp_restore_user_hwstate(&frame->ufp, &frame->ufp_exc); + return vfp_restore_user_hwstate(&frame.ufp, &frame.ufp_exc); } #endif diff --git a/arch/arm/vfp/vfpmodule.c b/arch/arm/vfp/vfpmodule.c index 2a61e4b04600..7aa6366b2a8d 100644 --- a/arch/arm/vfp/vfpmodule.c +++ b/arch/arm/vfp/vfpmodule.c @@ -601,13 +601,11 @@ int vfp_preserve_user_clear_hwstate(struct user_vfp __user *ufp, } /* Sanitise and restore the current VFP state from the provided structures. */ -int vfp_restore_user_hwstate(struct user_vfp __user *ufp, - struct user_vfp_exc __user *ufp_exc) +int vfp_restore_user_hwstate(struct user_vfp *ufp, struct user_vfp_exc *ufp_exc) { struct thread_info *thread = current_thread_info(); struct vfp_hard_struct *hwstate = &thread->vfpstate.hard; unsigned long fpexc; - int err = 0; /* Disable VFP to avoid corrupting the new thread state. */ vfp_flush_hwstate(thread); @@ -616,17 +614,16 @@ int vfp_restore_user_hwstate(struct user_vfp __user *ufp, * Copy the floating point registers. There can be unused * registers see asm/hwcap.h for details. */ - err |= __copy_from_user(&hwstate->fpregs, &ufp->fpregs, - sizeof(hwstate->fpregs)); + memcpy(&hwstate->fpregs, &ufp->fpregs, sizeof(hwstate->fpregs)); /* * Copy the status and control register. */ - __get_user_error(hwstate->fpscr, &ufp->fpscr, err); + hwstate->fpscr = ufp->fpscr; /* * Sanitise and restore the exception registers. */ - __get_user_error(fpexc, &ufp_exc->fpexc, err); + fpexc = ufp_exc->fpexc; /* Ensure the VFP is enabled. */ fpexc |= FPEXC_EN; @@ -635,10 +632,10 @@ int vfp_restore_user_hwstate(struct user_vfp __user *ufp, fpexc &= ~(FPEXC_EX | FPEXC_FP2V); hwstate->fpexc = fpexc; - __get_user_error(hwstate->fpinst, &ufp_exc->fpinst, err); - __get_user_error(hwstate->fpinst2, &ufp_exc->fpinst2, err); + hwstate->fpinst = ufp_exc->fpinst; + hwstate->fpinst2 = ufp_exc->fpinst2; - return err ? -EFAULT : 0; + return 0; } /*