From patchwork Wed Oct 31 13:56:50 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 149795 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp6826301ljp; Wed, 31 Oct 2018 06:57:18 -0700 (PDT) X-Received: by 2002:a67:4b0e:: with SMTP id y14mr1305990vsa.50.1540994238435; Wed, 31 Oct 2018 06:57:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540994238; cv=none; d=google.com; s=arc-20160816; b=N2eBOuZshpzVVe2PH/UAoA76oCKCl+X9xcbBv53NLGodZSvMRG2i0YuwSYI489AwCE mny9Jfwr7qtmbgxHWvgKwpgtrlrQj74NyStLIDKQmMR8RUNSU7sesgW6Y0p0/TWex7aj oeOOz740G21oDjV4Oc8HUd16rKcOTWv2wcKW8ltYVyr5XvSUX2doAII/fMmmYdvqu/iX ei6M2PxnkZMYRNE+RuweCqgL6U+VxLofg1VWZNJKuui/tcYCe8Y69KR/MNp9SeToW6Nz /HjpSFLDyQlNjUkiJxtuh5+z/k1l+VOyZt4BivZTUbD/b8SkhVfJUMaGgjpZq5LmsE8v Zb9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=SQmyI7TiWhvb08q44NqoQ/xFfIg/6qv0/meU+NTEmBk=; b=tp3u/KbKIIdFqQZs4GjVYyCODJCResDCIOR0VeseqtaUHggp2KWAA02f7+FbO1h1TS slW9nTidsByaLlGKxYDFW/vml1t83tcxfLwPmPnyfHVnDoGyUvh//QwClEUYgiS1JWuL dPSxW9wYIgBd/ub0+X1/DDnm80UKePqvg7l5cZ6qFYy8VmJcT3mnDKY0TuQkBxBuLit8 y+qfP1j2NP4uUyVeqM1KB+VDfvjbFtY6AAnAPgrFi8svydX9shMDNWXFj/fmPUzN/1HF /Jqyxlr/eTSOnetrm1GDWYAr6GI4pKjRUbZP493e7MxLMVrpPQMTp+mdPdHBnmt3L1Di CH5g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=LIpaFbWZ; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id x6sor14451366uao.54.2018.10.31.06.57.18 for (Google Transport Security); Wed, 31 Oct 2018 06:57:18 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=LIpaFbWZ; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=SQmyI7TiWhvb08q44NqoQ/xFfIg/6qv0/meU+NTEmBk=; b=LIpaFbWZtRCikxs2QB5SoeQI4GYLR4a2aAXp/xPye9zRw+wz7SIAEpgZH7K/Dd/Lix Q4RMyTuzU8aHcwPI4qHy509huF4oU7qsaNs6YSl0IeyDUEggJVYM56ruZ3cwCuoY77TT /8jfC6zjGIseTbu+pDlGnHOgNTp9XIhfO9cLU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=SQmyI7TiWhvb08q44NqoQ/xFfIg/6qv0/meU+NTEmBk=; b=IGcmYpxZfzWYmT66H8AkL6IyBy8+GaUzsJkPmFD8Xvera5OvA7SjbTa4PPb65gP7tZ Bi32gYyZOprCD3WfT7mp67qRNzWJigw9R78ZiweNRDebqDbzonQnUegZbwIJ0s42jnHK lSxKC+7AC5grU/AX8+nc/ib5vRoKuZ8Gogt6XrfEq0OqgOP/0+zt11gd+xuuOqigkMwG ft3jiRytGb/7nXAQOXzMVSobdGuZeHj1fvJHsP0CoUFXZTvhtsL/DOGhpwXsJI/Et8Ea X+NIkasTQr7y5Mm2Ao5fiAN3UU3+LXc/9lfB/2tR+3+LOUd1nOU24/y5ECA8yVpJq5qr 3qnw== X-Gm-Message-State: AGRZ1gIhkaO51rO2k/ISqTaR3DDKF71w6u8MLVR867tMUlplcQ+IFObn gFe4lwlhyZOTGi2Ci58AFFLw/Dafr6M/Bg== X-Google-Smtp-Source: AJdET5fRiQ2l1eSOHU+RIefrDhGd7P8s3dqwuPuPmoA+dEh/OfopTHlG7E5FjVHc09sqfaK9iUg1jw== X-Received: by 2002:ab0:4714:: with SMTP id h20mr1441505uac.122.1540994237982; Wed, 31 Oct 2018 06:57:17 -0700 (PDT) Return-Path: Received: from dave-Dell-System-XPS-L502X.hsd1.nh.comcast.net ([2603:3005:3403:7100:2c71:8680:34e1:a6aa]) by smtp.googlemail.com with ESMTPSA id s85-v6sm2275624vse.29.2018.10.31.06.57.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Oct 2018 06:57:17 -0700 (PDT) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 01/24] ARM: add more CPU part numbers for Cortex and Brahma B15 CPUs Date: Wed, 31 Oct 2018 09:56:50 -0400 Message-Id: <20181031135713.2873-2-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181031135713.2873-1-dave.long@linaro.org> References: <20181031135713.2873-1-dave.long@linaro.org> From: Russell King Commit f5683e76f35b4ec5891031b6a29036efe0a1ff84 upstream. Add CPU part numbers for Cortex A53, A57, A72, A73, A75 and the Broadcom Brahma B15 CPU. Signed-off-by: Russell King Acked-by: Florian Fainelli Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Acked-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/include/asm/cputype.h | 8 ++++++++ 1 file changed, 8 insertions(+) -- 2.17.1 diff --git a/arch/arm/include/asm/cputype.h b/arch/arm/include/asm/cputype.h index b62eaeb147aa..c55db1e22f0c 100644 --- a/arch/arm/include/asm/cputype.h +++ b/arch/arm/include/asm/cputype.h @@ -76,8 +76,16 @@ #define ARM_CPU_PART_CORTEX_A12 0x4100c0d0 #define ARM_CPU_PART_CORTEX_A17 0x4100c0e0 #define ARM_CPU_PART_CORTEX_A15 0x4100c0f0 +#define ARM_CPU_PART_CORTEX_A53 0x4100d030 +#define ARM_CPU_PART_CORTEX_A57 0x4100d070 +#define ARM_CPU_PART_CORTEX_A72 0x4100d080 +#define ARM_CPU_PART_CORTEX_A73 0x4100d090 +#define ARM_CPU_PART_CORTEX_A75 0x4100d0a0 #define ARM_CPU_PART_MASK 0xff00fff0 +/* Broadcom cores */ +#define ARM_CPU_PART_BRAHMA_B15 0x420000f0 + /* DEC implemented cores */ #define ARM_CPU_PART_SA1100 0x4400a110 From patchwork Wed Oct 31 13:56:51 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 149796 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp6826337ljp; Wed, 31 Oct 2018 06:57:20 -0700 (PDT) X-Received: by 2002:ab0:720f:: with SMTP id u15mr1426779uao.114.1540994239996; Wed, 31 Oct 2018 06:57:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540994239; cv=none; d=google.com; s=arc-20160816; b=bKNAH9ITfHbwQWDBoEIroJIPn0R+mL8g780Xzs/UMLNlgAXPxLgOa42c/h/fYY3IWp 7byARwRBzKemIiD3nHsfareZiFrMpIJ6XVkNDsuDm7akwSvqUtIJfDgbXyPO+s3TjqTD ItuxoZKOdcbZ6x4aBEfmAdWqUn1dKpdMIKbNB+zYXxijIxGhGnLz5dmi2HtoTz0p9703 /DUXGiKPt4hKvNiYfyw3+FqhLNiYZHowJl9FRbVSBCWPQq0yx6dY8yesR50Zo6osHZCf LyNzhP5pdDaKYONuWstq9KtUCY23/FBrAuExtfCUN/49GvxI2DEyYYPO2InuRZorqCCY G97A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=jTY39Ayx8ZqMRKw0D+5Pum5t44ym6U+TNMWXzWRPFX4=; b=Q2bUQBIejDOjW7rFi087bziFBqIKD0jirxPpZVkCsGIlbWBqcLiA6jG19dUv9nOXbp ASeUQcTHvHmKU9bXenMm9DNNl5c9XVox4wXOqyHJ8Z5D95Z8VUGicU9kV8wrfjTBKTyW zBnDhVpcbWk3s0BuI7ldOgAKaMqjk65lO+mlaNGRcqeuj8QpbAMKUTZdWZc23qTQzXfi Y/CBVkXA63CgIVA7ry+SBzO/0MLMCZv9FMMp2j5+K0XO0kFyBvyCO3Igxzs7ouIbms8t Gf/N6cTJjrIpEcnPNcywJ1ui/4iofmZrBztcJtHY6AbvOAN6xoQ1UAkAXp3ibVlF0zsI Xe1g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=gJxE+z5V; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id q62sor7792887vsf.102.2018.10.31.06.57.19 for (Google Transport Security); Wed, 31 Oct 2018 06:57:19 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=gJxE+z5V; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=jTY39Ayx8ZqMRKw0D+5Pum5t44ym6U+TNMWXzWRPFX4=; b=gJxE+z5VBHtykHccOluIowcpBIFsNRWoi5l/u4HrgycqvPiMaEpeJSwwAlBYVK9ATb psSOPrTnIjK3Q/j7qLsKlISX0RG2SCSDqwixC1vF7PagtQc4PBJJBWn5GT4HfHUw26dy bKvjX/srdFefLJxE2j0MU/w6Gyh3zD1w7PW+g= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=jTY39Ayx8ZqMRKw0D+5Pum5t44ym6U+TNMWXzWRPFX4=; b=OidQfxW41Aa2BUEArfglqyIhSQQy80WMF/S6IQIRKzU0tx4yo8TzbWKie/iXodQDVR sc30it1lqK3v71d17RRESZr7EEXMY9YllCtAifzV1XdJB6nqnxs4JoaBh9CNxcaSMccQ DMNiLxeCWeNRnPEGhXJP7Ll17RH2IFNrXgtyCUkknCTfKB7ztX/XVBDsHh6wDEaNGfcK pbyLo7Z0XkUVOgvIZ8aR7ukCnXpbi+CIM7FB/8iz8OAe41p86lGDLz8ruyvGF49sQg27 njnEO8Jlp6vBydqqbTcuMTVEbtIjCAAAJpmawQTx3ELTNjG+u6IArz5q+tdQDA06M58X DFAQ== X-Gm-Message-State: AGRZ1gKQktUuGaHRvMNZNILttvbnaD4xIDz6hxHXMceYgYdVGQCkFsLK 17XVR5Ilu2yOshcJRDJqJpYlvzET X-Google-Smtp-Source: AJdET5d5yvwoBn3Jyjuw2MUUmj+fTxwHTfl7kYOZDSy/HNlUIYF5PCfq82rabdM41nup2BsRmvpbJg== X-Received: by 2002:a67:a448:: with SMTP id p8mr1276688vsh.238.1540994239288; Wed, 31 Oct 2018 06:57:19 -0700 (PDT) Return-Path: Received: from dave-Dell-System-XPS-L502X.hsd1.nh.comcast.net ([2603:3005:3403:7100:2c71:8680:34e1:a6aa]) by smtp.googlemail.com with ESMTPSA id s85-v6sm2275624vse.29.2018.10.31.06.57.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Oct 2018 06:57:18 -0700 (PDT) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 02/24] ARM: bugs: prepare processor bug infrastructure Date: Wed, 31 Oct 2018 09:56:51 -0400 Message-Id: <20181031135713.2873-3-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181031135713.2873-1-dave.long@linaro.org> References: <20181031135713.2873-1-dave.long@linaro.org> From: Russell King Commit a5b9177f69329314721aa7022b7e69dab23fa1f0 upstream. Prepare the processor bug infrastructure so that it can be expanded to check for per-processor bugs. Signed-off-by: Russell King Reviewed-by: Florian Fainelli Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Acked-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/include/asm/bugs.h | 4 ++-- arch/arm/kernel/Makefile | 1 + arch/arm/kernel/bugs.c | 9 +++++++++ 3 files changed, 12 insertions(+), 2 deletions(-) create mode 100644 arch/arm/kernel/bugs.c -- 2.17.1 diff --git a/arch/arm/include/asm/bugs.h b/arch/arm/include/asm/bugs.h index a97f1ea708d1..ed122d294f3f 100644 --- a/arch/arm/include/asm/bugs.h +++ b/arch/arm/include/asm/bugs.h @@ -10,10 +10,10 @@ #ifndef __ASM_BUGS_H #define __ASM_BUGS_H -#ifdef CONFIG_MMU extern void check_writebuffer_bugs(void); -#define check_bugs() check_writebuffer_bugs() +#ifdef CONFIG_MMU +extern void check_bugs(void); #else #define check_bugs() do { } while (0) #endif diff --git a/arch/arm/kernel/Makefile b/arch/arm/kernel/Makefile index ad325a8c7e1e..adb9add28b6f 100644 --- a/arch/arm/kernel/Makefile +++ b/arch/arm/kernel/Makefile @@ -30,6 +30,7 @@ else obj-y += entry-armv.o endif +obj-$(CONFIG_MMU) += bugs.o obj-$(CONFIG_CPU_IDLE) += cpuidle.o obj-$(CONFIG_ISA_DMA_API) += dma.o obj-$(CONFIG_FIQ) += fiq.o fiqasm.o diff --git a/arch/arm/kernel/bugs.c b/arch/arm/kernel/bugs.c new file mode 100644 index 000000000000..88024028bb70 --- /dev/null +++ b/arch/arm/kernel/bugs.c @@ -0,0 +1,9 @@ +// SPDX-Identifier: GPL-2.0 +#include +#include +#include + +void __init check_bugs(void) +{ + check_writebuffer_bugs(); +} From patchwork Wed Oct 31 13:56:52 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 149797 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp6826349ljp; Wed, 31 Oct 2018 06:57:21 -0700 (PDT) X-Received: by 2002:a67:6507:: with SMTP id z7mr1173677vsb.135.1540994241150; Wed, 31 Oct 2018 06:57:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540994241; cv=none; d=google.com; s=arc-20160816; b=ZhEsBn31k8qWtnrIs+17YaARVbOyudgxT6rkXEHtBlcqfq4Y8hXCn2IzPN6vrw591D Mzat7q135q27MHBJncvTuxxXkOY9bUI+MrzJkiZCYKFDf5jeMlgSeACfA6+3IDMMKiPH t9ZHClR3c8Tz+gaJT/hQu3dMjZQtWe5Y733E4PCa0qhJlguRdqEnEVP3vu4hwWwwiS98 eUwM0iepPwIoIMfC0iNRh+7ykrSEvKmCVqRfUFkzxyLgBoomP+j4/YP2zXym5/KKa76+ kuBUvzwfbCzO39Bwg4Tp7+dZGNhOzthH//PQpklqSkzdK+004d71wBr2wi6fzTySYoL0 S8UQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=V5xqjqmf9Ei8QgO6vxkYp2SthRErBOksFzLb6U6Ipfg=; b=sBccI9A/n0lBKR8TMyeFz6xWoe0cLonIbPRD/Kwb2yCRJHXEbfSMvbsxht6ZgQxQCG CQLHytaY+LnKM8jsuBapPzl2tQIW6aAd5l298/E1Qxh2TlvnIzX6V2VH635bkyG+jVW1 8siNmDDCjEXIuKNxPBcHRu8asrlRvzl4MwdvuD9+0qNwkbAPBsJWwB6QeL8URXwn0chB Rpvxkq35p6lZevaseQZwdN7ef1zy/HZKT4Ueb86AInFu1/gdCZKG3S5P9SKsBOZY31yq 3tfbkGrcGDafxU4PvJowSPjU+MrrKhEU3EufWcLlY70VcZYR5OOqeiHz494K/YVU8zIR WI0w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=dzeUehjc; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id f134sor16039451vsd.67.2018.10.31.06.57.20 for (Google Transport Security); Wed, 31 Oct 2018 06:57:21 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=dzeUehjc; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=V5xqjqmf9Ei8QgO6vxkYp2SthRErBOksFzLb6U6Ipfg=; b=dzeUehjcG+yj4mj2r8360vnADdkp+ttIEOAqFUqU0j8uOFjk/a0oV01OXw7mT5ywCn hF//qVRpBoeVT0x+M7NaBE/McNCgGowGNsjk9zkqZo/RBbeeirLTBKKtbc2OHTWeirmM LRhgxAnaaJ+BeFWYe8dR4SDVZvhhApxitRpf0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=V5xqjqmf9Ei8QgO6vxkYp2SthRErBOksFzLb6U6Ipfg=; b=PoGQ17G3DQE6pvB3VOCml9NgmV2kRetNfi16cB8YaPi0hgxS5vPYqfhCuOiVt38AkX 7kblu2QN17C/on3a8P+PYSGuW56GsXPL0QTVrgRhZf6jiqTmTxHP/QoW8xbwjgTJGsVj KFmtbBDQIGAfu2SkMyCiiyRa+V2TbSicrv+d4c/BxR7tWZta12yeUP7NJ54smtU+/gtI A96z0JbQ3k0/e2VPVucNfHhQi/9MOc52bEF/zCAbf7bN0v2RxfFMTJY7ZRHokNh5p8aX W1hkVAKCCdvnICWuwall3yj/zC2bXf5v5Epx5DqdcamtRyXRPy8aPTl8b9Iu0ULMYZMO eFiw== X-Gm-Message-State: AGRZ1gLuk74K3BvoYXd6adk+nSDl/VohQjubbyclE+ox4Y2LN5cbpxCB 5+A4RNzP95JZkkuaeKNwOBODUdYo X-Google-Smtp-Source: AJdET5drnJ6JCbv2D7hTGXI99Lh04ASVsf+O9z4o6RmNACwJ0CvhuJo25LqIEaQlXIoHb4w0b1TmbA== X-Received: by 2002:a67:1c45:: with SMTP id c66mr1318819vsc.195.1540994240466; Wed, 31 Oct 2018 06:57:20 -0700 (PDT) Return-Path: Received: from dave-Dell-System-XPS-L502X.hsd1.nh.comcast.net ([2603:3005:3403:7100:2c71:8680:34e1:a6aa]) by smtp.googlemail.com with ESMTPSA id s85-v6sm2275624vse.29.2018.10.31.06.57.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Oct 2018 06:57:19 -0700 (PDT) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 03/24] ARM: bugs: hook processor bug checking into SMP and suspend paths Date: Wed, 31 Oct 2018 09:56:52 -0400 Message-Id: <20181031135713.2873-4-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181031135713.2873-1-dave.long@linaro.org> References: <20181031135713.2873-1-dave.long@linaro.org> From: Russell King Commit 26602161b5ba795928a5a719fe1d5d9f2ab5c3ef upstream. Check for CPU bugs when secondary processors are being brought online, and also when CPUs are resuming from a low power mode. This gives an opportunity to check that processor specific bug workarounds are correctly enabled for all paths that a CPU re-enters the kernel. Signed-off-by: Russell King Reviewed-by: Florian Fainelli Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Acked-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/include/asm/bugs.h | 2 ++ arch/arm/kernel/bugs.c | 5 +++++ arch/arm/kernel/smp.c | 4 ++++ arch/arm/kernel/suspend.c | 2 ++ 4 files changed, 13 insertions(+) -- 2.17.1 diff --git a/arch/arm/include/asm/bugs.h b/arch/arm/include/asm/bugs.h index ed122d294f3f..73a99c72a930 100644 --- a/arch/arm/include/asm/bugs.h +++ b/arch/arm/include/asm/bugs.h @@ -14,8 +14,10 @@ extern void check_writebuffer_bugs(void); #ifdef CONFIG_MMU extern void check_bugs(void); +extern void check_other_bugs(void); #else #define check_bugs() do { } while (0) +#define check_other_bugs() do { } while (0) #endif #endif diff --git a/arch/arm/kernel/bugs.c b/arch/arm/kernel/bugs.c index 88024028bb70..16e7ba2a9cc4 100644 --- a/arch/arm/kernel/bugs.c +++ b/arch/arm/kernel/bugs.c @@ -3,7 +3,12 @@ #include #include +void check_other_bugs(void) +{ +} + void __init check_bugs(void) { check_writebuffer_bugs(); + check_other_bugs(); } diff --git a/arch/arm/kernel/smp.c b/arch/arm/kernel/smp.c index 7dd14e8395e6..d2ce37da87d8 100644 --- a/arch/arm/kernel/smp.c +++ b/arch/arm/kernel/smp.c @@ -29,6 +29,7 @@ #include #include +#include #include #include #include @@ -400,6 +401,9 @@ asmlinkage void secondary_start_kernel(void) * before we continue - which happens after __cpu_up returns. */ set_cpu_online(cpu, true); + + check_other_bugs(); + complete(&cpu_running); local_irq_enable(); diff --git a/arch/arm/kernel/suspend.c b/arch/arm/kernel/suspend.c index 9a2f882a0a2d..134f0d432610 100644 --- a/arch/arm/kernel/suspend.c +++ b/arch/arm/kernel/suspend.c @@ -1,6 +1,7 @@ #include #include +#include #include #include #include @@ -34,6 +35,7 @@ int cpu_suspend(unsigned long arg, int (*fn)(unsigned long)) cpu_switch_mm(mm->pgd, mm); local_flush_bp_all(); local_flush_tlb_all(); + check_other_bugs(); } return ret; From patchwork Wed Oct 31 13:56:53 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 149798 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp6826359ljp; Wed, 31 Oct 2018 06:57:22 -0700 (PDT) X-Received: by 2002:a1f:95d1:: with SMTP id x200-v6mr1271747vkd.33.1540994242248; Wed, 31 Oct 2018 06:57:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540994242; cv=none; d=google.com; s=arc-20160816; b=eSTmNk5rfswsOuPaHqYaH6iEgPjEqGy9Fzu+ssNC9Zve+RZ9ZxRAhjbuujJ/K7mqe3 TnhFHY3xHWZksmtRezwoYN+TeKq9YXjw28UPLkwKklGgCkfAesNKQ/7FSV5tEvzdQ1rU Ctog7sruUPoxgqIJPBswOMTF/BVq5NZAelMDkYvPPEIOn+qlBflTWPQlL1keE+OrIQKf zvcu4poJ+hKFANBU+vbDqsti1CGgtI4YjJoox/Xp94qEVwjdjA7Ak+4ldgwmBbNSChly wa50NmyiDy51/JX+cHjfPZTB3VNzf9eZIqOyIuIWHfwlWY+Qn/tPm17If95BpVakuuB/ T5Uw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=es8Z1MprFzy9vBwnFnUHPP886nyXeKeu6ARHnvEKVLE=; b=ib8CyveXH9e8W8wSkKfQYsLpOqUbghHjQAMzef2Hf3kC3Gi0q3u/B+Zk+lHpzwDbmp TOxHK+godIV3EW90YvB7Vp1eBR02bNLpqe6XVYnebhUV0HGhkJk6NNFq0lL4kDw7EYf2 FdWZyvyZHB8WtsX1jsSchyT3EYZDblMza0lYU7xnVRdugAXpiBZEuobSvgT0RGYX4QLw k2IIWJRZ9qitFhp0fRev20qD6adqyYuSLINWzXiBYsgDu7cdrJ/pGuG2koZrY6oxe+zZ K76UAJR/ftoO8CsEXIUA+U2+ExVH8+eAaC0oBNHK6hqFEXtuYmFaVKPFTKFvjB+ETncb 9kzA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=emKQQ0Mx; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id e18sor12564983uam.14.2018.10.31.06.57.22 for (Google Transport Security); Wed, 31 Oct 2018 06:57:22 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=emKQQ0Mx; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=es8Z1MprFzy9vBwnFnUHPP886nyXeKeu6ARHnvEKVLE=; b=emKQQ0MxvRNsJKs36qW3P6oqUkI1hTBKXnpY+QY/KvdAzRa47YPtmAY/J+RhrAzdlL I2Ly8ZB2rAfK6iqrPsScKuWlOTuPH2O2zNQR5zzs6nVAU1D7p4usDOzM1AdmyHDfHHN9 yA7iIaLuatrSAhRaiP7H2/+BPGjjiEGdFXeF8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=es8Z1MprFzy9vBwnFnUHPP886nyXeKeu6ARHnvEKVLE=; b=KgiPIs1UbRls/FjO9eTCTugB99elCDBRMUAkcDYMc4IsrEdIQf9wHr5i627loApDyJ o2hYlDSUU13cglZLrir0wINUo80CUzXReFpDp7efY7GZGgXKBH3GlN5AI5n1ezM0v2sp 6WepKd6E9IrVv3LXfWo+8sbYt3BDXqwuZD4N4DJD6kktdgtfEtN0kXKzr3yBhu86GKZe I92Pjip4qwPc2AJozISsWsB1tHlXKNF3kgsxJkli9Vs1/hTVNugKcrPILWomat2AoFjD ecdU7picqI1dA0j9jqhPgjHNDXdJXltiYa9PpBUCDNUVq2lyTcJQHwMrnmLjsG324qp4 P3VA== X-Gm-Message-State: AGRZ1gKGb7EmsL7h3g4GW6J3oPMt5uN2TmtSIvpML6uM3Ab+3A5Q0BP/ BFW0IgIo4baeAHSmXoCgj+q23bDX X-Google-Smtp-Source: AJdET5fb6wrm8FTyCggTe8QkHATvDl3wKYgkfBuFOU/UET3fY0BWNxG7246vAkf99Nj1vZMHfdb1RA== X-Received: by 2002:ab0:4ac9:: with SMTP id t9mr1450982uae.74.1540994241768; Wed, 31 Oct 2018 06:57:21 -0700 (PDT) Return-Path: Received: from dave-Dell-System-XPS-L502X.hsd1.nh.comcast.net ([2603:3005:3403:7100:2c71:8680:34e1:a6aa]) by smtp.googlemail.com with ESMTPSA id s85-v6sm2275624vse.29.2018.10.31.06.57.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Oct 2018 06:57:21 -0700 (PDT) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 04/24] ARM: bugs: add support for per-processor bug checking Date: Wed, 31 Oct 2018 09:56:53 -0400 Message-Id: <20181031135713.2873-5-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181031135713.2873-1-dave.long@linaro.org> References: <20181031135713.2873-1-dave.long@linaro.org> From: Russell King Commit 9d3a04925deeabb97c8e26d940b501a2873e8af3 upstream. Add support for per-processor bug checking - each processor function descriptor gains a function pointer for this check, which must not be an __init function. If non-NULL, this will be called whenever a CPU enters the kernel via which ever path (boot CPU, secondary CPU startup, CPU resuming, etc.) This allows processor specific bug checks to validate that workaround bits are properly enabled by firmware via all entry paths to the kernel. Signed-off-by: Russell King Reviewed-by: Florian Fainelli Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Acked-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/include/asm/proc-fns.h | 4 ++++ arch/arm/kernel/bugs.c | 4 ++++ arch/arm/mm/proc-macros.S | 3 ++- 3 files changed, 10 insertions(+), 1 deletion(-) -- 2.17.1 diff --git a/arch/arm/include/asm/proc-fns.h b/arch/arm/include/asm/proc-fns.h index 8877ad5ffe10..f379f5f849a9 100644 --- a/arch/arm/include/asm/proc-fns.h +++ b/arch/arm/include/asm/proc-fns.h @@ -36,6 +36,10 @@ extern struct processor { * Set up any processor specifics */ void (*_proc_init)(void); + /* + * Check for processor bugs + */ + void (*check_bugs)(void); /* * Disable any processor specifics */ diff --git a/arch/arm/kernel/bugs.c b/arch/arm/kernel/bugs.c index 16e7ba2a9cc4..7be511310191 100644 --- a/arch/arm/kernel/bugs.c +++ b/arch/arm/kernel/bugs.c @@ -5,6 +5,10 @@ void check_other_bugs(void) { +#ifdef MULTI_CPU + if (processor.check_bugs) + processor.check_bugs(); +#endif } void __init check_bugs(void) diff --git a/arch/arm/mm/proc-macros.S b/arch/arm/mm/proc-macros.S index 0d40c285bd86..7d9176c4a21d 100644 --- a/arch/arm/mm/proc-macros.S +++ b/arch/arm/mm/proc-macros.S @@ -274,13 +274,14 @@ mcr p15, 0, ip, c7, c10, 4 @ data write barrier .endm -.macro define_processor_functions name:req, dabort:req, pabort:req, nommu=0, suspend=0 +.macro define_processor_functions name:req, dabort:req, pabort:req, nommu=0, suspend=0, bugs=0 .type \name\()_processor_functions, #object .align 2 ENTRY(\name\()_processor_functions) .word \dabort .word \pabort .word cpu_\name\()_proc_init + .word \bugs .word cpu_\name\()_proc_fin .word cpu_\name\()_reset .word cpu_\name\()_do_idle From patchwork Wed Oct 31 13:56:54 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 149799 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp6826380ljp; Wed, 31 Oct 2018 06:57:23 -0700 (PDT) X-Received: by 2002:a67:3f96:: with SMTP id q22mr1331709vsi.1.1540994243540; Wed, 31 Oct 2018 06:57:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540994243; cv=none; d=google.com; s=arc-20160816; b=j7Dcz2lVeR8wRrpxR6uKJRkij2i0w8LOtFRRFPCAU5xhRhJKiUA0x65zMlOLX3AEvJ Ybn+KvjM5024evfEhsWRs+gjeIZYVrbdQL9YCgiOrsV+u02vctANaAKaT6jKQQGzqNde L2/zK6Cr9TBO/7r/qhbL7lbZ1430KS9L/n6u0cHLG+vNN1WJaNxw5O93dQ5GxmxPjZ9A PYOxOPxGGklaTficeJsg7FrGaH488Up+Ac7PwdrpPktRqNHW5gs8AlrNiF7oLrrnfkQ0 p0D1aSiVn2qFcIJFujmBpqtrMWmnoSlYCPF5ny2RF9bskTUe5fc4geexLAKsaDk/WWAy MRnA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=VsTOFUcZ+3bSgWLY/gphMhAUNgvi7bl1zA2jWn9hbr8=; b=QL/PAQbqEi7lKhB5RDi1zz5D8u8K7h05eBJUJeDekAky5JAOhE+g6H4IotMOPgDAy1 5NeOm2E95Un5DxiQYfrUT0I07vmWWGdjs7Ic+j7y51uZwKcQVXPV6JmrfUpyOKa9cCNj nVL8UHvXTWZYTUSSt8abI+OHUk97Q4v+wHX27DaLRde31wf3DVygR6B5QrsYAn13sFof 7BgVSrq5Eb7kG/RVEvkg75tdg1gP1HHseFkZlun98FZU5nluKfzUnD+Xf2gOQBMj82+s AuHle+jQRAwS5/0a2sMlzF58CvDSwSDbUtvuOx43vAmrIiubFPceHd3RGulmiWD9tHTd BTnw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Nl+eWdcz; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id e18sor12565012uam.14.2018.10.31.06.57.23 for (Google Transport Security); Wed, 31 Oct 2018 06:57:23 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Nl+eWdcz; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=VsTOFUcZ+3bSgWLY/gphMhAUNgvi7bl1zA2jWn9hbr8=; b=Nl+eWdcz46bvHs4tiASsglIHRseVQmWw0NxHmeofxVOMqvRjsFXUoPcPqjVXtdJkYY JR4uWuFH9iRLpmTmSYSAGJ36csLbY9ZDif+ai4Ah+S6UUn5js8JH66VDKO9hB1xog6CJ NY2Li3Ef0hTvi68RofiV+mRHl2Ly/UMHNkt9o= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=VsTOFUcZ+3bSgWLY/gphMhAUNgvi7bl1zA2jWn9hbr8=; b=jBZ4yGLLPNL2540uY84p0oCfy9fePVDhDbk4jfSzgwPN7XX6lt9uQALyCrufb/xoL1 LiOM/DIfiZJcD6F/Q5nq8iKEfXlNMp3PchlEJklrESty5AEKQN3UQuW+4YVjDxfnKPL0 AcUEw/p/8+PxhLY8L3IX8CGjrGHkMh+MW00JFatzFDhb5FxGHugmFcDmZpPOd6RQMeKP GUAwS9/Zg2Uuk1hsJRrqNVDSBJ/H7n3XDJX7jMXuQ+bQ7nmxjdz81DlQZNiziE4wXiMh e62l9fLT6hrA7S22CweIuHVfIN/MEbvIEFKkDE4dFZrbuIGtiIk650vuMHxIQxKyPKHX Dn4w== X-Gm-Message-State: AGRZ1gLDnowGIHesYjacWFHNOYHaDJDZp/gU+SQ3TtZq+l7Y1FtLAvcK ZHlJd/vIohPJx2RUu3WeRPZ0kyYJ X-Google-Smtp-Source: AJdET5e/AZqZJDnz9ApzeiJQvJc4cKAW1X3XU//tL2rq+gIzNK6EXTmNV7e9pYy1lnJw/+iHbQujiQ== X-Received: by 2002:ab0:481:: with SMTP id 1mr1363203uaw.59.1540994243074; Wed, 31 Oct 2018 06:57:23 -0700 (PDT) Return-Path: Received: from dave-Dell-System-XPS-L502X.hsd1.nh.comcast.net ([2603:3005:3403:7100:2c71:8680:34e1:a6aa]) by smtp.googlemail.com with ESMTPSA id s85-v6sm2275624vse.29.2018.10.31.06.57.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Oct 2018 06:57:22 -0700 (PDT) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 05/24] ARM: spectre: add Kconfig symbol for CPUs vulnerable to Spectre Date: Wed, 31 Oct 2018 09:56:54 -0400 Message-Id: <20181031135713.2873-6-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181031135713.2873-1-dave.long@linaro.org> References: <20181031135713.2873-1-dave.long@linaro.org> From: Russell King Commit c58d237d0852a57fde9bc2c310972e8f4e3d155d upstream. Add a Kconfig symbol for CPUs which are vulnerable to the Spectre attacks. Signed-off-by: Russell King Reviewed-by: Florian Fainelli Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Acked-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/mm/Kconfig | 4 ++++ 1 file changed, 4 insertions(+) -- 2.17.1 diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig index c1799dd1d0d9..d37af5e63411 100644 --- a/arch/arm/mm/Kconfig +++ b/arch/arm/mm/Kconfig @@ -396,6 +396,7 @@ config CPU_V7 select CPU_CP15_MPU if !MMU select CPU_HAS_ASID if MMU select CPU_PABRT_V7 + select CPU_SPECTRE if MMU select CPU_TLB_V7 if MMU # ARMv7M @@ -800,6 +801,9 @@ config CPU_BPREDICT_DISABLE help Say Y here to disable branch prediction. If unsure, say N. +config CPU_SPECTRE + bool + config TLS_REG_EMUL bool select NEED_KUSER_HELPERS From patchwork Wed Oct 31 13:56:55 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 149800 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp6826412ljp; Wed, 31 Oct 2018 06:57:25 -0700 (PDT) X-Received: by 2002:ab0:1531:: with SMTP id o46mr1336571uae.29.1540994244977; Wed, 31 Oct 2018 06:57:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540994244; cv=none; d=google.com; s=arc-20160816; b=JXuhxNM1KRTy9vF7XYzUM8XphXztrlggXtIWaw7Ss6ecnT4tjoFueuPoFdby8KfHmL dGsYsw7Bb/yFGiWjA5vcs7KHFzJz+vnu0zDMWD8EbBayIS92pDPsAel0n7pHp92o0SQZ p/4jcSOaSiLCj5gIm43Rpe3xk933FIr9zmPZBMw8ifTFPSNRD4TIFYFrjzAPQomi/cja 89L/eZsgsicYNkOLZ7CxQOVuBz6HRxjByzV28hGPkUUoM4bTMpOpbMwNE6E/lsbQhO0t QAjMEGpI/LS55AHU7Lrp/z4IVTnAPIq7ZMj0SMry5IM2EsGBhwbkhbhTuyfg4b7Jhyzk rCrw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=CTrT0sCDLnYXV7f1UFj6oazint08Xg4/jJFEFxTtjTY=; b=QFAEMypY/Fbg3vpJK4d6EU0slvwUB9GvfoR9yL+WWk3locnqf/GJ9Gvmul1I/z9yhw FKlhGCbe3u/04CI5utzMHo076xkGrXPuuC0W3K3hJ/TaGQOBfEUJA6goPeUJ5+1rKOnI bsr1YqCsQbTl8Tuqr0t63DMNCIYUSkp1HlSmzS6zNAzO410VaWBncZJsv82Qu8zuqNbJ 2ocDx8xzJJub6vkirEq1nasGFYbF1C8lC5gla5i1nDRiu/yjKjSAOo3uHpBcRR3i1JVY 31pJwKoHgN2qgTiiRmneS2+v1+p5RUItErwiy9N7RNQ/Du2MMc8SCrk7m5ZlXperce9Y 0jAw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=LdT2GKeZ; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id i12sor9811560vsm.8.2018.10.31.06.57.24 for (Google Transport Security); Wed, 31 Oct 2018 06:57:24 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=LdT2GKeZ; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=CTrT0sCDLnYXV7f1UFj6oazint08Xg4/jJFEFxTtjTY=; b=LdT2GKeZNlBgUTsSvoTed+rNtrAhAuox2okaFfL7VVw6DeE/M6dBopCLLvJlbpkiC9 +qpmauQW9wL+CxE026WENXgkYp3SSe58YYB+RhJRWT/XXmMOizOICFY9xW3jA0lNxNqW HM+4XNN1cRfxfHMNZegJJ0qR01D6fwUB6WgHE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=CTrT0sCDLnYXV7f1UFj6oazint08Xg4/jJFEFxTtjTY=; b=t/UxVdZ3/eWCdVIAgbXH7u/q7kQ8r4RHvcsCtYsrhQM19Rldr0yKX7ThmjY39LeMW3 9atZj+ravV4kFhcaGwygXAlcw87DheKmBkYoXRucd70JNDXJgoSV/rxseurJKORikzX5 NMF/tAKpV73yaV/Mfk1JGQukQFaJPDMf1Osb79zBWrhUsKgqSg7lW69lf41R1MRpUOz0 6gXPasYmxgYqQ76Tw3gGzcZ4SnhPvKBxZJLlRGirDas4jJhtOI3wsRbxT59PPetcYo4L yRCnbZKYyrKBdmIgf22w7ZFqu1C/Zka0u+64nzWGwkIq4UBfuvMSduFmjToXPGeJUWTd YNZQ== X-Gm-Message-State: AGRZ1gKstTwp9jALw9EaXtaHX1QGhzmn6M5RzjQu1/zxxePdGTVAFafX H/3kFSPpo8PS+c6gZvVcvFoA5IPb X-Google-Smtp-Source: AJdET5fT6l4Oq/mOCiD53g3MglDH+8+N2dWl1lBtewFJTjsWlYaZ3g88/Fr6mdN+NMA+FSA9X2A1Aw== X-Received: by 2002:a67:45d8:: with SMTP id z85mr1306902vsf.106.1540994244222; Wed, 31 Oct 2018 06:57:24 -0700 (PDT) Return-Path: Received: from dave-Dell-System-XPS-L502X.hsd1.nh.comcast.net ([2603:3005:3403:7100:2c71:8680:34e1:a6aa]) by smtp.googlemail.com with ESMTPSA id s85-v6sm2275624vse.29.2018.10.31.06.57.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Oct 2018 06:57:23 -0700 (PDT) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 06/24] ARM: spectre-v2: harden branch predictor on context switches Date: Wed, 31 Oct 2018 09:56:55 -0400 Message-Id: <20181031135713.2873-7-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181031135713.2873-1-dave.long@linaro.org> References: <20181031135713.2873-1-dave.long@linaro.org> From: Russell King Commit 06c23f5ffe7ad45b908d0fff604dae08a7e334b9 upstream. Required manual merge of arch/arm/mm/proc-v7.S. Harden the branch predictor against Spectre v2 attacks on context switches for ARMv7 and later CPUs. We do this by: Cortex A9, A12, A17, A73, A75: invalidating the BTB. Cortex A15, Brahma B15: invalidating the instruction cache. Cortex A57 and Cortex A72 are not addressed in this patch. Cortex R7 and Cortex R8 are also not addressed as we do not enforce memory protection on these cores. Signed-off-by: Russell King Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Acked-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/mm/Kconfig | 19 ++++++ arch/arm/mm/proc-v7-2level.S | 6 -- arch/arm/mm/proc-v7.S | 125 +++++++++++++++++++++++++++-------- 3 files changed, 115 insertions(+), 35 deletions(-) -- 2.17.1 diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig index d37af5e63411..7f3760fa9c15 100644 --- a/arch/arm/mm/Kconfig +++ b/arch/arm/mm/Kconfig @@ -804,6 +804,25 @@ config CPU_BPREDICT_DISABLE config CPU_SPECTRE bool +config HARDEN_BRANCH_PREDICTOR + bool "Harden the branch predictor against aliasing attacks" if EXPERT + depends on CPU_SPECTRE + default y + help + Speculation attacks against some high-performance processors rely + on being able to manipulate the branch predictor for a victim + context by executing aliasing branches in the attacker context. + Such attacks can be partially mitigated against by clearing + internal branch predictor state and limiting the prediction + logic in some situations. + + This config option will take CPU-specific actions to harden + the branch predictor against aliasing attacks and may rely on + specific instruction sequences or control bits being set by + the system firmware. + + If unsure, say Y. + config TLS_REG_EMUL bool select NEED_KUSER_HELPERS diff --git a/arch/arm/mm/proc-v7-2level.S b/arch/arm/mm/proc-v7-2level.S index c6141a5435c3..f8d45ad2a515 100644 --- a/arch/arm/mm/proc-v7-2level.S +++ b/arch/arm/mm/proc-v7-2level.S @@ -41,11 +41,6 @@ * even on Cortex-A8 revisions not affected by 430973. * If IBE is not set, the flush BTAC/BTB won't do anything. */ -ENTRY(cpu_ca8_switch_mm) -#ifdef CONFIG_MMU - mov r2, #0 - mcr p15, 0, r2, c7, c5, 6 @ flush BTAC/BTB -#endif ENTRY(cpu_v7_switch_mm) #ifdef CONFIG_MMU mmid r1, r1 @ get mm->context.id @@ -66,7 +61,6 @@ ENTRY(cpu_v7_switch_mm) #endif bx lr ENDPROC(cpu_v7_switch_mm) -ENDPROC(cpu_ca8_switch_mm) /* * cpu_v7_set_pte_ext(ptep, pte) diff --git a/arch/arm/mm/proc-v7.S b/arch/arm/mm/proc-v7.S index d00d52c9de3e..bf632d76d392 100644 --- a/arch/arm/mm/proc-v7.S +++ b/arch/arm/mm/proc-v7.S @@ -88,6 +88,17 @@ ENTRY(cpu_v7_dcache_clean_area) ret lr ENDPROC(cpu_v7_dcache_clean_area) +ENTRY(cpu_v7_iciallu_switch_mm) + mov r3, #0 + mcr p15, 0, r3, c7, c5, 0 @ ICIALLU + b cpu_v7_switch_mm +ENDPROC(cpu_v7_iciallu_switch_mm) +ENTRY(cpu_v7_bpiall_switch_mm) + mov r3, #0 + mcr p15, 0, r3, c7, c5, 6 @ flush BTAC/BTB + b cpu_v7_switch_mm +ENDPROC(cpu_v7_bpiall_switch_mm) + string cpu_v7_name, "ARMv7 Processor" .align @@ -153,31 +164,6 @@ ENTRY(cpu_v7_do_resume) ENDPROC(cpu_v7_do_resume) #endif -/* - * Cortex-A8 - */ - globl_equ cpu_ca8_proc_init, cpu_v7_proc_init - globl_equ cpu_ca8_proc_fin, cpu_v7_proc_fin - globl_equ cpu_ca8_reset, cpu_v7_reset - globl_equ cpu_ca8_do_idle, cpu_v7_do_idle - globl_equ cpu_ca8_dcache_clean_area, cpu_v7_dcache_clean_area - globl_equ cpu_ca8_set_pte_ext, cpu_v7_set_pte_ext - globl_equ cpu_ca8_suspend_size, cpu_v7_suspend_size -#ifdef CONFIG_ARM_CPU_SUSPEND - globl_equ cpu_ca8_do_suspend, cpu_v7_do_suspend - globl_equ cpu_ca8_do_resume, cpu_v7_do_resume -#endif - -/* - * Cortex-A9 processor functions - */ - globl_equ cpu_ca9mp_proc_init, cpu_v7_proc_init - globl_equ cpu_ca9mp_proc_fin, cpu_v7_proc_fin - globl_equ cpu_ca9mp_reset, cpu_v7_reset - globl_equ cpu_ca9mp_do_idle, cpu_v7_do_idle - globl_equ cpu_ca9mp_dcache_clean_area, cpu_v7_dcache_clean_area - globl_equ cpu_ca9mp_switch_mm, cpu_v7_switch_mm - globl_equ cpu_ca9mp_set_pte_ext, cpu_v7_set_pte_ext .globl cpu_ca9mp_suspend_size .equ cpu_ca9mp_suspend_size, cpu_v7_suspend_size + 4 * 2 #ifdef CONFIG_ARM_CPU_SUSPEND @@ -543,10 +529,75 @@ __v7_setup_stack: @ define struct processor (see and proc-macros.S) define_processor_functions v7, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 + +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + @ generic v7 bpiall on context switch + globl_equ cpu_v7_bpiall_proc_init, cpu_v7_proc_init + globl_equ cpu_v7_bpiall_proc_fin, cpu_v7_proc_fin + globl_equ cpu_v7_bpiall_reset, cpu_v7_reset + globl_equ cpu_v7_bpiall_do_idle, cpu_v7_do_idle + globl_equ cpu_v7_bpiall_dcache_clean_area, cpu_v7_dcache_clean_area + globl_equ cpu_v7_bpiall_set_pte_ext, cpu_v7_set_pte_ext + globl_equ cpu_v7_bpiall_suspend_size, cpu_v7_suspend_size +#ifdef CONFIG_ARM_CPU_SUSPEND + globl_equ cpu_v7_bpiall_do_suspend, cpu_v7_do_suspend + globl_equ cpu_v7_bpiall_do_resume, cpu_v7_do_resume +#endif + define_processor_functions v7_bpiall, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 + +#define HARDENED_BPIALL_PROCESSOR_FUNCTIONS v7_bpiall_processor_functions +#else +#define HARDENED_BPIALL_PROCESSOR_FUNCTIONS v7_processor_functions +#endif + #ifndef CONFIG_ARM_LPAE + @ Cortex-A8 - always needs bpiall switch_mm implementation + globl_equ cpu_ca8_proc_init, cpu_v7_proc_init + globl_equ cpu_ca8_proc_fin, cpu_v7_proc_fin + globl_equ cpu_ca8_reset, cpu_v7_reset + globl_equ cpu_ca8_do_idle, cpu_v7_do_idle + globl_equ cpu_ca8_dcache_clean_area, cpu_v7_dcache_clean_area + globl_equ cpu_ca8_set_pte_ext, cpu_v7_set_pte_ext + globl_equ cpu_ca8_switch_mm, cpu_v7_bpiall_switch_mm + globl_equ cpu_ca8_suspend_size, cpu_v7_suspend_size +#ifdef CONFIG_ARM_CPU_SUSPEND + globl_equ cpu_ca8_do_suspend, cpu_v7_do_suspend + globl_equ cpu_ca8_do_resume, cpu_v7_do_resume +#endif define_processor_functions ca8, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 + + @ Cortex-A9 - needs more registers preserved across suspend/resume + @ and bpiall switch_mm for hardening + globl_equ cpu_ca9mp_proc_init, cpu_v7_proc_init + globl_equ cpu_ca9mp_proc_fin, cpu_v7_proc_fin + globl_equ cpu_ca9mp_reset, cpu_v7_reset + globl_equ cpu_ca9mp_do_idle, cpu_v7_do_idle + globl_equ cpu_ca9mp_dcache_clean_area, cpu_v7_dcache_clean_area +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + globl_equ cpu_ca9mp_switch_mm, cpu_v7_bpiall_switch_mm +#else + globl_equ cpu_ca9mp_switch_mm, cpu_v7_switch_mm +#endif + globl_equ cpu_ca9mp_set_pte_ext, cpu_v7_set_pte_ext define_processor_functions ca9mp, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 #endif + + @ Cortex-A15 - needs iciallu switch_mm for hardening + globl_equ cpu_ca15_proc_init, cpu_v7_proc_init + globl_equ cpu_ca15_proc_fin, cpu_v7_proc_fin + globl_equ cpu_ca15_reset, cpu_v7_reset + globl_equ cpu_ca15_do_idle, cpu_v7_do_idle + globl_equ cpu_ca15_dcache_clean_area, cpu_v7_dcache_clean_area +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + globl_equ cpu_ca15_switch_mm, cpu_v7_iciallu_switch_mm +#else + globl_equ cpu_ca15_switch_mm, cpu_v7_switch_mm +#endif + globl_equ cpu_ca15_set_pte_ext, cpu_v7_set_pte_ext + globl_equ cpu_ca15_suspend_size, cpu_v7_suspend_size + globl_equ cpu_ca15_do_suspend, cpu_v7_do_suspend + globl_equ cpu_ca15_do_resume, cpu_v7_do_resume + define_processor_functions ca15, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 #ifdef CONFIG_CPU_PJ4B define_processor_functions pj4b, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 #endif @@ -653,7 +704,7 @@ __v7_ca7mp_proc_info: __v7_ca12mp_proc_info: .long 0x410fc0d0 .long 0xff0ffff0 - __v7_proc __v7_ca12mp_proc_info, __v7_ca12mp_setup + __v7_proc __v7_ca12mp_proc_info, __v7_ca12mp_setup, proc_fns = HARDENED_BPIALL_PROCESSOR_FUNCTIONS .size __v7_ca12mp_proc_info, . - __v7_ca12mp_proc_info /* @@ -663,7 +714,7 @@ __v7_ca12mp_proc_info: __v7_ca15mp_proc_info: .long 0x410fc0f0 .long 0xff0ffff0 - __v7_proc __v7_ca15mp_proc_info, __v7_ca15mp_setup + __v7_proc __v7_ca15mp_proc_info, __v7_ca15mp_setup, proc_fns = ca15_processor_functions .size __v7_ca15mp_proc_info, . - __v7_ca15mp_proc_info /* @@ -673,7 +724,7 @@ __v7_ca15mp_proc_info: __v7_b15mp_proc_info: .long 0x420f00f0 .long 0xff0ffff0 - __v7_proc __v7_b15mp_proc_info, __v7_b15mp_setup + __v7_proc __v7_b15mp_proc_info, __v7_b15mp_setup, proc_fns = ca15_processor_functions .size __v7_b15mp_proc_info, . - __v7_b15mp_proc_info /* @@ -683,9 +734,25 @@ __v7_b15mp_proc_info: __v7_ca17mp_proc_info: .long 0x410fc0e0 .long 0xff0ffff0 - __v7_proc __v7_ca17mp_proc_info, __v7_ca17mp_setup + __v7_proc __v7_ca17mp_proc_info, __v7_ca17mp_setup, proc_fns = HARDENED_BPIALL_PROCESSOR_FUNCTIONS .size __v7_ca17mp_proc_info, . - __v7_ca17mp_proc_info + /* ARM Ltd. Cortex A73 processor */ + .type __v7_ca73_proc_info, #object +__v7_ca73_proc_info: + .long 0x410fd090 + .long 0xff0ffff0 + __v7_proc __v7_ca73_proc_info, __v7_setup, proc_fns = HARDENED_BPIALL_PROCESSOR_FUNCTIONS + .size __v7_ca73_proc_info, . - __v7_ca73_proc_info + + /* ARM Ltd. Cortex A75 processor */ + .type __v7_ca75_proc_info, #object +__v7_ca75_proc_info: + .long 0x410fd0a0 + .long 0xff0ffff0 + __v7_proc __v7_ca75_proc_info, __v7_setup, proc_fns = HARDENED_BPIALL_PROCESSOR_FUNCTIONS + .size __v7_ca75_proc_info, . - __v7_ca75_proc_info + /* * Qualcomm Inc. Krait processors. */ From patchwork Wed Oct 31 13:56:56 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 149801 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp6826434ljp; Wed, 31 Oct 2018 06:57:26 -0700 (PDT) X-Received: by 2002:a67:e002:: with SMTP id c2mr1357002vsl.34.1540994246035; Wed, 31 Oct 2018 06:57:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540994246; cv=none; d=google.com; s=arc-20160816; b=rrjIp1ChvV9KHKHGkhKAuYDvZMNY60PNj7JhFIFFgK06qqfTfM89/J1r2o2M89JxPt pZ057eMmognhAvUugRiOfuwFnvuErB7ssWtawJLCxEQRFhozCTV+oBBOEyTH9vJLKYDh Rsp32ctakncL17ZrUicUc4XY2Z3Uvo8k4zcQ4+F/+IwpP/maN0Ml1fSv0b9fGuzEKzUF kI84lVTvVpwMGXdl+LrgcV4g8uaV+QZFF+gpCEw4OsNxhiWi88DatgQLbRonJnVVWOip 3aY4BasG0GcsijbkkHnCotGQy9+1kAoh6L4eIleb3HNLNe5z7jlnCxunIinh8MheIGv7 DknA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=oya04Nf0O5JKk85HbYhsYDzO4JPG4SJhDIEkrw1i94M=; b=h/3HLaJaWRhiJRBR0o769RGgTl+/0X/V+NsQaTj00betEIyTDgPt81Tad46eHVZ0n0 BINxPQqZ8vFagiQW0u3AQ3voMDrhhAxlLRVVS71CPiyVdmd5UFEvvaaQValAJeQJMsug Y38Bcb+shUQoEKnOBS37kKkDRadtaySzodpqsloLibhLAPhdV/FKkNX+kZLqrZrt3/ut SvWr4+HbErYZ6IILKlGZQfHCxGw8UxjaMVMUsx7VkQnCqOh7ieGz0nLdmaiJeb83BmP7 7q1tjqN7Sn4RlQI0CSWalpbmMy8MFHVvMwALEjujfVOyOhc7PVmycS+z+OzsHcYkrC+l cZhA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=dI1lNqGj; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id h4sor14554350uan.48.2018.10.31.06.57.25 for (Google Transport Security); Wed, 31 Oct 2018 06:57:26 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=dI1lNqGj; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=oya04Nf0O5JKk85HbYhsYDzO4JPG4SJhDIEkrw1i94M=; b=dI1lNqGjz+rU/3JRd3g+pYu54ppDgzzznQ5+0MZAlFQaHknfKD8e91H+x+5ebpBBbA H2qq497wZmkXog5k5mbtYZPlw9hXYSJRIfdfoKd5EgHp2UB4u+p9K32lwhw2v3XFMDam cIkfi9tTPUrdmCRan5hBxcjTrx6NhIVvgNxFY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=oya04Nf0O5JKk85HbYhsYDzO4JPG4SJhDIEkrw1i94M=; b=H9xa70a/ITHjdJhOGIYGDSU+dpBzh/GjVODc51zRacx6bTfa/YYaf+izEcpPfYGZ9P fpIBw8HKy+WPw605zHJ5kG4ACE20N/0ivt3HnV3ICrO7O4IQW2qDNErf5E/IpZYKVWyP 5iJGvWlQkpLue0F3uXZBVeyoi7onnvdXYx31yTaBbsccDTmaDfVlpwmjFj8eHzv3pcAk Exs2zCWKOclgxZ8fHBmIh580/npEc4Qonx0WK4URD2LYygUzwAJxlJk1oPnogaLcBtCC LZRDxlnG/NNVq35jVcN5QEXoc7xHqRDDxQEoZwB0qNWySEuyJzFCg+T+G3miTyiXWKP0 ASeQ== X-Gm-Message-State: AGRZ1gJtDqDTLBQvQk9DNfszhl9F4OQwh4wmNTngjG1KnQ4izOodFMVR oPMl7/duXJ3Zf5dp0SQ42TiSiFxO X-Google-Smtp-Source: AJdET5cF0la3YPgSInA9ioX+JH3Fw4vNpdGr9ZfRjaqVmZi7UvciBosdMiJNR4FmvRnu4h08Oki/Sw== X-Received: by 2002:ab0:251:: with SMTP id 75mr1416090uas.39.1540994245511; Wed, 31 Oct 2018 06:57:25 -0700 (PDT) Return-Path: Received: from dave-Dell-System-XPS-L502X.hsd1.nh.comcast.net ([2603:3005:3403:7100:2c71:8680:34e1:a6aa]) by smtp.googlemail.com with ESMTPSA id s85-v6sm2275624vse.29.2018.10.31.06.57.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Oct 2018 06:57:24 -0700 (PDT) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 07/24] ARM: spectre-v2: add Cortex A8 and A15 validation of the IBE bit Date: Wed, 31 Oct 2018 09:56:56 -0400 Message-Id: <20181031135713.2873-8-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181031135713.2873-1-dave.long@linaro.org> References: <20181031135713.2873-1-dave.long@linaro.org> From: Russell King Commit e388b80288aade31135aca23d32eee93dd106795 upstream. When the branch predictor hardening is enabled, firmware must have set the IBE bit in the auxiliary control register. If this bit has not been set, the Spectre workarounds will not be functional. Add validation that this bit is set, and print a warning at alert level if this is not the case. Signed-off-by: Russell King Reviewed-by: Florian Fainelli Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Signed-off-by: David A. Long --- arch/arm/mm/Makefile | 2 +- arch/arm/mm/proc-v7-bugs.c | 36 ++++++++++++++++++++++++++++++++++++ arch/arm/mm/proc-v7.S | 4 ++-- 3 files changed, 39 insertions(+), 3 deletions(-) create mode 100644 arch/arm/mm/proc-v7-bugs.c -- 2.17.1 diff --git a/arch/arm/mm/Makefile b/arch/arm/mm/Makefile index e8698241ece9..92d47c8cbbc3 100644 --- a/arch/arm/mm/Makefile +++ b/arch/arm/mm/Makefile @@ -94,7 +94,7 @@ obj-$(CONFIG_CPU_MOHAWK) += proc-mohawk.o obj-$(CONFIG_CPU_FEROCEON) += proc-feroceon.o obj-$(CONFIG_CPU_V6) += proc-v6.o obj-$(CONFIG_CPU_V6K) += proc-v6.o -obj-$(CONFIG_CPU_V7) += proc-v7.o +obj-$(CONFIG_CPU_V7) += proc-v7.o proc-v7-bugs.o obj-$(CONFIG_CPU_V7M) += proc-v7m.o AFLAGS_proc-v6.o :=-Wa,-march=armv6 diff --git a/arch/arm/mm/proc-v7-bugs.c b/arch/arm/mm/proc-v7-bugs.c new file mode 100644 index 000000000000..e46557db6446 --- /dev/null +++ b/arch/arm/mm/proc-v7-bugs.c @@ -0,0 +1,36 @@ +// SPDX-License-Identifier: GPL-2.0 +#include +#include + +static __maybe_unused void cpu_v7_check_auxcr_set(bool *warned, + u32 mask, const char *msg) +{ + u32 aux_cr; + + asm("mrc p15, 0, %0, c1, c0, 1" : "=r" (aux_cr)); + + if ((aux_cr & mask) != mask) { + if (!*warned) + pr_err("CPU%u: %s", smp_processor_id(), msg); + *warned = true; + } +} + +static DEFINE_PER_CPU(bool, spectre_warned); + +static void check_spectre_auxcr(bool *warned, u32 bit) +{ + if (IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR) && + cpu_v7_check_auxcr_set(warned, bit, + "Spectre v2: firmware did not set auxiliary control register IBE bit, system vulnerable\n"); +} + +void cpu_v7_ca8_ibe(void) +{ + check_spectre_auxcr(this_cpu_ptr(&spectre_warned), BIT(6)); +} + +void cpu_v7_ca15_ibe(void) +{ + check_spectre_auxcr(this_cpu_ptr(&spectre_warned), BIT(0)); +} diff --git a/arch/arm/mm/proc-v7.S b/arch/arm/mm/proc-v7.S index bf632d76d392..4e4f794f17ce 100644 --- a/arch/arm/mm/proc-v7.S +++ b/arch/arm/mm/proc-v7.S @@ -564,7 +564,7 @@ __v7_setup_stack: globl_equ cpu_ca8_do_suspend, cpu_v7_do_suspend globl_equ cpu_ca8_do_resume, cpu_v7_do_resume #endif - define_processor_functions ca8, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 + define_processor_functions ca8, dabort=v7_early_abort, pabort=v7_pabort, suspend=1, bugs=cpu_v7_ca8_ibe @ Cortex-A9 - needs more registers preserved across suspend/resume @ and bpiall switch_mm for hardening @@ -597,7 +597,7 @@ __v7_setup_stack: globl_equ cpu_ca15_suspend_size, cpu_v7_suspend_size globl_equ cpu_ca15_do_suspend, cpu_v7_do_suspend globl_equ cpu_ca15_do_resume, cpu_v7_do_resume - define_processor_functions ca15, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 + define_processor_functions ca15, dabort=v7_early_abort, pabort=v7_pabort, suspend=1, bugs=cpu_v7_ca15_ibe #ifdef CONFIG_CPU_PJ4B define_processor_functions pj4b, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 #endif From patchwork Wed Oct 31 13:56:57 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 149802 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp6826458ljp; Wed, 31 Oct 2018 06:57:27 -0700 (PDT) X-Received: by 2002:a1f:cc86:: with SMTP id c128mr1264935vkg.77.1540994247500; Wed, 31 Oct 2018 06:57:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540994247; cv=none; d=google.com; s=arc-20160816; b=oec9IzPr9oXxMVcq8E6ApQD18Pf04bPZsA97+vIznzOfKHhDKuweja15tgGCHB65Zn 7TLbhhiU0YotmPJ/MxdfP94nPaWB8hbCAAoR+xK+Y62A2Fy1WSCvGG2TuD9c9ckT3Z8h 9RYUMg1tR9Rcykn2rZvr0sCSM3ebDdCCZ6idz9J5gm1rj23LbiAiWwIEhQldqkoYn+gO +Eelk5jkaygIC/Kpbn83KhRY22nlkEwZAUt9//TDoRJdfqGFojX9QL32HVTDb7BwkDy2 ke1UOUvyGmsPMVFzfnoZYIjD0/JZhNHrSaY4nX2Msxlm/kUYY/ULo/CpgJGKUm5ddTJm 5GHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=RTypk7ytVSq6HRP039KKlUhlZd4ojNgO2ok3F47UQ/c=; b=RuUHEBcpLQppK3+fLpG/CcDuBPz9vDszRIUF7NreEpj+uUumOvpcoxWwKbwmSn742q 6lAL70vHuX5simOLcR3AkcZJl6Ic/KqxF4YXdPxPaew/IGgsmG/sA+xLNz+2RxZwbGOG Be+xprxTd4c+z9+nlp3UiYZLcazsWr83JHIj7zX9QfnJJqAo9aAxLKuoC3INWxWT5prJ +40UkaG+/LO6bvEpiTpAf79qita48vR4xBRaaDT5JZF6uvns6egPF8SMjykM9cM/l34M 0gL21rOHQDVOJIvAJCfULaJcYuPZbEgrG+ShIOEqU1eROtNF2RCZfCf9pTbglwLAsGOF Iwkg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=bvTQZe4p; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.41 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f41.google.com (mail-sor-f41.google.com. [209.85.220.41]) by mx.google.com with SMTPS id y24sor14583464uae.36.2018.10.31.06.57.27 for (Google Transport Security); Wed, 31 Oct 2018 06:57:27 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.41 as permitted sender) client-ip=209.85.220.41; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=bvTQZe4p; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.41 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=RTypk7ytVSq6HRP039KKlUhlZd4ojNgO2ok3F47UQ/c=; b=bvTQZe4pXLgDaJiGOmig0jKwwXBgDbRmRqBou+V/wKc4f9XUYcbwnsQMHOrwOx7xRv 7x4o2IxHFelZxnpPo/Y5zsbeggFWht4jwAO7iiEhDrk+nUqdWqugmy3SiZFF9m1K90Hj L8ycjyf34WrUrEAjyUkt/roEQ2Xm6TGrMilxE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=RTypk7ytVSq6HRP039KKlUhlZd4ojNgO2ok3F47UQ/c=; b=FuizAOM+ZX6fnQCRkCaYWNh3or988DMnbetRKvOAzMu5Vcc1YwjlsEJjrFt2TCvksc UeWFeVGwFj9d/vmzuDocfZxqULbubYn1XIEudhZ1uw5bzGOyGYXHlFGZ+0bFffAuJCGZ pMAxE1A6wbq8izpNR5mXzarVQ4Ps4O1QYyZQBos75XYm5trp9C2MFBbHCREmbzfoIUQH S3mvmU1h0pgR7BLzNcvtAlNIDQ8pEgq0c7we0IoNNFtqV3thtrVTW70/kig/I1Gx0PRH hC3+hpFVH/sPddSnSsVW4vEpwOCLtY31xEtSabj+oRZq9y01wc7VTrep8Xst1q0fw3Il aXfg== X-Gm-Message-State: AGRZ1gKQsAtcZAOzxsi323ZUt9qfcq+8brMEitOoGOMulhVoxsx151Xi mBjpNWlwlmtggxQlDYcB8He2PB4njbEOZQ== X-Google-Smtp-Source: AJdET5eLEGKjedllltHNV4qmQ91Rg16raLh0UMnc1ziqKhavHG6DaRRLq8ADPy7BTxrPcRzGON6Thw== X-Received: by 2002:ab0:526:: with SMTP id 35mr1333471uax.84.1540994246935; Wed, 31 Oct 2018 06:57:26 -0700 (PDT) Return-Path: Received: from dave-Dell-System-XPS-L502X.hsd1.nh.comcast.net ([2603:3005:3403:7100:2c71:8680:34e1:a6aa]) by smtp.googlemail.com with ESMTPSA id s85-v6sm2275624vse.29.2018.10.31.06.57.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Oct 2018 06:57:26 -0700 (PDT) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 08/24] ARM: spectre-v2: harden user aborts in kernel space Date: Wed, 31 Oct 2018 09:56:57 -0400 Message-Id: <20181031135713.2873-9-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181031135713.2873-1-dave.long@linaro.org> References: <20181031135713.2873-1-dave.long@linaro.org> From: Russell King Commit f5fe12b1eaee220ce62ff9afb8b90929c396595f upstream. In order to prevent aliasing attacks on the branch predictor, invalidate the BTB or instruction cache on CPUs that are known to be affected when taking an abort on a address that is outside of a user task limit: Cortex A8, A9, A12, A17, A73, A75: flush BTB. Cortex A15, Brahma B15: invalidate icache. If the IBE bit is not set, then there is little point to enabling the workaround. Signed-off-by: Russell King Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Signed-off-by: David A. Long --- arch/arm/include/asm/cp15.h | 3 ++ arch/arm/include/asm/system_misc.h | 15 ++++++ arch/arm/mm/fault.c | 3 ++ arch/arm/mm/proc-v7-bugs.c | 73 ++++++++++++++++++++++++++++-- arch/arm/mm/proc-v7.S | 8 ++-- 5 files changed, 94 insertions(+), 8 deletions(-) -- 2.17.1 diff --git a/arch/arm/include/asm/cp15.h b/arch/arm/include/asm/cp15.h index dbdbce1b3a72..b74b174ac9fc 100644 --- a/arch/arm/include/asm/cp15.h +++ b/arch/arm/include/asm/cp15.h @@ -64,6 +64,9 @@ #define __write_sysreg(v, r, w, c, t) asm volatile(w " " c : : "r" ((t)(v))) #define write_sysreg(v, ...) __write_sysreg(v, __VA_ARGS__) +#define BPIALL __ACCESS_CP15(c7, 0, c5, 6) +#define ICIALLU __ACCESS_CP15(c7, 0, c5, 0) + extern unsigned long cr_alignment; /* defined in entry-armv.S */ static inline unsigned long get_cr(void) diff --git a/arch/arm/include/asm/system_misc.h b/arch/arm/include/asm/system_misc.h index a3d61ad984af..1fed41440af9 100644 --- a/arch/arm/include/asm/system_misc.h +++ b/arch/arm/include/asm/system_misc.h @@ -7,6 +7,7 @@ #include #include #include +#include extern void cpu_init(void); @@ -14,6 +15,20 @@ void soft_restart(unsigned long); extern void (*arm_pm_restart)(enum reboot_mode reboot_mode, const char *cmd); extern void (*arm_pm_idle)(void); +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR +typedef void (*harden_branch_predictor_fn_t)(void); +DECLARE_PER_CPU(harden_branch_predictor_fn_t, harden_branch_predictor_fn); +static inline void harden_branch_predictor(void) +{ + harden_branch_predictor_fn_t fn = per_cpu(harden_branch_predictor_fn, + smp_processor_id()); + if (fn) + fn(); +} +#else +#define harden_branch_predictor() do { } while (0) +#endif + #define UDBG_UNDEFINED (1 << 0) #define UDBG_SYSCALL (1 << 1) #define UDBG_BADABORT (1 << 2) diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c index f7861dc83182..5ca207ada852 100644 --- a/arch/arm/mm/fault.c +++ b/arch/arm/mm/fault.c @@ -163,6 +163,9 @@ __do_user_fault(struct task_struct *tsk, unsigned long addr, { struct siginfo si; + if (addr > TASK_SIZE) + harden_branch_predictor(); + #ifdef CONFIG_DEBUG_USER if (((user_debug & UDBG_SEGV) && (sig == SIGSEGV)) || ((user_debug & UDBG_BUS) && (sig == SIGBUS))) { diff --git a/arch/arm/mm/proc-v7-bugs.c b/arch/arm/mm/proc-v7-bugs.c index e46557db6446..85a2e3d6263c 100644 --- a/arch/arm/mm/proc-v7-bugs.c +++ b/arch/arm/mm/proc-v7-bugs.c @@ -2,7 +2,61 @@ #include #include -static __maybe_unused void cpu_v7_check_auxcr_set(bool *warned, +#include +#include +#include + +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR +DEFINE_PER_CPU(harden_branch_predictor_fn_t, harden_branch_predictor_fn); + +static void harden_branch_predictor_bpiall(void) +{ + write_sysreg(0, BPIALL); +} + +static void harden_branch_predictor_iciallu(void) +{ + write_sysreg(0, ICIALLU); +} + +static void cpu_v7_spectre_init(void) +{ + const char *spectre_v2_method = NULL; + int cpu = smp_processor_id(); + + if (per_cpu(harden_branch_predictor_fn, cpu)) + return; + + switch (read_cpuid_part()) { + case ARM_CPU_PART_CORTEX_A8: + case ARM_CPU_PART_CORTEX_A9: + case ARM_CPU_PART_CORTEX_A12: + case ARM_CPU_PART_CORTEX_A17: + case ARM_CPU_PART_CORTEX_A73: + case ARM_CPU_PART_CORTEX_A75: + per_cpu(harden_branch_predictor_fn, cpu) = + harden_branch_predictor_bpiall; + spectre_v2_method = "BPIALL"; + break; + + case ARM_CPU_PART_CORTEX_A15: + case ARM_CPU_PART_BRAHMA_B15: + per_cpu(harden_branch_predictor_fn, cpu) = + harden_branch_predictor_iciallu; + spectre_v2_method = "ICIALLU"; + break; + } + if (spectre_v2_method) + pr_info("CPU%u: Spectre v2: using %s workaround\n", + smp_processor_id(), spectre_v2_method); +} +#else +static void cpu_v7_spectre_init(void) +{ +} +#endif + +static __maybe_unused bool cpu_v7_check_auxcr_set(bool *warned, u32 mask, const char *msg) { u32 aux_cr; @@ -13,24 +67,33 @@ static __maybe_unused void cpu_v7_check_auxcr_set(bool *warned, if (!*warned) pr_err("CPU%u: %s", smp_processor_id(), msg); *warned = true; + return false; } + return true; } static DEFINE_PER_CPU(bool, spectre_warned); -static void check_spectre_auxcr(bool *warned, u32 bit) +static bool check_spectre_auxcr(bool *warned, u32 bit) { - if (IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR) && + return IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR) && cpu_v7_check_auxcr_set(warned, bit, "Spectre v2: firmware did not set auxiliary control register IBE bit, system vulnerable\n"); } void cpu_v7_ca8_ibe(void) { - check_spectre_auxcr(this_cpu_ptr(&spectre_warned), BIT(6)); + if (check_spectre_auxcr(this_cpu_ptr(&spectre_warned), BIT(6))) + cpu_v7_spectre_init(); } void cpu_v7_ca15_ibe(void) { - check_spectre_auxcr(this_cpu_ptr(&spectre_warned), BIT(0)); + if (check_spectre_auxcr(this_cpu_ptr(&spectre_warned), BIT(0))) + cpu_v7_spectre_init(); +} + +void cpu_v7_bugs_init(void) +{ + cpu_v7_spectre_init(); } diff --git a/arch/arm/mm/proc-v7.S b/arch/arm/mm/proc-v7.S index 4e4f794f17ce..2d2e5ae85816 100644 --- a/arch/arm/mm/proc-v7.S +++ b/arch/arm/mm/proc-v7.S @@ -527,8 +527,10 @@ __v7_setup_stack: __INITDATA + .weak cpu_v7_bugs_init + @ define struct processor (see and proc-macros.S) - define_processor_functions v7, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 + define_processor_functions v7, dabort=v7_early_abort, pabort=v7_pabort, suspend=1, bugs=cpu_v7_bugs_init #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR @ generic v7 bpiall on context switch @@ -543,7 +545,7 @@ __v7_setup_stack: globl_equ cpu_v7_bpiall_do_suspend, cpu_v7_do_suspend globl_equ cpu_v7_bpiall_do_resume, cpu_v7_do_resume #endif - define_processor_functions v7_bpiall, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 + define_processor_functions v7_bpiall, dabort=v7_early_abort, pabort=v7_pabort, suspend=1, bugs=cpu_v7_bugs_init #define HARDENED_BPIALL_PROCESSOR_FUNCTIONS v7_bpiall_processor_functions #else @@ -579,7 +581,7 @@ __v7_setup_stack: globl_equ cpu_ca9mp_switch_mm, cpu_v7_switch_mm #endif globl_equ cpu_ca9mp_set_pte_ext, cpu_v7_set_pte_ext - define_processor_functions ca9mp, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 + define_processor_functions ca9mp, dabort=v7_early_abort, pabort=v7_pabort, suspend=1, bugs=cpu_v7_bugs_init #endif @ Cortex-A15 - needs iciallu switch_mm for hardening From patchwork Wed Oct 31 13:56:58 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 149803 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp6826486ljp; Wed, 31 Oct 2018 06:57:28 -0700 (PDT) X-Received: by 2002:ab0:b82:: with SMTP id c2mr1409216uak.121.1540994248784; Wed, 31 Oct 2018 06:57:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540994248; cv=none; d=google.com; s=arc-20160816; b=a9ZwtYJOMAO2fGEP/DivQT5RhPzViWuUiaALlhJHiplHp823GN8zVnVkDQjLp3DBbP XIe+bBPdN2aDiSjihVEaI6NJID5j9MnHVSr4z62sVwKGbHvUSQdbdFv3/wI1yWaFIfQD nIGqquqMQMMxF7WErDe/1E7CcNe5/A97lC5y6mk5y6WqxGCbYbwf1eQkpfWgAuOy3bkr AHcpQwvH2Y/dcYTzLBlcsIbkL5mvsV3HXocxEDwNPK1DCKP8Ax69zcTZTTOn81cH0kTo 0LMjkVYVaFqTNQ5iwSO7RS36hptc3qpdvSoGuRjLdEIZLUw6vd8FbGBsiOxd6AXDXHVH i08g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Ia7RGwrKETh+3qMENwxN4H/3Xvo7Bu4DuMH9VrVioPs=; b=f+hdERQ22mcmUmPR8lc9/q8+ElrGDkd8Nwio8RhAmHIh4dYp3v7hBUzuSB2msFLPOE hUut9qn6T7iHJwMCdGA3GyAy0nM8wQSadpLWg6HZKiqY9Kj4wu5DrkT7bIdAJ599I/VJ 8HrbbZQPf/aBSCFz157Cy6drx3PBzbWPPAu2S2XcEVY3DGFLAEEhD8VQz8kK6jNLea3e +E3vIHjciCLZZG8UaOjGfZ0frDmQVe6/01sWWWNl1t+a36n2Y502v2Ppp1dWOTOclVWf NjkEVfKf8jtRpepMOPC/THe2bBbH93VjkmWUt+bF/o3YjQVwQohegfavT66CDjKYGXa0 6ISQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Qy+hmwrW; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id h6sor5766426uae.3.2018.10.31.06.57.28 for (Google Transport Security); Wed, 31 Oct 2018 06:57:28 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Qy+hmwrW; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Ia7RGwrKETh+3qMENwxN4H/3Xvo7Bu4DuMH9VrVioPs=; b=Qy+hmwrW7m3TTtOwjCWBo761c2FX0vwAhavbzkpvW9REpVdSsnEM5ywL1qeRTNN7b2 tZ7IVKvZz3zml8Ud300Ke3wAw8RQ/36nB5sfTP2fU/nl1TD6ODC8JmnMklgWWgtk+m/Q TQ9JHvq4Zbr5wxG016lHTkBLm//MWfbvSpHYE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Ia7RGwrKETh+3qMENwxN4H/3Xvo7Bu4DuMH9VrVioPs=; b=mrYRx73nFof4wBw+8CZORs5sirzYKWegHG1sRJWQkl6iVLxTC1IuSMm+AlS1k5atpj IdyKXra5xbsBanyXwODQNCzKWqx25KdPVTs6jMy3cW4Kqskv2qIdfnkQlKxU+xK2scyK 0XaM10I3GYihCi4BxPKF+/w4Ojaph9upi/IBbgzA2u/fVrZ1lU092C0Qmr2gM2KfgTdo aFj5P+jakPxK/fsRsId2AIGGuL3DWT5JyYTRZ1JK4Zr4sj293Ip5JlB6P3TevyvlLBJu UGvL+QGGUTDpJAsEzhSgbSkhVLfvYuDqTf6uymUtseIBomXpoQDLj/K/CxeWz47Iv61F wHsA== X-Gm-Message-State: AGRZ1gLfZIJYF7PWm0OaFAGBccI/px8SaFfwamzrnvLV/kvLYNdoBLfs FSRD8aRp3k3jzFCXRURelQlT+Ny6 X-Google-Smtp-Source: AJdET5fFax7/vbitnTZnWPSa1ipwX7Bn/SX4HQzBV1aXl1mjgoPiha+55eKtCoUIKrRq/zBANfVXGw== X-Received: by 2002:ab0:5a2b:: with SMTP id l40mr1341522uad.15.1540994248184; Wed, 31 Oct 2018 06:57:28 -0700 (PDT) Return-Path: Received: from dave-Dell-System-XPS-L502X.hsd1.nh.comcast.net ([2603:3005:3403:7100:2c71:8680:34e1:a6aa]) by smtp.googlemail.com with ESMTPSA id s85-v6sm2275624vse.29.2018.10.31.06.57.26 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Oct 2018 06:57:27 -0700 (PDT) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 09/24] ARM: spectre-v2: add firmware based hardening Date: Wed, 31 Oct 2018 09:56:58 -0400 Message-Id: <20181031135713.2873-10-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181031135713.2873-1-dave.long@linaro.org> References: <20181031135713.2873-1-dave.long@linaro.org> From: Russell King Commit 10115105cb3aa17b5da1cb726ae8dd5f6854bd93 upstream. Add firmware based hardening for cores that require more complex handling in firmware. Signed-off-by: Russell King Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Reviewed-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/mm/proc-v7-bugs.c | 60 ++++++++++++++++++++++++++++++++++++++ arch/arm/mm/proc-v7.S | 21 +++++++++++++ 2 files changed, 81 insertions(+) -- 2.17.1 diff --git a/arch/arm/mm/proc-v7-bugs.c b/arch/arm/mm/proc-v7-bugs.c index 85a2e3d6263c..da25a38e1897 100644 --- a/arch/arm/mm/proc-v7-bugs.c +++ b/arch/arm/mm/proc-v7-bugs.c @@ -1,14 +1,20 @@ // SPDX-License-Identifier: GPL-2.0 +#include #include +#include #include #include #include +#include #include #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR DEFINE_PER_CPU(harden_branch_predictor_fn_t, harden_branch_predictor_fn); +extern void cpu_v7_smc_switch_mm(phys_addr_t pgd_phys, struct mm_struct *mm); +extern void cpu_v7_hvc_switch_mm(phys_addr_t pgd_phys, struct mm_struct *mm); + static void harden_branch_predictor_bpiall(void) { write_sysreg(0, BPIALL); @@ -19,6 +25,16 @@ static void harden_branch_predictor_iciallu(void) write_sysreg(0, ICIALLU); } +static void __maybe_unused call_smc_arch_workaround_1(void) +{ + arm_smccc_1_1_smc(ARM_SMCCC_ARCH_WORKAROUND_1, NULL); +} + +static void __maybe_unused call_hvc_arch_workaround_1(void) +{ + arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_WORKAROUND_1, NULL); +} + static void cpu_v7_spectre_init(void) { const char *spectre_v2_method = NULL; @@ -45,7 +61,51 @@ static void cpu_v7_spectre_init(void) harden_branch_predictor_iciallu; spectre_v2_method = "ICIALLU"; break; + +#ifdef CONFIG_ARM_PSCI + default: + /* Other ARM CPUs require no workaround */ + if (read_cpuid_implementor() == ARM_CPU_IMP_ARM) + break; + /* fallthrough */ + /* Cortex A57/A72 require firmware workaround */ + case ARM_CPU_PART_CORTEX_A57: + case ARM_CPU_PART_CORTEX_A72: { + struct arm_smccc_res res; + + if (psci_ops.smccc_version == SMCCC_VERSION_1_0) + break; + + switch (psci_ops.conduit) { + case PSCI_CONDUIT_HVC: + arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, + ARM_SMCCC_ARCH_WORKAROUND_1, &res); + if ((int)res.a0 != 0) + break; + per_cpu(harden_branch_predictor_fn, cpu) = + call_hvc_arch_workaround_1; + processor.switch_mm = cpu_v7_hvc_switch_mm; + spectre_v2_method = "hypervisor"; + break; + + case PSCI_CONDUIT_SMC: + arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, + ARM_SMCCC_ARCH_WORKAROUND_1, &res); + if ((int)res.a0 != 0) + break; + per_cpu(harden_branch_predictor_fn, cpu) = + call_smc_arch_workaround_1; + processor.switch_mm = cpu_v7_smc_switch_mm; + spectre_v2_method = "firmware"; + break; + + default: + break; + } } +#endif + } + if (spectre_v2_method) pr_info("CPU%u: Spectre v2: using %s workaround\n", smp_processor_id(), spectre_v2_method); diff --git a/arch/arm/mm/proc-v7.S b/arch/arm/mm/proc-v7.S index 2d2e5ae85816..8fde9edb4a48 100644 --- a/arch/arm/mm/proc-v7.S +++ b/arch/arm/mm/proc-v7.S @@ -9,6 +9,7 @@ * * This is the "shell" of the ARMv7 processor support. */ +#include #include #include #include @@ -88,6 +89,26 @@ ENTRY(cpu_v7_dcache_clean_area) ret lr ENDPROC(cpu_v7_dcache_clean_area) +#ifdef CONFIG_ARM_PSCI + .arch_extension sec +ENTRY(cpu_v7_smc_switch_mm) + stmfd sp!, {r0 - r3} + movw r0, #:lower16:ARM_SMCCC_ARCH_WORKAROUND_1 + movt r0, #:upper16:ARM_SMCCC_ARCH_WORKAROUND_1 + smc #0 + ldmfd sp!, {r0 - r3} + b cpu_v7_switch_mm +ENDPROC(cpu_v7_smc_switch_mm) + .arch_extension virt +ENTRY(cpu_v7_hvc_switch_mm) + stmfd sp!, {r0 - r3} + movw r0, #:lower16:ARM_SMCCC_ARCH_WORKAROUND_1 + movt r0, #:upper16:ARM_SMCCC_ARCH_WORKAROUND_1 + hvc #0 + ldmfd sp!, {r0 - r3} + b cpu_v7_switch_mm +ENDPROC(cpu_v7_smc_switch_mm) +#endif ENTRY(cpu_v7_iciallu_switch_mm) mov r3, #0 mcr p15, 0, r3, c7, c5, 0 @ ICIALLU From patchwork Wed Oct 31 13:56:59 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 149804 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp6826515ljp; Wed, 31 Oct 2018 06:57:30 -0700 (PDT) X-Received: by 2002:ab0:60a3:: with SMTP id f3mr1223319uam.43.1540994250296; Wed, 31 Oct 2018 06:57:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540994250; cv=none; d=google.com; s=arc-20160816; b=T126zWICmxA24t/jYWnL1tFAaQ4XRotpFYgpGhdAbqyUrfVxPxXZYXG3i6R1jBI49E mZ4Z4Muvv8sZoekaRNAv6D+YuKo5YjYP412T95uiv3S+Y+bDy/N9CQJyU33Picf1WyBG Nary+JTnNYJr5EoL3qvRt1845nVTvLkzybzhGj7QjTyWl1WZWcZbk3E4r1NmZbdqeoxg n9f17jGnr+ahAho8zjvFBnh7DpHGiYQKfBQE3Dh4BpxDWzl9j2162Tv5Jd4AosbZ26Oz iRjSqxDRqhTtmzG7LtamzCdfumLarr9tFliftp1xmd2mAtsXNFeg9G5dNzMfrFfYu4C9 nmLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=PtvOdRYgxdWqiincDIf4CTD/BFKZK9uYA9vLMv5udX0=; b=w8F8t6oN8jL5rjo+ASfxAVhtHI6TpklOVHI6e7UkJTLelTZwaJO6Pq9h9TBybN6e28 OilhyKT/NW36ZNk8D59WnDZ4xSm11JinF6A6OLaB95fDUrHYw1NHV5oBg/Yk5r0rItf4 mZ7Op1V/AhHwa2RPD//rYM09Q2oHcfGAhyleqjVCORf45558vz+9BuX4XASggLCkPR5c YVFnOf6m3Y0xTiLViWSvW5C6Zo6wYHc7K48CpnARwo30Sg7mgghhGIRK0Q0IaMoxNwhx niJaB0tsmQVMx3h/VPls1zlmacWu/vuZQ2lfRiApDc3VnfLcjHEkqzAoHs7CwhobqzBi WHNQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="gDg4/PMO"; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id x85-v6sor13408542vke.58.2018.10.31.06.57.30 for (Google Transport Security); Wed, 31 Oct 2018 06:57:30 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="gDg4/PMO"; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=PtvOdRYgxdWqiincDIf4CTD/BFKZK9uYA9vLMv5udX0=; b=gDg4/PMOe+W1iZ7HwdeEr5jxB4BcSeBPUG3Idx0DWP4zHiDpe1CzJtbuJRj35GTNQX L6R4ojbBr91WyezGNIk/BujUU/c+QsbWa4LnkLvLYP6v0eOwoLhdehdWlxZ0I4eGPkoV QxITeyMBL/35MuRJsoTosObzUvAH6zppd87Ss= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=PtvOdRYgxdWqiincDIf4CTD/BFKZK9uYA9vLMv5udX0=; b=Sz39PnmGiRD+gc5npdQbGBqDdrRWSGn5kZUGRg1oPaW55hJHByzVHh/M1eT/YRsIKp jEHu/Xx5jr+1AJwJY807Pnpx/upY+UEZyvQF+s2k+Aw6spj527ek+WrnFHFqe68ei+1z 6Ydw/Mw8nGp7UHNE4JY/k53e8HTSwSaC+SwGSuwgPtFcMjIcsBoiqAopx37gz1HRZLOy 5D2ZAxsnB7TrJRTH+HAlJJaCcjGy9bWk/ch8N68v2hTDHZ1Q40un7t9xXpjTIUtDP+iA tn1V5SRJGrGPBwPQ+Z8bo0Zl36M6tmUqSTki68WST303J4HErhMt5UKlXJhMV1nfbcjc /NkQ== X-Gm-Message-State: AGRZ1gI2FN4GaLEq2ePx/3mM+0opjPGFO1/Vk8GjtOyGJsZGLbIqq6nr 8FMddiooB6HnStK3/7ezeJTVFf5P X-Google-Smtp-Source: AJdET5fJmhi1SKGq4jch9eonuXq4p9If+CatOLnYZe8ANRlFBKlu9qKRVbEHXosV7K6YyBeV6qZu9w== X-Received: by 2002:a1f:8b48:: with SMTP id n69-v6mr1305237vkd.78.1540994249532; Wed, 31 Oct 2018 06:57:29 -0700 (PDT) Return-Path: Received: from dave-Dell-System-XPS-L502X.hsd1.nh.comcast.net ([2603:3005:3403:7100:2c71:8680:34e1:a6aa]) by smtp.googlemail.com with ESMTPSA id s85-v6sm2275624vse.29.2018.10.31.06.57.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Oct 2018 06:57:29 -0700 (PDT) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 10/24] ARM: spectre-v2: warn about incorrect context switching functions Date: Wed, 31 Oct 2018 09:56:59 -0400 Message-Id: <20181031135713.2873-11-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181031135713.2873-1-dave.long@linaro.org> References: <20181031135713.2873-1-dave.long@linaro.org> From: Russell King Commit c44f366ea7c85e1be27d08f2f0880f4120698125 upstream. Warn at error level if the context switching function is not what we are expecting. This can happen with big.Little systems, which we currently do not support. Signed-off-by: Russell King Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Acked-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/mm/proc-v7-bugs.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) -- 2.17.1 diff --git a/arch/arm/mm/proc-v7-bugs.c b/arch/arm/mm/proc-v7-bugs.c index da25a38e1897..5544b82a2e7a 100644 --- a/arch/arm/mm/proc-v7-bugs.c +++ b/arch/arm/mm/proc-v7-bugs.c @@ -12,6 +12,8 @@ #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR DEFINE_PER_CPU(harden_branch_predictor_fn_t, harden_branch_predictor_fn); +extern void cpu_v7_iciallu_switch_mm(phys_addr_t pgd_phys, struct mm_struct *mm); +extern void cpu_v7_bpiall_switch_mm(phys_addr_t pgd_phys, struct mm_struct *mm); extern void cpu_v7_smc_switch_mm(phys_addr_t pgd_phys, struct mm_struct *mm); extern void cpu_v7_hvc_switch_mm(phys_addr_t pgd_phys, struct mm_struct *mm); @@ -50,6 +52,8 @@ static void cpu_v7_spectre_init(void) case ARM_CPU_PART_CORTEX_A17: case ARM_CPU_PART_CORTEX_A73: case ARM_CPU_PART_CORTEX_A75: + if (processor.switch_mm != cpu_v7_bpiall_switch_mm) + goto bl_error; per_cpu(harden_branch_predictor_fn, cpu) = harden_branch_predictor_bpiall; spectre_v2_method = "BPIALL"; @@ -57,6 +61,8 @@ static void cpu_v7_spectre_init(void) case ARM_CPU_PART_CORTEX_A15: case ARM_CPU_PART_BRAHMA_B15: + if (processor.switch_mm != cpu_v7_iciallu_switch_mm) + goto bl_error; per_cpu(harden_branch_predictor_fn, cpu) = harden_branch_predictor_iciallu; spectre_v2_method = "ICIALLU"; @@ -82,6 +88,8 @@ static void cpu_v7_spectre_init(void) ARM_SMCCC_ARCH_WORKAROUND_1, &res); if ((int)res.a0 != 0) break; + if (processor.switch_mm != cpu_v7_hvc_switch_mm && cpu) + goto bl_error; per_cpu(harden_branch_predictor_fn, cpu) = call_hvc_arch_workaround_1; processor.switch_mm = cpu_v7_hvc_switch_mm; @@ -93,6 +101,8 @@ static void cpu_v7_spectre_init(void) ARM_SMCCC_ARCH_WORKAROUND_1, &res); if ((int)res.a0 != 0) break; + if (processor.switch_mm != cpu_v7_smc_switch_mm && cpu) + goto bl_error; per_cpu(harden_branch_predictor_fn, cpu) = call_smc_arch_workaround_1; processor.switch_mm = cpu_v7_smc_switch_mm; @@ -109,6 +119,11 @@ static void cpu_v7_spectre_init(void) if (spectre_v2_method) pr_info("CPU%u: Spectre v2: using %s workaround\n", smp_processor_id(), spectre_v2_method); + return; + +bl_error: + pr_err("CPU%u: Spectre v2: incorrect context switching function, system vulnerable\n", + cpu); } #else static void cpu_v7_spectre_init(void) From patchwork Wed Oct 31 13:57:00 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 149805 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp6826545ljp; Wed, 31 Oct 2018 06:57:31 -0700 (PDT) X-Received: by 2002:a67:1c8:: with SMTP id r69mr1342911vsf.48.1540994251282; Wed, 31 Oct 2018 06:57:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540994251; cv=none; d=google.com; s=arc-20160816; b=d6gzVPG0OdURoQ/0hO+i1SCPX8oqKesON+bowmPhjkL0ukxPSHfR7hjwhAW+JISJud kSAsqHr4aHkVloxMdiK+Sbp1RhqjMs+vXFxPMFo0N42wRHY6VBisl/E7zjeVeaTDIzqW lgik82pAFmXilcmSjYPugl9joh0NXiUPu2BbsvKwFOWwv00MowWkEUq09gfbrjSkAHf2 RIs96XcxoafFAXWPGq2I9jQdznSCaKTtcrqbypEmfhU+tIc8NN5PPW3uRJpXrA7M0r4b 6ess8bvp5/j3rf8VsYzmB0Cf0XwQNeXUdgGiSdXVmVo/c6MqZV86P9SDOw7wqKMdfzoT +3lg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=i0c8sZtm7yp/oIzAHzqHZe2hwLr+EfkYv1nOt3hW/mg=; b=iF35MVdbDFB3+ojC7xdwtNSpLFSwAXQseGqtwVcZMpR95p7fLs2MWJ9flYKWpTFqE/ q/DvX7kigOYEeEzy7ns8oZxnoLjHatfulV9P3bW1yBSOwuvVn4zca/AiGWMKla8qCXm4 ID45ScErF3msiNQyXDGrgj+RtY1EWAlizQBnlZE/FLgnl3R1toiDj8hqImClH8Z18a1b v5wdA7Sq6lv8vtsUw+JNKBIpPDM/UqKZT73VSPFITtcoyNN3aBPUDHBvgsMntSVL1KEe vx7ibAESL+JnI4WgCciQzJ9A076DVSp/q2+BGQyXvqUbUxtcF07qOoDdV4MPta06qFtl eXug== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=IcPQr9ng; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id 33sor14500836uas.21.2018.10.31.06.57.31 for (Google Transport Security); Wed, 31 Oct 2018 06:57:31 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=IcPQr9ng; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=i0c8sZtm7yp/oIzAHzqHZe2hwLr+EfkYv1nOt3hW/mg=; b=IcPQr9ngRA4WiPkHTuVLoYJjXyTOQfzTz9j1lsL0Ms48TS5M6lOXSDE8k719OdtR6O eitI4gFcV0FYpKVEXDmRclG2XilWVbG453zIR4z4MwjzSYkz6pJAT/XYvHlhlfPrCZZ1 kg5QXwZk0f/nc5q8vwUxx90F59zJNJmjsWcn8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=i0c8sZtm7yp/oIzAHzqHZe2hwLr+EfkYv1nOt3hW/mg=; b=hA2KAwwlTlcmm5WWmPRiJ0IIn357IAKXrsbmCfDe4Sx5o9pmlmNsXiXGiNSKx6d+5K QVPsFP46a25qe5vEvp/68orN2YKyXDSjybCVNNMOUI8r5CzvTSk5Mu/BILzVqW7gj88E 0pgjXrTeb/aYaB0Red353YaeykpO5SM6QoqKSaWRbmiS7kM2MFJB+iiboZnwWGH/9ekO 2ce35T+USMi5L1YYuGN34CfVGAv2YBoCP4dduB9cz+KhhlUaZ5g4gmu/5vR7NoR7qi5S Thy3elxnKz51QK7x6jm/YrAJ55A33mbzEtd1B3uniVhq+L3pI1X5P2ao6ytEJITeMrgv DENg== X-Gm-Message-State: AGRZ1gJJqpTvUXIpQyK6jqiFYCmpKZ3G2Lku1OGM8Lau9zgUWsylcirI 61Fwc9oReawmulK6CGV4pQQklGAz X-Google-Smtp-Source: AJdET5cWskdsSEFOSoWvb0aOgTume0+KQDxPvJjZ2fn8hYLyiPbfGsPOfnxU0wWhqA+FLyhiVDAWPg== X-Received: by 2002:ab0:1445:: with SMTP id c5mr1476566uae.18.1540994250778; Wed, 31 Oct 2018 06:57:30 -0700 (PDT) Return-Path: Received: from dave-Dell-System-XPS-L502X.hsd1.nh.comcast.net ([2603:3005:3403:7100:2c71:8680:34e1:a6aa]) by smtp.googlemail.com with ESMTPSA id s85-v6sm2275624vse.29.2018.10.31.06.57.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Oct 2018 06:57:30 -0700 (PDT) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 11/24] ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17 Date: Wed, 31 Oct 2018 09:57:00 -0400 Message-Id: <20181031135713.2873-12-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181031135713.2873-1-dave.long@linaro.org> References: <20181031135713.2873-1-dave.long@linaro.org> From: Marc Zyngier Commit 3f7e8e2e1ebda787f156ce46e3f0a9ce2833fa4f upstream. In order to avoid aliasing attacks against the branch predictor, let's invalidate the BTB on guest exit. This is made complicated by the fact that we cannot take a branch before invalidating the BTB. We only apply this to A12 and A17, which are the only two ARM cores on which this useful. Signed-off-by: Marc Zyngier Signed-off-by: Russell King Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Signed-off-by: David A. Long --- arch/arm/include/asm/kvm_asm.h | 2 - arch/arm/include/asm/kvm_mmu.h | 17 ++++++++- arch/arm/kvm/hyp/hyp-entry.S | 69 ++++++++++++++++++++++++++++++++++ 3 files changed, 85 insertions(+), 3 deletions(-) -- 2.17.1 diff --git a/arch/arm/include/asm/kvm_asm.h b/arch/arm/include/asm/kvm_asm.h index 8ef05381984b..24f3ec7c9fbe 100644 --- a/arch/arm/include/asm/kvm_asm.h +++ b/arch/arm/include/asm/kvm_asm.h @@ -61,8 +61,6 @@ struct kvm_vcpu; extern char __kvm_hyp_init[]; extern char __kvm_hyp_init_end[]; -extern char __kvm_hyp_vector[]; - extern void __kvm_flush_vm_context(void); extern void __kvm_tlb_flush_vmid_ipa(struct kvm *kvm, phys_addr_t ipa); extern void __kvm_tlb_flush_vmid(struct kvm *kvm); diff --git a/arch/arm/include/asm/kvm_mmu.h b/arch/arm/include/asm/kvm_mmu.h index e2f05cedaf97..625edef2a54f 100644 --- a/arch/arm/include/asm/kvm_mmu.h +++ b/arch/arm/include/asm/kvm_mmu.h @@ -248,7 +248,22 @@ static inline int kvm_read_guest_lock(struct kvm *kvm, static inline void *kvm_get_hyp_vector(void) { - return kvm_ksym_ref(__kvm_hyp_vector); + switch(read_cpuid_part()) { +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + case ARM_CPU_PART_CORTEX_A12: + case ARM_CPU_PART_CORTEX_A17: + { + extern char __kvm_hyp_vector_bp_inv[]; + return kvm_ksym_ref(__kvm_hyp_vector_bp_inv); + } + +#endif + default: + { + extern char __kvm_hyp_vector[]; + return kvm_ksym_ref(__kvm_hyp_vector); + } + } } static inline int kvm_map_vectors(void) diff --git a/arch/arm/kvm/hyp/hyp-entry.S b/arch/arm/kvm/hyp/hyp-entry.S index 96beb53934c9..de242d9598c6 100644 --- a/arch/arm/kvm/hyp/hyp-entry.S +++ b/arch/arm/kvm/hyp/hyp-entry.S @@ -71,6 +71,66 @@ __kvm_hyp_vector: W(b) hyp_irq W(b) hyp_fiq +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + .align 5 +__kvm_hyp_vector_bp_inv: + .global __kvm_hyp_vector_bp_inv + + /* + * We encode the exception entry in the bottom 3 bits of + * SP, and we have to guarantee to be 8 bytes aligned. + */ + W(add) sp, sp, #1 /* Reset 7 */ + W(add) sp, sp, #1 /* Undef 6 */ + W(add) sp, sp, #1 /* Syscall 5 */ + W(add) sp, sp, #1 /* Prefetch abort 4 */ + W(add) sp, sp, #1 /* Data abort 3 */ + W(add) sp, sp, #1 /* HVC 2 */ + W(add) sp, sp, #1 /* IRQ 1 */ + W(nop) /* FIQ 0 */ + + mcr p15, 0, r0, c7, c5, 6 /* BPIALL */ + isb + +#ifdef CONFIG_THUMB2_KERNEL + /* + * Yet another silly hack: Use VPIDR as a temp register. + * Thumb2 is really a pain, as SP cannot be used with most + * of the bitwise instructions. The vect_br macro ensures + * things gets cleaned-up. + */ + mcr p15, 4, r0, c0, c0, 0 /* VPIDR */ + mov r0, sp + and r0, r0, #7 + sub sp, sp, r0 + push {r1, r2} + mov r1, r0 + mrc p15, 4, r0, c0, c0, 0 /* VPIDR */ + mrc p15, 0, r2, c0, c0, 0 /* MIDR */ + mcr p15, 4, r2, c0, c0, 0 /* VPIDR */ +#endif + +.macro vect_br val, targ +ARM( eor sp, sp, #\val ) +ARM( tst sp, #7 ) +ARM( eorne sp, sp, #\val ) + +THUMB( cmp r1, #\val ) +THUMB( popeq {r1, r2} ) + + beq \targ +.endm + + vect_br 0, hyp_fiq + vect_br 1, hyp_irq + vect_br 2, hyp_hvc + vect_br 3, hyp_dabt + vect_br 4, hyp_pabt + vect_br 5, hyp_svc + vect_br 6, hyp_undef + vect_br 7, hyp_reset +#endif + .macro invalid_vector label, cause .align \label: mov r0, #\cause @@ -132,6 +192,14 @@ hyp_hvc: beq 1f push {lr} + /* + * Pushing r2 here is just a way of keeping the stack aligned to + * 8 bytes on any path that can trigger a HYP exception. Here, + * we may well be about to jump into the guest, and the guest + * exit would otherwise be badly decoded by our fancy + * "decode-exception-without-a-branch" code... + */ + push {r2, lr} mov lr, r0 mov r0, r1 @@ -142,6 +210,7 @@ THUMB( orr lr, #1) blx lr @ Call the HYP function pop {lr} + pop {r2, lr} 1: eret guest_trap: From patchwork Wed Oct 31 13:57:01 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 149806 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp6826572ljp; Wed, 31 Oct 2018 06:57:32 -0700 (PDT) X-Received: by 2002:a9f:3743:: with SMTP id a3mr1446634uae.86.1540994252680; Wed, 31 Oct 2018 06:57:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540994252; cv=none; d=google.com; s=arc-20160816; b=CUmRiCADH5ud+VpbNSVsTMjWGTAWiUjlJDNirV4O+cnb6ddfOkdDVEyvGuZV4OIxgZ GhVZR7CwUrksXWOI+bH4TVn8fHa3kxpKQiKmxX9qsSoTw5pffUR61gI7n6zbPjMW8Lk0 hlw8FBFnNqBSC5nOMJFxyQWMBOKLTVke1CURXC1uIuXaDDlKZrUCHSlyquM8QoXSly4o 8n+IZBDMPMANiX1c8rIKG3I2uTMbGAGJ1clJvQpdz7lWZdguM/YgZThFuTmzeuwUwRGh GhuvYpLDLYCOWYLjwvQs5z/0k0PAzqlQeNzaFRFfuk1LT86yztNxPevaYIWy/dDvyt71 gKVQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=1rW92+zw7W9hlx7da3odhtJaHCp6Wk4O4o7GmGLFBJU=; b=K6DojFMDUWhU9vJx20KYzZ+hyX31NQSgcIW0gMbb+0nkpFH9zZZzpOKNwiqFLcY4JB qU2jKy5qHxCxeiMrmoFcKRhiI8hQMG+TJziYtVoT0RDe9wzS4MptUdBbPG80mhlva7DF H0GyPSd2gcmiFA5oZDjPdx7Q8Y8w67C3ZXo/b8VwJvbxo+p6rWSUYOVOugTxyfMTAHQ0 fUGONpaqiolP5AwdO9T2OxPiQoi4550cPqtYuDntDBsta6PCaVHUnAjQedDDpr5UOM5j wwScsFKkVB9ER3T8T+Ti+UEAclvB4d4ciibsMeert6wSVy/CX0F9PfSaTE/21OM+QWpv lESw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="JWU69/0i"; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id i69sor13465393vkd.34.2018.10.31.06.57.32 for (Google Transport Security); Wed, 31 Oct 2018 06:57:32 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="JWU69/0i"; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=1rW92+zw7W9hlx7da3odhtJaHCp6Wk4O4o7GmGLFBJU=; b=JWU69/0is00OSXiN611dVAWBfW7mGkm19QQHFSRTILPp/mFhJbXzwPfPgXrIWFkWIx IeaytD/BrfXjC7AqnXaoSs+CPrh9RGWTYpQHRHQxqY0EDjxRTN6YVDFe2+oJmnnZnFdT 8k2oWraT9y/dMNuiN3/TLx8xPaplLmLTWD93E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=1rW92+zw7W9hlx7da3odhtJaHCp6Wk4O4o7GmGLFBJU=; b=NXMsB1iT4wHfjWNtsrnDfXApVASnDzTaQBbu4mk+LwIumzqWZhMXGFXQKg8U65SZ4L L9VWZrW5ccY1CK5cr1UYsuS/2MwHKCYZRKuEroLfrR+taCokheVdOaWYG0LG9iN3W/zc Hi0jNzb3rcV7CiguX8CIOkEtO9b0OeUhSjoQxyepdegrpRKvM5YcrtvFyqvZ/D0iRtYp LIf4ol0F4nKFoUQbIsuBrlnF3QuuAahlg4FiA36aiswvLcZ91d25iPUdjDtiS7wMIWiX XovYDYZ3OfqTrYlYVWqkMLORCXPJIXcrTlIJFJ2VSikcwncJg6S56agULqNLXLqPro6j G8JA== X-Gm-Message-State: AGRZ1gJmKJSfFxp0KNZM9FcoS2+DYfthWYqJTpfCow/Y0RGh2Ludbwqx mgjItBIfkcfxVhHhwaTZoi3fWzGv X-Google-Smtp-Source: AJdET5eNZELwOzPVC3U5uVWIRsgk+EbZDNXJUy1YVxcRbqXDo6uVtKIQH37WJ9x1gq4UfARdm3ZgIg== X-Received: by 2002:a1f:8892:: with SMTP id k140mr1307219vkd.50.1540994252051; Wed, 31 Oct 2018 06:57:32 -0700 (PDT) Return-Path: Received: from dave-Dell-System-XPS-L502X.hsd1.nh.comcast.net ([2603:3005:3403:7100:2c71:8680:34e1:a6aa]) by smtp.googlemail.com with ESMTPSA id s85-v6sm2275624vse.29.2018.10.31.06.57.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Oct 2018 06:57:31 -0700 (PDT) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 12/24] ARM: KVM: invalidate icache on guest exit for Cortex-A15 Date: Wed, 31 Oct 2018 09:57:01 -0400 Message-Id: <20181031135713.2873-13-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181031135713.2873-1-dave.long@linaro.org> References: <20181031135713.2873-1-dave.long@linaro.org> From: Marc Zyngier Commit 0c47ac8cd157727e7a532d665d6fb1b5fd333977 upstream. In order to avoid aliasing attacks against the branch predictor on Cortex-A15, let's invalidate the BTB on guest exit, which can only be done by invalidating the icache (with ACTLR[0] being set). We use the same hack as for A12/A17 to perform the vector decoding. Signed-off-by: Marc Zyngier Signed-off-by: Russell King Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Signed-off-by: David A. Long --- arch/arm/include/asm/kvm_mmu.h | 5 +++++ arch/arm/kvm/hyp/hyp-entry.S | 24 ++++++++++++++++++++++++ 2 files changed, 29 insertions(+) -- 2.17.1 diff --git a/arch/arm/include/asm/kvm_mmu.h b/arch/arm/include/asm/kvm_mmu.h index 625edef2a54f..3ad2c44f4137 100644 --- a/arch/arm/include/asm/kvm_mmu.h +++ b/arch/arm/include/asm/kvm_mmu.h @@ -257,6 +257,11 @@ static inline void *kvm_get_hyp_vector(void) return kvm_ksym_ref(__kvm_hyp_vector_bp_inv); } + case ARM_CPU_PART_CORTEX_A15: + { + extern char __kvm_hyp_vector_ic_inv[]; + return kvm_ksym_ref(__kvm_hyp_vector_ic_inv); + } #endif default: { diff --git a/arch/arm/kvm/hyp/hyp-entry.S b/arch/arm/kvm/hyp/hyp-entry.S index de242d9598c6..582f50759d80 100644 --- a/arch/arm/kvm/hyp/hyp-entry.S +++ b/arch/arm/kvm/hyp/hyp-entry.S @@ -72,6 +72,28 @@ __kvm_hyp_vector: W(b) hyp_fiq #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + .align 5 +__kvm_hyp_vector_ic_inv: + .global __kvm_hyp_vector_ic_inv + + /* + * We encode the exception entry in the bottom 3 bits of + * SP, and we have to guarantee to be 8 bytes aligned. + */ + W(add) sp, sp, #1 /* Reset 7 */ + W(add) sp, sp, #1 /* Undef 6 */ + W(add) sp, sp, #1 /* Syscall 5 */ + W(add) sp, sp, #1 /* Prefetch abort 4 */ + W(add) sp, sp, #1 /* Data abort 3 */ + W(add) sp, sp, #1 /* HVC 2 */ + W(add) sp, sp, #1 /* IRQ 1 */ + W(nop) /* FIQ 0 */ + + mcr p15, 0, r0, c7, c5, 0 /* ICIALLU */ + isb + + b decode_vectors + .align 5 __kvm_hyp_vector_bp_inv: .global __kvm_hyp_vector_bp_inv @@ -92,6 +114,8 @@ __kvm_hyp_vector_bp_inv: mcr p15, 0, r0, c7, c5, 6 /* BPIALL */ isb +decode_vectors: + #ifdef CONFIG_THUMB2_KERNEL /* * Yet another silly hack: Use VPIDR as a temp register. From patchwork Wed Oct 31 13:57:02 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 149807 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp6826607ljp; Wed, 31 Oct 2018 06:57:34 -0700 (PDT) X-Received: by 2002:a67:d20d:: with SMTP id y13mr1027077vsi.163.1540994253947; Wed, 31 Oct 2018 06:57:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540994253; cv=none; d=google.com; s=arc-20160816; b=0qqqLxDo60b6iFhAYf980pZKBugnEvq+9JfcDwEm4fJPFRyALM9SQmx9EbW11Oknx5 K1gAi+KktK1vendfXezvPd+x+IVXmmY6PfW7ule6LvmskY6yRxjF7D8qgiRCsshLhPKw 19DbBXb8lHKCJ2aCEUM1k6WXI3BCW/BHgTkJRjjGSkcW3L2BYHbwcn9rca1TT9n2tmvx glETnYPhVA68dkf4Avq6afo4406XPXRf3TNh/ePjJNZyN3lNmGFYH9oqBim/Agkzm8qG 0+t2QVbmh/Zd6DWS4cCKxM7wr/TOU7kylhZnKf2ddmTDN52jfNfvtFscn0CaD52rz9SN SAGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Rh8rkkWbrF455SnPiPNO1Jsvjgvivhhj5pLyFPDZ+10=; b=J5sVUR/i+5tKsUvbcGzZjzlTkYeuB2GN+mL1uymDnUxUSE/hbgC8sErZ+OXstlhWwv kEGPcWsdLLaYwFdsrjHuh+4hwm+l1U1eHngVpTq+WtnnHpjolROWGOYLh5Y0HVL6s3Dd E8b//jpal8Lx7lGifv4mix3KNbHzjqeTdJ1pJEZtanyfQBlEUeF9hHhCvxUkCnCnoP2g qIK7Kn1KMb/cT1rtpnJGBBRlrIGYrOCOQ/67ByXpP/eydX3358ZgjQjA6WCTuftlAUwi pihZA14pjnovopNhD2CGkADtlTTcWWEsgr+Ypt6cg7gFrrBSJ9oPfbBC1PaT/mCvrgNE 9l7w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=bcGLrUdu; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id x85-v6sor13408646vke.58.2018.10.31.06.57.33 for (Google Transport Security); Wed, 31 Oct 2018 06:57:33 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=bcGLrUdu; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Rh8rkkWbrF455SnPiPNO1Jsvjgvivhhj5pLyFPDZ+10=; b=bcGLrUduYhpyNiIPqH0x17Sdr6YVvh7sX++Ge4EamrEVRSfThgt10G3eQZJYfiPXoa xE0TMO0pX0qAHIezvxvYKa31RFkMoaNcQXO4CBxF0Y/Zl91NkCIvOWq3QltxO2ilhHvz 6YqyWvuz1zK8B8IWSHrm/CQhEeKUMas3JgFus= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Rh8rkkWbrF455SnPiPNO1Jsvjgvivhhj5pLyFPDZ+10=; b=CY3rnigvemgLGFnMgbRxa1DBQT+/e/6dhQm2iz2YRLBYtOliA/vXLqzO3AlHwHK04d 048WITAru5B1xAmXEnRL5iVkCdIzWbUl9CBwK9J1NGnh8ZPE3PhRd0XjpNyi/AdZ+1kh eglkap7j/YyGKviYWwJFkup9ZekdkK19I/tJ6lXdRZqM41YIzSZXIe4VkL1wO64MFC0u kIT25qDl/FR1Dn9sgrXIV8rO2IbE5RG6FOtKoMZfcXUPoMxEhIwYHyyeXxUnrY0/a/Lt +ktePXGdoaQCkCP4me2CfWRoiAKgY2/sJSywXc6JIdQd46NLZHMfDZiaeLrtbNX18HQE Dq8Q== X-Gm-Message-State: AGRZ1gKMN2gxKIJjtBl5MazPNVZIG+M2iL9TYiDe0DQxsOST0REJaD9A pFU5q3cg84NTo+ulbrWDbipgE7fZ X-Google-Smtp-Source: AJdET5f1vHnl7fC/gvxPNgi3Dn+mFoJGG3Bh+Cx3tOH2TgfraLE8abwcZmcqrQ23CjDcZDzclZGB1Q== X-Received: by 2002:a1f:a014:: with SMTP id j20mr1241969vke.64.1540994253245; Wed, 31 Oct 2018 06:57:33 -0700 (PDT) Return-Path: Received: from dave-Dell-System-XPS-L502X.hsd1.nh.comcast.net ([2603:3005:3403:7100:2c71:8680:34e1:a6aa]) by smtp.googlemail.com with ESMTPSA id s85-v6sm2275624vse.29.2018.10.31.06.57.32 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Oct 2018 06:57:32 -0700 (PDT) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 13/24] ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 Date: Wed, 31 Oct 2018 09:57:02 -0400 Message-Id: <20181031135713.2873-14-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181031135713.2873-1-dave.long@linaro.org> References: <20181031135713.2873-1-dave.long@linaro.org> From: Russell King Commit 3c908e16396d130608e831b7fac4b167a2ede6ba upstream. Include Brahma B15 in the Spectre v2 KVM workarounds. Signed-off-by: Russell King Acked-by: Florian Fainelli Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Acked-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/include/asm/kvm_mmu.h | 1 + 1 file changed, 1 insertion(+) -- 2.17.1 diff --git a/arch/arm/include/asm/kvm_mmu.h b/arch/arm/include/asm/kvm_mmu.h index 3ad2c44f4137..d26395754b56 100644 --- a/arch/arm/include/asm/kvm_mmu.h +++ b/arch/arm/include/asm/kvm_mmu.h @@ -257,6 +257,7 @@ static inline void *kvm_get_hyp_vector(void) return kvm_ksym_ref(__kvm_hyp_vector_bp_inv); } + case ARM_CPU_PART_BRAHMA_B15: case ARM_CPU_PART_CORTEX_A15: { extern char __kvm_hyp_vector_ic_inv[]; From patchwork Wed Oct 31 13:57:03 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 149808 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp6826630ljp; Wed, 31 Oct 2018 06:57:35 -0700 (PDT) X-Received: by 2002:ab0:43c1:: with SMTP id l59mr1433169ual.93.1540994255172; Wed, 31 Oct 2018 06:57:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540994255; cv=none; d=google.com; s=arc-20160816; b=fByQyppfCZ0rFHoTfmpV3kUjzaNzUULiIFTpzaCpp+yY8ulyroaVj6XvkfIAUvFUab fhNIU4RrOTNKaIfTMq+w7iWL9KygW3PAJv3B3qvInkvmImiWMhzIpAjWciwHwvnWdPFf QTJtnUs5VgrrDbmR7+kI7BsXMJBvyFDr1QSts0FunQOlLnQzukUY8rlMQCOMvRDmVxxG BcPeWoZHtcMbdHzN37Ga1hxBXEqVHT0Jm9tqGJVcmp/7rcR4AvxhPZAIWbsJ7LINYSUv 8NyEyp5eOwXyMPlGWCkjXY1B1F/eHtcoZVjGN49irTGU7C0u09uGAeO4wLt//eq0RL98 lpFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=bNXye7qSHBcxKzkcW+g1SswXnwzA9q0ZEHRc9gs5Nys=; b=Lg77QCl96Lc6EnX4asQhVc6aMd/vZ+L3ZRLjL5CGfIRgPmwvebDBZSQkC8rSE5xlaN GVmH7Ts6Z3zqLBSeCSPvjD1avFcWiKvj/SVLZO8HNmktbWnqtCWYcfJqL8flDt59qLx8 JXJLz3d/mFnACd8l4Km19Wy6Nb4cios+T9OE7WoIqn+c9e1kV/QzhsFqWEST/WM8zQgk MdY/YmpewJepxhoTIMbfSLdozhBgL4VA++a+RJ7IOYcqMGe+YvwB9ShM5QUtcttsRRaq FFOrMb632d8XJJHrxITb3u8fDdKxKjMVKSfP8mt3vjIXPcnY1nO0VNqfweDkeiR0EDGj dVYQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Tgzl1Nk4; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id a34sor16215251uae.38.2018.10.31.06.57.35 for (Google Transport Security); Wed, 31 Oct 2018 06:57:35 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Tgzl1Nk4; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=bNXye7qSHBcxKzkcW+g1SswXnwzA9q0ZEHRc9gs5Nys=; b=Tgzl1Nk40RmOTUx5ozu1MpnJqHH0iFyM7RxpoKpKI5zXWIbhe69XR8OVILEf3VmF7G cKCWzUqIY+nNFgoezuhdNwmk4Xo9h+Z7tKzWcP1aQq1pChpKqfqnpTr48xxHrwXk9k0U ZYBw5SoaldZtgd5YZCAuL1XxCKOAM4TU/yVmQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=bNXye7qSHBcxKzkcW+g1SswXnwzA9q0ZEHRc9gs5Nys=; b=OD2bmguQ3Mfw8/GVBJLtOgh4iRHWJUh/VkrER0otsmFmVBK1SoXBjO9V+zQiCg6QvC mOqkTz0zQ3GCUsiMRKGnGq7X1DDbXZ8jA5RDX0MuKJDM8ZA4KB9fxA4do4L11wa/0o2V PyvfG27DtygWR6NxVUAzWHQqRoYXmjhYDE9sXRVze2vsDKIerZ050gXLaOOdyHpzVNqG gJcufOhlfZR8kCKF3aw29CpAwftFlpbryb388tmwfiUt6kLMOBalKKr3AzGma/nRc0dN qcf4p3Dy1s5qLxopHS4j9bUlBGadABcxlzeKWcvngj77MZwTfIZaaIJYuBlA4NMZYmzA 4QMg== X-Gm-Message-State: AGRZ1gLVEzCt9Hm5LSIeujw88RaRBRMslbYGRuY/zZjisteuSw+cOAyD vrDI3s71TDRfs/yzM/Td1Om7KO+3 X-Google-Smtp-Source: AJdET5ePX44Iw02JBlth2K6YiAbVvZu/8UqyCJvepCJ4fIQIC/WZqoCLAv3D18m7xOuwErp1HSu4dw== X-Received: by 2002:a9f:3526:: with SMTP id o35mr1356074uao.70.1540994254671; Wed, 31 Oct 2018 06:57:34 -0700 (PDT) Return-Path: Received: from dave-Dell-System-XPS-L502X.hsd1.nh.comcast.net ([2603:3005:3403:7100:2c71:8680:34e1:a6aa]) by smtp.googlemail.com with ESMTPSA id s85-v6sm2275624vse.29.2018.10.31.06.57.33 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Oct 2018 06:57:33 -0700 (PDT) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 14/24] ARM: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling Date: Wed, 31 Oct 2018 09:57:03 -0400 Message-Id: <20181031135713.2873-15-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181031135713.2873-1-dave.long@linaro.org> References: <20181031135713.2873-1-dave.long@linaro.org> From: Russell King Commit b800acfc70d9fb81fbd6df70f2cf5e20f70023d0 upstream. We want SMCCC_ARCH_WORKAROUND_1 to be fast. As fast as possible. So let's intercept it as early as we can by testing for the function call number as soon as we've identified a HVC call coming from the guest. Signed-off-by: Russell King Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Reviewed-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/kvm/hyp/hyp-entry.S | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) -- 2.17.1 diff --git a/arch/arm/kvm/hyp/hyp-entry.S b/arch/arm/kvm/hyp/hyp-entry.S index 582f50759d80..a3c81bb7ce8b 100644 --- a/arch/arm/kvm/hyp/hyp-entry.S +++ b/arch/arm/kvm/hyp/hyp-entry.S @@ -16,6 +16,7 @@ * Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ +#include #include #include #include @@ -202,7 +203,7 @@ hyp_hvc: lsr r2, r2, #16 and r2, r2, #0xff cmp r2, #0 - bne guest_trap @ Guest called HVC + bne guest_hvc_trap @ Guest called HVC /* * Getting here means host called HVC, we shift parameters and branch @@ -237,6 +238,20 @@ THUMB( orr lr, #1) pop {r2, lr} 1: eret +guest_hvc_trap: + movw r2, #:lower16:ARM_SMCCC_ARCH_WORKAROUND_1 + movt r2, #:upper16:ARM_SMCCC_ARCH_WORKAROUND_1 + ldr r0, [sp] @ Guest's r0 + teq r0, r2 + bne guest_trap + add sp, sp, #12 + @ Returns: + @ r0 = 0 + @ r1 = HSR value (perfectly predictable) + @ r2 = ARM_SMCCC_ARCH_WORKAROUND_1 + mov r0, #0 + eret + guest_trap: load_vcpu r0 @ Load VCPU pointer to r0 From patchwork Wed Oct 31 13:57:04 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 149809 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp6826649ljp; Wed, 31 Oct 2018 06:57:36 -0700 (PDT) X-Received: by 2002:a67:d684:: with SMTP id o4mr1330362vsj.174.1540994256295; Wed, 31 Oct 2018 06:57:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540994256; cv=none; d=google.com; s=arc-20160816; b=XAyzE5DgwMfsgVTCuZY9nhGgH7xl3glIF/1TrZP/VeQG7CP1pAiIastuE/LxKINZMY NVf23eGNBe15U5gynoSsJFfxXkABOgierPAMpqwDpYS2zdJ8p8Y343ig99MyTns89J9t J05Gsgu1hY8F+KBetT96eomR53WKglWXgbTjvEc9O94jh0p/GE6957v213UWn5BwFmKe rQhSjdnvxKEGNsHt2zo21l3E0I1vTn9UX5XNIxTO5W2JQdnbLZ685bgCi0SuoI5ZF6O8 XsGxsQSp8z65YJ6++eiTVUz/ShBDojMuWbo1L8jLQ1cgo7KEyYCg9vPK5r3YLBvlJQIy dS8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Z+Qt0V/X0rp9/PYEHT57k1RKcIoA/WekeaBBdjP25ow=; b=WrAd8QEORbOZ4iSQ9t3n81kji/nM80uaZtcADYqep/05SiOQJzOqOdgoCXXTGiZk5c ELXDqwMW869O9+zpOzTvCrrzXV5JURXwTu24PUsucbS4zKgUx41k6O/RPVe4epzqieZP WnxgjMuf5l4GJyefvY/wS2UAxd4cjYJpC0EGxPPcKfPEZYudeU88vVLBd/7n65WahPq8 oypXm/ZvU7RbM8WPHTLz4b9qutt06gW6u0mREHiY9LwmndIY3d4YFWFMKFiOF0NjYhQQ kti65fRUk7IZ9bWPMUk10l2pPQe4zK+d0xZxcsqGrSDea55GS/HehMOd8zFu/hb7i3w6 5fAw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=dvOyo2tY; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id v11sor5862962uad.8.2018.10.31.06.57.36 for (Google Transport Security); Wed, 31 Oct 2018 06:57:36 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=dvOyo2tY; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Z+Qt0V/X0rp9/PYEHT57k1RKcIoA/WekeaBBdjP25ow=; b=dvOyo2tY6O3+j7vhnwbFBaXFSHprDREpEIqHuDVlAM6SDFbRmbVEuEnaGkMCxrCkJq vGeN/nVRjroFMOy9D1lYItYJr96s1a/HTzpuqpXXnWkT+s0Un3Vr7eTbvig33ENVUfDY TGd2UMaJxhyG8o7kIMUqtbzq7h5EuKI3HzBnk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Z+Qt0V/X0rp9/PYEHT57k1RKcIoA/WekeaBBdjP25ow=; b=XBros/TcTFA6b2nGjLurVaGsveW4e698aooTbjPx7rhY0CAdSSj3eWxWswwymkudsy kHE8LiBnsi7STHyYJpBvn8Pr3t3N32+RPD9CWWp3TC6y/CZCe06alGMsuuUvtjtewHhM B/f1TJF5DSbqDGj6Dqy3qqydYMyFIlVB/7PqVhqhB4Six5uYN7ewx6qAqj1TstPjrLrE RdOnvHx9jmjW3ek8DG2Ec/kTVVfuNT1mkZ9BTCjkPr+aCDbiGMVvacshxfq+gjKFEK66 qEQTs/vkvOeJ0A9KqxJOQ4+p7uITpxgre10XvOjV4t9jzIEQ165iZOTFNfV3Pdap8krQ BKXw== X-Gm-Message-State: AGRZ1gJfUI8w6bSBQfLpOc7FEMpHmkCV7kyu3tJDR0LgFJ8oMOvPlHq5 GDaQMDrdwiJ9owcRR4q2Nfq7eE7+ X-Google-Smtp-Source: AJdET5dGduu7PGVG7B2QwmwnNv9UOmJari+KIA7u8JobaKUMLRYIh1V7M98/xaZN/Wr8uGtTtGX7Nw== X-Received: by 2002:ab0:55c1:: with SMTP id w1mr1364885uaa.54.1540994255726; Wed, 31 Oct 2018 06:57:35 -0700 (PDT) Return-Path: Received: from dave-Dell-System-XPS-L502X.hsd1.nh.comcast.net ([2603:3005:3403:7100:2c71:8680:34e1:a6aa]) by smtp.googlemail.com with ESMTPSA id s85-v6sm2275624vse.29.2018.10.31.06.57.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Oct 2018 06:57:35 -0700 (PDT) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 15/24] ARM: KVM: report support for SMCCC_ARCH_WORKAROUND_1 Date: Wed, 31 Oct 2018 09:57:04 -0400 Message-Id: <20181031135713.2873-16-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181031135713.2873-1-dave.long@linaro.org> References: <20181031135713.2873-1-dave.long@linaro.org> From: Russell King Commit add5609877c6785cc002c6ed7e008b1d61064439 upstream. Report support for SMCCC_ARCH_WORKAROUND_1 to KVM guests for affected CPUs. Signed-off-by: Russell King Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Reviewed-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/include/asm/kvm_host.h | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) -- 2.17.1 diff --git a/arch/arm/include/asm/kvm_host.h b/arch/arm/include/asm/kvm_host.h index 0833d8a1dbbb..2fda7e905754 100644 --- a/arch/arm/include/asm/kvm_host.h +++ b/arch/arm/include/asm/kvm_host.h @@ -21,6 +21,7 @@ #include #include +#include #include #include #include @@ -323,8 +324,17 @@ static inline int kvm_arm_vcpu_arch_has_attr(struct kvm_vcpu *vcpu, static inline bool kvm_arm_harden_branch_predictor(void) { - /* No way to detect it yet, pretend it is not there. */ - return false; + switch(read_cpuid_part()) { +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + case ARM_CPU_PART_BRAHMA_B15: + case ARM_CPU_PART_CORTEX_A12: + case ARM_CPU_PART_CORTEX_A15: + case ARM_CPU_PART_CORTEX_A17: + return true; +#endif + default: + return false; + } } #define KVM_SSBD_UNKNOWN -1 From patchwork Wed Oct 31 13:57:05 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 149810 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp6826674ljp; Wed, 31 Oct 2018 06:57:37 -0700 (PDT) X-Received: by 2002:a67:4605:: with SMTP id t5mr1262483vsa.187.1540994257706; Wed, 31 Oct 2018 06:57:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540994257; cv=none; d=google.com; s=arc-20160816; b=ghnlqgJZyXobsCQHm+w+g2uawGySFmInd+SEvyz87u0kyKc+uHWDqZBGwZn46Mlh3b yO0lta9sCkoQz6GTe5cQdexIVZC/CJcgfHM6cZ+kIHCoozqKClShkIQMPeKH4coM/t1E M2k1JzqFwDTtH7zNkAAHAQf3p07SAxFnHeNIJYGHg1lozonQ45zphc6yqHFItd0xvs1A Anaim+wCv6gneBW3dqba4ztiL+8QhvtqZAXv196cQWyvR/C7HePBJAPFiBeYneydlXh0 cVs3+OAxvZzsoaWwoDihEbVnqoiekGBu8RJj9kiMQ7Q0iJN+aQUv+W1WcxEuUcpkQVg8 BhkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=CEkLCWkfi7hEmbdyVA5A/qugIy7C6sSql4wlvQw1hos=; b=b5Zz3tSFxtXGPAQByljLqq2yx+RzINtTatpygTURrRExI5Sl5FAVOb5uzqRbTuAONv GsllPejDPp8DG9A2oCjqCnAu5AWRnFjtVsUTl5XOeYSuNpt2UTCB+suf660lAxkFf1/z GFxbyN4WhpHox03sA4YSwFSjoegjg/BcH0hJ9LdskdsGCH89wm3L6yhwRY2O9OW4NB7F h43lTiLkcdoOKEdc1GRi6rSuZFzLr7PckrRemHpRy+XJH9o24AydBX7K1Il40KYtTLe0 zuLuNe77KTXgCH4fLSkMugL2CN2qPSWpN+V322YOfMT0sCvAWq24kSznTtTIiOFRmodL 1JSQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=T89PTQsK; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id 3sor5427797vsr.31.2018.10.31.06.57.37 for (Google Transport Security); Wed, 31 Oct 2018 06:57:37 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=T89PTQsK; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=CEkLCWkfi7hEmbdyVA5A/qugIy7C6sSql4wlvQw1hos=; b=T89PTQsKIfLjzVzxaYHancAz13rLcTSdhmwGcfLYXafJmojeLCTgiAg9KAhbQifZaC 10dG00UAXZkpg0JMAQ78YWgxekGPaD6VUL8wiETJSYYbe9/aQkqxlDQZ/jjZcqWvBLcR s7OoWyKHYoG4ie7yyhtvZCgQOl2py5Rjf3QVI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=CEkLCWkfi7hEmbdyVA5A/qugIy7C6sSql4wlvQw1hos=; b=ByTvfPcRqQgLD46hW0dCcfy1hGzsqw4s9Ffm1hJFwR7D8H5aAKsrPXpYRs8VxCAwUh iGV9iL+04cGqvReuuNAi1wx+ZOSO0qPD2vJphryV3pLzMrNs2yPQ9qA0MgX4597Cgary bWnlrtAs/QtJeiielF/O6Qththz3feoXyg7IqUhlx6mRmbezAY87VZ3b3H+oqo0e1gv7 rrJDiuOZD04MfMy3YQkINVsO0F0CaTpwZt9ZgG1a9WQPF3pxdZ/FjVI3T3EysN3RsJLr nirbDim1nVnhb5gpt5BhPX8fx6z6/frWygjLAKokCto9nvS3etMvRdd0SF/slHx+4Idk jHcA== X-Gm-Message-State: AGRZ1gL8STQQPKIzv7zjI3QQqvrntsso9s2SmAzl1uyn+Uqej9/GKhe8 wMgHbPmb6C9a8OuRRDMGfvDgctjR X-Google-Smtp-Source: AJdET5d7YTJpwHSYcYNgrWPK87wXNiL6Mb4XyeMIDEhEN7cHnhVao3sGmsc5NOYvxmFuomB0so94BQ== X-Received: by 2002:a67:784c:: with SMTP id t73mr1331530vsc.32.1540994257021; Wed, 31 Oct 2018 06:57:37 -0700 (PDT) Return-Path: Received: from dave-Dell-System-XPS-L502X.hsd1.nh.comcast.net ([2603:3005:3403:7100:2c71:8680:34e1:a6aa]) by smtp.googlemail.com with ESMTPSA id s85-v6sm2275624vse.29.2018.10.31.06.57.35 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Oct 2018 06:57:36 -0700 (PDT) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 16/24] ARM: spectre-v1: add speculation barrier (csdb) macros Date: Wed, 31 Oct 2018 09:57:05 -0400 Message-Id: <20181031135713.2873-17-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181031135713.2873-1-dave.long@linaro.org> References: <20181031135713.2873-1-dave.long@linaro.org> From: Russell King Commit a78d156587931a2c3b354534aa772febf6c9e855 upstream. Add assembly and C macros for the new CSDB instruction. Signed-off-by: Russell King Acked-by: Mark Rutland Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Signed-off-by: David A. Long --- arch/arm/include/asm/assembler.h | 8 ++++++++ arch/arm/include/asm/barrier.h | 13 +++++++++++++ 2 files changed, 21 insertions(+) -- 2.17.1 diff --git a/arch/arm/include/asm/assembler.h b/arch/arm/include/asm/assembler.h index 3aed4492c9a7..189f3b42baea 100644 --- a/arch/arm/include/asm/assembler.h +++ b/arch/arm/include/asm/assembler.h @@ -445,6 +445,14 @@ THUMB( orr \reg , \reg , #PSR_T_BIT ) .size \name , . - \name .endm + .macro csdb +#ifdef CONFIG_THUMB2_KERNEL + .inst.w 0xf3af8014 +#else + .inst 0xe320f014 +#endif + .endm + .macro check_uaccess, addr:req, size:req, limit:req, tmp:req, bad:req #ifndef CONFIG_CPU_USE_DOMAINS adds \tmp, \addr, #\size - 1 diff --git a/arch/arm/include/asm/barrier.h b/arch/arm/include/asm/barrier.h index f5d698182d50..6f00dac6ad8e 100644 --- a/arch/arm/include/asm/barrier.h +++ b/arch/arm/include/asm/barrier.h @@ -16,6 +16,12 @@ #define isb(option) __asm__ __volatile__ ("isb " #option : : : "memory") #define dsb(option) __asm__ __volatile__ ("dsb " #option : : : "memory") #define dmb(option) __asm__ __volatile__ ("dmb " #option : : : "memory") +#ifdef CONFIG_THUMB2_KERNEL +#define CSDB ".inst.w 0xf3af8014" +#else +#define CSDB ".inst 0xe320f014" +#endif +#define csdb() __asm__ __volatile__(CSDB : : : "memory") #elif defined(CONFIG_CPU_XSC3) || __LINUX_ARM_ARCH__ == 6 #define isb(x) __asm__ __volatile__ ("mcr p15, 0, %0, c7, c5, 4" \ : : "r" (0) : "memory") @@ -36,6 +42,13 @@ #define dmb(x) __asm__ __volatile__ ("" : : : "memory") #endif +#ifndef CSDB +#define CSDB +#endif +#ifndef csdb +#define csdb() +#endif + #ifdef CONFIG_ARM_HEAVY_MB extern void (*soc_mb)(void); extern void arm_heavy_mb(void); From patchwork Wed Oct 31 13:57:06 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 149811 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp6826689ljp; Wed, 31 Oct 2018 06:57:38 -0700 (PDT) X-Received: by 2002:a9f:3048:: with SMTP id i8mr1367396uab.9.1540994258796; Wed, 31 Oct 2018 06:57:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540994258; cv=none; d=google.com; s=arc-20160816; b=xpw7xdB85shQ2UVtjv+XdNWc3kri9M4oaPGV1prniATzJA9oV8DFVbWxwc+5rFRZHF QyStrR4yuKjTiD3DvJUtrS82DjM0n4qvwXui8lCMXh0R3vcoHJAFHG3O2QCCvrlT6suf Ky+oAvmIcm75lazbVDTZ4ZA+GnFFVyXONiDhtrCTS2bfC5JgqEzwKr77YMRtmEqmlYU2 kQ0DX0M/AntYUAqi+jR6UKsOp0Bi8kqCZk3ieyHGbk4A08IbgwpfBmiW4oZ+H+R6SFSu zjx2560H581zLxv/9gltukmcc1sm6TvvKm81+trV4PQDZs2QmC/EFOaXeu4Aku4VcVwI ri/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=3bJG+4cU8AeqqGR8tf+B9dvHx+CHuHIpKs9xqRKYlW4=; b=goe1d23qjQ1vLkZ7JjzE+TO5i1GYN0/9suAePp+hjvZxZ6nyC9CpVWqjKTltIGlaKi qXqJL4u4edW3v6LfpIV/gYFG0uZ0ynd3izld/qJur3hRzySwSDkTuceMjg/vgYDULn9H N+xHo4YueMtrygKsHCSsAk/jHxmxFDw+ejAIND/VQx4GOHAT6V/oMl7JLD3AdoDQ9yF+ T7SJNqg7/1RPWHuy1LNwKcpzXKvQU5S96r0etoI4L/BNi4YZ/GdeKAzMm+gikRI/A+u4 C9r4cpOZJOUlPUheSJf/t1DYeCo72oy+vx+L+ndtx01lrG/dVD1fN5MAaOD2Mn64AzW1 6OkA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Q+Do7RPs; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id c16sor10903163uaq.50.2018.10.31.06.57.38 for (Google Transport Security); Wed, 31 Oct 2018 06:57:38 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Q+Do7RPs; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=3bJG+4cU8AeqqGR8tf+B9dvHx+CHuHIpKs9xqRKYlW4=; b=Q+Do7RPsiaW7/iDvEv6uV0HXX/RCXunNl3+kM93JM3MsuRVtG79QnBMYJsh/jH9vqq USy6t9mKT99nRAob34wPfiQ4T3WrCSnQ+qc9syQH0xAwtqRgMBN0Br9ZkndljrFykqNg 79BeNw7ZV9BDV96lYMwOkfDxbgRE+Uwxr+WRE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=3bJG+4cU8AeqqGR8tf+B9dvHx+CHuHIpKs9xqRKYlW4=; b=RUwIwTMJOIDP9EygEWKOalAHGxG0F+iBTa7FymfhJ1ib2jNhqz0UHN8DoHeqeNhjVW My3hl3yRNNtjX+rmZqOlwI5YT5FaEHf5+aYy24E6jcgEcIBQQdEy4nK/kpaKBXWXD0xB hWregU7I0cytLlNnexCkgLpFWHKsQVUaqMacNeDgNFyq4zkZZ+m1PjPhThFcQ/A/4Y08 t94yoGMnoeAUEkks7grIU2yudBWh+43bdwfX0IHtVapjWvg+okTEBgvHDxwQKx6inzTk MzcvA3B4h8io+sos5mg43YTjD7Ip4WipXoakejLoegn38PL3rocyzNi7kxQ9h46IZCxN 0Elw== X-Gm-Message-State: AGRZ1gIQxw848S5lV056T8JwBlXioDfeORMFi2uOwn/3sBnTIIaxq7gS +QlQJoE3U8ihnbQFwjPsPbFF5MMq X-Google-Smtp-Source: AJdET5cockaAXiuH7WRya7xTHfSK7Wqs5YSET9xsN40BcbRN6ZvHpXAi4RDlwiEnQfxGCqznI59PDg== X-Received: by 2002:ab0:4a14:: with SMTP id q20mr1364209uae.4.1540994258307; Wed, 31 Oct 2018 06:57:38 -0700 (PDT) Return-Path: Received: from dave-Dell-System-XPS-L502X.hsd1.nh.comcast.net ([2603:3005:3403:7100:2c71:8680:34e1:a6aa]) by smtp.googlemail.com with ESMTPSA id s85-v6sm2275624vse.29.2018.10.31.06.57.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Oct 2018 06:57:37 -0700 (PDT) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 17/24] ARM: spectre-v1: add array_index_mask_nospec() implementation Date: Wed, 31 Oct 2018 09:57:06 -0400 Message-Id: <20181031135713.2873-18-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181031135713.2873-1-dave.long@linaro.org> References: <20181031135713.2873-1-dave.long@linaro.org> From: Russell King Commit 1d4238c56f9816ce0f9c8dbe42d7f2ad81cb6613 upstream. Add an implementation of the array_index_mask_nospec() function for mitigating Spectre variant 1 throughout the kernel. Signed-off-by: Russell King Acked-by: Mark Rutland Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Signed-off-by: David A. Long --- arch/arm/include/asm/barrier.h | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) -- 2.17.1 diff --git a/arch/arm/include/asm/barrier.h b/arch/arm/include/asm/barrier.h index 6f00dac6ad8e..513e03d138ea 100644 --- a/arch/arm/include/asm/barrier.h +++ b/arch/arm/include/asm/barrier.h @@ -75,6 +75,25 @@ extern void arm_heavy_mb(void); #define __smp_rmb() __smp_mb() #define __smp_wmb() dmb(ishst) +#ifdef CONFIG_CPU_SPECTRE +static inline unsigned long array_index_mask_nospec(unsigned long idx, + unsigned long sz) +{ + unsigned long mask; + + asm volatile( + "cmp %1, %2\n" + " sbc %0, %1, %1\n" + CSDB + : "=r" (mask) + : "r" (idx), "Ir" (sz) + : "cc"); + + return mask; +} +#define array_index_mask_nospec array_index_mask_nospec +#endif + #include #endif /* !__ASSEMBLY__ */ From patchwork Wed Oct 31 13:57:07 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 149812 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp6826709ljp; Wed, 31 Oct 2018 06:57:40 -0700 (PDT) X-Received: by 2002:a1f:34c8:: with SMTP id b191mr1281382vka.52.1540994260077; Wed, 31 Oct 2018 06:57:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540994260; cv=none; d=google.com; s=arc-20160816; b=HxH7RPyunqzlCEuW15Q9X1Xsqb5bT6uowEZijBumNMOmdK4DQAzaMH/mqGpgknCfsE TRlov5p/ki/lfqM6bBbLALkNqs+vB4DJYmUo68bBmd2/s26GYDwt/oPtnK1UzN4nbIsi Ll2mjVF8F/X1jf83F67Gz69Z4ndbIsCok4w8aHTBf7cWrmdvED/QK2xnLhZzIzYwoof4 +uJb5TlvdddJnAbYpQPu2nvObHDobUdcLjn/0tEjEYa2c8c0ehg4BtHSqpktzS3SLdOa C4cm6DCouQ7mISg/rQZbXBnLGlRCcRfQAmwsiLYuNwuy9S33zTKS/xRitxxGCdO+pizX hDxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=f6qevJAuwVI43jXNput2zaCKf5/0mDp50KdvP90bOIg=; b=PJ+SRjsFnu3VOhHuOnMAUgFqRf0QytVweVu4GN9HiD8c1Y2EUOO82TzI/K9IU68Ac8 P/8psTipcfY8YELMrzuuQ8LHScgWPzAw2S+AkBSPA2UZFcJ26y1yKbXqvGUcNuxMvBb9 uXkyFyjzJzIFsD45j7xJe84jftJ8qgPx3NJDnoZYl4IfZN3cthMT/VFAONx9RjVKNohD HQMJ6X8OwiCaIJ5UsCe6OGEV1YN557Le8gt26E+fzKeqLxNtsfQyIneRdDiCdrJG7VJg hJqssay3TMLn/k/6Awnn9PAG7DihCPUgMl6G7LeuAME/iKiIfmg7Og3DPtaTTflV6OCT DBCQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=WB57YZFz; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id z9sor812621vse.68.2018.10.31.06.57.39 for (Google Transport Security); Wed, 31 Oct 2018 06:57:40 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=WB57YZFz; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=f6qevJAuwVI43jXNput2zaCKf5/0mDp50KdvP90bOIg=; b=WB57YZFznAUlEWQsQYhGdyTnM3ylMvYGQKYyVtLUV7te5ltfmZPcTrum7M7e7UvOFf xYnb12+UIq9ig0IolLQ+bHfBzNYtGi/xF8RPyZxZqJQ3QIXOppjXZxq6sFDBoZE2BoSP ZfV9KvT8QRkkhlvMEE0SS54TgHUKZOw8EqnJw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=f6qevJAuwVI43jXNput2zaCKf5/0mDp50KdvP90bOIg=; b=kLyYUOm9FtGHv7CP3+WMljzgXvIqwLlinx2MsIgojAQwicWA41PIvvPnnwmjed/Ex5 187xcLVTyKHnEWzjo4rphvgYb0/R38Viw1YVvn2eP3GGTBZ5gEYP5V44dh8r1GW/jJoS vjSb9EIFwPzZRKUIjLHSr4fze8GG1oQQDU1aq8E5tyc4ThehJXukp6GdqQGhgGOVgO9M dGRO3JBOEq9hTWXiYo2WhGvCuLnws+VTq7vl53iO6y1J3d26SWiqbUPJJkrIK8MJlHO8 vP1lzl2m6kLbXGHqeuxxfHGMVr+kdsygLpZtZ18rWIRHaU192ZGqhTqc6lmxa2nTzOiE ifdQ== X-Gm-Message-State: AGRZ1gLU7aeIu5MhtDfwm0D2iz9jnh1A7MmlgOhoavPpq8RVHZAWYHnf ACCZoCpx4YjHo2Jzigk9EUpgzfR9 X-Google-Smtp-Source: AJdET5fssOnVshzZ5eOFZEsR0yXCVm3ZaFzNhOuu4CE4no5CqfKRyEsNUPaepikhEtXYgoEF/mRzWA== X-Received: by 2002:a67:1081:: with SMTP id 123mr1294836vsq.214.1540994259472; Wed, 31 Oct 2018 06:57:39 -0700 (PDT) Return-Path: Received: from dave-Dell-System-XPS-L502X.hsd1.nh.comcast.net ([2603:3005:3403:7100:2c71:8680:34e1:a6aa]) by smtp.googlemail.com with ESMTPSA id s85-v6sm2275624vse.29.2018.10.31.06.57.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Oct 2018 06:57:38 -0700 (PDT) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 18/24] ARM: spectre-v1: fix syscall entry Date: Wed, 31 Oct 2018 09:57:07 -0400 Message-Id: <20181031135713.2873-19-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181031135713.2873-1-dave.long@linaro.org> References: <20181031135713.2873-1-dave.long@linaro.org> From: Russell King Commit 10573ae547c85b2c61417ff1a106cffbfceada35 upstream. Prevent speculation at the syscall table decoding by clamping the index used to zero on invalid system call numbers, and using the csdb speculative barrier. Signed-off-by: Russell King Acked-by: Mark Rutland Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Signed-off-by: David A. Long --- arch/arm/kernel/entry-common.S | 18 +++++++----------- arch/arm/kernel/entry-header.S | 25 +++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 11 deletions(-) -- 2.17.1 diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S index 10c3283d6c19..56be67ecf0fa 100644 --- a/arch/arm/kernel/entry-common.S +++ b/arch/arm/kernel/entry-common.S @@ -223,9 +223,7 @@ local_restart: tst r10, #_TIF_SYSCALL_WORK @ are we tracing syscalls? bne __sys_trace - cmp scno, #NR_syscalls @ check upper syscall limit - badr lr, ret_fast_syscall @ return address - ldrcc pc, [tbl, scno, lsl #2] @ call sys_* routine + invoke_syscall tbl, scno, r10, ret_fast_syscall add r1, sp, #S_OFF 2: cmp scno, #(__ARM_NR_BASE - __NR_SYSCALL_BASE) @@ -258,14 +256,8 @@ __sys_trace: mov r1, scno add r0, sp, #S_OFF bl syscall_trace_enter - - badr lr, __sys_trace_return @ return address - mov scno, r0 @ syscall number (possibly new) - add r1, sp, #S_R0 + S_OFF @ pointer to regs - cmp scno, #NR_syscalls @ check upper syscall limit - ldmccia r1, {r0 - r6} @ have to reload r0 - r6 - stmccia sp, {r4, r5} @ and update the stack args - ldrcc pc, [tbl, scno, lsl #2] @ call sys_* routine + mov scno, r0 + invoke_syscall tbl, scno, r10, __sys_trace_return, reload=1 cmp scno, #-1 @ skip the syscall? bne 2b add sp, sp, #S_OFF @ restore stack @@ -317,6 +309,10 @@ sys_syscall: bic scno, r0, #__NR_OABI_SYSCALL_BASE cmp scno, #__NR_syscall - __NR_SYSCALL_BASE cmpne scno, #NR_syscalls @ check range +#ifdef CONFIG_CPU_SPECTRE + movhs scno, #0 + csdb +#endif stmloia sp, {r5, r6} @ shuffle args movlo r0, r1 movlo r1, r2 diff --git a/arch/arm/kernel/entry-header.S b/arch/arm/kernel/entry-header.S index e056c9a9aa9d..fa7c6e5c17e7 100644 --- a/arch/arm/kernel/entry-header.S +++ b/arch/arm/kernel/entry-header.S @@ -377,6 +377,31 @@ #endif .endm + .macro invoke_syscall, table, nr, tmp, ret, reload=0 +#ifdef CONFIG_CPU_SPECTRE + mov \tmp, \nr + cmp \tmp, #NR_syscalls @ check upper syscall limit + movcs \tmp, #0 + csdb + badr lr, \ret @ return address + .if \reload + add r1, sp, #S_R0 + S_OFF @ pointer to regs + ldmccia r1, {r0 - r6} @ reload r0-r6 + stmccia sp, {r4, r5} @ update stack arguments + .endif + ldrcc pc, [\table, \tmp, lsl #2] @ call sys_* routine +#else + cmp \nr, #NR_syscalls @ check upper syscall limit + badr lr, \ret @ return address + .if \reload + add r1, sp, #S_R0 + S_OFF @ pointer to regs + ldmccia r1, {r0 - r6} @ reload r0-r6 + stmccia sp, {r4, r5} @ update stack arguments + .endif + ldrcc pc, [\table, \nr, lsl #2] @ call sys_* routine +#endif + .endm + /* * These are the registers used in the syscall handler, and allow us to * have in theory up to 7 arguments to a function - r0 to r6. From patchwork Wed Oct 31 13:57:08 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 149813 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp6826731ljp; Wed, 31 Oct 2018 06:57:41 -0700 (PDT) X-Received: by 2002:a67:d119:: with SMTP id u25mr941056vsi.63.1540994261210; Wed, 31 Oct 2018 06:57:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540994261; cv=none; d=google.com; s=arc-20160816; b=ZOVr5nbemnEVv2eG3tuNhv2xaORdFCN+m/dKmnHioxRopU7CiK6BHs1oLec0rnalfH lSOgFf3UgJ+wf6t4Hy19FbTK8GbmMyIC4pj7Gt9gYyCtNV+bRFyTvQRX44lzBu2YKM8Y zPN9C/TE/Ijcn4lvTin2zc+rSX9HDxrc+x48V+HNtVtT0ucYU2wYo0arl4761wdMtvQR w+pFtlGgw4exT+U9tgWGrXNHjROTMmcB2Zq4dXG8LqIhJ1CdsIq4PJTnrNSNVCvSAxE4 XU1KISNPDT8uMa9gQ1LdMv64vk84y7Z9dFl14WpyGSDaWnsDhyw+sN6GSbOORQCKSKfi aADQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=qa5Mci7cMAGvawpk5a6Wtf5f3dHfZJJnbCtGATwkUMw=; b=RwMgh5xJgsGKEV7GAiANthWqlvxR6etgSXvLTuI4xfBxhZRdMw1k7Csekhp7BfU+0b Jb2qrLwe9IasUW8kLz1a8URc0SMMJpWYc7qRYK1mFyOaBH+XKmu4KeakwibXR0rs7IYy BgclNH1pVbR1fW39IxmLMwF2Q8BELEetz+2ST62P/7QMurLwmZ22L9oJNRyYG0a9MqF5 FFWquEEaSZJ0+dsmQge0b0haVS8PykIiFl/jQIdp6D0N4v7R4WvjPLDuN89/DS9stX1u 52PhfszMqjZVBGyA2nw9nDoRnBhZIYI9ob2QJXmCxMsryehnqtQtSGJqthGGwA9eWjEh Kl2Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=EDyxLGgX; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id m132sor5580404vkh.36.2018.10.31.06.57.41 for (Google Transport Security); Wed, 31 Oct 2018 06:57:41 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=EDyxLGgX; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=qa5Mci7cMAGvawpk5a6Wtf5f3dHfZJJnbCtGATwkUMw=; b=EDyxLGgXOX3Rsxu6bq1GlWuXIbbqjUVmKvbqXCJEptfvKe5YypneHHZqMOIL3QzIAb 81MRrq53AbOHj50dLxhF+QT6M28qinIjBE0mGhZQFylw+zimMfmO7KlS8ktEXQoJ7tqn jttaR2MQL/rFsfAAmSdADq14SOHIR1k2G21SE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=qa5Mci7cMAGvawpk5a6Wtf5f3dHfZJJnbCtGATwkUMw=; b=EZ06TaYPFFHgZ2h7cuzhYAJSIOUU8/oZIs55RUKCGhK/rN/JUjImpTNnVvkig/i1aE 31oBO3QEoDPgs81LeAjjX+VCKyaddxLC0Wfit/BacHW7ioLNT8OxPzBJOdzqQMJElKrn JoAnShhDgsuiftzDRY+aVQv42oXTKIe3uMXAiv9SfcwUnIcNaP/Ip5aTLynOkaxePepq xQnYzBVdzrJmlUw8IDAjKPOqz6CqjVr1jOBEOZ4Oe8ykeac5jGWwJ9D5+0HCWvluWO/k CkOa3z25rcMlMJBN6KVJRSziWymOrnvry9xvy1Ef8RjAWaqOuO4uMYPl73UbBtHr1WLI xDvg== X-Gm-Message-State: AGRZ1gJ8LlemGbibJCtInycf31mO6WGHbglbeEmvv7cJi9u+VTbB7YZ8 6hIXy9xmec5tVOoGyef8Czlcv4QA6zfMYQ== X-Google-Smtp-Source: AJdET5eOsI5FrMLg6Qo1T6BoEACQn7qFUEGegMj8XGMsjt4MeK3s/Sz9U39/uGlrV0ozsEPbz0Y5gQ== X-Received: by 2002:a1f:c20d:: with SMTP id s13mr1352235vkf.9.1540994260622; Wed, 31 Oct 2018 06:57:40 -0700 (PDT) Return-Path: Received: from dave-Dell-System-XPS-L502X.hsd1.nh.comcast.net ([2603:3005:3403:7100:2c71:8680:34e1:a6aa]) by smtp.googlemail.com with ESMTPSA id s85-v6sm2275624vse.29.2018.10.31.06.57.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Oct 2018 06:57:40 -0700 (PDT) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 19/24] ARM: signal: copy registers using __copy_from_user() Date: Wed, 31 Oct 2018 09:57:08 -0400 Message-Id: <20181031135713.2873-20-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181031135713.2873-1-dave.long@linaro.org> References: <20181031135713.2873-1-dave.long@linaro.org> From: Russell King Commit c32cd419d6650e42b9cdebb83c672ec945e6bd7e upstream. __get_user_error() is used as a fast accessor to make copying structure members in the signal handling path as efficient as possible. However, with software PAN and the recent Spectre variant 1, the efficiency is reduced as these are no longer fast accessors. In the case of software PAN, it has to switch the domain register around each access, and with Spectre variant 1, it would have to repeat the access_ok() check for each access. It becomes much more efficient to use __copy_from_user() instead, so let's use this for the ARM integer registers. Acked-by: Mark Rutland Signed-off-by: Russell King Signed-off-by: David A. Long --- arch/arm/kernel/signal.c | 38 +++++++++++++++++++++----------------- 1 file changed, 21 insertions(+), 17 deletions(-) -- 2.17.1 diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c index 7b8f2141427b..a592bc0287f8 100644 --- a/arch/arm/kernel/signal.c +++ b/arch/arm/kernel/signal.c @@ -141,6 +141,7 @@ struct rt_sigframe { static int restore_sigframe(struct pt_regs *regs, struct sigframe __user *sf) { + struct sigcontext context; struct aux_sigframe __user *aux; sigset_t set; int err; @@ -149,23 +150,26 @@ static int restore_sigframe(struct pt_regs *regs, struct sigframe __user *sf) if (err == 0) set_current_blocked(&set); - __get_user_error(regs->ARM_r0, &sf->uc.uc_mcontext.arm_r0, err); - __get_user_error(regs->ARM_r1, &sf->uc.uc_mcontext.arm_r1, err); - __get_user_error(regs->ARM_r2, &sf->uc.uc_mcontext.arm_r2, err); - __get_user_error(regs->ARM_r3, &sf->uc.uc_mcontext.arm_r3, err); - __get_user_error(regs->ARM_r4, &sf->uc.uc_mcontext.arm_r4, err); - __get_user_error(regs->ARM_r5, &sf->uc.uc_mcontext.arm_r5, err); - __get_user_error(regs->ARM_r6, &sf->uc.uc_mcontext.arm_r6, err); - __get_user_error(regs->ARM_r7, &sf->uc.uc_mcontext.arm_r7, err); - __get_user_error(regs->ARM_r8, &sf->uc.uc_mcontext.arm_r8, err); - __get_user_error(regs->ARM_r9, &sf->uc.uc_mcontext.arm_r9, err); - __get_user_error(regs->ARM_r10, &sf->uc.uc_mcontext.arm_r10, err); - __get_user_error(regs->ARM_fp, &sf->uc.uc_mcontext.arm_fp, err); - __get_user_error(regs->ARM_ip, &sf->uc.uc_mcontext.arm_ip, err); - __get_user_error(regs->ARM_sp, &sf->uc.uc_mcontext.arm_sp, err); - __get_user_error(regs->ARM_lr, &sf->uc.uc_mcontext.arm_lr, err); - __get_user_error(regs->ARM_pc, &sf->uc.uc_mcontext.arm_pc, err); - __get_user_error(regs->ARM_cpsr, &sf->uc.uc_mcontext.arm_cpsr, err); + err |= __copy_from_user(&context, &sf->uc.uc_mcontext, sizeof(context)); + if (err == 0) { + regs->ARM_r0 = context.arm_r0; + regs->ARM_r1 = context.arm_r1; + regs->ARM_r2 = context.arm_r2; + regs->ARM_r3 = context.arm_r3; + regs->ARM_r4 = context.arm_r4; + regs->ARM_r5 = context.arm_r5; + regs->ARM_r6 = context.arm_r6; + regs->ARM_r7 = context.arm_r7; + regs->ARM_r8 = context.arm_r8; + regs->ARM_r9 = context.arm_r9; + regs->ARM_r10 = context.arm_r10; + regs->ARM_fp = context.arm_fp; + regs->ARM_ip = context.arm_ip; + regs->ARM_sp = context.arm_sp; + regs->ARM_lr = context.arm_lr; + regs->ARM_pc = context.arm_pc; + regs->ARM_cpsr = context.arm_cpsr; + } err |= !valid_user_regs(regs); From patchwork Wed Oct 31 13:57:09 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 149814 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp6826757ljp; Wed, 31 Oct 2018 06:57:42 -0700 (PDT) X-Received: by 2002:a1f:710:: with SMTP id 16mr1373586vkh.42.1540994262375; Wed, 31 Oct 2018 06:57:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540994262; cv=none; d=google.com; s=arc-20160816; b=V2uzZ3dmuNot51jKtcPFRFfPP5yqbCqYK6oEbdWzf+Q8YkErZhre8elF+2QBioMHeZ gvfGyAcVosmM0Fw9jcbCXWyTLCcnv+EQQA+1Wn1fuKBnH3NnXrqDI6WubL60xB7QtnHJ 4eJ0S6B2SRxirbUbOgzub/mJ5Plel52IXR7H/bpfaqlfeQvAGq9LM/yKjOHucE01s3Uk bwzMY3iYXndbN0Qd0IPlWazP+OHYE4DTBEJMb0hR/X6RNIjwcMbv9empL8/D7ziLQzi+ 0J9VIAahzOpzc7H5q7Uk2rQ1lgr7KrPPYLKB+r53o+nMLSlpHdd+W3OH6wHMsiE2vGNz msow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=WU9LGXkuIzC4CcOmIihXYGuiNacUrn4d35aRch3bjb8=; b=VCPGWqkDl9sIIaoAmQSBpPaKESGTdomzQJunlo5hC9FUfPYKAFTAkZKf6O/bMQjlLu luWjhDDpph8XfpEqLB44pCdQZ7QPPgVl3jqrYA7Sc3PKwqZFE87WYbXAd7mtaKFt4YC7 TIzGTnXGi/xLnz1fs3ev02Bqpa6DJ/4Vy6jaOUOizXToNm7fLEP++zQo6TAy+lAIPWQu 9vu5+kyYemIXKQSsF+2mjYpKEHYQe/iDcfoWiMoj+n96CL5yVRrbstQbGaT9B/kMhI+7 0A7VznfnbcEPF9VJMDi88wOTD2P9VZpZPUxA6RfqjaqgUEtpw6BGsw3mqydvSZcfJIww dp9Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=aaeBm1hi; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id f10sor4535625uad.56.2018.10.31.06.57.42 for (Google Transport Security); Wed, 31 Oct 2018 06:57:42 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=aaeBm1hi; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=WU9LGXkuIzC4CcOmIihXYGuiNacUrn4d35aRch3bjb8=; b=aaeBm1hifdo58e8AsXGlAPXtQvSHBx5jLxH6qbm+ou7SimbQ1Vktqo7gQzXVotw5QR SEXA2Btk8BgIcRWznYDqGyjMAdyEkBuPlLeViWgSownueY7OnUV9J7srhOBaR0j4aFyP ASLtChQpCFWFCPZGN1mPMKIbezKO43Ww0B9gg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=WU9LGXkuIzC4CcOmIihXYGuiNacUrn4d35aRch3bjb8=; b=WUjPJzZyAKzMm4uLY9fyOYt2wLoVf2ESPgWokqODmtjkz3AKrHr7En3CfXkqE3yxTE JP7JtiUZ49uYa4VCcONC6G/3avaa6Ayx1JXUoJAoDwMOfJAdUZnlwfMAoqHf4wcqUcR9 i2/bkdcF7fFlwmeb/I9lgu9MPb+MGsr4SRAKfMGN3zli5KIrftjH5n4ZLefoONKGpEjU AmeOy/hmCCFhbYlElrlg2jkobLlxec3PQQfPetOuYze03hOrgnsDVrKZYl7lsfFmUHA7 ZxKubPzVJxUjBKa6ugzIQmaYXVPrSp+3w/rh/w5eKTweVTvpKDWotx1wvtACQMZ+D6mm zMig== X-Gm-Message-State: AGRZ1gKL18uWSLahKkrmU2l5HtI+vs/Jk+GDsHA052bxhuwVWMdvBY/i flIifr9KU85grbbYJpqdHVkrh1nbaqO01g== X-Google-Smtp-Source: AJdET5eg3rWGrJ6SituV67itgE5rafkKInVOdyxw0jdBiF38SOglknYtqk6nzEVJtrAGd9G64Ctqew== X-Received: by 2002:a9f:35a2:: with SMTP id t31mr1343015uad.98.1540994261730; Wed, 31 Oct 2018 06:57:41 -0700 (PDT) Return-Path: Received: from dave-Dell-System-XPS-L502X.hsd1.nh.comcast.net ([2603:3005:3403:7100:2c71:8680:34e1:a6aa]) by smtp.googlemail.com with ESMTPSA id s85-v6sm2275624vse.29.2018.10.31.06.57.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Oct 2018 06:57:41 -0700 (PDT) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 20/24] ARM: vfp: use __copy_from_user() when restoring VFP state Date: Wed, 31 Oct 2018 09:57:09 -0400 Message-Id: <20181031135713.2873-21-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181031135713.2873-1-dave.long@linaro.org> References: <20181031135713.2873-1-dave.long@linaro.org> From: Russell King Commit 42019fc50dfadb219f9e6ddf4c354f3837057d80 upstream. __get_user_error() is used as a fast accessor to make copying structure members in the signal handling path as efficient as possible. However, with software PAN and the recent Spectre variant 1, the efficiency is reduced as these are no longer fast accessors. In the case of software PAN, it has to switch the domain register around each access, and with Spectre variant 1, it would have to repeat the access_ok() check for each access. Use __copy_from_user() rather than __get_user_err() for individual members when restoring VFP state. Acked-by: Mark Rutland Signed-off-by: Russell King Signed-off-by: David A. Long --- arch/arm/include/asm/thread_info.h | 4 ++-- arch/arm/kernel/signal.c | 17 ++++++++--------- arch/arm/vfp/vfpmodule.c | 17 +++++++---------- 3 files changed, 17 insertions(+), 21 deletions(-) -- 2.17.1 diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h index 776757d1604a..57d2ad9c75ca 100644 --- a/arch/arm/include/asm/thread_info.h +++ b/arch/arm/include/asm/thread_info.h @@ -126,8 +126,8 @@ struct user_vfp_exc; extern int vfp_preserve_user_clear_hwstate(struct user_vfp __user *, struct user_vfp_exc __user *); -extern int vfp_restore_user_hwstate(struct user_vfp __user *, - struct user_vfp_exc __user *); +extern int vfp_restore_user_hwstate(struct user_vfp *, + struct user_vfp_exc *); #endif /* diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c index a592bc0287f8..6bee5c9b1133 100644 --- a/arch/arm/kernel/signal.c +++ b/arch/arm/kernel/signal.c @@ -107,21 +107,20 @@ static int preserve_vfp_context(struct vfp_sigframe __user *frame) return vfp_preserve_user_clear_hwstate(&frame->ufp, &frame->ufp_exc); } -static int restore_vfp_context(struct vfp_sigframe __user *frame) +static int restore_vfp_context(struct vfp_sigframe __user *auxp) { - unsigned long magic; - unsigned long size; - int err = 0; + struct vfp_sigframe frame; + int err; - __get_user_error(magic, &frame->magic, err); - __get_user_error(size, &frame->size, err); + err = __copy_from_user(&frame, (char __user *) auxp, sizeof(frame)); if (err) - return -EFAULT; - if (magic != VFP_MAGIC || size != VFP_STORAGE_SIZE) + return err; + + if (frame.magic != VFP_MAGIC || frame.size != VFP_STORAGE_SIZE) return -EINVAL; - return vfp_restore_user_hwstate(&frame->ufp, &frame->ufp_exc); + return vfp_restore_user_hwstate(&frame.ufp, &frame.ufp_exc); } #endif diff --git a/arch/arm/vfp/vfpmodule.c b/arch/arm/vfp/vfpmodule.c index 5629d7580973..8e5e97989fda 100644 --- a/arch/arm/vfp/vfpmodule.c +++ b/arch/arm/vfp/vfpmodule.c @@ -597,13 +597,11 @@ int vfp_preserve_user_clear_hwstate(struct user_vfp __user *ufp, } /* Sanitise and restore the current VFP state from the provided structures. */ -int vfp_restore_user_hwstate(struct user_vfp __user *ufp, - struct user_vfp_exc __user *ufp_exc) +int vfp_restore_user_hwstate(struct user_vfp *ufp, struct user_vfp_exc *ufp_exc) { struct thread_info *thread = current_thread_info(); struct vfp_hard_struct *hwstate = &thread->vfpstate.hard; unsigned long fpexc; - int err = 0; /* Disable VFP to avoid corrupting the new thread state. */ vfp_flush_hwstate(thread); @@ -612,17 +610,16 @@ int vfp_restore_user_hwstate(struct user_vfp __user *ufp, * Copy the floating point registers. There can be unused * registers see asm/hwcap.h for details. */ - err |= __copy_from_user(&hwstate->fpregs, &ufp->fpregs, - sizeof(hwstate->fpregs)); + memcpy(&hwstate->fpregs, &ufp->fpregs, sizeof(hwstate->fpregs)); /* * Copy the status and control register. */ - __get_user_error(hwstate->fpscr, &ufp->fpscr, err); + hwstate->fpscr = ufp->fpscr; /* * Sanitise and restore the exception registers. */ - __get_user_error(fpexc, &ufp_exc->fpexc, err); + fpexc = ufp_exc->fpexc; /* Ensure the VFP is enabled. */ fpexc |= FPEXC_EN; @@ -631,10 +628,10 @@ int vfp_restore_user_hwstate(struct user_vfp __user *ufp, fpexc &= ~(FPEXC_EX | FPEXC_FP2V); hwstate->fpexc = fpexc; - __get_user_error(hwstate->fpinst, &ufp_exc->fpinst, err); - __get_user_error(hwstate->fpinst2, &ufp_exc->fpinst2, err); + hwstate->fpinst = ufp_exc->fpinst; + hwstate->fpinst2 = ufp_exc->fpinst2; - return err ? -EFAULT : 0; + return 0; } /* From patchwork Wed Oct 31 13:57:10 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 149815 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp6826779ljp; Wed, 31 Oct 2018 06:57:43 -0700 (PDT) X-Received: by 2002:ab0:918:: with SMTP id w24mr1439748uag.51.1540994263369; Wed, 31 Oct 2018 06:57:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540994263; cv=none; d=google.com; s=arc-20160816; b=qZN/Dboi2LWyVColIkYx5Xb7v+AiBx3KL9kfUmsf/jiShtJPQJ9i8qDw23dv/jZfzE kc8QxmtWuRMWo0V9OAeJz6slrkhBIZnMWjiSjvGkgof9ZsDW0V8fnMsi/Vbs5XMJ5hdA esLLlOJyYEqUqofmBob0MpTgWVzTH/7r7IKIh+XjQks3/rDCni7YOZDjR4t3PRtg+Mi1 eWXk8uy4uMTUwbR4oXduMvWs8ljKBwdeMSKw29R/FhSv3FSf6IEgi4QE+3CEYwOEpcf9 PmCliCXEx/ezDJjw07oT1Q5Y+xMK93BGzYpm5N06sss482a8WEbW1cMPq4aJBPHCFL60 ux4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=IaoQxTRrxrYBzQWir0u9ErhYqEdp4e5JRmU48kGigvg=; b=Ygbn2C0baH8+TB8XZoxNOyVXZhHc8aVK5TDIkQ6TcvczY8HsACiQZSa8fI0wntttYx JjIV454fuRdskdLcgro9xerNEKMFvGTM1Egi4CYwRSe2mrhmOPQDlrOGrSzN+THTo9c9 ft78rKwnE1AY25F7bLlwTGP9afOsLV2T/6WQ1f/kysyCauwL2zWY9jsXOas3+5dM+jfR 5hT+sOwRl0JHgRbXf+3Bvq5I9/zc4p49msW2DkZipUJR8KQB7/NirUYycEYZs5DXdv0x w3nAChRbIUHENPmNQpwqRAxbKpDcAqKKss3ErEEEnp6jLMSeIHTMx3B0rIL5CtvgljA1 /atA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=C2Cso859; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id g1sor11616663uak.55.2018.10.31.06.57.43 for (Google Transport Security); Wed, 31 Oct 2018 06:57:43 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=C2Cso859; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=IaoQxTRrxrYBzQWir0u9ErhYqEdp4e5JRmU48kGigvg=; b=C2Cso859noA8Knne/ULe0lAPA8XwN3f+0I8icWb65k4M1ZnUBYYrqbgZ9KqW6yVXCi Qn16sz9RXd8lB8M70SU6shF4kVgs28oNCZTWBXg7UFO3bI2KwoQCxwqG/h6Yz5VZ1nBj mc6iJkNy2Uj3//jwy/AcMAPhvjq/xLb+pdIrk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=IaoQxTRrxrYBzQWir0u9ErhYqEdp4e5JRmU48kGigvg=; b=BnEivNYyK90GGTq/zUYC2gchzyqYQRDVEpvOaCYyb0oxIGCQC9r5SrGNRCXRms2EA3 qs35hJf/+s9ZpRGQP7k0yYqx3+zxbjzI7coLHB8I8plJxetSUTV8Vce/mXqXj/m+ae9E Tw5j3aj5lJL4dfhaQv5Tb0I4ZtMz34U2CTuLz/Gfjw4kylZ2gYJOetGQJqv8Duvd5AVa nAFVSjCdrlvu5jbgY8YZRPW4MvIuEKMNPyuolb3AIuRfaC177fo3QGG7PUmufFD9h4l2 cS6l+qtkRtZYa7rnp6aAG+Iy5dtCn4SpTaG5+WjnDKbLl44fAQI7Kl5CoUr6yp3BDkKb d/Qg== X-Gm-Message-State: AGRZ1gKd0q8OWyK3Jug8mzd0WgFXCsKeIf7UAoaGEWKW8hiqcAahr8av 6d+PqNGnoCfdEpSb87rYjiEbQNav X-Google-Smtp-Source: AJdET5ew0vpdRM11G/qRslcKsyNUy6AjqrkvYWJio9k95zmECbWCW3pN/y0tm9RgYV3BSHTVdAMnuA== X-Received: by 2002:ab0:481:: with SMTP id 1mr1363795uaw.59.1540994262862; Wed, 31 Oct 2018 06:57:42 -0700 (PDT) Return-Path: Received: from dave-Dell-System-XPS-L502X.hsd1.nh.comcast.net ([2603:3005:3403:7100:2c71:8680:34e1:a6aa]) by smtp.googlemail.com with ESMTPSA id s85-v6sm2275624vse.29.2018.10.31.06.57.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Oct 2018 06:57:42 -0700 (PDT) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 21/24] ARM: oabi-compat: copy semops using __copy_from_user() Date: Wed, 31 Oct 2018 09:57:10 -0400 Message-Id: <20181031135713.2873-22-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181031135713.2873-1-dave.long@linaro.org> References: <20181031135713.2873-1-dave.long@linaro.org> From: Russell King Commit 8c8484a1c18e3231648f5ba7cc5ffb7fd70b3ca4 upstream. __get_user_error() is used as a fast accessor to make copying structure members as efficient as possible. However, with software PAN and the recent Spectre variant 1, the efficiency is reduced as these are no longer fast accessors. In the case of software PAN, it has to switch the domain register around each access, and with Spectre variant 1, it would have to repeat the access_ok() check for each access. Rather than using __get_user_error() to copy each semops element member, copy each semops element in full using __copy_from_user(). Acked-by: Mark Rutland Signed-off-by: Russell King Signed-off-by: David A. Long --- arch/arm/kernel/sys_oabi-compat.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) -- 2.17.1 diff --git a/arch/arm/kernel/sys_oabi-compat.c b/arch/arm/kernel/sys_oabi-compat.c index 5f221acd21ae..640748e27035 100644 --- a/arch/arm/kernel/sys_oabi-compat.c +++ b/arch/arm/kernel/sys_oabi-compat.c @@ -328,9 +328,11 @@ asmlinkage long sys_oabi_semtimedop(int semid, return -ENOMEM; err = 0; for (i = 0; i < nsops; i++) { - __get_user_error(sops[i].sem_num, &tsops->sem_num, err); - __get_user_error(sops[i].sem_op, &tsops->sem_op, err); - __get_user_error(sops[i].sem_flg, &tsops->sem_flg, err); + struct oabi_sembuf osb; + err |= __copy_from_user(&osb, tsops, sizeof(osb)); + sops[i].sem_num = osb.sem_num; + sops[i].sem_op = osb.sem_op; + sops[i].sem_flg = osb.sem_flg; tsops++; } if (timeout) { From patchwork Wed Oct 31 13:57:11 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 149816 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp6826796ljp; Wed, 31 Oct 2018 06:57:45 -0700 (PDT) X-Received: by 2002:a9f:35a2:: with SMTP id t31mr1343105uad.98.1540994265002; Wed, 31 Oct 2018 06:57:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540994264; cv=none; d=google.com; s=arc-20160816; b=OA4rh2INjR8eXrjLtBxHoh8WRCY/p3z7d9fAofWlgFU/vi4Ty6cJGnY5WthUNt1r90 S4ia2YKGMUcQxnRoFGAZ3fWpVCKyZ2n9YdYgtXTrhqIUk81UR+Ve+wvz3MCMaOX5uLx8 s2bFyUJqBAd103WMIxMASmSUTmALo+h+d0coces7TAYCQu5v18dbYPTppuK21B9KgITu ICRwlMNCHuxssJIV6Pv58+8erBDZ5UCtkcGa9AEBpp63FZexhUfeegTbz6rhZZx7YCNS SQFg3ao35XzlzRa4/cRl83GqdRIwp+vR78RrVWPDEw/nim1CTbdYQaQxX1lbfk6TWjF+ 5Qyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=ooCq3zDEQFNaEs3SH2OOgctB7upQfBN8UmRyJCq4nuI=; b=mhxwLSCyazAwoec1/D0ZeK0l8bCaDibD6EM7LMK+jgJMcW4+UFNHYlz+pyhpcmg4jZ R4bPbs8O0OnG8o/DRJlzy8+PLi0lqXLXD4mTVMpuEBNzJKVBa7Y/bcW6u158+kIdH6rX D2q53EIeDC76XSFRmkZMD5nXrWdL/Rvvo5DIZgdMPkKPBhOc723kRa9DDhkIAJ6w/0Ob oHFnVzAll5CKEbOtOavKh9DOWPXJWVxHRlwjUk6BUq/fBFLLh0zT+RjzYLk/UypWdEso 4oQiIoY3QDUH81RoyhwEl5h/H2brG1AIPeMXr9pC8/Wt749ycRR1zJOg0XP7kODL8NMD hBIw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=kg3GTWkV; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id w85sor13446456vkw.43.2018.10.31.06.57.44 for (Google Transport Security); Wed, 31 Oct 2018 06:57:44 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=kg3GTWkV; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ooCq3zDEQFNaEs3SH2OOgctB7upQfBN8UmRyJCq4nuI=; b=kg3GTWkVVZIphm7ikY4C0s4xkWmXos8YxpDT03bPTTuvOj/cbwfwLhVeuQ7mQUmrBf Sw47XjfIxhfgU3IrkVezLY9OJIYkDhddYrhLXw1xsjRaMdfeWhoZvBL8kLoytlKCjHSn w8mCNxLP70KmL3B2tBdgtcKzmUZpYlv+16yk8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ooCq3zDEQFNaEs3SH2OOgctB7upQfBN8UmRyJCq4nuI=; b=aWz8LpBB3SJyBguAUmi6hfYvSt4w7CmsaYM3ZegKnZ2Tx8cXviGHiTp0ujiW4iNPUG O+hyF9R4zTxFTaZ1/T7PrRpotTkE1udLFMRxFuHGgaVUL0IH6DRUy11g1FsulOaAmwSa wbsUCgNH7kud+TzLohEHbu3XRFbe/I79hi7dy599Txk94LBZGucnBV7rtY5QKwLPBvfG AacO9vVH6q6I1v5ZyPaJSskli7lJoDfln00zXWBbONjiuejO/7DGdgNgnLgG0xHLM2dQ 7+F0y6wiv3iPPVR4XRb9JK+R9la2yCA6uosMq1n0tQo/oTiLpKW5/ctD6NX+t0xjU9vm BO6g== X-Gm-Message-State: AGRZ1gJhummnEaU+ysgU8RcYfAgxLBOxtgZzJiODk9tlR201pSW6E/mP cRqEmQ0znWbZ9V7LxQVBzmaFaUfAmER68Q== X-Google-Smtp-Source: AJdET5fG+Ffp9uVDC83vUPAj6PBxtEHgHliar2Ne9qVch13Bk/d0yQucTQqRfKAhNahxj1+3s0AkNQ== X-Received: by 2002:a1f:c3c5:: with SMTP id t188-v6mr1362969vkf.67.1540994264378; Wed, 31 Oct 2018 06:57:44 -0700 (PDT) Return-Path: Received: from dave-Dell-System-XPS-L502X.hsd1.nh.comcast.net ([2603:3005:3403:7100:2c71:8680:34e1:a6aa]) by smtp.googlemail.com with ESMTPSA id s85-v6sm2275624vse.29.2018.10.31.06.57.42 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Oct 2018 06:57:43 -0700 (PDT) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 22/24] ARM: use __inttype() in get_user() Date: Wed, 31 Oct 2018 09:57:11 -0400 Message-Id: <20181031135713.2873-23-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181031135713.2873-1-dave.long@linaro.org> References: <20181031135713.2873-1-dave.long@linaro.org> From: Russell King Commit d09fbb327d670737ab40fd8bbb0765ae06b8b739 upstream. Borrow the x86 implementation of __inttype() to use in get_user() to select an integer type suitable to temporarily hold the result value. This is necessary to avoid propagating the volatile nature of the result argument, which can cause the following warning: lib/iov_iter.c:413:5: warning: optimization may eliminate reads and/or writes to register variables [-Wvolatile-register-var] Acked-by: Mark Rutland Signed-off-by: Russell King Signed-off-by: David A. Long --- arch/arm/include/asm/uaccess.h | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) -- 2.17.1 diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h index b7e0125c0bbf..4a61f36c7397 100644 --- a/arch/arm/include/asm/uaccess.h +++ b/arch/arm/include/asm/uaccess.h @@ -114,6 +114,13 @@ static inline void set_fs(mm_segment_t fs) : "cc"); \ flag; }) +/* + * This is a type: either unsigned long, if the argument fits into + * that type, or otherwise unsigned long long. + */ +#define __inttype(x) \ + __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL)) + /* * Single-value transfer routines. They automatically use the right * size if we just have the right pointer type. Note that the functions @@ -183,7 +190,7 @@ extern int __get_user_64t_4(void *); ({ \ unsigned long __limit = current_thread_info()->addr_limit - 1; \ register const typeof(*(p)) __user *__p asm("r0") = (p);\ - register typeof(x) __r2 asm("r2"); \ + register __inttype(x) __r2 asm("r2"); \ register unsigned long __l asm("r1") = __limit; \ register int __e asm("r0"); \ unsigned int __ua_flags = uaccess_save_and_enable(); \ From patchwork Wed Oct 31 13:57:12 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 149817 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp6826831ljp; Wed, 31 Oct 2018 06:57:46 -0700 (PDT) X-Received: by 2002:a1f:2145:: with SMTP id h66mr1342945vkh.65.1540994266085; Wed, 31 Oct 2018 06:57:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540994266; cv=none; d=google.com; s=arc-20160816; b=VoDjETaXGimt0XLIEGkcDjL2QP54hoLvEFB5gSbqvcBl5qNEQzguu8DbqXNVuXTNdP 6zdM0PGMhQjGVm2hLEmFLUQKvDi03b/np1fTKNRFeuvpOoRvg+R7Vx9inrqYBVsAyYN6 Hp9Muzkb4KECTZR3h0c+Uwgs3kcYc0JPaqTvCOMiH31rpA9P1htEZz5EGUh1RiBw4Kz3 MKjshBYJ/bTUXpxA4VEoEHJ6n1PP8u3dVvHXvPYuyDgNi3aFd7iB4I9GrP7RwY4/j769 nMlI42yDllOLV2yMjoU2bFWrhCdMOZotVNfL+W2uBPRt4sKaaT3MG1AzV/dd0ctCbloB YeBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=NgpDbEEIVQNDaGmylLr91S8vRe2oycD1Ffr64haQrrw=; b=p1HmE0bgNAW1792IxrrgVb9B0Ue+JUb4tc69mi0g+w63rs2l5Xtvdu1392VdivWMaf fbGrwlSa/aDWTMTxRUNJwbIUM4NZ0GolPfhTpfcghsdBmsL30YIK4LtIMtIEAAChuej1 AuNLbJxFSkYVDcx+AHbPKZGFNTGZkjuxXFKot0++YuFHV1NH/x2gPn6ObyDVnElY4KqY +4+4KvieFwaFF6c6f5fPuWyDlBMmRbNTovXxm/rSHU2t9vbTqKcpz0Ywrt7864H4LLsE fIWQs2HE2CdjTWint4ua3lfY0nbJJduwiVbkZlazYUA1esBDrnPKiIQmwG/fT7Kpv/3n ocxA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=HMwf8VUo; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id 125sor546815vkt.51.2018.10.31.06.57.45 for (Google Transport Security); Wed, 31 Oct 2018 06:57:46 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=HMwf8VUo; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=NgpDbEEIVQNDaGmylLr91S8vRe2oycD1Ffr64haQrrw=; b=HMwf8VUoInrIuqKY6Xg49UuVRw7eburoboY7RB+wBq4pyzSuaTjoqgy2pAI2DwvhNN 6obM45WTKlN+RKSZNHkqQrxYVAJLfqNpzf0112JuxbtPBjhI1dq+6b8s7Q4LJ9gwXUfA zKz+jexuqb00GgB1mZ6P/viu+PB+jHtCyY9mg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=NgpDbEEIVQNDaGmylLr91S8vRe2oycD1Ffr64haQrrw=; b=T4d3Iwq3MQIXhq6WmkDaQnLqaiZXSbjEEmMvxOAN6GZbt0aPCZTfyw0ysOinWpg4Wq 3tSFrTyneprXstsgUUfyYk0z05RaJgOccNaI5zDyRhGYWgCY9pXBcfNV1ApgqS3PVEi/ M4jmj6Um+OmZVC31UbUAUAaL0NOqO9o9EQGdVOGveGYwQUL5+ssqBPBA3qKbOrLvzk9D vuuT2Mrb0hyM3tqToO+pRFQ8jhGybfqbtZVmK+YpGk1EPs9X1LBkJ5wzb6x2aTocS9LB zM3po1lHUzgmANGpbhgCYbhK8wcwvwsZ3PbW3ZKZyw4UZLltG0Zsi+ph2EdXjwX2Z/i2 UbtA== X-Gm-Message-State: AGRZ1gLi0xF7TvmFsDGQNNH5lbQVidk0If7b8PCkCt2J0nv6pZlmMIp/ 21sryCp/XuiHecw+IhYmflrif1nM X-Google-Smtp-Source: AJdET5eF0AP+wOOnpuMsDOTqPoyBHoGQfmc5/gdNzHXwr/tRcUPAooLd60Ia5XVe11vWZupegpJsPw== X-Received: by 2002:a1f:97d1:: with SMTP id z200mr1330638vkd.15.1540994265488; Wed, 31 Oct 2018 06:57:45 -0700 (PDT) Return-Path: Received: from dave-Dell-System-XPS-L502X.hsd1.nh.comcast.net ([2603:3005:3403:7100:2c71:8680:34e1:a6aa]) by smtp.googlemail.com with ESMTPSA id s85-v6sm2275624vse.29.2018.10.31.06.57.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Oct 2018 06:57:44 -0700 (PDT) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 23/24] ARM: spectre-v1: use get_user() for __get_user() Date: Wed, 31 Oct 2018 09:57:12 -0400 Message-Id: <20181031135713.2873-24-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181031135713.2873-1-dave.long@linaro.org> References: <20181031135713.2873-1-dave.long@linaro.org> From: Russell King Commit b1cd0a14806321721aae45f5446ed83a3647c914 upstream. Fixing __get_user() for spectre variant 1 is not sane: we would have to add address space bounds checking in order to validate that the location should be accessed, and then zero the address if found to be invalid. Since __get_user() is supposed to avoid the bounds check, and this is exactly what get_user() does, there's no point having two different implementations that are doing the same thing. So, when the Spectre workarounds are required, make __get_user() an alias of get_user(). Acked-by: Mark Rutland Signed-off-by: Russell King Signed-off-by: David A. Long --- arch/arm/include/asm/uaccess.h | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) -- 2.17.1 diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h index 4a61f36c7397..7b17460127fd 100644 --- a/arch/arm/include/asm/uaccess.h +++ b/arch/arm/include/asm/uaccess.h @@ -280,6 +280,16 @@ static inline void set_fs(mm_segment_t fs) #define user_addr_max() \ (segment_eq(get_fs(), KERNEL_DS) ? ~0UL : get_fs()) +#ifdef CONFIG_CPU_SPECTRE +/* + * When mitigating Spectre variant 1, it is not worth fixing the non- + * verifying accessors, because we need to add verification of the + * address space there. Force these to use the standard get_user() + * version instead. + */ +#define __get_user(x, ptr) get_user(x, ptr) +#else + /* * The "__xxx" versions of the user access functions do not verify the * address space - it must have been done previously with a separate @@ -296,12 +306,6 @@ static inline void set_fs(mm_segment_t fs) __gu_err; \ }) -#define __get_user_error(x, ptr, err) \ -({ \ - __get_user_err((x), (ptr), err); \ - (void) 0; \ -}) - #define __get_user_err(x, ptr, err) \ do { \ unsigned long __gu_addr = (unsigned long)(ptr); \ @@ -361,6 +365,7 @@ do { \ #define __get_user_asm_word(x, addr, err) \ __get_user_asm(x, addr, err, ldr) +#endif #define __put_user_switch(x, ptr, __err, __fn) \ From patchwork Wed Oct 31 13:57:13 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 149818 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp6826860ljp; Wed, 31 Oct 2018 06:57:48 -0700 (PDT) X-Received: by 2002:a67:43c7:: with SMTP id q190mr151353vsa.237.1540994268010; Wed, 31 Oct 2018 06:57:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540994268; cv=none; d=google.com; s=arc-20160816; b=VKOCLRFG+WwcavDg79gQa58oWsCdzK0EwhLuxl+RJdaidqH9l8d+JSptypokTrDCC/ +WcYVX920VCW8xloiFNF9g6p/9sKeQaSDhbR9orIZLCxjABBjIOk30dRcTWzvZ/hHDQn 77yqwNu9GXdTOWTwY1LrB8gY0BNE61VFvl8086Wc8qnhVr+MZAIfc8CJ3Q6EZyWdWh8m NqgkljGYj30RMqH4WQwVQEnnVF+4VyP6It1bV6866u/3laLb6oQ85bZqN1PDzstIP7GQ NF3unYWp7GeX9fGE5JZZrhcIAek/neAoN+6/PAJoqWCUo8Cdc56ZLcaJUtzCFooC4HTZ HGQg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Z/0wkH1hsYEzgg+PBAkbQLTxUd9uqe7uq7Vi/KXlqcU=; b=SlGA9qaNP+CEWMAiqMk23kYknx+g+XfYFvlqL6M495L/A9idqRgrIOD2/6+9JTVFVD ttSCqdGz7Ol13w4tr09YdDgLiIW2VK840Eo2w8z9r7wMDgQRhgaljeu9UvwJuH6C4g9u UGH0MXnom9rL3vjDgh+cgL3ck+ZJfgIWIj3jkWvHIcIGsiuW0aA0RRsWJhi6dErbENAX yBa8T1mOwwaMD6J9XQ7ltpnBvmXTLKyBWv7p5MdPQpzbFXNE7XqiY5Lgx/c8SpcM9M+B IElUO0UZLKe4NYikFAvny0NOKntg0AQzqma1HgronnsfonyCisi12XxRhOfdeiUxOsdD a1TA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=URubK+dN; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id c16sor10903537uaq.50.2018.10.31.06.57.47 for (Google Transport Security); Wed, 31 Oct 2018 06:57:48 -0700 (PDT) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=URubK+dN; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Z/0wkH1hsYEzgg+PBAkbQLTxUd9uqe7uq7Vi/KXlqcU=; b=URubK+dNlNCNnCL+i4AG/Sfs4ifk488poj1bGjPrp/Ng7s4ouz0PbI7YavPFIc8FTo NWDejmymaxuPWQ+PImlBk48qhLFI00XJHocYC/YyxxGIwEbf8lKDOP8UfXlG3rsSWa3+ 6uirQV2+2bETU+2/ezk3LYhWYhxfs/zSYvzG0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Z/0wkH1hsYEzgg+PBAkbQLTxUd9uqe7uq7Vi/KXlqcU=; b=X6v9vv/VKBpH4/yf+rELo5m9YnDI9JJfY0MspQcx6b/rNfhcYnV32txl7p7MvlqfZe V/saTXfq9Vh1v/gsGSqT2XsKaGq31s9thAUeV5ONO8dD5th1A5c6w59FEfYDqfWGBr2j uKJAy+gkCNlhOelg2JRM2As4Ts9nZai1aRdRS3cYXyQaUfyCcLdSChG6F4pXhAlZdM71 uC7J3qWuvpye9POaW5EiQTaO3HyrGx7HlWg3aufpIALOCUjucB7YAE2IMY/JRgYKMTlG ykgCzawY5Ld06bpQ2UKBKOIO7V3H0dMp4uuicNcBlixZ4iP79Cbv+9ecjYk9Zpr4N9mv eowA== X-Gm-Message-State: AGRZ1gJWP4S40mTX2IfoF96q7YPVISn5XVnM/bgdzX5OC+m8GLIGwQlx 18C182jDvkoXMP9HmdMqS8bevRqn X-Google-Smtp-Source: AJdET5dj5ZxuirtDexm1xyv1EYc6ZPR/JmvuxLvTDCfaJgJffLcCvJb2aSu3hGz3WBhaId/V8VoeNQ== X-Received: by 2002:ab0:526:: with SMTP id 35mr1334109uax.84.1540994267444; Wed, 31 Oct 2018 06:57:47 -0700 (PDT) Return-Path: Received: from dave-Dell-System-XPS-L502X.hsd1.nh.comcast.net ([2603:3005:3403:7100:2c71:8680:34e1:a6aa]) by smtp.googlemail.com with ESMTPSA id s85-v6sm2275624vse.29.2018.10.31.06.57.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Oct 2018 06:57:47 -0700 (PDT) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 24/24] ARM: spectre-v1: mitigate user accesses Date: Wed, 31 Oct 2018 09:57:13 -0400 Message-Id: <20181031135713.2873-25-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181031135713.2873-1-dave.long@linaro.org> References: <20181031135713.2873-1-dave.long@linaro.org> From: Russell King Commit a3c0f84765bb429ba0fd23de1c57b5e1591c9389 upstream. Spectre variant 1 attacks are about this sequence of pseudo-code: index = load(user-manipulated pointer); access(base + index * stride); In order for the cache side-channel to work, the access() must me made to memory which userspace can detect whether cache lines have been loaded. On 32-bit ARM, this must be either user accessible memory, or a kernel mapping of that same user accessible memory. The problem occurs when the load() speculatively loads privileged data, and the subsequent access() is made to user accessible memory. Any load() which makes use of a user-maniplated pointer is a potential problem if the data it has loaded is used in a subsequent access. This also applies for the access() if the data loaded by that access is used by a subsequent access. Harden the get_user() accessors against Spectre attacks by forcing out of bounds addresses to a NULL pointer. This prevents get_user() being used as the load() step above. As a side effect, put_user() will also be affected even though it isn't implicated. Also harden copy_from_user() by redoing the bounds check within the arm_copy_from_user() code, and NULLing the pointer if out of bounds. Acked-by: Mark Rutland Signed-off-by: Russell King Signed-off-by: David A. Long --- arch/arm/include/asm/assembler.h | 4 ++++ arch/arm/lib/copy_from_user.S | 9 +++++++++ 2 files changed, 13 insertions(+) -- 2.17.1 diff --git a/arch/arm/include/asm/assembler.h b/arch/arm/include/asm/assembler.h index 189f3b42baea..e616f61f859d 100644 --- a/arch/arm/include/asm/assembler.h +++ b/arch/arm/include/asm/assembler.h @@ -458,6 +458,10 @@ THUMB( orr \reg , \reg , #PSR_T_BIT ) adds \tmp, \addr, #\size - 1 sbcccs \tmp, \tmp, \limit bcs \bad +#ifdef CONFIG_CPU_SPECTRE + movcs \addr, #0 + csdb +#endif #endif .endm diff --git a/arch/arm/lib/copy_from_user.S b/arch/arm/lib/copy_from_user.S index 7a4b06049001..a826df3d3814 100644 --- a/arch/arm/lib/copy_from_user.S +++ b/arch/arm/lib/copy_from_user.S @@ -90,6 +90,15 @@ .text ENTRY(arm_copy_from_user) +#ifdef CONFIG_CPU_SPECTRE + get_thread_info r3 + ldr r3, [r3, #TI_ADDR_LIMIT] + adds ip, r1, r2 @ ip=addr+size + sub r3, r3, #1 @ addr_limit - 1 + cmpcc ip, r3 @ if (addr+size > addr_limit - 1) + movcs r1, #0 @ addr = NULL + csdb +#endif #include "copy_template.S"