From patchwork Wed Nov 7 16:43:39 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 150416 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp5387096ljp; Wed, 7 Nov 2018 08:44:07 -0800 (PST) X-Received: by 2002:a37:6b42:: with SMTP id g63mr866150qkc.297.1541609046770; Wed, 07 Nov 2018 08:44:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541609046; cv=none; d=google.com; s=arc-20160816; b=Zra0kNvmCyxrh3yFGL9DeDz0e5Uedm/p4KMX8Q0iTR+MIPFnhdBORaJLbA3ODePagt Ca3gbHkyvPeXzhsgRbNw4eKC3SKDnDEuz6jNcBl4XzxK5BE6FpZxBNUmUSJMmb/C0Vv5 zDNPp+AVFXdW2g2an+kX3bn7Um43FiX/0XLhxW+6sj1Bx70i0IKCmzWvspxZGor5cpWE PuivgJXDIFjnNWlNSSBd4OP/SK2xQ/0f1+JCVzurh9kNc7sXOkwsYdQdZWoP1u0Tyka2 qdBseuyNK4XRS6tMiozPPyxwnLHauZdOMKNFj8mhXTaAm+rpz700I7M3us1MBsJT3wiW 7dBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=SQmyI7TiWhvb08q44NqoQ/xFfIg/6qv0/meU+NTEmBk=; b=gX3Ygz6W7EvawSTj8DKXmeBPgCKQtGSB5RgjAnznq0YqqGliWuT3nnuGuIAhoVecwQ FeAkKgPvqQpj+he/mRwtZX1uetIe1A1jIQNV/A0TOzkWoeZEW436j+cUNW6I3QROCyEy GGav6BH+o7WlAHy2iwlp5KieW4cuL6XIQlRcrWXaHunWNboRz5xpSIWUzVWNE1mFGMnW zf+pLrhaVJVFTEbiQxype4CG9gaT4RFQLDtk2mPdg2/bPNbGiIkvIqTjDRA1Ck71eHK4 l69BQkEAiBmRIKgFQNoeTBKHApcjU36XB1CabriGNmzOyi17dSp8UpxuQoRMvjMndSF8 vYOA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=K7mkt4v5; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id o16-v6sor1197859qvo.62.2018.11.07.08.44.06 for (Google Transport Security); Wed, 07 Nov 2018 08:44:06 -0800 (PST) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=K7mkt4v5; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=SQmyI7TiWhvb08q44NqoQ/xFfIg/6qv0/meU+NTEmBk=; b=K7mkt4v5rPE82OxQ0wJPfKu+PFFPbSSCPgLVXD4rz/30uwqzLHJghwiEmpT7YWArAz va5L0tNILt519vwlOol+mnVC6EkglWXRfVZMEsX6gkHE6R2pamh9i4uUU/+r5a6o/jSo kOX7XNeFspsSLzToBBqxVzwE3KK4iWpiYao0w= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=SQmyI7TiWhvb08q44NqoQ/xFfIg/6qv0/meU+NTEmBk=; b=nHXDi8EakwPuFWNBV4jOBV+MmaIfcKrU8E0xM1V7zdHNvhnWgeyxkF6iEpEkCKPOow yzt5dVlpIfaEWnW56X5X/YuPcmzzY6yq6qzjLIJMNrE5NL2G6fQD/RrKbu8bMcBKzLq3 6eHwGfJOG4iczJIklSJ4t1aC1QAj4uS7GViC2OUB7sLbV6dAth49LWsBPT0geR0FuNX2 qXcYhViS4vsVfrbMzvYnuWHi23B+kIIx+iUEMObZgDyXY0F8sus2brCmkCHW5NJP4bGw pya+cz61MxQ4GyarHr0wiVRU4IfRpJ4QX0HgmVNrfIVnyZ1Xp/csm059jnCIIrcQqoab H3lQ== X-Gm-Message-State: AGRZ1gISAhnY/lVZ+BvRXwinzI/HJ4xg3s0X25ixIx9NfEzHwtTQ0uB1 kKhrj0u+iRyiryX74lnJDb2KwpbM X-Google-Smtp-Source: AJdET5euU3SkJuFuifTLFQwU1WraZeKJUBy1W/3izGtfCZDOKxX9LwBq/zScJZm7/h89nAqc5pH4Jg== X-Received: by 2002:a0c:e010:: with SMTP id j16mr958607qvk.111.1541609046236; Wed, 07 Nov 2018 08:44:06 -0800 (PST) Return-Path: Received: from localhost.localdomain (pool-72-71-243-63.cncdnh.fast00.myfairpoint.net. [72.71.243.63]) by smtp.googlemail.com with ESMTPSA id 96-v6sm681817qtc.56.2018.11.07.08.44.05 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 08:44:05 -0800 (PST) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 V2 01/24] ARM: add more CPU part numbers for Cortex and Brahma B15 CPUs Date: Wed, 7 Nov 2018 11:43:39 -0500 Message-Id: <20181107164402.9380-2-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181107164402.9380-1-dave.long@linaro.org> References: <20181107164402.9380-1-dave.long@linaro.org> From: Russell King Commit f5683e76f35b4ec5891031b6a29036efe0a1ff84 upstream. Add CPU part numbers for Cortex A53, A57, A72, A73, A75 and the Broadcom Brahma B15 CPU. Signed-off-by: Russell King Acked-by: Florian Fainelli Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Acked-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/include/asm/cputype.h | 8 ++++++++ 1 file changed, 8 insertions(+) -- 2.17.1 diff --git a/arch/arm/include/asm/cputype.h b/arch/arm/include/asm/cputype.h index b62eaeb147aa..c55db1e22f0c 100644 --- a/arch/arm/include/asm/cputype.h +++ b/arch/arm/include/asm/cputype.h @@ -76,8 +76,16 @@ #define ARM_CPU_PART_CORTEX_A12 0x4100c0d0 #define ARM_CPU_PART_CORTEX_A17 0x4100c0e0 #define ARM_CPU_PART_CORTEX_A15 0x4100c0f0 +#define ARM_CPU_PART_CORTEX_A53 0x4100d030 +#define ARM_CPU_PART_CORTEX_A57 0x4100d070 +#define ARM_CPU_PART_CORTEX_A72 0x4100d080 +#define ARM_CPU_PART_CORTEX_A73 0x4100d090 +#define ARM_CPU_PART_CORTEX_A75 0x4100d0a0 #define ARM_CPU_PART_MASK 0xff00fff0 +/* Broadcom cores */ +#define ARM_CPU_PART_BRAHMA_B15 0x420000f0 + /* DEC implemented cores */ #define ARM_CPU_PART_SA1100 0x4400a110 From patchwork Wed Nov 7 16:43:40 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 150417 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp5387119ljp; Wed, 7 Nov 2018 08:44:08 -0800 (PST) X-Received: by 2002:aed:34a3:: with SMTP id x32mr936281qtd.316.1541609047972; Wed, 07 Nov 2018 08:44:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541609047; cv=none; d=google.com; s=arc-20160816; b=fVMon9rsE4Mm4SH1rj+I8/MnHLO6gS7IEBgM9RUgV9sEpUnKDweNVFL8C9kuxIvLjE Hb57YngD4n1AfQzWzfK/lw9noT+NFfOgewQsZdeB8gSCSgNFONpxkMiVm8czK3OmL3/5 W91FjzNLp3a4Jis99p+vNgyq/wwfzN59TQii0KuOTNMHawRt20gl+elqoWzTLNLHqKpU nEfpMWt1M6zbb1pdnUcoLYrR59MZua2ghDq7+3T7jLr+QJf+INZYdAFUSKvksFcD9IN0 UmfuSt8d+erwrn4WRev89LuN8OlTNsb5HTtg7JPQehbpXQPbLfu81YU8B53K2MTZxSSl xOTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=jTY39Ayx8ZqMRKw0D+5Pum5t44ym6U+TNMWXzWRPFX4=; b=0l502to6KXRZWMSSAn1MRT7cq3d3i0OKoGFYuG3tsxg6I+66itGHi3qXJQcsnaYVQd XohSKcbwX3lyrSBpm5qUXblGIhy0MOCk8IImocOH0qkbiKsC5yQN+iuCm1JxIFh+Y2VK CISsMyhUW0ZbMGJtYfDRicn481vEN7bkElAZbk1qFChdMcIl6dz59bx6+1uc2EZPm5/d sNh4Yv7pvM9GMH4Y85c4WdxphbxUfMZRra2CBpGMTuGG1GU/xYLPlUSgUTxydqIGJ1mQ dVR0pCLoP8S6WmNngTj9qFWWttUbaLJYcS2ttdGDcj0Ktpy3Mw9edPqcF0rwi9kLlYfw IheQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=MCbDrFD9; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id v124-v6sor655306qkd.86.2018.11.07.08.44.07 for (Google Transport Security); Wed, 07 Nov 2018 08:44:07 -0800 (PST) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=MCbDrFD9; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=jTY39Ayx8ZqMRKw0D+5Pum5t44ym6U+TNMWXzWRPFX4=; b=MCbDrFD9/GT+iEg8HblZa/4gbyZ8lJeKHn8QaY2QKeEzqqKKnvlq/cnRli+lr2+yW7 ZZqpGBciwsshfpQlljy7UOgz72XL1mZWmfESK91Sba0py1LDboSKMKQo3sowGk4AcH/H PohJjam/X3Qf1n/AX0XlMXYGE8v7AyZbJ93Iw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=jTY39Ayx8ZqMRKw0D+5Pum5t44ym6U+TNMWXzWRPFX4=; b=YmP5x2N+A2LuKAKyaIMaj2gExR5QIMKdBBFKiyCo+QOdxJSpVUyx/Y3tlW3IBecctF PECqCZ2Dx2zv1/PiqBZfSC4RQzuVvGlDGVdiPw5Nd9nQ4dEixjDFn3Ni9x7EjZ8d8m59 hk9zbw6ByxhWEKCJgHB6qrSpnLvrIVHYHec2azTDYG/danQs74MmcBCPaV8TBcroZLtL 2YOdP0ak47jYxjkoar0HcGBJY4yvSUT327QWz6taRdvpSJuvIqe/WEbV1JXSD8x35XMH hUUe3Jmkjp9BAEO087fH4q0Cv8ij5JYa3ApK8bYGBd8+QZVw5noq5UoGoFOI+QRdBBnK p+1g== X-Gm-Message-State: AGRZ1gI6plIjAzQAlLUn+mSNUO0watvz8GZbffPptZ0Jdfbcscs8L6L2 BUH6PKOaoHNUTnQVFWes9pWl8bUK X-Google-Smtp-Source: AJdET5dos05lSMFz2D40pDARrXy1YRodMWZCP/HF9fK/ga5gLRXhnojCx52EDXh0FNrNrBD/FKnAAg== X-Received: by 2002:a37:654b:: with SMTP id z72mr936707qkb.226.1541609047444; Wed, 07 Nov 2018 08:44:07 -0800 (PST) Return-Path: Received: from localhost.localdomain (pool-72-71-243-63.cncdnh.fast00.myfairpoint.net. [72.71.243.63]) by smtp.googlemail.com with ESMTPSA id 96-v6sm681817qtc.56.2018.11.07.08.44.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 08:44:07 -0800 (PST) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 V2 02/24] ARM: bugs: prepare processor bug infrastructure Date: Wed, 7 Nov 2018 11:43:40 -0500 Message-Id: <20181107164402.9380-3-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181107164402.9380-1-dave.long@linaro.org> References: <20181107164402.9380-1-dave.long@linaro.org> From: Russell King Commit a5b9177f69329314721aa7022b7e69dab23fa1f0 upstream. Prepare the processor bug infrastructure so that it can be expanded to check for per-processor bugs. Signed-off-by: Russell King Reviewed-by: Florian Fainelli Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Acked-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/include/asm/bugs.h | 4 ++-- arch/arm/kernel/Makefile | 1 + arch/arm/kernel/bugs.c | 9 +++++++++ 3 files changed, 12 insertions(+), 2 deletions(-) create mode 100644 arch/arm/kernel/bugs.c -- 2.17.1 diff --git a/arch/arm/include/asm/bugs.h b/arch/arm/include/asm/bugs.h index a97f1ea708d1..ed122d294f3f 100644 --- a/arch/arm/include/asm/bugs.h +++ b/arch/arm/include/asm/bugs.h @@ -10,10 +10,10 @@ #ifndef __ASM_BUGS_H #define __ASM_BUGS_H -#ifdef CONFIG_MMU extern void check_writebuffer_bugs(void); -#define check_bugs() check_writebuffer_bugs() +#ifdef CONFIG_MMU +extern void check_bugs(void); #else #define check_bugs() do { } while (0) #endif diff --git a/arch/arm/kernel/Makefile b/arch/arm/kernel/Makefile index ad325a8c7e1e..adb9add28b6f 100644 --- a/arch/arm/kernel/Makefile +++ b/arch/arm/kernel/Makefile @@ -30,6 +30,7 @@ else obj-y += entry-armv.o endif +obj-$(CONFIG_MMU) += bugs.o obj-$(CONFIG_CPU_IDLE) += cpuidle.o obj-$(CONFIG_ISA_DMA_API) += dma.o obj-$(CONFIG_FIQ) += fiq.o fiqasm.o diff --git a/arch/arm/kernel/bugs.c b/arch/arm/kernel/bugs.c new file mode 100644 index 000000000000..88024028bb70 --- /dev/null +++ b/arch/arm/kernel/bugs.c @@ -0,0 +1,9 @@ +// SPDX-Identifier: GPL-2.0 +#include +#include +#include + +void __init check_bugs(void) +{ + check_writebuffer_bugs(); +} From patchwork Wed Nov 7 16:43:41 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 150418 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp5387143ljp; Wed, 7 Nov 2018 08:44:09 -0800 (PST) X-Received: by 2002:ac8:3a64:: with SMTP id w91mr974621qte.70.1541609049191; Wed, 07 Nov 2018 08:44:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541609049; cv=none; d=google.com; s=arc-20160816; b=xS2nMlLfOUg82o4+bOoLoHo686o3+VHiPdVzyepUkRMYIo5aLFFGRf5ORejyDb4JiZ qvvONfkJRzrzD2QSAI7dRFPVbNCgeV4KQbO32PVQ0ApzQ63sjOws3cM9frIXQfzTuki8 db5QUjMpNTpfK97v2Gky666XHN1lywcXIHIG1/gfnvQBfMnvg2lAwyjY3+7EvTLTXM6I SarQ/3POw+4/ot3YEgn33IQ1HIhp2zEfNrHGh3XLuZc4a++9suw/tBI4wR0tmXp99QKP lMaTMEiDKwrpoRFcNAaUhVkm5uMTebduNPVvSDwK6GC84HJ6B/zKW30kyBWM/T2F8d4l s0DA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=V5xqjqmf9Ei8QgO6vxkYp2SthRErBOksFzLb6U6Ipfg=; b=s+6ATrWbE3U4ro3IXGudVMlukGabPXTXpumRkQrcDxpwifdKjC/2CvJuWl368JGH+o +IiuD9tIOh5AIzzu3wpsZ6zUPQBNqFLSkU9zVbX852cFHW2t967i1IoB4EGncRwj6mzi NJbnMF3B0hhqUdJ8ODhysXZouNEKVVtaJe2wo3KyJfs+Z66RT56S5ivSgKJYGcc1RwfW x8uoZ09i0ppL1PBIt53QWqVsX/YZ57pc7RJ8+AA3J0OtMm17/eNUAjI1tD1LnH7ObqBp 3viK2Wb0chtaaAppKCuZFBgViEewNdlB6e6sh09DQAu6tLhP/HQHMWEdGF4jCsCLfOb0 LlVw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=hio8PBDV; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id p16sor1280252qtn.60.2018.11.07.08.44.09 for (Google Transport Security); Wed, 07 Nov 2018 08:44:09 -0800 (PST) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=hio8PBDV; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=V5xqjqmf9Ei8QgO6vxkYp2SthRErBOksFzLb6U6Ipfg=; b=hio8PBDVBAR85PEIWPnFQXpFp6RY6ZhOXRcJPA5JCZov8RbO5HDjTM0/WJG13DA9Qf pGqeAFCzJNapUv63cuUvjV4bpDst19FLUzmgETjBBOOrIWZiCkwP7Ms/nMyj6nB4LW/q 9Mzx4hNGxUh+15HcvZNZwwmTjtI0GUdQkAQR4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=V5xqjqmf9Ei8QgO6vxkYp2SthRErBOksFzLb6U6Ipfg=; b=I50cdO5Nxe+6Yj8Z1276+ENzML4hIgVCkQxro8Ga8VB3k5L4kJ1IuDgg0I/mqZIk1M L+YRkggQk8potKubqhILsURpkPIpc200Jg+hvp5rk/VBl+32Q9LwXP7DEnxtlWVKG2El aL+r5ItxII13g1A5BeE4yjCDSKSxfJVc8OQ9A0Mkv/GjwhGBW0fyUv6+8ArdHH0tYklL HD1KlDbzQVchgCQ8gWGCNTGS7VPlXWt1trobM6SA19wtOUn8fZlRjc6qFNMuIhxywq4p JxA7juxN8mTXFsj7IdUSCSVjpQd6/Ousl+c5o3Rr7fOiiCr0RpllLHRPlZqfy3Vp5IP7 Nb8Q== X-Gm-Message-State: AGRZ1gJNy80lxVYx5+/zUP5ceGnZgdMLPhHd85vXE3rgR6mCWUt+7BzK PC7PeaZuQaqG2boaBGSlnblNbYjxcpVunQ== X-Google-Smtp-Source: AJdET5d1yEtvZzELTCvZ60WSKdIRh+kpyvBCUL6r+XbXsbQJwiOtDxw9rHrZ6BzioxJD3lyRyQLTCw== X-Received: by 2002:ac8:d86:: with SMTP id s6mr942137qti.324.1541609048645; Wed, 07 Nov 2018 08:44:08 -0800 (PST) Return-Path: Received: from localhost.localdomain (pool-72-71-243-63.cncdnh.fast00.myfairpoint.net. [72.71.243.63]) by smtp.googlemail.com with ESMTPSA id 96-v6sm681817qtc.56.2018.11.07.08.44.07 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 08:44:08 -0800 (PST) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 V2 03/24] ARM: bugs: hook processor bug checking into SMP and suspend paths Date: Wed, 7 Nov 2018 11:43:41 -0500 Message-Id: <20181107164402.9380-4-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181107164402.9380-1-dave.long@linaro.org> References: <20181107164402.9380-1-dave.long@linaro.org> From: Russell King Commit 26602161b5ba795928a5a719fe1d5d9f2ab5c3ef upstream. Check for CPU bugs when secondary processors are being brought online, and also when CPUs are resuming from a low power mode. This gives an opportunity to check that processor specific bug workarounds are correctly enabled for all paths that a CPU re-enters the kernel. Signed-off-by: Russell King Reviewed-by: Florian Fainelli Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Acked-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/include/asm/bugs.h | 2 ++ arch/arm/kernel/bugs.c | 5 +++++ arch/arm/kernel/smp.c | 4 ++++ arch/arm/kernel/suspend.c | 2 ++ 4 files changed, 13 insertions(+) -- 2.17.1 diff --git a/arch/arm/include/asm/bugs.h b/arch/arm/include/asm/bugs.h index ed122d294f3f..73a99c72a930 100644 --- a/arch/arm/include/asm/bugs.h +++ b/arch/arm/include/asm/bugs.h @@ -14,8 +14,10 @@ extern void check_writebuffer_bugs(void); #ifdef CONFIG_MMU extern void check_bugs(void); +extern void check_other_bugs(void); #else #define check_bugs() do { } while (0) +#define check_other_bugs() do { } while (0) #endif #endif diff --git a/arch/arm/kernel/bugs.c b/arch/arm/kernel/bugs.c index 88024028bb70..16e7ba2a9cc4 100644 --- a/arch/arm/kernel/bugs.c +++ b/arch/arm/kernel/bugs.c @@ -3,7 +3,12 @@ #include #include +void check_other_bugs(void) +{ +} + void __init check_bugs(void) { check_writebuffer_bugs(); + check_other_bugs(); } diff --git a/arch/arm/kernel/smp.c b/arch/arm/kernel/smp.c index 7dd14e8395e6..d2ce37da87d8 100644 --- a/arch/arm/kernel/smp.c +++ b/arch/arm/kernel/smp.c @@ -29,6 +29,7 @@ #include #include +#include #include #include #include @@ -400,6 +401,9 @@ asmlinkage void secondary_start_kernel(void) * before we continue - which happens after __cpu_up returns. */ set_cpu_online(cpu, true); + + check_other_bugs(); + complete(&cpu_running); local_irq_enable(); diff --git a/arch/arm/kernel/suspend.c b/arch/arm/kernel/suspend.c index 9a2f882a0a2d..134f0d432610 100644 --- a/arch/arm/kernel/suspend.c +++ b/arch/arm/kernel/suspend.c @@ -1,6 +1,7 @@ #include #include +#include #include #include #include @@ -34,6 +35,7 @@ int cpu_suspend(unsigned long arg, int (*fn)(unsigned long)) cpu_switch_mm(mm->pgd, mm); local_flush_bp_all(); local_flush_tlb_all(); + check_other_bugs(); } return ret; From patchwork Wed Nov 7 16:43:42 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 150419 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp5387170ljp; Wed, 7 Nov 2018 08:44:10 -0800 (PST) X-Received: by 2002:a37:6801:: with SMTP id d1mr882415qkc.217.1541609050318; Wed, 07 Nov 2018 08:44:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541609050; cv=none; d=google.com; s=arc-20160816; b=onqUJ+CpxC48uFPiEoN7IxxWZvldw1OxNvakBJBPKmlICGUXTMZJqk7HhTrNoUqBsq 73LFKvrQ/Lc/BSoD8Cwd6jrricatKXuY+4EkVFFueVZITY2tWYeakpatXWEG0a+vuPkj LmEQQUDS6Zhns4m/EsiVw2JtBAdX8zraQRbqZiFA78tKXd6YXVANrxK0m1xvxe17LHNf wCjhfeZ99jDfyXOM2s5HuGLDw5RMU4JuX4ed7P2dU/XvSjYq7HCmCv3VK5O/yWeypUOi 7rserbdgddR9lHB39mQSf9ut1nFAGdWgmtmfFsmCrLZxZj3mWRVwWR7G18akLo8R9RJ9 EW4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=es8Z1MprFzy9vBwnFnUHPP886nyXeKeu6ARHnvEKVLE=; b=ulNwLNjAaCC2tonK7jCjILJil9vQHg0oYi7nJN2/5DZUdT8smTUlvRQysujXfkDrLH +5YVKsgu6PITRDRz9LzwBA+WX9Qc0ND1Dwo85bvo4xx+KvV1gMb22v0So2oleYHGK2tW ILGGKNLxZpss2uot09fRa7e3oxsS6yyIx7tY4XsE54+YiStwYtbXzWUIdfaWQuIvHgQq lDCsaUZQwP5jro+8N3UaHJhIA4pTmwyNSlfjTVnacTNs4Gusx9b4I3E2Rma5EIJpEi3t jbajbu6BXNFfjTrKyFcEXP4uCxBgJ3UnGeIPXtgbq0arV11wgj7pTIG1AxkIOfpWhOwT 1kCQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=bbmGd9HN; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id o6sor648116qkh.123.2018.11.07.08.44.10 for (Google Transport Security); Wed, 07 Nov 2018 08:44:10 -0800 (PST) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=bbmGd9HN; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=es8Z1MprFzy9vBwnFnUHPP886nyXeKeu6ARHnvEKVLE=; b=bbmGd9HNSjzJ3dwwYAnlM0P021ptxCvJ6Ksu2h9K1jxwggAXLvnveSP2YEAE6UY4tL cESsunC/5lB6JLJAS2Gu42zXrq0fzOMBh6GauWb8w6Kt9eRhbGKm7XAGpPHaMmyWiMp1 r2Zxpx5kynhpbLraqa4okF4K2ddlUKvAXeyao= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=es8Z1MprFzy9vBwnFnUHPP886nyXeKeu6ARHnvEKVLE=; b=MIj6k8KSOyz7lyVPe30DL4Uihlg2GWgOArLyUYOSfaChLrvScVzEPUpbSGBvy0BLU5 Hlt+NJ6v5uf/+pctJtUk19kg162/cZjjIaQxSrVUGftIcxB9DOJQwhXBrgyuQm4hDG9l QYVg50txc63yFzPtdYSSINrzlsv4tCy9sUeq3ndrSduwCxyGJCI8+Qlre9OUAWK6GNe9 jsyXBM/dyCBL3g4KfOEPukgXCSNYsDgu75sHcbXR1FEraImriHLlsS96JpO3WMYauHaI aLgJFQnajsBtUYktBjAGlnurVTU+Zqv9o4J/5Fdo3FYSSWHqsXqQf59AeH6y9R3Tzxei 5Nbw== X-Gm-Message-State: AGRZ1gIigCERHFCHx1/HTIlOItVWRz9OKA3cNTzRzO+JS7mRjW8fTrBr u2wove31bGQZ+knaHDcLihvjzwAQ X-Google-Smtp-Source: AJdET5dffq93vF6jQerX1CVLHHHlY6Uds7Y1b5zxEMrQBx3w2PVX0Uyux6ZOaqYCHPpNnyWu00Q+mQ== X-Received: by 2002:a37:12a1:: with SMTP id 33mr899094qks.151.1541609049783; Wed, 07 Nov 2018 08:44:09 -0800 (PST) Return-Path: Received: from localhost.localdomain (pool-72-71-243-63.cncdnh.fast00.myfairpoint.net. [72.71.243.63]) by smtp.googlemail.com with ESMTPSA id 96-v6sm681817qtc.56.2018.11.07.08.44.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 08:44:09 -0800 (PST) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 V2 04/24] ARM: bugs: add support for per-processor bug checking Date: Wed, 7 Nov 2018 11:43:42 -0500 Message-Id: <20181107164402.9380-5-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181107164402.9380-1-dave.long@linaro.org> References: <20181107164402.9380-1-dave.long@linaro.org> From: Russell King Commit 9d3a04925deeabb97c8e26d940b501a2873e8af3 upstream. Add support for per-processor bug checking - each processor function descriptor gains a function pointer for this check, which must not be an __init function. If non-NULL, this will be called whenever a CPU enters the kernel via which ever path (boot CPU, secondary CPU startup, CPU resuming, etc.) This allows processor specific bug checks to validate that workaround bits are properly enabled by firmware via all entry paths to the kernel. Signed-off-by: Russell King Reviewed-by: Florian Fainelli Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Acked-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/include/asm/proc-fns.h | 4 ++++ arch/arm/kernel/bugs.c | 4 ++++ arch/arm/mm/proc-macros.S | 3 ++- 3 files changed, 10 insertions(+), 1 deletion(-) -- 2.17.1 diff --git a/arch/arm/include/asm/proc-fns.h b/arch/arm/include/asm/proc-fns.h index 8877ad5ffe10..f379f5f849a9 100644 --- a/arch/arm/include/asm/proc-fns.h +++ b/arch/arm/include/asm/proc-fns.h @@ -36,6 +36,10 @@ extern struct processor { * Set up any processor specifics */ void (*_proc_init)(void); + /* + * Check for processor bugs + */ + void (*check_bugs)(void); /* * Disable any processor specifics */ diff --git a/arch/arm/kernel/bugs.c b/arch/arm/kernel/bugs.c index 16e7ba2a9cc4..7be511310191 100644 --- a/arch/arm/kernel/bugs.c +++ b/arch/arm/kernel/bugs.c @@ -5,6 +5,10 @@ void check_other_bugs(void) { +#ifdef MULTI_CPU + if (processor.check_bugs) + processor.check_bugs(); +#endif } void __init check_bugs(void) diff --git a/arch/arm/mm/proc-macros.S b/arch/arm/mm/proc-macros.S index 0d40c285bd86..7d9176c4a21d 100644 --- a/arch/arm/mm/proc-macros.S +++ b/arch/arm/mm/proc-macros.S @@ -274,13 +274,14 @@ mcr p15, 0, ip, c7, c10, 4 @ data write barrier .endm -.macro define_processor_functions name:req, dabort:req, pabort:req, nommu=0, suspend=0 +.macro define_processor_functions name:req, dabort:req, pabort:req, nommu=0, suspend=0, bugs=0 .type \name\()_processor_functions, #object .align 2 ENTRY(\name\()_processor_functions) .word \dabort .word \pabort .word cpu_\name\()_proc_init + .word \bugs .word cpu_\name\()_proc_fin .word cpu_\name\()_reset .word cpu_\name\()_do_idle From patchwork Wed Nov 7 16:43:43 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 150420 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp5387193ljp; Wed, 7 Nov 2018 08:44:11 -0800 (PST) X-Received: by 2002:ac8:1794:: with SMTP id o20mr916523qtj.98.1541609051471; Wed, 07 Nov 2018 08:44:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541609051; cv=none; d=google.com; s=arc-20160816; b=SSkoOOl7Am7IHrewTDCquqBYx95A7Pmbo7EsSloXI5WLF/fnapsNYA2YgTYEusvoJr AOPHlF8r+FqEl3cWJ92uLjFyi0p1s1ph1GExCibm6Y+6DL6M6Y25hcKXO2f2+KbQTZtu 2qZyPSmHeAYiA8DmqAj7I4MiamzKPOgb96cbcT6wL1VO5V9M2NXQrtZC6V7Ejh+VOn/R ZQMHk+mVMDIA+DroEuOAVjK7C36K6hLFR4WeVpTs31nSecJb/Io+uq5q2+uUts1ve3P2 UCOsVv5YjTYaWZuznTBlu3/SxkHFplpKj7MHhx2F6D+d0tlZn6Dr6hg1VJwvVedgXmq1 X+Aw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=VsTOFUcZ+3bSgWLY/gphMhAUNgvi7bl1zA2jWn9hbr8=; b=LDegqfSR1J3SDf2atFaGJXoGo+ktEB5jlPzonHv4mbzA1Y3Fz4Sn/HanvRW97qckT6 JGdgRwmTS+DqdOQFawUNuOl+YWH8NU+xqmTA4u5Kg2vRPZUXhusWrCqazHA7lZ5VlSKH BQM1TpvSLZ8yOWAc4sQfdBdtnmx/iPGRX50KM3pjvW1f2RtrTN7nj5JXyqwRKeWlL0sY xRv0/CSR/S9mkY5fZaIMmlYqxSaKvv2aTgITVa5RMSVSOOgBnTPd2x+IusOpCt/wBBH4 8r3w7VDlYNX/3cZM4H88x83e3dPLhJAVB8dUsnUnumGxncDAqXB1g/e/C3e/D3p/ov2/ oSEQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=fNfnqv6U; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id n63-v6sor599653qkf.76.2018.11.07.08.44.11 for (Google Transport Security); Wed, 07 Nov 2018 08:44:11 -0800 (PST) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=fNfnqv6U; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=VsTOFUcZ+3bSgWLY/gphMhAUNgvi7bl1zA2jWn9hbr8=; b=fNfnqv6UGTJ4UAkS5JRdVb7nSwZAHqON2HW2PLTISiuxSEiTcUZYK6b4Ug2aMlG0JY +FrnLHFv5v2GkCR+R/pEyRkV77yQCBI+yTfoqWnE2zo10askR6wYk+oumvGqv4kpXfR3 h0DfLuIRTvKvwO6C46Lf0W+lo9jYQB9zFsjL8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=VsTOFUcZ+3bSgWLY/gphMhAUNgvi7bl1zA2jWn9hbr8=; b=UEQKPb+cRq+A6M9SXMWIH/uoDD+cXO9xxRfrNcb8sgg2tdfagPYcH+Mzdb+4l/bSN6 svyR5DQzdGxdsnsMfXEK7X5B4gmDyvmTjiZoziYP+71XXgQ4SJJIb9+wcZ5v6sWAgWCU 0PZz4VuKyULOaEGbeVk0UU4wfXg6VNIo8Q9uXiQVxhG7XQqBydBufySBIGnfD6ffab/6 tK8fmTh8No0YndEWnStZQCXwNRaAN1uFHbgvtwM5Rm2veWRIeYIe8Q2YHo851IwlbHFp zlu3oxrMD9ERNzvE/VmMpM9NVY3lrhcstXu504xg1e0ve8h7sGwQrLxQO5YgaoCO3FeZ NaIA== X-Gm-Message-State: AGRZ1gLUUOUlVpD0/KjPDSbSz1NpXUwhiNz0+LcojKZFXkXG+BHWk+RF Y7oY3l43r97msqBjZSA7aC7vglP5 X-Google-Smtp-Source: AJdET5fBPJEusAajYI0L34NyFtl9GxfR9OKvKCmsQfH+lrFk87fYSEIw0CBxHFw98hcCEu4/EOKHUg== X-Received: by 2002:a37:d6ce:: with SMTP id p75mr899502qkl.270.1541609050956; Wed, 07 Nov 2018 08:44:10 -0800 (PST) Return-Path: Received: from localhost.localdomain (pool-72-71-243-63.cncdnh.fast00.myfairpoint.net. [72.71.243.63]) by smtp.googlemail.com with ESMTPSA id 96-v6sm681817qtc.56.2018.11.07.08.44.09 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 08:44:10 -0800 (PST) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 V2 05/24] ARM: spectre: add Kconfig symbol for CPUs vulnerable to Spectre Date: Wed, 7 Nov 2018 11:43:43 -0500 Message-Id: <20181107164402.9380-6-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181107164402.9380-1-dave.long@linaro.org> References: <20181107164402.9380-1-dave.long@linaro.org> From: Russell King Commit c58d237d0852a57fde9bc2c310972e8f4e3d155d upstream. Add a Kconfig symbol for CPUs which are vulnerable to the Spectre attacks. Signed-off-by: Russell King Reviewed-by: Florian Fainelli Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Acked-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/mm/Kconfig | 4 ++++ 1 file changed, 4 insertions(+) -- 2.17.1 diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig index c1799dd1d0d9..d37af5e63411 100644 --- a/arch/arm/mm/Kconfig +++ b/arch/arm/mm/Kconfig @@ -396,6 +396,7 @@ config CPU_V7 select CPU_CP15_MPU if !MMU select CPU_HAS_ASID if MMU select CPU_PABRT_V7 + select CPU_SPECTRE if MMU select CPU_TLB_V7 if MMU # ARMv7M @@ -800,6 +801,9 @@ config CPU_BPREDICT_DISABLE help Say Y here to disable branch prediction. If unsure, say N. +config CPU_SPECTRE + bool + config TLS_REG_EMUL bool select NEED_KUSER_HELPERS From patchwork Wed Nov 7 16:43:44 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 150421 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp5387218ljp; Wed, 7 Nov 2018 08:44:12 -0800 (PST) X-Received: by 2002:ac8:6ca:: with SMTP id j10-v6mr950141qth.84.1541609052684; Wed, 07 Nov 2018 08:44:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541609052; cv=none; d=google.com; s=arc-20160816; b=I8xqfXu8Nrfkr7BNHA45P+bphhQqL79kLzVmA8IYTp6e+6eT0dl5o12kbi8BISxwqC thK8LReZ19ph93FRDg4WBMEBkKYutWzZAWOEeUDd7ctokdbJREwcuI2qo32j2M7HnL5O p+ylJx3kBZanQW8L9a3ShzJd4Gcjz1ZIH92TZilVtaKK1zW9W9xQYeewie3V5yXMwaDY QvawBnT4dvV98R/Hl+C09I6LUCT6tEv4p4b5AllRyLHarNSnRWJCgJ1erFj0xsxrFboH hLxqAKRwPSW+yiTgKqEg0d4jQTMPSJr9n6A2wEGceHUG8GrTMBsapcSEJdnuVJFuLfRg aGtQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=CTrT0sCDLnYXV7f1UFj6oazint08Xg4/jJFEFxTtjTY=; b=v6OzEUcmSLSfpuKqjl9yM0tf5nfqbfo7+oUQhAB+b1JHZILYX1yg/XiRbb56pLp3Ym F08F5Qbp1Agm32mXd3Fa0UReSMmtTQ+AYDY0Lsg1PEB1/B2O/SMg9/Nhf4sg6Ub1Qj+g Pa+Gwb/977heHVBmWOd1sBOMhrtEX55fQtTIVoHbVl+MW5R22HlZyHq62TOpPFb2yTlE MWSb63c35Nxkhtdg/PkIK7KKpT8ggwdFXGXvZzUzo5Rl6AoQsxxFuIWVW8e1DYjZEHHq skYSsr/ofQTKVk8DBTFtak9IVYDkeje9GbSeHSVpm/Y/N6DhbFLVnjimd/SNCE7TAME2 SCVQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=RlNMcqh1; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id p6sor1319834qtc.0.2018.11.07.08.44.12 for (Google Transport Security); Wed, 07 Nov 2018 08:44:12 -0800 (PST) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=RlNMcqh1; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=CTrT0sCDLnYXV7f1UFj6oazint08Xg4/jJFEFxTtjTY=; b=RlNMcqh1P45uPZNzmnkWK+zdYU5i6Ruf2EUh7Qet2YnsbmZ7kxn/BrjaH2LYGX4o7y SHSMUof7/HFA2v+qCiCFB40uH1YhJLyooZHFR5qCEG4/U0x/dX/cTUM4qLWJjf9fwZgu L3i/cW4zMNlY5UuZo+wgwuNvWzC7+jA1leG48= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=CTrT0sCDLnYXV7f1UFj6oazint08Xg4/jJFEFxTtjTY=; b=BNNMCRmkWP22j7mgqvu7QBJEzAp6ly44nHcIZf24IoDiXdsDu3EN5SInRvCJDW8LYU 1qSF6pDhORkbFWJUhD3bDmL1XXSi0Z//7ldL8O8Na9G/oUN/GrUydTHPuRi3UGu7LqEz r/30glgc6N8r+EK84mHjz7BayATbwcXgnVw1vbAkr4J76niDy/aojW7fXJxP5msjTtj6 i7a+4qQF+AWu7A8SRXx1rGsJCZajMXTXBz9iJ65+j+bq2ipNk4bsXpxjOwblLDZu6lmt mDSiIAmHdXSCzteikiGtm64kf7fzBdpG2cVrlR+6NByZyU7jCBLfKE+g0/Q7J+of4ygn igiA== X-Gm-Message-State: AGRZ1gI4DDrTxSyRilPVHDZqkiY3HT99blU1VTqVO6EO/QsKPhnIUA0v O1KSizUyefgpsvtcuJSC4Kb2ALyA X-Google-Smtp-Source: AJdET5dwcpHbL62WDDRemQWyyKmTcG+tHRXbO4QsBv3Lq2WiaXREIgvTgL1o7Jic5RzPhpBSrdilAg== X-Received: by 2002:ac8:50b:: with SMTP id u11-v6mr941085qtg.366.1541609052124; Wed, 07 Nov 2018 08:44:12 -0800 (PST) Return-Path: Received: from localhost.localdomain (pool-72-71-243-63.cncdnh.fast00.myfairpoint.net. [72.71.243.63]) by smtp.googlemail.com with ESMTPSA id 96-v6sm681817qtc.56.2018.11.07.08.44.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 08:44:11 -0800 (PST) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 V2 06/24] ARM: spectre-v2: harden branch predictor on context switches Date: Wed, 7 Nov 2018 11:43:44 -0500 Message-Id: <20181107164402.9380-7-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181107164402.9380-1-dave.long@linaro.org> References: <20181107164402.9380-1-dave.long@linaro.org> From: Russell King Commit 06c23f5ffe7ad45b908d0fff604dae08a7e334b9 upstream. Required manual merge of arch/arm/mm/proc-v7.S. Harden the branch predictor against Spectre v2 attacks on context switches for ARMv7 and later CPUs. We do this by: Cortex A9, A12, A17, A73, A75: invalidating the BTB. Cortex A15, Brahma B15: invalidating the instruction cache. Cortex A57 and Cortex A72 are not addressed in this patch. Cortex R7 and Cortex R8 are also not addressed as we do not enforce memory protection on these cores. Signed-off-by: Russell King Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Acked-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/mm/Kconfig | 19 ++++++ arch/arm/mm/proc-v7-2level.S | 6 -- arch/arm/mm/proc-v7.S | 125 +++++++++++++++++++++++++++-------- 3 files changed, 115 insertions(+), 35 deletions(-) -- 2.17.1 diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig index d37af5e63411..7f3760fa9c15 100644 --- a/arch/arm/mm/Kconfig +++ b/arch/arm/mm/Kconfig @@ -804,6 +804,25 @@ config CPU_BPREDICT_DISABLE config CPU_SPECTRE bool +config HARDEN_BRANCH_PREDICTOR + bool "Harden the branch predictor against aliasing attacks" if EXPERT + depends on CPU_SPECTRE + default y + help + Speculation attacks against some high-performance processors rely + on being able to manipulate the branch predictor for a victim + context by executing aliasing branches in the attacker context. + Such attacks can be partially mitigated against by clearing + internal branch predictor state and limiting the prediction + logic in some situations. + + This config option will take CPU-specific actions to harden + the branch predictor against aliasing attacks and may rely on + specific instruction sequences or control bits being set by + the system firmware. + + If unsure, say Y. + config TLS_REG_EMUL bool select NEED_KUSER_HELPERS diff --git a/arch/arm/mm/proc-v7-2level.S b/arch/arm/mm/proc-v7-2level.S index c6141a5435c3..f8d45ad2a515 100644 --- a/arch/arm/mm/proc-v7-2level.S +++ b/arch/arm/mm/proc-v7-2level.S @@ -41,11 +41,6 @@ * even on Cortex-A8 revisions not affected by 430973. * If IBE is not set, the flush BTAC/BTB won't do anything. */ -ENTRY(cpu_ca8_switch_mm) -#ifdef CONFIG_MMU - mov r2, #0 - mcr p15, 0, r2, c7, c5, 6 @ flush BTAC/BTB -#endif ENTRY(cpu_v7_switch_mm) #ifdef CONFIG_MMU mmid r1, r1 @ get mm->context.id @@ -66,7 +61,6 @@ ENTRY(cpu_v7_switch_mm) #endif bx lr ENDPROC(cpu_v7_switch_mm) -ENDPROC(cpu_ca8_switch_mm) /* * cpu_v7_set_pte_ext(ptep, pte) diff --git a/arch/arm/mm/proc-v7.S b/arch/arm/mm/proc-v7.S index d00d52c9de3e..bf632d76d392 100644 --- a/arch/arm/mm/proc-v7.S +++ b/arch/arm/mm/proc-v7.S @@ -88,6 +88,17 @@ ENTRY(cpu_v7_dcache_clean_area) ret lr ENDPROC(cpu_v7_dcache_clean_area) +ENTRY(cpu_v7_iciallu_switch_mm) + mov r3, #0 + mcr p15, 0, r3, c7, c5, 0 @ ICIALLU + b cpu_v7_switch_mm +ENDPROC(cpu_v7_iciallu_switch_mm) +ENTRY(cpu_v7_bpiall_switch_mm) + mov r3, #0 + mcr p15, 0, r3, c7, c5, 6 @ flush BTAC/BTB + b cpu_v7_switch_mm +ENDPROC(cpu_v7_bpiall_switch_mm) + string cpu_v7_name, "ARMv7 Processor" .align @@ -153,31 +164,6 @@ ENTRY(cpu_v7_do_resume) ENDPROC(cpu_v7_do_resume) #endif -/* - * Cortex-A8 - */ - globl_equ cpu_ca8_proc_init, cpu_v7_proc_init - globl_equ cpu_ca8_proc_fin, cpu_v7_proc_fin - globl_equ cpu_ca8_reset, cpu_v7_reset - globl_equ cpu_ca8_do_idle, cpu_v7_do_idle - globl_equ cpu_ca8_dcache_clean_area, cpu_v7_dcache_clean_area - globl_equ cpu_ca8_set_pte_ext, cpu_v7_set_pte_ext - globl_equ cpu_ca8_suspend_size, cpu_v7_suspend_size -#ifdef CONFIG_ARM_CPU_SUSPEND - globl_equ cpu_ca8_do_suspend, cpu_v7_do_suspend - globl_equ cpu_ca8_do_resume, cpu_v7_do_resume -#endif - -/* - * Cortex-A9 processor functions - */ - globl_equ cpu_ca9mp_proc_init, cpu_v7_proc_init - globl_equ cpu_ca9mp_proc_fin, cpu_v7_proc_fin - globl_equ cpu_ca9mp_reset, cpu_v7_reset - globl_equ cpu_ca9mp_do_idle, cpu_v7_do_idle - globl_equ cpu_ca9mp_dcache_clean_area, cpu_v7_dcache_clean_area - globl_equ cpu_ca9mp_switch_mm, cpu_v7_switch_mm - globl_equ cpu_ca9mp_set_pte_ext, cpu_v7_set_pte_ext .globl cpu_ca9mp_suspend_size .equ cpu_ca9mp_suspend_size, cpu_v7_suspend_size + 4 * 2 #ifdef CONFIG_ARM_CPU_SUSPEND @@ -543,10 +529,75 @@ __v7_setup_stack: @ define struct processor (see and proc-macros.S) define_processor_functions v7, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 + +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + @ generic v7 bpiall on context switch + globl_equ cpu_v7_bpiall_proc_init, cpu_v7_proc_init + globl_equ cpu_v7_bpiall_proc_fin, cpu_v7_proc_fin + globl_equ cpu_v7_bpiall_reset, cpu_v7_reset + globl_equ cpu_v7_bpiall_do_idle, cpu_v7_do_idle + globl_equ cpu_v7_bpiall_dcache_clean_area, cpu_v7_dcache_clean_area + globl_equ cpu_v7_bpiall_set_pte_ext, cpu_v7_set_pte_ext + globl_equ cpu_v7_bpiall_suspend_size, cpu_v7_suspend_size +#ifdef CONFIG_ARM_CPU_SUSPEND + globl_equ cpu_v7_bpiall_do_suspend, cpu_v7_do_suspend + globl_equ cpu_v7_bpiall_do_resume, cpu_v7_do_resume +#endif + define_processor_functions v7_bpiall, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 + +#define HARDENED_BPIALL_PROCESSOR_FUNCTIONS v7_bpiall_processor_functions +#else +#define HARDENED_BPIALL_PROCESSOR_FUNCTIONS v7_processor_functions +#endif + #ifndef CONFIG_ARM_LPAE + @ Cortex-A8 - always needs bpiall switch_mm implementation + globl_equ cpu_ca8_proc_init, cpu_v7_proc_init + globl_equ cpu_ca8_proc_fin, cpu_v7_proc_fin + globl_equ cpu_ca8_reset, cpu_v7_reset + globl_equ cpu_ca8_do_idle, cpu_v7_do_idle + globl_equ cpu_ca8_dcache_clean_area, cpu_v7_dcache_clean_area + globl_equ cpu_ca8_set_pte_ext, cpu_v7_set_pte_ext + globl_equ cpu_ca8_switch_mm, cpu_v7_bpiall_switch_mm + globl_equ cpu_ca8_suspend_size, cpu_v7_suspend_size +#ifdef CONFIG_ARM_CPU_SUSPEND + globl_equ cpu_ca8_do_suspend, cpu_v7_do_suspend + globl_equ cpu_ca8_do_resume, cpu_v7_do_resume +#endif define_processor_functions ca8, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 + + @ Cortex-A9 - needs more registers preserved across suspend/resume + @ and bpiall switch_mm for hardening + globl_equ cpu_ca9mp_proc_init, cpu_v7_proc_init + globl_equ cpu_ca9mp_proc_fin, cpu_v7_proc_fin + globl_equ cpu_ca9mp_reset, cpu_v7_reset + globl_equ cpu_ca9mp_do_idle, cpu_v7_do_idle + globl_equ cpu_ca9mp_dcache_clean_area, cpu_v7_dcache_clean_area +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + globl_equ cpu_ca9mp_switch_mm, cpu_v7_bpiall_switch_mm +#else + globl_equ cpu_ca9mp_switch_mm, cpu_v7_switch_mm +#endif + globl_equ cpu_ca9mp_set_pte_ext, cpu_v7_set_pte_ext define_processor_functions ca9mp, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 #endif + + @ Cortex-A15 - needs iciallu switch_mm for hardening + globl_equ cpu_ca15_proc_init, cpu_v7_proc_init + globl_equ cpu_ca15_proc_fin, cpu_v7_proc_fin + globl_equ cpu_ca15_reset, cpu_v7_reset + globl_equ cpu_ca15_do_idle, cpu_v7_do_idle + globl_equ cpu_ca15_dcache_clean_area, cpu_v7_dcache_clean_area +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + globl_equ cpu_ca15_switch_mm, cpu_v7_iciallu_switch_mm +#else + globl_equ cpu_ca15_switch_mm, cpu_v7_switch_mm +#endif + globl_equ cpu_ca15_set_pte_ext, cpu_v7_set_pte_ext + globl_equ cpu_ca15_suspend_size, cpu_v7_suspend_size + globl_equ cpu_ca15_do_suspend, cpu_v7_do_suspend + globl_equ cpu_ca15_do_resume, cpu_v7_do_resume + define_processor_functions ca15, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 #ifdef CONFIG_CPU_PJ4B define_processor_functions pj4b, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 #endif @@ -653,7 +704,7 @@ __v7_ca7mp_proc_info: __v7_ca12mp_proc_info: .long 0x410fc0d0 .long 0xff0ffff0 - __v7_proc __v7_ca12mp_proc_info, __v7_ca12mp_setup + __v7_proc __v7_ca12mp_proc_info, __v7_ca12mp_setup, proc_fns = HARDENED_BPIALL_PROCESSOR_FUNCTIONS .size __v7_ca12mp_proc_info, . - __v7_ca12mp_proc_info /* @@ -663,7 +714,7 @@ __v7_ca12mp_proc_info: __v7_ca15mp_proc_info: .long 0x410fc0f0 .long 0xff0ffff0 - __v7_proc __v7_ca15mp_proc_info, __v7_ca15mp_setup + __v7_proc __v7_ca15mp_proc_info, __v7_ca15mp_setup, proc_fns = ca15_processor_functions .size __v7_ca15mp_proc_info, . - __v7_ca15mp_proc_info /* @@ -673,7 +724,7 @@ __v7_ca15mp_proc_info: __v7_b15mp_proc_info: .long 0x420f00f0 .long 0xff0ffff0 - __v7_proc __v7_b15mp_proc_info, __v7_b15mp_setup + __v7_proc __v7_b15mp_proc_info, __v7_b15mp_setup, proc_fns = ca15_processor_functions .size __v7_b15mp_proc_info, . - __v7_b15mp_proc_info /* @@ -683,9 +734,25 @@ __v7_b15mp_proc_info: __v7_ca17mp_proc_info: .long 0x410fc0e0 .long 0xff0ffff0 - __v7_proc __v7_ca17mp_proc_info, __v7_ca17mp_setup + __v7_proc __v7_ca17mp_proc_info, __v7_ca17mp_setup, proc_fns = HARDENED_BPIALL_PROCESSOR_FUNCTIONS .size __v7_ca17mp_proc_info, . - __v7_ca17mp_proc_info + /* ARM Ltd. Cortex A73 processor */ + .type __v7_ca73_proc_info, #object +__v7_ca73_proc_info: + .long 0x410fd090 + .long 0xff0ffff0 + __v7_proc __v7_ca73_proc_info, __v7_setup, proc_fns = HARDENED_BPIALL_PROCESSOR_FUNCTIONS + .size __v7_ca73_proc_info, . - __v7_ca73_proc_info + + /* ARM Ltd. Cortex A75 processor */ + .type __v7_ca75_proc_info, #object +__v7_ca75_proc_info: + .long 0x410fd0a0 + .long 0xff0ffff0 + __v7_proc __v7_ca75_proc_info, __v7_setup, proc_fns = HARDENED_BPIALL_PROCESSOR_FUNCTIONS + .size __v7_ca75_proc_info, . - __v7_ca75_proc_info + /* * Qualcomm Inc. Krait processors. */ From patchwork Wed Nov 7 16:43:45 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 150422 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp5387231ljp; Wed, 7 Nov 2018 08:44:13 -0800 (PST) X-Received: by 2002:ac8:73c2:: with SMTP id v2mr880633qtp.377.1541609053776; Wed, 07 Nov 2018 08:44:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541609053; cv=none; d=google.com; s=arc-20160816; b=sUi7Tgu5x/A1HhxzI/iJjPT+toWNYLXr1b1VOfIX6V/pYwoD9molMqfe3burB07GqL lSTtTH6qOqgbaIH36ry650oQ49C2f7VlvhUae2zgpR0Rm4AlKCdwpBRIew5We+x4I596 un0cgWsZ5hQcWR5+Rblm4Q/jfuukpHqOTcs12BPLi5sjXNJY0xBQxh1cq5IJxp0uR6KL Fh6b8WaqM4IMPg8dWjTDUjHWP5yLA0GY1q2WeTuLmfTKpiWynn2I2F6/aISHwPHRm9ub 9HJ5r2ihb0wjbvC6yT3Ak4sIE9AiQGvnEJoqEU/gX2KpJlDjp1GoTsUsQBsIQq3m/z8q IaBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=oya04Nf0O5JKk85HbYhsYDzO4JPG4SJhDIEkrw1i94M=; b=omETIQPT8N3fHyBINu1ffTKOC/P1nq3I8iIdHyOZKdDHX6M6MsC0POdRGky1qHfj3F slEsaKZsfKENrGeePLZEiBWKhz9dtsweCyIn5iMANPv6MmED2vjEgh7sQ5yCAt48NCTP pcMssgqeiuMc9eo+tnZZQc6yZpOyokqJOLKBTXY5sqKXwAZwQtf7G7uqMwYP5M+tEKds dGoNSKOWdPU/VmwmHSTwJEi3wsyu/qP0NWxy8eIMK6IQ8Pv1mmwXJxY8Xr5uHafrAGPY ykKt7hmVRQ4WmoDitqYhDM8TkLpqO5IqYSRk4vYHn0nRfJxxLZrvAXy+3p+FZzWlW7s7 raRA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=VEYbF5jY; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id n23-v6sor576845qka.114.2018.11.07.08.44.13 for (Google Transport Security); Wed, 07 Nov 2018 08:44:13 -0800 (PST) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=VEYbF5jY; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=oya04Nf0O5JKk85HbYhsYDzO4JPG4SJhDIEkrw1i94M=; b=VEYbF5jYXCF0urlL3lknHmxs1+uIZ6eWM95x8t0ExSFcneIbP3x/1Eg5CW+A43gUPG gkUxUXq3byyfBALFEG4AOrpVgjiPFyjlHwWw+VIfuVkJWfvtolVrLWr5zMNM+0qbwjC1 IAvGY9zB0l0nKNLiIArjwncfeyv9UjBW2v7Hg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=oya04Nf0O5JKk85HbYhsYDzO4JPG4SJhDIEkrw1i94M=; b=nkwXGqzEqwaxjvFq7aYQo/0uc55IrQIlf0e23zD2S3tJybucq6ZEex6DK6GtCiXisR EvdKMEmMvf5CAe1J7F/xt1u+AK7n5ZRSZxPxk732wCMGgqMwV8lDQcivw2Svhi9hyAwL vhmjMADI82ffP9BEkvYf5POp1fAWI/FPopIF9B9z5FsM5/ODb5INd3gr2NNoRmb4BeZ3 WeJ1BcjeDlZ8Umz7HjwVFFBLgf5YR8DdYrQVP/D0E4CwpBxCY9qIjSxUqDE/Muhp22oU X5OkZcqGQOsidCAHX7rMtvX7y5/oaiuw7GOL+3e07TpLEXEkyw19n+Fe0Q6fDGuvMu2q fvxg== X-Gm-Message-State: AGRZ1gKuZqDxGFog9fmAQzxMm5REG8O788hLqYbnDMIReeQVS/OO6V/2 jJRdqmf85d3bekZplv1CyiPEtF5t X-Google-Smtp-Source: AJdET5e9qXA/kYQ9OMnJu+7nIUnyHjFVcBe5WGBz4Qz3M9D+s7YToO6ief26nWVgQURqjI4kRYeBtw== X-Received: by 2002:a37:a141:: with SMTP id k62mr904496qke.280.1541609053252; Wed, 07 Nov 2018 08:44:13 -0800 (PST) Return-Path: Received: from localhost.localdomain (pool-72-71-243-63.cncdnh.fast00.myfairpoint.net. [72.71.243.63]) by smtp.googlemail.com with ESMTPSA id 96-v6sm681817qtc.56.2018.11.07.08.44.12 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 08:44:12 -0800 (PST) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 V2 07/24] ARM: spectre-v2: add Cortex A8 and A15 validation of the IBE bit Date: Wed, 7 Nov 2018 11:43:45 -0500 Message-Id: <20181107164402.9380-8-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181107164402.9380-1-dave.long@linaro.org> References: <20181107164402.9380-1-dave.long@linaro.org> From: Russell King Commit e388b80288aade31135aca23d32eee93dd106795 upstream. When the branch predictor hardening is enabled, firmware must have set the IBE bit in the auxiliary control register. If this bit has not been set, the Spectre workarounds will not be functional. Add validation that this bit is set, and print a warning at alert level if this is not the case. Signed-off-by: Russell King Reviewed-by: Florian Fainelli Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Signed-off-by: David A. Long --- arch/arm/mm/Makefile | 2 +- arch/arm/mm/proc-v7-bugs.c | 36 ++++++++++++++++++++++++++++++++++++ arch/arm/mm/proc-v7.S | 4 ++-- 3 files changed, 39 insertions(+), 3 deletions(-) create mode 100644 arch/arm/mm/proc-v7-bugs.c -- 2.17.1 diff --git a/arch/arm/mm/Makefile b/arch/arm/mm/Makefile index e8698241ece9..92d47c8cbbc3 100644 --- a/arch/arm/mm/Makefile +++ b/arch/arm/mm/Makefile @@ -94,7 +94,7 @@ obj-$(CONFIG_CPU_MOHAWK) += proc-mohawk.o obj-$(CONFIG_CPU_FEROCEON) += proc-feroceon.o obj-$(CONFIG_CPU_V6) += proc-v6.o obj-$(CONFIG_CPU_V6K) += proc-v6.o -obj-$(CONFIG_CPU_V7) += proc-v7.o +obj-$(CONFIG_CPU_V7) += proc-v7.o proc-v7-bugs.o obj-$(CONFIG_CPU_V7M) += proc-v7m.o AFLAGS_proc-v6.o :=-Wa,-march=armv6 diff --git a/arch/arm/mm/proc-v7-bugs.c b/arch/arm/mm/proc-v7-bugs.c new file mode 100644 index 000000000000..e46557db6446 --- /dev/null +++ b/arch/arm/mm/proc-v7-bugs.c @@ -0,0 +1,36 @@ +// SPDX-License-Identifier: GPL-2.0 +#include +#include + +static __maybe_unused void cpu_v7_check_auxcr_set(bool *warned, + u32 mask, const char *msg) +{ + u32 aux_cr; + + asm("mrc p15, 0, %0, c1, c0, 1" : "=r" (aux_cr)); + + if ((aux_cr & mask) != mask) { + if (!*warned) + pr_err("CPU%u: %s", smp_processor_id(), msg); + *warned = true; + } +} + +static DEFINE_PER_CPU(bool, spectre_warned); + +static void check_spectre_auxcr(bool *warned, u32 bit) +{ + if (IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR) && + cpu_v7_check_auxcr_set(warned, bit, + "Spectre v2: firmware did not set auxiliary control register IBE bit, system vulnerable\n"); +} + +void cpu_v7_ca8_ibe(void) +{ + check_spectre_auxcr(this_cpu_ptr(&spectre_warned), BIT(6)); +} + +void cpu_v7_ca15_ibe(void) +{ + check_spectre_auxcr(this_cpu_ptr(&spectre_warned), BIT(0)); +} diff --git a/arch/arm/mm/proc-v7.S b/arch/arm/mm/proc-v7.S index bf632d76d392..4e4f794f17ce 100644 --- a/arch/arm/mm/proc-v7.S +++ b/arch/arm/mm/proc-v7.S @@ -564,7 +564,7 @@ __v7_setup_stack: globl_equ cpu_ca8_do_suspend, cpu_v7_do_suspend globl_equ cpu_ca8_do_resume, cpu_v7_do_resume #endif - define_processor_functions ca8, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 + define_processor_functions ca8, dabort=v7_early_abort, pabort=v7_pabort, suspend=1, bugs=cpu_v7_ca8_ibe @ Cortex-A9 - needs more registers preserved across suspend/resume @ and bpiall switch_mm for hardening @@ -597,7 +597,7 @@ __v7_setup_stack: globl_equ cpu_ca15_suspend_size, cpu_v7_suspend_size globl_equ cpu_ca15_do_suspend, cpu_v7_do_suspend globl_equ cpu_ca15_do_resume, cpu_v7_do_resume - define_processor_functions ca15, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 + define_processor_functions ca15, dabort=v7_early_abort, pabort=v7_pabort, suspend=1, bugs=cpu_v7_ca15_ibe #ifdef CONFIG_CPU_PJ4B define_processor_functions pj4b, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 #endif From patchwork Wed Nov 7 16:43:46 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 150423 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp5387250ljp; Wed, 7 Nov 2018 08:44:15 -0800 (PST) X-Received: by 2002:aed:384a:: with SMTP id j68mr927422qte.171.1541609054998; Wed, 07 Nov 2018 08:44:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541609054; cv=none; d=google.com; s=arc-20160816; b=mFSAgnwslT88bvxVbxHQbdgaDUZC2dm3r+3VT/CyBUll2upPUbYKYx5L2PbrAHW5rQ 9ZHuJSn86S7VYDGXXFPyW9/DjxlvNkk17PJo8ah+68SPPH2q/sXOEwqb/2ER2BKGgaKJ hFa7YACrWyPn91yOs+tp0iOsySF1NzaAxyxVYJM615WdMBNhYECxA+bQ2Zpe5Tjr3I+B hA3W/o3SQZYbhJYcwcb1KW1stqIaZ0qPYZxd/UCeazdW1V6eegO3b5TnGRUBN+BZsQVR 7z/TnbbCb1cyjkhdzaZANmIUnQT2RZ3egSv+k1wQZ/TAe3pdqiMOgSXtFLW5evE8x7nC b4RA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=RTypk7ytVSq6HRP039KKlUhlZd4ojNgO2ok3F47UQ/c=; b=TW2abu5lfwtamzJOsq9C1l+9yQwaS5VMcs3ATVwzZ6GzGKsyBeAaGzPbPx4fkqJ+xc JsBql21ors1OpXRcfZoOb93HjalNmr4yV5TEE2h+nDctO3v6/QL9i6AieAjn6a6WvnQG V/wormPjnZZG7NuYF2G98B4I4eIhWCL2mGb2y4jHIQjeBxLC4Its/Wg0KzxWnHW3Rbxp irvUQgQ8V6NyRFyFsJXcoS8HuqhNZiZ0AWis0TKmxulvCEc5NfXFKelVtJ8voMSy5hH+ jG/VY6b9Horw0GvtJNX6a3qfv2xRF4wKqUsFs2E6HdNQ5S1YnuvvI5EUG5yn80tKVZS7 FCIw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=FyciC3Qz; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id 66sor596461qkq.4.2018.11.07.08.44.14 for (Google Transport Security); Wed, 07 Nov 2018 08:44:14 -0800 (PST) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=FyciC3Qz; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=RTypk7ytVSq6HRP039KKlUhlZd4ojNgO2ok3F47UQ/c=; b=FyciC3QzdbEjym/W2K9pgj89y1V0SBbT6QunIAi6PWEKLy9OCcJcDxYOHCZM3FlPjY DMlYfJKsacKX9vJslcdGKkEp04DskX7Vfp0QnAPUmcJEY0lwm7xJ91FoBJnWc53K9P6B XsVUdYICgD7RBFOXw6CcQh9HSV3P4eiGPxJMk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=RTypk7ytVSq6HRP039KKlUhlZd4ojNgO2ok3F47UQ/c=; b=ZqgEYXCN72/BYxks7dVdPRP+8bMuy+io5mLNS7RWo232Dm362BH8KVExvReBQOZbcZ dMlgp5PizgkXhmqTiX0wwURHBR47MdOXcGskXFv84g7ZaXyum+nm0C0k1zC29MGKe7eR 0PnVPN4SqTzKDUGzhMQ3WHTKic4OAy1tlBgfdjsvfdjvRPGVM9IFx+BkAPnqBcN9UQMD jPHhvIDqm1q/EOZMw8D7cMysl2qtpUqWKrNmPts3UqtWGKC9NKCwioHh9i8UNXCaMilD e8GwoWao6G42g9WmGcqbh8qAoLP/JFpLMqFdua30ujFmLM/6XOgLE8EsXGG0vplMECxd 7hZw== X-Gm-Message-State: AGRZ1gKK2qLY3yru9S4KGU90UduisMyuRJUDrHzyIWEQJ+QMKj0AWhpD jDCUtKyT8zdAkzSXcSDH0u25oqde X-Google-Smtp-Source: AJdET5eoTVJgMUENPclXk42mZ/W8enihDN4vIAKC5r5mFF2Rc05iaibGJ+FCHBbQd68h3MqhFKNGVQ== X-Received: by 2002:a37:b805:: with SMTP id i5mr902664qkf.141.1541609054445; Wed, 07 Nov 2018 08:44:14 -0800 (PST) Return-Path: Received: from localhost.localdomain (pool-72-71-243-63.cncdnh.fast00.myfairpoint.net. [72.71.243.63]) by smtp.googlemail.com with ESMTPSA id 96-v6sm681817qtc.56.2018.11.07.08.44.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 08:44:13 -0800 (PST) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 V2 08/24] ARM: spectre-v2: harden user aborts in kernel space Date: Wed, 7 Nov 2018 11:43:46 -0500 Message-Id: <20181107164402.9380-9-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181107164402.9380-1-dave.long@linaro.org> References: <20181107164402.9380-1-dave.long@linaro.org> From: Russell King Commit f5fe12b1eaee220ce62ff9afb8b90929c396595f upstream. In order to prevent aliasing attacks on the branch predictor, invalidate the BTB or instruction cache on CPUs that are known to be affected when taking an abort on a address that is outside of a user task limit: Cortex A8, A9, A12, A17, A73, A75: flush BTB. Cortex A15, Brahma B15: invalidate icache. If the IBE bit is not set, then there is little point to enabling the workaround. Signed-off-by: Russell King Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Signed-off-by: David A. Long --- arch/arm/include/asm/cp15.h | 3 ++ arch/arm/include/asm/system_misc.h | 15 ++++++ arch/arm/mm/fault.c | 3 ++ arch/arm/mm/proc-v7-bugs.c | 73 ++++++++++++++++++++++++++++-- arch/arm/mm/proc-v7.S | 8 ++-- 5 files changed, 94 insertions(+), 8 deletions(-) -- 2.17.1 diff --git a/arch/arm/include/asm/cp15.h b/arch/arm/include/asm/cp15.h index dbdbce1b3a72..b74b174ac9fc 100644 --- a/arch/arm/include/asm/cp15.h +++ b/arch/arm/include/asm/cp15.h @@ -64,6 +64,9 @@ #define __write_sysreg(v, r, w, c, t) asm volatile(w " " c : : "r" ((t)(v))) #define write_sysreg(v, ...) __write_sysreg(v, __VA_ARGS__) +#define BPIALL __ACCESS_CP15(c7, 0, c5, 6) +#define ICIALLU __ACCESS_CP15(c7, 0, c5, 0) + extern unsigned long cr_alignment; /* defined in entry-armv.S */ static inline unsigned long get_cr(void) diff --git a/arch/arm/include/asm/system_misc.h b/arch/arm/include/asm/system_misc.h index a3d61ad984af..1fed41440af9 100644 --- a/arch/arm/include/asm/system_misc.h +++ b/arch/arm/include/asm/system_misc.h @@ -7,6 +7,7 @@ #include #include #include +#include extern void cpu_init(void); @@ -14,6 +15,20 @@ void soft_restart(unsigned long); extern void (*arm_pm_restart)(enum reboot_mode reboot_mode, const char *cmd); extern void (*arm_pm_idle)(void); +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR +typedef void (*harden_branch_predictor_fn_t)(void); +DECLARE_PER_CPU(harden_branch_predictor_fn_t, harden_branch_predictor_fn); +static inline void harden_branch_predictor(void) +{ + harden_branch_predictor_fn_t fn = per_cpu(harden_branch_predictor_fn, + smp_processor_id()); + if (fn) + fn(); +} +#else +#define harden_branch_predictor() do { } while (0) +#endif + #define UDBG_UNDEFINED (1 << 0) #define UDBG_SYSCALL (1 << 1) #define UDBG_BADABORT (1 << 2) diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c index f7861dc83182..5ca207ada852 100644 --- a/arch/arm/mm/fault.c +++ b/arch/arm/mm/fault.c @@ -163,6 +163,9 @@ __do_user_fault(struct task_struct *tsk, unsigned long addr, { struct siginfo si; + if (addr > TASK_SIZE) + harden_branch_predictor(); + #ifdef CONFIG_DEBUG_USER if (((user_debug & UDBG_SEGV) && (sig == SIGSEGV)) || ((user_debug & UDBG_BUS) && (sig == SIGBUS))) { diff --git a/arch/arm/mm/proc-v7-bugs.c b/arch/arm/mm/proc-v7-bugs.c index e46557db6446..85a2e3d6263c 100644 --- a/arch/arm/mm/proc-v7-bugs.c +++ b/arch/arm/mm/proc-v7-bugs.c @@ -2,7 +2,61 @@ #include #include -static __maybe_unused void cpu_v7_check_auxcr_set(bool *warned, +#include +#include +#include + +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR +DEFINE_PER_CPU(harden_branch_predictor_fn_t, harden_branch_predictor_fn); + +static void harden_branch_predictor_bpiall(void) +{ + write_sysreg(0, BPIALL); +} + +static void harden_branch_predictor_iciallu(void) +{ + write_sysreg(0, ICIALLU); +} + +static void cpu_v7_spectre_init(void) +{ + const char *spectre_v2_method = NULL; + int cpu = smp_processor_id(); + + if (per_cpu(harden_branch_predictor_fn, cpu)) + return; + + switch (read_cpuid_part()) { + case ARM_CPU_PART_CORTEX_A8: + case ARM_CPU_PART_CORTEX_A9: + case ARM_CPU_PART_CORTEX_A12: + case ARM_CPU_PART_CORTEX_A17: + case ARM_CPU_PART_CORTEX_A73: + case ARM_CPU_PART_CORTEX_A75: + per_cpu(harden_branch_predictor_fn, cpu) = + harden_branch_predictor_bpiall; + spectre_v2_method = "BPIALL"; + break; + + case ARM_CPU_PART_CORTEX_A15: + case ARM_CPU_PART_BRAHMA_B15: + per_cpu(harden_branch_predictor_fn, cpu) = + harden_branch_predictor_iciallu; + spectre_v2_method = "ICIALLU"; + break; + } + if (spectre_v2_method) + pr_info("CPU%u: Spectre v2: using %s workaround\n", + smp_processor_id(), spectre_v2_method); +} +#else +static void cpu_v7_spectre_init(void) +{ +} +#endif + +static __maybe_unused bool cpu_v7_check_auxcr_set(bool *warned, u32 mask, const char *msg) { u32 aux_cr; @@ -13,24 +67,33 @@ static __maybe_unused void cpu_v7_check_auxcr_set(bool *warned, if (!*warned) pr_err("CPU%u: %s", smp_processor_id(), msg); *warned = true; + return false; } + return true; } static DEFINE_PER_CPU(bool, spectre_warned); -static void check_spectre_auxcr(bool *warned, u32 bit) +static bool check_spectre_auxcr(bool *warned, u32 bit) { - if (IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR) && + return IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR) && cpu_v7_check_auxcr_set(warned, bit, "Spectre v2: firmware did not set auxiliary control register IBE bit, system vulnerable\n"); } void cpu_v7_ca8_ibe(void) { - check_spectre_auxcr(this_cpu_ptr(&spectre_warned), BIT(6)); + if (check_spectre_auxcr(this_cpu_ptr(&spectre_warned), BIT(6))) + cpu_v7_spectre_init(); } void cpu_v7_ca15_ibe(void) { - check_spectre_auxcr(this_cpu_ptr(&spectre_warned), BIT(0)); + if (check_spectre_auxcr(this_cpu_ptr(&spectre_warned), BIT(0))) + cpu_v7_spectre_init(); +} + +void cpu_v7_bugs_init(void) +{ + cpu_v7_spectre_init(); } diff --git a/arch/arm/mm/proc-v7.S b/arch/arm/mm/proc-v7.S index 4e4f794f17ce..2d2e5ae85816 100644 --- a/arch/arm/mm/proc-v7.S +++ b/arch/arm/mm/proc-v7.S @@ -527,8 +527,10 @@ __v7_setup_stack: __INITDATA + .weak cpu_v7_bugs_init + @ define struct processor (see and proc-macros.S) - define_processor_functions v7, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 + define_processor_functions v7, dabort=v7_early_abort, pabort=v7_pabort, suspend=1, bugs=cpu_v7_bugs_init #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR @ generic v7 bpiall on context switch @@ -543,7 +545,7 @@ __v7_setup_stack: globl_equ cpu_v7_bpiall_do_suspend, cpu_v7_do_suspend globl_equ cpu_v7_bpiall_do_resume, cpu_v7_do_resume #endif - define_processor_functions v7_bpiall, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 + define_processor_functions v7_bpiall, dabort=v7_early_abort, pabort=v7_pabort, suspend=1, bugs=cpu_v7_bugs_init #define HARDENED_BPIALL_PROCESSOR_FUNCTIONS v7_bpiall_processor_functions #else @@ -579,7 +581,7 @@ __v7_setup_stack: globl_equ cpu_ca9mp_switch_mm, cpu_v7_switch_mm #endif globl_equ cpu_ca9mp_set_pte_ext, cpu_v7_set_pte_ext - define_processor_functions ca9mp, dabort=v7_early_abort, pabort=v7_pabort, suspend=1 + define_processor_functions ca9mp, dabort=v7_early_abort, pabort=v7_pabort, suspend=1, bugs=cpu_v7_bugs_init #endif @ Cortex-A15 - needs iciallu switch_mm for hardening From patchwork Wed Nov 7 16:43:47 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 150424 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp5387283ljp; Wed, 7 Nov 2018 08:44:16 -0800 (PST) X-Received: by 2002:a0c:9aca:: with SMTP id k10mr974974qvf.185.1541609056362; Wed, 07 Nov 2018 08:44:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541609056; cv=none; d=google.com; s=arc-20160816; b=TjVa1scljZAIDfocQN2NmaRJO/7+FKdFThKpoe0dnQJ644xMv/HkG+bsnhx+s3cZDk vgkp1RLtGuQZgGuKt7DiINEmwdPg2hMPr35Zz+wVQuQErcsU1G+yUCWF5C8wP3SAlz9p 5InfUhjnL7IH3ifZLT2JgM/DZYNpiRNn+Povq1QsIvOM0Eaa69Ob42yeswI9iq+geNr2 ni3hBdPqLEiYtlIujc9uesL2G3mA/dPy7QgHTAOJlDJ1Fdoo4BkIAUfD6kMZTy5a8HR9 Kj7yndC0Ha3cpU98prpaDaAr+t6y4f/EqvQeKFOq2WSbODxcUwgBWWB9FA/i9GgZhyuY 0K3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=RE5wi9MCZt8dci0j9GEqkEEMzvZET3+/Prb5cN1cv3I=; b=CpyhWRbzunfRMWh+bHFnPOj6TjUv6IH71rE8wL5QGVksZvzZ0rIlgEGFCfId9aMDSq HsZRbqtLUwKQ6B13kwPfj5gEw4AiBxYdgF7hCqfJFmF1hhpisiFQvxKm/8cQoPxrpzvE T6aR5g3ZXy/SMz3ZpkEH6MSn+VkkX1d+cSpDIdmYch3KcpxyodjFYshTZChnIz7qPAmP F5V0qsJphwTxvsGR8RUqNUwMvoaZUzD6WO4JVl09hmZCwGvyobRBlH0ygAfu4QuR8/cJ ZV11NVZZKT868i0TK5bHHszv4KC72/dgpoQgeBHxV9adFfCYjKyfNP01EcXCNggWlMl7 SnGg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=P6tLkQP3; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id u3sor1198450qvi.55.2018.11.07.08.44.16 for (Google Transport Security); Wed, 07 Nov 2018 08:44:16 -0800 (PST) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=P6tLkQP3; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=RE5wi9MCZt8dci0j9GEqkEEMzvZET3+/Prb5cN1cv3I=; b=P6tLkQP3YP58z0z3aZ1ZcG1t7heaDhGlS6SLhejHHJCOgpQvo7vntVfjWDbXxrxjoV aHP+FbpIPMY9dMuEShhvdY5cTw3YMgyFSsNj/q6cqv9L7dHaoG/G3QEYtHZeZSRkuHsB UYfy07HaEUjBVHkSDpWkLKNyeO1I9qTbZOGjo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=RE5wi9MCZt8dci0j9GEqkEEMzvZET3+/Prb5cN1cv3I=; b=Dhm6y5ARPEvrDV69BOfaD2B+GM9VfFZmh7EyJoOD49Kv2S1NJA+Huzb1Z1YlhXNPGu paNaUFIA5eyubN0PeGPrXG+pUyzJWrAhSqkhNjdFiwXn7ZNEeM/OKmx/lfoJFkh0lxci nWC9Kxv1pIxTplQTboesD/Wsua+T4g4wQqmdAbEP/71IrBGUmaV31MdF2sRGao7lqude iMOfEBlNaNJKTTYNVIYVd0RAJs+EP1FWXQrZiPc7ZhZuEfNX7HwJBq/Mozni4sis7/aN Yz1hpVJJ84xrWOgcZkrIuW0aDuKHx+S/9ZLKafNVXklta2Fih/w4LZ974/iwb1wH588E RgNg== X-Gm-Message-State: AGRZ1gKmlpN4kLUnoHsIZN/qxg7ajmRqpPz+gwZYTweJvG8WIzH2SgLv vO2hwwddnUmHAm3+X8hNJZwVgb0G X-Google-Smtp-Source: AJdET5cojUTv5wmP97rQIGACvA4XHAkQFryoxg1CvI6KTJc40XqqOdyu9hJTssvrud7lr00w3L2TRw== X-Received: by 2002:a0c:be8d:: with SMTP id n13mr955161qvi.143.1541609055845; Wed, 07 Nov 2018 08:44:15 -0800 (PST) Return-Path: Received: from localhost.localdomain (pool-72-71-243-63.cncdnh.fast00.myfairpoint.net. [72.71.243.63]) by smtp.googlemail.com with ESMTPSA id 96-v6sm681817qtc.56.2018.11.07.08.44.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 08:44:15 -0800 (PST) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 V2 09/24] ARM: spectre-v2: add firmware based hardening Date: Wed, 7 Nov 2018 11:43:47 -0500 Message-Id: <20181107164402.9380-10-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181107164402.9380-1-dave.long@linaro.org> References: <20181107164402.9380-1-dave.long@linaro.org> From: Russell King Commit 10115105cb3aa17b5da1cb726ae8dd5f6854bd93 upstream. Commit 6282e916f774e37845c65d1eae9f8c649004f033 upstream. Add firmware based hardening for cores that require more complex handling in firmware. Signed-off-by: Russell King Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Reviewed-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/mm/proc-v7-bugs.c | 60 ++++++++++++++++++++++++++++++++++++++ arch/arm/mm/proc-v7.S | 21 +++++++++++++ 2 files changed, 81 insertions(+) -- 2.17.1 Acked-by: Marc Zyngier diff --git a/arch/arm/mm/proc-v7-bugs.c b/arch/arm/mm/proc-v7-bugs.c index 85a2e3d6263c..da25a38e1897 100644 --- a/arch/arm/mm/proc-v7-bugs.c +++ b/arch/arm/mm/proc-v7-bugs.c @@ -1,14 +1,20 @@ // SPDX-License-Identifier: GPL-2.0 +#include #include +#include #include #include #include +#include #include #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR DEFINE_PER_CPU(harden_branch_predictor_fn_t, harden_branch_predictor_fn); +extern void cpu_v7_smc_switch_mm(phys_addr_t pgd_phys, struct mm_struct *mm); +extern void cpu_v7_hvc_switch_mm(phys_addr_t pgd_phys, struct mm_struct *mm); + static void harden_branch_predictor_bpiall(void) { write_sysreg(0, BPIALL); @@ -19,6 +25,16 @@ static void harden_branch_predictor_iciallu(void) write_sysreg(0, ICIALLU); } +static void __maybe_unused call_smc_arch_workaround_1(void) +{ + arm_smccc_1_1_smc(ARM_SMCCC_ARCH_WORKAROUND_1, NULL); +} + +static void __maybe_unused call_hvc_arch_workaround_1(void) +{ + arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_WORKAROUND_1, NULL); +} + static void cpu_v7_spectre_init(void) { const char *spectre_v2_method = NULL; @@ -45,7 +61,51 @@ static void cpu_v7_spectre_init(void) harden_branch_predictor_iciallu; spectre_v2_method = "ICIALLU"; break; + +#ifdef CONFIG_ARM_PSCI + default: + /* Other ARM CPUs require no workaround */ + if (read_cpuid_implementor() == ARM_CPU_IMP_ARM) + break; + /* fallthrough */ + /* Cortex A57/A72 require firmware workaround */ + case ARM_CPU_PART_CORTEX_A57: + case ARM_CPU_PART_CORTEX_A72: { + struct arm_smccc_res res; + + if (psci_ops.smccc_version == SMCCC_VERSION_1_0) + break; + + switch (psci_ops.conduit) { + case PSCI_CONDUIT_HVC: + arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, + ARM_SMCCC_ARCH_WORKAROUND_1, &res); + if ((int)res.a0 != 0) + break; + per_cpu(harden_branch_predictor_fn, cpu) = + call_hvc_arch_workaround_1; + processor.switch_mm = cpu_v7_hvc_switch_mm; + spectre_v2_method = "hypervisor"; + break; + + case PSCI_CONDUIT_SMC: + arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, + ARM_SMCCC_ARCH_WORKAROUND_1, &res); + if ((int)res.a0 != 0) + break; + per_cpu(harden_branch_predictor_fn, cpu) = + call_smc_arch_workaround_1; + processor.switch_mm = cpu_v7_smc_switch_mm; + spectre_v2_method = "firmware"; + break; + + default: + break; + } } +#endif + } + if (spectre_v2_method) pr_info("CPU%u: Spectre v2: using %s workaround\n", smp_processor_id(), spectre_v2_method); diff --git a/arch/arm/mm/proc-v7.S b/arch/arm/mm/proc-v7.S index 2d2e5ae85816..850c22bca19c 100644 --- a/arch/arm/mm/proc-v7.S +++ b/arch/arm/mm/proc-v7.S @@ -9,6 +9,7 @@ * * This is the "shell" of the ARMv7 processor support. */ +#include #include #include #include @@ -88,6 +89,26 @@ ENTRY(cpu_v7_dcache_clean_area) ret lr ENDPROC(cpu_v7_dcache_clean_area) +#ifdef CONFIG_ARM_PSCI + .arch_extension sec +ENTRY(cpu_v7_smc_switch_mm) + stmfd sp!, {r0 - r3} + movw r0, #:lower16:ARM_SMCCC_ARCH_WORKAROUND_1 + movt r0, #:upper16:ARM_SMCCC_ARCH_WORKAROUND_1 + smc #0 + ldmfd sp!, {r0 - r3} + b cpu_v7_switch_mm +ENDPROC(cpu_v7_smc_switch_mm) + .arch_extension virt +ENTRY(cpu_v7_hvc_switch_mm) + stmfd sp!, {r0 - r3} + movw r0, #:lower16:ARM_SMCCC_ARCH_WORKAROUND_1 + movt r0, #:upper16:ARM_SMCCC_ARCH_WORKAROUND_1 + hvc #0 + ldmfd sp!, {r0 - r3} + b cpu_v7_switch_mm +ENDPROC(cpu_v7_hvc_switch_mm) +#endif ENTRY(cpu_v7_iciallu_switch_mm) mov r3, #0 mcr p15, 0, r3, c7, c5, 0 @ ICIALLU From patchwork Wed Nov 7 16:43:48 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 150425 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp5387314ljp; Wed, 7 Nov 2018 08:44:17 -0800 (PST) X-Received: by 2002:a0c:b5e3:: with SMTP id o35mr999644qvf.164.1541609057674; Wed, 07 Nov 2018 08:44:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541609057; cv=none; d=google.com; s=arc-20160816; b=okEGVGhtrYF7QWvHM+Pu8avszI7y8KWlm9o1bFBKv1wl4AkPCbncNC5lDUhWOL/feX hI8rXzTbqLxcRPdoINOxuVtCNc9FXQRKtmT1cDt/kyGvC9eQezQdOJhhPAnE+MTgi/be sHxhgB3KVcCN4y3i1/DHBEZI0+AdbqR8duQSd1DArmWEeDURbMlTQdmAC1ccetfxC/sq XXhh3Bdz/fiYkTAg5oYYmy+qPK5pxLXRZh+94L8NWIACRV6+uZcAi28jGxTjjn0xJIVN NHqAmyfFOmAS0gr7H23zPbKb+O3gBY49YgTl7tkg2NwWJ/LeYq57yQO7ootw3BcCv0tz BkKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=PtvOdRYgxdWqiincDIf4CTD/BFKZK9uYA9vLMv5udX0=; b=thCDRAe+sTNb+C09qumUdpDey/4xOKNbBAPnxnIqZqxSrGMuTAtceyI2g6xgl6AzJx iUi+IRk0Pib/KAArYLJehfOMCTqvb1t57T5DhfRcg92Rgt8ZSz4hijBebMJricxRjKp+ Vu7gX9TkpDY0FmEaE6ehV6Khf0MFdDWQ54UkZjx9FD/HMtoAzjzeD6Iz79WxBITL+JEJ b4PI/Qm/5j5Jkt0prV4fUjT0PqRYADGOqBhVKr74V+JliX4XXJ9E+yVYKZNexqnZLTUv nT3Hn/fvxRKrIjnClpIOLuJn5ZT1YwbScH+PpEY7kZUCFaS3xSOleB0iB4vG7QUYgOxa VpIw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=jZbPxQHX; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id c4-v6sor650664qkf.66.2018.11.07.08.44.17 for (Google Transport Security); Wed, 07 Nov 2018 08:44:17 -0800 (PST) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=jZbPxQHX; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=PtvOdRYgxdWqiincDIf4CTD/BFKZK9uYA9vLMv5udX0=; b=jZbPxQHXsx/AtCQM6241luZEGARIqXb67sDpdR6xmC9wiCKYkSBl/8tPw/BH0pPUbW bhiYO6xBVpzhiiHEMZJtYA87jCu7pey5GE/h1em+fQciStOTFLBe+NIg8eDQK+qA21Qw 80C++OvwvptpUwr8Q/per3CoGjzV63izcLGoU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=PtvOdRYgxdWqiincDIf4CTD/BFKZK9uYA9vLMv5udX0=; b=mGMUUpbWZ4I0/LLAlceW9bE9hE3yXgx5Sdf0IpOIWtiHktspNPhi/QX7NJ/iGLXqdN KdimSXJiNv7qcdh+fRNrwpeIkeC3Dm4AhD+F6c9bZPJyjGPa3kPYDZSvTtHg1cMOBEH0 29xyMYJlN8e/gXzYMwTQj0P8EI4rx3cIdVlNq0ucvCf/Yy2pedtiCz4Amzujq4VhZyOw ZK0mVJR+jQJLy71NrrX2isZ3d41o5sifsBWpMzdjWoKick13XAAomEGdQ5Y/xOyLAedC 0au28phSXzMUCSs+2e3u9uAyM/EVprJqTO+Ugks9M6tIqXWg6X1Pe7CPW71Yq7b1wlLY yprA== X-Gm-Message-State: AGRZ1gKv6YX+t1nHHE1ObQxUM9pkFr41FzikHBIn2KmGVR0YN8YNANaD YztsFUa7zeYDBis9g7Zx1GH2iXkq X-Google-Smtp-Source: AJdET5dcsmcrc3Y5K1bSVoPK0xh+QOyl09SqlF2Hfi+vYXKeUOuV9KE/cDJjilQY4CxPgCSG+nzBJg== X-Received: by 2002:a37:b683:: with SMTP id g125-v6mr878954qkf.179.1541609057170; Wed, 07 Nov 2018 08:44:17 -0800 (PST) Return-Path: Received: from localhost.localdomain (pool-72-71-243-63.cncdnh.fast00.myfairpoint.net. [72.71.243.63]) by smtp.googlemail.com with ESMTPSA id 96-v6sm681817qtc.56.2018.11.07.08.44.15 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 08:44:16 -0800 (PST) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 V2 10/24] ARM: spectre-v2: warn about incorrect context switching functions Date: Wed, 7 Nov 2018 11:43:48 -0500 Message-Id: <20181107164402.9380-11-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181107164402.9380-1-dave.long@linaro.org> References: <20181107164402.9380-1-dave.long@linaro.org> From: Russell King Commit c44f366ea7c85e1be27d08f2f0880f4120698125 upstream. Warn at error level if the context switching function is not what we are expecting. This can happen with big.Little systems, which we currently do not support. Signed-off-by: Russell King Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Acked-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/mm/proc-v7-bugs.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) -- 2.17.1 diff --git a/arch/arm/mm/proc-v7-bugs.c b/arch/arm/mm/proc-v7-bugs.c index da25a38e1897..5544b82a2e7a 100644 --- a/arch/arm/mm/proc-v7-bugs.c +++ b/arch/arm/mm/proc-v7-bugs.c @@ -12,6 +12,8 @@ #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR DEFINE_PER_CPU(harden_branch_predictor_fn_t, harden_branch_predictor_fn); +extern void cpu_v7_iciallu_switch_mm(phys_addr_t pgd_phys, struct mm_struct *mm); +extern void cpu_v7_bpiall_switch_mm(phys_addr_t pgd_phys, struct mm_struct *mm); extern void cpu_v7_smc_switch_mm(phys_addr_t pgd_phys, struct mm_struct *mm); extern void cpu_v7_hvc_switch_mm(phys_addr_t pgd_phys, struct mm_struct *mm); @@ -50,6 +52,8 @@ static void cpu_v7_spectre_init(void) case ARM_CPU_PART_CORTEX_A17: case ARM_CPU_PART_CORTEX_A73: case ARM_CPU_PART_CORTEX_A75: + if (processor.switch_mm != cpu_v7_bpiall_switch_mm) + goto bl_error; per_cpu(harden_branch_predictor_fn, cpu) = harden_branch_predictor_bpiall; spectre_v2_method = "BPIALL"; @@ -57,6 +61,8 @@ static void cpu_v7_spectre_init(void) case ARM_CPU_PART_CORTEX_A15: case ARM_CPU_PART_BRAHMA_B15: + if (processor.switch_mm != cpu_v7_iciallu_switch_mm) + goto bl_error; per_cpu(harden_branch_predictor_fn, cpu) = harden_branch_predictor_iciallu; spectre_v2_method = "ICIALLU"; @@ -82,6 +88,8 @@ static void cpu_v7_spectre_init(void) ARM_SMCCC_ARCH_WORKAROUND_1, &res); if ((int)res.a0 != 0) break; + if (processor.switch_mm != cpu_v7_hvc_switch_mm && cpu) + goto bl_error; per_cpu(harden_branch_predictor_fn, cpu) = call_hvc_arch_workaround_1; processor.switch_mm = cpu_v7_hvc_switch_mm; @@ -93,6 +101,8 @@ static void cpu_v7_spectre_init(void) ARM_SMCCC_ARCH_WORKAROUND_1, &res); if ((int)res.a0 != 0) break; + if (processor.switch_mm != cpu_v7_smc_switch_mm && cpu) + goto bl_error; per_cpu(harden_branch_predictor_fn, cpu) = call_smc_arch_workaround_1; processor.switch_mm = cpu_v7_smc_switch_mm; @@ -109,6 +119,11 @@ static void cpu_v7_spectre_init(void) if (spectre_v2_method) pr_info("CPU%u: Spectre v2: using %s workaround\n", smp_processor_id(), spectre_v2_method); + return; + +bl_error: + pr_err("CPU%u: Spectre v2: incorrect context switching function, system vulnerable\n", + cpu); } #else static void cpu_v7_spectre_init(void) From patchwork Wed Nov 7 16:43:49 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 150426 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp5387338ljp; Wed, 7 Nov 2018 08:44:18 -0800 (PST) X-Received: by 2002:a0c:f952:: with SMTP id i18mr952904qvo.199.1541609058815; Wed, 07 Nov 2018 08:44:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541609058; cv=none; d=google.com; s=arc-20160816; b=Q3lWnJK5Sq5ez/hmh+fTy4l3nlAkLNfuQgsDnZG0Zh/LGVTbDCWCFAhHq/IGcAZQLQ 4R6I1WNY8CEM4x6RfVqC/cp9z1QDzRt0W/IixZkvjJr/b11tvaTay+37jaYeiWaGGhXL JklL733YZC6xr0MGD5Z5uHF12ucf5dRvuv3waPwY6HY3Wv03zIDWLF/ml06Ds9Lk6hMB 3aHbLbwL0wQqHyvJZoJMT8Ht4HW6a5+TV1TmVd0tvhd4nMrE6JRz2fCMxQo7nXLzU/pO EGWrqbsM+20dzQmsdkKKwa7uDY6Ps5SqSrrbIwxc5ISaTcUPMd/Gh03sAFDPZoiIroYd IuUA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=WXyYzHDJT4U7JNi0Zkxg9jBK2cAMVyL/uBW0YJohaCI=; b=sUoN6VH0nokztWeH43ovJ1eaUVM8WeUNk8OIlqOSxnoft/Iy4Xa2o3IbnCe3RQZgP/ 1k/ND6JkUa8S1kY/RXKlVtVAgIRfjnOMCMYy82E0NhDbMokudUNheJrP5Lm2pToOvSZD AMepUNPvmkfcX1xvaiORE8z5C6XPofODTD9u2T8Mzr0Fd/Mutnse600fy8DbielTJ8OB L8qnDl86oz2iK4EFMLd3mgiFJK3qQOR3pyQgFjflO2+H60qMWTuwijWrNMzwL7WENorm /L95s/b1Es4DgbIhPKjMZYUhVSs84EaMteROjicl0hwncfEm5CpmfWVqV452AXdzGkkW us/g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Wz8adxeR; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id 53sor1280631qtm.42.2018.11.07.08.44.18 for (Google Transport Security); Wed, 07 Nov 2018 08:44:18 -0800 (PST) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Wz8adxeR; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=WXyYzHDJT4U7JNi0Zkxg9jBK2cAMVyL/uBW0YJohaCI=; b=Wz8adxeR6+PdIqh75w1DQwFcgjl1ZqS3WEAwQlZGB5V5AxINipow3oGlEXcPlX0SwD B+3D9nCjiYZkeGyWdLhJZc7GyzmP6W949ORvqoQgaO9j1gTPclypE0dz3J1mWl7bq80j DAkFqsSIVIuWc3B3Boarbh8dLkNoEHxjr3kGE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=WXyYzHDJT4U7JNi0Zkxg9jBK2cAMVyL/uBW0YJohaCI=; b=t+Ijym+M5gyCY6OfW+UKl6MxAGfa+/IWHzMnumSXHuAI+CK60gusA2auk10+novobF /btLuuf7O8bwmJck2s65DvpSPLkqLV4aBwBtWitDSpxLYfDCmixzPUmiR1X0NYZBjP5a KrJ8Z3xIfmABzI6n7fHD+IlWh6GASVnq3iMJ7yGThPahlCI/FXmmy7VekzgG5qAmo75o 2depiDjT+ooeESsXphrqQWQJYYa0S3TO5cBthM3+iyG1qFCXa18zy7lf8stz7/Wvj79B 7c0e+C1t/kDkbv24c4WiShBijtPLj2s4MmfgamUufx7bxHcZccn0pYnJSZ1ep4bFotf6 jlXA== X-Gm-Message-State: AGRZ1gJTCc0n8yXscZ0P8u3WTj0uRamB0dr++LFXZfmJ8gKDkrDOzx3x 77rfs51UFGm9zSj/FCytk59n+X2+ueF1bg== X-Google-Smtp-Source: AJdET5dQn9LW7qRtvBIIKNy+NlMNeXvsMVi/BnNE+//wxDeIpGxF+M+EFNkAQoogVL0ppOnUpR7Mlw== X-Received: by 2002:ac8:1987:: with SMTP id u7mr909751qtj.86.1541609058305; Wed, 07 Nov 2018 08:44:18 -0800 (PST) Return-Path: Received: from localhost.localdomain (pool-72-71-243-63.cncdnh.fast00.myfairpoint.net. [72.71.243.63]) by smtp.googlemail.com with ESMTPSA id 96-v6sm681817qtc.56.2018.11.07.08.44.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 08:44:17 -0800 (PST) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 V2 11/24] ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17 Date: Wed, 7 Nov 2018 11:43:49 -0500 Message-Id: <20181107164402.9380-12-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181107164402.9380-1-dave.long@linaro.org> References: <20181107164402.9380-1-dave.long@linaro.org> From: Marc Zyngier Commit 3f7e8e2e1ebda787f156ce46e3f0a9ce2833fa4f upstream. In order to avoid aliasing attacks against the branch predictor, let's invalidate the BTB on guest exit. This is made complicated by the fact that we cannot take a branch before invalidating the BTB. We only apply this to A12 and A17, which are the only two ARM cores on which this useful. Signed-off-by: Marc Zyngier Signed-off-by: Russell King Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Signed-off-by: David A. Long --- arch/arm/include/asm/kvm_asm.h | 2 - arch/arm/include/asm/kvm_mmu.h | 17 +++++++- arch/arm/kvm/hyp/hyp-entry.S | 71 +++++++++++++++++++++++++++++++++- 3 files changed, 85 insertions(+), 5 deletions(-) -- 2.17.1 diff --git a/arch/arm/include/asm/kvm_asm.h b/arch/arm/include/asm/kvm_asm.h index 8ef05381984b..24f3ec7c9fbe 100644 --- a/arch/arm/include/asm/kvm_asm.h +++ b/arch/arm/include/asm/kvm_asm.h @@ -61,8 +61,6 @@ struct kvm_vcpu; extern char __kvm_hyp_init[]; extern char __kvm_hyp_init_end[]; -extern char __kvm_hyp_vector[]; - extern void __kvm_flush_vm_context(void); extern void __kvm_tlb_flush_vmid_ipa(struct kvm *kvm, phys_addr_t ipa); extern void __kvm_tlb_flush_vmid(struct kvm *kvm); diff --git a/arch/arm/include/asm/kvm_mmu.h b/arch/arm/include/asm/kvm_mmu.h index e2f05cedaf97..625edef2a54f 100644 --- a/arch/arm/include/asm/kvm_mmu.h +++ b/arch/arm/include/asm/kvm_mmu.h @@ -248,7 +248,22 @@ static inline int kvm_read_guest_lock(struct kvm *kvm, static inline void *kvm_get_hyp_vector(void) { - return kvm_ksym_ref(__kvm_hyp_vector); + switch(read_cpuid_part()) { +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + case ARM_CPU_PART_CORTEX_A12: + case ARM_CPU_PART_CORTEX_A17: + { + extern char __kvm_hyp_vector_bp_inv[]; + return kvm_ksym_ref(__kvm_hyp_vector_bp_inv); + } + +#endif + default: + { + extern char __kvm_hyp_vector[]; + return kvm_ksym_ref(__kvm_hyp_vector); + } + } } static inline int kvm_map_vectors(void) diff --git a/arch/arm/kvm/hyp/hyp-entry.S b/arch/arm/kvm/hyp/hyp-entry.S index 96beb53934c9..58ec002721a1 100644 --- a/arch/arm/kvm/hyp/hyp-entry.S +++ b/arch/arm/kvm/hyp/hyp-entry.S @@ -71,6 +71,66 @@ __kvm_hyp_vector: W(b) hyp_irq W(b) hyp_fiq +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + .align 5 +__kvm_hyp_vector_bp_inv: + .global __kvm_hyp_vector_bp_inv + + /* + * We encode the exception entry in the bottom 3 bits of + * SP, and we have to guarantee to be 8 bytes aligned. + */ + W(add) sp, sp, #1 /* Reset 7 */ + W(add) sp, sp, #1 /* Undef 6 */ + W(add) sp, sp, #1 /* Syscall 5 */ + W(add) sp, sp, #1 /* Prefetch abort 4 */ + W(add) sp, sp, #1 /* Data abort 3 */ + W(add) sp, sp, #1 /* HVC 2 */ + W(add) sp, sp, #1 /* IRQ 1 */ + W(nop) /* FIQ 0 */ + + mcr p15, 0, r0, c7, c5, 6 /* BPIALL */ + isb + +#ifdef CONFIG_THUMB2_KERNEL + /* + * Yet another silly hack: Use VPIDR as a temp register. + * Thumb2 is really a pain, as SP cannot be used with most + * of the bitwise instructions. The vect_br macro ensures + * things gets cleaned-up. + */ + mcr p15, 4, r0, c0, c0, 0 /* VPIDR */ + mov r0, sp + and r0, r0, #7 + sub sp, sp, r0 + push {r1, r2} + mov r1, r0 + mrc p15, 4, r0, c0, c0, 0 /* VPIDR */ + mrc p15, 0, r2, c0, c0, 0 /* MIDR */ + mcr p15, 4, r2, c0, c0, 0 /* VPIDR */ +#endif + +.macro vect_br val, targ +ARM( eor sp, sp, #\val ) +ARM( tst sp, #7 ) +ARM( eorne sp, sp, #\val ) + +THUMB( cmp r1, #\val ) +THUMB( popeq {r1, r2} ) + + beq \targ +.endm + + vect_br 0, hyp_fiq + vect_br 1, hyp_irq + vect_br 2, hyp_hvc + vect_br 3, hyp_dabt + vect_br 4, hyp_pabt + vect_br 5, hyp_svc + vect_br 6, hyp_undef + vect_br 7, hyp_reset +#endif + .macro invalid_vector label, cause .align \label: mov r0, #\cause @@ -131,7 +191,14 @@ hyp_hvc: mrceq p15, 4, r0, c12, c0, 0 @ get HVBAR beq 1f - push {lr} + /* + * Pushing r2 here is just a way of keeping the stack aligned to + * 8 bytes on any path that can trigger a HYP exception. Here, + * we may well be about to jump into the guest, and the guest + * exit would otherwise be badly decoded by our fancy + * "decode-exception-without-a-branch" code... + */ + push {r2, lr} mov lr, r0 mov r0, r1 @@ -141,7 +208,7 @@ hyp_hvc: THUMB( orr lr, #1) blx lr @ Call the HYP function - pop {lr} + pop {r2, lr} 1: eret guest_trap: From patchwork Wed Nov 7 16:43:50 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 150427 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp5387362ljp; Wed, 7 Nov 2018 08:44:20 -0800 (PST) X-Received: by 2002:aed:2603:: with SMTP id z3mr960671qtc.120.1541609059945; Wed, 07 Nov 2018 08:44:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541609059; cv=none; d=google.com; s=arc-20160816; b=ANYDbbLPiiUeZRWxZpmxoQEIwoZjEiV6E8QHO7x0dyTVjJd3mngPb5i6qgmshlZDbv q1dIP4VP9k0g3dEm4wbfrLfqn4J8Ib8lcDH37J8/dFipYdUrFVyIJ+gE7/Zk7DunI4CP Vll27kh9DXVZf842KHPgzwXtCOw8xV3967sVqfHCHG7dtLi4AYdISMmruPdzr8LC8Osp FFrB5WLtvb39VbBNCuohQtgPcNTZQqb1KxrSfgQ8uRyNfhkKwuT3FU1olGQ/mwDitGIN 3P0T7ETeHo/iatO+mY2U7ydEUCxbR392XPOWlADmV9ztgE67oOzeovuakjPbFv2LPF6O dEIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=mD0BlP8oF5vxWXlv0istyEBrd98DbpzGJVe7ViiydmE=; b=b8O11yssG9ZFUDy14MJdBMtnr8NNcw6HCcvnTzdwGbdYyb8qbcK3qb5mJolsShjixo appAA2nLMKzgYx90sicz4bcs8WsVkeyJWqoOmf0XINovdT1ONGbqNqxuBx26mwYXqt+J nWO8QDEpWl2mV2P7j5xmF2eDOTfS0VLYl99UrvXFeD+W3xgAthFVjePdd7h8nnSDGIE6 891OsKB3CogAWUaH1Zn7BsHMmxNRiDD+Cx5IhjlaqRpQ2lV6RNk3dffB4x3HjZyWGbya fNXW1Tu6ZnAbysw0Qwwite+OJ/rR1lxYSTn9bBh4yuWpnSKw/M2jYb9BsSc43EW2OrN3 s69Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="O/UWwInS"; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id g136sor583945qka.19.2018.11.07.08.44.19 for (Google Transport Security); Wed, 07 Nov 2018 08:44:19 -0800 (PST) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="O/UWwInS"; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=mD0BlP8oF5vxWXlv0istyEBrd98DbpzGJVe7ViiydmE=; b=O/UWwInSH2bipm9tjByUuJu8zaV7crR/uMhrEnjTXYCrhLWIyhFs3lfL8/186rEGgs AUKBLQl1Bc6sMJylJwyOtWFiNugmNHDZKvD+oOSk3RCrGTlzS6dtigI5leqSF7LToU7j NW8xqYMH7ghdmSeBAJh9z0VWBLTCpsDeNL6wc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=mD0BlP8oF5vxWXlv0istyEBrd98DbpzGJVe7ViiydmE=; b=T45J1XfbL83oiNRAmtC1/g/YGnhLSNh4ewiQFQOAgSyBF56Y52mhUjomw4zjGWk1e0 dn8ZIrMpzVOVxXub2kPFaZGyYX/JOKpVhQkz/th3PsRqrAY55c/dp2L8MgdC6dPt6wz2 Hf8Fseq2B4I2PskGyklq81+rgD4iM0chFFlpPD8ucndYoQhOFWKjTj9Z2xAtAJ50KrsL 518PX0+s+0m2hUd6d1PXSoWD1otmTsrKKFtkchy/EoLyHji12FuVBYli09gufuB79HUH Mw7NFccCVF46Q/jeO+kc6y0oCPxnjJIxILccRlqMFKlDqC/JkhmVHr7Z70uM2PsXu4Ok 4MBA== X-Gm-Message-State: AGRZ1gI0Rah/XEdBxmEndVQuPo7euSeVRaee/CFHxv9DVf7AFHJZsYU7 W13PUV/qUSVNZWtjjOXHMkYQw1gi X-Google-Smtp-Source: AJdET5enTvj7T05sN7bAvu1IvIt24N4m36GdZaPZeDEnpO0fD1mT+hHqZugodUqyl2U5DT6ggFDvrQ== X-Received: by 2002:a37:a1c1:: with SMTP id k184mr888076qke.166.1541609059410; Wed, 07 Nov 2018 08:44:19 -0800 (PST) Return-Path: Received: from localhost.localdomain (pool-72-71-243-63.cncdnh.fast00.myfairpoint.net. [72.71.243.63]) by smtp.googlemail.com with ESMTPSA id 96-v6sm681817qtc.56.2018.11.07.08.44.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 08:44:18 -0800 (PST) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 V2 12/24] ARM: KVM: invalidate icache on guest exit for Cortex-A15 Date: Wed, 7 Nov 2018 11:43:50 -0500 Message-Id: <20181107164402.9380-13-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181107164402.9380-1-dave.long@linaro.org> References: <20181107164402.9380-1-dave.long@linaro.org> From: Marc Zyngier Commit 0c47ac8cd157727e7a532d665d6fb1b5fd333977 upstream. In order to avoid aliasing attacks against the branch predictor on Cortex-A15, let's invalidate the BTB on guest exit, which can only be done by invalidating the icache (with ACTLR[0] being set). We use the same hack as for A12/A17 to perform the vector decoding. Signed-off-by: Marc Zyngier Signed-off-by: Russell King Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Signed-off-by: David A. Long --- arch/arm/include/asm/kvm_mmu.h | 5 +++++ arch/arm/kvm/hyp/hyp-entry.S | 24 ++++++++++++++++++++++++ 2 files changed, 29 insertions(+) -- 2.17.1 diff --git a/arch/arm/include/asm/kvm_mmu.h b/arch/arm/include/asm/kvm_mmu.h index 625edef2a54f..3ad2c44f4137 100644 --- a/arch/arm/include/asm/kvm_mmu.h +++ b/arch/arm/include/asm/kvm_mmu.h @@ -257,6 +257,11 @@ static inline void *kvm_get_hyp_vector(void) return kvm_ksym_ref(__kvm_hyp_vector_bp_inv); } + case ARM_CPU_PART_CORTEX_A15: + { + extern char __kvm_hyp_vector_ic_inv[]; + return kvm_ksym_ref(__kvm_hyp_vector_ic_inv); + } #endif default: { diff --git a/arch/arm/kvm/hyp/hyp-entry.S b/arch/arm/kvm/hyp/hyp-entry.S index 58ec002721a1..1bdd03014138 100644 --- a/arch/arm/kvm/hyp/hyp-entry.S +++ b/arch/arm/kvm/hyp/hyp-entry.S @@ -72,6 +72,28 @@ __kvm_hyp_vector: W(b) hyp_fiq #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + .align 5 +__kvm_hyp_vector_ic_inv: + .global __kvm_hyp_vector_ic_inv + + /* + * We encode the exception entry in the bottom 3 bits of + * SP, and we have to guarantee to be 8 bytes aligned. + */ + W(add) sp, sp, #1 /* Reset 7 */ + W(add) sp, sp, #1 /* Undef 6 */ + W(add) sp, sp, #1 /* Syscall 5 */ + W(add) sp, sp, #1 /* Prefetch abort 4 */ + W(add) sp, sp, #1 /* Data abort 3 */ + W(add) sp, sp, #1 /* HVC 2 */ + W(add) sp, sp, #1 /* IRQ 1 */ + W(nop) /* FIQ 0 */ + + mcr p15, 0, r0, c7, c5, 0 /* ICIALLU */ + isb + + b decode_vectors + .align 5 __kvm_hyp_vector_bp_inv: .global __kvm_hyp_vector_bp_inv @@ -92,6 +114,8 @@ __kvm_hyp_vector_bp_inv: mcr p15, 0, r0, c7, c5, 6 /* BPIALL */ isb +decode_vectors: + #ifdef CONFIG_THUMB2_KERNEL /* * Yet another silly hack: Use VPIDR as a temp register. From patchwork Wed Nov 7 16:43:51 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 150428 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp5387390ljp; Wed, 7 Nov 2018 08:44:21 -0800 (PST) X-Received: by 2002:ac8:1308:: with SMTP id e8mr944460qtj.201.1541609061099; Wed, 07 Nov 2018 08:44:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541609061; cv=none; d=google.com; s=arc-20160816; b=K/xivoyT573chkzQ++yAww+2OXYi/xbQwyvk0vbEl1bwZrHpG1lalLjgiDAN6LCS7x 5DFgBau/Q11qeZx0iQtAwUwCIA1mxU84gAhZW5+bsl7bhyceL4ihrmJgwGOypQ7QxoEQ pMPVwmWGT55W+vvQTpCLA1LAZNz01/9+1o3o4WoHAG+dTMHYFiyqhrGQ+sCAau89TCAe mhsf2CA6ow48NqKSMTOk/XbEo0TfAgSNAK1q0bY76jfCU7/nVUyhjRMIit6nDroPdvU1 jk+5rLUhsiRa4YWewGPBOAEKd0ySsmZK/OSiUgf9fM9dZvBFZpvltmqnmP2p0pPsax3G UFHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Rh8rkkWbrF455SnPiPNO1Jsvjgvivhhj5pLyFPDZ+10=; b=xtUC2hOERwGP21JnEHdAnjJ/BGeI22sypaJZggSfb5icau9Vuukebp2xHdt44cDNSD 8WYRqgcM8GeTcOyQ53IIAl5rCcgOrTKYxVLPcb11qipwp8CQL2uG3t3o4Jyz6qLnETQN 5z/NtVdbOuL85HcZZjA2rPqiIsnKFdV7rs8jxVs/Ef9OqQZitGkKqttN3xM1TC1SjzQ/ ds63SkhQyHHJZxESfNC32qvsfMu2zn9F/q9ydv1oufVnt6aT+druS3rNdcBPlk5TMb6K Y+PdYsngynk4LTKuKJl5XOOldkN06aXeTKb3prA5WyqPzxldKCf1HXx0GfRN59YyY14T KxGg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=DUDgO2oc; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id g184-v6sor639877qkd.136.2018.11.07.08.44.20 for (Google Transport Security); Wed, 07 Nov 2018 08:44:21 -0800 (PST) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=DUDgO2oc; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Rh8rkkWbrF455SnPiPNO1Jsvjgvivhhj5pLyFPDZ+10=; b=DUDgO2ocEqUfIVufkFKpIlT3I6AQ/m6I6zw5QYxuf2gXyx10AskLEkFwe7pnGRfYpi rS0ZfJqPo0rSEMX43oHZ5JtA9abK9F2svTENG/UeJQB7A9yP0NWsevQa+Zl9fD927zt4 zZXziL4X6BB6imDqD/pv0BZUxN0ZlgmkzKJbI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Rh8rkkWbrF455SnPiPNO1Jsvjgvivhhj5pLyFPDZ+10=; b=BMLZUX1Yd48T/6UWXvAlb0AiWL+riF9MhTyEj6EA7l9EeJXwJuPvkjTaAPVG/IO1JQ xftspHHa1uKZOgotLpmwIxa4StCyQSsNMrLDjZZpqBTVZMKsNT+MZYeiwFuWaEembTcM RnRIQSvUxyit6nGJsWtnRZlUVmOoGphL8dBlLdiAO20FQPTYZXvC3coKlpTPXjyckeU/ xM4q2zqXzRLFih0ROPDfBw4qEDc0ZYHbluEfJ39REabQGeWdehFrYJYGm7weLFui4Dj9 CRJTQUtYD8YRleuyrsbGXAU5WWDV5Lv+A1kwhBS00T2vUtEODrOZB/+vFTckBe42txuE DGzQ== X-Gm-Message-State: AGRZ1gJeUQHNXSAgbBe80iStyJ9XG6wXZR9zzib1btvA63p3m1yeWNoQ 2NYvOwhOuD0hjmHqhXLCnVafT7tk X-Google-Smtp-Source: AJdET5cdWbKi3hoe9GQZZJDuCxNwMmum4vOUXKFmjhCYlKaW75hni6UhWVGLdx2/1hYvxV6JJ9dboA== X-Received: by 2002:a37:d2c2:: with SMTP id f185-v6mr922215qkj.30.1541609060644; Wed, 07 Nov 2018 08:44:20 -0800 (PST) Return-Path: Received: from localhost.localdomain (pool-72-71-243-63.cncdnh.fast00.myfairpoint.net. [72.71.243.63]) by smtp.googlemail.com with ESMTPSA id 96-v6sm681817qtc.56.2018.11.07.08.44.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 08:44:20 -0800 (PST) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 V2 13/24] ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 Date: Wed, 7 Nov 2018 11:43:51 -0500 Message-Id: <20181107164402.9380-14-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181107164402.9380-1-dave.long@linaro.org> References: <20181107164402.9380-1-dave.long@linaro.org> From: Russell King Commit 3c908e16396d130608e831b7fac4b167a2ede6ba upstream. Include Brahma B15 in the Spectre v2 KVM workarounds. Signed-off-by: Russell King Acked-by: Florian Fainelli Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Acked-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/include/asm/kvm_mmu.h | 1 + 1 file changed, 1 insertion(+) -- 2.17.1 diff --git a/arch/arm/include/asm/kvm_mmu.h b/arch/arm/include/asm/kvm_mmu.h index 3ad2c44f4137..d26395754b56 100644 --- a/arch/arm/include/asm/kvm_mmu.h +++ b/arch/arm/include/asm/kvm_mmu.h @@ -257,6 +257,7 @@ static inline void *kvm_get_hyp_vector(void) return kvm_ksym_ref(__kvm_hyp_vector_bp_inv); } + case ARM_CPU_PART_BRAHMA_B15: case ARM_CPU_PART_CORTEX_A15: { extern char __kvm_hyp_vector_ic_inv[]; From patchwork Wed Nov 7 16:43:52 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 150429 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp5387412ljp; Wed, 7 Nov 2018 08:44:22 -0800 (PST) X-Received: by 2002:a37:7041:: with SMTP id l62-v6mr887468qkc.294.1541609062290; Wed, 07 Nov 2018 08:44:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541609062; cv=none; d=google.com; s=arc-20160816; b=mJNWNPD9dk6g/FBmriO4U0VnWvau1z1lu9HMZoaz9Ikp61S+If0GQwMnX6eKHeDYU6 7QZ3JXMhu73zD21jUBXcvXlLxtUWb7A1A+8ODuR+xdt0Mx4Pu3Lvhg8kg8pDKTkGK6vr RR825Tz4TyOXPHPtrSCT1rF3Aaue4EridOgG0s2C3BUOztY/HQ4PWUeaKIdcEt8hPH55 h7Rpfr4umfBspZL6Io7lvzNylCp7xbDiNii3du4SKmGeWnBgcVk/9gAxdyGymusKKVW/ BH7G53kp03Sh/1ufbs0/kf1e05Zo23WQ2mTMnvM5kzeVmRKE3DZx2ZK6ZfeKCI7bvcdi 9Oag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=8WVSH+dweMgRGD7h+AhioIATdNkgmA/7ASgHKYf1OcU=; b=yzAJBibY+R5bUdVTqBpjKrMcbG3SrVp6M/GLmWH+7gTC9M70Vc1pOSzS+YpNsm0a91 deecRWgPUq/i6i1l1Z1kVrpAccBO0MAInZ/o7+hmuV3+2p2srjl1c9i8dSeOO/SXdDbp TrpMZkpyfmHphfOQBsyw3uhzuVfjorlvYC0UrPLXtv0MjeCUNuFd6JGvZzvYBvV2eYol Tgmwl138s6+Rqx/Fu+a5no667nm48OZIISuoV+gBoUGjGmNeNTb3QJdyqTZi619QVTPn 7/z5nFRd/p9OKseECA7v9puAaAGq4vmYyGgG/N4JCpOLGNIFtC13OlSoRs0ugpPb+ZcG QYsw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="J6jCxUY/"; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id l67sor652691qke.81.2018.11.07.08.44.22 for (Google Transport Security); Wed, 07 Nov 2018 08:44:22 -0800 (PST) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="J6jCxUY/"; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=8WVSH+dweMgRGD7h+AhioIATdNkgmA/7ASgHKYf1OcU=; b=J6jCxUY/1KiXlfD+n+QoZil9rGaoTsipLclj0hJ2kl87/bObA6pQgTTeYhgwf8OUUp khacvx0dAN28eI6oSTkhdiGDCqbF3YtdjszS/oBPde+rGli0/Hk2PR2NhUzMc/XZUE0Y C33Edo+TfOuaW+6tu/zdrof4guiM6xfO0UyBE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=8WVSH+dweMgRGD7h+AhioIATdNkgmA/7ASgHKYf1OcU=; b=FPFB6HdVTLqFmeszeTISZZunf+o8khoJNAUMK30CiA7Cvw2JcQAnUdIvtr9I7p0OND AOUl0OgRFJENOXioGyst5p7wouBpa8xbg9t5vdMTQxeElYzK/M3TSj5jNq0LHaYb0oHR O137kIlndpFaJFGwiT4RPCubnNXPfYxjeBsSpWs2DslMF2TuRkseN50lnqAlno/mjGFw kTHvZR/xGGESMyWVu8HoyX/iVvCWQBQ8eDEDMSQqWbiWELk0wNtF3cov10Fu9KsavMDS p16RHB+HtZuj10OhiHzieAawyMQX6Bftcb9iOdG8cF9zaRnVNgiNFbkYH3yxWZidZZAK sEpw== X-Gm-Message-State: AGRZ1gKE1PrxPxXSdOGAeZbpeg9DQ3scGUVJ9hWcBalAv5wIz7yhbnp7 pO9iWXt2atSiUVoQaapWtBA8w72V X-Google-Smtp-Source: AJdET5cAg+aOv5gvBi4XSRJjteeMxhT23FndpWkp1DF2OnyJlJl2e127hzmuCofl9ZlxF9ZeaEVHSA== X-Received: by 2002:a37:12a1:: with SMTP id 33mr899759qks.151.1541609061753; Wed, 07 Nov 2018 08:44:21 -0800 (PST) Return-Path: Received: from localhost.localdomain (pool-72-71-243-63.cncdnh.fast00.myfairpoint.net. [72.71.243.63]) by smtp.googlemail.com with ESMTPSA id 96-v6sm681817qtc.56.2018.11.07.08.44.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 08:44:21 -0800 (PST) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 V2 14/24] ARM: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling Date: Wed, 7 Nov 2018 11:43:52 -0500 Message-Id: <20181107164402.9380-15-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181107164402.9380-1-dave.long@linaro.org> References: <20181107164402.9380-1-dave.long@linaro.org> From: Russell King Commit b800acfc70d9fb81fbd6df70f2cf5e20f70023d0 upstream. We want SMCCC_ARCH_WORKAROUND_1 to be fast. As fast as possible. So let's intercept it as early as we can by testing for the function call number as soon as we've identified a HVC call coming from the guest. Signed-off-by: Russell King Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Reviewed-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/kvm/hyp/hyp-entry.S | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) -- 2.17.1 diff --git a/arch/arm/kvm/hyp/hyp-entry.S b/arch/arm/kvm/hyp/hyp-entry.S index 1bdd03014138..64d4a39f4b4b 100644 --- a/arch/arm/kvm/hyp/hyp-entry.S +++ b/arch/arm/kvm/hyp/hyp-entry.S @@ -16,6 +16,7 @@ * Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ +#include #include #include #include @@ -202,7 +203,7 @@ hyp_hvc: lsr r2, r2, #16 and r2, r2, #0xff cmp r2, #0 - bne guest_trap @ Guest called HVC + bne guest_hvc_trap @ Guest called HVC /* * Getting here means host called HVC, we shift parameters and branch @@ -235,6 +236,20 @@ THUMB( orr lr, #1) pop {r2, lr} 1: eret +guest_hvc_trap: + movw r2, #:lower16:ARM_SMCCC_ARCH_WORKAROUND_1 + movt r2, #:upper16:ARM_SMCCC_ARCH_WORKAROUND_1 + ldr r0, [sp] @ Guest's r0 + teq r0, r2 + bne guest_trap + add sp, sp, #12 + @ Returns: + @ r0 = 0 + @ r1 = HSR value (perfectly predictable) + @ r2 = ARM_SMCCC_ARCH_WORKAROUND_1 + mov r0, #0 + eret + guest_trap: load_vcpu r0 @ Load VCPU pointer to r0 From patchwork Wed Nov 7 16:43:53 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 150430 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp5387435ljp; Wed, 7 Nov 2018 08:44:23 -0800 (PST) X-Received: by 2002:a37:3388:: with SMTP id z130mr851286qkz.51.1541609063470; Wed, 07 Nov 2018 08:44:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541609063; cv=none; d=google.com; s=arc-20160816; b=BvXK+kGq9EhDY2Ua9+YaX1MaHoYty4NTpdrDVsCGIxy+mEEm1s1e6fTE6AaVNrk1AP xqW5OoPtGaGMAXyx7rlzkUtrU0/QPBkQFRb+vuUq5ZZcJExZoov2ybxKQir0J6paYITe n5zOzrzVuix+VnJl/7KBpDQURr8/H3+LsRrQJwK4ZMICcGKeJidVDwWI5MexBr/P09V8 /KMBP2mulxDHynSzp/A5JG8IfZOT5JGLl3Xrj5MG2GP/cbD8BtD1Nj4ifd6vRliTLjvJ I1rKC9RQjcX8TgmuOcXwQrdwLo66eQV49iaDxegVPuuYTw1K4c/Xs8Rs/RF5t+Kg+TA8 1Smg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Z+Qt0V/X0rp9/PYEHT57k1RKcIoA/WekeaBBdjP25ow=; b=y4Tujzd0StwrUpN/GtyqLprjjdAQksqFGCt9YHPn0GupfpAoqNFFNQrhCfgqzLKarS VIU8SY33XLaB1O5lPExxqtiK3zuN+wiTViKBe4InGn9XQ9M8NXAKp7kXZYs1CXUh1ToU 7CPMUSoHk3VwNxfpDoUBJwrzZbiiTkBCDAT1+yB97xjLZBFKNml8BlnMMPrz8hDCu5r3 VO5Z/T95NYmHGQGcqULrqBU2Dxj2opgqPmXvwsS//+2WVvGjd7Mv/syjS+2gTsiHfTHS VDnB5wC8hRQqnss6h7E3oJjFQc1y5+yTHHigwLYhbUA7iGxpSNROr+DZfS9mVWMUuO4l Teig== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=KRiBCX2m; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id o21sor1215217qvf.18.2018.11.07.08.44.23 for (Google Transport Security); Wed, 07 Nov 2018 08:44:23 -0800 (PST) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=KRiBCX2m; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Z+Qt0V/X0rp9/PYEHT57k1RKcIoA/WekeaBBdjP25ow=; b=KRiBCX2mswxcVGvFqCFUGvWR+LspTKDuyJ+EGdyEwAEMgY06xMuS5pQwZvH6MBlU+G E5mb+nI0n100RHalblOapwE5miZJGP/o0yFSZENrbTTfEaUx0HcVkasA6SXf0SF4sUU9 J7u4RLR6lL3E3xLzFxBAoWBLTtopr8tswNlhw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Z+Qt0V/X0rp9/PYEHT57k1RKcIoA/WekeaBBdjP25ow=; b=nYMgQMtjp/t5LPfDVh1iMZ9P9Nv7tRUI9puE46L3MEiWk/MD3a5zF56sELP4+mW0uo efmFZTsBAjaD0FRbAZL682xBD7323ghyv95yPTrVKI2nQFQdxq65LwVHjzXGSjUREU7S csopTHaq42kmKinVzU4xHn8r7xrRAh5l9LRZWYL9JFD8G6A2kRzaWVSrLoR++MjZkh3q sFyW20VSsv28ijiiI1vrveHqOjtdQWX7m0hcNBJylo0hxPdX+Q8mVEJx1tSUg1aZ6npB +Vg1IcqWZQsoiDZYxZmE5V6lRHnurSp5DgYygObz54tEKXdSEH2FPc6N6hHZxCu2b6hd kYTQ== X-Gm-Message-State: AGRZ1gJP7ddbf7vkqcpVjA3BT9N9OywT5CO6ngao/G5C4OuL1QaQFXum x5O2bhT7nJYI4BLUfDQTVxt2e/y9 X-Google-Smtp-Source: AJdET5cMbkVSP03bFDjlquijtD6WDbqtsYDNUInLszzPfvT/IyewvCUhqRNzLLZRrn++GXoHLnPfLQ== X-Received: by 2002:a0c:87b7:: with SMTP id 52mr997960qvj.8.1541609062936; Wed, 07 Nov 2018 08:44:22 -0800 (PST) Return-Path: Received: from localhost.localdomain (pool-72-71-243-63.cncdnh.fast00.myfairpoint.net. [72.71.243.63]) by smtp.googlemail.com with ESMTPSA id 96-v6sm681817qtc.56.2018.11.07.08.44.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 08:44:22 -0800 (PST) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 V2 15/24] ARM: KVM: report support for SMCCC_ARCH_WORKAROUND_1 Date: Wed, 7 Nov 2018 11:43:53 -0500 Message-Id: <20181107164402.9380-16-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181107164402.9380-1-dave.long@linaro.org> References: <20181107164402.9380-1-dave.long@linaro.org> From: Russell King Commit add5609877c6785cc002c6ed7e008b1d61064439 upstream. Report support for SMCCC_ARCH_WORKAROUND_1 to KVM guests for affected CPUs. Signed-off-by: Russell King Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Reviewed-by: Marc Zyngier Signed-off-by: David A. Long --- arch/arm/include/asm/kvm_host.h | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) -- 2.17.1 diff --git a/arch/arm/include/asm/kvm_host.h b/arch/arm/include/asm/kvm_host.h index 0833d8a1dbbb..2fda7e905754 100644 --- a/arch/arm/include/asm/kvm_host.h +++ b/arch/arm/include/asm/kvm_host.h @@ -21,6 +21,7 @@ #include #include +#include #include #include #include @@ -323,8 +324,17 @@ static inline int kvm_arm_vcpu_arch_has_attr(struct kvm_vcpu *vcpu, static inline bool kvm_arm_harden_branch_predictor(void) { - /* No way to detect it yet, pretend it is not there. */ - return false; + switch(read_cpuid_part()) { +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + case ARM_CPU_PART_BRAHMA_B15: + case ARM_CPU_PART_CORTEX_A12: + case ARM_CPU_PART_CORTEX_A15: + case ARM_CPU_PART_CORTEX_A17: + return true; +#endif + default: + return false; + } } #define KVM_SSBD_UNKNOWN -1 From patchwork Wed Nov 7 16:43:54 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 150431 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp5387456ljp; Wed, 7 Nov 2018 08:44:24 -0800 (PST) X-Received: by 2002:a37:9cd4:: with SMTP id f203mr921615qke.155.1541609064587; Wed, 07 Nov 2018 08:44:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541609064; cv=none; d=google.com; s=arc-20160816; b=Mx2ekkF1xzyQFINEc9GfMJOYdOrwSf36i6qH9w3fB7vumCYiTwoln7LUpijDIBM8GV uRk7a38DG4YXGfmvquMzCjWNXj9SHrN3sXpM5TQxnv3H3EWLZ0vhVNv4ndGaHQstSf+s iXEmtohDNOivhYE6f+yG9UuL/fZAhbBhxNjKOjg8+i+F8j5eDP651yBFRSSFNa7COQwk zXmTr3ABn4YyPjfnF6Ls2CE7AIz2o08/lLf4xG9a/UrFXnoV3PAAA80xFvVF/wvC0od4 9R1rPz+U/dyKuMxnf1Mp365QTl7Q4ZuSEcLSxl41uX/iPrWYq8bFrMmpOkYVoi0z3bPv 4uTw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=CEkLCWkfi7hEmbdyVA5A/qugIy7C6sSql4wlvQw1hos=; b=lIoh7ANZ8lf9ZiIOQ2wt1uYLZlTB03AE4vCVcujjrlFGvwH8Kqbe5vz6O7G3BdRtcr jgf0PgoR3KKMIkOn1cDtaryeiZPnWPpujjyrre1kpYbb+qfZmN5ppSVHaJ0MnOUnIwX+ 6iSwi/QDOhcIorEDs0RxDVA84YbqbCLGqoWHgxdsOvuIkGll61w3ZYJXRbSK4UVbm42Q I1oC+l+C7TrptPOp/DKDZrG1G5nyS1QuhG1usFjLbDY8mIPO0qQKyaW/TYS2YLHjpCeu dp+mmmfmgALVoIiwHcExb0oFLGDeqnKQzhaD1M0tgQwqOoUXZViMPaM3zf6Cm/ViI9yV EyPQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=VCnVQeoV; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id b26sor1218470qvf.13.2018.11.07.08.44.24 for (Google Transport Security); Wed, 07 Nov 2018 08:44:24 -0800 (PST) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=VCnVQeoV; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=CEkLCWkfi7hEmbdyVA5A/qugIy7C6sSql4wlvQw1hos=; b=VCnVQeoVrNZhqR6q1twy4+yfCixfQU7mu5NFT5sgiG5NZIQ7se05o0rRnLiQ2yt+7f QMo5jFA+jAAHTP3OAwtjSBz1NwCHxd7MNlmXZyh+SuEl6EnGqFaXvBOYWaETkJv5VHre wIVOdpwd+hsDvBaNhmY5ikJ/w1eRHrBrXSkes= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=CEkLCWkfi7hEmbdyVA5A/qugIy7C6sSql4wlvQw1hos=; b=BsyAoAauLNtiESC/0E6UeS6OJBXWGzzv5b5gA2ctCSUL2As07FUcSbXrfhBTwJh55R KD/l4OlXMSgG32T9s9yEOBV42e8n2kjYnsWYZheJg5YZDEhRYeG46yHx/l4WiuGjmhh7 VCr8/5rcstZSQMmuChlyvdiuBDj9DYte725xTEGFyU4Q4FV5h67haPLFLFhC+FU4XWGH eNFlrtzmK28VHf4Suhw5YWOpHHe2+xsnXXMWusSlwMgxgCvHp8C/o5qTZ1toulNKmaY5 PD0lkl65U7XlIksmrajb1QBd0DdtPN1hIGO5m8LYoWgbnP8uNZpaIarh97heAXSyaU/g Kosg== X-Gm-Message-State: AGRZ1gK68eQ2wJdgS2i4aBEE4P6FRNg+DqrwfxfGtN2XmDtOeqZwqyhg qCFmgZOcCmiUEGi2xRz6yphJTPfX5UQRPg== X-Google-Smtp-Source: AJdET5cU7O2L6UF/N2+MzpbHBfSpjqqA35PQi1LzXIGCkjq66XCXDYppFaaIL3M5a11F45o5HvpCkA== X-Received: by 2002:ad4:4312:: with SMTP id c18mr961738qvs.59.1541609064049; Wed, 07 Nov 2018 08:44:24 -0800 (PST) Return-Path: Received: from localhost.localdomain (pool-72-71-243-63.cncdnh.fast00.myfairpoint.net. [72.71.243.63]) by smtp.googlemail.com with ESMTPSA id 96-v6sm681817qtc.56.2018.11.07.08.44.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 08:44:23 -0800 (PST) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 V2 16/24] ARM: spectre-v1: add speculation barrier (csdb) macros Date: Wed, 7 Nov 2018 11:43:54 -0500 Message-Id: <20181107164402.9380-17-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181107164402.9380-1-dave.long@linaro.org> References: <20181107164402.9380-1-dave.long@linaro.org> From: Russell King Commit a78d156587931a2c3b354534aa772febf6c9e855 upstream. Add assembly and C macros for the new CSDB instruction. Signed-off-by: Russell King Acked-by: Mark Rutland Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Signed-off-by: David A. Long --- arch/arm/include/asm/assembler.h | 8 ++++++++ arch/arm/include/asm/barrier.h | 13 +++++++++++++ 2 files changed, 21 insertions(+) -- 2.17.1 diff --git a/arch/arm/include/asm/assembler.h b/arch/arm/include/asm/assembler.h index 3aed4492c9a7..189f3b42baea 100644 --- a/arch/arm/include/asm/assembler.h +++ b/arch/arm/include/asm/assembler.h @@ -445,6 +445,14 @@ THUMB( orr \reg , \reg , #PSR_T_BIT ) .size \name , . - \name .endm + .macro csdb +#ifdef CONFIG_THUMB2_KERNEL + .inst.w 0xf3af8014 +#else + .inst 0xe320f014 +#endif + .endm + .macro check_uaccess, addr:req, size:req, limit:req, tmp:req, bad:req #ifndef CONFIG_CPU_USE_DOMAINS adds \tmp, \addr, #\size - 1 diff --git a/arch/arm/include/asm/barrier.h b/arch/arm/include/asm/barrier.h index f5d698182d50..6f00dac6ad8e 100644 --- a/arch/arm/include/asm/barrier.h +++ b/arch/arm/include/asm/barrier.h @@ -16,6 +16,12 @@ #define isb(option) __asm__ __volatile__ ("isb " #option : : : "memory") #define dsb(option) __asm__ __volatile__ ("dsb " #option : : : "memory") #define dmb(option) __asm__ __volatile__ ("dmb " #option : : : "memory") +#ifdef CONFIG_THUMB2_KERNEL +#define CSDB ".inst.w 0xf3af8014" +#else +#define CSDB ".inst 0xe320f014" +#endif +#define csdb() __asm__ __volatile__(CSDB : : : "memory") #elif defined(CONFIG_CPU_XSC3) || __LINUX_ARM_ARCH__ == 6 #define isb(x) __asm__ __volatile__ ("mcr p15, 0, %0, c7, c5, 4" \ : : "r" (0) : "memory") @@ -36,6 +42,13 @@ #define dmb(x) __asm__ __volatile__ ("" : : : "memory") #endif +#ifndef CSDB +#define CSDB +#endif +#ifndef csdb +#define csdb() +#endif + #ifdef CONFIG_ARM_HEAVY_MB extern void (*soc_mb)(void); extern void arm_heavy_mb(void); From patchwork Wed Nov 7 16:43:55 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 150432 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp5387470ljp; Wed, 7 Nov 2018 08:44:25 -0800 (PST) X-Received: by 2002:a37:e20b:: with SMTP id g11mr871329qki.21.1541609065600; Wed, 07 Nov 2018 08:44:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541609065; cv=none; d=google.com; s=arc-20160816; b=mrCDm1ijrR1ShpsObRHYQc4A9rDF5EPAbXj/yFzLE7Fwhi5ahhxwGdztkOYac43GGG 8/yUczvniLreAqm2/SCoI383ylC11YKWcLHteeC9ZbB+GXC5xsstLE1iQaAsC9orM4kQ u6akAUHkEFwrlIKJBTT/UMStJsu+GxCLUq2/fW1BTl6VpaJ8wcijmegteHD5OZmq+ubJ DMScIStuM2mZw9sS3m0ZQdE1u8rw8SQq8uMsuCGIbpuUKL+rboR5j8WA7/dT6YRuWoBb qxqrxr8+7DOVWl9MS+g3doaduDUtBK/EfujHF0t3obFkmb0m81Wul1N6XXcHX1s3ZhJv Wvag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=3bJG+4cU8AeqqGR8tf+B9dvHx+CHuHIpKs9xqRKYlW4=; b=ncWVxdbe4bO5acz4x3mc6lxm3VDI2SBXs3u3TOI2GOG9c266J7anuWGJReZpSjwzb2 TYrQb5Z4N29oFEpn9srChlyRpE/xGV430tGljjroOwPhWo/IcLAbBUwKX/bHr6IOmfUC Roiht+Mr5pElB45HhYcl4hr07JfGh3IQ/pIvJ/htA4gvVL+eaTCvc5AOZ58Eh6Tzxrpw DLpaUDBJylFTnGBXkyC6a7cHsXPbRFheSUtkHx3xcebBOPYlOA/i9JdYOFUsdDVMT9of KOC7kLCNe+680nSaAmnFU5QbUACkqKNq4UwoLNz5eItpoKm0qUxqYRg3b1DhdgV/XWHO IJ8w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=YjQAgG6K; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id y127-v6sor577880qkd.96.2018.11.07.08.44.25 for (Google Transport Security); Wed, 07 Nov 2018 08:44:25 -0800 (PST) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=YjQAgG6K; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=3bJG+4cU8AeqqGR8tf+B9dvHx+CHuHIpKs9xqRKYlW4=; b=YjQAgG6Kjc2Js16v3xlF+Zk6KJQ7RYQvIJ5Wb3FbqvhAnFML74FnvvvGtVY3PWPSp9 ZAXXT6B46JXAAIDQUp1Z5kT4Yy0Vk/jmpW2uOh3lw9hYv2bt7AfFHeVL5SVJH7h/BBpW sEPVqd1lm/L5ANqe00JHvAB5fxX2BeSWhdW1M= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=3bJG+4cU8AeqqGR8tf+B9dvHx+CHuHIpKs9xqRKYlW4=; b=R7mTlyHejqn7bNH1s7mfn6tkeKG2mpFrkGVqigdplrjc+xJcwjuksBkBUhmBmviMWA RsTOt8u71Hilc/9q3b7VTvSjJ3kCJQDYcH6qVC/NfJburmyphWyEvQCXc2MBO9dKMpZG S2hyNtu+NWoizHelmEjoE4sFd1sTyVHw5SFa1X0rHC85qGVY5ealpvpYv85rJt52Vmie OheEMFlLiEKxiNB9r3NUI47TZTE7HbjBqGRkXPW1tvb61dXhDwJQE7Dsbu3IBQ+Omk3c NNWuE0LjbH6au0by0E2M2gibbXEN57bVruBsNA8adaKWGlh4tcBLOZwIQ5GxChaGKnzY HlKg== X-Gm-Message-State: AGRZ1gKAS8zIPA2Vu24RQAiuj6RrZqbdLx0KmmIZC3m5GaAHCHAA9Uzn HRLvh3f7rf76FFqoWVksJMmgT0EG X-Google-Smtp-Source: AJdET5dpxD4fsIoLNj4eJs3bnKGCRxplqOv8q7cviqBKvIMxnYstksiy4GiKgh5oUQU0w0+p2qyd9w== X-Received: by 2002:a37:9946:: with SMTP id b67mr907413qke.159.1541609065108; Wed, 07 Nov 2018 08:44:25 -0800 (PST) Return-Path: Received: from localhost.localdomain (pool-72-71-243-63.cncdnh.fast00.myfairpoint.net. [72.71.243.63]) by smtp.googlemail.com with ESMTPSA id 96-v6sm681817qtc.56.2018.11.07.08.44.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 08:44:24 -0800 (PST) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 V2 17/24] ARM: spectre-v1: add array_index_mask_nospec() implementation Date: Wed, 7 Nov 2018 11:43:55 -0500 Message-Id: <20181107164402.9380-18-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181107164402.9380-1-dave.long@linaro.org> References: <20181107164402.9380-1-dave.long@linaro.org> From: Russell King Commit 1d4238c56f9816ce0f9c8dbe42d7f2ad81cb6613 upstream. Add an implementation of the array_index_mask_nospec() function for mitigating Spectre variant 1 throughout the kernel. Signed-off-by: Russell King Acked-by: Mark Rutland Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Signed-off-by: David A. Long --- arch/arm/include/asm/barrier.h | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) -- 2.17.1 diff --git a/arch/arm/include/asm/barrier.h b/arch/arm/include/asm/barrier.h index 6f00dac6ad8e..513e03d138ea 100644 --- a/arch/arm/include/asm/barrier.h +++ b/arch/arm/include/asm/barrier.h @@ -75,6 +75,25 @@ extern void arm_heavy_mb(void); #define __smp_rmb() __smp_mb() #define __smp_wmb() dmb(ishst) +#ifdef CONFIG_CPU_SPECTRE +static inline unsigned long array_index_mask_nospec(unsigned long idx, + unsigned long sz) +{ + unsigned long mask; + + asm volatile( + "cmp %1, %2\n" + " sbc %0, %1, %1\n" + CSDB + : "=r" (mask) + : "r" (idx), "Ir" (sz) + : "cc"); + + return mask; +} +#define array_index_mask_nospec array_index_mask_nospec +#endif + #include #endif /* !__ASSEMBLY__ */ From patchwork Wed Nov 7 16:43:56 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 150433 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp5387498ljp; Wed, 7 Nov 2018 08:44:27 -0800 (PST) X-Received: by 2002:ad4:5282:: with SMTP id v2mr954128qvr.195.1541609067048; Wed, 07 Nov 2018 08:44:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541609067; cv=none; d=google.com; s=arc-20160816; b=WRm4IfnBPW3efk6O1dP5ZrQBX2fuY3sHT7Zg0p8N25VTNyE5b5dT/m+DQcLFbdK1vU 1G0NCEOSasxuOKbIofmjEm1nlhMPwo+aIN5mt8sFDOz5TcmY/DDIO73LB4QZvdelyZ0R vmdnMQUd++iasd/pyknFp0yiyUAMl+/UMLLaGpaOafuymnrrvGwhaKTBN2Zd+W+4YiMM HR+jFXH7gCQQqXm6+FCf577E1dE/MmhchuCfRhWkncdU1G3pQPpJvRE4RZ01yskyrmtK KW2hnf6gQq9MlOXrffFiW2apacOh7nMFcUm8XyACmeO4ILAR4YwlXUYtJcoNMr6fpobt QB5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=f6qevJAuwVI43jXNput2zaCKf5/0mDp50KdvP90bOIg=; b=QWUeSozYdvupu45uotu1yycydU3QHEWcQUD454SBtjWkeGBuct24GGjJITx8wr2T7a D0FL7N9HVx2x1/VrEm2T6k/0bfyldIzn1wGKpPxBXIcAAGJ+Xq6eC/SdJXZhorkAjeAb bjmtw4/ErzFo8tP5Ovbe3CKY+g0Yf/IK6XZJoTQJ75xMaa9QyOFt9HBVrAcqBohW0uTJ 0PLB9p5fp0yj8qN3oAH6GPO107uX96T/AB0SwUUV/CklvqMaPMydH5i9FdEKon7eHP2J JrRrPb1/+b+6dd6Px6PbloMVX+edaJ780/vlPV+L+FAgtq29sMjmwPfm6U6VxZKOtRoO zpAw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="SE8oCy/B"; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id w127sor644836qkb.70.2018.11.07.08.44.26 for (Google Transport Security); Wed, 07 Nov 2018 08:44:27 -0800 (PST) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="SE8oCy/B"; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=f6qevJAuwVI43jXNput2zaCKf5/0mDp50KdvP90bOIg=; b=SE8oCy/B8pHjl+gQYXGLeqOSmtHR591dtPGpcd38y3QjKHnB3f+HzFG+upUS8jcI7w vjKTJje4goM8mbSCg+qumWUgvyZTTc7+T4S5ixtlB4CaikJH0Cg8PJ2sCOPZM1YS4cD+ S18fGAXmDptBevUlxHjyA/6DSQpvPU/jMXWlk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=f6qevJAuwVI43jXNput2zaCKf5/0mDp50KdvP90bOIg=; b=SQkdMUhPLti39m7iUBWExOYPWWxgrEddSF9ItXrPXrX+2t2D/sZbmqTMG1xznNXs1b 2WgJpuTKkh8903r8WsmqepCMUohCQwYidx/V/N6etPuJJvfyabrQpoGOLueTuRKW8iDc 31rnVcUZWzG8Xo4fweffNYqpJs5d+1KrGkrcPdSoziMGVrQYIg8MtVXHVp5zg+bFuBiO GgFqqg1JQpG3H0xpxOBTIQkZCIWKpk2oADgPoE6CLs+CJdskFUVlmJAEm4iaNE0nSLbc myKlvOvV86omZuDbqKap9MBGSqz/MjYS0akd8VZ2Q86SRAJAxcQj7zXSAdNjKa5FgY6e m2IQ== X-Gm-Message-State: AGRZ1gKSEmuUIxyVzUuiIOJMoqeEUq5QQimp88D4fgtgGlj0v1Ez/TR9 hspAprT9/0zFA2A3EeB+kEtVpxL9 X-Google-Smtp-Source: AJdET5e6AwNrzygPB5ZXwpIpxhDFq1qMptMifWm2SHqavBMKgl668jM09KnDftKc89U9uYa3duJmdw== X-Received: by 2002:a37:b805:: with SMTP id i5mr903333qkf.141.1541609066432; Wed, 07 Nov 2018 08:44:26 -0800 (PST) Return-Path: Received: from localhost.localdomain (pool-72-71-243-63.cncdnh.fast00.myfairpoint.net. [72.71.243.63]) by smtp.googlemail.com with ESMTPSA id 96-v6sm681817qtc.56.2018.11.07.08.44.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 08:44:25 -0800 (PST) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 V2 18/24] ARM: spectre-v1: fix syscall entry Date: Wed, 7 Nov 2018 11:43:56 -0500 Message-Id: <20181107164402.9380-19-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181107164402.9380-1-dave.long@linaro.org> References: <20181107164402.9380-1-dave.long@linaro.org> From: Russell King Commit 10573ae547c85b2c61417ff1a106cffbfceada35 upstream. Prevent speculation at the syscall table decoding by clamping the index used to zero on invalid system call numbers, and using the csdb speculative barrier. Signed-off-by: Russell King Acked-by: Mark Rutland Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Signed-off-by: David A. Long --- arch/arm/kernel/entry-common.S | 18 +++++++----------- arch/arm/kernel/entry-header.S | 25 +++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 11 deletions(-) -- 2.17.1 diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S index 10c3283d6c19..56be67ecf0fa 100644 --- a/arch/arm/kernel/entry-common.S +++ b/arch/arm/kernel/entry-common.S @@ -223,9 +223,7 @@ local_restart: tst r10, #_TIF_SYSCALL_WORK @ are we tracing syscalls? bne __sys_trace - cmp scno, #NR_syscalls @ check upper syscall limit - badr lr, ret_fast_syscall @ return address - ldrcc pc, [tbl, scno, lsl #2] @ call sys_* routine + invoke_syscall tbl, scno, r10, ret_fast_syscall add r1, sp, #S_OFF 2: cmp scno, #(__ARM_NR_BASE - __NR_SYSCALL_BASE) @@ -258,14 +256,8 @@ __sys_trace: mov r1, scno add r0, sp, #S_OFF bl syscall_trace_enter - - badr lr, __sys_trace_return @ return address - mov scno, r0 @ syscall number (possibly new) - add r1, sp, #S_R0 + S_OFF @ pointer to regs - cmp scno, #NR_syscalls @ check upper syscall limit - ldmccia r1, {r0 - r6} @ have to reload r0 - r6 - stmccia sp, {r4, r5} @ and update the stack args - ldrcc pc, [tbl, scno, lsl #2] @ call sys_* routine + mov scno, r0 + invoke_syscall tbl, scno, r10, __sys_trace_return, reload=1 cmp scno, #-1 @ skip the syscall? bne 2b add sp, sp, #S_OFF @ restore stack @@ -317,6 +309,10 @@ sys_syscall: bic scno, r0, #__NR_OABI_SYSCALL_BASE cmp scno, #__NR_syscall - __NR_SYSCALL_BASE cmpne scno, #NR_syscalls @ check range +#ifdef CONFIG_CPU_SPECTRE + movhs scno, #0 + csdb +#endif stmloia sp, {r5, r6} @ shuffle args movlo r0, r1 movlo r1, r2 diff --git a/arch/arm/kernel/entry-header.S b/arch/arm/kernel/entry-header.S index e056c9a9aa9d..fa7c6e5c17e7 100644 --- a/arch/arm/kernel/entry-header.S +++ b/arch/arm/kernel/entry-header.S @@ -377,6 +377,31 @@ #endif .endm + .macro invoke_syscall, table, nr, tmp, ret, reload=0 +#ifdef CONFIG_CPU_SPECTRE + mov \tmp, \nr + cmp \tmp, #NR_syscalls @ check upper syscall limit + movcs \tmp, #0 + csdb + badr lr, \ret @ return address + .if \reload + add r1, sp, #S_R0 + S_OFF @ pointer to regs + ldmccia r1, {r0 - r6} @ reload r0-r6 + stmccia sp, {r4, r5} @ update stack arguments + .endif + ldrcc pc, [\table, \tmp, lsl #2] @ call sys_* routine +#else + cmp \nr, #NR_syscalls @ check upper syscall limit + badr lr, \ret @ return address + .if \reload + add r1, sp, #S_R0 + S_OFF @ pointer to regs + ldmccia r1, {r0 - r6} @ reload r0-r6 + stmccia sp, {r4, r5} @ update stack arguments + .endif + ldrcc pc, [\table, \nr, lsl #2] @ call sys_* routine +#endif + .endm + /* * These are the registers used in the syscall handler, and allow us to * have in theory up to 7 arguments to a function - r0 to r6. From patchwork Wed Nov 7 16:43:57 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 150434 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp5387517ljp; Wed, 7 Nov 2018 08:44:28 -0800 (PST) X-Received: by 2002:aed:3e39:: with SMTP id l54mr970489qtf.342.1541609068116; Wed, 07 Nov 2018 08:44:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541609068; cv=none; d=google.com; s=arc-20160816; b=oETTpjrmPNY4uAcpkb/QiBji0vSqggIUdWbYs66eCuIjDbv0ggPDOZVxareDLPSorw kr+v6KHj8v4ufgvi170t6fMbACJpFmjgBV+c48hcXt+e+xoAnmh9C9BYckPkjTeRiQXc OziVkVNhvrqJHrd0iDQDGN9bDARyFo7JcunnUNsqnOZJyxtQLWc4o4pwdK/FOOX4TSBG 7jK/tln/AiAAqpMhr66G7Q002XttxTIBn73L6lVt89tZq8zdT9UoKuQZl4kZ4gcB8Sxj JLX483vjxHi57d6Oc86GB+IokX2WaFIGbgYHSM5wSN4IVr8qiIqnkV/9uKzNqX0r3V3S eXig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=qa5Mci7cMAGvawpk5a6Wtf5f3dHfZJJnbCtGATwkUMw=; b=hv5mDx3B4bMrfs/PtgJMJlS+mO1OVyruMaZWfF5TLRutHJjUCTsE6+Y3SIO3CqmNuH C/DlVUM3KLlRtr60HIYBcr66QrUR8LEpHF8xxhvHcHosQj7pB9/uzXtnl5u/VihEFury jweVLrRftJdpnJkGzboeHMlx3nd8LckLMsH5bln75PJWaKUBlRGRVTWo7SV577AiDecg FHOzetHEuRvgNUWm4+SJ8sqDeN2p0/dueumzxtrYj8Dur/P8VU9y45pdDsyv9ZiWEljl I9+M+xFwtUP2gybKzq/azpFzNJ2VXZ8s/zLIWNoIlZwUCE9GKTlpbuZCqsppTSupV8z0 hXTw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=BjVn6png; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id h28-v6sor1313943qtc.5.2018.11.07.08.44.27 for (Google Transport Security); Wed, 07 Nov 2018 08:44:28 -0800 (PST) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=BjVn6png; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=qa5Mci7cMAGvawpk5a6Wtf5f3dHfZJJnbCtGATwkUMw=; b=BjVn6pngKtfQQ2aNkc2Lxw+6GJUWO2VsiatHKFkG+6M23hVYC8q7YXZG9MXFsAEuAA 2ILoKgN0kB2Tt8b/OumH0VO7QiRqreclcASeijyEPBqNL2/cKQf0AD75TqU7o1Rqh3E0 hcBxwNJXYIt+zqjpa5c4wA7isClJl4LfH5RFg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=qa5Mci7cMAGvawpk5a6Wtf5f3dHfZJJnbCtGATwkUMw=; b=Wzitf8ur/4m4BsDAcokWqRuGmn/8Smd2jARQbXeoyaiRtVNRQo1bR7+6WN/5m8E9VB brlQ3gkEJTZWKXWNm+Ga5zZGWYLm0H6evXWXCTkCbSRKVFHhqmzRgIghWUAzgsmoSxn1 IyUvM85qORdNcQxi4MhCz7j68W4Z9e64A4FXKMw1B9XO6TrDIrAZBj7j0CXcEe+6V0SU fu89O2LFKYOUNvEKyduSQ/JfS/mYcE5yEnHLxA7TIEvGdMEB6EHpNvFjwO0cCp/Mi8BA P4pY8GAj0HwFYcV2U2gH5TgNNGE+PVqcC9l1PuxpGAx5MCVVNZKkQJtgzM0HPr9Ch1fS l5hg== X-Gm-Message-State: AGRZ1gL9xhpApjsFL6RNGH9kK+IG/QExX/SF8jc9bosQixnnXIfJqYhU 9UDj8l9UYlkGs46RMaKPF2icd9jr X-Google-Smtp-Source: AJdET5d7JsAE96ij/ocES2lrnlInknCKPGOSvyrFSu7Ns8TKftjfgdPvdPcByOXvVDurUb0mYAiviw== X-Received: by 2002:ac8:18fa:: with SMTP id o55mr985476qtk.256.1541609067511; Wed, 07 Nov 2018 08:44:27 -0800 (PST) Return-Path: Received: from localhost.localdomain (pool-72-71-243-63.cncdnh.fast00.myfairpoint.net. [72.71.243.63]) by smtp.googlemail.com with ESMTPSA id 96-v6sm681817qtc.56.2018.11.07.08.44.26 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 08:44:27 -0800 (PST) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 V2 19/24] ARM: signal: copy registers using __copy_from_user() Date: Wed, 7 Nov 2018 11:43:57 -0500 Message-Id: <20181107164402.9380-20-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181107164402.9380-1-dave.long@linaro.org> References: <20181107164402.9380-1-dave.long@linaro.org> From: Russell King Commit c32cd419d6650e42b9cdebb83c672ec945e6bd7e upstream. __get_user_error() is used as a fast accessor to make copying structure members in the signal handling path as efficient as possible. However, with software PAN and the recent Spectre variant 1, the efficiency is reduced as these are no longer fast accessors. In the case of software PAN, it has to switch the domain register around each access, and with Spectre variant 1, it would have to repeat the access_ok() check for each access. It becomes much more efficient to use __copy_from_user() instead, so let's use this for the ARM integer registers. Acked-by: Mark Rutland Signed-off-by: Russell King Signed-off-by: David A. Long --- arch/arm/kernel/signal.c | 38 +++++++++++++++++++++----------------- 1 file changed, 21 insertions(+), 17 deletions(-) -- 2.17.1 diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c index 7b8f2141427b..a592bc0287f8 100644 --- a/arch/arm/kernel/signal.c +++ b/arch/arm/kernel/signal.c @@ -141,6 +141,7 @@ struct rt_sigframe { static int restore_sigframe(struct pt_regs *regs, struct sigframe __user *sf) { + struct sigcontext context; struct aux_sigframe __user *aux; sigset_t set; int err; @@ -149,23 +150,26 @@ static int restore_sigframe(struct pt_regs *regs, struct sigframe __user *sf) if (err == 0) set_current_blocked(&set); - __get_user_error(regs->ARM_r0, &sf->uc.uc_mcontext.arm_r0, err); - __get_user_error(regs->ARM_r1, &sf->uc.uc_mcontext.arm_r1, err); - __get_user_error(regs->ARM_r2, &sf->uc.uc_mcontext.arm_r2, err); - __get_user_error(regs->ARM_r3, &sf->uc.uc_mcontext.arm_r3, err); - __get_user_error(regs->ARM_r4, &sf->uc.uc_mcontext.arm_r4, err); - __get_user_error(regs->ARM_r5, &sf->uc.uc_mcontext.arm_r5, err); - __get_user_error(regs->ARM_r6, &sf->uc.uc_mcontext.arm_r6, err); - __get_user_error(regs->ARM_r7, &sf->uc.uc_mcontext.arm_r7, err); - __get_user_error(regs->ARM_r8, &sf->uc.uc_mcontext.arm_r8, err); - __get_user_error(regs->ARM_r9, &sf->uc.uc_mcontext.arm_r9, err); - __get_user_error(regs->ARM_r10, &sf->uc.uc_mcontext.arm_r10, err); - __get_user_error(regs->ARM_fp, &sf->uc.uc_mcontext.arm_fp, err); - __get_user_error(regs->ARM_ip, &sf->uc.uc_mcontext.arm_ip, err); - __get_user_error(regs->ARM_sp, &sf->uc.uc_mcontext.arm_sp, err); - __get_user_error(regs->ARM_lr, &sf->uc.uc_mcontext.arm_lr, err); - __get_user_error(regs->ARM_pc, &sf->uc.uc_mcontext.arm_pc, err); - __get_user_error(regs->ARM_cpsr, &sf->uc.uc_mcontext.arm_cpsr, err); + err |= __copy_from_user(&context, &sf->uc.uc_mcontext, sizeof(context)); + if (err == 0) { + regs->ARM_r0 = context.arm_r0; + regs->ARM_r1 = context.arm_r1; + regs->ARM_r2 = context.arm_r2; + regs->ARM_r3 = context.arm_r3; + regs->ARM_r4 = context.arm_r4; + regs->ARM_r5 = context.arm_r5; + regs->ARM_r6 = context.arm_r6; + regs->ARM_r7 = context.arm_r7; + regs->ARM_r8 = context.arm_r8; + regs->ARM_r9 = context.arm_r9; + regs->ARM_r10 = context.arm_r10; + regs->ARM_fp = context.arm_fp; + regs->ARM_ip = context.arm_ip; + regs->ARM_sp = context.arm_sp; + regs->ARM_lr = context.arm_lr; + regs->ARM_pc = context.arm_pc; + regs->ARM_cpsr = context.arm_cpsr; + } err |= !valid_user_regs(regs); From patchwork Wed Nov 7 16:43:58 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 150435 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp5387532ljp; Wed, 7 Nov 2018 08:44:29 -0800 (PST) X-Received: by 2002:ac8:8e1:: with SMTP id y30mr954718qth.3.1541609069036; Wed, 07 Nov 2018 08:44:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541609069; cv=none; d=google.com; s=arc-20160816; b=iCCr7nDOVHhpLvF/KlcOZBdnDa5S8yHSS6aBSEtmEWmb+u/CgnfKSnWLBaZmPXhk6o RLQilUsqxs30tOss/eKOrG6ciYnp7vFQZKRzMPP2D4TFGX2SKP6Sa/qLLeYHzMm/6D3z Xmeu/0Pnts60UEUKVdspSL88K/+2to5ghlfanRV1jSGq2M7DmFl10BFGyZy3Vo2RjEkk H7ZOCy9kfjXWc5zAmaaug/vwkcPKxmIzFDqPieN9NVvjLwGFn/iQY0zyxUXiPDm3HeDo C9nnP4lr25nyU3p+7QoDueaxiOfpgotb8zkP/6f7Yii0hyiKz/I0FbNd+l7BEbxcwNvT Hx2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=WU9LGXkuIzC4CcOmIihXYGuiNacUrn4d35aRch3bjb8=; b=uj6k5pgQlG86xF+GcuuWZ3cs+nMSc8uxQpthce5+kUKWboiES7n7D5tUJw55DGZxiv JTBt4HmVXe3TWukcKibWr69kP9omGsP7mEpN4rduHTJdjtE6oyChiQin5p+/FWUGgEAr CNvZvghKoM+gk+1myn5QyntNR04ZLFD+73aIEM2BO8/at1/voA0Am2ZNXEynhegHTMpM 4f3LWUHcg0jsizZLNNkjNCXsJdQtecTCRd7KmDcy9pfCXNw7noPuzcokbdWObdJXAApT LY9R+EhcElywrr1vp8IRdfIPpqL/jgJtUhFcmdviFi+VZ9xZDfWSS4YCHvAUn7LjxqYA 1Y2g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZobLEn5x; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id r7-v6sor1290134qtp.59.2018.11.07.08.44.28 for (Google Transport Security); Wed, 07 Nov 2018 08:44:29 -0800 (PST) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZobLEn5x; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=WU9LGXkuIzC4CcOmIihXYGuiNacUrn4d35aRch3bjb8=; b=ZobLEn5xpShr6Z/LLJVrLZC3J04izG0pJG1XcuKJCgDL7r7I2xNjjeWZVaH+7elvAF KcrE1Ix2SmnMhuq4OQFyPGMFnfyk+nQoAPVCk5NRccWHAyE6viwgqdQlCXcKEObwjMqb vgf2DlOk8FDL8vvLaKazvO5R00eY5E4RrNhcg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=WU9LGXkuIzC4CcOmIihXYGuiNacUrn4d35aRch3bjb8=; b=NXw1U6H77sfmq51BSWqxwdaCpwXoR+qE0sApKWilgcMjJluspktYE4+FdmSEa2aSl5 JjtZ3KfeYZfIAK+49na0pAmj74+OKCeTJD/up0M+5DqfrIfk8dYPYslrE7NKLRlWnTAC hY9DHG929pbqnacUa4pancb8Ka5ez3c1gUARi/2VXLz1Xup7AMtHwQpFVPbEZszbpPds A4KXevpAjZl870//2l3tqcbfC3RqgltTzcgVdTO48AW9UsEpw0sAb0EwtkyrpoguTFCD 7YQGQT5evRK1rm3xoLgRMl8+6HOfVeRioXIo8sgzMGezRJEOlbT/Gw6m6Er+FgryYKUW GnGg== X-Gm-Message-State: AGRZ1gJwRynRbPdgINI05CLpDkKAsr3ibt5+GQHeyPrVW8kfgVHMNH3e WwS8MNqHqZ9sF2vEZj8eIhgpfjjw X-Google-Smtp-Source: AJdET5e8nO4E6e20tAh5eFvrNSDPV8029uITrK16Aagcn7pDxg98jzyTwopL1v/K3W4t/LOIr+sm2w== X-Received: by 2002:ac8:839:: with SMTP id u54mr905309qth.313.1541609068521; Wed, 07 Nov 2018 08:44:28 -0800 (PST) Return-Path: Received: from localhost.localdomain (pool-72-71-243-63.cncdnh.fast00.myfairpoint.net. [72.71.243.63]) by smtp.googlemail.com with ESMTPSA id 96-v6sm681817qtc.56.2018.11.07.08.44.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 08:44:28 -0800 (PST) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 V2 20/24] ARM: vfp: use __copy_from_user() when restoring VFP state Date: Wed, 7 Nov 2018 11:43:58 -0500 Message-Id: <20181107164402.9380-21-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181107164402.9380-1-dave.long@linaro.org> References: <20181107164402.9380-1-dave.long@linaro.org> From: Russell King Commit 42019fc50dfadb219f9e6ddf4c354f3837057d80 upstream. __get_user_error() is used as a fast accessor to make copying structure members in the signal handling path as efficient as possible. However, with software PAN and the recent Spectre variant 1, the efficiency is reduced as these are no longer fast accessors. In the case of software PAN, it has to switch the domain register around each access, and with Spectre variant 1, it would have to repeat the access_ok() check for each access. Use __copy_from_user() rather than __get_user_err() for individual members when restoring VFP state. Acked-by: Mark Rutland Signed-off-by: Russell King Signed-off-by: David A. Long --- arch/arm/include/asm/thread_info.h | 4 ++-- arch/arm/kernel/signal.c | 17 ++++++++--------- arch/arm/vfp/vfpmodule.c | 17 +++++++---------- 3 files changed, 17 insertions(+), 21 deletions(-) -- 2.17.1 diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h index 776757d1604a..57d2ad9c75ca 100644 --- a/arch/arm/include/asm/thread_info.h +++ b/arch/arm/include/asm/thread_info.h @@ -126,8 +126,8 @@ struct user_vfp_exc; extern int vfp_preserve_user_clear_hwstate(struct user_vfp __user *, struct user_vfp_exc __user *); -extern int vfp_restore_user_hwstate(struct user_vfp __user *, - struct user_vfp_exc __user *); +extern int vfp_restore_user_hwstate(struct user_vfp *, + struct user_vfp_exc *); #endif /* diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c index a592bc0287f8..6bee5c9b1133 100644 --- a/arch/arm/kernel/signal.c +++ b/arch/arm/kernel/signal.c @@ -107,21 +107,20 @@ static int preserve_vfp_context(struct vfp_sigframe __user *frame) return vfp_preserve_user_clear_hwstate(&frame->ufp, &frame->ufp_exc); } -static int restore_vfp_context(struct vfp_sigframe __user *frame) +static int restore_vfp_context(struct vfp_sigframe __user *auxp) { - unsigned long magic; - unsigned long size; - int err = 0; + struct vfp_sigframe frame; + int err; - __get_user_error(magic, &frame->magic, err); - __get_user_error(size, &frame->size, err); + err = __copy_from_user(&frame, (char __user *) auxp, sizeof(frame)); if (err) - return -EFAULT; - if (magic != VFP_MAGIC || size != VFP_STORAGE_SIZE) + return err; + + if (frame.magic != VFP_MAGIC || frame.size != VFP_STORAGE_SIZE) return -EINVAL; - return vfp_restore_user_hwstate(&frame->ufp, &frame->ufp_exc); + return vfp_restore_user_hwstate(&frame.ufp, &frame.ufp_exc); } #endif diff --git a/arch/arm/vfp/vfpmodule.c b/arch/arm/vfp/vfpmodule.c index 5629d7580973..8e5e97989fda 100644 --- a/arch/arm/vfp/vfpmodule.c +++ b/arch/arm/vfp/vfpmodule.c @@ -597,13 +597,11 @@ int vfp_preserve_user_clear_hwstate(struct user_vfp __user *ufp, } /* Sanitise and restore the current VFP state from the provided structures. */ -int vfp_restore_user_hwstate(struct user_vfp __user *ufp, - struct user_vfp_exc __user *ufp_exc) +int vfp_restore_user_hwstate(struct user_vfp *ufp, struct user_vfp_exc *ufp_exc) { struct thread_info *thread = current_thread_info(); struct vfp_hard_struct *hwstate = &thread->vfpstate.hard; unsigned long fpexc; - int err = 0; /* Disable VFP to avoid corrupting the new thread state. */ vfp_flush_hwstate(thread); @@ -612,17 +610,16 @@ int vfp_restore_user_hwstate(struct user_vfp __user *ufp, * Copy the floating point registers. There can be unused * registers see asm/hwcap.h for details. */ - err |= __copy_from_user(&hwstate->fpregs, &ufp->fpregs, - sizeof(hwstate->fpregs)); + memcpy(&hwstate->fpregs, &ufp->fpregs, sizeof(hwstate->fpregs)); /* * Copy the status and control register. */ - __get_user_error(hwstate->fpscr, &ufp->fpscr, err); + hwstate->fpscr = ufp->fpscr; /* * Sanitise and restore the exception registers. */ - __get_user_error(fpexc, &ufp_exc->fpexc, err); + fpexc = ufp_exc->fpexc; /* Ensure the VFP is enabled. */ fpexc |= FPEXC_EN; @@ -631,10 +628,10 @@ int vfp_restore_user_hwstate(struct user_vfp __user *ufp, fpexc &= ~(FPEXC_EX | FPEXC_FP2V); hwstate->fpexc = fpexc; - __get_user_error(hwstate->fpinst, &ufp_exc->fpinst, err); - __get_user_error(hwstate->fpinst2, &ufp_exc->fpinst2, err); + hwstate->fpinst = ufp_exc->fpinst; + hwstate->fpinst2 = ufp_exc->fpinst2; - return err ? -EFAULT : 0; + return 0; } /* From patchwork Wed Nov 7 16:43:59 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 150436 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp5387565ljp; Wed, 7 Nov 2018 08:44:30 -0800 (PST) X-Received: by 2002:ac8:2729:: with SMTP id g38-v6mr975357qtg.168.1541609070136; Wed, 07 Nov 2018 08:44:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541609070; cv=none; d=google.com; s=arc-20160816; b=aRf49nALYrpzLEz3pDrh2Pd94JEAPsMmqiD1Uyhj/mWbcJVzJstpUjerzQe1+t5a+B c6JQoMJ4Gzsm43TSL5NBWjERI+EYYS6ODof9SdfLYp5eUvfCVGMKx/97fFS6gUB51PyI fU+vv4jl5iiyP3k7rty7ORekWD9GBXDBJMFD0TWSn+UXJ+DTo6OMYL+M2uAbO9C+4iX7 69G5rAk+XbH5UOrfu8WwJtfXKfhuxSuWI0rABMNaogL4riFIfhqx+XlIZvPB3T0u8rEd Pj94tNI22TSyWsR+7x6IiM/qJj7XoFk01AlpC606QB5nsR7b1jIAck+u3y5IZMUQktpC pTGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=IaoQxTRrxrYBzQWir0u9ErhYqEdp4e5JRmU48kGigvg=; b=EgQxsd4ouBhWYPJLNtif8yqOmEUpXspe893i3+FRtGaZbaW17JNd/Gtgrl31IyTL/H u8Fr7Uu5FRGBZgSV9SsPgm+kvrerBKrNNAnwAxxBUHWb8lcmDqmYLJJJ7z16jBmBlDEC GYdDkqnC03+uzG/6X8nIjul4M+v83T8tx+wwfwkKxlWOtxRiYpBgh8vWu1o4+zeEhYh7 tHK73IJ0rR02ZyUat1+mPdNWuNqNf51aY7UVwPvmUDnYVMbamYcPl8CersBCWIdrJ7dQ 7wQPXwidtWCGvuJz8fELpAYk4hzV9I6g8stFirMfyUllyhjQrqQ2e3e2UTVKhodkfGFU ExwA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=QM4ksajz; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id b127sor644092qkc.48.2018.11.07.08.44.29 for (Google Transport Security); Wed, 07 Nov 2018 08:44:30 -0800 (PST) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=QM4ksajz; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=IaoQxTRrxrYBzQWir0u9ErhYqEdp4e5JRmU48kGigvg=; b=QM4ksajzmmbpZkQhfhWG60F3SGkJ5YCdOROCgMH0zyGWDY7AWE+/V9nCVus+KvNJbR n3optY4Rzhl56TkDWFuGtkw5LUBY1j454R4N5ypGpZ/igTIEwjoyemMZ/LZ0zR0IMk1l PABc9OtKGGeTY/O4dq+VY6XepthHIqJhR9/RY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=IaoQxTRrxrYBzQWir0u9ErhYqEdp4e5JRmU48kGigvg=; b=lOzU+9rke/EjdrvvTxAxgDgP1zWJBXO1KsfJpz+NugGnZcnqnJc4o/6h5kQIAADAdc F0fpDnmTf9/Af/vvAM15VU3USTJqxRmE2N+ilBgBhBr8SSqzSohemrtJU7ywBsmddGzV wX9TgyHfGQq8cgy7jjDrnrMrdVxvtjdiOHQRQpPBzUTJHYWJGA0zuJ0T6d+Z8B3qEyh8 e/jUTniaEMusgunJM7Ei/QZtDGo4VZwKaWxKMd/P3P47MjAgwdB7aOivQnmM87RCTn5P NOQvpiUlcKaQDVM2YF74C3kMxFCvsaO2U393vvHSu0ubyDZ/VCW8pPE4IPffLIYZ1SE8 6Pmg== X-Gm-Message-State: AGRZ1gJp6kXgGvIvw4l9NjkbHbq52FhpU5ShADwaiky9HB7tDkT17/MR gvdRklMLxl+c3S9cR/nugjfSTt+z3iPO1g== X-Google-Smtp-Source: AJdET5dgTUO2k6soNHIiBZIy4t4G1uNUBT+fAvnl/uKE273YPI0yCA8P6MvzXTuR7lH728BR7iBkHQ== X-Received: by 2002:a37:630a:: with SMTP id x10mr942223qkb.146.1541609069677; Wed, 07 Nov 2018 08:44:29 -0800 (PST) Return-Path: Received: from localhost.localdomain (pool-72-71-243-63.cncdnh.fast00.myfairpoint.net. [72.71.243.63]) by smtp.googlemail.com with ESMTPSA id 96-v6sm681817qtc.56.2018.11.07.08.44.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 08:44:29 -0800 (PST) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 V2 21/24] ARM: oabi-compat: copy semops using __copy_from_user() Date: Wed, 7 Nov 2018 11:43:59 -0500 Message-Id: <20181107164402.9380-22-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181107164402.9380-1-dave.long@linaro.org> References: <20181107164402.9380-1-dave.long@linaro.org> From: Russell King Commit 8c8484a1c18e3231648f5ba7cc5ffb7fd70b3ca4 upstream. __get_user_error() is used as a fast accessor to make copying structure members as efficient as possible. However, with software PAN and the recent Spectre variant 1, the efficiency is reduced as these are no longer fast accessors. In the case of software PAN, it has to switch the domain register around each access, and with Spectre variant 1, it would have to repeat the access_ok() check for each access. Rather than using __get_user_error() to copy each semops element member, copy each semops element in full using __copy_from_user(). Acked-by: Mark Rutland Signed-off-by: Russell King Signed-off-by: David A. Long --- arch/arm/kernel/sys_oabi-compat.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) -- 2.17.1 diff --git a/arch/arm/kernel/sys_oabi-compat.c b/arch/arm/kernel/sys_oabi-compat.c index 5f221acd21ae..640748e27035 100644 --- a/arch/arm/kernel/sys_oabi-compat.c +++ b/arch/arm/kernel/sys_oabi-compat.c @@ -328,9 +328,11 @@ asmlinkage long sys_oabi_semtimedop(int semid, return -ENOMEM; err = 0; for (i = 0; i < nsops; i++) { - __get_user_error(sops[i].sem_num, &tsops->sem_num, err); - __get_user_error(sops[i].sem_op, &tsops->sem_op, err); - __get_user_error(sops[i].sem_flg, &tsops->sem_flg, err); + struct oabi_sembuf osb; + err |= __copy_from_user(&osb, tsops, sizeof(osb)); + sops[i].sem_num = osb.sem_num; + sops[i].sem_op = osb.sem_op; + sops[i].sem_flg = osb.sem_flg; tsops++; } if (timeout) { From patchwork Wed Nov 7 16:44:00 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 150437 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp5387587ljp; Wed, 7 Nov 2018 08:44:31 -0800 (PST) X-Received: by 2002:ac8:7482:: with SMTP id v2-v6mr938687qtq.251.1541609071199; Wed, 07 Nov 2018 08:44:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541609071; cv=none; d=google.com; s=arc-20160816; b=Dnqi0G53YGh4nU2MuOhR52yiW2iIci59cian99NeLcpSwcjHfmTwR2nr67lh0kqwsT jxKgYp9O/Rwp1NvfKY78O2Dm/vTbeNCvvbt7H5KIZq26WWnAo9ZJhDTDCA8XOdp3AGar hOhXMnKpGqx8U9m7vW5HNZvXVoKiiuoQG/F/ah3p5i5XctuFD7Jlud+OH5aHne7KysWN NflvWC7mYiRxvNu8xsi+CNSSmE1ARyog1soM0POiTLaVvEF0zPtf7E1ZXSWizpMO9jC3 iFS5SGzD4Lwcq+/qM9Ffe5oetIaAamVGxXNkmwzpBVV3P52MXFvkNrmLhZzrrqi3qxcy cU+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=ooCq3zDEQFNaEs3SH2OOgctB7upQfBN8UmRyJCq4nuI=; b=X1tHaIphIoSMhJ9i1LmaCgI0zRbcYWnWhvuhNa7dILYpcVajw8s+niqkBZ9S+qCgiq UoM01o8wTvodq2VEInekG3xIydma179ChTOdS7x1oUMTvbAGUM62eV2eDDan8j8a/N2l ZTIEnrrlmB/SDV4bpCwMXz1plF+78CjUBwgOKegcD6HU2iO5rNtyLcHXznV8CAYcU1NN 8IZufhD6mpQv3qKn1cJ3KHuK84BprCV6Bk2zi4ZC99K5zaRfdlF7taV1+jvMZxJHMu8g AdBbz/1yBeDzWDMO/Agj+W8njepDx6t8zZPFzZuE7EyIY2tCQhETwFXGvVuJeQbajsdV rH7Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=KAJFN1bC; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id g9sor1222738qvm.22.2018.11.07.08.44.31 for (Google Transport Security); Wed, 07 Nov 2018 08:44:31 -0800 (PST) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=KAJFN1bC; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ooCq3zDEQFNaEs3SH2OOgctB7upQfBN8UmRyJCq4nuI=; b=KAJFN1bCs9gUESqXlBJ7/0XFlaxDQMW9E+2xAnbWWpW9hEuxlcDbc594E1Db/zTkRs 6r9KbZTPhPPxnX+DyPoxiWjDG7WZuS/aCnCzHNxcspnW9QvBi+vFWj+fMa47eoGlVX6h k7AWoy+Ssv3dVdmm+zIcmZf4Q350PpykpkgUk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ooCq3zDEQFNaEs3SH2OOgctB7upQfBN8UmRyJCq4nuI=; b=YE7Smdwxo5czs/QfX/Anor20Y/VhvCUDzpmxqjAW3CqG15tt9xMgDt1bEVoUEzLO5n Rng5AWfJJnIIzFKRQ1Iq1/rdfXogqyLXmYp6nbyQ9FZlkImf4Cbj165sc/6e/MLWnkCY vpYasU0jdiCknRJCno145EE6erRyYaCWxrTGu5fidHsamoeyN0I30WUNhOdxzrdTCNEU 0yHle1YFXBxTeZRDdH4uLhoqLwkeeb1dUqUcxywdAI2ei7lqEhEQ8OB+GTHlbaej31ui HErsCQIDgUV/dbSOA5r8NGRkn/pPVslxQirj1xIVddp6oOgY0NSMuHC0qa20VKwv7AaB /1Gg== X-Gm-Message-State: AGRZ1gIs3yCrthA0Hk4LwMNKH7EOrHhZ4/w3G9exJVvSC3EvTem2c6V8 bDWFGlP/uDJK7ko/Ic/hLKmhs39m X-Google-Smtp-Source: AJdET5cBZCUThr7/V5qQL599fNwxPzbuklul7M1j5gIFeMpTuPvcvJYc7kqnjRUuW/FIVlwJc3WSjg== X-Received: by 2002:a0c:b509:: with SMTP id d9-v6mr1012604qve.184.1541609070640; Wed, 07 Nov 2018 08:44:30 -0800 (PST) Return-Path: Received: from localhost.localdomain (pool-72-71-243-63.cncdnh.fast00.myfairpoint.net. [72.71.243.63]) by smtp.googlemail.com with ESMTPSA id 96-v6sm681817qtc.56.2018.11.07.08.44.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 08:44:30 -0800 (PST) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 V2 22/24] ARM: use __inttype() in get_user() Date: Wed, 7 Nov 2018 11:44:00 -0500 Message-Id: <20181107164402.9380-23-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181107164402.9380-1-dave.long@linaro.org> References: <20181107164402.9380-1-dave.long@linaro.org> From: Russell King Commit d09fbb327d670737ab40fd8bbb0765ae06b8b739 upstream. Borrow the x86 implementation of __inttype() to use in get_user() to select an integer type suitable to temporarily hold the result value. This is necessary to avoid propagating the volatile nature of the result argument, which can cause the following warning: lib/iov_iter.c:413:5: warning: optimization may eliminate reads and/or writes to register variables [-Wvolatile-register-var] Acked-by: Mark Rutland Signed-off-by: Russell King Signed-off-by: David A. Long --- arch/arm/include/asm/uaccess.h | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) -- 2.17.1 diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h index b7e0125c0bbf..4a61f36c7397 100644 --- a/arch/arm/include/asm/uaccess.h +++ b/arch/arm/include/asm/uaccess.h @@ -114,6 +114,13 @@ static inline void set_fs(mm_segment_t fs) : "cc"); \ flag; }) +/* + * This is a type: either unsigned long, if the argument fits into + * that type, or otherwise unsigned long long. + */ +#define __inttype(x) \ + __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL)) + /* * Single-value transfer routines. They automatically use the right * size if we just have the right pointer type. Note that the functions @@ -183,7 +190,7 @@ extern int __get_user_64t_4(void *); ({ \ unsigned long __limit = current_thread_info()->addr_limit - 1; \ register const typeof(*(p)) __user *__p asm("r0") = (p);\ - register typeof(x) __r2 asm("r2"); \ + register __inttype(x) __r2 asm("r2"); \ register unsigned long __l asm("r1") = __limit; \ register int __e asm("r0"); \ unsigned int __ua_flags = uaccess_save_and_enable(); \ From patchwork Wed Nov 7 16:44:01 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 150438 Delivered-To: patches@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp5387612ljp; Wed, 7 Nov 2018 08:44:32 -0800 (PST) X-Received: by 2002:aed:38c6:: with SMTP id k64mr747915qte.97.1541609072274; Wed, 07 Nov 2018 08:44:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541609072; cv=none; d=google.com; s=arc-20160816; b=TXRi1fOk8ZxB5d2McXC4LtUuzQwG79dkHCs1cakyFba9TMnuqV/KFVu1Fanjhyfs7k 033f6yU/KP5DwUGqWmr+LdASNrvAVlDZiEeIVIumnSyQD3bW3WbIz24RuvfwgiVRi7L7 3HCQWDT36qBspJtjeMmkiynjxD8Y+UYpBIroSS+TKzBBMgGgIgerKoccH8NYJGnHziNx b8KPiuudx1+4Qj1cmgunQ1GgozUYiqJobvUNVt4lVNxZxqlF4X6HnB+MNilwQFyOXj0r 6UKWND7Y48Q8H9PKt9n/dn7Vk00Mkna00/6X+dj+i+BvaJF+iXKpBAaI+AdE2y/61IBB X92g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=NgpDbEEIVQNDaGmylLr91S8vRe2oycD1Ffr64haQrrw=; b=TuEZMaWnsQU2mMKGF/NVQEqmMzZHicaTX1VwCm5mtDEYs4m665BZVrrk8bDwV9Emlp 9YFxdS2t9OuuNMzR7Zq/ndjIt0iR7QEKe/drEF35CIG+gYUwIwIjuE7dl+zLasXyEsbC QE87SOIlNDK8j/BYZjDihaxEPyOXVhpQ4KeymXg9zEtlTfpxVWA0CRcyQIzO2JDmtHlF sbssyHMwH6rm3r5IyB6UObV0wv23teAycTwrzll7MkdtaCfrQ/Eu/BuD3jla0T+t5ikx bBr+lRYOeJ27KTCInO5jSXDqj8W2wUX0ZkcJJVwMm2FPErTYTWIX9dTR3ApcpgX1Y083 52bg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=bVEwQKBr; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id j124sor654994qka.0.2018.11.07.08.44.32 for (Google Transport Security); Wed, 07 Nov 2018 08:44:32 -0800 (PST) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=bVEwQKBr; spf=pass (google.com: domain of dave.long@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=dave.long@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=NgpDbEEIVQNDaGmylLr91S8vRe2oycD1Ffr64haQrrw=; b=bVEwQKBrLqM4qzzHgcxrqetJMrn2B5Wed3gFIIfzCT223T6JXUJtxkepjasLpPzJsf VaF1Ew1XFLbVp4pslk0cuWnAugSb/4MOaHarcmbH1jazAZ9T64Mvk57dg6fipC75J1U7 IL+rhBg5qKYpc5vBFR8jc2OILIZnEhedR7YEw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=NgpDbEEIVQNDaGmylLr91S8vRe2oycD1Ffr64haQrrw=; b=Qa4ZZAA0NXCXx4eUqNT3U+gVLeRaO0Q1P3qZsxJ+BUgkoDe5DYurx9xvDnhrYD6Goc 5j1Jazn6IC4q+EcN0ZhmTgRsfOsw2CU/JQGPywxMyMIkhBcxCB4tCIwy1gxcma0V0SR2 TUEO6wFaD2ujlKYBENu/p29nwBho0jpzEVCcr0L5ddJ2CQpSm81WK47CGDJ+uCAhBlUs 5C36nbvBkceFbF2jc9AJ3KQgI98N7NYibrrwlB/DXA8JpkFnN6Q2XrC2FKhpifJGxOPT YrMZ7aiO4CKkIRzsjxzYPWSxFZLVOvpHhLf2CvvjRxptGlPm559idGQyl9abJ/UFfVHJ 3HGw== X-Gm-Message-State: AGRZ1gLnuHL7WjnXF7chGwSi4EpNDu5v3aKEubJTAHhvbR0vuWD/NhRW uh/GoBGHvN8Qlmjj0fJhH7m/Du4bVW99nQ== X-Google-Smtp-Source: AJdET5fNxMtLZwlSk07rTlmIbHMgXqXZThsJRfjHRX6IhwB/88SqDdbNrv2WVLiYi9F46cafcTyjWQ== X-Received: by 2002:ae9:eb96:: with SMTP id b144mr887466qkg.127.1541609071744; Wed, 07 Nov 2018 08:44:31 -0800 (PST) Return-Path: Received: from localhost.localdomain (pool-72-71-243-63.cncdnh.fast00.myfairpoint.net. [72.71.243.63]) by smtp.googlemail.com with ESMTPSA id 96-v6sm681817qtc.56.2018.11.07.08.44.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 08:44:31 -0800 (PST) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 V2 23/24] ARM: spectre-v1: use get_user() for __get_user() Date: Wed, 7 Nov 2018 11:44:01 -0500 Message-Id: <20181107164402.9380-24-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181107164402.9380-1-dave.long@linaro.org> References: <20181107164402.9380-1-dave.long@linaro.org> From: Russell King Commit b1cd0a14806321721aae45f5446ed83a3647c914 upstream. Fixing __get_user() for spectre variant 1 is not sane: we would have to add address space bounds checking in order to validate that the location should be accessed, and then zero the address if found to be invalid. Since __get_user() is supposed to avoid the bounds check, and this is exactly what get_user() does, there's no point having two different implementations that are doing the same thing. So, when the Spectre workarounds are required, make __get_user() an alias of get_user(). Acked-by: Mark Rutland Signed-off-by: Russell King Signed-off-by: David A. Long --- arch/arm/include/asm/uaccess.h | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) -- 2.17.1 diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h index 4a61f36c7397..7b17460127fd 100644 --- a/arch/arm/include/asm/uaccess.h +++ b/arch/arm/include/asm/uaccess.h @@ -280,6 +280,16 @@ static inline void set_fs(mm_segment_t fs) #define user_addr_max() \ (segment_eq(get_fs(), KERNEL_DS) ? ~0UL : get_fs()) +#ifdef CONFIG_CPU_SPECTRE +/* + * When mitigating Spectre variant 1, it is not worth fixing the non- + * verifying accessors, because we need to add verification of the + * address space there. Force these to use the standard get_user() + * version instead. + */ +#define __get_user(x, ptr) get_user(x, ptr) +#else + /* * The "__xxx" versions of the user access functions do not verify the * address space - it must have been done previously with a separate @@ -296,12 +306,6 @@ static inline void set_fs(mm_segment_t fs) __gu_err; \ }) -#define __get_user_error(x, ptr, err) \ -({ \ - __get_user_err((x), (ptr), err); \ - (void) 0; \ -}) - #define __get_user_err(x, ptr, err) \ do { \ unsigned long __gu_addr = (unsigned long)(ptr); \ @@ -361,6 +365,7 @@ do { \ #define __get_user_asm_word(x, addr, err) \ __get_user_asm(x, addr, err, ldr) +#endif #define __put_user_switch(x, ptr, __err, __fn) \ From patchwork Wed Nov 7 16:44:02 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 150439 Delivered-To: patch@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp5387667ljp; Wed, 7 Nov 2018 08:44:35 -0800 (PST) X-Google-Smtp-Source: AJdET5diiygn5gOFhraWM+dsLvfvATgY2atz4CXvLTdWUfTmyWuIJNE83CW7MYbVnka5I15ipf+z X-Received: by 2002:a63:990a:: with SMTP id d10mr774613pge.279.1541609075071; Wed, 07 Nov 2018 08:44:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541609075; cv=none; d=google.com; s=arc-20160816; b=U7Jp7pK5+ApwYDPI0XhFi417/sualpZ/FIA2vKKNwBUxOWnQGge5KioAQjoqFAlI2s Hxys5t9tGOCxiySVJguU6aQq0cnzc5AmkJsP5SY0jneWo13zjogHUBszDy8+oyj4dEa8 J7Sz7paPaGyfaFfaPX1lXDDVfTJtakn6+hLWCTM6YMG79NAWnGg5pz8onh2M/3ssi9OC Q5lUCE5qQOtIf5NOIZwrLBuZGzs6sQjZxfNBrllEHJYA0MtP8f+nuUV4Nns4GG+jOFIJ 4dTgne3I9f1lizVJugOdTqGuf6WrAvooll674l/rP71rNb2ljCK7WVfe0Vfo8/aNEmpP Hjnw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=Z/0wkH1hsYEzgg+PBAkbQLTxUd9uqe7uq7Vi/KXlqcU=; b=QF4S6JXERHQl9SA/atlnGMwB4KPFctiVGVJkIRIoghNFyha7u4qWO6Xct4Jvbl9NZE b7BxTeoYbw0pR26fgB9ckgqtV/xsAk9d6o7pLDiD2JfqFpT4GgPKc2cCAEgqManBjYeW 8pgR1979jZODfhA2ZEA/0+Dx2qBlw0aV8OOdCF49RMs1r31oN8e7dziAwpkv2pYFZ0DB lHyIiDTFiQGrRy7Nt6W3A4H/UVRu75sIZKIjcKhD5IavhmHBq5Te6xUIm7ka9YWodbyR zWADgxC8PPZqVH2QkMYSOm74LlZzEtCHupZTtvuP+6uoWqK9oWyNZI4IReCO4orfhoWC qKJg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=YTKx9GZN; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n6-v6si1066096pla.245.2018.11.07.08.44.34; Wed, 07 Nov 2018 08:44:35 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=YTKx9GZN; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731274AbeKHCPm (ORCPT + 15 others); Wed, 7 Nov 2018 21:15:42 -0500 Received: from mail-qt1-f195.google.com ([209.85.160.195]:37755 "EHLO mail-qt1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731007AbeKHCPm (ORCPT ); Wed, 7 Nov 2018 21:15:42 -0500 Received: by mail-qt1-f195.google.com with SMTP id p35so6514781qtc.4 for ; Wed, 07 Nov 2018 08:44:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Z/0wkH1hsYEzgg+PBAkbQLTxUd9uqe7uq7Vi/KXlqcU=; b=YTKx9GZNReQK24nBTre8MZPnVyur9fHA4jPRe8IV8y2VfkGlx/Wsleq2CdonQpx+cD OxucRg/2YLvwYuCjY9d/KGRfgppIvmC5d3I8au8T+j9t3Hy4MU6oR4kvAOP7sQw4rQi5 oOtARR3tbzdYepctCA9H8vSmTomDnVVBZk2M4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Z/0wkH1hsYEzgg+PBAkbQLTxUd9uqe7uq7Vi/KXlqcU=; b=hsmLQBwaGe+hAgiD1ra+p/r+UPsxZ+/VqTjTQ9gKhAnUGFNvmF8hPYLgSNI2YEjFne ZuvaepaHhXOFEMr0x+XbUIzIdelhEd06z0x2D3q7I65rmr1/Z0YMx6Xz/w1SHybqMqKE BT6ODyksWK1PWVLcPkvufXPBLc5cxkGUqOIR8j4T7KHDkSfzOuAEovJMjE/HX8Uy90Db Fw/T1I//xTKvOVmrpsjmtmeLZiPu9m9+6GMuw6cV6IRllCgDE2yE5HAo0LAitDmtoSPj jyWpgZrifwz9ONFdEYzWMXpyymN4R0MwvFe3TekYzyg4Gik/wr1Dzgb5EhGTmyu1FULL svGg== X-Gm-Message-State: AGRZ1gI0Y205ANd3vo8FXt9T/Af6cnBiq4Cu+yYw5bn42Ji8xz2LBs4x 5n8OXZieEkl06fgAAWY7QVG97mCO4wg= X-Received: by 2002:ac8:d86:: with SMTP id s6mr943477qti.324.1541609072911; Wed, 07 Nov 2018 08:44:32 -0800 (PST) Received: from localhost.localdomain (pool-72-71-243-63.cncdnh.fast00.myfairpoint.net. [72.71.243.63]) by smtp.googlemail.com with ESMTPSA id 96-v6sm681817qtc.56.2018.11.07.08.44.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 08:44:32 -0800 (PST) From: David Long To: stable@vger.kernel.org, Russell King - ARM Linux , Florian Fainelli , Tony Lindgren , Marc Zyngier , Mark Rutland Cc: Greg KH , Mark Brown Subject: [PATCH 4.9 V2 24/24] ARM: spectre-v1: mitigate user accesses Date: Wed, 7 Nov 2018 11:44:02 -0500 Message-Id: <20181107164402.9380-25-dave.long@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181107164402.9380-1-dave.long@linaro.org> References: <20181107164402.9380-1-dave.long@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Russell King Commit a3c0f84765bb429ba0fd23de1c57b5e1591c9389 upstream. Spectre variant 1 attacks are about this sequence of pseudo-code: index = load(user-manipulated pointer); access(base + index * stride); In order for the cache side-channel to work, the access() must me made to memory which userspace can detect whether cache lines have been loaded. On 32-bit ARM, this must be either user accessible memory, or a kernel mapping of that same user accessible memory. The problem occurs when the load() speculatively loads privileged data, and the subsequent access() is made to user accessible memory. Any load() which makes use of a user-maniplated pointer is a potential problem if the data it has loaded is used in a subsequent access. This also applies for the access() if the data loaded by that access is used by a subsequent access. Harden the get_user() accessors against Spectre attacks by forcing out of bounds addresses to a NULL pointer. This prevents get_user() being used as the load() step above. As a side effect, put_user() will also be affected even though it isn't implicated. Also harden copy_from_user() by redoing the bounds check within the arm_copy_from_user() code, and NULLing the pointer if out of bounds. Acked-by: Mark Rutland Signed-off-by: Russell King Signed-off-by: David A. Long --- arch/arm/include/asm/assembler.h | 4 ++++ arch/arm/lib/copy_from_user.S | 9 +++++++++ 2 files changed, 13 insertions(+) -- 2.17.1 diff --git a/arch/arm/include/asm/assembler.h b/arch/arm/include/asm/assembler.h index 189f3b42baea..e616f61f859d 100644 --- a/arch/arm/include/asm/assembler.h +++ b/arch/arm/include/asm/assembler.h @@ -458,6 +458,10 @@ THUMB( orr \reg , \reg , #PSR_T_BIT ) adds \tmp, \addr, #\size - 1 sbcccs \tmp, \tmp, \limit bcs \bad +#ifdef CONFIG_CPU_SPECTRE + movcs \addr, #0 + csdb +#endif #endif .endm diff --git a/arch/arm/lib/copy_from_user.S b/arch/arm/lib/copy_from_user.S index 7a4b06049001..a826df3d3814 100644 --- a/arch/arm/lib/copy_from_user.S +++ b/arch/arm/lib/copy_from_user.S @@ -90,6 +90,15 @@ .text ENTRY(arm_copy_from_user) +#ifdef CONFIG_CPU_SPECTRE + get_thread_info r3 + ldr r3, [r3, #TI_ADDR_LIMIT] + adds ip, r1, r2 @ ip=addr+size + sub r3, r3, #1 @ addr_limit - 1 + cmpcc ip, r3 @ if (addr+size > addr_limit - 1) + movcs r1, #0 @ addr = NULL + csdb +#endif #include "copy_template.S"