[11/18] arm64: zero GPRs upon entry from EL0

Message ID	20180514094640.27569-12-mark.rutland@arm.com
State	New
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; From: Mark Rutland <mark.rutland@arm.com> To: linux-arm-kernel@lists.infradead.org Cc: linux-kernel@vger.kernel.org, catalin.marinas@arm.com, dave.martin@arm.com, james.morse@arm.com, linux@dominikbrodowski.net, linux-fsdevel@vger.kernel.org, marc.zyngier@arm.com, mark.rutland@arm.com, viro@zeniv.linux.org.uk, will.deacon@arm.com Subject: [PATCH 11/18] arm64: zero GPRs upon entry from EL0 Date: Mon, 14 May 2018 10:46:33 +0100 Message-Id: <20180514094640.27569-12-mark.rutland@arm.com> In-Reply-To: <20180514094640.27569-1-mark.rutland@arm.com> References: <20180514094640.27569-1-mark.rutland@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk
Series	arm64: invoke syscalls with pt_regs \| expand [00/18] arm64: invoke syscalls with pt_regs [01/18] arm64: consistently use unsigned long for thread flags [02/18] arm64: move SCTLR_EL{1,2} assertions to <asm/sysreg.h> [03/18] arm64: introduce sysreg_clear_set() [04/18] arm64: kill config_sctlr_el1() [05/18] arm64: kill change_cpacr() [06/18] arm64: move sve_user_{enable,disable} to <asm/fpsimd.h> [07/18] arm64: remove sigreturn wrappers [08/18] arm64: convert raw syscall invocation to C [09/18] arm64: convert syscall trace logic to C [10/18] arm64: convert native/compat syscall entry to C [11/18] arm64: zero GPRs upon entry from EL0 [12/18] kernel: add ksys_personality() [13/18] kernel: add kcompat_sys_{f,}statfs64() [14/18] arm64: remove in-kernel call to sys_personality() [15/18] arm64: use {COMPAT,}SYSCALL_DEFINE0 for sigreturn [16/18] arm64: use SYSCALL_DEFINE6() for mmap [17/18] arm64: convert compat wrappers to C [18/18] arm64: implement syscall wrappers

Message ID

20180514094640.27569-12-mark.rutland@arm.com

State

New

Headers

Received-SPF: pass (google.com: best guess record for domain of
	linux-kernel-owner@vger.kernel.org designates 209.132.180.67
	as permitted sender) client-ip=209.132.180.67; 
From: Mark Rutland <mark.rutland@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, catalin.marinas@arm.com,
	dave.martin@arm.com, james.morse@arm.com,
	linux@dominikbrodowski.net, linux-fsdevel@vger.kernel.org,
	marc.zyngier@arm.com, mark.rutland@arm.com,
	viro@zeniv.linux.org.uk, will.deacon@arm.com
Subject: [PATCH 11/18] arm64: zero GPRs upon entry from EL0
Date: Mon, 14 May 2018 10:46:33 +0100
Message-Id: <20180514094640.27569-12-mark.rutland@arm.com>
In-Reply-To: <20180514094640.27569-1-mark.rutland@arm.com>
References: <20180514094640.27569-1-mark.rutland@arm.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk

Series

arm64: invoke syscalls with pt_regs | expand

Commit Message

Mark Rutland May 14, 2018, 9:46 a.m. UTC

We can zero GPRs x0 - x29 upon entry from EL0 to make it harder for
userspace to control values consumed by speculative gadgets.

We don't blat x30, since this is stashed much later, and we'll blat it
before invoking C code.

Signed-off-by: Mark Rutland <mark.rutland@arm.com>

Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
---
 arch/arm64/kernel/entry.S | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

-- 
2.11.0

Comments

Dave Martin May 14, 2018, 11:07 a.m. UTC | #1

On Mon, May 14, 2018 at 10:46:33AM +0100, Mark Rutland wrote:
> We can zero GPRs x0 - x29 upon entry from EL0 to make it harder for

> userspace to control values consumed by speculative gadgets.

> 

> We don't blat x30, since this is stashed much later, and we'll blat it

> before invoking C code.

> 

> Signed-off-by: Mark Rutland <mark.rutland@arm.com>

> Cc: Catalin Marinas <catalin.marinas@arm.com>

> Cc: Will Deacon <will.deacon@arm.com>

> ---

>  arch/arm64/kernel/entry.S | 9 +++++++--

>  1 file changed, 7 insertions(+), 2 deletions(-)

> 

> diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S

> index 13afefbf608f..4dd529fd03fd 100644

> --- a/arch/arm64/kernel/entry.S

> +++ b/arch/arm64/kernel/entry.S

> @@ -62,6 +62,12 @@

>  #endif

>  	.endm

>  

> +	.macro	clear_gp_regs

> +	.irp	n,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29

> +	mov	x\n, xzr

> +	.endr

> +	.endm

> +


Looks OK, but consider moving _for from fpsimdmacros.h to assembler.h
and just writing

 _for n, 0, 29,	mov	x\n, xzr

(could even omit the wrapper macro, since this is a one-liner).

The implementation of _for is a bit gross, but since we already have it,
we might as well use it.

[...]

Cheers
---Dave

diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
index 13afefbf608f..4dd529fd03fd 100644
--- a/arch/arm64/kernel/entry.S
+++ b/arch/arm64/kernel/entry.S
@@ -62,6 +62,12 @@ 
 #endif
 	.endm
 
+	.macro	clear_gp_regs
+	.irp	n,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29
+	mov	x\n, xzr
+	.endr
+	.endm
+
 /*
  * Bad Abort numbers
  *-----------------
@@ -158,12 +164,11 @@  alternative_else_nop_endif
 	stp	x28, x29, [sp, #16 * 14]
 
 	.if	\el == 0
+	clear_gp_regs
 	mrs	x21, sp_el0
 	ldr_this_cpu	tsk, __entry_task, x20	// Ensure MDSCR_EL1.SS is clear,
 	ldr	x19, [tsk, #TSK_TI_FLAGS]	// since we can unmask debug
 	disable_step_tsk x19, x20		// exceptions when scheduling.
-
-	mov	x29, xzr			// fp pointed to user-space
 	.else
 	add	x21, sp, #S_FRAME_SIZE
 	get_thread_info tsk

[11/18] arm64: zero GPRs upon entry from EL0

Commit Message

Comments

Patch