From: will.deacon@arm.com (Will Deacon)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH 2/9] arm64: Implement array_index_mask_nospec()
Date: Mon, 5 Feb 2018 15:34:17 +0000 [thread overview]
Message-ID: <1517844864-15887-3-git-send-email-will.deacon@arm.com> (raw)
In-Reply-To: <1517844864-15887-1-git-send-email-will.deacon@arm.com>
From: Robin Murphy <robin.murphy@arm.com>
Provide an optimised, assembly implementation of array_index_mask_nospec()
for arm64 so that the compiler is not in a position to transform the code
in ways which affect its ability to inhibit speculation (e.g. by introducing
conditional branches).
This is similar to the sequence used by x86, modulo architectural differences
in the carry/borrow flags.
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
---
arch/arm64/include/asm/barrier.h | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/arch/arm64/include/asm/barrier.h b/arch/arm64/include/asm/barrier.h
index c0a846d2c602..f11518af96a9 100644
--- a/arch/arm64/include/asm/barrier.h
+++ b/arch/arm64/include/asm/barrier.h
@@ -41,6 +41,27 @@
#define dma_rmb() dmb(oshld)
#define dma_wmb() dmb(oshst)
+/*
+ * Generate a mask for array_index__nospec() that is ~0UL when 0 <= idx < sz
+ * and 0 otherwise.
+ */
+#define array_index_mask_nospec array_index_mask_nospec
+static inline unsigned long array_index_mask_nospec(unsigned long idx,
+ unsigned long sz)
+{
+ unsigned long mask;
+
+ asm volatile(
+ " cmp %1, %2\n"
+ " sbc %0, xzr, xzr\n"
+ : "=r" (mask)
+ : "r" (idx), "Ir" (sz)
+ : "cc");
+
+ csdb();
+ return mask;
+}
+
#define __smp_mb() dmb(ish)
#define __smp_rmb() dmb(ishld)
#define __smp_wmb() dmb(ishst)
--
2.1.4
next prev parent reply other threads:[~2018-02-05 15:34 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-05 15:34 [PATCH 0/9] Mitigations against spectre-v1 in the arm64 Linux kernel Will Deacon
2018-02-05 15:34 ` [PATCH 1/9] arm64: barrier: Add CSDB macros to control data-value prediction Will Deacon
2018-02-05 15:34 ` Will Deacon [this message]
2018-02-05 15:34 ` [PATCH 3/9] arm64: Make USER_DS an inclusive limit Will Deacon
2018-02-05 15:34 ` [PATCH 4/9] arm64: Use pointer masking to limit uaccess speculation Will Deacon
2018-02-05 15:34 ` [PATCH 5/9] arm64: entry: Ensure branch through syscall table is bounded under speculation Will Deacon
2018-02-05 15:34 ` [PATCH 6/9] arm64: uaccess: Prevent speculative use of the current addr_limit Will Deacon
2018-02-05 15:34 ` [PATCH 7/9] arm64: uaccess: Don't bother eliding access_ok checks in __{get, put}_user Will Deacon
2018-02-05 15:34 ` [PATCH 8/9] arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user Will Deacon
2018-02-05 15:34 ` [PATCH 9/9] arm64: futex: Mask __user pointers prior to dereference Will Deacon
2018-02-06 22:17 ` [PATCH 0/9] Mitigations against spectre-v1 in the arm64 Linux kernel Catalin Marinas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1517844864-15887-3-git-send-email-will.deacon@arm.com \
--to=will.deacon@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).