From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Russell King <rmk+kernel@armlinux.org.uk>,
Mark Rutland <mark.rutland@arm.com>,
Tony Lindgren <tony@atomide.com>,
"David A. Long" <dave.long@linaro.org>
Subject: [PATCH 4.9 53/59] ARM: spectre-v1: fix syscall entry
Date: Wed, 21 Nov 2018 20:07:08 +0100 [thread overview]
Message-ID: <20181121183510.386462727@linuxfoundation.org> (raw)
In-Reply-To: <20181121183508.262873520@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Russell King <rmk+kernel@armlinux.org.uk>
Commit 10573ae547c85b2c61417ff1a106cffbfceada35 upstream.
Prevent speculation at the syscall table decoding by clamping the index
used to zero on invalid system call numbers, and using the csdb
speculative barrier.
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Boot-tested-by: Tony Lindgren <tony@atomide.com>
Reviewed-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: David A. Long <dave.long@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/kernel/entry-common.S | 18 +++++++-----------
arch/arm/kernel/entry-header.S | 25 +++++++++++++++++++++++++
2 files changed, 32 insertions(+), 11 deletions(-)
--- a/arch/arm/kernel/entry-common.S
+++ b/arch/arm/kernel/entry-common.S
@@ -223,9 +223,7 @@ local_restart:
tst r10, #_TIF_SYSCALL_WORK @ are we tracing syscalls?
bne __sys_trace
- cmp scno, #NR_syscalls @ check upper syscall limit
- badr lr, ret_fast_syscall @ return address
- ldrcc pc, [tbl, scno, lsl #2] @ call sys_* routine
+ invoke_syscall tbl, scno, r10, ret_fast_syscall
add r1, sp, #S_OFF
2: cmp scno, #(__ARM_NR_BASE - __NR_SYSCALL_BASE)
@@ -258,14 +256,8 @@ __sys_trace:
mov r1, scno
add r0, sp, #S_OFF
bl syscall_trace_enter
-
- badr lr, __sys_trace_return @ return address
- mov scno, r0 @ syscall number (possibly new)
- add r1, sp, #S_R0 + S_OFF @ pointer to regs
- cmp scno, #NR_syscalls @ check upper syscall limit
- ldmccia r1, {r0 - r6} @ have to reload r0 - r6
- stmccia sp, {r4, r5} @ and update the stack args
- ldrcc pc, [tbl, scno, lsl #2] @ call sys_* routine
+ mov scno, r0
+ invoke_syscall tbl, scno, r10, __sys_trace_return, reload=1
cmp scno, #-1 @ skip the syscall?
bne 2b
add sp, sp, #S_OFF @ restore stack
@@ -317,6 +309,10 @@ sys_syscall:
bic scno, r0, #__NR_OABI_SYSCALL_BASE
cmp scno, #__NR_syscall - __NR_SYSCALL_BASE
cmpne scno, #NR_syscalls @ check range
+#ifdef CONFIG_CPU_SPECTRE
+ movhs scno, #0
+ csdb
+#endif
stmloia sp, {r5, r6} @ shuffle args
movlo r0, r1
movlo r1, r2
--- a/arch/arm/kernel/entry-header.S
+++ b/arch/arm/kernel/entry-header.S
@@ -377,6 +377,31 @@
#endif
.endm
+ .macro invoke_syscall, table, nr, tmp, ret, reload=0
+#ifdef CONFIG_CPU_SPECTRE
+ mov \tmp, \nr
+ cmp \tmp, #NR_syscalls @ check upper syscall limit
+ movcs \tmp, #0
+ csdb
+ badr lr, \ret @ return address
+ .if \reload
+ add r1, sp, #S_R0 + S_OFF @ pointer to regs
+ ldmccia r1, {r0 - r6} @ reload r0-r6
+ stmccia sp, {r4, r5} @ update stack arguments
+ .endif
+ ldrcc pc, [\table, \tmp, lsl #2] @ call sys_* routine
+#else
+ cmp \nr, #NR_syscalls @ check upper syscall limit
+ badr lr, \ret @ return address
+ .if \reload
+ add r1, sp, #S_R0 + S_OFF @ pointer to regs
+ ldmccia r1, {r0 - r6} @ reload r0-r6
+ stmccia sp, {r4, r5} @ update stack arguments
+ .endif
+ ldrcc pc, [\table, \nr, lsl #2] @ call sys_* routine
+#endif
+ .endm
+
/*
* These are the registers used in the syscall handler, and allow us to
* have in theory up to 7 arguments to a function - r0 to r6.
next prev parent reply other threads:[~2018-11-21 19:11 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-21 19:06 [PATCH 4.9 00/59] 4.9.139-stable review Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 01/59] flow_dissector: do not dissect l4 ports for fragments Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 02/59] ibmvnic: fix accelerated VLAN handling Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 03/59] ip_tunnel: dont force DF when MTU is locked Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 04/59] net-gro: reset skb->pkt_type in napi_reuse_skb() Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 05/59] sctp: not allow to set asoc prsctp_enable by sockopt Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 06/59] tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 07/59] usbnet: smsc95xx: disable carrier check while suspending Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 08/59] inet: frags: better deal with smp races Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 09/59] ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 10/59] kbuild: Add better clang cross build support Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 11/59] kbuild: clang: add -no-integrated-as to KBUILD_[AC]FLAGS Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 12/59] kbuild: Consolidate header generation from ASM offset information Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 13/59] kbuild: consolidate redundant sed script ASM offset generation Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 14/59] kbuild: fix asm-offset generation to work with clang Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 15/59] kbuild: drop -Wno-unknown-warning-option from clang options Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 16/59] kbuild, LLVMLinux: Add -Werror to cc-option to support clang Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 17/59] kbuild: use -Oz instead of -Os when using clang Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 18/59] kbuild: Add support to generate LLVM assembly files Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 19/59] modules: mark __inittest/__exittest as __maybe_unused Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 20/59] x86/kbuild: Use cc-option to enable -falign-{jumps/loops} Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 21/59] crypto, x86: aesni - fix token pasting for clang Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 22/59] kbuild: Add __cc-option macro Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 23/59] x86/build: Use __cc-option for boot code compiler options Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 24/59] x86/build: Specify stack alignment for clang Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 25/59] kbuild: clang: Disable address-of-packed-member warning Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 26/59] crypto: arm64/sha - avoid non-standard inline asm tricks Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 27/59] x86/boot: #undef memcpy() et al in string.c Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 28/59] efi/libstub/arm64: Use hidden attribute for struct screen_info reference Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 29/59] efi/libstub/arm64: Force hidden visibility for section markers Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 30/59] efi/libstub: Preserve .debug sections after absolute relocation check Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 31/59] efi/libstub/arm64: Set -fpie when building the EFI stub Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 32/59] x86/build: Fix stack alignment for CLang Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 33/59] x86/build: Use cc-option to validate stack alignment parameter Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 34/59] Kbuild: use -fshort-wchar globally Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 35/59] arm64: uaccess: suppress spurious clang warning Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 36/59] ARM: add more CPU part numbers for Cortex and Brahma B15 CPUs Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 37/59] ARM: bugs: prepare processor bug infrastructure Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 38/59] ARM: bugs: hook processor bug checking into SMP and suspend paths Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 39/59] ARM: bugs: add support for per-processor bug checking Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 40/59] ARM: spectre: add Kconfig symbol for CPUs vulnerable to Spectre Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 41/59] ARM: spectre-v2: harden branch predictor on context switches Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 42/59] ARM: spectre-v2: add Cortex A8 and A15 validation of the IBE bit Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 43/59] ARM: spectre-v2: harden user aborts in kernel space Greg Kroah-Hartman
2018-11-21 19:06 ` [PATCH 4.9 44/59] ARM: spectre-v2: add firmware based hardening Greg Kroah-Hartman
2018-11-21 19:07 ` [PATCH 4.9 45/59] ARM: spectre-v2: warn about incorrect context switching functions Greg Kroah-Hartman
2018-11-21 19:07 ` [PATCH 4.9 46/59] ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17 Greg Kroah-Hartman
2018-11-21 19:07 ` [PATCH 4.9 47/59] ARM: KVM: invalidate icache on guest exit for Cortex-A15 Greg Kroah-Hartman
2018-11-21 19:07 ` [PATCH 4.9 48/59] ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 Greg Kroah-Hartman
2018-11-21 19:07 ` [PATCH 4.9 49/59] ARM: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling Greg Kroah-Hartman
2018-11-21 19:07 ` [PATCH 4.9 50/59] ARM: KVM: report support for SMCCC_ARCH_WORKAROUND_1 Greg Kroah-Hartman
2018-11-21 19:07 ` [PATCH 4.9 51/59] ARM: spectre-v1: add speculation barrier (csdb) macros Greg Kroah-Hartman
2018-11-21 19:07 ` [PATCH 4.9 52/59] ARM: spectre-v1: add array_index_mask_nospec() implementation Greg Kroah-Hartman
2018-11-21 19:07 ` Greg Kroah-Hartman [this message]
2018-11-21 19:07 ` [PATCH 4.9 54/59] ARM: signal: copy registers using __copy_from_user() Greg Kroah-Hartman
2018-11-21 19:07 ` [PATCH 4.9 55/59] ARM: vfp: use __copy_from_user() when restoring VFP state Greg Kroah-Hartman
2018-11-21 19:07 ` [PATCH 4.9 56/59] ARM: oabi-compat: copy semops using __copy_from_user() Greg Kroah-Hartman
2018-11-21 19:07 ` [PATCH 4.9 57/59] ARM: use __inttype() in get_user() Greg Kroah-Hartman
2018-11-21 19:07 ` [PATCH 4.9 58/59] ARM: spectre-v1: use get_user() for __get_user() Greg Kroah-Hartman
2018-11-21 19:07 ` [PATCH 4.9 59/59] ARM: spectre-v1: mitigate user accesses Greg Kroah-Hartman
2018-11-22 4:58 ` [PATCH 4.9 00/59] 4.9.139-stable review kernelci.org bot
2018-11-22 16:33 ` Guenter Roeck
2018-11-22 18:07 ` Murilo Fossa Vicentini
2018-11-22 19:49 ` Guenter Roeck
2018-11-22 20:16 ` Murilo Fossa Vicentini
2018-11-23 7:15 ` Greg Kroah-Hartman
2018-11-23 7:16 ` Naresh Kamboju
2018-11-23 7:28 ` Greg Kroah-Hartman
2018-11-23 9:57 ` Jon Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181121183510.386462727@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=dave.long@linaro.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=rmk+kernel@armlinux.org.uk \
--cc=stable@vger.kernel.org \
--cc=tony@atomide.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox