From patchwork Fri Jul 15 13:09:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tetsuo Handa X-Patchwork-Id: 12919285 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 7D1C6C433EF for ; Fri, 15 Jul 2022 13:10:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:References:Cc:To:From: Subject:MIME-Version:Date:Message-ID:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=S35OSMZ+YyS2Kgyo1IzhwubW+gwjDzwtX/FwPsqGESE=; b=Ols1fouQRIx51w s5c47GTKqR7Ux60Z926joZ61Ya3FAv60kovzM1HlAMrh2AJR4TnT5XDBZHkYPWzIXQm7KKUXbvwDk 4yQz6AEgLZ3hHiEhF1CcrAC0sSDfRsEcXLxXlVnSrweAiQHuq8nYY4QumIO9LCw0KnxhWlVbltbYV FACFIzZ3V7xMwzNGUQK8D2ZtIGLKH/TNw+Ink6lYPP6mYXT6ppxCuRr05CevjV19UalqMNaPT2gji e5lp8TyNTrXoZ2CCt1wk2NQFCEM81mpDhqAKMHFqw60Uy7kXC6AfxT+Wba9Bek4WUObrL/pu0crqy p2W8eo0Qc1KL2SZDq8YA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1oCL4e-007ALc-Im; Fri, 15 Jul 2022 13:09:40 +0000 Received: from www262.sakura.ne.jp ([202.181.97.72]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1oCL4b-007AJq-2e for linux-arm-kernel@lists.infradead.org; Fri, 15 Jul 2022 13:09:39 +0000 Received: from fsav111.sakura.ne.jp (fsav111.sakura.ne.jp [27.133.134.238]) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id 26FD92gj032537; Fri, 15 Jul 2022 22:09:02 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav111.sakura.ne.jp (F-Secure/fsigk_smtp/550/fsav111.sakura.ne.jp); Fri, 15 Jul 2022 22:09:02 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/fsav111.sakura.ne.jp) Received: from [192.168.1.9] (M106072142033.v4.enabler.ne.jp [106.72.142.33]) (authenticated bits=0) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTPSA id 26FD92PE032531 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NO); Fri, 15 Jul 2022 22:09:02 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Message-ID: <3188347c-3375-b728-cd08-ea4421d823cd@I-love.SAKURA.ne.jp> Date: Fri, 15 Jul 2022 22:09:01 +0900 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Subject: [PATCH v2] ARM: spectre-v2: fix smp_processor_id() warning Content-Language: en-US From: Tetsuo Handa To: "Russell King (Oracle)" , Marc Zyngier Cc: Tony Lindgren , LKML , Linux ARM References: <795c9463-452e-bf64-1cc0-c318ccecb1da@I-love.SAKURA.ne.jp> <421c1ca9-f553-4c0a-d963-2fdeb270dbcc@I-love.SAKURA.ne.jp> In-Reply-To: X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220715_060937_389931_EFC32BB4 X-CRM114-Status: UNSURE ( 9.26 ) X-CRM114-Notice: Please train this message. X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org syzbot is reporting that CONFIG_HARDEN_BRANCH_PREDICTOR=y + CONFIG_DEBUG_PREEMPT=y on ARM32 causes "BUG: using smp_processor_id() in preemptible code" message [1], for this check was not designed to handle attempts to access kernel memory like ---------- int main() { return *(char *) -1; } ---------- . Although Russell King commented that this BUG: message might help finding possible exploit attempts [2], this is not a kernel's problem that worth giving up fuzz testing. This patch explicitly disables preemption and uses raw_smp_processor_id(). Link: https://syzkaller.appspot.com/bug?extid=a7ee43e564223f195c84 [1] Link: https://lkml.kernel.org/r/YrMhVAev9wMAA8tl@shell.armlinux.org.uk [2] Reported-by: syzbot Fixes: f5fe12b1eaee220c ("ARM: spectre-v2: harden user aborts in kernel space") Signed-off-by: Tetsuo Handa --- arch/arm/include/asm/system_misc.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/arch/arm/include/asm/system_misc.h b/arch/arm/include/asm/system_misc.h index 98b37340376b..670e8d116770 100644 --- a/arch/arm/include/asm/system_misc.h +++ b/arch/arm/include/asm/system_misc.h @@ -20,10 +20,13 @@ typedef void (*harden_branch_predictor_fn_t)(void); DECLARE_PER_CPU(harden_branch_predictor_fn_t, harden_branch_predictor_fn); static inline void harden_branch_predictor(void) { - harden_branch_predictor_fn_t fn = per_cpu(harden_branch_predictor_fn, - smp_processor_id()); + harden_branch_predictor_fn_t fn; + + preempt_disable_notrace(); + fn = per_cpu(harden_branch_predictor_fn, raw_smp_processor_id()); if (fn) fn(); + preempt_enable_no_resched_notrace(); } #else #define harden_branch_predictor() do { } while (0)