From patchwork Fri Jun 14 03:08:05 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Viresh Kumar X-Patchwork-Id: 10994177 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7DA2276 for ; Fri, 14 Jun 2019 03:20:32 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6F573212BE for ; Fri, 14 Jun 2019 03:20:32 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 62430262AE; Fri, 14 Jun 2019 03:20:32 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id ED5E3212BE for ; Fri, 14 Jun 2019 03:20:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=F2j9T1rrKLHsAq7FYzZ3To3yxuuTGP8zVcB/0qYpK7s=; b=AIpTY3wye4SVFI ZM01eBprigF5KbNC412XHlHTNgsC1k/9KXS55ghS9vj6InrCSPiKVFsgXOYD+cKUIueNa75CSWYS1 ureY8iLk/q+Rr0c6x5+6xuEBioJ3oowg+c5YQMRnBGrInO4DiG1qsDE2b7sYuyPfpsGNIctZzPxPc Kb31RXdC02Y0ow5X2hE0p+TX5XxSi+rTgwxWUE0Uz/FaWZp0DwyR2PT7MHCsDEwbltmjvKsbgKY6u 5g27MsbYa0F2N2GbqqB/iFc6WiJ9rWMs4jK8VwbNBeHFZSxTgibka5GkLHfiFBufHewGXz9yn1rzM rEbF9KBkR7Pm1Ae7LSDA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92 #3 (Red Hat Linux)) id 1hbclB-0000nd-Vu; Fri, 14 Jun 2019 03:20:13 +0000 Received: from mail-pl1-x643.google.com ([2607:f8b0:4864:20::643]) by bombadil.infradead.org with esmtps (Exim 4.92 #3 (Red Hat Linux)) id 1hbce5-0000cj-MM for linux-arm-kernel@lists.infradead.org; Fri, 14 Jun 2019 03:12:55 +0000 Received: by mail-pl1-x643.google.com with SMTP id c14so385976plo.0 for ; Thu, 13 Jun 2019 20:12:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=kL4bvpTkIxzXH8Y5LirqPgKQFts/fgCJz2Uk/H1BBsA=; b=u+88Jdi7Q2EeMON1v99eEjm9+dO5INKlFqJHoLqKGVOyh3nEcQXjS35XfEJ5A2VEHA 2I2MGN7Qk32wlEFIVDoAvNMIWA2oa2fapQk441nt2HlgF5Glw/iQBurHguBosW2Lc7kE OinAbfXHPRwyDF0uukWdCxCAtavKB6z0DAEZljHgQyVFJeU9ZPuJKcRFdlQ9xL7pNS6f r7RJoFG4+NLPymu0kCH6ak1l0U9tGg6Jgo0Ftbtpkpt83EZ62NHHyZiQxxn+IBMOjsXz 1fQJd8ESeOJ1gaJV/g9qWIQ8aivYfHWco/LFd+4P2r1Ainssb/eNVPTAZkXVvG1HmXYi QRog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=kL4bvpTkIxzXH8Y5LirqPgKQFts/fgCJz2Uk/H1BBsA=; b=KIxQliBdCwttLBuDzTFojkWQLkMLomWNf/7iJjoVuEJhUr2fJCiznR1iTtsnEndAnN mB+da4Z5tUvGtQkQZjxFvIblCxUD8r7bOXaN04VZkTvWZWXN4LnbRSybaZzIxuzj4fjd I2dlwqdY+LlbDkBq3uhvPwud/t5e1b/cqe2elTWxdcGegh9DRHU9A57f5vrwykEtJngz z7A+6XvqVZY2TOdnVoqPFymi5iIeM9KmPEPTlUALfB+MzLEe8TkALi399iRMtLvOmk9U z5VKw6H3b1kR6V42zEogBXlEHK747eldD2ZA10ABUaW/q+ScTvidLzzrUEp0Ka/dhoTc ymgQ== X-Gm-Message-State: APjAAAW6g0wWEy+ck20/xnaH5Og7/HN/cfm5U19A25q4TDjMe5sgmMP7 nDVBDMDXXDnSBS1EaTrX72fr6+MZ5O4= X-Google-Smtp-Source: APXvYqzdS+h3nTBe4+ah+h47lCx5qzIMvTC/Buyw8qV9hj5xEcJCPdt4F090HB7zRNgWQjs9BbQgsQ== X-Received: by 2002:a17:902:8a94:: with SMTP id p20mr71883806plo.312.1560481972488; Thu, 13 Jun 2019 20:12:52 -0700 (PDT) Received: from localhost ([122.172.66.84]) by smtp.gmail.com with ESMTPSA id b6sm1044511pjo.25.2019.06.13.20.12.51 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 13 Jun 2019 20:12:52 -0700 (PDT) From: Viresh Kumar To: linux-arm-kernel@lists.infradead.org, Julien Thierry Subject: [PATCH v4.4 22/45] arm64: entry: Apply BP hardening for suspicious interrupts from EL0 Date: Fri, 14 Jun 2019 08:38:05 +0530 Message-Id: X-Mailer: git-send-email 2.21.0.rc0.269.g1a574e7a288b In-Reply-To: References: MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190613_201253_804407_6DCEE12C X-CRM114-Status: GOOD ( 11.95 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , Marc Zyngier , Viresh Kumar , Will Deacon , stable@vger.kernel.org, mark.brown@arm.com, Catalin Marinas , Russell King Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP From: Will Deacon commit 30d88c0e3ace625a92eead9ca0ad94093a8f59fe upstream. It is possible to take an IRQ from EL0 following a branch to a kernel address in such a way that the IRQ is prioritised over the instruction abort. Whilst an attacker would need to get the stars to align here, it might be sufficient with enough calibration so perform BP hardening in the rare case that we see a kernel address in the ELR when handling an IRQ from EL0. Reported-by: Dan Hettena Reviewed-by: Marc Zyngier Signed-off-by: Will Deacon Signed-off-by: Catalin Marinas Signed-off-by: Viresh Kumar --- arch/arm64/kernel/entry.S | 5 +++++ arch/arm64/mm/fault.c | 6 ++++++ 2 files changed, 11 insertions(+) diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index 42a141f01f3b..1548be9732ce 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -582,6 +582,11 @@ ENDPROC(el0_sync) #endif ct_user_exit +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + tbz x22, #55, 1f + bl do_el0_irq_bp_hardening +1: +#endif irq_handler #ifdef CONFIG_TRACE_IRQFLAGS diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c index 082f385b6592..9ff48d083c4c 100644 --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -535,6 +535,12 @@ asmlinkage void __exception do_mem_abort(unsigned long addr, unsigned int esr, arm64_notify_die("", regs, &info, esr); } +asmlinkage void __exception do_el0_irq_bp_hardening(void) +{ + /* PC has already been checked in entry.S */ + arm64_apply_bp_hardening(); +} + asmlinkage void __exception do_el0_ia_bp_hardening(unsigned long addr, unsigned int esr, struct pt_regs *regs)