From patchwork Mon Feb 26 08:20:01 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alex Shi <alex.shi@linaro.org>
X-Patchwork-Id: 10241573
Return-Path: 
 <linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	0750660386 for <patchwork-linux-arm@patchwork.kernel.org>;
	Mon, 26 Feb 2018 08:36:16 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E3B6F29C30
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Mon, 26 Feb 2018 08:36:15 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id D83CC29C56; Mon, 26 Feb 2018 08:36:15 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID autolearn=ham version=3.3.1
Received: from bombadil.infradead.org (bombadil.infradead.org
	[198.137.202.133])
	(using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 422AD29C30
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Mon, 26 Feb 2018 08:36:15 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:MIME-Version:List-Subscribe:List-Help:
	List-Post:List-Archive:List-Unsubscribe:List-Id:References:In-Reply-To:
	Message-Id:Date:Subject:To:From:Reply-To:Cc:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=tUiKsbfiJJdry1ButzDuplS70g3Tt3nYi8adcgLxwQc=;
	b=ul7NXVIgKNK6DV
	zLL/PtcYM19G17AUKZvs0Qxah7ku0HoWg5XEJce4DrPrnuSauESzjGRqyDw9i/h034e9X1qyW0iXm
	lcSTDS6YoqZx/lh5g4ekr6ccNlzov7BfUxPmZhVwXIOeYWikjUffNPJefsZ2wrTMfMPzI3A+gdF7u
	3JSPPGN0RQyEfSZNn08XNVDVFgGMlPmGCt/yMt4vs4m8X9GUvNsBjTBJvwthFuNY6IRI39Mgot9Gq
	7uktzZ6T//SMG7SuoLF5z6HjBLr9nCe4/EAj89jwh8MzVihiqWomNujTZPZ/fbLPL6plx5ngdCGiW
	YX8GFGptfNzpLEhteTbg==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.89 #1 (Red Hat Linux))
	id 1eqEGS-0003tn-PL; Mon, 26 Feb 2018 08:36:04 +0000
Received: from mail-pf0-x243.google.com ([2607:f8b0:400e:c00::243])
	by bombadil.infradead.org with esmtps (Exim 4.89 #1 (Red Hat Linux))
	id 1eqE5I-0002DI-5P for linux-arm-kernel@lists.infradead.org;
	Mon, 26 Feb 2018 08:25:32 +0000
Received: by mail-pf0-x243.google.com with SMTP id q13so6223777pff.0
	for <linux-arm-kernel@lists.infradead.org>;
	Mon, 26 Feb 2018 00:24:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
	h=from:to:subject:date:message-id:in-reply-to:references;
	bh=o9wt4qxRgviZ/SM2aAeUByaDVo70FE/AaFiMiokIiaM=;
	b=VvoK62RdimsjFNioD0qO4HEfqCyUJIJ9M2jhDIjHESfeUVHOkEjXfgJMAXJZd5ck9+
	qTgilUPggg9D7JIGYSvMKzvcPruQbr3MJXtGojoj4lpAukymCQJ8jXiiXihqyxYx0uwY
	DeSxtOjkxcnR5y9oPPdVdUuXhWC/y33qFfjWY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references;
	bh=o9wt4qxRgviZ/SM2aAeUByaDVo70FE/AaFiMiokIiaM=;
	b=KNu0b4Jadfg1J7hNp/+kFVnNA+TT9ZoFpo+NCwOrRSmsMZuqkKkt7WgilHy0cGMuaR
	RiUtyAtjztWpmioX71hrLag8tKcANs3wTitNMVXmoRh5fpSW9QPIfatMSnH+5OrywXEI
	CRO8vy3WuHxvsL22r21Fd425pOlfsB4zOxSdbdEhRJC2xiVrK5B3qyll1wUVxPmykUpT
	zTnal9E5v1MN1JsB0ldmIMm+GOmngJOv6BGvNHFTfNGyYgOtMLFHHd3ZT0R4RNxsne7S
	9VJKIJsH3SFKMvzDfMW0l+1Aq7aHEODQ0gAuPFk8StZKp6NQd5omYNH5GtckYXyIgv9W
	4z+w==
X-Gm-Message-State: APf1xPArPtHj6gNiO0iTi3qs8Mtcz2iNsOAYL9K867jhaR1iELbS+u+6
	7qow3KYZiA0SNrFQ2OIZY+P69g==
X-Google-Smtp-Source: 
 AH8x226eKM9h91UbQcoAWS+SuHynXLYIbqrGqlwncW5bmPAw2eZiTds6M8FO40BQd19mZXAm8veXiQ==
X-Received: by 10.99.122.86 with SMTP id j22mr7824959pgn.351.1519633461042;
	Mon, 26 Feb 2018 00:24:21 -0800 (PST)
Received: from localhost.localdomain (176.122.172.82.16clouds.com.
	[176.122.172.82]) by smtp.gmail.com with ESMTPSA id
	o86sm1422706pfi.87.2018.02.26.00.24.16
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Mon, 26 Feb 2018 00:24:20 -0800 (PST)
From: Alex Shi <alex.shi@linaro.org>
To: Marc Zyngier <marc.zyngier@arm.com>, Will Deacon <will.deacon@arm.com>,
	Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	Catalin Marinas <catalin.marinas@arm.com>, stable@vger.kernel.org,
	linux-arm-kernel@lists.infradead.org (moderated list:ARM64 PORT (AARCH64
	ARCHITECTURE)), linux-kernel@vger.kernel.org (open list)
Subject: [PATCH 27/52] arm64: entry: Apply BP hardening for suspicious
	interrupts from EL0
Date: Mon, 26 Feb 2018 16:20:01 +0800
Message-Id: <1519633227-29832-28-git-send-email-alex.shi@linaro.org>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1519633227-29832-1-git-send-email-alex.shi@linaro.org>
References: <1519633227-29832-1-git-send-email-alex.shi@linaro.org>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20180226_002432_710148_761B87CB 
X-CRM114-Status: GOOD (  12.09  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
MIME-Version: 1.0
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Will Deacon <will.deacon@arm.com>

commit 30d88c0e3ace upstream.

It is possible to take an IRQ from EL0 following a branch to a kernel
address in such a way that the IRQ is prioritised over the instruction
abort. Whilst an attacker would need to get the stars to align here,
it might be sufficient with enough calibration so perform BP hardening
in the rare case that we see a kernel address in the ELR when handling
an IRQ from EL0.

Reported-by: Dan Hettena <dhettena@nvidia.com>
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Alex Shi <alex.shi@linaro.org>
---
 arch/arm64/kernel/entry.S | 5 +++++
 arch/arm64/mm/fault.c     | 6 ++++++
 2 files changed, 11 insertions(+)

diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
index d50c2fe..e26a114 100644
--- a/arch/arm64/kernel/entry.S
+++ b/arch/arm64/kernel/entry.S
@@ -646,6 +646,11 @@ el0_irq_naked:
 #endif
 
 	ct_user_exit
+#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR
+	tbz	x22, #55, 1f
+	bl	do_el0_irq_bp_hardening
+1:
+#endif
 	irq_handler
 
 #ifdef CONFIG_TRACE_IRQFLAGS
diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c
index 6120a14..ad49ae8 100644
--- a/arch/arm64/mm/fault.c
+++ b/arch/arm64/mm/fault.c
@@ -590,6 +590,12 @@ asmlinkage void __exception do_mem_abort(unsigned long addr, unsigned int esr,
 	arm64_notify_die("", regs, &info, esr);
 }
 
+asmlinkage void __exception do_el0_irq_bp_hardening(void)
+{
+	/* PC has already been checked in entry.S */
+	arm64_apply_bp_hardening();
+}
+
 asmlinkage void __exception do_el0_ia_bp_hardening(unsigned long addr,
 						   unsigned int esr,
 						   struct pt_regs *regs)