From patchwork Thu Mar  1 12:54:04 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alex Shi <alex.shi@linaro.org>
X-Patchwork-Id: 10251295
Return-Path: 
 <linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	2DE1F60365 for <patchwork-linux-arm@patchwork.kernel.org>;
	Thu,  1 Mar 2018 13:07:11 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1D50D29082
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Thu,  1 Mar 2018 13:07:11 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 118872907A; Thu,  1 Mar 2018 13:07:11 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID autolearn=ham version=3.3.1
Received: from bombadil.infradead.org (bombadil.infradead.org
	[198.137.202.133])
	(using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 8768E2906D
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Thu,  1 Mar 2018 13:07:10 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe:
	List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References:
	In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID:
	Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
	:Resent-Message-ID:List-Owner;
	bh=tUiKsbfiJJdry1ButzDuplS70g3Tt3nYi8adcgLxwQc=;
	b=OmbCRJVt42CGsGK7TQejrq7xLj
	dsU7kJK6Gmvj0JDzz26XvUofo6Ymcn2O9oAF/FeW34i3PwEkegrAHOo+lW8I3d9Fg4GD+HtW77oZz
	91og+V9B96y1n+eCGSxHjch/5+pIF5CWO60IGdqvpexeuHbIoYVMnV2LB0CVHuCfeIkqfux+2XVJB
	syTfItoa1vjcCapSg8S+zdIDL5+Nlx7eny6m9neaR69f/yO266xoPlKmZpxXKItCytKOtQurRElFs
	T/frHGcOoDKcopQTGP+pKcE6GgVbUwOFdR7lBsIv7/gC8mML5GoYNXqeX0bzRzxGKuEzrpdJAv/Qz
	uvnFtxCw==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.89 #1 (Red Hat Linux))
	id 1erNvJ-0001Gs-9R; Thu, 01 Mar 2018 13:07:01 +0000
Received: from mail-pl0-x241.google.com ([2607:f8b0:400e:c01::241])
	by bombadil.infradead.org with esmtps (Exim 4.89 #1 (Red Hat Linux))
	id 1erNnq-00032E-5O for linux-arm-kernel@lists.infradead.org;
	Thu, 01 Mar 2018 13:01:01 +0000
Received: by mail-pl0-x241.google.com with SMTP id u13-v6so3597372plq.1
	for <linux-arm-kernel@lists.infradead.org>;
	Thu, 01 Mar 2018 04:59:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=o9wt4qxRgviZ/SM2aAeUByaDVo70FE/AaFiMiokIiaM=;
	b=g3bSVM/I2Ae2TbP7y3xsFIsoL2bwk7RAYi8r/DuRx7AjqOtNXe+Q6Xd1PH5lyobZL4
	Mmx5Am3+envCjO0U75QBoyfZVpFiLmfHRHvLnM0rhcGlPyHIyrSg3lKYvbkMWojhlmoa
	IoYJWNjH8Z8T5/nDjbnU3kPco/m9bQ9NK8uzg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=o9wt4qxRgviZ/SM2aAeUByaDVo70FE/AaFiMiokIiaM=;
	b=tcBLLBRSkPWo1lFv1CEwBk0Exg11HRXWur0PwcuQMn4/wSXM1EBnPuXrjjfoc/As2v
	pDzunuP6zHxSjF6B5FINzNkY/RzrauaXji503BsZ3zicoss3+IqcokqgiOx5ujTB6mv7
	DklxvNL/zO8wzQiVywwnIr5FeSJyYkBaPEseTJlt/MOcP6soYqeJFBXm5lqKC2tag0+G
	eTfoMEzgVZDKvMnz4hpv+C8vq4xEFDMNJM+Zg92umHll/WG2OaCYUyut/sCCN9iuouge
	5YNpKHYHGF0xIjsJqK87YmQaY7E2BPgw7myNdqmXsG3rsKlkfPaqHTYkFhueCiDTNngR
	E5zQ==
X-Gm-Message-State: APf1xPC4uDKYK2sxY+kc5Wn0xsv47Lh69m7QKCj7oSHanIqggsq9lZka
	OrcHHTaG5qOeUpqV+4oToBeXww==
X-Google-Smtp-Source: 
 AG47ELtD9SfX5B/ebbCGDbEQMCO76Tb5+BucethGiDDu5z38caUlitVDXoQqjxHR4ioGmmn3vAaCbQ==
X-Received: by 2002:a17:902:22f:: with SMTP id
	44-v6mr1843963plc.418.1519909147140;
	Thu, 01 Mar 2018 04:59:07 -0800 (PST)
Received: from localhost.localdomain (176.122.172.82.16clouds.com.
	[176.122.172.82]) by smtp.gmail.com with ESMTPSA id
	x4sm2289655pfb.46.2018.03.01.04.59.00
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Thu, 01 Mar 2018 04:59:06 -0800 (PST)
From: Alex Shi <alex.shi@linaro.org>
To: Marc Zyngier <marc.zyngier@arm.com>, Will Deacon <will.deacon@arm.com>,
	Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	Catalin Marinas <catalin.marinas@arm.com>, stable@vger.kernel.org,
	linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org
Subject: [PATCH 27/45] arm64: entry: Apply BP hardening for suspicious
	interrupts from EL0
Date: Thu,  1 Mar 2018 20:54:04 +0800
Message-Id: <1519908862-11425-28-git-send-email-alex.shi@linaro.org>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1519908862-11425-1-git-send-email-alex.shi@linaro.org>
References: <1519908862-11425-1-git-send-email-alex.shi@linaro.org>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20180301_045919_011880_DC93E18C 
X-CRM114-Status: GOOD (  12.56  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Cc: Alex Shi <alex.shi@linaro.org>
MIME-Version: 1.0
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Will Deacon <will.deacon@arm.com>

commit 30d88c0e3ace upstream.

It is possible to take an IRQ from EL0 following a branch to a kernel
address in such a way that the IRQ is prioritised over the instruction
abort. Whilst an attacker would need to get the stars to align here,
it might be sufficient with enough calibration so perform BP hardening
in the rare case that we see a kernel address in the ELR when handling
an IRQ from EL0.

Reported-by: Dan Hettena <dhettena@nvidia.com>
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Alex Shi <alex.shi@linaro.org>
---
 arch/arm64/kernel/entry.S | 5 +++++
 arch/arm64/mm/fault.c     | 6 ++++++
 2 files changed, 11 insertions(+)

diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
index d50c2fe..e26a114 100644
--- a/arch/arm64/kernel/entry.S
+++ b/arch/arm64/kernel/entry.S
@@ -646,6 +646,11 @@ el0_irq_naked:
 #endif
 
 	ct_user_exit
+#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR
+	tbz	x22, #55, 1f
+	bl	do_el0_irq_bp_hardening
+1:
+#endif
 	irq_handler
 
 #ifdef CONFIG_TRACE_IRQFLAGS
diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c
index 6120a14..ad49ae8 100644
--- a/arch/arm64/mm/fault.c
+++ b/arch/arm64/mm/fault.c
@@ -590,6 +590,12 @@ asmlinkage void __exception do_mem_abort(unsigned long addr, unsigned int esr,
 	arm64_notify_die("", regs, &info, esr);
 }
 
+asmlinkage void __exception do_el0_irq_bp_hardening(void)
+{
+	/* PC has already been checked in entry.S */
+	arm64_apply_bp_hardening();
+}
+
 asmlinkage void __exception do_el0_ia_bp_hardening(unsigned long addr,
 						   unsigned int esr,
 						   struct pt_regs *regs)