From patchwork Fri Mar 9 09:07:00 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alex Shi X-Patchwork-Id: 10270389 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id C63B36016D for ; Fri, 9 Mar 2018 10:24:13 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id ABB0129D71 for ; Fri, 9 Mar 2018 10:24:13 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9EBDC29D75; Fri, 9 Mar 2018 10:24:13 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID autolearn=ham version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id D7B1D29D71 for ; Fri, 9 Mar 2018 10:24:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=wDssDyXuhG3+BNEDtEvOErcqpJiqNq924zMRL2fWYrY=; b=tYYm/A7NUeYNuYtAo1TvRXMCX0 MEwshNue3bQ7Els/fMufPZ7EqrJ6YBNdhIYtvXooNbc0EEPBqGO5zGkGJPYpnSark1UbCGZ53utb6 xQ3XtWPYjkz+/c08iZ5b3i8XuuC19SX4PT+kS6KrjlsOtFaUqbZSIkyq/fGtkUvFWTPayszKGdVan tbFswLqJq9MWMNp5TV3biZr42AwNCZpgaAzzHqnxQsjl4rHEgDuqgBg8bDthEZ16Q93P2lPRMMP4z MUu4FoVfFU4cn1bchYCyjVD0FbJ3oR5wOMg2ZYrZAviltIVyWj7Y/8ewPcG97YReqUjoU9ijthCTH EEhNJuKA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.89 #1 (Red Hat Linux)) id 1euFC2-0006oF-1e; Fri, 09 Mar 2018 10:24:06 +0000 Received: from merlin.infradead.org ([2001:8b0:10b:1231::1]) by bombadil.infradead.org with esmtps (Exim 4.89 #1 (Red Hat Linux)) id 1euF7i-0002qN-3W for linux-arm-kernel@bombadil.infradead.org; Fri, 09 Mar 2018 10:19:38 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=References:In-Reply-To:Message-Id:Date: Subject:Cc:To:From:Sender:Reply-To:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=fcj1CHGwV7yfT6gIlNEJthUNUedg8W3S0QyImaBfwe4=; b=Vfderpnn3FnzraF9RiGQfvvs+ 2o1F+6PfpgIQ5Ahnll8l4VGlyiCsp6CNtDhwJTVBss+9a7s8o3EbsXmC1sy3R+BJ28r+gfH8ZkaQP sbcm0k3bHnfzgiPrw5IcwZlPpLovAx4lAr0ZieFvifisNDDvQus6/QcB56zGSwsqXGgLZMpQwiL5K GPEWvlY8Lv/D5Vh8JkpLz7OnOX8iNNk91sewCgS9cWrbFu/aJ4g1ZhlpTa3wnTvfefydqoT0MVjE+ TLdo22B7pOdHHEUW9FGvEbLYpoax7LPRrgQ7glJz5P5Dj2eN+zp11J61u+G42cFhF3pQXMMew2fgS 0caZvWdzw==; Received: from mail-pf0-x243.google.com ([2607:f8b0:400e:c00::243]) by merlin.infradead.org with esmtps (Exim 4.89 #1 (Red Hat Linux)) id 1euE2W-0002eg-AF for linux-arm-kernel@lists.infradead.org; Fri, 09 Mar 2018 09:10:13 +0000 Received: by mail-pf0-x243.google.com with SMTP id f80so1051770pfa.8 for ; Fri, 09 Mar 2018 01:10:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=fcj1CHGwV7yfT6gIlNEJthUNUedg8W3S0QyImaBfwe4=; b=MoqIxVkRM2uAiXSfwVnM7di7SZX7a2iObC5nKpFV8dHL6LeLMTz7swZ/nJdzK9HYmm QqhqT0UqAwpQU8fvre13LAQRTXfQX0vbUGHQs+C8XONjkWWRbGQstpMpTaz2aKVOBARP J3kqDDKy4pCY8KYb0BrYt9W04/Jy0v9YAjh1U= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=fcj1CHGwV7yfT6gIlNEJthUNUedg8W3S0QyImaBfwe4=; b=U6jbWvUiLDccTFWMH5mkxCwEei0TAXJ8GzkU54JYvoZsCjDnBdTbbKJ96snd7HzX7w PgYlMAFMOd8hVw0jE6pdVWl0CJYkRjP9FfsHtKgktak35at+ApvS9jGhNX4YnS2Nxg9Q uxhr9LzOq+keJoPFFgPgp1NKh2rU+zaKHVNLFC/xg0I3P50D7t6d+iDjmOTfwGJGQRrz DJoyilLZ8fsPSp7Ps9BKT/ofPKDXL5ZONN8PIZ9nsXsJVPJK7hHetIPAYHr1Y/VmAm6o zfsxxy0IyXDuCrLVhDKcSg7HP1LR6iiCP236JV4tDm6diqQqB0ECw0kLFKPHZaRg2V5b XfoQ== X-Gm-Message-State: AElRT7HqMWGNqKbOt+Z+iE4A7WNktAkHWclCTWCK2Il5k7SHAdt+VYb/ TDNuPFMkkrvGwXU6dTazD6iDIw== X-Google-Smtp-Source: AG47ELvc3LUma9aLDRcBEuSE/JZj3NboQalUNpc+NcIb7rBlNl+Y6PHmESt//wYegMOaV6P5Y/Tgpw== X-Received: by 10.99.149.15 with SMTP id p15mr1038583pgd.154.1520586599561; Fri, 09 Mar 2018 01:09:59 -0800 (PST) Received: from localhost.localdomain (176.122.172.82.16clouds.com. [176.122.172.82]) by smtp.gmail.com with ESMTPSA id c7sm1961752pfg.36.2018.03.09.01.09.53 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 09 Mar 2018 01:09:59 -0800 (PST) From: Alex Shi To: Marc Zyngier , Will Deacon , Ard Biesheuvel , Catalin Marinas , broonie@linaro.org, linux-arm-kernel@lists.infradead.org Subject: [PATCH 17/39] arm64: entry: Apply BP hardening for suspicious interrupts from EL0 Date: Fri, 9 Mar 2018 17:07:00 +0800 Message-Id: <20180309090722.26279-18-alex.shi@linaro.org> X-Mailer: git-send-email 2.16.2.440.gc6284da In-Reply-To: <20180309090722.26279-1-alex.shi@linaro.org> References: <20180309090722.26279-1-alex.shi@linaro.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180309_041012_367440_00EBE27A X-CRM114-Status: GOOD ( 13.30 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Alex Shi MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP From: Will Deacon commit 30d88c0e3ace upstream. It is possible to take an IRQ from EL0 following a branch to a kernel address in such a way that the IRQ is prioritised over the instruction abort. Whilst an attacker would need to get the stars to align here, it might be sufficient with enough calibration so perform BP hardening in the rare case that we see a kernel address in the ELR when handling an IRQ from EL0. Reported-by: Dan Hettena Reviewed-by: Marc Zyngier Signed-off-by: Will Deacon Signed-off-by: Catalin Marinas Signed-off-by: Alex Shi --- arch/arm64/kernel/entry.S | 5 +++++ arch/arm64/mm/fault.c | 6 ++++++ 2 files changed, 11 insertions(+) diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index bc62f8d2c981..3ee3a026ba04 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -582,6 +582,11 @@ el0_irq_naked: #endif ct_user_exit +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + tbz x22, #55, 1f + bl do_el0_irq_bp_hardening +1: +#endif irq_handler #ifdef CONFIG_TRACE_IRQFLAGS diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c index b1f084dd7b6d..54008a6cc0df 100644 --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -534,6 +534,12 @@ asmlinkage void __exception do_mem_abort(unsigned long addr, unsigned int esr, arm64_notify_die("", regs, &info, esr); } +asmlinkage void __exception do_el0_irq_bp_hardening(void) +{ + /* PC has already been checked in entry.S */ + arm64_apply_bp_hardening(); +} + asmlinkage void __exception do_el0_ia_bp_hardening(unsigned long addr, unsigned int esr, struct pt_regs *regs)