From: Ard Biesheuvel <ardb@kernel.org>
To: stable@vger.kernel.org
Cc: linus.walleij@linaro.org, rmk+kernel@armlinux.org.uk,
Ard Biesheuvel <ardb@kernel.org>
Subject: [PATCH for-stable-4.4 34/50] ARM: spectre-v1: use get_user() for __get_user()
Date: Fri, 8 Nov 2019 13:35:38 +0100 [thread overview]
Message-ID: <20191108123554.29004-35-ardb@kernel.org> (raw)
In-Reply-To: <20191108123554.29004-1-ardb@kernel.org>
From: Russell King <rmk+kernel@armlinux.org.uk>
Commit b1cd0a14806321721aae45f5446ed83a3647c914 upstream.
Fixing __get_user() for spectre variant 1 is not sane: we would have to
add address space bounds checking in order to validate that the location
should be accessed, and then zero the address if found to be invalid.
Since __get_user() is supposed to avoid the bounds check, and this is
exactly what get_user() does, there's no point having two different
implementations that are doing the same thing. So, when the Spectre
workarounds are required, make __get_user() an alias of get_user().
Acked-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: David A. Long <dave.long@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
arch/arm/include/asm/uaccess.h | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h
index 99005567fb92..fd33021da6f6 100644
--- a/arch/arm/include/asm/uaccess.h
+++ b/arch/arm/include/asm/uaccess.h
@@ -288,6 +288,16 @@ static inline void set_fs(mm_segment_t fs)
#define user_addr_max() \
(segment_eq(get_fs(), KERNEL_DS) ? ~0UL : get_fs())
+#ifdef CONFIG_CPU_SPECTRE
+/*
+ * When mitigating Spectre variant 1, it is not worth fixing the non-
+ * verifying accessors, because we need to add verification of the
+ * address space there. Force these to use the standard get_user()
+ * version instead.
+ */
+#define __get_user(x, ptr) get_user(x, ptr)
+#else
+
/*
* The "__xxx" versions of the user access functions do not verify the
* address space - it must have been done previously with a separate
@@ -304,12 +314,6 @@ static inline void set_fs(mm_segment_t fs)
__gu_err; \
})
-#define __get_user_error(x, ptr, err) \
-({ \
- __get_user_err((x), (ptr), err); \
- (void) 0; \
-})
-
#define __get_user_err(x, ptr, err) \
do { \
unsigned long __gu_addr = (unsigned long)(ptr); \
@@ -369,6 +373,7 @@ do { \
#define __get_user_asm_word(x, addr, err) \
__get_user_asm(x, addr, err, ldr)
+#endif
#define __put_user_switch(x, ptr, __err, __fn) \
--
2.20.1
next prev parent reply other threads:[~2019-11-08 12:37 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-08 12:35 [PATCH for-stable-4.4 00/50] ARM: spectre v1/v2 mitigations Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 01/50] ARM: 8051/1: put_user: fix possible data corruption in put_user Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 02/50] ARM: 8478/2: arm/arm64: add arm-smccc Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 03/50] ARM: 8479/2: add implementation for arm-smccc Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 04/50] ARM: 8480/2: arm64: " Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 05/50] ARM: 8481/2: drivers: psci: replace psci firmware calls Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 06/50] ARM: uaccess: remove put_user() code duplication Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 07/50] ARM: Move system register accessors to asm/cp15.h Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 08/50] arm/arm64: KVM: Advertise SMCCC v1.1 Ard Biesheuvel
2019-11-08 13:11 ` Greg KH
2019-11-08 13:29 ` Ard Biesheuvel
2019-11-08 13:39 ` Greg KH
2019-11-08 13:39 ` Russell King - ARM Linux admin
2019-11-08 13:48 ` Mark Rutland
2019-11-08 12:35 ` [PATCH for-stable-4.4 09/50] arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 10/50] firmware/psci: Expose PSCI conduit Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 11/50] firmware/psci: Expose SMCCC version through psci_ops Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 12/50] arm/arm64: smccc: Make function identifiers an unsigned quantity Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 13/50] arm/arm64: smccc: Implement SMCCC v1.1 inline primitive Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 14/50] arm/arm64: smccc: Add SMCCC-specific return codes Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 15/50] arm/arm64: smccc-1.1: Make return values unsigned long Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 16/50] arm/arm64: smccc-1.1: Handle function result as parameters Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 17/50] ARM: add more CPU part numbers for Cortex and Brahma B15 CPUs Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 18/50] ARM: bugs: prepare processor bug infrastructure Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 19/50] ARM: bugs: hook processor bug checking into SMP and suspend paths Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 20/50] ARM: bugs: add support for per-processor bug checking Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 21/50] ARM: spectre: add Kconfig symbol for CPUs vulnerable to Spectre Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 22/50] ARM: spectre-v2: harden branch predictor on context switches Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 23/50] ARM: spectre-v2: add Cortex A8 and A15 validation of the IBE bit Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 24/50] ARM: spectre-v2: harden user aborts in kernel space Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 25/50] ARM: spectre-v2: add firmware based hardening Ard Biesheuvel
2019-11-08 13:13 ` Greg KH
2019-11-08 12:35 ` [PATCH for-stable-4.4 26/50] ARM: spectre-v2: warn about incorrect context switching functions Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 27/50] ARM: spectre-v1: add speculation barrier (csdb) macros Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 28/50] ARM: spectre-v1: add array_index_mask_nospec() implementation Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 29/50] ARM: spectre-v1: fix syscall entry Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 30/50] ARM: signal: copy registers using __copy_from_user() Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 31/50] ARM: vfp: use __copy_from_user() when restoring VFP state Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 32/50] ARM: oabi-compat: copy semops using __copy_from_user() Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 33/50] ARM: use __inttype() in get_user() Ard Biesheuvel
2019-11-08 12:35 ` Ard Biesheuvel [this message]
2019-11-08 12:35 ` [PATCH for-stable-4.4 35/50] ARM: spectre-v1: mitigate user accesses Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 36/50] ARM: 8789/1: signal: copy registers using __copy_to_user() Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 37/50] ARM: 8791/1: vfp: use __copy_to_user() when saving VFP state Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 38/50] ARM: 8792/1: oabi-compat: copy oabi events using __copy_to_user() Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 39/50] ARM: 8793/1: signal: replace __put_user_error with __put_user Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 40/50] ARM: 8794/1: uaccess: Prevent speculative use of the current addr_limit Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 41/50] ARM: 8795/1: spectre-v1.1: use put_user() for __put_user() Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 42/50] ARM: 8796/1: spectre-v1,v1.1: provide helpers for address sanitization Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 43/50] ARM: 8810/1: vfp: Fix wrong assignement to ufp_exc Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 44/50] ARM: make lookup_processor_type() non-__init Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 45/50] ARM: split out processor lookup Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 46/50] ARM: clean up per-processor check_bugs method call Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 47/50] ARM: add PROC_VTABLE and PROC_TABLE macros Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 48/50] ARM: spectre-v2: per-CPU vtables to work around big.Little systems Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 49/50] ARM: ensure that processor vtables is not lost after boot Ard Biesheuvel
2019-11-08 12:35 ` [PATCH for-stable-4.4 50/50] ARM: fix the cockup in the previous patch Ard Biesheuvel
2019-11-08 13:15 ` [PATCH for-stable-4.4 00/50] ARM: spectre v1/v2 mitigations Greg KH
2019-11-08 15:43 ` Linus Walleij
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191108123554.29004-35-ardb@kernel.org \
--to=ardb@kernel.org \
--cc=linus.walleij@linaro.org \
--cc=rmk+kernel@armlinux.org.uk \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).