From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=snlC=AU=lists.infradead.org=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-9.7 required=3.0 tests=DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,DKIM_VALID,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,
	SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E9DDBC433DF
	for <linux-arm-kernel@archiver.kernel.org>; Thu,  9 Jul 2020 19:52:34 +0000 (UTC)
Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id ABCD320720
	for <linux-arm-kernel@archiver.kernel.org>; Thu,  9 Jul 2020 19:52:34 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="OFQGgZQb";
	dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="AznY960+"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org ABCD320720
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding:
	Content-Type:MIME-Version:Cc:List-Subscribe:List-Help:List-Post:List-Archive:
	List-Unsubscribe:List-Id:Message-Id:Date:Subject:To:From:Reply-To:Content-ID:
	Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
	:Resent-Message-ID:In-Reply-To:References:List-Owner;
	bh=imHMnZIeuAAIADNhQwbW8zkTzJagoitOe6bgFkP0lPU=; b=OFQGgZQbF6zUtqRwmm4qEtPLhF
	JzLZFawyHpPpw1gAdvR19lp8Cv2jAw4HEMBnG9GEtcYb8wTWDtsLToO9WA5AB4BWQgY20pUHzwaY7
	BdIsFIX1q9R1JYIe4akO5H/M5LCrc8/LBrTlGA+0XB68wFDGi+oTm1gmPWfT1Rarfpyhy85yFCE4t
	0DkvAORzeFgGAQ+v97yP6gUCWRLE5vuW/9eunLq5qryjFFrCxKN2GpJeF5WgoBGhcxkwTxLCrgixT
	sRf0UWmbLSePLwhBbBOCPoMzC+xHnSnufsWPKQNZrZXVax4ZjusfPZ2ojEYA0OWUdnnTfu0LZtMz8
	wpcr3mZA==;
Received: from localhost ([::1] helo=merlin.infradead.org)
	by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux))
	id 1jtcZV-0001bm-EW; Thu, 09 Jul 2020 19:51:05 +0000
Received: from mail-pl1-x644.google.com ([2607:f8b0:4864:20::644])
 by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux))
 id 1jtcZT-0001bJ-GJ
 for linux-arm-kernel@lists.infradead.org; Thu, 09 Jul 2020 19:51:04 +0000
Received: by mail-pl1-x644.google.com with SMTP id x11so1246684plo.7
 for <linux-arm-kernel@lists.infradead.org>;
 Thu, 09 Jul 2020 12:51:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id;
 bh=RwIQJPyP7UHlF/ZGGKtcnGZyKRkZA3pCBcfEq7K/2Ho=;
 b=AznY960+pK6TOErT6DuUqz4G4vZlBkddYOl5d2OHe7pG00Y0HIPRjgSEb5zEauhq3u
 RKM6boUHn3SMWeCJDchdIobej2f1kSt+RZnspd8DsOp/HbooshTkDo+M00AmnvDD6yXH
 07OtQgi8r6ZPSJ0Eky6PU/dhvo8seV9KaGEOORqVmXVD95zxKP5jR5wAtjB3sN2Ew/hy
 194wpp1EWZyhMIKvI8Zcwi+hxgj5t/ag+Ch9C2Q9Lsq4+u6xoosUVdcMXrVlxNwX4KnF
 b4SSBTNB108RFRlXcVo67ObtTCVjwrxgMaYcHYZ4WSWCa1aEhdNOPddPq475+qFl6uyO
 X/fA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id;
 bh=RwIQJPyP7UHlF/ZGGKtcnGZyKRkZA3pCBcfEq7K/2Ho=;
 b=g7+HULXWrEAiva/4PbE2b/q+NFZU35aqxpRAeWhLpoJ45lF2vjthfN//qeuRnRpcOF
 BQzEIPxcLDKAdbt+v9AsiqK241eJ0FgDOCioWEZ+YbOtEASZjSdNiNOt0pA1Tr6DbS7G
 JUADF2FuRoHVOHvLGFodNUVEeJZjiOfw62So2cftukVAH2SVZEs/t/dI6FnBqCdBupmo
 TDkdBvTa4RIG5sFTIFcAvryEy+jQSeWDv3w2PUa2XC13qMsSMn38izTz0NPugFnjcKC8
 4enzDwqHrjtIM9O2WHaYvY29tTj1B30zO8wk3rJmDAjQkYVh6jP5VDeXNDA+GLz6xT4s
 yzVw==
X-Gm-Message-State: AOAM530spNPwCzqvMgKCYQcn/TCbUqz39iwf0/sSd94PuKY5ysAx5jB4
 0fWA0Cab8plQpHTxYprniF6z/e9W
X-Google-Smtp-Source: ABdhPJwDJxkzz3kgTcJCu9/JCf8HhRsvChMEW+U2cgrMgNAOBN45sP1bW6XPDT8vS97J11EP5enArQ==
X-Received: by 2002:a17:902:820a:: with SMTP id
 x10mr4938403pln.135.1594324260334; 
 Thu, 09 Jul 2020 12:51:00 -0700 (PDT)
Received: from localhost.localdomain ([2001:470:67:5b9:5dec:e971:4cde:a128])
 by smtp.gmail.com with ESMTPSA id f2sm3694941pfb.184.2020.07.09.12.50.58
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 09 Jul 2020 12:50:59 -0700 (PDT)
From: Florian Fainelli <f.fainelli@gmail.com>
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH stable v4.9 v2] arm64: entry: Place an SB sequence following
 an ERET instruction
Date: Thu,  9 Jul 2020 12:50:23 -0700
Message-Id: <20200709195034.15185-1-f.fainelli@gmail.com>
X-Mailer: git-send-email 2.17.1
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20200709_155103_611374_5E0311BD 
X-CRM114-Status: GOOD (  12.06  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Cc: Mark Rutland <mark.rutland@arm.com>,
 Nick Desaulniers <ndesaulniers@google.com>, Andrew Jones <drjones@redhat.com>,
 Florian Fainelli <f.fainelli@gmail.com>, Fangrui Song <maskray@google.com>,
 Suzuki K Poulose <suzuki.poulose@arm.com>,
 Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will.deacon@arm.com>,
 open list <linux-kernel@vger.kernel.org>, stable@vger.kernel.org,
 "open list:KERNEL VIRTUAL MACHINE FOR ARM64 KVM/arm64"
 <kvmarm@lists.cs.columbia.edu>, Mark Brown <broonie@kernel.org>,
 James Morse <james.morse@arm.com>,
 Kristina Martsenko <kristina.martsenko@arm.com>,
 Sami Tolvanen <samitolvanen@google.com>, Marc Zyngier <maz@kernel.org>,
 Will Deacon <will@kernel.org>, Ard Biesheuvel <ardb@kernel.org>,
 Julien Thierry <julien.thierry.kdev@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

From: Will Deacon <will.deacon@arm.com>

commit 679db70801da9fda91d26caf13bf5b5ccc74e8e8 upstream

Some CPUs can speculate past an ERET instruction and potentially perform
speculative accesses to memory before processing the exception return.
Since the register state is often controlled by a lower privilege level
at the point of an ERET, this could potentially be used as part of a
side-channel attack.

This patch emits an SB sequence after each ERET so that speculation is
held up on exception return.

Signed-off-by: Will Deacon <will.deacon@arm.com>
[florian: Adjust hyp-entry.S to account for the label
 added change to hyp/entry.S]
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
---
Changes in v2:

- added missing hunk in hyp/entry.S per Will's feedback

 arch/arm64/kernel/entry.S      | 2 ++
 arch/arm64/kvm/hyp/entry.S     | 2 ++
 arch/arm64/kvm/hyp/hyp-entry.S | 4 ++++
 3 files changed, 8 insertions(+)

diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
index ca978d7d98eb..3408c782702c 100644
--- a/arch/arm64/kernel/entry.S
+++ b/arch/arm64/kernel/entry.S
@@ -255,6 +255,7 @@ alternative_insn eret, nop, ARM64_UNMAP_KERNEL_AT_EL0
 	.else
 	eret
 	.endif
+	sb
 	.endm
 
 	.macro	get_thread_info, rd
@@ -945,6 +946,7 @@ __ni_sys_trace:
 	mrs	x30, far_el1
 	.endif
 	eret
+	sb
 	.endm
 
 	.align	11
diff --git a/arch/arm64/kvm/hyp/entry.S b/arch/arm64/kvm/hyp/entry.S
index a360ac6e89e9..93704e6894d2 100644
--- a/arch/arm64/kvm/hyp/entry.S
+++ b/arch/arm64/kvm/hyp/entry.S
@@ -83,6 +83,7 @@ ENTRY(__guest_enter)
 
 	// Do not touch any register after this!
 	eret
+	sb
 ENDPROC(__guest_enter)
 
 ENTRY(__guest_exit)
@@ -195,4 +196,5 @@ alternative_endif
 	ldp	x0, x1, [sp], #16
 
 	eret
+	sb
 ENDPROC(__fpsimd_guest_restore)
diff --git a/arch/arm64/kvm/hyp/hyp-entry.S b/arch/arm64/kvm/hyp/hyp-entry.S
index bf4988f9dae8..3675e7f0ab72 100644
--- a/arch/arm64/kvm/hyp/hyp-entry.S
+++ b/arch/arm64/kvm/hyp/hyp-entry.S
@@ -97,6 +97,7 @@ el1_sync:				// Guest trapped into EL2
 	do_el2_call
 
 2:	eret
+	sb
 
 el1_hvc_guest:
 	/*
@@ -147,6 +148,7 @@ wa_epilogue:
 	mov	x0, xzr
 	add	sp, sp, #16
 	eret
+	sb
 
 el1_trap:
 	get_vcpu_ptr	x1, x0
@@ -198,6 +200,7 @@ el2_error:
 	b.ne	__hyp_panic
 	mov	x0, #(1 << ARM_EXIT_WITH_SERROR_BIT)
 	eret
+	sb
 
 ENTRY(__hyp_do_panic)
 	mov	lr, #(PSR_F_BIT | PSR_I_BIT | PSR_A_BIT | PSR_D_BIT |\
@@ -206,6 +209,7 @@ ENTRY(__hyp_do_panic)
 	ldr	lr, =panic
 	msr	elr_el2, lr
 	eret
+	sb
 ENDPROC(__hyp_do_panic)
 
 ENTRY(__hyp_panic)
-- 
2.17.1


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel