From: Viresh Kumar <viresh.kumar@linaro.org>
To: linux-arm-kernel@lists.infradead.org,
Julien Thierry <Julien.Thierry@arm.com>
Cc: Mark Rutland <mark.rutland@arm.com>,
Marc Zyngier <marc.zyngier@arm.com>,
Viresh Kumar <viresh.kumar@linaro.org>,
Will Deacon <will.deacon@arm.com>,
stable@vger.kernel.org, mark.brown@arm.com,
Catalin Marinas <catalin.marinas@arm.com>,
Russell King <rmk+kernel@arm.linux.org.uk>
Subject: [PATCH v4.4 09/45] arm64: uaccess: Don't bother eliding access_ok checks in __{get, put}_user
Date: Fri, 14 Jun 2019 08:37:52 +0530 [thread overview]
Message-ID: <fa281cb205c71d33bc2d9f971717d4073409f43e.1560480942.git.viresh.kumar@linaro.org> (raw)
In-Reply-To: <cover.1560480942.git.viresh.kumar@linaro.org>
From: Will Deacon <will.deacon@arm.com>
commit 84624087dd7e3b482b7b11c170ebc1f329b3a218 upstream.
access_ok isn't an expensive operation once the addr_limit for the current
thread has been loaded into the cache. Given that the initial access_ok
check preceding a sequence of __{get,put}_user operations will take
the brunt of the miss, we can make the __* variants identical to the
full-fat versions, which brings with it the benefits of address masking.
The likely cost in these sequences will be from toggling PAN/UAO, which
we can address later by implementing the *_unsafe versions.
Reviewed-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
[ v4.4: Fixed conflicts around {__get_user|__put_user}_unaligned macros ]
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
---
arch/arm64/include/asm/uaccess.h | 62 ++++++++++++++++++--------------
1 file changed, 36 insertions(+), 26 deletions(-)
diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h
index fc11c50af558..a34324436ce1 100644
--- a/arch/arm64/include/asm/uaccess.h
+++ b/arch/arm64/include/asm/uaccess.h
@@ -200,30 +200,35 @@ do { \
CONFIG_ARM64_PAN)); \
} while (0)
-#define __get_user(x, ptr) \
+#define __get_user_check(x, ptr, err) \
({ \
- int __gu_err = 0; \
- __get_user_err((x), (ptr), __gu_err); \
- __gu_err; \
+ __typeof__(*(ptr)) __user *__p = (ptr); \
+ might_fault(); \
+ if (access_ok(VERIFY_READ, __p, sizeof(*__p))) { \
+ __p = uaccess_mask_ptr(__p); \
+ __get_user_err((x), __p, (err)); \
+ } else { \
+ (x) = 0; (err) = -EFAULT; \
+ } \
})
#define __get_user_error(x, ptr, err) \
({ \
- __get_user_err((x), (ptr), (err)); \
+ __get_user_check((x), (ptr), (err)); \
(void)0; \
})
-#define __get_user_unaligned __get_user
-
-#define get_user(x, ptr) \
+#define __get_user(x, ptr) \
({ \
- __typeof__(*(ptr)) __user *__p = (ptr); \
- might_fault(); \
- access_ok(VERIFY_READ, __p, sizeof(*__p)) ? \
- __p = uaccess_mask_ptr(__p), __get_user((x), __p) : \
- ((x) = 0, -EFAULT); \
+ int __gu_err = 0; \
+ __get_user_check((x), (ptr), __gu_err); \
+ __gu_err; \
})
+#define __get_user_unaligned __get_user
+
+#define get_user __get_user
+
#define __put_user_asm(instr, reg, x, addr, err) \
asm volatile( \
"1: " instr " " reg "1, [%2]\n" \
@@ -266,30 +271,35 @@ do { \
CONFIG_ARM64_PAN)); \
} while (0)
-#define __put_user(x, ptr) \
+#define __put_user_check(x, ptr, err) \
({ \
- int __pu_err = 0; \
- __put_user_err((x), (ptr), __pu_err); \
- __pu_err; \
+ __typeof__(*(ptr)) __user *__p = (ptr); \
+ might_fault(); \
+ if (access_ok(VERIFY_WRITE, __p, sizeof(*__p))) { \
+ __p = uaccess_mask_ptr(__p); \
+ __put_user_err((x), __p, (err)); \
+ } else { \
+ (err) = -EFAULT; \
+ } \
})
#define __put_user_error(x, ptr, err) \
({ \
- __put_user_err((x), (ptr), (err)); \
+ __put_user_check((x), (ptr), (err)); \
(void)0; \
})
-#define __put_user_unaligned __put_user
-
-#define put_user(x, ptr) \
+#define __put_user(x, ptr) \
({ \
- __typeof__(*(ptr)) __user *__p = (ptr); \
- might_fault(); \
- access_ok(VERIFY_WRITE, __p, sizeof(*__p)) ? \
- __p = uaccess_mask_ptr(__p), __put_user((x), __p) : \
- -EFAULT; \
+ int __pu_err = 0; \
+ __put_user_check((x), (ptr), __pu_err); \
+ __pu_err; \
})
+#define __put_user_unaligned __put_user
+
+#define put_user __put_user
+
extern unsigned long __must_check __copy_from_user(void *to, const void __user *from, unsigned long n);
extern unsigned long __must_check __copy_to_user(void __user *to, const void *from, unsigned long n);
extern unsigned long __must_check __copy_in_user(void __user *to, const void __user *from, unsigned long n);
--
2.21.0.rc0.269.g1a574e7a288b
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-06-14 3:15 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-14 3:07 [PATCH v4.4 00/45] V4.4 backport of arm64 Spectre patches Viresh Kumar
2019-06-14 3:07 ` [PATCH v4.4 01/45] arm64: barrier: Add CSDB macros to control data-value prediction Viresh Kumar
2019-06-14 3:07 ` [PATCH v4.4 02/45] arm64: Implement array_index_mask_nospec() Viresh Kumar
2019-06-14 3:07 ` [PATCH v4.4 03/45] arm64: remove duplicate macro __KERNEL__ check Viresh Kumar
2019-06-14 3:07 ` [PATCH v4.4 04/45] arm64: move TASK_* definitions to <asm/processor.h> Viresh Kumar
2019-06-14 3:07 ` [PATCH v4.4 05/45] arm64: Make USER_DS an inclusive limit Viresh Kumar
2019-06-14 3:07 ` [PATCH v4.4 06/45] arm64: Use pointer masking to limit uaccess speculation Viresh Kumar
2019-06-14 3:07 ` [PATCH v4.4 07/45] arm64: entry: Ensure branch through syscall table is bounded under speculation Viresh Kumar
2019-06-14 3:07 ` [PATCH v4.4 08/45] arm64: uaccess: Prevent speculative use of the current addr_limit Viresh Kumar
2019-06-14 3:07 ` Viresh Kumar [this message]
2019-06-14 3:07 ` [PATCH v4.4 10/45] mm/kasan: add API to check memory regions Viresh Kumar
2019-07-04 14:15 ` Julien Thierry
2019-07-05 3:13 ` Viresh Kumar
2019-06-14 3:07 ` [PATCH v4.4 11/45] arm64: kasan: instrument user memory access API Viresh Kumar
2019-06-14 3:07 ` [PATCH v4.4 12/45] arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user Viresh Kumar
2019-06-14 3:07 ` [PATCH v4.4 13/45] arm64: cpufeature: Pass capability structure to ->enable callback Viresh Kumar
2019-06-14 3:07 ` [PATCH v4.4 14/45] drivers/firmware: Expose psci_get_version through psci_ops structure Viresh Kumar
2019-06-14 3:07 ` [PATCH v4.4 15/45] arm64: Factor out TTBR0_EL1 post-update workaround into a specific asm macro Viresh Kumar
2019-06-14 3:07 ` [PATCH v4.4 16/45] arm64: Move post_ttbr_update_workaround to C code Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 17/45] arm64: cpufeature: Add scope for capability check Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 18/45] arm64: Add skeleton to harden the branch predictor against aliasing attacks Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 19/45] arm64: Move BP hardening to check_and_switch_context Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 20/45] mm: Introduce lm_alias Viresh Kumar
2019-06-17 12:33 ` Julien Thierry
2019-06-18 5:00 ` Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 21/45] arm64: entry: Apply BP hardening for high-priority synchronous exceptions Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 22/45] arm64: entry: Apply BP hardening for suspicious interrupts from EL0 Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 23/45] arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75 Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 24/45] arm64: cpu_errata: Allow an erratum to be match for all revisions of a core Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 25/45] arm64: Implement branch predictor hardening for affected Cortex-A CPUs Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 26/45] arm64: cputype info for Broadcom Vulcan Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 27/45] arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 28/45] arm64: Branch predictor hardening for Cavium ThunderX2 Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 29/45] arm64: KVM: Increment PC after handling an SMC trap Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 30/45] arm/arm64: KVM: Consolidate the PSCI include files Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 31/45] arm/arm64: KVM: Add PSCI_VERSION helper Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 32/45] arm/arm64: KVM: Add smccc accessors to PSCI code Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 33/45] ARM: 8478/2: arm/arm64: add arm-smccc Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 34/45] arm/arm64: KVM: Implement PSCI 1.0 support Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 35/45] arm/arm64: KVM: Advertise SMCCC v1.1 Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 36/45] arm/arm64: KVM: Turn kvm_psci_version into a static inline Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 37/45] arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 38/45] arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 39/45] firmware/psci: Expose PSCI conduit Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 40/45] firmware/psci: Expose SMCCC version through psci_ops Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 41/45] arm/arm64: smccc: Make function identifiers an unsigned quantity Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 42/45] arm/arm64: smccc: Implement SMCCC v1.1 inline primitive Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 43/45] arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 44/45] arm64: Kill PSCI_GET_VERSION as a variant-2 workaround Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 45/45] arm64: futex: Mask __user pointers prior to dereference Viresh Kumar
2019-06-17 12:10 ` [PATCH v4.4 00/45] V4.4 backport of arm64 Spectre patches Greg KH
2019-06-17 16:03 ` Julien Thierry
2019-06-18 10:21 ` Viresh Kumar
2019-06-19 11:03 ` Julien Thierry
2019-06-19 11:20 ` Viresh Kumar
2019-06-17 16:30 ` Julien Thierry
2019-07-11 13:57 ` Julien Thierry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fa281cb205c71d33bc2d9f971717d4073409f43e.1560480942.git.viresh.kumar@linaro.org \
--to=viresh.kumar@linaro.org \
--cc=Julien.Thierry@arm.com \
--cc=catalin.marinas@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=marc.zyngier@arm.com \
--cc=mark.brown@arm.com \
--cc=mark.rutland@arm.com \
--cc=rmk+kernel@arm.linux.org.uk \
--cc=stable@vger.kernel.org \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).