From: Nicholas Piggin <npiggin@gmail.com>
To: linuxppc-dev@lists.ozlabs.org
Cc: Nicholas Piggin <npiggin@gmail.com>
Subject: [PATCH 2/6] powerpc/64s/kuap: kuap_restore missing isync
Date: Wed, 29 Apr 2020 16:56:50 +1000 [thread overview]
Message-ID: <20200429065654.1677541-3-npiggin@gmail.com> (raw)
In-Reply-To: <20200429065654.1677541-1-npiggin@gmail.com>
Writing the AMR register is documented to require context synchronizing
operations before and after, for it to take effect as expected. The kuap
restore at interrupt exit time deliberately avoids the isync after the
AMR update because it only needs to take effect after the context
synchronizing rfid that soon follows. Add a comment for this.
The missing isync before the update doesn't have an obvious
justification, and seems it could theorietically allow a rogue user
access to leak past the AMR update. Add isyncs for these.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
arch/powerpc/include/asm/book3s/64/kup-radix.h | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/include/asm/book3s/64/kup-radix.h b/arch/powerpc/include/asm/book3s/64/kup-radix.h
index 3bcef989a35d..8dc5f292b806 100644
--- a/arch/powerpc/include/asm/book3s/64/kup-radix.h
+++ b/arch/powerpc/include/asm/book3s/64/kup-radix.h
@@ -16,7 +16,9 @@
#ifdef CONFIG_PPC_KUAP
BEGIN_MMU_FTR_SECTION_NESTED(67)
ld \gpr, STACK_REGS_KUAP(r1)
+ isync
mtspr SPRN_AMR, \gpr
+ /* No isync required, see kuap_restore_amr() */
END_MMU_FTR_SECTION_NESTED_IFSET(MMU_FTR_RADIX_KUAP, 67)
#endif
.endm
@@ -62,8 +64,15 @@
static inline void kuap_restore_amr(struct pt_regs *regs)
{
- if (mmu_has_feature(MMU_FTR_RADIX_KUAP))
+ if (mmu_has_feature(MMU_FTR_RADIX_KUAP)) {
+ isync();
mtspr(SPRN_AMR, regs->kuap);
+ /*
+ * No isync required here because we are about to rfi
+ * back to previous context before any user accesses
+ * would be made, which is a CSI.
+ */
+ }
}
static inline void kuap_check_amr(void)
--
2.23.0
next prev parent reply other threads:[~2020-04-29 7:03 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-29 6:56 [PATCH 0/6] assorted kuap fixes (try again) Nicholas Piggin
2020-04-29 6:56 ` [PATCH 1/6] powerpc/64/kuap: move kuap checks out of MSR[RI]=0 regions of exit code Nicholas Piggin
2020-04-29 6:56 ` Nicholas Piggin [this message]
2020-04-29 6:56 ` [PATCH 3/6] powerpc/64/kuap: interrupt exit conditionally restore AMR Nicholas Piggin
2020-04-29 6:56 ` [PATCH 4/6] powerpc/64s/kuap: restore AMR in system reset exception Nicholas Piggin
2020-04-29 6:56 ` [PATCH 5/6] powerpc/64s/kuap: restore AMR in fast_interrupt_return Nicholas Piggin
2020-04-29 6:56 ` [PATCH 6/6] powerpc/64s/kuap: conditionally restore AMR in kuap_restore_amr asm Nicholas Piggin
2020-06-09 5:54 ` [PATCH 0/6] assorted kuap fixes (try again) Michael Ellerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200429065654.1677541-3-npiggin@gmail.com \
--to=npiggin@gmail.com \
--cc=linuxppc-dev@lists.ozlabs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).