From: Ard Biesheuvel <ardb@kernel.org>
To: linux-arm-kernel@lists.infradead.org
Cc: Mark Rutland <mark.rutland@arm.com>,
Florian Fainelli <f.fainelli@gmail.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Tony Lindgren <tony@atomide.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Russell King <rmk+kernel@armlinux.org.uk>,
"David A . Long" <dave.long@linaro.org>,
Marc Zyngier <maz@kernel.org>, Will Deacon <will@kernel.org>,
Ard Biesheuvel <ardb@kernel.org>
Subject: [PATCH for-stable-v4.4 37/53] ARM: spectre-v1: use get_user() for __get_user()
Date: Tue, 5 Nov 2019 21:58:30 +0100 [thread overview]
Message-ID: <20191105205846.1394-38-ardb@kernel.org> (raw)
In-Reply-To: <20191105205846.1394-1-ardb@kernel.org>
From: Russell King <rmk+kernel@armlinux.org.uk>
Commit b1cd0a14806321721aae45f5446ed83a3647c914 upstream.
Fixing __get_user() for spectre variant 1 is not sane: we would have to
add address space bounds checking in order to validate that the location
should be accessed, and then zero the address if found to be invalid.
Since __get_user() is supposed to avoid the bounds check, and this is
exactly what get_user() does, there's no point having two different
implementations that are doing the same thing. So, when the Spectre
workarounds are required, make __get_user() an alias of get_user().
Acked-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: David A. Long <dave.long@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
arch/arm/include/asm/uaccess.h | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h
index 99005567fb92..fd33021da6f6 100644
--- a/arch/arm/include/asm/uaccess.h
+++ b/arch/arm/include/asm/uaccess.h
@@ -288,6 +288,16 @@ static inline void set_fs(mm_segment_t fs)
#define user_addr_max() \
(segment_eq(get_fs(), KERNEL_DS) ? ~0UL : get_fs())
+#ifdef CONFIG_CPU_SPECTRE
+/*
+ * When mitigating Spectre variant 1, it is not worth fixing the non-
+ * verifying accessors, because we need to add verification of the
+ * address space there. Force these to use the standard get_user()
+ * version instead.
+ */
+#define __get_user(x, ptr) get_user(x, ptr)
+#else
+
/*
* The "__xxx" versions of the user access functions do not verify the
* address space - it must have been done previously with a separate
@@ -304,12 +314,6 @@ static inline void set_fs(mm_segment_t fs)
__gu_err; \
})
-#define __get_user_error(x, ptr, err) \
-({ \
- __get_user_err((x), (ptr), err); \
- (void) 0; \
-})
-
#define __get_user_err(x, ptr, err) \
do { \
unsigned long __gu_addr = (unsigned long)(ptr); \
@@ -369,6 +373,7 @@ do { \
#define __get_user_asm_word(x, addr, err) \
__get_user_asm(x, addr, err, ldr)
+#endif
#define __put_user_switch(x, ptr, __err, __fn) \
--
2.17.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-11-05 21:09 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-05 20:57 [PATCH for-stable-v4.4 00/53] ARM: spectre v1/v2 mitigations Ard Biesheuvel
2019-11-05 20:57 ` [PATCH for-stable-v4.4 01/53] ARM: 8051/1: put_user: fix possible data corruption in put_user Ard Biesheuvel
2019-11-05 20:57 ` [PATCH for-stable-v4.4 02/53] ARM: 8478/2: arm/arm64: add arm-smccc Ard Biesheuvel
2019-11-05 20:57 ` [PATCH for-stable-v4.4 03/53] ARM: 8479/2: add implementation for arm-smccc Ard Biesheuvel
2019-11-05 20:57 ` [PATCH for-stable-v4.4 04/53] ARM: 8480/2: arm64: " Ard Biesheuvel
2019-11-05 20:57 ` [PATCH for-stable-v4.4 05/53] ARM: 8481/2: drivers: psci: replace psci firmware calls Ard Biesheuvel
2019-11-05 20:57 ` [PATCH for-stable-v4.4 06/53] ARM: uaccess: remove put_user() code duplication Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 07/53] ARM: Move system register accessors to asm/cp15.h Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 08/53] arm: kernel: Add SMC structure parameter Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 09/53] firmware: qcom: scm: Fix interrupted SCM calls Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 10/53] ARM: smccc: Update HVC comment to describe new quirk parameter Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 11/53] arm/arm64: KVM: Advertise SMCCC v1.1 Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 12/53] arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 13/53] firmware/psci: Expose PSCI conduit Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 14/53] firmware/psci: Expose SMCCC version through psci_ops Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 15/53] arm/arm64: smccc: Make function identifiers an unsigned quantity Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 16/53] arm/arm64: smccc: Implement SMCCC v1.1 inline primitive Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 17/53] arm/arm64: smccc: Add SMCCC-specific return codes Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 18/53] arm/arm64: smccc-1.1: Make return values unsigned long Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 19/53] arm/arm64: smccc-1.1: Handle function result as parameters Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 20/53] ARM: add more CPU part numbers for Cortex and Brahma B15 CPUs Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 21/53] ARM: bugs: prepare processor bug infrastructure Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 22/53] ARM: bugs: hook processor bug checking into SMP and suspend paths Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 23/53] ARM: bugs: add support for per-processor bug checking Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 24/53] ARM: spectre: add Kconfig symbol for CPUs vulnerable to Spectre Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 25/53] ARM: spectre-v2: harden branch predictor on context switches Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 26/53] ARM: spectre-v2: add Cortex A8 and A15 validation of the IBE bit Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 27/53] ARM: spectre-v2: harden user aborts in kernel space Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 28/53] ARM: spectre-v2: add firmware based hardening Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 29/53] ARM: spectre-v2: warn about incorrect context switching functions Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 30/53] ARM: spectre-v1: add speculation barrier (csdb) macros Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 31/53] ARM: spectre-v1: add array_index_mask_nospec() implementation Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 32/53] ARM: spectre-v1: fix syscall entry Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 33/53] ARM: signal: copy registers using __copy_from_user() Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 34/53] ARM: vfp: use __copy_from_user() when restoring VFP state Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 35/53] ARM: oabi-compat: copy semops using __copy_from_user() Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 36/53] ARM: use __inttype() in get_user() Ard Biesheuvel
2019-11-05 20:58 ` Ard Biesheuvel [this message]
2019-11-05 20:58 ` [PATCH for-stable-v4.4 38/53] ARM: spectre-v1: mitigate user accesses Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 39/53] ARM: 8789/1: signal: copy registers using __copy_to_user() Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 40/53] ARM: 8791/1: vfp: use __copy_to_user() when saving VFP state Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 41/53] ARM: 8792/1: oabi-compat: copy oabi events using __copy_to_user() Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 42/53] ARM: 8793/1: signal: replace __put_user_error with __put_user Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 43/53] ARM: 8794/1: uaccess: Prevent speculative use of the current addr_limit Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 44/53] ARM: 8795/1: spectre-v1.1: use put_user() for __put_user() Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 45/53] ARM: 8796/1: spectre-v1, v1.1: provide helpers for address sanitization Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 46/53] ARM: 8810/1: vfp: Fix wrong assignement to ufp_exc Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 47/53] ARM: make lookup_processor_type() non-__init Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 48/53] ARM: split out processor lookup Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 49/53] ARM: clean up per-processor check_bugs method call Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 50/53] ARM: add PROC_VTABLE and PROC_TABLE macros Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 51/53] ARM: spectre-v2: per-CPU vtables to work around big.Little systems Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 52/53] ARM: ensure that processor vtables is not lost after boot Ard Biesheuvel
2019-11-05 20:58 ` [PATCH for-stable-v4.4 53/53] ARM: fix the cockup in the previous patch Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191105205846.1394-38-ardb@kernel.org \
--to=ardb@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=dave.long@linaro.org \
--cc=f.fainelli@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=mark.rutland@arm.com \
--cc=maz@kernel.org \
--cc=rmk+kernel@armlinux.org.uk \
--cc=tony@atomide.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.