Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933655AbeAHOpe (ORCPT + 1 other); Mon, 8 Jan 2018 09:45:34 -0500 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:39666 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933150AbeAHOpd (ORCPT ); Mon, 8 Jan 2018 09:45:33 -0500 Date: Mon, 8 Jan 2018 14:45:34 +0000 From: Will Deacon To: Ard Biesheuvel Cc: linux-arm-kernel@lists.infradead.org, Catalin Marinas , Marc Zyngier , Lorenzo Pieralisi , Christoffer Dall , Linux Kernel Mailing List , Laura Abbott Subject: Re: [PATCH v2 01/11] arm64: use RET instruction for exiting the trampoline Message-ID: <20180108144534.GI25869@arm.com> References: <1515157961-20963-1-git-send-email-will.deacon@arm.com> <1515157961-20963-2-git-send-email-will.deacon@arm.com> <20180108143345.GH25869@arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On Mon, Jan 08, 2018 at 02:38:00PM +0000, Ard Biesheuvel wrote: > On 8 January 2018 at 14:33, Will Deacon wrote: > > On Sat, Jan 06, 2018 at 01:13:23PM +0000, Ard Biesheuvel wrote: > >> On 5 January 2018 at 13:12, Will Deacon wrote: > >> > Speculation attacks against the entry trampoline can potentially resteer > >> > the speculative instruction stream through the indirect branch and into > >> > arbitrary gadgets within the kernel. > >> > > >> > This patch defends against these attacks by forcing a misprediction > >> > through the return stack: a dummy BL instruction loads an entry into > >> > the stack, so that the predicted program flow of the subsequent RET > >> > instruction is to a branch-to-self instruction which is finally resolved > >> > as a branch to the kernel vectors with speculation suppressed. > >> > > >> > >> How safe is it to assume that every microarchitecture will behave as > >> expected here? Wouldn't it be safer in general not to rely on a memory > >> load for x30 in the first place? (see below) Or may the speculative > >> execution still branch anywhere even if the branch target is > >> guaranteed to be known by that time? > > > > The main problem with this approach is that EL0 can read out the text and > > find the kaslr offset. > > Not really - the CONFIG_RANDOMIZE_BASE path puts the movz/movk > sequence in the next page, but that does involve an unconditional > branch. Ah sorry, I had missed that. The unconditional branch may still be attacked, however. > > The memory load is fine, because the data page is > > unmapped along with the kernel text. I'm not aware of any > > micro-architectures where this patch doesn't do what we need. > > > > Well, the memory load is what may incur the delay, creating the window > for speculative execution of the indirect branch. What I don't have > enough of a handle on is whether this speculative execution may still > branch to wherever the branch predictor is pointing even if the > register containing the branch target is already available. For the micro-architectures I'm aware of, the return stack predictor will always safely mispredict the jump into the kernel vectors with this patch applied. Will