Received: by 10.223.185.116 with SMTP id b49csp3495343wrg;
        Mon, 26 Feb 2018 00:33:55 -0800 (PST)
X-Google-Smtp-Source: AH8x226bn6L5GhoxFdBe/3CJ3GJx8ns+7j/pPOiaLQVfYuzNT8ZCxltNEhVMV0zRf7oDtyJ8b8az
X-Received: by 10.98.252.22 with SMTP id e22mr9813842pfh.235.1519634034906;
        Mon, 26 Feb 2018 00:33:54 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1519634034; cv=none;
        d=google.com; s=arc-20160816;
        b=M62yPseplZuuv9L2JeLQeeCq44wtD6VpR56QBZ8AVLb5blV0aJFjPdu4NFTpjwttTV
         grmFuHp3gVUo0pttZEOLgBfHmCu3q7ZbwLJCPnToTBzaA4NMy2thHoaN6cp/MWZ1UkHc
         38jdD0EIq17XQfWvzLrPYQ5XwkJp5j5w/ppLSaELexHdPLPcrE5QB9oQ47hG/qtX7q0F
         xTw3MtNuZnqEfzzidEbyLeUvfHYovZ2gY/ZkRC1vvPKUgQ01wCtWLIh44BrIC30SvtO2
         nihC5XFgrazOXLp/vEAmchKK2Mk6ewSQD1GmGkzQ3w5u4ZGAklzNZqGATqnV42nMcTrZ
         E7WA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:references:in-reply-to:message-id:date
         :subject:to:from:dkim-signature:arc-authentication-results;
        bh=o9wt4qxRgviZ/SM2aAeUByaDVo70FE/AaFiMiokIiaM=;
        b=SO8aRoz2qoj734eAhlCe82v4d31nWshrFbciwqnV2reaFv1pEqvwkOFzgmbrOjfBXU
         g5ruQwOT+K+KuiszknCJGHuBK7g2uVoe4lxO5WfzY+uSSM42u/vM0nepw9DC5cMR+9XE
         5MBgQ4RKfMsOA6oPuN8F2UHutv+UDMiJLFH1mdmcACdxzLcGuECgN6g7032aj5Bo47pz
         xldT1vhKnL+mT0VWX8jz7YhyTJUm5T+Lvo83Bt9sFK/CBNLI3PJxeyyf8xIlQwCghEFI
         HzF6+ne5EHGnFsPw9PUhsEReibbNHd+GI9OJSqjTegG9vpb3plSKmT5vC494sJ3XPyuA
         yqYA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linaro.org header.s=google header.b=VvoK62Rd;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id l6si5241460pgr.292.2018.02.26.00.33.40;
        Mon, 26 Feb 2018 00:33:54 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linaro.org header.s=google header.b=VvoK62Rd;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752689AbeBZIcO (ORCPT <rfc822;linuxbirdgao@gmail.com>
        + 99 others); Mon, 26 Feb 2018 03:32:14 -0500
Received: from mail-pf0-f196.google.com ([209.85.192.196]:42736 "EHLO
        mail-pf0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751907AbeBZIYV (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 26 Feb 2018 03:24:21 -0500
Received: by mail-pf0-f196.google.com with SMTP id a16so396323pfn.9
        for <linux-kernel@vger.kernel.org>; Mon, 26 Feb 2018 00:24:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google;
        h=from:to:subject:date:message-id:in-reply-to:references;
        bh=o9wt4qxRgviZ/SM2aAeUByaDVo70FE/AaFiMiokIiaM=;
        b=VvoK62RdimsjFNioD0qO4HEfqCyUJIJ9M2jhDIjHESfeUVHOkEjXfgJMAXJZd5ck9+
         qTgilUPggg9D7JIGYSvMKzvcPruQbr3MJXtGojoj4lpAukymCQJ8jXiiXihqyxYx0uwY
         DeSxtOjkxcnR5y9oPPdVdUuXhWC/y33qFfjWY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references;
        bh=o9wt4qxRgviZ/SM2aAeUByaDVo70FE/AaFiMiokIiaM=;
        b=CBwiejFZHdZhb6opfL8zkG1Za1gZnpCEmMZLY4jWHves/JtlPS6JvkZOQORqeY0nxs
         s8imSKiWZRN0jtU8NQeLRXcxevrqZOf+bLiYQKb9Lkelt+42+3pZvQxS42BOHCCzECLR
         Dh63DUX86mWj5pQTY9gc73NTzi3t4lHJu781qR4uuOC3DeKMkYCvu+DuD+Ya8r3UAuRT
         vvVWF26x4T2KD39RDjx5UxPWRVn83n0oLWIQtX9ojBj00ak1HqlnC3ztX2lxaywKIusQ
         dllu5rfwgCTMsISZa0j/LDa6lwfKwNiZVax0bgy+QfmmcExIAcRTBiDHWnAGehv9vdeA
         RWSw==
X-Gm-Message-State: APf1xPCw4PtGcZu1E8b9iJY/1nC2RmCrTQ+IA4w0olJ3hzFOJ5Zvcs+0
        OJITcErIa6H5lOh4aByXHkJFoA==
X-Received: by 10.99.122.86 with SMTP id j22mr7824959pgn.351.1519633461042;
        Mon, 26 Feb 2018 00:24:21 -0800 (PST)
Received: from localhost.localdomain (176.122.172.82.16clouds.com. [176.122.172.82])
        by smtp.gmail.com with ESMTPSA id o86sm1422706pfi.87.2018.02.26.00.24.16
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
        Mon, 26 Feb 2018 00:24:20 -0800 (PST)
From:   Alex Shi <alex.shi@linaro.org>
To:     Marc Zyngier <marc.zyngier@arm.com>,
        Will Deacon <will.deacon@arm.com>,
        Ard Biesheuvel <ard.biesheuvel@linaro.org>,
        Catalin Marinas <catalin.marinas@arm.com>,
        stable@vger.kernel.org,
        linux-arm-kernel@lists.infradead.org (moderated list:ARM64 PORT
        (AARCH64 ARCHITECTURE)), linux-kernel@vger.kernel.org (open list)
Subject: [PATCH 27/52] arm64: entry: Apply BP hardening for suspicious interrupts from EL0
Date:   Mon, 26 Feb 2018 16:20:01 +0800
Message-Id: <1519633227-29832-28-git-send-email-alex.shi@linaro.org>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1519633227-29832-1-git-send-email-alex.shi@linaro.org>
References: <1519633227-29832-1-git-send-email-alex.shi@linaro.org>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Will Deacon <will.deacon@arm.com>

commit 30d88c0e3ace upstream.

It is possible to take an IRQ from EL0 following a branch to a kernel
address in such a way that the IRQ is prioritised over the instruction
abort. Whilst an attacker would need to get the stars to align here,
it might be sufficient with enough calibration so perform BP hardening
in the rare case that we see a kernel address in the ELR when handling
an IRQ from EL0.

Reported-by: Dan Hettena <dhettena@nvidia.com>
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Alex Shi <alex.shi@linaro.org>
---
 arch/arm64/kernel/entry.S | 5 +++++
 arch/arm64/mm/fault.c     | 6 ++++++
 2 files changed, 11 insertions(+)

diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
index d50c2fe..e26a114 100644
--- a/arch/arm64/kernel/entry.S
+++ b/arch/arm64/kernel/entry.S
@@ -646,6 +646,11 @@ el0_irq_naked:
 #endif
 
 	ct_user_exit
+#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR
+	tbz	x22, #55, 1f
+	bl	do_el0_irq_bp_hardening
+1:
+#endif
 	irq_handler
 
 #ifdef CONFIG_TRACE_IRQFLAGS
diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c
index 6120a14..ad49ae8 100644
--- a/arch/arm64/mm/fault.c
+++ b/arch/arm64/mm/fault.c
@@ -590,6 +590,12 @@ asmlinkage void __exception do_mem_abort(unsigned long addr, unsigned int esr,
 	arm64_notify_die("", regs, &info, esr);
 }
 
+asmlinkage void __exception do_el0_irq_bp_hardening(void)
+{
+	/* PC has already been checked in entry.S */
+	arm64_apply_bp_hardening();
+}
+
 asmlinkage void __exception do_el0_ia_bp_hardening(unsigned long addr,
 						   unsigned int esr,
 						   struct pt_regs *regs)
-- 
2.7.4