Received: by 10.192.165.148 with SMTP id m20csp4189118imm; Mon, 23 Apr 2018 21:17:45 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+lKv3/sdOTasDQRCGCLQxTmCAJxjWu6rYuIG7AeNRVPNF/el2XBD6GazgoG9BkiKoTmFag X-Received: by 10.98.14.198 with SMTP id 67mr18162204pfo.36.1524543465450; Mon, 23 Apr 2018 21:17:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524543465; cv=none; d=google.com; s=arc-20160816; b=f2dHWtiaBefnVqjjqFUov4s0EEdekufsxsjswNV3a+DTOtFC+4/vC0HKBc3UXLnc5r HFkkfDPtDsEjEViz8tvmEdFkDrKP1wqsG2dwE6zOzsBPaOakrKaRncO7axcYtCMSA6O7 Ck72N7vhajB08QuaxmoqpzoSz9QQ7c77t7UAmfkK3LExscfPbQC2E4iW7+YmUR7BmfJk c9usZMOAAuKUz+GFbnHfBidze/ZO8acKeiGMRmOScQ9k4E/Oj62iJv2IkLMQNuwasVDw /Q7cpjMbs4cvv5TDclw2OicK/7krF5I3DjmqAcp06aXLIeJ5ca7CTrBKlEfkO8ymD8+9 0j1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=wSoMet134rS7iggtKz9iFnpRkQHLd1jEaF7Bn8f8U9Y=; b=YNoeoOyOmjqqLVecwdUD9Rt+r+MIYZYCY1U7L67k2h2x3LSxU3JwcjQMVbJLMPpswq 7pAo588LEEdhqC2mcj4yqITams97jkzSS1xff+Fe2GsZ+w5cZYgQwNx7/jcG/E/gqnUW uR1iCuifeFYmXYdTwWT94wq9BMcRrFCTbXZVxKy7vlXcz07AidvjZNXXA8NCrpyd1Ybv 7toZJ1HiM9w4CTVGwzmC6JdmKr9OVjJyWqggGb923xm7RDWfbInPRFAsYQ98nu+oWx6b xFloOiPlOSCyxb0nCrWl+1drqTWdWoaCBKoMpltw/K9ZpGZO/BZytympaGKwpZHqiR3m svhQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h9si11085072pgr.342.2018.04.23.21.17.31; Mon, 23 Apr 2018 21:17:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755533AbeDXEQW (ORCPT + 99 others); Tue, 24 Apr 2018 00:16:22 -0400 Received: from ozlabs.org ([203.11.71.1]:38691 "EHLO ozlabs.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750962AbeDXEQM (ORCPT ); Tue, 24 Apr 2018 00:16:12 -0400 Received: by ozlabs.org (Postfix, from userid 1034) id 40VVPl2FwZz9s19; Tue, 24 Apr 2018 14:16:11 +1000 (AEST) From: Michael Ellerman To: linuxppc-dev@ozlabs.org Cc: npiggin@gmail.com, msuchanek@suse.de, linux-kernel@vger.kernel.org Subject: [PATCH 6/6] powerpc/64: Use barrier_nospec in syscall entry Date: Tue, 24 Apr 2018 14:15:59 +1000 Message-Id: <20180424041559.32410-6-mpe@ellerman.id.au> X-Mailer: git-send-email 2.14.1 In-Reply-To: <20180424041559.32410-1-mpe@ellerman.id.au> References: <20180424041559.32410-1-mpe@ellerman.id.au> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Our syscall entry is done in assembly so patch in an explicit barrier_nospec. Based on a patch by Michal Suchanek. Signed-off-by: Michal Suchanek Signed-off-by: Michael Ellerman --- mpe: Move the barrier to immediately prior to the vulnerable load, and add a comment trying to explain why. Drop the barrier from syscall_dotrace, because that syscall number comes from the kernel. --- arch/powerpc/kernel/entry_64.S | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/arch/powerpc/kernel/entry_64.S b/arch/powerpc/kernel/entry_64.S index 51695608c68b..de30f9a34c0c 100644 --- a/arch/powerpc/kernel/entry_64.S +++ b/arch/powerpc/kernel/entry_64.S @@ -36,6 +36,7 @@ #include #include #include +#include #include #ifdef CONFIG_PPC_BOOK3S #include @@ -178,6 +179,15 @@ system_call: /* label this so stack traces look sane */ clrldi r8,r8,32 15: slwi r0,r0,4 + + barrier_nospec_asm + /* + * Prevent the load of the handler below (based on the user-passed + * system call number) being speculatively executed until the test + * against NR_syscalls and branch to .Lsyscall_enosys above has + * committed. + */ + ldx r12,r11,r0 /* Fetch system call handler [ptr] */ mtctr r12 bctrl /* Call handler */ -- 2.14.1