Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp3321507imm; Tue, 29 May 2018 05:20:57 -0700 (PDT) X-Google-Smtp-Source: AB8JxZqd3l2wYH0LTLyID+ZyQjwanMlV8w4xnht0v+xdXSwHs8xYNBA9C7+aghH2smHDzTfY8fpH X-Received: by 2002:a65:484c:: with SMTP id i12-v6mr13702162pgs.162.1527596457440; Tue, 29 May 2018 05:20:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527596457; cv=none; d=google.com; s=arc-20160816; b=Ys+GB7GBPYAjS7vC8Ikl5Xc+zq8ILrOEmBMesEZ0hQTtkEOuTw3yeaGmu7Fjq9eqE+ MNHNdS7W/sDDJ618U8Xzu+/H4HqT4gaT07mhTGL08aTUCaiitHWiYb2+kCHUbjZPU4Pv TB+k/WWlTGG3+/UDJbo2Z92/xMOTvifOmqpwduPR3w76Mp+P4eJNKHAkI+NiVSq4VMku InWwJCYEHPbDbEDKQYq9VghbfgBHnIL9PQcj4nvl0kQMJuYzBSbrshnpbXc8FR9lE4gj MS1ZXCPGldkyu8pGRvzMhb1yNgDIR9EU/YVKF+NsboEYErAq2cADQ9n1Pffb8SAbE3ZV iYVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=460/qBDPvH0f2p3cMiwEpRbvSWG23IgphsHtuZWMTEA=; b=p+iXC+P1rbUvAk2B/8pEajmsvNSruegZ2zn7gtDDUVnLizqjchf97k1NcdBT6GNpxy drl+/r83YFpE1s92X93E0ao6+IG9wa2PQnhQ8ItpjUXVU4rupl97qTVpz1Ti/FSa/1t7 RYQuyd9CbAycX1xzeS8Ic7ei+7CgbgYqnfdeKhRvY8vpuwv968F4lE4KK9Fl0r+zx/g0 Ramwcnh2QI52z+ypyr2MwGuYfgu7wdYc6a94UUqh3m+pknyslBbcjdTX6G5Le1Xm9jLe LOFaIN7BmMVSyzcIIETf4bZtfbC4xLfgoemH0Fyu/VGzdOBYtpbU4O4xXgmxsVMZTBTl Tg0g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t70-v6si19771982pgc.141.2018.05.29.05.20.43; Tue, 29 May 2018 05:20:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933960AbeE2MTZ (ORCPT + 99 others); Tue, 29 May 2018 08:19:25 -0400 Received: from foss.arm.com ([217.140.101.70]:38394 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933635AbeE2MLg (ORCPT ); Tue, 29 May 2018 08:11:36 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id B23FB15B2; Tue, 29 May 2018 05:11:35 -0700 (PDT) Received: from approximate.cambridge.arm.com (approximate.cambridge.arm.com [10.1.206.75]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 5B71F3F53D; Tue, 29 May 2018 05:11:33 -0700 (PDT) From: Marc Zyngier To: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, kvmarm@lists.cs.columbia.edu Cc: Will Deacon , Catalin Marinas , Thomas Gleixner , Andy Lutomirski , Kees Cook , Greg Kroah-Hartman , Christoffer Dall , Randy Dunlap , Dominik Brodowski , Julien Grall , Mark Rutland Subject: [PATCH v2 02/17] arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1 Date: Tue, 29 May 2018 13:11:06 +0100 Message-Id: <20180529121121.24927-3-marc.zyngier@arm.com> X-Mailer: git-send-email 2.14.2 In-Reply-To: <20180529121121.24927-1-marc.zyngier@arm.com> References: <20180529121121.24927-1-marc.zyngier@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In order for the kernel to protect itself, let's call the SSBD mitigation implemented by the higher exception level (either hypervisor or firmware) on each transition between userspace and kernel. We must take the PSCI conduit into account in order to target the right exception level, hence the introduction of a runtime patching callback. Reviewed-by: Mark Rutland Reviewed-by: Julien Grall Signed-off-by: Marc Zyngier --- arch/arm64/kernel/cpu_errata.c | 24 ++++++++++++++++++++++++ arch/arm64/kernel/entry.S | 22 ++++++++++++++++++++++ include/linux/arm-smccc.h | 5 +++++ 3 files changed, 51 insertions(+) diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index e4a1182deff7..d98d8ce29533 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -232,6 +232,30 @@ enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) } #endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */ +#ifdef CONFIG_ARM64_SSBD +void __init arm64_update_smccc_conduit(struct alt_instr *alt, + __le32 *origptr, __le32 *updptr, + int nr_inst) +{ + u32 insn; + + BUG_ON(nr_inst != 1); + + switch (psci_ops.conduit) { + case PSCI_CONDUIT_HVC: + insn = aarch64_insn_get_hvc_value(); + break; + case PSCI_CONDUIT_SMC: + insn = aarch64_insn_get_smc_value(); + break; + default: + return; + } + + *updptr = cpu_to_le32(insn); +} +#endif /* CONFIG_ARM64_SSBD */ + #define CAP_MIDR_RANGE(model, v_min, r_min, v_max, r_max) \ .matches = is_affected_midr_range, \ .midr_range = MIDR_RANGE(model, v_min, r_min, v_max, r_max) diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index ec2ee720e33e..f33e6aed3037 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -18,6 +18,7 @@ * along with this program. If not, see . */ +#include #include #include @@ -137,6 +138,18 @@ alternative_else_nop_endif add \dst, \dst, #(\sym - .entry.tramp.text) .endm + // This macro corrupts x0-x3. It is the caller's duty + // to save/restore them if required. + .macro apply_ssbd, state +#ifdef CONFIG_ARM64_SSBD + mov w0, #ARM_SMCCC_ARCH_WORKAROUND_2 + mov w1, #\state +alternative_cb arm64_update_smccc_conduit + nop // Patched to SMC/HVC #0 +alternative_cb_end +#endif + .endm + .macro kernel_entry, el, regsize = 64 .if \regsize == 32 mov w0, w0 // zero upper 32 bits of x0 @@ -163,6 +176,13 @@ alternative_else_nop_endif ldr x19, [tsk, #TSK_TI_FLAGS] // since we can unmask debug disable_step_tsk x19, x20 // exceptions when scheduling. + apply_ssbd 1 + +#ifdef CONFIG_ARM64_SSBD + ldp x0, x1, [sp, #16 * 0] + ldp x2, x3, [sp, #16 * 1] +#endif + mov x29, xzr // fp pointed to user-space .else add x21, sp, #S_FRAME_SIZE @@ -303,6 +323,8 @@ alternative_if ARM64_WORKAROUND_845719 alternative_else_nop_endif #endif 3: + apply_ssbd 0 + .endif msr elr_el1, x21 // set up the return data diff --git a/include/linux/arm-smccc.h b/include/linux/arm-smccc.h index c89da86de99f..ca1d2cc2cdfa 100644 --- a/include/linux/arm-smccc.h +++ b/include/linux/arm-smccc.h @@ -80,6 +80,11 @@ ARM_SMCCC_SMC_32, \ 0, 0x8000) +#define ARM_SMCCC_ARCH_WORKAROUND_2 \ + ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \ + ARM_SMCCC_SMC_32, \ + 0, 0x7fff) + #ifndef __ASSEMBLY__ #include -- 2.14.2