Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2419257imu; Wed, 21 Nov 2018 11:19:05 -0800 (PST) X-Google-Smtp-Source: AFSGD/UIJfcuYcird4BWDYfK0oX9zlnCndOVrv5fA5zp9yajH4/somDvRMAqv5889y8xCNaJePZ7 X-Received: by 2002:a63:e84c:: with SMTP id a12mr7003063pgk.241.1542827944996; Wed, 21 Nov 2018 11:19:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542827944; cv=none; d=google.com; s=arc-20160816; b=a089RinVAqzBGG2Io1tAKwys7Xlf+TPy13dPoZfy6ONE046dHO4hOuJfrtEXz2sV+W qLAvHuSfWi1mf+ObQNvTtsLll5B2wKFcx7tbcOi78Q0rK1blgaVl0RrAWX69spmHCxyy XuOeG/QVG7BBqKqdPLYuXBtRlBewVg9QI4P/W3aQu2QhF7i75vdBTUhVq00uEupE0NnT fs2KDbncAaDa+YuiVbccRR3H7kCRy9D3xEtBZqai9lvga2L3ufzyq0L6MPoXWYCuinni aN8TaNZmLRrZC5+bw0ANgUfVCyPdQJUiycDvio87Xi3+eCs6sy48q8U5m4cbsI1URCrq HBKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=/MUFjUPiDCw1Q9spfZOBmbc2mY2M3KfiEJsLfn2Dtus=; b=QUxAvZa6zw7YjPA91S836eKhujT+8O93VkmqmS3LIzpK3MjADSNri1B6rEQOlM1alw 3Ze4T5iLBSTWcuHPRHwC8g+2HfALinvZSnOdVNLf1gnrjQlKCl4zjnfV+Sy9ygqkvwuB AicGgCe4NmPNsHY1pmXchWD2fDVpnn6yJzCoDo/7nliUFcL/3EDC40GB8WqDv7gYC37Z uEDEbh9o5oh/0ohnroyBMlFrcR9H55IhclGPN079olM7JyJG6fkF0dgYPAoBZHpv3jER Ze6cJ+3bLP8h0yGm+Lk2guSc060F2vhpRvzekm2LZQjAB04uW5+tTzy0o3JxkEGTTpFV fXCw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=foSu02JM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h32si11454404pgh.276.2018.11.21.11.18.50; Wed, 21 Nov 2018 11:19:04 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=foSu02JM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389052AbeKVFrO (ORCPT + 99 others); Thu, 22 Nov 2018 00:47:14 -0500 Received: from mail.kernel.org ([198.145.29.99]:42638 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729280AbeKVFrM (ORCPT ); Thu, 22 Nov 2018 00:47:12 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 4D379206BB; Wed, 21 Nov 2018 19:11:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1542827498; bh=XscPQuovaOQZ8HB/9lmXKGFPd78SwUFDS8DGmzjk5gA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=foSu02JMus27hdCuq+0HVC41zF0lOitong6KdCfW8omhkUrsWJymBGUxCiweVE6t6 +q6uvnbQ+BXJOSWdFbo87lJ6yWAew4WfsacrWrnEws65KBXK/miLL2NOBG5QDcYvJS Vf72dWGe92G8z9Cxd8RNS7W4ZPryPb9nAhrTs1RE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Mark Rutland , Russell King , "David A. Long" Subject: [PATCH 4.9 55/59] ARM: vfp: use __copy_from_user() when restoring VFP state Date: Wed, 21 Nov 2018 20:07:10 +0100 Message-Id: <20181121183510.470725429@linuxfoundation.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181121183508.262873520@linuxfoundation.org> References: <20181121183508.262873520@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Russell King Commit 42019fc50dfadb219f9e6ddf4c354f3837057d80 upstream. __get_user_error() is used as a fast accessor to make copying structure members in the signal handling path as efficient as possible. However, with software PAN and the recent Spectre variant 1, the efficiency is reduced as these are no longer fast accessors. In the case of software PAN, it has to switch the domain register around each access, and with Spectre variant 1, it would have to repeat the access_ok() check for each access. Use __copy_from_user() rather than __get_user_err() for individual members when restoring VFP state. Acked-by: Mark Rutland Signed-off-by: Russell King Signed-off-by: David A. Long Signed-off-by: Greg Kroah-Hartman --- arch/arm/include/asm/thread_info.h | 4 ++-- arch/arm/kernel/signal.c | 17 ++++++++--------- arch/arm/vfp/vfpmodule.c | 17 +++++++---------- 3 files changed, 17 insertions(+), 21 deletions(-) --- a/arch/arm/include/asm/thread_info.h +++ b/arch/arm/include/asm/thread_info.h @@ -126,8 +126,8 @@ struct user_vfp_exc; extern int vfp_preserve_user_clear_hwstate(struct user_vfp __user *, struct user_vfp_exc __user *); -extern int vfp_restore_user_hwstate(struct user_vfp __user *, - struct user_vfp_exc __user *); +extern int vfp_restore_user_hwstate(struct user_vfp *, + struct user_vfp_exc *); #endif /* --- a/arch/arm/kernel/signal.c +++ b/arch/arm/kernel/signal.c @@ -107,21 +107,20 @@ static int preserve_vfp_context(struct v return vfp_preserve_user_clear_hwstate(&frame->ufp, &frame->ufp_exc); } -static int restore_vfp_context(struct vfp_sigframe __user *frame) +static int restore_vfp_context(struct vfp_sigframe __user *auxp) { - unsigned long magic; - unsigned long size; - int err = 0; + struct vfp_sigframe frame; + int err; - __get_user_error(magic, &frame->magic, err); - __get_user_error(size, &frame->size, err); + err = __copy_from_user(&frame, (char __user *) auxp, sizeof(frame)); if (err) - return -EFAULT; - if (magic != VFP_MAGIC || size != VFP_STORAGE_SIZE) + return err; + + if (frame.magic != VFP_MAGIC || frame.size != VFP_STORAGE_SIZE) return -EINVAL; - return vfp_restore_user_hwstate(&frame->ufp, &frame->ufp_exc); + return vfp_restore_user_hwstate(&frame.ufp, &frame.ufp_exc); } #endif --- a/arch/arm/vfp/vfpmodule.c +++ b/arch/arm/vfp/vfpmodule.c @@ -597,13 +597,11 @@ int vfp_preserve_user_clear_hwstate(stru } /* Sanitise and restore the current VFP state from the provided structures. */ -int vfp_restore_user_hwstate(struct user_vfp __user *ufp, - struct user_vfp_exc __user *ufp_exc) +int vfp_restore_user_hwstate(struct user_vfp *ufp, struct user_vfp_exc *ufp_exc) { struct thread_info *thread = current_thread_info(); struct vfp_hard_struct *hwstate = &thread->vfpstate.hard; unsigned long fpexc; - int err = 0; /* Disable VFP to avoid corrupting the new thread state. */ vfp_flush_hwstate(thread); @@ -612,17 +610,16 @@ int vfp_restore_user_hwstate(struct user * Copy the floating point registers. There can be unused * registers see asm/hwcap.h for details. */ - err |= __copy_from_user(&hwstate->fpregs, &ufp->fpregs, - sizeof(hwstate->fpregs)); + memcpy(&hwstate->fpregs, &ufp->fpregs, sizeof(hwstate->fpregs)); /* * Copy the status and control register. */ - __get_user_error(hwstate->fpscr, &ufp->fpscr, err); + hwstate->fpscr = ufp->fpscr; /* * Sanitise and restore the exception registers. */ - __get_user_error(fpexc, &ufp_exc->fpexc, err); + fpexc = ufp_exc->fpexc; /* Ensure the VFP is enabled. */ fpexc |= FPEXC_EN; @@ -631,10 +628,10 @@ int vfp_restore_user_hwstate(struct user fpexc &= ~(FPEXC_EX | FPEXC_FP2V); hwstate->fpexc = fpexc; - __get_user_error(hwstate->fpinst, &ufp_exc->fpinst, err); - __get_user_error(hwstate->fpinst2, &ufp_exc->fpinst2, err); + hwstate->fpinst = ufp_exc->fpinst; + hwstate->fpinst2 = ufp_exc->fpinst2; - return err ? -EFAULT : 0; + return 0; } /*