Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp2445159yba; Mon, 15 Apr 2019 11:46:58 -0700 (PDT) X-Google-Smtp-Source: APXvYqyeV8m3X4lllXl+JlJvgXzxN4EjyHUX6NES0aPHO2pDTHLkXyjQSaFuHJPz1VWCd1PAS6X2 X-Received: by 2002:a63:c302:: with SMTP id c2mr72711135pgd.235.1555354018126; Mon, 15 Apr 2019 11:46:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555354018; cv=none; d=google.com; s=arc-20160816; b=e4z+dERFXiN6oFgXemHURdes44lB9GhRLEo8bPOad6k2m9YDtDsTZ259qZ/AmodNUu zzcntrEVRAb0aoEqk/6a4b0DHZfL6a50BqyaiCdRGPCnf6Wf+EtRbwsAU3w5ADLruBzg BcwwaNDc+WmpLRElP4pY/u/d9jwnj/5+5j2hJNF00T+XCuMksTypPlRKVhcSHSY3VM/1 DcESCYgaocLI11QUJTIE7im1oD2e+FryJUL3iocrhFWHqkWfodOU7aCWxx5gR0NKKrjF CGmgj7iuYlAxzWsFuxUHAjiczOo8/QizQM6ciMvi/XMlzv3VXMbz6d36JdfCNmUnvjw+ GxgQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=ILkGRGI9bUZ7VWsVcDB7d7rMoawxqNcUqPZFRgF4zps=; b=ormftOUBSiolkKLX26S1dnuwFQdnnBRltdt1fJsBBTNKBMy4/Dyi+LlurnBbDp8leO RPe3enBnhgJOpz+698v0vrNUx/or8qj5mXX6oydtLCZ1x9gHTrjfTWy2DT86DbBAAuAF ihCp9+a5WJ6JCfF6wqpvvB6XSPy5uHT6TFkznRnCPHDqvAxyDWl27OUGoXqzhI7c9SNz nzjlMsR2DsUveSZnIUmq6aN+dx796Coy0RyXfv3ozWjdmndVPEwznJX/hnCyaW65s5HJ ctTrMihV9+ljJZki4EEo7AaqNRIsKRxfWv/Uk5LajnAzcF9e2dGAx1+ySiASSvcHSva3 2KPg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=WFOBdE6F; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s79si30873947pfa.69.2019.04.15.11.46.41; Mon, 15 Apr 2019 11:46:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=WFOBdE6F; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728456AbfDOSpr (ORCPT + 99 others); Mon, 15 Apr 2019 14:45:47 -0400 Received: from mail.kernel.org ([198.145.29.99]:48234 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728434AbfDOSpq (ORCPT ); Mon, 15 Apr 2019 14:45:46 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id D3A6F2087C; Mon, 15 Apr 2019 18:45:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1555353945; bh=zV+L8fu2E1eV0Y+Fd7rC4gJXSkZRpWLe0Fd2xS3GM+k=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WFOBdE6FB5EMieHAJ+Cq3ZNWCBfHfjU0NOBHIkHR2d0eT6/bo2z/tMEtUJZqmA6px Xmijr/s8Yj7x+MDOROFGlsI5Iv6zsDFE6b5TVnfq2Np/+wWwDrvOcr3wQwVHldXI1a /yqc/mIuOtF7MiBJfwW5ox98ubo1mAz15x2rIXPw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Michal Suchanek , Michael Ellerman , Sasha Levin Subject: [PATCH 4.9 14/76] powerpc/64s: Patch barrier_nospec in modules Date: Mon, 15 Apr 2019 20:43:38 +0200 Message-Id: <20190415183711.746568294@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190415183707.712011689@linuxfoundation.org> References: <20190415183707.712011689@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org commit 815069ca57c142eb71d27439bc27f41a433a67b3 upstream. Note that unlike RFI which is patched only in kernel the nospec state reflects settings at the time the module was loaded. Iterating all modules and re-patching every time the settings change is not implemented. Based on lwsync patching. Signed-off-by: Michal Suchanek Signed-off-by: Michael Ellerman Signed-off-by: Sasha Levin --- arch/powerpc/include/asm/setup.h | 7 +++++++ arch/powerpc/kernel/module.c | 6 ++++++ arch/powerpc/kernel/security.c | 2 +- arch/powerpc/lib/feature-fixups.c | 16 +++++++++++++--- 4 files changed, 27 insertions(+), 4 deletions(-) diff --git a/arch/powerpc/include/asm/setup.h b/arch/powerpc/include/asm/setup.h index 709f4e739ae8..a225b5c42e76 100644 --- a/arch/powerpc/include/asm/setup.h +++ b/arch/powerpc/include/asm/setup.h @@ -52,6 +52,13 @@ enum l1d_flush_type { void setup_rfi_flush(enum l1d_flush_type, bool enable); void do_rfi_flush_fixups(enum l1d_flush_type types); void do_barrier_nospec_fixups(bool enable); +extern bool barrier_nospec_enabled; + +#ifdef CONFIG_PPC_BOOK3S_64 +void do_barrier_nospec_fixups_range(bool enable, void *start, void *end); +#else +static inline void do_barrier_nospec_fixups_range(bool enable, void *start, void *end) { }; +#endif #endif /* !__ASSEMBLY__ */ diff --git a/arch/powerpc/kernel/module.c b/arch/powerpc/kernel/module.c index 30b89d5cbb03..d30f0626dcd0 100644 --- a/arch/powerpc/kernel/module.c +++ b/arch/powerpc/kernel/module.c @@ -72,6 +72,12 @@ int module_finalize(const Elf_Ehdr *hdr, do_feature_fixups(powerpc_firmware_features, (void *)sect->sh_addr, (void *)sect->sh_addr + sect->sh_size); + + sect = find_section(hdr, sechdrs, "__spec_barrier_fixup"); + if (sect != NULL) + do_barrier_nospec_fixups_range(barrier_nospec_enabled, + (void *)sect->sh_addr, + (void *)sect->sh_addr + sect->sh_size); #endif sect = find_section(hdr, sechdrs, "__lwsync_fixup"); diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c index 8b1cf9c81b82..34d436fe2498 100644 --- a/arch/powerpc/kernel/security.c +++ b/arch/powerpc/kernel/security.c @@ -15,7 +15,7 @@ unsigned long powerpc_security_features __read_mostly = SEC_FTR_DEFAULT; -static bool barrier_nospec_enabled; +bool barrier_nospec_enabled; static void enable_barrier_nospec(bool enable) { diff --git a/arch/powerpc/lib/feature-fixups.c b/arch/powerpc/lib/feature-fixups.c index f82ae6bb2365..a1222c441df5 100644 --- a/arch/powerpc/lib/feature-fixups.c +++ b/arch/powerpc/lib/feature-fixups.c @@ -278,14 +278,14 @@ void do_rfi_flush_fixups(enum l1d_flush_type types) : "unknown"); } -void do_barrier_nospec_fixups(bool enable) +void do_barrier_nospec_fixups_range(bool enable, void *fixup_start, void *fixup_end) { unsigned int instr, *dest; long *start, *end; int i; - start = PTRRELOC(&__start___barrier_nospec_fixup), - end = PTRRELOC(&__stop___barrier_nospec_fixup); + start = fixup_start; + end = fixup_end; instr = 0x60000000; /* nop */ @@ -304,6 +304,16 @@ void do_barrier_nospec_fixups(bool enable) printk(KERN_DEBUG "barrier-nospec: patched %d locations\n", i); } +void do_barrier_nospec_fixups(bool enable) +{ + void *start, *end; + + start = PTRRELOC(&__start___barrier_nospec_fixup), + end = PTRRELOC(&__stop___barrier_nospec_fixup); + + do_barrier_nospec_fixups_range(enable, start, end); +} + #endif /* CONFIG_PPC_BOOK3S_64 */ void do_lwsync_fixups(unsigned long value, void *fixup_start, void *fixup_end) -- 2.19.1