Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp26365pxj; Wed, 16 Jun 2021 19:16:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwHBQ0NsjTxouuHVQS3VJZZLBEp5mlK+3jaNOtpRTcw7mGDdI9M5gsdoiFI7vZMv+qnHFLk X-Received: by 2002:a05:6638:144a:: with SMTP id l10mr2206687jad.50.1623896179193; Wed, 16 Jun 2021 19:16:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623896179; cv=none; d=google.com; s=arc-20160816; b=jWdJiC2iX+y4q0mMHB5f5bmDo8XZcfWNgefyQwakgKeXQP5ZPfXhIi1eU7G63NSypI M/JN9iP3KRnzMEpyj58CIplehhz6lbZx54kBzTFTaXGX9AJXsx6H0DN98kvEUMEixZiT Gk6WnI8BnBF7TvY7HXE8BqNeidFN6mxThtfU5+TX55OEgMTYuLAKxQapTI7Pt3mMguh2 7OSuJ29Go/p2dUxb1hCwf+G1p52P4JNtHmawlIL5cuJ/chLyNup2loVstVHgfOvlgv4J m9BXCkDSUz/3SrojHdnhwGRKtZUuCrzQJvpiUJwdqqncwblTIqI1pXz/k2YNyQ5r7SkU LQ6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=ENcTAx1+EcPab9VvytuBkxLny+10kPvSLUe64LidxdQ=; b=QV3v6OMaRWOSRgP4i+f6VoqrXaHPlvfGDyS8LtYGSSs4zPb1+fsBhhGVOSkrxZcHL/ 5UAU72cOlRub1j/Y0z9Q9/iq0nu1pW+OoYLsBN95LeR0EZQAqT6aBY2B4JliTsbf/Fe3 +Vsd8PqytwtmH37cIU5Fc71AZMOW+Wh+KNfCrtL5QttzHrb+iad94XSUlLHdG743YBnf Wu30nJYTh9L/kCwSiiv759Bv7EXW4uXs3SAmY1X9mPY1yw0cXqDDV1T+/JETkHi/2ngh ITzl7SwY1mRDTljk9oqQ0Im+4xYrTuLUOjtEwBRVKn/Gf3wguPiUhcwH0TD5adD6p3iC H8SQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=WiJb+wIG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r127si4322764iod.92.2021.06.16.19.16.05; Wed, 16 Jun 2021 19:16:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=WiJb+wIG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233233AbhFPUUd (ORCPT + 99 others); Wed, 16 Jun 2021 16:20:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47314 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232073AbhFPUUd (ORCPT ); Wed, 16 Jun 2021 16:20:33 -0400 Received: from mail-pf1-x433.google.com (mail-pf1-x433.google.com [IPv6:2607:f8b0:4864:20::433]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 92F77C06175F for ; Wed, 16 Jun 2021 13:18:26 -0700 (PDT) Received: by mail-pf1-x433.google.com with SMTP id p13so3178791pfw.0 for ; Wed, 16 Jun 2021 13:18:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=ENcTAx1+EcPab9VvytuBkxLny+10kPvSLUe64LidxdQ=; b=WiJb+wIGnlurv+4H8fQ+LNqceh747H/iS8/ddDHb8RXs0QrPh64CvyuhKeDIdbSZpV bOT+gLasC9PAqK6XbSRIaDJ9Y7PxN4oXKdKFuJmy4vjX+ziiSkuXtP6/+hO4GRuudVCH EDZixhsEtKuwCb81WXNcHQPfDxz/FgeyUQXo4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=ENcTAx1+EcPab9VvytuBkxLny+10kPvSLUe64LidxdQ=; b=NCtoXLo70Suz/BjTQomYAWQWz60MyHL8/5bjPWVHCSujN36bUC5DMCIqBm8m0wD772 JX05iW8zK9GOpEFa/6mhtjKnDDrvjmsrPNdnumNkZ2EMlJt/82+wyEaH05HodygjQD3e C0YgzfpJ66HNd5xKmCZooOcqwZ72AeqTb+pyN62mF2KBDQuA1gh6iS+6Yy9vYH9aZGzL PB9LVGRZ65T+9dDnWwsVXU1D0FbkWvhETw3P+dUYP2R6XGD425pCWOpfHXMaCBYNxRoh zI6MMKKjpog9DcZFKtBo61wWzFSTKU1Y4zt7uBjjOjt1r2d/9YsUTvfRRmc/CkIAJoWt zd3g== X-Gm-Message-State: AOAM532R90xjTC+7ej/AuvWW+vSsU/kC/NT7YCN0xSJ4xYvmWttKiAqr XhA8kz+5J4ZIBTDSvNiR0gicfPsE2NUnug== X-Received: by 2002:aa7:9a50:0:b029:2e9:a536:c4f0 with SMTP id x16-20020aa79a500000b02902e9a536c4f0mr1486497pfj.5.1623874706170; Wed, 16 Jun 2021 13:18:26 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id l12sm2811933pff.105.2021.06.16.13.18.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Jun 2021 13:18:25 -0700 (PDT) From: Kees Cook To: Heiko Carstens Cc: Kees Cook , Vasily Gorbik , Christian Borntraeger , Sven Schnelle , linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH] s390/speculation: Use statically initialized const for instructions Date: Wed, 16 Jun 2021 13:18:23 -0700 Message-Id: <20210616201823.1245603-1-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Patch-Hashes: v=1; h=sha256; g=a7efa10bf74410da3d723823c01a21cb7719ac72; i=0EJdiCO/sZbZCBfXSQAnM+hJ3BSDIu+0E7SNvnsr1Uw=; m=5FhAIifPI+dYPrslVAUOeGdnxZTyWY2lqLeWsSo/HBg=; p=pzb0+IfaYNnb577lCHX4XoK00ch1a0s2NZRs99V638o= X-Patch-Sig: m=pgp; i=keescook@chromium.org; s=0x0x8972F4DFDC6DC026; b=iQIzBAABCgAdFiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAmDKXI4ACgkQiXL039xtwCbagBAAjg+ 2FPDcEj+98as41P97H8JzfPrDikMwwmT9fIza8v1hc5o/MoU7LMRBDYfN7hxPAecO1FI+g81xscyE 0+4M+nfN11I78iH/RVuXJPG01xutEahxwzplV2phTKv/EipRvUwtD32BALG6c/p9IZpluCFuw8t4U iaF1bGdBwFlRgvUM0OhKgLbQ4Qa7jDdPJbj2N2X8gQiCDm6HWn7vIVtHRZmE6QZRl36KD+DmPxlJD GtxKQMfQ5Crk34O1Dneyk8xNYwxLAzllBtFHf2fM7Bz3QahNqYVwq0MtQRZaPJHGpi152wnArP4Ab jko4+W3/y0FmzFDyQCRMPocr0opF5vAc75zzpw1N/wAOrN6qKaiuBCeUzy4wGWAiXZy9cyuqbfRkC 6Lra/zcvwchjeGkDkb+Ljr4mFqxPQuvi3vpZy0YRtrZG0GmKpLcfP/Kzc1/e9letFMIZ8FsGGoZit lh04A5WbfQGcRCxcEAO/tyF6M3qpAS4A8UF1Sak6XHMSU03FmHLUChgcBR4qNO17tehsGkFKa2RUl enuHuUUz9VethESRmN9Zi+grMhDPQ6efbk2VTDgIUBQvT+mnPjIg6kGn1qQrGeLsBgJx09yAs1Asx +k6L4NCoVoo0hRyn1jpCr/IdVMImeHDj3TRzxUW5G1NjVDaGXfIXb4m9d/OsNGGA= Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In preparation for FORTIFY_SOURCE performing compile-time and run-time field bounds checking for memcpy(), memmove(), and memset(), avoid confusing the checks when using a static const source. Move the static const array into a variable so the compiler can perform appropriate bounds checking. Signed-off-by: Kees Cook --- arch/s390/kernel/nospec-branch.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/s390/kernel/nospec-branch.c b/arch/s390/kernel/nospec-branch.c index 2c5c3756644b..250e4dbf653c 100644 --- a/arch/s390/kernel/nospec-branch.c +++ b/arch/s390/kernel/nospec-branch.c @@ -99,6 +99,7 @@ early_param("spectre_v2", spectre_v2_setup_early); static void __init_or_module __nospec_revert(s32 *start, s32 *end) { enum { BRCL_EXPOLINE, BRASL_EXPOLINE } type; + static const u8 branch[] = { 0x47, 0x00, 0x07, 0x00 }; u8 *instr, *thunk, *br; u8 insnbuf[6]; s32 *epo; @@ -128,7 +129,7 @@ static void __init_or_module __nospec_revert(s32 *start, s32 *end) if ((br[0] & 0xbf) != 0x07 || (br[1] & 0xf0) != 0xf0) continue; - memcpy(insnbuf + 2, (char[]) { 0x47, 0x00, 0x07, 0x00 }, 4); + memcpy(insnbuf + 2, branch, sizeof(branch)); switch (type) { case BRCL_EXPOLINE: insnbuf[0] = br[0]; -- 2.25.1