Received: by 2002:a05:6a10:9afc:0:0:0:0 with SMTP id t28csp1043112pxm; Wed, 23 Feb 2022 16:40:25 -0800 (PST) X-Google-Smtp-Source: ABdhPJwqRbySFAsffQy7FUMX16uMW+y4yd9u1pB8i4BaPwt9W8AlfhsePosjkPnNoS9HNR4DIJdo X-Received: by 2002:a17:902:ab92:b0:14d:8c80:dbff with SMTP id f18-20020a170902ab9200b0014d8c80dbffmr49668plr.89.1645663225378; Wed, 23 Feb 2022 16:40:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645663225; cv=none; d=google.com; s=arc-20160816; b=ZXMVqqWdiwjvjhhOupUrgTOujUW9j/jxMQwvOvhl+VrL38235Pnha2HBNyGFfiieQA L3xpNhHSQRfp9Smtx5bxhjgj9TaKGde3ALIko1YXPxEXXgd+Vuf5mgbPlFT1yzTagJOZ yuXyijEC+jnEt2OHjZeXMqRpIx22er1XYTMO+UBWzQJ9j3FKkV0G03q9D9p1OXyvAn58 N5dK9rVGY+Gsv2Tf5zOmU4PIo5MiqJU0CBb4BGPEpaxVGVrMMJga+S2AJVwkJGCJj2k8 xhNFX/QaQmaqFKlTgoBeFD/8mIha0OCttMnaghWHnHxQLBiBgHl16beHcMW0h/1orPDZ P9jw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:dkim-signature:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=bz6Q3MCl84at11A0B3YpTI0E5vC6G8qpl+kHI5iMXXA=; b=UzP/rImkHC5TvKLu14WWvhQM/9EYt98RBKXq6AaZ0dHbng4WwWJtwHMu62qNx+Ak6X fSJvfKfjf3UnrvkpYoyMM7dEU2WSd3BO0LP8sFDQboSy/CtSjMDF1KqwWMZjHYmHmmAn fSuGMtR6zfMtkyK/37r2QFaKpE8CYpq5PlbVzTHhKy1uPx1H8RWqlMvSOQTGHa52GQa3 5rr0nA24Sldmu+W4R3cZBZ0vJy54dkg7u4glSvapAYfqKwbYEdCYMLafyNu1Ox2Au+67 Q6vFo4Qtwg10gP1+sJKnConwxR5bFG/qo65TAQm1N5iAoQc5ifG4FXSyyT++/sTjnHtY J3eg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@iram.es header.s=DKIM header.b=EDuB3ZsP; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id i2si915171plt.408.2022.02.23.16.40.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 23 Feb 2022 16:40:25 -0800 (PST) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@iram.es header.s=DKIM header.b=EDuB3ZsP; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 1DC1427FEE; Wed, 23 Feb 2022 16:38:14 -0800 (PST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241860AbiBWUzK (ORCPT + 99 others); Wed, 23 Feb 2022 15:55:10 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57790 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241838AbiBWUzI (ORCPT ); Wed, 23 Feb 2022 15:55:08 -0500 X-Greylist: delayed 330 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Wed, 23 Feb 2022 12:54:37 PST Received: from mx02.puc.rediris.es (outbound3sev.lav.puc.rediris.es [130.206.19.174]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C35B64DF7E for ; Wed, 23 Feb 2022 12:54:37 -0800 (PST) Received: from mta-out03.sim.rediris.es (mta-out03.sim.rediris.es [130.206.24.45]) by mx02.puc.rediris.es with ESMTP id 21NKmHO5005544-21NKmHO7005544 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Wed, 23 Feb 2022 21:48:17 +0100 Received: from mta-out03.sim.rediris.es (localhost.localdomain [127.0.0.1]) by mta-out03.sim.rediris.es (Postfix) with ESMTPS id 6237930004B1; Wed, 23 Feb 2022 21:48:17 +0100 (CET) Received: from localhost (localhost.localdomain [127.0.0.1]) by mta-out03.sim.rediris.es (Postfix) with ESMTP id 4F364306B1F1; Wed, 23 Feb 2022 21:48:17 +0100 (CET) X-Amavis-Modified: Mail body modified (using disclaimer) - mta-out03.sim.rediris.es Received: from mta-out03.sim.rediris.es ([127.0.0.1]) by localhost (mta-out03.sim.rediris.es [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id SWZS_Scr0pjj; Wed, 23 Feb 2022 21:48:17 +0100 (CET) Received: from lt-gp.iram.es (haproxy02.sim.rediris.es [130.206.24.70]) by mta-out03.sim.rediris.es (Postfix) with ESMTPA id 33B8430004B1; Wed, 23 Feb 2022 21:48:16 +0100 (CET) Date: Wed, 23 Feb 2022 21:48:09 +0100 From: Gabriel Paubert To: Christophe Leroy Cc: Kees Cook , Benjamin Herrenschmidt , Paul Mackerras , Michael Ellerman , linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] powerpc/32: Clear volatile regs on syscall exit Message-ID: References: <28b040bd2357a1879df0ca1b74094323f778a472.1645636285.git.christophe.leroy@csgroup.eu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <28b040bd2357a1879df0ca1b74094323f778a472.1645636285.git.christophe.leroy@csgroup.eu> X-FE-Policy-ID: 23:8:0:SYSTEM DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=iram.es; s=DKIM; c=relaxed/relaxed; h=date:from:to:cc:subject:message-id:references:mime-version:content-type; bh=bz6Q3MCl84at11A0B3YpTI0E5vC6G8qpl+kHI5iMXXA=; b=EDuB3ZsP42vMN0Hn/eWIC0hn2u5caeCWIsjU5g6NFDBpt+ZoFWaW+M6QLurdDP5epHqd1ixNrV18 P0L9k0KpCQ4UGRA2eAe3kUkafu82cXab5JA5gUZ4d9toOaJMb/V6PqCATIcjL7OdBElWbxSUPG9F g8MfNbEvjJqx7/9zaSlXdrAWwl1a+V96yAsgoSnEw3YG6Q7jfEkFxtEQ8eHnQ90G+PGzRdokM6lU /baXqEFOXkWYpqTOuLALCmRq8RjbOj0/ilwsXpa+IxkvbhoY5GLmFpYnLfrA3uAEY5qg8m6FxOB9 SJOUDbTkTo82sUSMAk2nrz2HwnX5zQj4uk+tQA== X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Feb 23, 2022 at 06:11:36PM +0100, Christophe Leroy wrote: > Commit a82adfd5c7cb ("hardening: Introduce CONFIG_ZERO_CALL_USED_REGS") > added zeroing of used registers at function exit. > > At the time being, PPC64 clears volatile registers on syscall exit but > PPC32 doesn't do it for performance reason. > > Add that clearing in PPC32 syscall exit as well, but only when > CONFIG_ZERO_CALL_USED_REGS is selected. > > On an 8xx, the null_syscall selftest gives: > - Without CONFIG_ZERO_CALL_USED_REGS : 288 cycles > - With CONFIG_ZERO_CALL_USED_REGS : 305 cycles > - With CONFIG_ZERO_CALL_USED_REGS + this patch : 319 cycles > > Note that (independent of this patch), with pmac32_defconfig, > vmlinux size is as follows with/without CONFIG_ZERO_CALL_USED_REGS: > > text data bss dec hex filename > 9578869 2525210 194400 12298479 bba8ef vmlinux.without > 10318045 2525210 194400 13037655 c6f057 vmlinux.with > > That is a 7.7% increase on text size, 6.0% on overall size. > > Signed-off-by: Christophe Leroy > --- > arch/powerpc/kernel/entry_32.S | 15 +++++++++++++++ > 1 file changed, 15 insertions(+) > > diff --git a/arch/powerpc/kernel/entry_32.S b/arch/powerpc/kernel/entry_32.S > index 7748c278d13c..199f23092c02 100644 > --- a/arch/powerpc/kernel/entry_32.S > +++ b/arch/powerpc/kernel/entry_32.S > @@ -151,6 +151,21 @@ syscall_exit_finish: > bne 3f > mtcr r5 > > +#ifdef CONFIG_ZERO_CALL_USED_REGS > + /* Zero volatile regs that may contain sensitive kernel data */ > + li r0,0 > + li r4,0 > + li r5,0 > + li r6,0 > + li r7,0 > + li r8,0 > + li r9,0 > + li r10,0 > + li r11,0 > + li r12,0 > + mtctr r0 > + mtxer r0 Here, I'm almost sure that on some processors, it would be better to separate mtctr form mtxer. mtxer is typically very expensive (pipeline flush) but I don't know what's the best ordering for the average core. And what about lr? Should it also be cleared? Gabriel > +#endif > 1: lwz r2,GPR2(r1) > lwz r1,GPR1(r1) > rfi > -- > 2.34.1 >