Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp450278imw;
        Fri, 15 Jul 2022 06:29:09 -0700 (PDT)
X-Google-Smtp-Source: AGRyM1v3My2VsEdMfYfQzjPH1z99jVFZZCZN22ce25m7YGGG1yYYGaJG9jlC/KwH0z/uHEUGtIFU
X-Received: by 2002:a05:6870:f110:b0:10c:c40c:bce2 with SMTP id k16-20020a056870f11000b0010cc40cbce2mr10452434oac.121.1657891749060;
        Fri, 15 Jul 2022 06:29:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1657891749; cv=none;
        d=google.com; s=arc-20160816;
        b=PhZTf/Qek36MRRG8WG2WKjjg2XAGS6w2uJaWIEzB7lWjkXPmXfqwQtbByq2/1X/9zI
         0bkcxa/tSDG7zUx7dL1S8OFeEMVgY7dm0Dn1p00T5jvux2O/AeJ5BD6UPugjuQTFvb5Y
         kHcA5Hty4PYNUZTeMTCpD7NOHUimyRV2c9tTFBxVhPnQgTmi2Yw92EHVPbxAdogDWmHz
         QPwTyK9bS5YZThaQsxRKzyP/qJFUqwCh56yJzimQFAA1eDo9QQsH0Mf+NI2OM8DzVBEi
         Rs6QWiwTqWwpLlR6V8I8lu+l04wTI7cAzaZHLNIAeQF1GibSKDj2pbdH+UgvsFLMmjju
         79AQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:in-reply-to:references
         :cc:to:from:content-language:subject:user-agent:mime-version:date
         :message-id;
        bh=i2gK3LaLK4+ua/jlvdjAu9/QP1U2du/GfOq365W7sok=;
        b=aClaO78Mw1RspkXGW5CemdwiERNlL117bppAegitDydxgyU4awWEqIe21WHfBb7qlE
         8tA8vY/IMNGqhNN8xBgNd9VevXKpX5tL8AKNJ8FcacXBK1KRLYCITlIfOn05A9bTKlk4
         28pyzRDqkNRuuNhCwgvdBdAiLWGMr3jv4Ru+onhDbRyFHOtpaTcWLEYh8JGcm5nKHhj+
         biyJAOAIzQPqIeaLw+5P5UhqjkIqTKRUKwvtcRJjhRMjd8nxGDGuEr64KPpGkViqcf80
         ClRlTMK/kYdt/m+J21OaV7ozEiBBmeWmpMwH7cuVdvw3NI8glRD15YQlt9hX28pjp/Q5
         Or/g==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id l2-20020a056830268200b006191d6260a4si4844346otu.117.2022.07.15.06.28.56;
        Fri, 15 Jul 2022 06:29:09 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233147AbiGONJo (ORCPT <rfc822;algowarbles@gmail.com>
        + 99 others); Fri, 15 Jul 2022 09:09:44 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48392 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229715AbiGONJn (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 15 Jul 2022 09:09:43 -0400
Received: from www262.sakura.ne.jp (www262.sakura.ne.jp [202.181.97.72])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 76B821EECD
        for <linux-kernel@vger.kernel.org>; Fri, 15 Jul 2022 06:09:41 -0700 (PDT)
Received: from fsav111.sakura.ne.jp (fsav111.sakura.ne.jp [27.133.134.238])
        by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id 26FD92gj032537;
        Fri, 15 Jul 2022 22:09:02 +0900 (JST)
        (envelope-from penguin-kernel@I-love.SAKURA.ne.jp)
Received: from www262.sakura.ne.jp (202.181.97.72)
 by fsav111.sakura.ne.jp (F-Secure/fsigk_smtp/550/fsav111.sakura.ne.jp);
 Fri, 15 Jul 2022 22:09:02 +0900 (JST)
X-Virus-Status: clean(F-Secure/fsigk_smtp/550/fsav111.sakura.ne.jp)
Received: from [192.168.1.9] (M106072142033.v4.enabler.ne.jp [106.72.142.33])
        (authenticated bits=0)
        by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTPSA id 26FD92PE032531
        (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NO);
        Fri, 15 Jul 2022 22:09:02 +0900 (JST)
        (envelope-from penguin-kernel@I-love.SAKURA.ne.jp)
Message-ID: <3188347c-3375-b728-cd08-ea4421d823cd@I-love.SAKURA.ne.jp>
Date:   Fri, 15 Jul 2022 22:09:01 +0900
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:91.0) Gecko/20100101
 Thunderbird/91.11.0
Subject: [PATCH v2] ARM: spectre-v2: fix smp_processor_id() warning
Content-Language: en-US
From:   Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
To:     "Russell King (Oracle)" <linux@armlinux.org.uk>,
        Marc Zyngier <maz@kernel.org>
Cc:     Tony Lindgren <tony@atomide.com>,
        LKML <linux-kernel@vger.kernel.org>,
        Linux ARM <linux-arm-kernel@lists.infradead.org>
References: <795c9463-452e-bf64-1cc0-c318ccecb1da@I-love.SAKURA.ne.jp>
 <e5bdea6c767d3a8260360afaddab5f7c@kernel.org>
 <YrMhVAev9wMAA8tl@shell.armlinux.org.uk>
 <421c1ca9-f553-4c0a-d963-2fdeb270dbcc@I-love.SAKURA.ne.jp>
 <fa786d1c-db06-f7f1-9ac9-6a468c1e8d81@I-love.SAKURA.ne.jp>
In-Reply-To: <fa786d1c-db06-f7f1-9ac9-6a468c1e8d81@I-love.SAKURA.ne.jp>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE,
        SPF_NONE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

syzbot is reporting that CONFIG_HARDEN_BRANCH_PREDICTOR=y +
CONFIG_DEBUG_PREEMPT=y on ARM32 causes "BUG: using smp_processor_id() in
preemptible code" message [1], for this check was not designed to handle
attempts to access kernel memory like

  ----------
  int main() { return *(char *) -1; }
  ----------

. Although Russell King commented that this BUG: message might help finding
possible exploit attempts [2], this is not a kernel's problem that worth
giving up fuzz testing.

This patch explicitly disables preemption and uses raw_smp_processor_id().

Link: https://syzkaller.appspot.com/bug?extid=a7ee43e564223f195c84 [1]
Link: https://lkml.kernel.org/r/YrMhVAev9wMAA8tl@shell.armlinux.org.uk [2]
Reported-by: syzbot <syzbot+a7ee43e564223f195c84@syzkaller.appspotmail.com>
Fixes: f5fe12b1eaee220c ("ARM: spectre-v2: harden user aborts in kernel space")
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
---
 arch/arm/include/asm/system_misc.h | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/arch/arm/include/asm/system_misc.h b/arch/arm/include/asm/system_misc.h
index 98b37340376b..670e8d116770 100644
--- a/arch/arm/include/asm/system_misc.h
+++ b/arch/arm/include/asm/system_misc.h
@@ -20,10 +20,13 @@ typedef void (*harden_branch_predictor_fn_t)(void);
 DECLARE_PER_CPU(harden_branch_predictor_fn_t, harden_branch_predictor_fn);
 static inline void harden_branch_predictor(void)
 {
-	harden_branch_predictor_fn_t fn = per_cpu(harden_branch_predictor_fn,
-						  smp_processor_id());
+	harden_branch_predictor_fn_t fn;
+
+	preempt_disable_notrace();
+	fn = per_cpu(harden_branch_predictor_fn, raw_smp_processor_id());
 	if (fn)
 		fn();
+	preempt_enable_no_resched_notrace();
 }
 #else
 #define harden_branch_predictor() do { } while (0)
-- 
2.34.1