| From foo@baz Fri Mar 29 15:53:50 CET 2019 |
| From: Michael Ellerman <mpe@ellerman.id.au> |
| Date: Fri, 29 Mar 2019 22:25:52 +1100 |
| Subject: powerpc: Use barrier_nospec in copy_from_user() |
| To: stable@vger.kernel.org, gregkh@linuxfoundation.org |
| Cc: linuxppc-dev@ozlabs.org, diana.craciun@nxp.com, msuchanek@suse.de, christophe.leroy@c-s.fr |
| Message-ID: <20190329112620.14489-5-mpe@ellerman.id.au> |
| |
| From: Michael Ellerman <mpe@ellerman.id.au> |
| |
| commit ddf35cf3764b5a182b178105f57515b42e2634f8 upstream. |
| |
| Based on the x86 commit doing the same. |
| |
| See commit 304ec1b05031 ("x86/uaccess: Use __uaccess_begin_nospec() |
| and uaccess_try_nospec") and b3bbfb3fb5d2 ("x86: Introduce |
| __uaccess_begin_nospec() and uaccess_try_nospec") for more detail. |
| |
| In all cases we are ordering the load from the potentially |
| user-controlled pointer vs a previous branch based on an access_ok() |
| check or similar. |
| |
| Base on a patch from Michal Suchanek. |
| |
| Signed-off-by: Michal Suchanek <msuchanek@suse.de> |
| Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| arch/powerpc/include/asm/uaccess.h | 11 ++++++++++- |
| 1 file changed, 10 insertions(+), 1 deletion(-) |
| |
| --- a/arch/powerpc/include/asm/uaccess.h |
| +++ b/arch/powerpc/include/asm/uaccess.h |
| @@ -238,6 +238,7 @@ do { \ |
| __chk_user_ptr(ptr); \ |
| if (!is_kernel_addr((unsigned long)__gu_addr)) \ |
| might_fault(); \ |
| + barrier_nospec(); \ |
| __get_user_size(__gu_val, __gu_addr, (size), __gu_err); \ |
| (x) = (__typeof__(*(ptr)))__gu_val; \ |
| __gu_err; \ |
| @@ -249,8 +250,10 @@ do { \ |
| __long_type(*(ptr)) __gu_val = 0; \ |
| const __typeof__(*(ptr)) __user *__gu_addr = (ptr); \ |
| might_fault(); \ |
| - if (access_ok(VERIFY_READ, __gu_addr, (size))) \ |
| + if (access_ok(VERIFY_READ, __gu_addr, (size))) { \ |
| + barrier_nospec(); \ |
| __get_user_size(__gu_val, __gu_addr, (size), __gu_err); \ |
| + } \ |
| (x) = (__force __typeof__(*(ptr)))__gu_val; \ |
| __gu_err; \ |
| }) |
| @@ -261,6 +264,7 @@ do { \ |
| __long_type(*(ptr)) __gu_val; \ |
| const __typeof__(*(ptr)) __user *__gu_addr = (ptr); \ |
| __chk_user_ptr(ptr); \ |
| + barrier_nospec(); \ |
| __get_user_size(__gu_val, __gu_addr, (size), __gu_err); \ |
| (x) = (__force __typeof__(*(ptr)))__gu_val; \ |
| __gu_err; \ |
| @@ -288,15 +292,19 @@ static inline unsigned long raw_copy_fro |
| |
| switch (n) { |
| case 1: |
| + barrier_nospec(); |
| __get_user_size(*(u8 *)to, from, 1, ret); |
| break; |
| case 2: |
| + barrier_nospec(); |
| __get_user_size(*(u16 *)to, from, 2, ret); |
| break; |
| case 4: |
| + barrier_nospec(); |
| __get_user_size(*(u32 *)to, from, 4, ret); |
| break; |
| case 8: |
| + barrier_nospec(); |
| __get_user_size(*(u64 *)to, from, 8, ret); |
| break; |
| } |
| @@ -304,6 +312,7 @@ static inline unsigned long raw_copy_fro |
| return 0; |
| } |
| |
| + barrier_nospec(); |
| return __copy_tofrom_user((__force void __user *)to, from, n); |
| } |
| |