[thirdparty/kernel/stable-queue.git] / queue-4.4 / powerpc-fsl-sanitize-the-syscall-table-for-nxp-powerpc-32-bit-platforms.patch

From foo@baz Tue 30 Apr 2019 12:38:50 PM CEST
From: Diana Craciun <diana.craciun@nxp.com>
Date: Mon, 29 Apr 2019 18:49:05 +0300
Subject: powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms
To: stable@vger.kernel.org, gregkh@linuxfoundation.org
Cc: linuxppc-dev@ozlabs.org, mpe@ellerman.id.au, Diana Craciun <diana.craciun@nxp.com>
Message-ID: <1556552948-24957-6-git-send-email-diana.craciun@nxp.com>

From: Diana Craciun <diana.craciun@nxp.com>

commit c28218d4abbf4f2035495334d8bfcba64bda4787 upstream.

Used barrier_nospec to sanitize the syscall table.

Signed-off-by: Diana Craciun <diana.craciun@nxp.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/powerpc/kernel/entry_32.S |   10 ++++++++++
 1 file changed, 10 insertions(+)

--- a/arch/powerpc/kernel/entry_32.S
+++ b/arch/powerpc/kernel/entry_32.S
@@ -33,6 +33,7 @@
 #include <asm/unistd.h>
 #include <asm/ftrace.h>
 #include <asm/ptrace.h>
+#include <asm/barrier.h>
 
 /*
  * MSR_KERNEL is > 0x10000 on 4xx/Book-E since it include MSR_CE.
@@ -340,6 +341,15 @@ syscall_dotrace_cont:
 	ori	r10,r10,sys_call_table@l
 	slwi	r0,r0,2
 	bge-	66f
+
+	barrier_nospec_asm
+	/*
+	 * Prevent the load of the handler below (based on the user-passed
+	 * system call number) being speculatively executed until the test
+	 * against NR_syscalls and branch to .66f above has
+	 * committed.
+	 */
+
 	lwzx	r10,r10,r0	/* Fetch system call handler [ptr] */
 	mtlr	r10
 	addi	r9,r1,STACK_FRAME_OVERHEAD
Commit	Line	Data
342554a7 GKH	1	From foo@baz Tue 30 Apr 2019 12:38:50 PM CEST
	2	From: Diana Craciun <diana.craciun@nxp.com>
	3	Date: Mon, 29 Apr 2019 18:49:05 +0300
	4	Subject: powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms
	5	To: stable@vger.kernel.org, gregkh@linuxfoundation.org
	6	Cc: linuxppc-dev@ozlabs.org, mpe@ellerman.id.au, Diana Craciun <diana.craciun@nxp.com>
	7	Message-ID: <1556552948-24957-6-git-send-email-diana.craciun@nxp.com>
	8
	9	From: Diana Craciun <diana.craciun@nxp.com>
	10
	11	commit c28218d4abbf4f2035495334d8bfcba64bda4787 upstream.
	12
	13	Used barrier_nospec to sanitize the syscall table.
	14
	15	Signed-off-by: Diana Craciun <diana.craciun@nxp.com>
	16	Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
	17	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	18	---
	19	arch/powerpc/kernel/entry_32.S \| 10 ++++++++++
	20	1 file changed, 10 insertions(+)
	21
	22	--- a/arch/powerpc/kernel/entry_32.S
	23	+++ b/arch/powerpc/kernel/entry_32.S
	24	@@ -33,6 +33,7 @@
	25	#include <asm/unistd.h>
	26	#include <asm/ftrace.h>
	27	#include <asm/ptrace.h>
	28	+#include <asm/barrier.h>
	29
	30	/*
	31	* MSR_KERNEL is > 0x10000 on 4xx/Book-E since it include MSR_CE.
	32	@@ -340,6 +341,15 @@ syscall_dotrace_cont:
	33	ori r10,r10,sys_call_table@l
	34	slwi r0,r0,2
	35	bge- 66f
	36	+
	37	+ barrier_nospec_asm
	38	+ /*
	39	+ * Prevent the load of the handler below (based on the user-passed
	40	+ * system call number) being speculatively executed until the test
	41	+ * against NR_syscalls and branch to .66f above has
	42	+ * committed.
	43	+ */
	44	+
	45	lwzx r10,r10,r0 /* Fetch system call handler [ptr] */
	46	mtlr r10
	47	addi r9,r1,STACK_FRAME_OVERHEAD