]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/blob - queue-4.9/powerpc-use-barrier_nospec-in-copy_from_user.patch
projects / thirdparty / kernel / stable-queue.git / blob
? search:


493c5b0f2e39673c6bc7346694d82ce4577c4019
[thirdparty/kernel/stable-queue.git] / queue-4.9 / powerpc-use-barrier_nospec-in-copy_from_user.patch
1 From eeb003b800dd8bf95ebfedeb32a388b46974fe16 Mon Sep 17 00:00:00 2001
2 From: Michael Ellerman <mpe@ellerman.id.au>
3 Date: Thu, 11 Apr 2019 21:46:02 +1000
4 Subject: powerpc: Use barrier_nospec in copy_from_user()
5
6 commit ddf35cf3764b5a182b178105f57515b42e2634f8 upstream.
7
8 Based on the x86 commit doing the same.
9
10 See commit 304ec1b05031 ("x86/uaccess: Use __uaccess_begin_nospec()
11 and uaccess_try_nospec") and b3bbfb3fb5d2 ("x86: Introduce
12 __uaccess_begin_nospec() and uaccess_try_nospec") for more detail.
13
14 In all cases we are ordering the load from the potentially
15 user-controlled pointer vs a previous branch based on an access_ok()
16 check or similar.
17
18 Base on a patch from Michal Suchanek.
19
20 Signed-off-by: Michal Suchanek <msuchanek@suse.de>
21 Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
22 Signed-off-by: Sasha Levin <sashal@kernel.org>
23 ---
24 arch/powerpc/include/asm/uaccess.h | 11 ++++++++++-
25 1 file changed, 10 insertions(+), 1 deletion(-)
26
27 diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h
28 index 31913b3ac7ab..da852153c1f8 100644
29 --- a/arch/powerpc/include/asm/uaccess.h
30 +++ b/arch/powerpc/include/asm/uaccess.h
31 @@ -269,6 +269,7 @@ do { \
32 __chk_user_ptr(ptr); \
33 if (!is_kernel_addr((unsigned long)__gu_addr)) \
34 might_fault(); \
35 + barrier_nospec(); \
36 __get_user_size(__gu_val, __gu_addr, (size), __gu_err); \
37 (x) = (__typeof__(*(ptr)))__gu_val; \
38 __gu_err; \
39 @@ -280,8 +281,10 @@ do { \
40 unsigned long __gu_val = 0; \
41 __typeof__(*(ptr)) __user *__gu_addr = (ptr); \
42 might_fault(); \
43 - if (access_ok(VERIFY_READ, __gu_addr, (size))) \
44 + if (access_ok(VERIFY_READ, __gu_addr, (size))) { \
45 + barrier_nospec(); \
46 __get_user_size(__gu_val, __gu_addr, (size), __gu_err); \
47 + } \
48 (x) = (__force __typeof__(*(ptr)))__gu_val; \
49 __gu_err; \
50 })
51 @@ -292,6 +295,7 @@ do { \
52 unsigned long __gu_val; \
53 __typeof__(*(ptr)) __user *__gu_addr = (ptr); \
54 __chk_user_ptr(ptr); \
55 + barrier_nospec(); \
56 __get_user_size(__gu_val, __gu_addr, (size), __gu_err); \
57 (x) = (__force __typeof__(*(ptr)))__gu_val; \
58 __gu_err; \
59 @@ -348,15 +352,19 @@ static inline unsigned long __copy_from_user_inatomic(void *to,
60
61 switch (n) {
62 case 1:
63 + barrier_nospec();
64 __get_user_size(*(u8 *)to, from, 1, ret);
65 break;
66 case 2:
67 + barrier_nospec();
68 __get_user_size(*(u16 *)to, from, 2, ret);
69 break;
70 case 4:
71 + barrier_nospec();
72 __get_user_size(*(u32 *)to, from, 4, ret);
73 break;
74 case 8:
75 + barrier_nospec();
76 __get_user_size(*(u64 *)to, from, 8, ret);
77 break;
78 }
79 @@ -366,6 +374,7 @@ static inline unsigned long __copy_from_user_inatomic(void *to,
80
81 check_object_size(to, n, false);
82
83 + barrier_nospec();
84 return __copy_tofrom_user((__force void __user *)to, from, n);
85 }
86
87 --
88 2.19.1
89
Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git