tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 's390-7.0-6' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux

Pull s390 fixes from Vasily Gorbik:

- Add array_index_nospec() to syscall dispatch table lookup to prevent
limited speculative out-of-bounds access with user-controlled syscall
number

- Mark array_index_mask_nospec() __always_inline since GCC may emit an
out-of-line call instead of the inline data dependency sequence the
mitigation relies on

- Clear r12 on kernel entry to prevent potential speculative use of
user value in system_call, ext/io/mcck interrupt handlers

* tag 's390-7.0-6' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/entry: Scrub r12 register on kernel entry
s390/syscalls: Add spectre boundary for syscall dispatch table
s390/barrier: Make array_index_mask_nospec() __always_inline

Linus Torvalds e522b75c be762d8b

+9 -3
+2 -2
arch/s390/include/asm/barrier.h
··· 62 62 * @size: number of elements in array 63 63 */ 64 64 #define array_index_mask_nospec array_index_mask_nospec 65 - static inline unsigned long array_index_mask_nospec(unsigned long index, 66 - unsigned long size) 65 + static __always_inline unsigned long array_index_mask_nospec(unsigned long index, 66 + unsigned long size) 67 67 { 68 68 unsigned long mask; 69 69
+3
arch/s390/kernel/entry.S
··· 271 271 xgr %r9,%r9 272 272 xgr %r10,%r10 273 273 xgr %r11,%r11 274 + xgr %r12,%r12 274 275 la %r2,STACK_FRAME_OVERHEAD(%r15) # pointer to pt_regs 275 276 mvc __PT_R8(64,%r2),__LC_SAVE_AREA(%r13) 276 277 MBEAR %r2,%r13 ··· 408 407 xgr %r6,%r6 409 408 xgr %r7,%r7 410 409 xgr %r10,%r10 410 + xgr %r12,%r12 411 411 xc __PT_FLAGS(8,%r11),__PT_FLAGS(%r11) 412 412 mvc __PT_R8(64,%r11),__LC_SAVE_AREA(%r13) 413 413 MBEAR %r11,%r13 ··· 498 496 xgr %r6,%r6 499 497 xgr %r7,%r7 500 498 xgr %r10,%r10 499 + xgr %r12,%r12 501 500 stmg %r8,%r9,__PT_PSW(%r11) 502 501 xc __PT_FLAGS(8,%r11),__PT_FLAGS(%r11) 503 502 xc __SF_BACKCHAIN(8,%r15),__SF_BACKCHAIN(%r15)
+4 -1
arch/s390/kernel/syscall.c
··· 13 13 */ 14 14 15 15 #include <linux/cpufeature.h> 16 + #include <linux/nospec.h> 16 17 #include <linux/errno.h> 17 18 #include <linux/sched.h> 18 19 #include <linux/mm.h> ··· 132 131 if (unlikely(test_and_clear_pt_regs_flag(regs, PIF_SYSCALL_RET_SET))) 133 132 goto out; 134 133 regs->gprs[2] = -ENOSYS; 135 - if (likely(nr < NR_syscalls)) 134 + if (likely(nr < NR_syscalls)) { 135 + nr = array_index_nospec(nr, NR_syscalls); 136 136 regs->gprs[2] = sys_call_table[nr](regs); 137 + } 137 138 out: 138 139 syscall_exit_to_user_mode(regs); 139 140 }