diff mbox series

[v4,2/7] powerpc/64: Add interrupt register sanitisation macros

Message ID 20221129044354.1836018-2-rmclure@linux.ibm.com (mailing list archive)
State Superseded
Headers show
Series [v4,1/7] powerpc/64: Add INTERRUPT_SANITIZE_REGISTERS Kconfig | expand

Commit Message

Rohan McLure Nov. 29, 2022, 4:43 a.m. UTC 
Include in asm/ppc_asm.h macros to be used in multiple successive
patches to implement zeroising architected registers in interrupt
handlers. Registers will be sanitised in this fashion in future patches
to reduce the speculation influence of user-controlled register values.
These mitigations will be configurable through the
CONFIG_INTERRUPT_SANITIZE_REGISTERS Kconfig option.

Included are macros for conditionally zeroising registers and restoring
as required with the mitigation enabled. With the mitigation disabled,
non-volatiles must be restored on demand at separate locations to
those required by the mitigation.

Signed-off-by: Rohan McLure <rmclure@linux.ibm.com>
---
v4: New patch
---
 arch/powerpc/include/asm/ppc_asm.h | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

Comments

Nicholas Piggin Nov. 29, 2022, 9:40 a.m. UTC | #1 
On Tue Nov 29, 2022 at 2:43 PM AEST, Rohan McLure wrote:
> Include in asm/ppc_asm.h macros to be used in multiple successive
> patches to implement zeroising architected registers in interrupt
> handlers. Registers will be sanitised in this fashion in future patches
> to reduce the speculation influence of user-controlled register values.
> These mitigations will be configurable through the
> CONFIG_INTERRUPT_SANITIZE_REGISTERS Kconfig option.
>
> Included are macros for conditionally zeroising registers and restoring
> as required with the mitigation enabled. With the mitigation disabled,
> non-volatiles must be restored on demand at separate locations to
> those required by the mitigation.
>
> Signed-off-by: Rohan McLure <rmclure@linux.ibm.com>

Thanks. You might just call them SANITIZE_NVGPRS() etc if it's not
functionally important that they're zero. But I don't mind long names
too much.

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

> ---
> v4: New patch
> ---
>  arch/powerpc/include/asm/ppc_asm.h | 17 +++++++++++++++++
>  1 file changed, 17 insertions(+)
>
> diff --git a/arch/powerpc/include/asm/ppc_asm.h b/arch/powerpc/include/asm/ppc_asm.h
> index 753a2757bcd4..272b2795c36a 100644
> --- a/arch/powerpc/include/asm/ppc_asm.h
> +++ b/arch/powerpc/include/asm/ppc_asm.h
> @@ -74,6 +74,23 @@
>  #define SAVE_GPR(n, base)		SAVE_GPRS(n, n, base)
>  #define REST_GPR(n, base)		REST_GPRS(n, n, base)
>  
> +/* macros for handling user register sanitisation */
> +#ifdef CONFIG_INTERRUPT_SANITIZE_REGISTERS
> +#define SANITIZE_ZEROIZE_SYSCALL_GPRS()		ZEROIZE_GPR(0);		\
> +						ZEROIZE_GPRS(5, 12);	\
> +						ZEROIZE_NVGPRS()
> +#define SANITIZE_ZEROIZE_INTERRUPT_NVGPRS()	ZEROIZE_NVGPRS()
> +#define SANITIZE_ZEROIZE_NVGPRS()		ZEROIZE_NVGPRS()
> +#define SANITIZE_RESTORE_NVGPRS()		REST_NVGPRS(r1)
> +#define HANDLER_RESTORE_NVGPRS()
> +#else
> +#define SANITIZE_ZEROIZE_INTERRUPT_NVGPRS()
> +#define SANITIZE_ZEROIZE_SYSCALL_GPRS()
> +#define SANITIZE_ZEROIZE_NVGPRS()
> +#define SANITIZE_RESTORE_NVGPRS()
> +#define HANDLER_RESTORE_NVGPRS()		REST_NVGPRS(r1)
> +#endif /* CONFIG_INTERRUPT_SANITIZE_REGISTERS */
> +
>  #define SAVE_FPR(n, base)	stfd	n,8*TS_FPRWIDTH*(n)(base)
>  #define SAVE_2FPRS(n, base)	SAVE_FPR(n, base); SAVE_FPR(n+1, base)
>  #define SAVE_4FPRS(n, base)	SAVE_2FPRS(n, base); SAVE_2FPRS(n+2, base)
> -- 
> 2.37.2
diff mbox series

Patch

diff --git a/arch/powerpc/include/asm/ppc_asm.h b/arch/powerpc/include/asm/ppc_asm.h
index 753a2757bcd4..272b2795c36a 100644
--- a/arch/powerpc/include/asm/ppc_asm.h
+++ b/arch/powerpc/include/asm/ppc_asm.h
@@ -74,6 +74,23 @@ 
 #define SAVE_GPR(n, base)		SAVE_GPRS(n, n, base)
 #define REST_GPR(n, base)		REST_GPRS(n, n, base)
 
+/* macros for handling user register sanitisation */
+#ifdef CONFIG_INTERRUPT_SANITIZE_REGISTERS
+#define SANITIZE_ZEROIZE_SYSCALL_GPRS()		ZEROIZE_GPR(0);		\
+						ZEROIZE_GPRS(5, 12);	\
+						ZEROIZE_NVGPRS()
+#define SANITIZE_ZEROIZE_INTERRUPT_NVGPRS()	ZEROIZE_NVGPRS()
+#define SANITIZE_ZEROIZE_NVGPRS()		ZEROIZE_NVGPRS()
+#define SANITIZE_RESTORE_NVGPRS()		REST_NVGPRS(r1)
+#define HANDLER_RESTORE_NVGPRS()
+#else
+#define SANITIZE_ZEROIZE_INTERRUPT_NVGPRS()
+#define SANITIZE_ZEROIZE_SYSCALL_GPRS()
+#define SANITIZE_ZEROIZE_NVGPRS()
+#define SANITIZE_RESTORE_NVGPRS()
+#define HANDLER_RESTORE_NVGPRS()		REST_NVGPRS(r1)
+#endif /* CONFIG_INTERRUPT_SANITIZE_REGISTERS */
+
 #define SAVE_FPR(n, base)	stfd	n,8*TS_FPRWIDTH*(n)(base)
 #define SAVE_2FPRS(n, base)	SAVE_FPR(n, base); SAVE_FPR(n+1, base)
 #define SAVE_4FPRS(n, base)	SAVE_2FPRS(n, base); SAVE_2FPRS(n+2, base)