Message ID | 20221129044354.1836018-2-rmclure@linux.ibm.com (mailing list archive) |
---|---|
State | Superseded |
Headers | show |
Series | [v4,1/7] powerpc/64: Add INTERRUPT_SANITIZE_REGISTERS Kconfig | expand |
On Tue Nov 29, 2022 at 2:43 PM AEST, Rohan McLure wrote: > Include in asm/ppc_asm.h macros to be used in multiple successive > patches to implement zeroising architected registers in interrupt > handlers. Registers will be sanitised in this fashion in future patches > to reduce the speculation influence of user-controlled register values. > These mitigations will be configurable through the > CONFIG_INTERRUPT_SANITIZE_REGISTERS Kconfig option. > > Included are macros for conditionally zeroising registers and restoring > as required with the mitigation enabled. With the mitigation disabled, > non-volatiles must be restored on demand at separate locations to > those required by the mitigation. > > Signed-off-by: Rohan McLure <rmclure@linux.ibm.com> Thanks. You might just call them SANITIZE_NVGPRS() etc if it's not functionally important that they're zero. But I don't mind long names too much. Reviewed-by: Nicholas Piggin <npiggin@gmail.com> > --- > v4: New patch > --- > arch/powerpc/include/asm/ppc_asm.h | 17 +++++++++++++++++ > 1 file changed, 17 insertions(+) > > diff --git a/arch/powerpc/include/asm/ppc_asm.h b/arch/powerpc/include/asm/ppc_asm.h > index 753a2757bcd4..272b2795c36a 100644 > --- a/arch/powerpc/include/asm/ppc_asm.h > +++ b/arch/powerpc/include/asm/ppc_asm.h > @@ -74,6 +74,23 @@ > #define SAVE_GPR(n, base) SAVE_GPRS(n, n, base) > #define REST_GPR(n, base) REST_GPRS(n, n, base) > > +/* macros for handling user register sanitisation */ > +#ifdef CONFIG_INTERRUPT_SANITIZE_REGISTERS > +#define SANITIZE_ZEROIZE_SYSCALL_GPRS() ZEROIZE_GPR(0); \ > + ZEROIZE_GPRS(5, 12); \ > + ZEROIZE_NVGPRS() > +#define SANITIZE_ZEROIZE_INTERRUPT_NVGPRS() ZEROIZE_NVGPRS() > +#define SANITIZE_ZEROIZE_NVGPRS() ZEROIZE_NVGPRS() > +#define SANITIZE_RESTORE_NVGPRS() REST_NVGPRS(r1) > +#define HANDLER_RESTORE_NVGPRS() > +#else > +#define SANITIZE_ZEROIZE_INTERRUPT_NVGPRS() > +#define SANITIZE_ZEROIZE_SYSCALL_GPRS() > +#define SANITIZE_ZEROIZE_NVGPRS() > +#define SANITIZE_RESTORE_NVGPRS() > +#define HANDLER_RESTORE_NVGPRS() REST_NVGPRS(r1) > +#endif /* CONFIG_INTERRUPT_SANITIZE_REGISTERS */ > + > #define SAVE_FPR(n, base) stfd n,8*TS_FPRWIDTH*(n)(base) > #define SAVE_2FPRS(n, base) SAVE_FPR(n, base); SAVE_FPR(n+1, base) > #define SAVE_4FPRS(n, base) SAVE_2FPRS(n, base); SAVE_2FPRS(n+2, base) > -- > 2.37.2
diff --git a/arch/powerpc/include/asm/ppc_asm.h b/arch/powerpc/include/asm/ppc_asm.h index 753a2757bcd4..272b2795c36a 100644 --- a/arch/powerpc/include/asm/ppc_asm.h +++ b/arch/powerpc/include/asm/ppc_asm.h @@ -74,6 +74,23 @@ #define SAVE_GPR(n, base) SAVE_GPRS(n, n, base) #define REST_GPR(n, base) REST_GPRS(n, n, base) +/* macros for handling user register sanitisation */ +#ifdef CONFIG_INTERRUPT_SANITIZE_REGISTERS +#define SANITIZE_ZEROIZE_SYSCALL_GPRS() ZEROIZE_GPR(0); \ + ZEROIZE_GPRS(5, 12); \ + ZEROIZE_NVGPRS() +#define SANITIZE_ZEROIZE_INTERRUPT_NVGPRS() ZEROIZE_NVGPRS() +#define SANITIZE_ZEROIZE_NVGPRS() ZEROIZE_NVGPRS() +#define SANITIZE_RESTORE_NVGPRS() REST_NVGPRS(r1) +#define HANDLER_RESTORE_NVGPRS() +#else +#define SANITIZE_ZEROIZE_INTERRUPT_NVGPRS() +#define SANITIZE_ZEROIZE_SYSCALL_GPRS() +#define SANITIZE_ZEROIZE_NVGPRS() +#define SANITIZE_RESTORE_NVGPRS() +#define HANDLER_RESTORE_NVGPRS() REST_NVGPRS(r1) +#endif /* CONFIG_INTERRUPT_SANITIZE_REGISTERS */ + #define SAVE_FPR(n, base) stfd n,8*TS_FPRWIDTH*(n)(base) #define SAVE_2FPRS(n, base) SAVE_FPR(n, base); SAVE_FPR(n+1, base) #define SAVE_4FPRS(n, base) SAVE_2FPRS(n, base); SAVE_2FPRS(n+2, base)
Include in asm/ppc_asm.h macros to be used in multiple successive patches to implement zeroising architected registers in interrupt handlers. Registers will be sanitised in this fashion in future patches to reduce the speculation influence of user-controlled register values. These mitigations will be configurable through the CONFIG_INTERRUPT_SANITIZE_REGISTERS Kconfig option. Included are macros for conditionally zeroising registers and restoring as required with the mitigation enabled. With the mitigation disabled, non-volatiles must be restored on demand at separate locations to those required by the mitigation. Signed-off-by: Rohan McLure <rmclure@linux.ibm.com> --- v4: New patch --- arch/powerpc/include/asm/ppc_asm.h | 17 +++++++++++++++++ 1 file changed, 17 insertions(+)