From: "Nicholas Piggin" <npiggin@gmail•com>
To: "Rohan McLure" <rmclure@linux•ibm.com>, <linuxppc-dev@lists•ozlabs.org>
Subject: Re: [PATCH v4 2/7] powerpc/64: Add interrupt register sanitisation macros
Date: Tue, 29 Nov 2022 19:40:53 +1000 [thread overview]
Message-ID: <COOOIMD7QY99.Z9IEKFIG9P44@bobo> (raw)
In-Reply-To: <20221129044354.1836018-2-rmclure@linux.ibm.com>
On Tue Nov 29, 2022 at 2:43 PM AEST, Rohan McLure wrote:
> Include in asm/ppc_asm.h macros to be used in multiple successive
> patches to implement zeroising architected registers in interrupt
> handlers. Registers will be sanitised in this fashion in future patches
> to reduce the speculation influence of user-controlled register values.
> These mitigations will be configurable through the
> CONFIG_INTERRUPT_SANITIZE_REGISTERS Kconfig option.
>
> Included are macros for conditionally zeroising registers and restoring
> as required with the mitigation enabled. With the mitigation disabled,
> non-volatiles must be restored on demand at separate locations to
> those required by the mitigation.
>
> Signed-off-by: Rohan McLure <rmclure@linux•ibm.com>
Thanks. You might just call them SANITIZE_NVGPRS() etc if it's not
functionally important that they're zero. But I don't mind long names
too much.
Reviewed-by: Nicholas Piggin <npiggin@gmail•com>
> ---
> v4: New patch
> ---
> arch/powerpc/include/asm/ppc_asm.h | 17 +++++++++++++++++
> 1 file changed, 17 insertions(+)
>
> diff --git a/arch/powerpc/include/asm/ppc_asm.h b/arch/powerpc/include/asm/ppc_asm.h
> index 753a2757bcd4..272b2795c36a 100644
> --- a/arch/powerpc/include/asm/ppc_asm.h
> +++ b/arch/powerpc/include/asm/ppc_asm.h
> @@ -74,6 +74,23 @@
> #define SAVE_GPR(n, base) SAVE_GPRS(n, n, base)
> #define REST_GPR(n, base) REST_GPRS(n, n, base)
>
> +/* macros for handling user register sanitisation */
> +#ifdef CONFIG_INTERRUPT_SANITIZE_REGISTERS
> +#define SANITIZE_ZEROIZE_SYSCALL_GPRS() ZEROIZE_GPR(0); \
> + ZEROIZE_GPRS(5, 12); \
> + ZEROIZE_NVGPRS()
> +#define SANITIZE_ZEROIZE_INTERRUPT_NVGPRS() ZEROIZE_NVGPRS()
> +#define SANITIZE_ZEROIZE_NVGPRS() ZEROIZE_NVGPRS()
> +#define SANITIZE_RESTORE_NVGPRS() REST_NVGPRS(r1)
> +#define HANDLER_RESTORE_NVGPRS()
> +#else
> +#define SANITIZE_ZEROIZE_INTERRUPT_NVGPRS()
> +#define SANITIZE_ZEROIZE_SYSCALL_GPRS()
> +#define SANITIZE_ZEROIZE_NVGPRS()
> +#define SANITIZE_RESTORE_NVGPRS()
> +#define HANDLER_RESTORE_NVGPRS() REST_NVGPRS(r1)
> +#endif /* CONFIG_INTERRUPT_SANITIZE_REGISTERS */
> +
> #define SAVE_FPR(n, base) stfd n,8*TS_FPRWIDTH*(n)(base)
> #define SAVE_2FPRS(n, base) SAVE_FPR(n, base); SAVE_FPR(n+1, base)
> #define SAVE_4FPRS(n, base) SAVE_2FPRS(n, base); SAVE_2FPRS(n+2, base)
> --
> 2.37.2
next prev parent reply other threads:[~2022-11-29 9:42 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-29 4:43 [PATCH v4 1/7] powerpc/64: Add INTERRUPT_SANITIZE_REGISTERS Kconfig Rohan McLure
2022-11-29 4:43 ` [PATCH v4 2/7] powerpc/64: Add interrupt register sanitisation macros Rohan McLure
2022-11-29 9:40 ` Nicholas Piggin [this message]
2022-11-29 4:43 ` [PATCH v4 3/7] powerpc/64: Sanitise common exit code for interrupts Rohan McLure
2022-11-29 9:46 ` Nicholas Piggin
2022-11-29 4:43 ` [PATCH v4 4/7] powerpc/64s: IOption for MSR stored in r12 Rohan McLure
2022-11-29 9:48 ` Nicholas Piggin
2022-11-29 4:43 ` [PATCH v4 5/7] powerpc/64s: Zeroise gprs on interrupt routine entry on Book3S Rohan McLure
2022-11-29 10:20 ` Nicholas Piggin
2022-11-29 4:43 ` [PATCH v4 6/7] powerpc/64e: Clear gprs on interrupt routine entry on Book3E Rohan McLure
2022-11-29 4:43 ` [PATCH v4 7/7] powerpc/64: Sanitise user registers on interrupt in pseries, POWERNV Rohan McLure
2022-11-29 10:21 ` Nicholas Piggin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=COOOIMD7QY99.Z9IEKFIG9P44@bobo \
--to=npiggin@gmail$(echo .)com \
--cc=linuxppc-dev@lists$(echo .)ozlabs.org \
--cc=rmclure@linux$(echo .)ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox