On Mon Nov 7, 2022 at 1:32 PM AEST, Rohan McLure wrote: > Zero GPRS r14-r31 on entry into the kernel for interrupt sources to > limit influence of user-space values in potential speculation gadgets. > Prior to this commit, all other GPRS are reassigned during the common > prologue to interrupt handlers and so need not be zeroised explicitly. > > This may be done safely, without loss of register state prior to the > interrupt, as the common prologue saves the initial values of > non-volatiles, which are unconditionally restored in interrupt_64.S.
In the case of ret_from_crit_except and ret_from_mc_except, it looks like those are restored by ret_from_level_except, so that's fine. And fast_interrupt_return you added NVGPRS restore in the previous patch too. Maybe actually you could move that interrupt_64.h code that applies to both 64s and 64e in patch 1. So then the 64s/e enablement patches are independent and apply to exactly that subarch. But code-wise I think this looks good. Reviewed-by: Nicholas Piggin <npig...@gmail.com> > Mitigation defaults to enabled by INTERRUPT_SANITIZE_REGISTERS. > > Signed-off-by: Rohan McLure <rmcl...@linux.ibm.com> > --- > Resubmitting patches as their own series after v6 partially merged: > Link: > https://lore.kernel.org/all/166488988686.779920.13794870102696416283.b4...@ellerman.id.au/t/ > --- > arch/powerpc/kernel/exceptions-64e.S | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/arch/powerpc/kernel/exceptions-64e.S > b/arch/powerpc/kernel/exceptions-64e.S > index 2f68fb2ee4fc..91d8019123c2 100644 > --- a/arch/powerpc/kernel/exceptions-64e.S > +++ b/arch/powerpc/kernel/exceptions-64e.S > @@ -358,6 +358,11 @@ ret_from_mc_except: > std r14,PACA_EXMC+EX_R14(r13); \ > std r15,PACA_EXMC+EX_R15(r13) > > +#ifdef CONFIG_INTERRUPT_SANITIZE_REGISTERS > +#define SANITIZE_ZEROIZE_NVGPRS() ZEROIZE_NVGPRS() > +#else > +#define SANITIZE_ZEROIZE_NVGPRS() > +#endif Could possibly share these macros. > > /* Core exception code for all exceptions except TLB misses. */ > #define EXCEPTION_COMMON_LVL(n, scratch, excf) > \ > @@ -394,7 +399,8 @@ exc_##n##_common: > \ > std r12,STACK_FRAME_OVERHEAD-16(r1); /* mark the frame */ \ > std r3,_TRAP(r1); /* set trap number */ \ > std r0,RESULT(r1); /* clear regs->result */ \ > - SAVE_NVGPRS(r1); > + SAVE_NVGPRS(r1); \ > + SANITIZE_ZEROIZE_NVGPRS(); /* minimise speculation influence */ > > #define EXCEPTION_COMMON(n) \ > EXCEPTION_COMMON_LVL(n, SPRN_SPRG_GEN_SCRATCH, PACA_EXGEN) > -- > 2.34.1
