Commit 621afc67 authored Sep 11, 2018 by Julien Thierry Committed by Russell King Oct 05, 2018

ARM: 8794/1: uaccess: Prevent speculative use of the current addr_limit



A mispredicted conditional call to set_fs could result in the wrong
addr_limit being forwarded under speculation to a subsequent access_ok
check, potentially forming part of a spectre-v1 attack using uaccess
routines.

This patch prevents this forwarding from taking place, but putting heavy
barriers in set_fs after writing the addr_limit.

Porting commit c2f0ad4f ("arm64: uaccess: Prevent speculative use
of the current addr_limit").

Signed-off-by: Julien Thierry <julien.thierry@arm.com>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>

parent 18ea66bd

arch/arm/include/asm/uaccess.h

+8 −0

Original line number	Diff line number	Diff line
		@@ -69,6 +69,14 @@ extern int __put_user_bad(void);
		static inline void set_fs(mm_segment_t fs)
		{
		current_thread_info()->addr_limit = fs;

		/*
		* Prevent a mispredicted conditional call to set_fs from forwarding
		* the wrong address limit to access_ok under speculation.
		*/
		dsb(nsh);
		isb();

		modify_domain(DOMAIN_KERNEL, fs ? DOMAIN_CLIENT : DOMAIN_MANAGER);
		}