<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On 20 Sep 2022, at 12:03 pm, Nicholas Piggin <<a href="mailto:npiggin@gmail.com" class="">npiggin@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta charset="UTF-8" class=""><span style="caret-color: rgb(0, 0, 0); font-family: IBMPlexMono; font-size: 16px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">On Fri Sep 16, 2022 at 3:32 PM AEST, Rohan McLure wrote:</span><br style="caret-color: rgb(0, 0, 0); font-family: IBMPlexMono; font-size: 16px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><blockquote type="cite" style="font-family: IBMPlexMono; font-size: 16px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none;" class="">Clear user state in gprs (assign to zero) to reduce the influence of user<br class="">registers on speculation within kernel syscall handlers. Clears occur<br class="">at the very beginning of the sc and scv 0 interrupt handlers, with<br class="">restores occurring following the execution of the syscall handler.<br class=""><br class="">Signed-off-by: Rohan McLure <<a href="mailto:rmclure@linux.ibm.com" class="">rmclure@linux.ibm.com</a>><br class="">---<br class="">V1 -> V2: Update summary<br class="">V2 -> V3: Remove erroneous summary paragraph on syscall_exit_prepare<br class="">V3 -> V4: Use ZEROIZE instead of NULLIFY. Clear r0 also.<br class="">V4 -> V5: Move to end of patch series.<br class="">---<br class=""></blockquote><br style="caret-color: rgb(0, 0, 0); font-family: IBMPlexMono; font-size: 16px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: IBMPlexMono; font-size: 16px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">I think it looks okay. I'll have to take a better look with the series</span><br style="caret-color: rgb(0, 0, 0); font-family: IBMPlexMono; font-size: 16px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: IBMPlexMono; font-size: 16px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">applied.</span><br style="caret-color: rgb(0, 0, 0); font-family: IBMPlexMono; font-size: 16px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""></div></blockquote><div><br class=""></div><div><br class=""></div><div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: monospace; font-size: 16px;" class="">Your comments alerted me to the fact that general interrupt and syscalls</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: monospace; font-size: 16px;" class="">share their exit code in interrupt_return and its derivatives. Meaning</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: monospace; font-size: 16px;" class="">that disabling INTERRUPT_SANITIZE_REGISTERS also reverts restores of NVGPRS</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: monospace; font-size: 16px;" class="">to being optional, which makes it possible to clobber NVGPRS and then not</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: monospace; font-size: 16px;" class="">restore them. The cleanest way forward I belive is going to be to cause</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: monospace; font-size: 16px;" class="">INTERRUPT_SANITIZE_REGISTERS to perform sanitisation on all interrupt sources</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: monospace; font-size: 16px;" class="">rather than continuing with syscalls as their own special case. I’ll put</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: monospace; font-size: 16px;" class="">this out in a v6 soon.</div></div><br class=""><blockquote type="cite" class=""><div class=""><br style="caret-color: rgb(0, 0, 0); font-family: IBMPlexMono; font-size: 16px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><blockquote type="cite" style="font-family: IBMPlexMono; font-size: 16px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none;" class="">arch/powerpc/kernel/interrupt_64.S | 9 ++++++---<br class="">1 file changed, 6 insertions(+), 3 deletions(-)<br class=""><br class="">diff --git a/arch/powerpc/kernel/interrupt_64.S b/arch/powerpc/kernel/interrupt_64.S<br class="">index 16a1b44088e7..40147558e1a6 100644<br class="">--- a/arch/powerpc/kernel/interrupt_64.S<br class="">+++ b/arch/powerpc/kernel/interrupt_64.S<br class="">@@ -70,7 +70,7 @@ _ASM_NOKPROBE_SYMBOL(system_call_vectored_\name)<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>ld<span class="Apple-tab-span" style="white-space: pre;"> </span>r2,PACATOC(r13)<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>mfcr<span class="Apple-tab-span" style="white-space: pre;"> </span>r12<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>li<span class="Apple-tab-span" style="white-space: pre;"> </span>r11,0<br class="">-<span class="Apple-tab-span" style="white-space: pre;"> </span>/* Can we avoid saving r3-r8 in common case? */<br class="">+<span class="Apple-tab-span" style="white-space: pre;"> </span>/* Save syscall parameters in r3-r8 */<br class=""></blockquote><br style="caret-color: rgb(0, 0, 0); font-family: IBMPlexMono; font-size: 16px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: IBMPlexMono; font-size: 16px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">These two comment changes could go in your system_call_exception API</span><br style="caret-color: rgb(0, 0, 0); font-family: IBMPlexMono; font-size: 16px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: IBMPlexMono; font-size: 16px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">change patch though.</span><br style="caret-color: rgb(0, 0, 0); font-family: IBMPlexMono; font-size: 16px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><br style="caret-color: rgb(0, 0, 0); font-family: IBMPlexMono; font-size: 16px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: IBMPlexMono; font-size: 16px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">Thanks,</span><br style="caret-color: rgb(0, 0, 0); font-family: IBMPlexMono; font-size: 16px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: IBMPlexMono; font-size: 16px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">Nick</span><br style="caret-color: rgb(0, 0, 0); font-family: IBMPlexMono; font-size: 16px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><br style="caret-color: rgb(0, 0, 0); font-family: IBMPlexMono; font-size: 16px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><blockquote type="cite" style="font-family: IBMPlexMono; font-size: 16px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>SAVE_GPRS(3, 8, r1)<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>/* Zero r9-r12, this should only be required when restoring all GPRs */<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>std<span class="Apple-tab-span" style="white-space: pre;"> </span>r11,GPR9(r1)<br class="">@@ -110,6 +110,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_HAS_PPR)<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-converted-space"> </span>* Zero user registers to prevent influencing speculative execution<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-converted-space"> </span>* state of kernel code.<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-converted-space"> </span>*/<br class="">+<span class="Apple-tab-span" style="white-space: pre;"> </span>ZEROIZE_GPR(0)<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>ZEROIZE_GPRS(5, 12)<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>ZEROIZE_NVGPRS()<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>bl<span class="Apple-tab-span" style="white-space: pre;"> </span>system_call_exception<br class="">@@ -140,6 +141,7 @@ BEGIN_FTR_SECTION<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>HMT_MEDIUM_LOW<br class="">END_FTR_SECTION_IFSET(CPU_FTR_HAS_PPR)<br class=""><br class="">+<span class="Apple-tab-span" style="white-space: pre;"> </span>REST_NVGPRS(r1)<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>cmpdi<span class="Apple-tab-span" style="white-space: pre;"> </span>r3,0<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>bne<span class="Apple-tab-span" style="white-space: pre;"> </span>.Lsyscall_vectored_\name\()_restore_regs<br class=""><br class="">@@ -243,7 +245,7 @@ END_BTB_FLUSH_SECTION<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>ld<span class="Apple-tab-span" style="white-space: pre;"> </span>r2,PACATOC(r13)<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>mfcr<span class="Apple-tab-span" style="white-space: pre;"> </span>r12<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>li<span class="Apple-tab-span" style="white-space: pre;"> </span>r11,0<br class="">-<span class="Apple-tab-span" style="white-space: pre;"> </span>/* Can we avoid saving r3-r8 in common case? */<br class="">+<span class="Apple-tab-span" style="white-space: pre;"> </span>/* Save syscall parameters in r3-r8 */<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>SAVE_GPRS(3, 8, r1)<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>/* Zero r9-r12, this should only be required when restoring all GPRs */<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>std<span class="Apple-tab-span" style="white-space: pre;"> </span>r11,GPR9(r1)<br class="">@@ -295,6 +297,7 @@ END_BTB_FLUSH_SECTION<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-converted-space"> </span>* Zero user registers to prevent influencing speculative execution<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-converted-space"> </span>* state of kernel code.<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-converted-space"> </span>*/<br class="">+<span class="Apple-tab-span" style="white-space: pre;"> </span>ZEROIZE_GPR(0)<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>ZEROIZE_GPRS(5, 12)<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>ZEROIZE_NVGPRS()<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>bl<span class="Apple-tab-span" style="white-space: pre;"> </span>system_call_exception<br class="">@@ -337,6 +340,7 @@ BEGIN_FTR_SECTION<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>stdcx.<span class="Apple-tab-span" style="white-space: pre;"> </span>r0,0,r1<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-tab-span" style="white-space: pre;"> </span>/* to clear the reservation */<br class="">END_FTR_SECTION_IFCLR(CPU_FTR_STCX_CHECKS_ADDRESS)<br class=""><br class="">+<span class="Apple-tab-span" style="white-space: pre;"> </span>REST_NVGPRS(r1)<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>cmpdi<span class="Apple-tab-span" style="white-space: pre;"> </span>r3,0<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>bne<span class="Apple-tab-span" style="white-space: pre;"> </span>.Lsyscall_restore_regs<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>/* Zero volatile regs that may contain sensitive kernel data */<br class="">@@ -364,7 +368,6 @@ END_FTR_SECTION_IFSET(CPU_FTR_HAS_PPR)<br class="">.Lsyscall_restore_regs:<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>ld<span class="Apple-tab-span" style="white-space: pre;"> </span>r3,_CTR(r1)<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>ld<span class="Apple-tab-span" style="white-space: pre;"> </span>r4,_XER(r1)<br class="">-<span class="Apple-tab-span" style="white-space: pre;"> </span>REST_NVGPRS(r1)<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>mtctr<span class="Apple-tab-span" style="white-space: pre;"> </span>r3<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>mtspr<span class="Apple-tab-span" style="white-space: pre;"> </span>SPRN_XER,r4<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>REST_GPR(0, r1)<br class="">--<span class="Apple-converted-space"> </span><br class="">2.34.1</blockquote></div></blockquote></div><br class=""></body></html>