[PATCH v4 20/20] powerpc/64e: Clear gprs on interrupt routine entry
Rohan McLure
rmclure at linux.ibm.com
Wed Aug 24 12:05:48 AEST 2022
Zero GPRS r14-r31 on entry into the kernel for interrupt sources to
limit influence of user-space values in potential speculation gadgets.
Prior to this commit, all other GPRS are reassigned during the common
prologue to interrupt handlers and so need not be zeroised explicitly.
This may be done safely, without loss of register state prior to the
interrupt, as the common prologue saves the initial values of
non-volatiles, which are unconditionally restored in interrupt_64.S.
Signed-off-by: Rohan McLure <rmclure at linux.ibm.com>
---
V3 -> V4: New patch.
---
arch/powerpc/kernel/exceptions-64e.S | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/kernel/exceptions-64e.S b/arch/powerpc/kernel/exceptions-64e.S
index 48c640ca425d..296b3bf6b2a6 100644
--- a/arch/powerpc/kernel/exceptions-64e.S
+++ b/arch/powerpc/kernel/exceptions-64e.S
@@ -401,7 +401,8 @@ exc_##n##_common: \
std r12,STACK_FRAME_OVERHEAD-16(r1); /* mark the frame */ \
std r3,_TRAP(r1); /* set trap number */ \
std r0,RESULT(r1); /* clear regs->result */ \
- SAVE_NVGPRS(r1);
+ SAVE_NVGPRS(r1); \
+ ZEROIZE_NVGPRS(); /* minimise speculation influence */
#define EXCEPTION_COMMON(n) \
EXCEPTION_COMMON_LVL(n, SPRN_SPRG_GEN_SCRATCH, PACA_EXGEN)
@@ -1068,6 +1069,7 @@ bad_stack_book3e:
std r11,_CTR(r1)
std r12,_XER(r1)
SAVE_NVGPRS(r1)
+ ZEROIZE_NVGPRS()
lhz r12,PACA_TRAP_SAVE(r13)
std r12,_TRAP(r1)
addi r11,r1,INT_FRAME_SIZE
--
2.34.1
More information about the Linuxppc-dev
mailing list