evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ARM: signal: copy registers using __copy_from_user()

Browse source 
Commit c32cd419d6650e42b9cdebb83c672ec945e6bd7e upstream.

__get_user_error() is used as a fast accessor to make copying structure
members in the signal handling path as efficient as possible.  However,
with software PAN and the recent Spectre variant 1, the efficiency is
reduced as these are no longer fast accessors.

In the case of software PAN, it has to switch the domain register around
each access, and with Spectre variant 1, it would have to repeat the
access_ok() check for each access.

It becomes much more efficient to use __copy_from_user() instead, so
let's use this for the ARM integer registers.

Acked-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: David A. Long <dave.long@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Russell King 2019-11-08 13:35:34 +01:00 committed by Greg Kroah-Hartman
parent e4f30ae336
commit d9230bf912
1 changed files with 21 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
arch/arm/kernel/signal.c
View file

@ -141,6 +141,7 @@ struct rt_sigframe {
static int restore_sigframe(struct pt_regs *regs, struct sigframe __user *sf) static int restore_sigframe(struct pt_regs *regs, struct sigframe __user *sf)
{ {
struct sigcontext context;
struct aux_sigframe __user *aux; struct aux_sigframe __user *aux;
sigset_t set; sigset_t set;
int err; int err;
@ -149,23 +150,26 @@ static int restore_sigframe(struct pt_regs *regs, struct sigframe __user *sf)
if (err == 0) if (err == 0)
set_current_blocked(&set); set_current_blocked(&set);
__get_user_error(regs->ARM_r0, &sf->uc.uc_mcontext.arm_r0, err); err |= __copy_from_user(&context, &sf->uc.uc_mcontext, sizeof(context));
__get_user_error(regs->ARM_r1, &sf->uc.uc_mcontext.arm_r1, err); if (err == 0) {
__get_user_error(regs->ARM_r2, &sf->uc.uc_mcontext.arm_r2, err); regs->ARM_r0 = context.arm_r0;
__get_user_error(regs->ARM_r3, &sf->uc.uc_mcontext.arm_r3, err); regs->ARM_r1 = context.arm_r1;
__get_user_error(regs->ARM_r4, &sf->uc.uc_mcontext.arm_r4, err); regs->ARM_r2 = context.arm_r2;
__get_user_error(regs->ARM_r5, &sf->uc.uc_mcontext.arm_r5, err); regs->ARM_r3 = context.arm_r3;
__get_user_error(regs->ARM_r6, &sf->uc.uc_mcontext.arm_r6, err); regs->ARM_r4 = context.arm_r4;
__get_user_error(regs->ARM_r7, &sf->uc.uc_mcontext.arm_r7, err); regs->ARM_r5 = context.arm_r5;
__get_user_error(regs->ARM_r8, &sf->uc.uc_mcontext.arm_r8, err); regs->ARM_r6 = context.arm_r6;
__get_user_error(regs->ARM_r9, &sf->uc.uc_mcontext.arm_r9, err); regs->ARM_r7 = context.arm_r7;
__get_user_error(regs->ARM_r10, &sf->uc.uc_mcontext.arm_r10, err); regs->ARM_r8 = context.arm_r8;
__get_user_error(regs->ARM_fp, &sf->uc.uc_mcontext.arm_fp, err); regs->ARM_r9 = context.arm_r9;
__get_user_error(regs->ARM_ip, &sf->uc.uc_mcontext.arm_ip, err); regs->ARM_r10 = context.arm_r10;
__get_user_error(regs->ARM_sp, &sf->uc.uc_mcontext.arm_sp, err); regs->ARM_fp = context.arm_fp;
__get_user_error(regs->ARM_lr, &sf->uc.uc_mcontext.arm_lr, err); regs->ARM_ip = context.arm_ip;
__get_user_error(regs->ARM_pc, &sf->uc.uc_mcontext.arm_pc, err); regs->ARM_sp = context.arm_sp;
__get_user_error(regs->ARM_cpsr, &sf->uc.uc_mcontext.arm_cpsr, err); regs->ARM_lr = context.arm_lr;
regs->ARM_pc = context.arm_pc;
regs->ARM_cpsr = context.arm_cpsr;
}
err |= !valid_user_regs(regs); err |= !valid_user_regs(regs);