array_index_nospec: Sanitize speculative array de-references
authorDan Williams <dan.j.williams@intel.com>
Tue, 30 Jan 2018 01:02:22 +0000 (17:02 -0800)
committerMatthew Pedro <mapedro@nvidia.com>
Tue, 10 Apr 2018 05:12:24 +0000 (22:12 -0700)
commit789a738628f82234a0133101d48a145e94e1d65b
treef06be8f18b7ffb9a6cb36fc5078a484c60112f06
parent8569db2c850ad02ecfd101446ecf346e0e4f53ea
array_index_nospec: Sanitize speculative array de-references

array_index_nospec() is proposed as a generic mechanism to mitigate
against Spectre-variant-1 attacks, i.e. an attack that bypasses boundary
checks via speculative execution. The array_index_nospec()
implementation is expected to be safe for current generation CPUs across
multiple architectures (ARM, x86).

Based on an original implementation by Linus Torvalds, tweaked to remove
speculative flows by Alexei Starovoitov, and tweaked again by Linus to
introduce an x86 assembly implementation for the mask generation.

Co-developed-by: Linus Torvalds <torvalds@linux-foundation.org>
Co-developed-by: Alexei Starovoitov <ast@kernel.org>
Suggested-by: Cyril Novikov <cnovikov@lynx.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-arch@vger.kernel.org
Cc: kernel-hardening@lists.openwall.com
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Russell King <linux@armlinux.org.uk>
Cc: gregkh@linuxfoundation.org
Cc: torvalds@linux-foundation.org
Cc: alan@linux.intel.com
Link: https://lkml.kernel.org/r/151727414229.33451.18411580953862676575.stgit@dwillia2-desk3.amr.corp.intel.com
Change-Id: I52bfd4256e39b2a81c5e4f5195e2f9985990cade
Reviewed-on: https://git-master.nvidia.com/r/1662097
(cherry picked from commit 3d81db8940d73ca8526189ae6d87716925787f3c)
Signed-off-by: Jeetesh Burman <jburman@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/1687453
GVS: Gerrit_Virtual_Submit
Reviewed-by: Nicolin Chen <nicolinc@nvidia.com>
Reviewed-by: Bibek Basu <bbasu@nvidia.com>
include/linux/nospec.h [new file with mode: 0644]