From b9a4c2bdba69ced5acb16a251e6b729e07b4dbad Mon Sep 17 00:00:00 2001 From: Michael Scire Date: Wed, 11 Oct 2023 03:21:06 -0700 Subject: [PATCH] kern: add speculation barriers after eret --- .../arch/arm64/kern_assembly_macros.h | 5 +++++ .../arch/arm64/svc/kern_svc_exception_asm.s | 2 +- .../arch/arm64/svc/kern_svc_handlers_asm.s | 8 ++++---- .../kernel/source/arch/arm64/init/start.s | 2 +- .../arch/arm64/kern_exception_handlers_asm.s | 18 +++++++++--------- .../arch/arm64/kern_k_thread_context_asm.s | 6 ++---- 6 files changed, 22 insertions(+), 19 deletions(-) diff --git a/libraries/libmesosphere/include/mesosphere/arch/arm64/kern_assembly_macros.h b/libraries/libmesosphere/include/mesosphere/arch/arm64/kern_assembly_macros.h index 97b50afb6..8dfafdc7b 100644 --- a/libraries/libmesosphere/include/mesosphere/arch/arm64/kern_assembly_macros.h +++ b/libraries/libmesosphere/include/mesosphere/arch/arm64/kern_assembly_macros.h @@ -94,3 +94,8 @@ label_done: ENABLE_FPU(xtmp1) \ GET_THREAD_CONTEXT_AND_RESTORE_FPCR_FPSR(ctx, xtmp1, xtmp2, wtmp1, wtmp2) \ RESTORE_FPU32_ALL_REGISTERS(ctx, xtmp1) + +#define ERET_WITH_SPECULATION_BARRIER \ + eret; \ + dsb nsh; \ + isb diff --git a/libraries/libmesosphere/source/arch/arm64/svc/kern_svc_exception_asm.s b/libraries/libmesosphere/source/arch/arm64/svc/kern_svc_exception_asm.s index 2194c594d..c3ee6a077 100644 --- a/libraries/libmesosphere/source/arch/arm64/svc/kern_svc_exception_asm.s +++ b/libraries/libmesosphere/source/arch/arm64/svc/kern_svc_exception_asm.s @@ -130,4 +130,4 @@ _ZN3ams4kern3svc14RestoreContextEm: /* Return. */ add sp, sp, #(EXCEPTION_CONTEXT_SIZE) - eret + ERET_WITH_SPECULATION_BARRIER diff --git a/libraries/libmesosphere/source/arch/arm64/svc/kern_svc_handlers_asm.s b/libraries/libmesosphere/source/arch/arm64/svc/kern_svc_handlers_asm.s index d795c6aae..6e6f07a30 100644 --- a/libraries/libmesosphere/source/arch/arm64/svc/kern_svc_handlers_asm.s +++ b/libraries/libmesosphere/source/arch/arm64/svc/kern_svc_handlers_asm.s @@ -194,7 +194,7 @@ _ZN3ams4kern4arch5arm6412SvcHandler64Ev: /* Return. */ add sp, sp, #(EXCEPTION_CONTEXT_SIZE) - eret + ERET_WITH_SPECULATION_BARRIER 5: /* Return from SVC. */ @@ -297,7 +297,7 @@ _ZN3ams4kern4arch5arm6412SvcHandler64Ev: /* Return. */ add sp, sp, #(EXCEPTION_CONTEXT_SIZE) - eret + ERET_WITH_SPECULATION_BARRIER /* ams::kern::arch::arm64::SvcHandler32() */ .section .text._ZN3ams4kern4arch5arm6412SvcHandler32Ev, "ax", %progbits @@ -467,7 +467,7 @@ _ZN3ams4kern4arch5arm6412SvcHandler32Ev: /* Return. */ add sp, sp, #(EXCEPTION_CONTEXT_SIZE) - eret + ERET_WITH_SPECULATION_BARRIER 5: /* Return from SVC. */ @@ -547,4 +547,4 @@ _ZN3ams4kern4arch5arm6412SvcHandler32Ev: /* Return. */ add sp, sp, #(EXCEPTION_CONTEXT_SIZE) - eret + ERET_WITH_SPECULATION_BARRIER diff --git a/mesosphere/kernel/source/arch/arm64/init/start.s b/mesosphere/kernel/source/arch/arm64/init/start.s index 0a11c8200..5d9084b08 100644 --- a/mesosphere/kernel/source/arch/arm64/init/start.s +++ b/mesosphere/kernel/source/arch/arm64/init/start.s @@ -377,7 +377,7 @@ _ZN3ams4kern4init16JumpFromEL2ToEL1Ev: mov x0, #0xC5 msr spsr_el2, x0 - eret + ERET_WITH_SPECULATION_BARRIER #endif /* ams::kern::init::DisableMmuAndCaches() */ diff --git a/mesosphere/kernel/source/arch/arm64/kern_exception_handlers_asm.s b/mesosphere/kernel/source/arch/arm64/kern_exception_handlers_asm.s index a23cebc0e..d81eb7e89 100644 --- a/mesosphere/kernel/source/arch/arm64/kern_exception_handlers_asm.s +++ b/mesosphere/kernel/source/arch/arm64/kern_exception_handlers_asm.s @@ -64,7 +64,7 @@ _ZN3ams4kern4arch5arm6422EL1IrqExceptionHandlerEv: add sp, sp, #(8 * 24) /* Return from the exception. */ - eret + ERET_WITH_SPECULATION_BARRIER /* ams::kern::arch::arm64::EL0A64IrqExceptionHandler() */ .section .text._ZN3ams4kern4arch5arm6425EL0A64IrqExceptionHandlerEv, "ax", %progbits @@ -150,7 +150,7 @@ _ZN3ams4kern4arch5arm6425EL0A64IrqExceptionHandlerEv: add sp, sp, #(EXCEPTION_CONTEXT_SIZE) /* Return from the exception. */ - eret + ERET_WITH_SPECULATION_BARRIER /* ams::kern::arch::arm64::EL0A32IrqExceptionHandler() */ .section .text._ZN3ams4kern4arch5arm6425EL0A32IrqExceptionHandlerEv, "ax", %progbits @@ -218,7 +218,7 @@ _ZN3ams4kern4arch5arm6425EL0A32IrqExceptionHandlerEv: add sp, sp, #(EXCEPTION_CONTEXT_SIZE) /* Return from the exception. */ - eret + ERET_WITH_SPECULATION_BARRIER /* ams::kern::arch::arm64::EL0SynchronousExceptionHandler() */ .section .text._ZN3ams4kern4arch5arm6430EL0SynchronousExceptionHandlerEv, "ax", %progbits @@ -331,7 +331,7 @@ _ZN3ams4kern4arch5arm6430EL0SynchronousExceptionHandlerEv: add sp, sp, #(EXCEPTION_CONTEXT_SIZE) /* Return from the exception. */ - eret + ERET_WITH_SPECULATION_BARRIER 4: /* SVC from aarch32. */ ldp x16, x17, [sp], 16 @@ -377,7 +377,7 @@ _ZN3ams4kern4arch5arm6430EL0SynchronousExceptionHandlerEv: ldp x16, x17, [sp], 16 /* Return from the exception. */ - eret + ERET_WITH_SPECULATION_BARRIER /* ams::kern::arch::arm64::EL1SynchronousExceptionHandler() */ @@ -441,7 +441,7 @@ _ZN3ams4kern4arch5arm6430EL1SynchronousExceptionHandlerEv: /* Return false. */ mov x0, #0x0 msr elr_el1, x30 - eret + ERET_WITH_SPECULATION_BARRIER 2: /* The exception wasn't an triggered by copying memory from userspace. */ ldr x0, [sp, #8] @@ -519,7 +519,7 @@ _ZN3ams4kern4arch5arm6430EL1SynchronousExceptionHandlerEv: mrs x0, tpidr_el1 /* Return from the exception. */ - eret + ERET_WITH_SPECULATION_BARRIER /* ams::kern::arch::arm64::FpuAccessExceptionHandler() */ @@ -542,7 +542,7 @@ _ZN3ams4kern4arch5arm6425FpuAccessExceptionHandlerEv: add sp, sp, #(EXCEPTION_CONTEXT_SIZE) /* Return from the exception. */ - eret + ERET_WITH_SPECULATION_BARRIER /* ams::kern::arch::arm64::EL1SystemErrorHandler() */ .section .text._ZN3ams4kern4arch5arm6421EL1SystemErrorHandlerEv, "ax", %progbits @@ -680,5 +680,5 @@ _ZN3ams4kern4arch5arm6421EL0SystemErrorHandlerEv: add sp, sp, #(EXCEPTION_CONTEXT_SIZE) /* Return from the exception. */ - eret + ERET_WITH_SPECULATION_BARRIER diff --git a/mesosphere/kernel/source/arch/arm64/kern_k_thread_context_asm.s b/mesosphere/kernel/source/arch/arm64/kern_k_thread_context_asm.s index 080048598..362adc712 100644 --- a/mesosphere/kernel/source/arch/arm64/kern_k_thread_context_asm.s +++ b/mesosphere/kernel/source/arch/arm64/kern_k_thread_context_asm.s @@ -14,6 +14,7 @@ * along with this program. If not, see . */ #include +#include /* ams::kern::arch::arm64::UserModeThreadStarter() */ .section .text._ZN3ams4kern4arch5arm6421UserModeThreadStarterEv, "ax", %progbits @@ -62,7 +63,7 @@ _ZN3ams4kern4arch5arm6421UserModeThreadStarterEv: add sp, sp, #(EXCEPTION_CONTEXT_SIZE) /* Return to EL0 */ - eret + ERET_WITH_SPECULATION_BARRIER /* ams::kern::arch::arm64::SupervisorModeThreadStarter() */ .section .text._ZN3ams4kern4arch5arm6427SupervisorModeThreadStarterEv, "ax", %progbits @@ -84,6 +85,3 @@ _ZN3ams4kern4arch5arm6427SupervisorModeThreadStarterEv: /* Mask I bit in DAIF */ msr daifclr, #2 br x1 - - /* This should never execute, but Nintendo includes an ERET here. */ - eret