From: Will Deacon <will.deacon@arm.com>
To: Shanker Donthineni <shankerd@codeaurora.org>
Cc: Marc Zyngier <marc.zyngier@arm.com>,
Christoffer Dall <christoffer.dall@linaro.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
kvmarm <kvmarm@lists.cs.columbia.edu>,
Catalin Marinas <catalin.marinas@arm.com>,
Vikram Sethi <vikrams@codeaurora.org>,
Sean Campbell <scampbel@codeaurora.org>
Subject: Re: [PATCH] arm64: Implement branch predictor hardening for Falkor
Date: Mon, 8 Jan 2018 17:09:33 +0000 [thread overview]
Message-ID: <20180108170933.GU25869@arm.com> (raw)
In-Reply-To: <1515184139-23743-1-git-send-email-shankerd@codeaurora.org>
On Fri, Jan 05, 2018 at 02:28:59PM -0600, Shanker Donthineni wrote:
> Falkor is susceptible to branch predictor aliasing and can
> theoretically be attacked by malicious code. This patch
> implements a mitigation for these attacks, preventing any
> malicious entries from affecting other victim contexts.
Thanks, Shanker. I'll pick this up (fixing the typo pointed out by Drew).
One comment below.
> Signed-off-by: Shanker Donthineni <shankerd@codeaurora.org>
> ---
> This patch has been verified using tip of
> https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git/log/?h=kpti
> and
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/arch/arm64?h=v4.15-rc6&id=c622cc013cece073722592cff1ac6643a33b1622
>
> arch/arm64/include/asm/cpucaps.h | 3 ++-
> arch/arm64/include/asm/kvm_asm.h | 2 ++
> arch/arm64/kernel/bpi.S | 8 +++++++
> arch/arm64/kernel/cpu_errata.c | 49 ++++++++++++++++++++++++++++++++++++++--
> arch/arm64/kvm/hyp/entry.S | 12 ++++++++++
> arch/arm64/kvm/hyp/switch.c | 10 ++++++++
> 6 files changed, 81 insertions(+), 3 deletions(-)
[...]
> diff --git a/arch/arm64/kvm/hyp/entry.S b/arch/arm64/kvm/hyp/entry.S
> index 12ee62d..9c45c6a 100644
> --- a/arch/arm64/kvm/hyp/entry.S
> +++ b/arch/arm64/kvm/hyp/entry.S
> @@ -196,3 +196,15 @@ alternative_endif
>
> eret
> ENDPROC(__fpsimd_guest_restore)
> +
> +ENTRY(__qcom_hyp_sanitize_btac_predictors)
> + /**
> + * Call SMC64 with Silicon provider serviceID 23<<8 (0xc2001700)
> + * 0xC2000000-0xC200FFFF: assigned to SiP Service Calls
> + * b15-b0: contains SiP functionID
> + */
> + movz x0, #0x1700
> + movk x0, #0xc200, lsl #16
> + smc #0
> + ret
As I mentioned to Jayachandran for the Cavium patches [1], using an
unallocated SMC number like this may cause a problem for some platforms,
such as qemu. Using the PSCI GET_VERSION call avoids this issue, so I'm
relying on you to handle any breakage reports that arise from this change
then.
FWIW: we're currently looking into extending PSCI/SMCCC so that a
standardised mechanism can be implemented without the overhead of the
current register stacking requirements.
Cheers,
Will
[1] http://lists.infradead.org/pipermail/linux-arm-kernel/2018-January/552511.html
WARNING: multiple messages have this Message-ID (diff)
From: will.deacon@arm.com (Will Deacon)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] arm64: Implement branch predictor hardening for Falkor
Date: Mon, 8 Jan 2018 17:09:33 +0000 [thread overview]
Message-ID: <20180108170933.GU25869@arm.com> (raw)
In-Reply-To: <1515184139-23743-1-git-send-email-shankerd@codeaurora.org>
On Fri, Jan 05, 2018 at 02:28:59PM -0600, Shanker Donthineni wrote:
> Falkor is susceptible to branch predictor aliasing and can
> theoretically be attacked by malicious code. This patch
> implements a mitigation for these attacks, preventing any
> malicious entries from affecting other victim contexts.
Thanks, Shanker. I'll pick this up (fixing the typo pointed out by Drew).
One comment below.
> Signed-off-by: Shanker Donthineni <shankerd@codeaurora.org>
> ---
> This patch has been verified using tip of
> https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git/log/?h=kpti
> and
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/arch/arm64?h=v4.15-rc6&id=c622cc013cece073722592cff1ac6643a33b1622
>
> arch/arm64/include/asm/cpucaps.h | 3 ++-
> arch/arm64/include/asm/kvm_asm.h | 2 ++
> arch/arm64/kernel/bpi.S | 8 +++++++
> arch/arm64/kernel/cpu_errata.c | 49 ++++++++++++++++++++++++++++++++++++++--
> arch/arm64/kvm/hyp/entry.S | 12 ++++++++++
> arch/arm64/kvm/hyp/switch.c | 10 ++++++++
> 6 files changed, 81 insertions(+), 3 deletions(-)
[...]
> diff --git a/arch/arm64/kvm/hyp/entry.S b/arch/arm64/kvm/hyp/entry.S
> index 12ee62d..9c45c6a 100644
> --- a/arch/arm64/kvm/hyp/entry.S
> +++ b/arch/arm64/kvm/hyp/entry.S
> @@ -196,3 +196,15 @@ alternative_endif
>
> eret
> ENDPROC(__fpsimd_guest_restore)
> +
> +ENTRY(__qcom_hyp_sanitize_btac_predictors)
> + /**
> + * Call SMC64 with Silicon provider serviceID 23<<8 (0xc2001700)
> + * 0xC2000000-0xC200FFFF: assigned to SiP Service Calls
> + * b15-b0: contains SiP functionID
> + */
> + movz x0, #0x1700
> + movk x0, #0xc200, lsl #16
> + smc #0
> + ret
As I mentioned to Jayachandran for the Cavium patches [1], using an
unallocated SMC number like this may cause a problem for some platforms,
such as qemu. Using the PSCI GET_VERSION call avoids this issue, so I'm
relying on you to handle any breakage reports that arise from this change
then.
FWIW: we're currently looking into extending PSCI/SMCCC so that a
standardised mechanism can be implemented without the overhead of the
current register stacking requirements.
Cheers,
Will
[1] http://lists.infradead.org/pipermail/linux-arm-kernel/2018-January/552511.html
next prev parent reply other threads:[~2018-01-08 17:09 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-05 20:28 [PATCH] arm64: Implement branch predictor hardening for Falkor Shanker Donthineni
2018-01-05 20:28 ` Shanker Donthineni
2018-01-08 9:28 ` Andrew Jones
2018-01-08 9:28 ` Andrew Jones
2018-01-08 17:22 ` Shanker Donthineni
2018-01-08 17:22 ` Shanker Donthineni
2018-01-08 17:22 ` Shanker Donthineni
2018-01-08 17:09 ` Will Deacon [this message]
2018-01-08 17:09 ` Will Deacon
2018-01-08 18:44 ` Will Deacon
2018-01-08 18:44 ` Will Deacon
2018-01-08 18:44 ` Will Deacon
2018-01-08 19:10 ` Shanker Donthineni
2018-01-08 19:10 ` Shanker Donthineni
2018-01-08 21:44 ` Shanker Donthineni
2018-01-08 21:44 ` Shanker Donthineni
2018-01-08 21:44 ` Shanker Donthineni
2018-01-09 9:41 ` Will Deacon
2018-01-09 9:41 ` Will Deacon
2018-01-09 9:41 ` Will Deacon
2018-01-09 11:05 ` Catalin Marinas
2018-01-09 11:05 ` Catalin Marinas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180108170933.GU25869@arm.com \
--to=will.deacon@arm.com \
--cc=catalin.marinas@arm.com \
--cc=christoffer.dall@linaro.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marc.zyngier@arm.com \
--cc=scampbel@codeaurora.org \
--cc=shankerd@codeaurora.org \
--cc=vikrams@codeaurora.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.