From: christoffer.dall@linaro.org (Christoffer Dall)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v3 4/6] arm: Add icache invalidation on switch_mm for Cortex-A15
Date: Fri, 26 Jan 2018 10:14:25 +0100 [thread overview]
Message-ID: <20180126091425.GU21802@cbox> (raw)
In-Reply-To: <20180125152139.32431-5-marc.zyngier@arm.com>
On Thu, Jan 25, 2018 at 03:21:37PM +0000, Marc Zyngier wrote:
> In order to avoid aliasing attacks against the branch predictor,
> Cortex-A15 require to invalidate the BTB when switching
> from one user context to another. The only way to do so on this
> CPU is to perform an ICIALLU, having set ACTLR[0] to 1 from secure
> mode.
>
> Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
> ---
> arch/arm/mm/proc-v7-2level.S | 10 ++++++++++
> arch/arm/mm/proc-v7-3level.S | 16 ++++++++++++++++
> arch/arm/mm/proc-v7.S | 18 +++++++++++++++++-
> 3 files changed, 43 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm/mm/proc-v7-2level.S b/arch/arm/mm/proc-v7-2level.S
> index 0422e58b74e8..7dc9e1c69039 100644
> --- a/arch/arm/mm/proc-v7-2level.S
> +++ b/arch/arm/mm/proc-v7-2level.S
> @@ -40,7 +40,17 @@
> * Note that we always need to flush BTAC/BTB if IBE is set
> * even on Cortex-A8 revisions not affected by 430973.
> * If IBE is not set, the flush BTAC/BTB won't do anything.
> + *
> + * Cortex-A15 requires ACTLR[0] to be set from secure in order
> + * for the icache invalidation to also invalidate the BTB.
> */
Seems like we can read (but not write) this bit from non-secure. Should
we test if it's set somewhere during boot and warn the user if not?
> +ENTRY(cpu_ca15_switch_mm)
> +#ifdef CONFIG_MMU
> + mcr p15, 0, r0, c7, c5, 0 @ ICIALLU
> + isb
> + b cpu_v7_switch_mm
> +#endif
> +ENDPROC(cpu_ca15_switch_mm)
> ENTRY(cpu_v7_btbinv_switch_mm)
> #ifdef CONFIG_MMU
> mov r2, #0
> diff --git a/arch/arm/mm/proc-v7-3level.S b/arch/arm/mm/proc-v7-3level.S
> index 934272e1fa08..cae6bb4da956 100644
> --- a/arch/arm/mm/proc-v7-3level.S
> +++ b/arch/arm/mm/proc-v7-3level.S
> @@ -71,6 +71,22 @@ ENTRY(cpu_v7_switch_mm)
> ENDPROC(cpu_v7_switch_mm)
> ENDPROC(cpu_v7_btbinv_switch_mm)
>
> +/*
> + * Cortex-A15 requires ACTLR[0] to be set from secure in order
> + * for the icache invalidation to also invalidate the BTB.
> + */
> +ENTRY(cpu_ca15_switch_mm)
> +#ifdef CONFIG_MMU
> + mcr p15, 0, r0, c7, c5, 0 @ ICIALLU
> + mmid r2, r2
> + asid r2, r2
> + orr rpgdh, rpgdh, r2, lsl #(48 - 32) @ upper 32-bits of pgd
> + mcrr p15, 0, rpgdl, rpgdh, c2 @ set TTB 0
> + isb
> +#endif
> + ret lr
> +ENDPROC(cpu_ca15_switch_mm)
> +
There's some potential for code shaing with cpu_v7_switch_mm here,
either via a macro or by simply calling cpu_v7_switch_mm from
cpu_ca15_switch_mm, but I'm not sure if we care?
> #ifdef __ARMEB__
> #define rl r3
> #define rh r2
> diff --git a/arch/arm/mm/proc-v7.S b/arch/arm/mm/proc-v7.S
> index 0a14967fd400..9310fd9aa1cf 100644
> --- a/arch/arm/mm/proc-v7.S
> +++ b/arch/arm/mm/proc-v7.S
> @@ -173,6 +173,21 @@ ENDPROC(cpu_v7_do_resume)
> globl_equ cpu_v7_btbinv_do_resume, cpu_v7_do_resume
> #endif
>
> +/*
> + * Cortex-A15 that require an icache invalidation on switch_mm
uber nit: The wording is weird here, how about "Cortex-A15 requires
an..." ?
> + */
> + globl_equ cpu_ca15_proc_init, cpu_v7_proc_init
> + globl_equ cpu_ca15_proc_fin, cpu_v7_proc_fin
> + globl_equ cpu_ca15_reset, cpu_v7_reset
> + globl_equ cpu_ca15_do_idle, cpu_v7_do_idle
> + globl_equ cpu_ca15_dcache_clean_area, cpu_v7_dcache_clean_area
> + globl_equ cpu_ca15_set_pte_ext, cpu_v7_set_pte_ext
> + globl_equ cpu_ca15_suspend_size, cpu_v7_suspend_size
> +#ifdef CONFIG_ARM_CPU_SUSPEND
> + globl_equ cpu_ca15_do_suspend, cpu_v7_do_suspend
> + globl_equ cpu_ca15_do_resume, cpu_v7_do_resume
> +#endif
> +
> /*
> * Cortex-A9 processor functions
> */
> @@ -549,6 +564,7 @@ __v7_setup_stack:
> @ define struct processor (see <asm/proc-fns.h> and proc-macros.S)
> define_processor_functions v7, dabort=v7_early_abort, pabort=v7_pabort, suspend=1
> define_processor_functions v7_btbinv, dabort=v7_early_abort, pabort=v7_pabort, suspend=1
> + define_processor_functions ca15, dabort=v7_early_abort, pabort=v7_pabort, suspend=1
> #ifndef CONFIG_ARM_LPAE
> define_processor_functions ca9mp, dabort=v7_early_abort, pabort=v7_pabort, suspend=1
> #endif
> @@ -668,7 +684,7 @@ __v7_ca12mp_proc_info:
> __v7_ca15mp_proc_info:
> .long 0x410fc0f0
> .long 0xff0ffff0
> - __v7_proc __v7_ca15mp_proc_info, __v7_ca15mp_setup
> + __v7_proc __v7_ca15mp_proc_info, __v7_ca15mp_setup, proc_fns = ca15_processor_functions
> .size __v7_ca15mp_proc_info, . - __v7_ca15mp_proc_info
>
> /*
> --
> 2.14.2
>
Thanks,
-Christoffer
next prev parent reply other threads:[~2018-01-26 9:14 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-25 15:21 [PATCH v3 0/6] 32bit ARM branch predictor hardening Marc Zyngier
2018-01-25 15:21 ` [PATCH v3 1/6] arm: Add BTB invalidation on switch_mm for Cortex-A9, A12 and A17 Marc Zyngier
2018-01-26 20:44 ` Florian Fainelli
2018-01-30 17:27 ` Marc Zyngier
2018-01-25 15:21 ` [PATCH v3 2/6] arm: Invalidate BTB on prefetch abort outside of user mapping on Cortex A8, A9, " Marc Zyngier
2018-01-31 2:13 ` Fabio Estevam
2018-01-25 15:21 ` [PATCH v3 3/6] arm: KVM: Invalidate BTB on guest exit for Cortex-A12/A17 Marc Zyngier
2018-01-26 9:23 ` Christoffer Dall
2018-01-26 17:12 ` Robin Murphy
2018-01-31 12:11 ` Marc Zyngier
2018-01-31 14:25 ` Robin Murphy
2018-01-25 15:21 ` [PATCH v3 4/6] arm: Add icache invalidation on switch_mm for Cortex-A15 Marc Zyngier
2018-01-26 9:14 ` Christoffer Dall [this message]
2018-01-26 9:30 ` Marc Zyngier
2018-01-26 16:20 ` Florian Fainelli
2018-01-26 16:33 ` Marc Zyngier
2018-01-26 17:20 ` Robin Murphy
2018-01-27 22:23 ` Florian Fainelli
2018-01-28 11:55 ` Marc Zyngier
2018-01-29 18:05 ` Florian Fainelli
2018-01-29 18:13 ` Marc Zyngier
2018-01-25 15:21 ` [PATCH v3 5/6] arm: Invalidate icache on prefetch abort outside of user mapping on Cortex-A15 Marc Zyngier
2018-01-25 15:21 ` [PATCH v3 6/6] arm: KVM: Invalidate icache on guest exit for Cortex-A15 Marc Zyngier
2018-01-26 9:30 ` [PATCH v3 0/6] 32bit ARM branch predictor hardening Christoffer Dall
2018-01-26 16:39 ` Andre Przywara
2018-01-29 11:36 ` Hanjun Guo
2018-01-29 14:58 ` Nishanth Menon
2018-01-31 12:45 ` Hanjun Guo
2018-01-31 18:53 ` Florian Fainelli
2018-01-31 19:07 ` Marc Zyngier
2018-01-31 19:54 ` André Przywara
2018-01-31 20:37 ` Florian Fainelli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180126091425.GU21802@cbox \
--to=christoffer.dall@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.