From: Tony Lindgren <tony@atomide.com>
To: Nishanth Menon <nm@ti.com>
Cc: Russell King - ARM Linux <linux@armlinux.org.uk>,
linux-kernel@vger.kernel.org, linux-omap@vger.kernel.org,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH] ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores
Date: Mon, 25 Jun 2018 01:03:09 -0700 [thread overview]
Message-ID: <20180625080309.GH112168@atomide.com> (raw)
In-Reply-To: <20180613132910.wr7ngq4nvxlgaoqi@kahuna>
* Nishanth Menon <nm@ti.com> [180613 13:31]:
> On 10:11-20180613, Russell King - ARM Linux wrote:
> > On Tue, Jun 12, 2018 at 04:36:11PM -0500, Nishanth Menon wrote:
> > > Call secure services to enable ACTLR[0] (Enable invalidates of BTB with
> > > ICIALLU) when branch hardening is enabled for kernel.
> >
> > As mentioned elsewhere, I don't think this is a good idea - if the secure
> > world is not implementing the Spectre workarounds, then the _system_ is
> > exploitable.
> >
> > If the secure world is implementing the spectre workarounds, it will
> > already have enabled the IBE bit (which is r/w from secure, read only
> > from non-secure.)
> >
> > So, basically, lack of the IBE bit being set is basically telling the
> > kernel that it's running on a vulnerable platform _even if the kernel
> > were to set it through some means_.
>
> On GP devices OMAP5/DRA7, there is no possibility to update secure side
> since "secure world" is ROM and there are no override mechanisms possible.
> on HS devices, I agree, appropriate PPA will do the workarounds as well.
>
> However, this patch is to enable the IBE enable on GP device for _a_
> core can only be done via SMC services that ROM provides for
> specifically the reasons you have already stated. u-boot will only
> enable the IBE for the boot core, by the time the secondary cores start
> up, u-boot is long gone.. so someone has to invoke the SMC call to
> enable the IBE bit for the secondary core.
>
> This is what the patch does.
>
> If the above explanation makes sense, I will add that to the commit log
> as well.
Probably good idea to also add a comment to the code that this
is for the secondary core.
Regards,
Tony
WARNING: multiple messages have this Message-ID (diff)
From: tony@atomide.com (Tony Lindgren)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores
Date: Mon, 25 Jun 2018 01:03:09 -0700 [thread overview]
Message-ID: <20180625080309.GH112168@atomide.com> (raw)
In-Reply-To: <20180613132910.wr7ngq4nvxlgaoqi@kahuna>
* Nishanth Menon <nm@ti.com> [180613 13:31]:
> On 10:11-20180613, Russell King - ARM Linux wrote:
> > On Tue, Jun 12, 2018 at 04:36:11PM -0500, Nishanth Menon wrote:
> > > Call secure services to enable ACTLR[0] (Enable invalidates of BTB with
> > > ICIALLU) when branch hardening is enabled for kernel.
> >
> > As mentioned elsewhere, I don't think this is a good idea - if the secure
> > world is not implementing the Spectre workarounds, then the _system_ is
> > exploitable.
> >
> > If the secure world is implementing the spectre workarounds, it will
> > already have enabled the IBE bit (which is r/w from secure, read only
> > from non-secure.)
> >
> > So, basically, lack of the IBE bit being set is basically telling the
> > kernel that it's running on a vulnerable platform _even if the kernel
> > were to set it through some means_.
>
> On GP devices OMAP5/DRA7, there is no possibility to update secure side
> since "secure world" is ROM and there are no override mechanisms possible.
> on HS devices, I agree, appropriate PPA will do the workarounds as well.
>
> However, this patch is to enable the IBE enable on GP device for _a_
> core can only be done via SMC services that ROM provides for
> specifically the reasons you have already stated. u-boot will only
> enable the IBE for the boot core, by the time the secondary cores start
> up, u-boot is long gone.. so someone has to invoke the SMC call to
> enable the IBE bit for the secondary core.
>
> This is what the patch does.
>
> If the above explanation makes sense, I will add that to the commit log
> as well.
Probably good idea to also add a comment to the code that this
is for the secondary core.
Regards,
Tony
next prev parent reply other threads:[~2018-06-25 8:03 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-12 21:36 [PATCH] ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores Nishanth Menon
2018-06-12 21:36 ` Nishanth Menon
2018-06-12 21:36 ` Nishanth Menon
2018-06-13 10:11 ` Russell King - ARM Linux
2018-06-13 10:11 ` Russell King - ARM Linux
2018-06-13 13:29 ` Nishanth Menon
2018-06-13 13:29 ` Nishanth Menon
2018-06-13 13:29 ` Nishanth Menon
2018-06-25 8:03 ` Tony Lindgren [this message]
2018-06-25 8:03 ` Tony Lindgren
2018-06-25 8:04 ` Tony Lindgren
2018-06-25 8:04 ` Tony Lindgren
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180625080309.GH112168@atomide.com \
--to=tony@atomide.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-omap@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=nm@ti.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.