From: marc.zyngier@arm.com (Marc Zyngier)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH 0/3] ARM branch predictor hardening
Date: Mon, 08 Jan 2018 21:28:28 +0000 [thread overview]
Message-ID: <86608c3urn.wl-marc.zyngier@arm.com> (raw)
In-Reply-To: <608da127-fffa-0782-7baf-7edfe189abdc@gmail.com>
On Sat, 06 Jan 2018 18:50:41 +0000,
Florian Fainelli wrote:
Hi Florian,
> Le 01/06/18 ? 04:09, Marc Zyngier a ?crit?:
> > This small series implements some basic BP hardening by invalidating
> > the BTB on CPUs that are known to be susceptible to aliasing attacks.
> >
> > These patches are closely modelled against what we do on arm64,
> > although simpler as we can rely on an architected instruction to
> > perform the invalidation.
> >
> > The first patch reuses the Cortex-A8 BTB invalidation in switch_mm and
> > generalises it to be used on all affected CPUs. The second perform the
> > same invalidation on fatal signal delivery. The last one nukes it on
> > guest exit, and results in some major surgery (kudos to Dimitris
> > Papastamos who came up with the magic vector decoding sequence).
> >
> > Note that that M-class CPUs are not affected and for R-class cores,
> > the mitigation doesn't make much sense since we do not enforce
> > user/kernel isolation.
>
> Broadcom's Brahma-B15 CPUs are also affected, I can either send an
> incremental patch on top of this series once it lands in, or since it
> looks like you are going to respin a v2, feel free to incorporate the
> changes I sent as replies to patch 1 and 2.
I've re-spun the series, as there was quite a few issues with the
first one. Could you please try and respin your B15 patches on top?
> What about P4JB and Krait, should they also be covered?
I have no idea. I only know of the ARM cores. Other implementation
will have to check whether they are affected or not.
> Even though I am assuming -stable maintainers will quickly pick
> those changes, should there be an explicit mention of CVE-2017-5715?
I have no plans for these patches to be merged immediately. We're
targeting the arm64 patches at v4.16, and I don't expect the 32bit
patches to be any different.
As for the CVE mention, I'm not really bothered (yet another number
soup). Everybody knows what we're talking about, these days...
Thanks,
M.
next prev parent reply other threads:[~2018-01-08 21:28 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-06 12:09 [PATCH 0/3] ARM branch predictor hardening Marc Zyngier
2018-01-06 12:09 ` [PATCH 1/3] arm: Add BTB invalidation on switch_mm for Cortex-A9, A12, A15 and A17 Marc Zyngier
2018-01-06 18:48 ` [PATCH 1/2] ARM: Add BTB invalidation on switch_mm for Brahma-B15 Florian Fainelli
2018-01-08 14:29 ` [PATCH 1/3] arm: Add BTB invalidation on switch_mm for Cortex-A9, A12, A15 and A17 Andre Przywara
2018-01-08 14:46 ` Marc Zyngier
2018-01-08 17:50 ` Robin Murphy
2018-01-06 12:09 ` [PATCH 2/3] arm: Invalidate BTB on fatal signal for Cortex A8, A9, " Marc Zyngier
2018-01-06 18:49 ` [PATCH 2/2] ARM: Invalidate BTB on fatal signal for Brahma-B15 Florian Fainelli
2018-01-06 12:09 ` [PATCH 3/3] arm: KVM: Invalidate BTB on guest exit Marc Zyngier
2018-01-06 13:27 ` Ard Biesheuvel
2018-01-06 13:39 ` Marc Zyngier
2018-01-06 13:35 ` Ard Biesheuvel
2018-01-06 13:55 ` Marc Zyngier
2018-01-06 18:50 ` [PATCH 0/3] ARM branch predictor hardening Florian Fainelli
2018-01-08 21:28 ` Marc Zyngier [this message]
2018-01-10 16:57 ` Russell King - ARM Linux
2018-01-08 16:54 ` Tony Lindgren
2018-01-08 17:02 ` Marc Zyngier
2018-01-08 17:24 ` Tony Lindgren
2018-01-08 17:30 ` Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86608c3urn.wl-marc.zyngier@arm.com \
--to=marc.zyngier@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.