From: christoffer.dall@linaro.org (Christoffer Dall)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v3 4/6] arm: Add icache invalidation on switch_mm for Cortex-A15
Date: Fri, 26 Jan 2018 10:14:25 +0100 [thread overview]
Message-ID: <20180126091425.GU21802@cbox> (raw)
In-Reply-To: <20180125152139.32431-5-marc.zyngier@arm.com>
On Thu, Jan 25, 2018 at 03:21:37PM +0000, Marc Zyngier wrote:
> In order to avoid aliasing attacks against the branch predictor,
> Cortex-A15 require to invalidate the BTB when switching
> from one user context to another. The only way to do so on this
> CPU is to perform an ICIALLU, having set ACTLR[0] to 1 from secure
> mode.
>
> Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
> ---
> arch/arm/mm/proc-v7-2level.S | 10 ++++++++++
> arch/arm/mm/proc-v7-3level.S | 16 ++++++++++++++++
> arch/arm/mm/proc-v7.S | 18 +++++++++++++++++-
> 3 files changed, 43 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm/mm/proc-v7-2level.S b/arch/arm/mm/proc-v7-2level.S
> index 0422e58b74e8..7dc9e1c69039 100644
> --- a/arch/arm/mm/proc-v7-2level.S
> +++ b/arch/arm/mm/proc-v7-2level.S
> @@ -40,7 +40,17 @@
> * Note that we always need to flush BTAC/BTB if IBE is set
> * even on Cortex-A8 revisions not affected by 430973.
> * If IBE is not set, the flush BTAC/BTB won't do anything.
> + *
> + * Cortex-A15 requires ACTLR[0] to be set from secure in order
> + * for the icache invalidation to also invalidate the BTB.
> */
Seems like we can read (but not write) this bit from non-secure. Should
we test if it's set somewhere during boot and warn the user if not?
> +ENTRY(cpu_ca15_switch_mm)
> +#ifdef CONFIG_MMU
> + mcr p15, 0, r0, c7, c5, 0 @ ICIALLU
> + isb
> + b cpu_v7_switch_mm
> +#endif
> +ENDPROC(cpu_ca15_switch_mm)
> ENTRY(cpu_v7_btbinv_switch_mm)
> #ifdef CONFIG_MMU
> mov r2, #0
> diff --git a/arch/arm/mm/proc-v7-3level.S b/arch/arm/mm/proc-v7-3level.S
> index 934272e1fa08..cae6bb4da956 100644
> --- a/arch/arm/mm/proc-v7-3level.S
> +++ b/arch/arm/mm/proc-v7-3level.S
> @@ -71,6 +71,22 @@ ENTRY(cpu_v7_switch_mm)
> ENDPROC(cpu_v7_switch_mm)
> ENDPROC(cpu_v7_btbinv_switch_mm)
>
> +/*
> + * Cortex-A15 requires ACTLR[0] to be set from secure in order
> + * for the icache invalidation to also invalidate the BTB.
> + */
> +ENTRY(cpu_ca15_switch_mm)
> +#ifdef CONFIG_MMU
> + mcr p15, 0, r0, c7, c5, 0 @ ICIALLU
> + mmid r2, r2
> + asid r2, r2
> + orr rpgdh, rpgdh, r2, lsl #(48 - 32) @ upper 32-bits of pgd
> + mcrr p15, 0, rpgdl, rpgdh, c2 @ set TTB 0
> + isb
> +#endif
> + ret lr
> +ENDPROC(cpu_ca15_switch_mm)
> +
There's some potential for code shaing with cpu_v7_switch_mm here,
either via a macro or by simply calling cpu_v7_switch_mm from
cpu_ca15_switch_mm, but I'm not sure if we care?
> #ifdef __ARMEB__
> #define rl r3
> #define rh r2
> diff --git a/arch/arm/mm/proc-v7.S b/arch/arm/mm/proc-v7.S
> index 0a14967fd400..9310fd9aa1cf 100644
> --- a/arch/arm/mm/proc-v7.S
> +++ b/arch/arm/mm/proc-v7.S
> @@ -173,6 +173,21 @@ ENDPROC(cpu_v7_do_resume)
> globl_equ cpu_v7_btbinv_do_resume, cpu_v7_do_resume
> #endif
>
> +/*
> + * Cortex-A15 that require an icache invalidation on switch_mm
uber nit: The wording is weird here, how about "Cortex-A15 requires
an..." ?
> + */
> + globl_equ cpu_ca15_proc_init, cpu_v7_proc_init
> + globl_equ cpu_ca15_proc_fin, cpu_v7_proc_fin
> + globl_equ cpu_ca15_reset, cpu_v7_reset
> + globl_equ cpu_ca15_do_idle, cpu_v7_do_idle
> + globl_equ cpu_ca15_dcache_clean_area, cpu_v7_dcache_clean_area
> + globl_equ cpu_ca15_set_pte_ext, cpu_v7_set_pte_ext
> + globl_equ cpu_ca15_suspend_size, cpu_v7_suspend_size
> +#ifdef CONFIG_ARM_CPU_SUSPEND
> + globl_equ cpu_ca15_do_suspend, cpu_v7_do_suspend
> + globl_equ cpu_ca15_do_resume, cpu_v7_do_resume
> +#endif
> +
> /*
> * Cortex-A9 processor functions
> */
> @@ -549,6 +564,7 @@ __v7_setup_stack:
> @ define struct processor (see <asm/proc-fns.h> and proc-macros.S)
> define_processor_functions v7, dabort=v7_early_abort, pabort=v7_pabort, suspend=1
> define_processor_functions v7_btbinv, dabort=v7_early_abort, pabort=v7_pabort, suspend=1
> + define_processor_functions ca15, dabort=v7_early_abort, pabort=v7_pabort, suspend=1
> #ifndef CONFIG_ARM_LPAE
> define_processor_functions ca9mp, dabort=v7_early_abort, pabort=v7_pabort, suspend=1
> #endif
> @@ -668,7 +684,7 @@ __v7_ca12mp_proc_info:
> __v7_ca15mp_proc_info:
> .long 0x410fc0f0
> .long 0xff0ffff0
> - __v7_proc __v7_ca15mp_proc_info, __v7_ca15mp_setup
> + __v7_proc __v7_ca15mp_proc_info, __v7_ca15mp_setup, proc_fns = ca15_processor_functions
> .size __v7_ca15mp_proc_info, . - __v7_ca15mp_proc_info
>
> /*
> --
> 2.14.2
>
Thanks,
-Christoffer
next prev parent reply other threads:[~2018-01-26 9:14 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-25 15:21 [PATCH v3 0/6] 32bit ARM branch predictor hardening Marc Zyngier
2018-01-25 15:21 ` [PATCH v3 1/6] arm: Add BTB invalidation on switch_mm for Cortex-A9, A12 and A17 Marc Zyngier
2018-01-26 20:44 ` Florian Fainelli
2018-01-30 17:27 ` Marc Zyngier
2018-01-25 15:21 ` [PATCH v3 2/6] arm: Invalidate BTB on prefetch abort outside of user mapping on Cortex A8, A9, " Marc Zyngier
2018-01-31 2:13 ` Fabio Estevam
2018-01-25 15:21 ` [PATCH v3 3/6] arm: KVM: Invalidate BTB on guest exit for Cortex-A12/A17 Marc Zyngier
2018-01-26 9:23 ` Christoffer Dall
2018-01-26 17:12 ` Robin Murphy
2018-01-31 12:11 ` Marc Zyngier
2018-01-31 14:25 ` Robin Murphy
2018-01-25 15:21 ` [PATCH v3 4/6] arm: Add icache invalidation on switch_mm for Cortex-A15 Marc Zyngier
2018-01-26 9:14 ` Christoffer Dall [this message]
2018-01-26 9:30 ` Marc Zyngier
2018-01-26 16:20 ` Florian Fainelli
2018-01-26 16:33 ` Marc Zyngier
2018-01-26 17:20 ` Robin Murphy
2018-01-27 22:23 ` Florian Fainelli
2018-01-28 11:55 ` Marc Zyngier
2018-01-29 18:05 ` Florian Fainelli
2018-01-29 18:13 ` Marc Zyngier
2018-01-25 15:21 ` [PATCH v3 5/6] arm: Invalidate icache on prefetch abort outside of user mapping on Cortex-A15 Marc Zyngier
2018-01-25 15:21 ` [PATCH v3 6/6] arm: KVM: Invalidate icache on guest exit for Cortex-A15 Marc Zyngier
2018-01-26 9:30 ` [PATCH v3 0/6] 32bit ARM branch predictor hardening Christoffer Dall
2018-01-26 16:39 ` Andre Przywara
2018-01-29 11:36 ` Hanjun Guo
2018-01-29 14:58 ` Nishanth Menon
2018-01-31 12:45 ` Hanjun Guo
2018-01-31 18:53 ` Florian Fainelli
2018-01-31 19:07 ` Marc Zyngier
2018-01-31 19:54 ` André Przywara
2018-01-31 20:37 ` Florian Fainelli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180126091425.GU21802@cbox \
--to=christoffer.dall@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).