From: Diana Craciun <diana.craciun@nxp.com>
To: linuxppc-dev@lists.ozlabs.org
Cc: Diana Craciun <diana.craciun@nxp.com>
Subject: [PATCH 06/11] powerpc/fsl: Flush the branch predictor at each kernel entry (64bit)
Date: Wed, 12 Dec 2018 16:03:05 +0200 [thread overview]
Message-ID: <1544623390-18710-7-git-send-email-diana.craciun@nxp.com> (raw)
In-Reply-To: <1544623390-18710-1-git-send-email-diana.craciun@nxp.com>
In order to protect against speculation attacks on
indirect branches, the branch predictor is flushed at
kernel entry to protect for the following situations:
- userspace process attacking another userspace process
- userspace process attacking the kernel
Basically when the privillege level change (i.e. the
kernel is entered), the branch predictor state is flushed.
Signed-off-by: Diana Craciun <diana.craciun@nxp.com>
---
arch/powerpc/kernel/entry_64.S | 5 +++++
arch/powerpc/kernel/exceptions-64e.S | 26 +++++++++++++++++++++++++-
arch/powerpc/mm/tlb_low_64e.S | 7 +++++++
3 files changed, 37 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/kernel/entry_64.S b/arch/powerpc/kernel/entry_64.S
index 7b1693a..7c2032e 100644
--- a/arch/powerpc/kernel/entry_64.S
+++ b/arch/powerpc/kernel/entry_64.S
@@ -80,6 +80,11 @@ END_FTR_SECTION_IFSET(CPU_FTR_TM)
std r0,GPR0(r1)
std r10,GPR1(r1)
beq 2f /* if from kernel mode */
+#ifdef CONFIG_PPC_FSL_BOOK3E
+START_BTB_FLUSH_SECTION
+ BTB_FLUSH(r10)
+END_BTB_FLUSH_SECTION
+#endif
ACCOUNT_CPU_USER_ENTRY(r13, r10, r11)
2: std r2,GPR2(r1)
std r3,GPR3(r1)
diff --git a/arch/powerpc/kernel/exceptions-64e.S b/arch/powerpc/kernel/exceptions-64e.S
index 6d6e144..afb6387 100644
--- a/arch/powerpc/kernel/exceptions-64e.S
+++ b/arch/powerpc/kernel/exceptions-64e.S
@@ -296,7 +296,8 @@ ret_from_mc_except:
andi. r10,r11,MSR_PR; /* save stack pointer */ \
beq 1f; /* branch around if supervisor */ \
ld r1,PACAKSAVE(r13); /* get kernel stack coming from usr */\
-1: cmpdi cr1,r1,0; /* check if SP makes sense */ \
+1: type##_BTB_FLUSH \
+ cmpdi cr1,r1,0; /* check if SP makes sense */ \
bge- cr1,exc_##n##_bad_stack;/* bad stack (TODO: out of line) */ \
mfspr r10,SPRN_##type##_SRR0; /* read SRR0 before touching stack */
@@ -328,6 +329,29 @@ ret_from_mc_except:
#define SPRN_MC_SRR0 SPRN_MCSRR0
#define SPRN_MC_SRR1 SPRN_MCSRR1
+#ifdef CONFIG_PPC_FSL_BOOK3E
+#define GEN_BTB_FLUSH \
+ START_BTB_FLUSH_SECTION \
+ beq 1f; \
+ BTB_FLUSH(r10) \
+ 1: \
+ END_BTB_FLUSH_SECTION
+
+#define CRIT_BTB_FLUSH \
+ START_BTB_FLUSH_SECTION \
+ BTB_FLUSH(r10) \
+ END_BTB_FLUSH_SECTION
+
+#define DBG_BTB_FLUSH CRIT_BTB_FLUSH
+#define MC_BTB_FLUSH CRIT_BTB_FLUSH
+#define GDBELL_BTB_FLUSH GEN_BTB_FLUSH
+#else
+#define GEN_BTB_FLUSH
+#define CRIT_BTB_FLUSH
+#define DBG_BTB_FLUSH
+#define GDBELL_BTB_FLUSH
+#endif
+
#define NORMAL_EXCEPTION_PROLOG(n, intnum, addition) \
EXCEPTION_PROLOG(n, intnum, GEN, addition##_GEN(n))
diff --git a/arch/powerpc/mm/tlb_low_64e.S b/arch/powerpc/mm/tlb_low_64e.S
index 7fd20c5..9ed9006 100644
--- a/arch/powerpc/mm/tlb_low_64e.S
+++ b/arch/powerpc/mm/tlb_low_64e.S
@@ -70,6 +70,13 @@ END_FTR_SECTION_IFSET(CPU_FTR_EMB_HV)
std r15,EX_TLB_R15(r12)
std r10,EX_TLB_CR(r12)
#ifdef CONFIG_PPC_FSL_BOOK3E
+START_BTB_FLUSH_SECTION
+ mfspr r11, SPRN_SRR1
+ andi. r10,r11,MSR_PR
+ beq 1f
+ BTB_FLUSH(r10)
+1:
+END_BTB_FLUSH_SECTION
std r7,EX_TLB_R7(r12)
#endif
TLB_MISS_PROLOG_STATS
--
2.5.5
next prev parent reply other threads:[~2018-12-12 14:07 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-12 14:02 [PATCH 00/11] powerpc/fsl: NXP PowerPC Spectre variant 2 workarounds Diana Craciun
2018-12-12 14:03 ` [PATCH 01/11] powerpc/fsl: Add infrastructure to fixup branch predictor flush Diana Craciun
2018-12-22 9:54 ` [01/11] " Michael Ellerman
2018-12-12 14:03 ` [PATCH 02/11] powerpc/fsl: Add macro to flush the branch predictor Diana Craciun
2018-12-12 14:03 ` [PATCH 03/11] powerpc/fsl: Fix spectre_v2 mitigations reporting Diana Craciun
2018-12-12 14:03 ` [PATCH 04/11] powerpc/fsl: Emulate SPRN_BUCSR register Diana Craciun
2018-12-12 14:03 ` [PATCH 05/11] powerpc/fsl: Add nospectre_v2 command line argument Diana Craciun
2018-12-12 14:03 ` Diana Craciun [this message]
2018-12-12 14:03 ` [PATCH 07/11] powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit) Diana Craciun
2018-12-19 9:42 ` kbuild test robot
2018-12-12 14:03 ` [PATCH 08/11] powerpc/fsl: Flush branch predictor when entering KVM Diana Craciun
2018-12-12 14:03 ` [PATCH 09/11] powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used Diana Craciun
2018-12-12 14:03 ` [PATCH 10/11] powerpc/fsl: Update Spectre v2 reporting Diana Craciun
2018-12-12 14:03 ` [PATCH 11/11] powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg Diana Craciun
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1544623390-18710-7-git-send-email-diana.craciun@nxp.com \
--to=diana.craciun@nxp.com \
--cc=linuxppc-dev@lists.ozlabs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).