diff options
author | James Morse <james.morse@arm.com> | 2021-11-10 15:48:00 +0100 |
---|---|---|
committer | James Morse <james.morse@arm.com> | 2022-02-24 14:58:52 +0100 |
commit | 558c303c9734af5a813739cd284879227f7297d2 (patch) | |
tree | 23ba781bbfede808b4081a820dcf4a09a0061ccd /arch/arm64/include/asm/spectre.h | |
parent | arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (diff) | |
download | linux-558c303c9734af5a813739cd284879227f7297d2.tar.xz linux-558c303c9734af5a813739cd284879227f7297d2.zip |
arm64: Mitigate spectre style branch history side channels
Speculation attacks against some high-performance processors can
make use of branch history to influence future speculation.
When taking an exception from user-space, a sequence of branches
or a firmware call overwrites or invalidates the branch history.
The sequence of branches is added to the vectors, and should appear
before the first indirect branch. For systems using KPTI the sequence
is added to the kpti trampoline where it has a free register as the exit
from the trampoline is via a 'ret'. For systems not using KPTI, the same
register tricks are used to free up a register in the vectors.
For the firmware call, arch-workaround-3 clobbers 4 registers, so
there is no choice but to save them to the EL1 stack. This only happens
for entry from EL0, so if we take an exception due to the stack access,
it will not become re-entrant.
For KVM, the existing branch-predictor-hardening vectors are used.
When a spectre version of these vectors is in use, the firmware call
is sufficient to mitigate against Spectre-BHB. For the non-spectre
versions, the sequence of branches is added to the indirect vector.
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: James Morse <james.morse@arm.com>
Diffstat (limited to 'arch/arm64/include/asm/spectre.h')
-rw-r--r-- | arch/arm64/include/asm/spectre.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/arch/arm64/include/asm/spectre.h b/arch/arm64/include/asm/spectre.h index c617fe90a843..86e0cc9b9c68 100644 --- a/arch/arm64/include/asm/spectre.h +++ b/arch/arm64/include/asm/spectre.h @@ -94,6 +94,8 @@ void spectre_v4_enable_task_mitigation(struct task_struct *tsk); enum mitigation_state arm64_get_meltdown_state(void); enum mitigation_state arm64_get_spectre_bhb_state(void); - +bool is_spectre_bhb_affected(const struct arm64_cpu_capabilities *entry, int scope); +u8 spectre_bhb_loop_affected(int scope); +void spectre_bhb_enable_mitigation(const struct arm64_cpu_capabilities *__unused); #endif /* __ASSEMBLY__ */ #endif /* __ASM_SPECTRE_H */ |