lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu,  7 Jun 2018 15:58:02 -0700
From:   Florian Fainelli <f.fainelli@...il.com>
To:     linux-arm-kernel@...ts.infradead.org
Cc:     marc.zyngier@....com, Florian Fainelli <f.fainelli@...il.com>,
        Russell King <linux@...linux.org.uk>,
        Tony Lindgren <tony@...mide.com>,
        Luca Scalabrino <luca.scalabrino@....com>,
        linux-kernel@...r.kernel.org (open list)
Subject: [PATCH] ARM: spectre-v2: Try to set IBE bit for Cortex-A15 and Brahma-B15

Per the ARM reference manual for the Cortex-A15, The ACTLR:

 Is a read/write register.

 Common to the Secure and Non-secure states.

 Is only accessible from PL1 or higher, with access rights that depend
 on the mode:

    * Read/write in Secure PL1 modes.

    * Read-only and write-ignored in Non-secure PL1 and PL2 modes
      if NSACR.NS_SMP is 0.

    * Read/write in Non-secure PL1 and PL2 modes if NSACR.NS_SMP
      is 1. In this case, all bits are write-ignored except for the SMP bit.

We can attempt to set this bit from within the kernel, which helps
avoiding firmware side modifications to set the IBE bit when that is
impractical. We do this within __v7_ca15mp_setup and __v7_b15mp_setup
because by then we already took those labels because the processors we
run on do match.

Signed-off-by: Florian Fainelli <f.fainelli@...il.com>
---
 arch/arm/mm/proc-v7.S | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/arch/arm/mm/proc-v7.S b/arch/arm/mm/proc-v7.S
index 6fe52819e014..a21cf3729efa 100644
--- a/arch/arm/mm/proc-v7.S
+++ b/arch/arm/mm/proc-v7.S
@@ -284,10 +284,16 @@ __v7_cr8mp_setup:
 	b	1f
 __v7_ca7mp_setup:
 __v7_ca12mp_setup:
+	b	2f
 __v7_ca15mp_setup:
 __v7_b15mp_setup:
+#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR
+	mrc	p15, 0, r0, c1, c0, 1
+	orr	r0, r0, #1			@ Enable IBE bit
+	mcr	p15, 0, r0, c1, c0, 1
+#endif
 __v7_ca17mp_setup:
-	mov	r10, #0
+2:	mov	r10, #0
 1:	adr	r0, __v7_setup_stack_ptr
 	ldr	r12, [r0]
 	add	r12, r12, r0			@ the local stack
-- 
2.14.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ