[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180613132910.wr7ngq4nvxlgaoqi@kahuna>
Date: Wed, 13 Jun 2018 08:29:10 -0500
From: Nishanth Menon <nm@...com>
To: Russell King - ARM Linux <linux@...linux.org.uk>
CC: Tony Lindgren <tony@...mide.com>, <linux-kernel@...r.kernel.org>,
<linux-omap@...r.kernel.org>,
<linux-arm-kernel@...ts.infradead.org>
Subject: Re: [PATCH] ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of
BTB) for secondary cores
On 10:11-20180613, Russell King - ARM Linux wrote:
> On Tue, Jun 12, 2018 at 04:36:11PM -0500, Nishanth Menon wrote:
> > Call secure services to enable ACTLR[0] (Enable invalidates of BTB with
> > ICIALLU) when branch hardening is enabled for kernel.
>
> As mentioned elsewhere, I don't think this is a good idea - if the secure
> world is not implementing the Spectre workarounds, then the _system_ is
> exploitable.
>
> If the secure world is implementing the spectre workarounds, it will
> already have enabled the IBE bit (which is r/w from secure, read only
> from non-secure.)
>
> So, basically, lack of the IBE bit being set is basically telling the
> kernel that it's running on a vulnerable platform _even if the kernel
> were to set it through some means_.
On GP devices OMAP5/DRA7, there is no possibility to update secure side
since "secure world" is ROM and there are no override mechanisms possible.
on HS devices, I agree, appropriate PPA will do the workarounds as well.
However, this patch is to enable the IBE enable on GP device for _a_
core can only be done via SMC services that ROM provides for
specifically the reasons you have already stated. u-boot will only
enable the IBE for the boot core, by the time the secondary cores start
up, u-boot is long gone.. so someone has to invoke the SMC call to
enable the IBE bit for the secondary core.
This is what the patch does.
If the above explanation makes sense, I will add that to the commit log
as well.
--
Regards,
Nishanth Menon
Powered by blists - more mailing lists