Loading arch/arm/include/asm/cputype.h +2 −0 Original line number Diff line number Diff line Loading @@ -76,6 +76,8 @@ #define ARM_CPU_PART_CORTEX_A12 0x4100c0d0 #define ARM_CPU_PART_CORTEX_A17 0x4100c0e0 #define ARM_CPU_PART_CORTEX_A15 0x4100c0f0 #define ARM_CPU_PART_CORTEX_A73 0x4100d090 #define ARM_CPU_PART_KRYO2XX_GOLD 0x51008000 #define ARM_CPU_PART_MASK 0xff00fff0 /* DEC implemented cores */ Loading arch/arm/include/asm/mmu_context.h +15 −1 Original line number Diff line number Diff line Loading @@ -24,6 +24,18 @@ void __check_vmalloc_seq(struct mm_struct *mm); #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR void arm_init_bp_hardening(void); void arm_apply_bp_hardening(void); #else static inline void arm_init_bp_hardening(void) { } static inline void arm_apply_bp_hardening(void) { } #endif #ifdef CONFIG_CPU_HAS_ASID void check_and_switch_context(struct mm_struct *mm, struct task_struct *tsk); Loading Loading @@ -63,9 +75,11 @@ static inline void check_and_switch_context(struct mm_struct *mm, * finish_arch_post_lock_switch() call. */ mm->context.switch_pending = 1; else else { arm_apply_bp_hardening(); cpu_switch_mm(mm->pgd, mm); } } #ifndef MODULE #define finish_arch_post_lock_switch \ Loading arch/arm/kernel/setup.c +35 −0 Original line number Diff line number Diff line Loading @@ -243,6 +243,40 @@ static const char *proc_arch[] = { "?(17)", }; #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR struct arm_btbinv { void (*apply_bp_hardening)(void); }; static DEFINE_PER_CPU_READ_MOSTLY(struct arm_btbinv, arm_btbinv); static void arm_a73_apply_bp_hardening(void) { asm("mov r2, #0"); asm("mcr p15, 0, r2, c7, c5, 6"); } void arm_apply_bp_hardening(void) { if (this_cpu_ptr(&arm_btbinv)->apply_bp_hardening) this_cpu_ptr(&arm_btbinv)->apply_bp_hardening(); } void arm_init_bp_hardening(void) { switch (read_cpuid_part()) { case ARM_CPU_PART_CORTEX_A73: case ARM_CPU_PART_KRYO2XX_GOLD: per_cpu(arm_btbinv.apply_bp_hardening, raw_smp_processor_id()) = arm_a73_apply_bp_hardening; break; default: per_cpu(arm_btbinv.apply_bp_hardening, raw_smp_processor_id()) = NULL; break; } } #endif #ifdef CONFIG_CPU_V7M static int __get_cpu_architecture(void) { Loading Loading @@ -685,6 +719,7 @@ static void __init setup_processor(void) * types. The linker builds this table for us from the * entries in arch/arm/mm/proc-*.S */ arm_init_bp_hardening(); list = lookup_processor_type(read_cpuid_id()); if (!list) { pr_err("CPU configuration botched (ID %08x), unable to continue.\n", Loading arch/arm/kernel/smp.c +2 −0 Original line number Diff line number Diff line Loading @@ -47,6 +47,7 @@ #include <asm/virt.h> #include <asm/mach/arch.h> #include <asm/mpu.h> #include <asm/cputype.h> #define CREATE_TRACE_POINTS #include <trace/events/ipi.h> Loading Loading @@ -359,6 +360,7 @@ asmlinkage void secondary_start_kernel(void) * The identity mapping is uncached (strongly ordered), so * switch away from it before attempting any exclusive accesses. */ arm_init_bp_hardening(); cpu_switch_mm(mm->pgd, mm); local_flush_bp_all(); enter_lazy_tlb(mm, current); Loading arch/arm/mm/Kconfig +17 −0 Original line number Diff line number Diff line Loading @@ -1068,3 +1068,20 @@ config DEBUG_ALIGN_RODATA additional section-aligned split of rodata from kernel text so it can be made explicitly non-executable. This padding may waste memory space to gain the additional protection. config HARDEN_BRANCH_PREDICTOR bool "Harden the branch predictor against aliasing attacks" if EXPERT default y help Speculation attacks against some high-performance processors rely on being able to manipulate the branch predictor for a victim context by executing aliasing branches in the attacker context. Such attacks can be partially mitigated against by clearing internal branch predictor state and limiting the prediction logic in some situations. This config option will take CPU-specific actions to harden the branch predictor against aliasing attacks and may rely on specific instruction sequences or control bits being set by the system firmware. If unsure, say Y. Loading
arch/arm/include/asm/cputype.h +2 −0 Original line number Diff line number Diff line Loading @@ -76,6 +76,8 @@ #define ARM_CPU_PART_CORTEX_A12 0x4100c0d0 #define ARM_CPU_PART_CORTEX_A17 0x4100c0e0 #define ARM_CPU_PART_CORTEX_A15 0x4100c0f0 #define ARM_CPU_PART_CORTEX_A73 0x4100d090 #define ARM_CPU_PART_KRYO2XX_GOLD 0x51008000 #define ARM_CPU_PART_MASK 0xff00fff0 /* DEC implemented cores */ Loading
arch/arm/include/asm/mmu_context.h +15 −1 Original line number Diff line number Diff line Loading @@ -24,6 +24,18 @@ void __check_vmalloc_seq(struct mm_struct *mm); #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR void arm_init_bp_hardening(void); void arm_apply_bp_hardening(void); #else static inline void arm_init_bp_hardening(void) { } static inline void arm_apply_bp_hardening(void) { } #endif #ifdef CONFIG_CPU_HAS_ASID void check_and_switch_context(struct mm_struct *mm, struct task_struct *tsk); Loading Loading @@ -63,9 +75,11 @@ static inline void check_and_switch_context(struct mm_struct *mm, * finish_arch_post_lock_switch() call. */ mm->context.switch_pending = 1; else else { arm_apply_bp_hardening(); cpu_switch_mm(mm->pgd, mm); } } #ifndef MODULE #define finish_arch_post_lock_switch \ Loading
arch/arm/kernel/setup.c +35 −0 Original line number Diff line number Diff line Loading @@ -243,6 +243,40 @@ static const char *proc_arch[] = { "?(17)", }; #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR struct arm_btbinv { void (*apply_bp_hardening)(void); }; static DEFINE_PER_CPU_READ_MOSTLY(struct arm_btbinv, arm_btbinv); static void arm_a73_apply_bp_hardening(void) { asm("mov r2, #0"); asm("mcr p15, 0, r2, c7, c5, 6"); } void arm_apply_bp_hardening(void) { if (this_cpu_ptr(&arm_btbinv)->apply_bp_hardening) this_cpu_ptr(&arm_btbinv)->apply_bp_hardening(); } void arm_init_bp_hardening(void) { switch (read_cpuid_part()) { case ARM_CPU_PART_CORTEX_A73: case ARM_CPU_PART_KRYO2XX_GOLD: per_cpu(arm_btbinv.apply_bp_hardening, raw_smp_processor_id()) = arm_a73_apply_bp_hardening; break; default: per_cpu(arm_btbinv.apply_bp_hardening, raw_smp_processor_id()) = NULL; break; } } #endif #ifdef CONFIG_CPU_V7M static int __get_cpu_architecture(void) { Loading Loading @@ -685,6 +719,7 @@ static void __init setup_processor(void) * types. The linker builds this table for us from the * entries in arch/arm/mm/proc-*.S */ arm_init_bp_hardening(); list = lookup_processor_type(read_cpuid_id()); if (!list) { pr_err("CPU configuration botched (ID %08x), unable to continue.\n", Loading
arch/arm/kernel/smp.c +2 −0 Original line number Diff line number Diff line Loading @@ -47,6 +47,7 @@ #include <asm/virt.h> #include <asm/mach/arch.h> #include <asm/mpu.h> #include <asm/cputype.h> #define CREATE_TRACE_POINTS #include <trace/events/ipi.h> Loading Loading @@ -359,6 +360,7 @@ asmlinkage void secondary_start_kernel(void) * The identity mapping is uncached (strongly ordered), so * switch away from it before attempting any exclusive accesses. */ arm_init_bp_hardening(); cpu_switch_mm(mm->pgd, mm); local_flush_bp_all(); enter_lazy_tlb(mm, current); Loading
arch/arm/mm/Kconfig +17 −0 Original line number Diff line number Diff line Loading @@ -1068,3 +1068,20 @@ config DEBUG_ALIGN_RODATA additional section-aligned split of rodata from kernel text so it can be made explicitly non-executable. This padding may waste memory space to gain the additional protection. config HARDEN_BRANCH_PREDICTOR bool "Harden the branch predictor against aliasing attacks" if EXPERT default y help Speculation attacks against some high-performance processors rely on being able to manipulate the branch predictor for a victim context by executing aliasing branches in the attacker context. Such attacks can be partially mitigated against by clearing internal branch predictor state and limiting the prediction logic in some situations. This config option will take CPU-specific actions to harden the branch predictor against aliasing attacks and may rely on specific instruction sequences or control bits being set by the system firmware. If unsure, say Y.
