Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0f15adbb authored by Will Deacon's avatar Will Deacon Committed by Catalin Marinas
Browse files

arm64: Add skeleton to harden the branch predictor against aliasing attacks 



Aliasing attacks against CPU branch predictors can allow an attacker to
redirect speculative control flow on some CPUs and potentially divulge
information from one context to another.

This patch adds initial skeleton code behind a new Kconfig option to
enable implementation-specific mitigations against these attacks for
CPUs that are affected.

Co-developed-by: default avatarMarc Zyngier <marc.zyngier@arm.com>
Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
parent 95e3de35

arch/arm64/Kconfig

+17 −0
Original line number Diff line number Diff line
@@ -874,6 +874,23 @@ config UNMAP_KERNEL_AT_EL0 


	  If unsure, say Y.



config HARDEN_BRANCH_PREDICTOR

	bool "Harden the branch predictor against aliasing attacks" if EXPERT

	default y

	help

	  Speculation attacks against some high-performance processors rely on

	  being able to manipulate the branch predictor for a victim context by

	  executing aliasing branches in the attacker context.  Such attacks

	  can be partially mitigated against by clearing internal branch

	  predictor state and limiting the prediction logic in some situations.



	  This config option will take CPU-specific actions to harden the

	  branch predictor against aliasing attacks and may rely on specific

	  instruction sequences or control bits being set by the system

	  firmware.



	  If unsure, say Y.



menuconfig ARMV8_DEPRECATED

	bool "Emulate deprecated/obsolete ARMv8 instructions"

	depends on COMPAT

arch/arm64/include/asm/cpucaps.h

+2 −1
Original line number Diff line number Diff line
@@ -42,7 +42,8 @@ 
#define ARM64_HAS_DCPOP				21

#define ARM64_SVE				22

#define ARM64_UNMAP_KERNEL_AT_EL0		23

#define ARM64_HARDEN_BRANCH_PREDICTOR		24



#define ARM64_NCAPS				24

#define ARM64_NCAPS				25



#endif /* __ASM_CPUCAPS_H */

arch/arm64/include/asm/mmu.h

+37 −0
Original line number Diff line number Diff line
@@ -41,6 +41,43 @@ static inline bool arm64_kernel_unmapped_at_el0(void) 
	       cpus_have_const_cap(ARM64_UNMAP_KERNEL_AT_EL0);

}



typedef void (*bp_hardening_cb_t)(void);



struct bp_hardening_data {

	int			hyp_vectors_slot;

	bp_hardening_cb_t	fn;

};



#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR

extern char __bp_harden_hyp_vecs_start[], __bp_harden_hyp_vecs_end[];



DECLARE_PER_CPU_READ_MOSTLY(struct bp_hardening_data, bp_hardening_data);



static inline struct bp_hardening_data *arm64_get_bp_hardening_data(void)

{

	return this_cpu_ptr(&bp_hardening_data);

}



static inline void arm64_apply_bp_hardening(void)

{

	struct bp_hardening_data *d;



	if (!cpus_have_const_cap(ARM64_HARDEN_BRANCH_PREDICTOR))

		return;



	d = arm64_get_bp_hardening_data();

	if (d->fn)

		d->fn();

}

#else

static inline struct bp_hardening_data *arm64_get_bp_hardening_data(void)

{

	return NULL;

}



static inline void arm64_apply_bp_hardening(void)	{ }

#endif	/* CONFIG_HARDEN_BRANCH_PREDICTOR */



extern void paging_init(void);

extern void bootmem_init(void);

extern void __iomem *early_io_map(phys_addr_t phys, unsigned long virt);

arch/arm64/include/asm/sysreg.h

+1 −0
Original line number Diff line number Diff line
@@ -439,6 +439,7 @@ 


/* id_aa64pfr0 */

#define ID_AA64PFR0_CSV3_SHIFT		60

#define ID_AA64PFR0_CSV2_SHIFT		56

#define ID_AA64PFR0_SVE_SHIFT		32

#define ID_AA64PFR0_GIC_SHIFT		24

#define ID_AA64PFR0_ASIMD_SHIFT		20

arch/arm64/kernel/Makefile

+4 −0
Original line number Diff line number Diff line
@@ -53,6 +53,10 @@ arm64-obj-$(CONFIG_ARM64_RELOC_TEST) += arm64-reloc-test.o 
arm64-reloc-test-y := reloc_test_core.o reloc_test_syms.o

arm64-obj-$(CONFIG_CRASH_DUMP)		+= crash_dump.o



ifeq ($(CONFIG_KVM),y)

arm64-obj-$(CONFIG_HARDEN_BRANCH_PREDICTOR)	+= bpi.o

endif



obj-y					+= $(arm64-obj-y) vdso/ probes/

obj-m					+= $(arm64-obj-m)

head-y					:= head.o