Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1df9a0a8 authored by Marc Zyngier's avatar Marc Zyngier Committed by Greg Kroah-Hartman
Browse files

ARM: KVM: invalidate icache on guest exit for Cortex-A15 



Commit 0c47ac8cd157727e7a532d665d6fb1b5fd333977 upstream.

In order to avoid aliasing attacks against the branch predictor
on Cortex-A15, let's invalidate the BTB on guest exit, which can
only be done by invalidating the icache (with ACTLR[0] being set).

We use the same hack as for A12/A17 to perform the vector decoding.

Signed-off-by: default avatarMarc Zyngier <marc.zyngier@arm.com>
Signed-off-by: default avatarRussell King <rmk+kernel@armlinux.org.uk>
Boot-tested-by: default avatarTony Lindgren <tony@atomide.com>
Reviewed-by: default avatarTony Lindgren <tony@atomide.com>
Signed-off-by: default avatarDavid A. Long <dave.long@linaro.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 75e48eff

arch/arm/include/asm/kvm_mmu.h

+5 −0
Original line number Diff line number Diff line
@@ -255,6 +255,11 @@ static inline void *kvm_get_hyp_vector(void) 
		return kvm_ksym_ref(__kvm_hyp_vector_bp_inv);

	}



	case ARM_CPU_PART_CORTEX_A15:

	{

		extern char __kvm_hyp_vector_ic_inv[];

		return kvm_ksym_ref(__kvm_hyp_vector_ic_inv);

	}

#endif

	default:

	{

arch/arm/kvm/hyp/hyp-entry.S

+24 −0
Original line number Diff line number Diff line
@@ -72,6 +72,28 @@ __kvm_hyp_vector: 
	W(b)	hyp_fiq



#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR

	.align 5

__kvm_hyp_vector_ic_inv:

	.global __kvm_hyp_vector_ic_inv



	/*

	 * We encode the exception entry in the bottom 3 bits of

	 * SP, and we have to guarantee to be 8 bytes aligned.

	 */

	W(add)	sp, sp, #1	/* Reset 	  7 */

	W(add)	sp, sp, #1	/* Undef	  6 */

	W(add)	sp, sp, #1	/* Syscall	  5 */

	W(add)	sp, sp, #1	/* Prefetch abort 4 */

	W(add)	sp, sp, #1	/* Data abort	  3 */

	W(add)	sp, sp, #1	/* HVC		  2 */

	W(add)	sp, sp, #1	/* IRQ		  1 */

	W(nop)			/* FIQ		  0 */



	mcr	p15, 0, r0, c7, c5, 0	/* ICIALLU */

	isb



	b	decode_vectors



	.align 5

__kvm_hyp_vector_bp_inv:

	.global __kvm_hyp_vector_bp_inv
@@ -92,6 +114,8 @@ __kvm_hyp_vector_bp_inv: 
	mcr	p15, 0, r0, c7, c5, 6	/* BPIALL */

	isb



decode_vectors:



#ifdef CONFIG_THUMB2_KERNEL

	/*

	 * Yet another silly hack: Use VPIDR as a temp register.