Loading arch/arm64/Kconfig +17 −0 Original line number Diff line number Diff line Loading @@ -810,6 +810,23 @@ config UNMAP_KERNEL_AT_EL0 If unsure, say Y. config HARDEN_BRANCH_PREDICTOR bool "Harden the branch predictor against aliasing attacks" if EXPERT default y help Speculation attacks against some high-performance processors rely on being able to manipulate the branch predictor for a victim context by executing aliasing branches in the attacker context. Such attacks can be partially mitigated against by clearing internal branch predictor state and limiting the prediction logic in some situations. This config option will take CPU-specific actions to harden the branch predictor against aliasing attacks and may rely on specific instruction sequences or control bits being set by the system firmware. If unsure, say Y. menuconfig ARMV8_DEPRECATED bool "Emulate deprecated/obsolete ARMv8 instructions" depends on COMPAT Loading arch/arm64/include/asm/cpufeature.h +3 −2 Original line number Diff line number Diff line Loading @@ -36,8 +36,9 @@ #define ARM64_WORKAROUND_CAVIUM_27456 11 #define ARM64_HAS_VIRT_HOST_EXTN 12 #define ARM64_UNMAP_KERNEL_AT_EL0 23 #define ARM64_NCAPS 24 #define ARM64_HARDEN_BRANCH_PREDICTOR 13 #define ARM64_UNMAP_KERNEL_AT_EL0 14 #define ARM64_NCAPS 15 #ifndef __ASSEMBLY__ Loading arch/arm64/include/asm/mmu.h +41 −0 Original line number Diff line number Diff line Loading @@ -20,6 +20,10 @@ #define TTBR_ASID_MASK (UL(0xffff) << 48) #ifndef __ASSEMBLY__ #include <linux/smp.h> #include <asm/cpufeature.h> #include <asm/percpu.h> typedef struct { atomic64_t id; Loading @@ -39,6 +43,43 @@ static inline bool arm64_kernel_unmapped_at_el0(void) cpus_have_cap(ARM64_UNMAP_KERNEL_AT_EL0); } typedef void (*bp_hardening_cb_t)(void); struct bp_hardening_data { int hyp_vectors_slot; bp_hardening_cb_t fn; }; #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR extern char __bp_harden_hyp_vecs_start[], __bp_harden_hyp_vecs_end[]; DECLARE_PER_CPU_READ_MOSTLY(struct bp_hardening_data, bp_hardening_data); static inline struct bp_hardening_data *arm64_get_bp_hardening_data(void) { return this_cpu_ptr(&bp_hardening_data); } static inline void arm64_apply_bp_hardening(void) { struct bp_hardening_data *d; if (!cpus_have_cap(ARM64_HARDEN_BRANCH_PREDICTOR)) return; d = arm64_get_bp_hardening_data(); if (d->fn) d->fn(); } #else static inline struct bp_hardening_data *arm64_get_bp_hardening_data(void) { return NULL; } static inline void arm64_apply_bp_hardening(void) { } #endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */ extern void paging_init(void); extern void __iomem *early_io_map(phys_addr_t phys, unsigned long virt); extern void init_mem_pgprot(void); Loading arch/arm64/include/asm/sysreg.h +1 −0 Original line number Diff line number Diff line Loading @@ -112,6 +112,7 @@ #define ID_AA64ISAR0_AES_SHIFT 4 /* id_aa64pfr0 */ #define ID_AA64PFR0_CSV2_SHIFT 56 #define ID_AA64PFR0_GIC_SHIFT 24 #define ID_AA64PFR0_ASIMD_SHIFT 20 #define ID_AA64PFR0_FP_SHIFT 16 Loading arch/arm64/kernel/Makefile +4 −0 Original line number Diff line number Diff line Loading @@ -49,6 +49,10 @@ arm64-obj-$(CONFIG_HIBERNATION) += hibernate.o hibernate-asm.o arm64-obj-$(CONFIG_ARM64_ACPI_PARKING_PROTOCOL) += acpi_parking_protocol.o arm64-obj-$(CONFIG_PARAVIRT) += paravirt.o ifeq ($(CONFIG_KVM),y) arm64-obj-$(CONFIG_HARDEN_BRANCH_PREDICTOR) += bpi.o endif obj-y += $(arm64-obj-y) vdso/ probes/ obj-m += $(arm64-obj-m) head-y := head.o Loading Loading
arch/arm64/Kconfig +17 −0 Original line number Diff line number Diff line Loading @@ -810,6 +810,23 @@ config UNMAP_KERNEL_AT_EL0 If unsure, say Y. config HARDEN_BRANCH_PREDICTOR bool "Harden the branch predictor against aliasing attacks" if EXPERT default y help Speculation attacks against some high-performance processors rely on being able to manipulate the branch predictor for a victim context by executing aliasing branches in the attacker context. Such attacks can be partially mitigated against by clearing internal branch predictor state and limiting the prediction logic in some situations. This config option will take CPU-specific actions to harden the branch predictor against aliasing attacks and may rely on specific instruction sequences or control bits being set by the system firmware. If unsure, say Y. menuconfig ARMV8_DEPRECATED bool "Emulate deprecated/obsolete ARMv8 instructions" depends on COMPAT Loading
arch/arm64/include/asm/cpufeature.h +3 −2 Original line number Diff line number Diff line Loading @@ -36,8 +36,9 @@ #define ARM64_WORKAROUND_CAVIUM_27456 11 #define ARM64_HAS_VIRT_HOST_EXTN 12 #define ARM64_UNMAP_KERNEL_AT_EL0 23 #define ARM64_NCAPS 24 #define ARM64_HARDEN_BRANCH_PREDICTOR 13 #define ARM64_UNMAP_KERNEL_AT_EL0 14 #define ARM64_NCAPS 15 #ifndef __ASSEMBLY__ Loading
arch/arm64/include/asm/mmu.h +41 −0 Original line number Diff line number Diff line Loading @@ -20,6 +20,10 @@ #define TTBR_ASID_MASK (UL(0xffff) << 48) #ifndef __ASSEMBLY__ #include <linux/smp.h> #include <asm/cpufeature.h> #include <asm/percpu.h> typedef struct { atomic64_t id; Loading @@ -39,6 +43,43 @@ static inline bool arm64_kernel_unmapped_at_el0(void) cpus_have_cap(ARM64_UNMAP_KERNEL_AT_EL0); } typedef void (*bp_hardening_cb_t)(void); struct bp_hardening_data { int hyp_vectors_slot; bp_hardening_cb_t fn; }; #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR extern char __bp_harden_hyp_vecs_start[], __bp_harden_hyp_vecs_end[]; DECLARE_PER_CPU_READ_MOSTLY(struct bp_hardening_data, bp_hardening_data); static inline struct bp_hardening_data *arm64_get_bp_hardening_data(void) { return this_cpu_ptr(&bp_hardening_data); } static inline void arm64_apply_bp_hardening(void) { struct bp_hardening_data *d; if (!cpus_have_cap(ARM64_HARDEN_BRANCH_PREDICTOR)) return; d = arm64_get_bp_hardening_data(); if (d->fn) d->fn(); } #else static inline struct bp_hardening_data *arm64_get_bp_hardening_data(void) { return NULL; } static inline void arm64_apply_bp_hardening(void) { } #endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */ extern void paging_init(void); extern void __iomem *early_io_map(phys_addr_t phys, unsigned long virt); extern void init_mem_pgprot(void); Loading
arch/arm64/include/asm/sysreg.h +1 −0 Original line number Diff line number Diff line Loading @@ -112,6 +112,7 @@ #define ID_AA64ISAR0_AES_SHIFT 4 /* id_aa64pfr0 */ #define ID_AA64PFR0_CSV2_SHIFT 56 #define ID_AA64PFR0_GIC_SHIFT 24 #define ID_AA64PFR0_ASIMD_SHIFT 20 #define ID_AA64PFR0_FP_SHIFT 16 Loading
arch/arm64/kernel/Makefile +4 −0 Original line number Diff line number Diff line Loading @@ -49,6 +49,10 @@ arm64-obj-$(CONFIG_HIBERNATION) += hibernate.o hibernate-asm.o arm64-obj-$(CONFIG_ARM64_ACPI_PARKING_PROTOCOL) += acpi_parking_protocol.o arm64-obj-$(CONFIG_PARAVIRT) += paravirt.o ifeq ($(CONFIG_KVM),y) arm64-obj-$(CONFIG_HARDEN_BRANCH_PREDICTOR) += bpi.o endif obj-y += $(arm64-obj-y) vdso/ probes/ obj-m += $(arm64-obj-m) head-y := head.o Loading
