Loading arch/arm64/Kconfig +17 −0 Original line number Diff line number Diff line Loading @@ -813,6 +813,23 @@ config UNMAP_KERNEL_AT_EL0 If unsure, say Y. config HARDEN_BRANCH_PREDICTOR bool "Harden the branch predictor against aliasing attacks" if EXPERT default y help Speculation attacks against some high-performance processors rely on being able to manipulate the branch predictor for a victim context by executing aliasing branches in the attacker context. Such attacks can be partially mitigated against by clearing internal branch predictor state and limiting the prediction logic in some situations. This config option will take CPU-specific actions to harden the branch predictor against aliasing attacks and may rely on specific instruction sequences or control bits being set by the system firmware. If unsure, say Y. menuconfig ARMV8_DEPRECATED bool "Emulate deprecated/obsolete ARMv8 instructions" depends on COMPAT Loading arch/arm64/include/asm/cpufeature.h +3 −0 Original line number Diff line number Diff line Loading @@ -29,6 +29,7 @@ #define ARM64_HAS_PAN 4 #define ARM64_HAS_UAO 5 #define ARM64_ALT_PAN_NOT_UAO 6 #define ARM64_HARDEN_BRANCH_PREDICTOR 7 #define ARM64_UNMAP_KERNEL_AT_EL0 23 #define ARM64_NCAPS 24 Loading Loading @@ -162,7 +163,9 @@ void __init setup_cpu_features(void); void update_cpu_capabilities(const struct arm64_cpu_capabilities *caps, const char *info); void enable_cpu_capabilities(const struct arm64_cpu_capabilities *caps); void check_local_cpu_errata(void); void __init enable_errata_workarounds(void); #ifdef CONFIG_HOTPLUG_CPU void verify_local_cpu_capabilities(void); Loading arch/arm64/include/asm/mmu.h +40 −0 Original line number Diff line number Diff line Loading @@ -21,7 +21,10 @@ #ifndef __ASSEMBLY__ #include <linux/smp.h> #include <asm/cpufeature.h> #include <asm/percpu.h> typedef struct { atomic64_t id; Loading @@ -41,6 +44,43 @@ static inline bool arm64_kernel_unmapped_at_el0(void) cpus_have_cap(ARM64_UNMAP_KERNEL_AT_EL0); } typedef void (*bp_hardening_cb_t)(void); struct bp_hardening_data { int hyp_vectors_slot; bp_hardening_cb_t fn; }; #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR extern char __bp_harden_hyp_vecs_start[], __bp_harden_hyp_vecs_end[]; DECLARE_PER_CPU_READ_MOSTLY(struct bp_hardening_data, bp_hardening_data); static inline struct bp_hardening_data *arm64_get_bp_hardening_data(void) { return this_cpu_ptr(&bp_hardening_data); } static inline void arm64_apply_bp_hardening(void) { struct bp_hardening_data *d; if (!cpus_have_cap(ARM64_HARDEN_BRANCH_PREDICTOR)) return; d = arm64_get_bp_hardening_data(); if (d->fn) d->fn(); } #else static inline struct bp_hardening_data *arm64_get_bp_hardening_data(void) { return NULL; } static inline void arm64_apply_bp_hardening(void) { } #endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */ extern void paging_init(void); extern void __iomem *early_io_map(phys_addr_t phys, unsigned long virt); extern void init_mem_pgprot(void); Loading arch/arm64/include/asm/sysreg.h +1 −0 Original line number Diff line number Diff line Loading @@ -101,6 +101,7 @@ #define ID_AA64ISAR0_AES_SHIFT 4 /* id_aa64pfr0 */ #define ID_AA64PFR0_CSV2_SHIFT 56 #define ID_AA64PFR0_GIC_SHIFT 24 #define ID_AA64PFR0_ASIMD_SHIFT 20 #define ID_AA64PFR0_FP_SHIFT 16 Loading arch/arm64/kernel/Makefile +4 −0 Original line number Diff line number Diff line Loading @@ -42,6 +42,10 @@ arm64-obj-$(CONFIG_ARMV8_DEPRECATED) += armv8_deprecated.o arm64-obj-$(CONFIG_MSM_APP_API) += app_api.o arm64-obj-$(CONFIG_MSM_APP_SETTINGS) += app_setting.o ifeq ($(CONFIG_KVM),y) arm64-obj-$(CONFIG_HARDEN_BRANCH_PREDICTOR) += bpi.o endif obj-y += $(arm64-obj-y) vdso/ obj-m += $(arm64-obj-m) head-y := head.o Loading Loading
arch/arm64/Kconfig +17 −0 Original line number Diff line number Diff line Loading @@ -813,6 +813,23 @@ config UNMAP_KERNEL_AT_EL0 If unsure, say Y. config HARDEN_BRANCH_PREDICTOR bool "Harden the branch predictor against aliasing attacks" if EXPERT default y help Speculation attacks against some high-performance processors rely on being able to manipulate the branch predictor for a victim context by executing aliasing branches in the attacker context. Such attacks can be partially mitigated against by clearing internal branch predictor state and limiting the prediction logic in some situations. This config option will take CPU-specific actions to harden the branch predictor against aliasing attacks and may rely on specific instruction sequences or control bits being set by the system firmware. If unsure, say Y. menuconfig ARMV8_DEPRECATED bool "Emulate deprecated/obsolete ARMv8 instructions" depends on COMPAT Loading
arch/arm64/include/asm/cpufeature.h +3 −0 Original line number Diff line number Diff line Loading @@ -29,6 +29,7 @@ #define ARM64_HAS_PAN 4 #define ARM64_HAS_UAO 5 #define ARM64_ALT_PAN_NOT_UAO 6 #define ARM64_HARDEN_BRANCH_PREDICTOR 7 #define ARM64_UNMAP_KERNEL_AT_EL0 23 #define ARM64_NCAPS 24 Loading Loading @@ -162,7 +163,9 @@ void __init setup_cpu_features(void); void update_cpu_capabilities(const struct arm64_cpu_capabilities *caps, const char *info); void enable_cpu_capabilities(const struct arm64_cpu_capabilities *caps); void check_local_cpu_errata(void); void __init enable_errata_workarounds(void); #ifdef CONFIG_HOTPLUG_CPU void verify_local_cpu_capabilities(void); Loading
arch/arm64/include/asm/mmu.h +40 −0 Original line number Diff line number Diff line Loading @@ -21,7 +21,10 @@ #ifndef __ASSEMBLY__ #include <linux/smp.h> #include <asm/cpufeature.h> #include <asm/percpu.h> typedef struct { atomic64_t id; Loading @@ -41,6 +44,43 @@ static inline bool arm64_kernel_unmapped_at_el0(void) cpus_have_cap(ARM64_UNMAP_KERNEL_AT_EL0); } typedef void (*bp_hardening_cb_t)(void); struct bp_hardening_data { int hyp_vectors_slot; bp_hardening_cb_t fn; }; #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR extern char __bp_harden_hyp_vecs_start[], __bp_harden_hyp_vecs_end[]; DECLARE_PER_CPU_READ_MOSTLY(struct bp_hardening_data, bp_hardening_data); static inline struct bp_hardening_data *arm64_get_bp_hardening_data(void) { return this_cpu_ptr(&bp_hardening_data); } static inline void arm64_apply_bp_hardening(void) { struct bp_hardening_data *d; if (!cpus_have_cap(ARM64_HARDEN_BRANCH_PREDICTOR)) return; d = arm64_get_bp_hardening_data(); if (d->fn) d->fn(); } #else static inline struct bp_hardening_data *arm64_get_bp_hardening_data(void) { return NULL; } static inline void arm64_apply_bp_hardening(void) { } #endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */ extern void paging_init(void); extern void __iomem *early_io_map(phys_addr_t phys, unsigned long virt); extern void init_mem_pgprot(void); Loading
arch/arm64/include/asm/sysreg.h +1 −0 Original line number Diff line number Diff line Loading @@ -101,6 +101,7 @@ #define ID_AA64ISAR0_AES_SHIFT 4 /* id_aa64pfr0 */ #define ID_AA64PFR0_CSV2_SHIFT 56 #define ID_AA64PFR0_GIC_SHIFT 24 #define ID_AA64PFR0_ASIMD_SHIFT 20 #define ID_AA64PFR0_FP_SHIFT 16 Loading
arch/arm64/kernel/Makefile +4 −0 Original line number Diff line number Diff line Loading @@ -42,6 +42,10 @@ arm64-obj-$(CONFIG_ARMV8_DEPRECATED) += armv8_deprecated.o arm64-obj-$(CONFIG_MSM_APP_API) += app_api.o arm64-obj-$(CONFIG_MSM_APP_SETTINGS) += app_setting.o ifeq ($(CONFIG_KVM),y) arm64-obj-$(CONFIG_HARDEN_BRANCH_PREDICTOR) += bpi.o endif obj-y += $(arm64-obj-y) vdso/ obj-m += $(arm64-obj-m) head-y := head.o Loading
