Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 637e99f6 authored by James Morse's avatar James Morse Committed by Gerrit - the friendly Code Review server
Browse files

arm64: Use the clearbhb instruction in mitigations 



commit 228a26b912287934789023b4132ba76065d9491c upstream.

Future CPUs may implement a clearbhb instruction that is sufficient
to mitigate SpectreBHB. CPUs that implement this instruction, but
not CSV2.3 must be affected by Spectre-BHB.

Add support to use this instruction as the BHB mitigation on CPUs
that support it. The instruction is in the hint space, so it will
be treated by a NOP as older CPUs.

Change-Id: I9f93efcf782afb6843393739423ebe717959c1e7
Reviewed-by: default avatarRussell King (Oracle) <rmk+kernel@armlinux.org.uk>
Reviewed-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
[ modified for stable: Use a KVM vector template instead of alternatives ]
Signed-off-by: default avatarJames Morse <james.morse@arm.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Git-commit: 2e53c83e
Git-repo: https://android.googlesource.com/kernel/common/


Signed-off-by: default avatarSrinivasarao Pathipati <quic_c_spathi@quicinc.com>
parent cb2c78eb

arch/arm64/include/asm/assembler.h

+7 −0
Original line number Diff line number Diff line
@@ -117,6 +117,13 @@ 
	hint	#20

	.endm



/*

 * Clear Branch History instruction

 */

	.macro clearbhb

	hint	#22

	.endm



/*

 * Sanitise a 64-bit bounded index wrt speculation, returning zero if out

 * of bounds.

arch/arm64/include/asm/cpufeature.h

+13 −0
Original line number Diff line number Diff line
@@ -477,6 +477,19 @@ static inline bool supports_csv2p3(int scope) 
	return csv2_val == 3;

}



static inline bool supports_clearbhb(int scope)

{

	u64 isar2;



	if (scope == SCOPE_LOCAL_CPU)

		isar2 = read_sysreg_s(SYS_ID_AA64ISAR2_EL1);

	else

		isar2 = read_sanitised_ftr_reg(SYS_ID_AA64ISAR2_EL1);



	return cpuid_feature_extract_unsigned_field(isar2,

						    ID_AA64ISAR2_CLEARBHB_SHIFT);

}



static inline bool system_supports_32bit_el0(void)

{

	return cpus_have_const_cap(ARM64_HAS_32BIT_EL0);

arch/arm64/include/asm/sysreg.h

+3 −0
Original line number Diff line number Diff line
@@ -419,6 +419,9 @@ 
#define ID_AA64ISAR1_JSCVT_SHIFT	12

#define ID_AA64ISAR1_DPB_SHIFT		0



/* id_aa64isar2 */

#define ID_AA64ISAR2_CLEARBHB_SHIFT	28



/* id_aa64pfr0 */

#define ID_AA64PFR0_CSV3_SHIFT		60

#define ID_AA64PFR0_CSV2_SHIFT		56

arch/arm64/include/asm/vectors.h

+7 −0
Original line number Diff line number Diff line
@@ -33,6 +33,12 @@ enum arm64_bp_harden_el1_vectors { 
	 * canonical vectors.

	 */

	EL1_VECTOR_BHB_FW,



	/*

	 * Use the ClearBHB instruction, before branching to the canonical

	 * vectors.

	 */

	EL1_VECTOR_BHB_CLEAR_INSN,

#endif /* CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY */



	/*
@@ -44,6 +50,7 @@ enum arm64_bp_harden_el1_vectors { 
#ifndef CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY

#define EL1_VECTOR_BHB_LOOP		-1

#define EL1_VECTOR_BHB_FW		-1

#define EL1_VECTOR_BHB_CLEAR_INSN	-1

#endif /* !CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY */



/* The vectors to use on return from EL0. e.g. to remap the kernel */

arch/arm64/kernel/bpi.S

+5 −0
Original line number Diff line number Diff line
@@ -116,3 +116,8 @@ ENTRY(__spectre_bhb_loop_k32_start) 
	ldp     x0, x1, [sp, #(8 * 0)]

	add     sp, sp, #(8 * 2)

ENTRY(__spectre_bhb_loop_k32_end)



ENTRY(__spectre_bhb_clearbhb_start)

	hint	#22	/* aka clearbhb */

	isb

ENTRY(__spectre_bhb_clearbhb_end)