Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755859AbeAHGy4 (ORCPT + 1 other); Mon, 8 Jan 2018 01:54:56 -0500 Received: from mail-by2nam03on0078.outbound.protection.outlook.com ([104.47.42.78]:59712 "EHLO NAM03-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1755829AbeAHGym (ORCPT ); Mon, 8 Jan 2018 01:54:42 -0500 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Jayachandran.Nair@cavium.com; From: Jayachandran C To: Will Deacon , marc.zyngier@arm.com Cc: linux-arm-kernel@lists.infradead.org, lorenzo.pieralisi@arm.com, ard.biesheuvel@linaro.org, catalin.marinas@arm.com, linux-kernel@vger.kernel.org, labbott@redhat.com, christoffer.dall@linaro.org, Jayachandran C Subject: [PATCH 2/2] arm64: Branch predictor hardening for Cavium ThunderX2 Date: Sun, 7 Jan 2018 22:53:36 -0800 Message-Id: <1515394416-166994-2-git-send-email-jnair@caviumnetworks.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515394416-166994-1-git-send-email-jnair@caviumnetworks.com> References: <20180108063115.GA163286@jc-sabre> <1515394416-166994-1-git-send-email-jnair@caviumnetworks.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [50.233.148.156] X-ClientProxiedBy: MWHPR1701CA0016.namprd17.prod.outlook.com (2603:10b6:301:14::26) To DM2PR0701MB1066.namprd07.prod.outlook.com (2a01:111:e400:2472::19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 88370e2e-4404-479c-03e9-08d55664b0cc X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020);SRVR:DM2PR0701MB1066; X-Microsoft-Exchange-Diagnostics: 1;DM2PR0701MB1066;3:corU3EhDjnZORHRJDCxEgKvJHX4sElXnawsWZCqNlvZfatEt0/XBD3+BUSV1oijJq1CRQPkDgvR28Suqb5ko+k65lQL4nrg9O5TNv670ljjOhMAc5SESdnFVLpHh8IlsevgT2TIpz9b7a55OUc1/ZOWXmjNyvWqTMILfIz94Nlatahuqgez6Ir2DjGRBBYcDHVp/1SG+ZKhnwPpAK+OIJIm5VttUb4dpHqf2MG6HZHNGZB1xzV8i6MUQS1HZ9Wua;25:7dof6r4O09cq18K/nwPlk5t4u1etB6o15WSt33THKp9bHvPgzumfj/XswVtGkokPGPB5j0mO66X8U7o8lQYfaDolZQg4z/OSraoO5Kp+TTpCaX/WV5nR/vX+sGNDUMJ2rLNAVHJWo9qn4Zq4xGN9sAP3gZvNKJ74x3H7gs8j0pBgCNdA6GePne0/Rx9rRknTtlMUbFwiO1fUmr2N552rpKblZ6fg0DFAPnLQ1+pYXooCMlWGz+EvYLcOcvALRgW3TK6swV6WsFzoU0/gjLbo9rN49ryal2H7aEVYQYbe0UUq2Uis5P5x4O/xyKmotj1J7WqNAs2yypDwfV13Nx2wdQ==;31:VgUjbm6P/a1TAdqQY9X8MQvndvW6g3qciNHAoe/xnCpc5y/XmotjHsDhPJX4NB6pBtL8tvb9pkwFeQlqqswCp0eFqxeAIBZnJ2fxaI2Na5tefnx90oeuHhXOrB1LVFiMIUa9lbYeMYvNIMgRppe2m1yBfAP6l+4YxTpMCDBEyilfeqW8z4VGSY+Y99+wKok4DM1k+ELTIqFekcH2gCRVi13tDEfabW2+RYsBW5ahJsk= X-MS-TrafficTypeDiagnostic: DM2PR0701MB1066: X-Microsoft-Exchange-Diagnostics: 1;DM2PR0701MB1066;20:fJDHfmVV8snHAwvqp2GYfXzG8w3QwbSF8PR1un54iBuyWorxf5dZzbEmW14ZH5R6nkeBE+Yi/BkbHZnmPX7grhnhgFwNOizJtsaRhXN7TLOsRS438xknutUnF7DQFf/pDbvEMdbLMMQ5u6rOfX5eDC3g//ML0Uk896rMRF7ZKHALP8N3sVCXDeE2S33kTRptPjHJuB2BDmKXTe70twtA3AMXxBlfdDO3kvfF0QM/8HqBzlW4pNB80KF7FAlinvQWTSbXu6YcPnCD3GWfwri1elvg7prYFMmzvNNssqqzujbo2BgHdrD/ewn8vWP3Euvt5OwRoBdlz2VDs6C6Xf2b1OEN7egYhMOWkkFB6Cq65clw/IqJQ7UumW+Gqy+Sf1vr5TC5BVB/D+AObJ3DytoeFSgkk8tSoIsulrRAW6PN9j55ygzI0+WvMNVMdIEFGiCy2hBdLQTNTR8+tWBLdBmiBfAqk87rqT1BWDrJjafwbzeh1BPLhxy7avbTzLQbO2uom7KkE8dioB7yf2sE/FUzDWE/kjAR9782DTLgOGNIERZ9yjuT4QbqG2I7KG7wU7zrtBCptVcQBPIc+HFdRXc8jh3Md2sqJtqCLk1WaUsfp5s=;4:A7bGxWKR5DdmmKcg8JdHotuNRaJxrwYCLjIUAGwnxLVswm/bW4ihXU2VVQCrngUeoGWUGFMh2uvuPIHsG9ccfZtW/ka9ZQ7IkzRZ925o9A6i3WMAWOs6B9+TAxjMZtH6naCYtvYnYswaCNlXMbF61NlbMy4UYv/nbsmuQzlL5hcxrIjzsBwHo/I1gYpMruvuBD+VfWcSB5e34COzbQoV6T8Asxr0z40Fgn9C0TDFvMVYOKiYbM1MqTKDMkWSdoIqVhiAKjbswLUlWFel11v0Og== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040470)(2401047)(5005006)(8121501046)(93006095)(10201501046)(3002001)(3231023)(944501075)(6041268)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123558120)(20161123564045)(6072148)(201708071742011);SRVR:DM2PR0701MB1066;BCL:0;PCL:0;RULEID:(100000803101)(100110400095);SRVR:DM2PR0701MB1066; X-Forefront-PRVS: 054642504A X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(366004)(39380400002)(346002)(376002)(396003)(39850400004)(189003)(199004)(3846002)(386003)(6506007)(6116002)(478600001)(8936002)(6512007)(8676002)(81156014)(81166006)(107886003)(50226002)(47776003)(52116002)(66066001)(6486002)(53936002)(51416003)(69596002)(72206003)(76176011)(68736007)(25786009)(16526018)(2906002)(7736002)(16586007)(316002)(105586002)(106356001)(36756003)(97736004)(53416004)(575784001)(5660300001)(305945005)(42882006)(2950100002)(6666003)(4326008)(48376002)(50466002);DIR:OUT;SFP:1101;SCL:1;SRVR:DM2PR0701MB1066;H:jc-sabre.caveonetworks.com;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;DM2PR0701MB1066;23:Hh422v9+wRW6BIaSqCrQLW2ykZ52omQbqq+wIH5?= =?us-ascii?Q?KWHm8BY9SrN2ZntKZtl9/A12vb9Tn74Tl5oU4v62WE3WjIP5f0DtjtVw3GM3?= =?us-ascii?Q?XXyf8w3/GfNfTPAzyoZifJ+HebtY4ry55Nu8pQqv48WAck1ijvLAZkUgstgr?= =?us-ascii?Q?D+Z64hpBGTe+d8gt9Ns/SyAp+B3trI6kPSJ1vZxMYQ8jtwPFtwDpOrHKTQrf?= =?us-ascii?Q?2G15oxFrxwSemi608iOlmXNbV7wpi6RPiq2T55T1vmIJO2eXHzUCdm9ztBx/?= =?us-ascii?Q?qdLyRH8vMLcWa6v1Qxp0UdU8OBqlnl6Hxkq/iYxR42j0tj61Fw5mfmQEgANi?= =?us-ascii?Q?weIB6V/T1lB/pZOyh9kaXdbP4slBGOKzgk4Nt0X5CHlUKwpDMcxn0M1UvgDo?= =?us-ascii?Q?Zbood72+SaxE5GjOMc92//WILggoPFuTYZqy58r4Y8Wh/9wZJKaczfrGXTpo?= =?us-ascii?Q?3ha0HIlfmcYZ+Xid7nk6GB7GkYb8GfeT9mVVgCPTs7834eylGLLlbt5vFfOQ?= =?us-ascii?Q?l6icyNI7WfS7rRonsS8QytFVwlKj9RijeSZD1bDnFubb9pAGOA2IkZ2L5Aj8?= =?us-ascii?Q?d+G6/+D9+lLyWTQjUZYQ2BAqfLzVi1jK82o9sjR/IW1Q08r22AvZhiD54ucZ?= =?us-ascii?Q?eYOznvUtaLp5U/kWddIGNQT5bp+Z+ZO5oHcdxgC1wS928oJjr8jctJRQJj/2?= =?us-ascii?Q?c1pS7m73ghXArtMyrAnn9ooj7udReXK6MPOMP9+qj8+kXm/NYAuEMmVY7W1F?= =?us-ascii?Q?eK1etiHoBnE9XBpCC83K/qC/+9c72d55d0s7FXjzQ8ORDEzyIYvLU5f22N8X?= =?us-ascii?Q?vzg0qe8LpA3bObsJJapSEA7LcUVjJ6M/S2j6CuRh+E015+TJd2eLowL62Rpu?= =?us-ascii?Q?0QdZTQtKGRpdWCAW6n/F2kckVEIyAKNvYqpITR7RiqLP1GbB5eKHGTkUf/yf?= =?us-ascii?Q?z6P3ziCLciJy+BSzRojdmCZcYsMp98vERp9d2k7R3ZsSKWC3iZKGpCrhezqS?= =?us-ascii?Q?mOUiYcml5bA+vVzIUr17MR2kDOlbPwFOo2hdb4bkcXT7gGuJsf8UWENMRRis?= =?us-ascii?Q?USHVsjLD8xvGHzA8rOb+VfJYi3b/xdMq1VtBGHT+hs3+rylC6uqtI+uiQcQG?= =?us-ascii?Q?+EvkNXgNB99GyBLngdtUYgJWZkeOLQIFrVexaJRoVczJ1iIPqJLyUQQ=3D?= =?us-ascii?Q?=3D?= X-Microsoft-Exchange-Diagnostics: 1;DM2PR0701MB1066;6:GGsgVFrtZNK3MWwET6TekGJolEaarjViNjr19wLH05EczCLOvntPvA5vUv3gn7vr83ul8zrIpripBMwaEM80Vk1UCikHSZyezo7r6CKzdKBt+VhbvKJDVIibRcfFP5cMf/wnKbqIVpOXBWZMwU9dw9lRqTeLZ0FxP/zgoSnSF65/iVFaP9eEketeyUzHJnoTjEpnxQZT5WGu5hvS45pfWvpDJ6H6CDUPHE8OVQiRHpyFE3rBy5US88u8lqW67t6ItNbt3gaq+I7S2vrXyTh18bEQN/JCj4AYi6NjKNgQZmjiIPo/horviRuIyNyiK5oJ9rhh39rrpIWzq4GP1t5FzXmyoRY2aEm16rbsRtDtFfE=;5:W5rlLo9v83e5V+l/LyAXFP5gPfNmJnw1s4PdGIWE71Q3loSXh3LZuov7iMeHFSNpdVMAzXH2nCLqh6H4zx4MfaWJcZUdhTesdO3Ktg74h1bxs6y+WmjYsdCb8m99jA54XrGzUkK3HZtzgcz3VeA89cHf1JHcP4x5l7nYRuwYc3A=;24:VjDHjY6XC1UOHzOwFct3OR8Hekvh2PW9aft/hgSLrL3K+xtuPr4CjyyGs6Sfh2SjYMbsc0eCQKEbUHGNGUnMovhxVZ12d4/f8TuHVDC+87E=;7:J2RLXlYrkONNlhwEYKu523+TB2mZfH5FTLYwESR+ATxZkC5DupZZTCH8O/1HRg94nt2kXqwqNbrgowprSogDgzLHqRf6rbHGAJ6TGh+XOlMJsIz5DExkH7DR8qLIwSNxydQyGHeWASS2o92hI4VpdyJLHNdV610VwU+qLBhlfKr53CmBX/SnUblFWrvNkyRl9694+R3i8L4d2S9q/Ko4Y0OuYd93TupYn2Yb3rEfhNYocFdv/k5+FgEEK6x0GE1e SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: caviumnetworks.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2018 06:54:39.8171 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 88370e2e-4404-479c-03e9-08d55664b0cc X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 711e4ccf-2e9b-4bcf-a551-4094005b6194 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0701MB1066 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: Use PSCI based mitigation for speculative execution attacks targeting the branch predictor. The approach is similar to the one used for Cortex-A CPUs, but in case of ThunderX2 we add another SMC call to test if the firmware supports the capability. If the secure firmware has been updated with the mitigation code to invalidate the branch target buffer, we use the PSCI version call to invoke it. Signed-off-by: Jayachandran C --- arch/arm64/kernel/cpu_errata.c | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index cb0fb37..abceb5d 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -124,6 +124,7 @@ static void install_bp_hardening_cb(const struct arm64_cpu_capabilities *entry, __install_bp_hardening_cb(fn, hyp_vecs_start, hyp_vecs_end); } +#include #include static int enable_psci_bp_hardening(void *data) @@ -138,6 +139,33 @@ static int enable_psci_bp_hardening(void *data) return 0; } + +#define CAVIUM_TX2_SIP_SMC_CALL 0xC200FF00 +#define CAVIUM_TX2_BTB_HARDEN_CAP 0xB0A0 + +static int enable_tx2_psci_bp_hardening(void *data) +{ + const struct arm64_cpu_capabilities *entry = data; + struct arm_smccc_res res; + + if (!entry->matches(entry, SCOPE_LOCAL_CPU)) + return; + + arm_smccc_smc(CAVIUM_TX2_SIP_SMC_CALL, CAVIUM_TX2_BTB_HARDEN_CAP, 0, 0, 0, 0, 0, 0, &res); + if (res.a0 != 0) { + pr_warn("Error: CONFIG_HARDEN_BRANCH_PREDICTOR enabled, but firmware does not support it\n"); + return 0; + } + if (res.a1 == 1 && psci_ops.get_version) { + pr_info("CPU%d: Branch predictor hardening enabled\n", smp_processor_id()); + install_bp_hardening_cb(entry, + (bp_hardening_cb_t)psci_ops.get_version, + __psci_hyp_bp_inval_start, + __psci_hyp_bp_inval_end); + } + + return 0; +} #endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */ #define MIDR_RANGE(model, min, max) \ @@ -302,6 +330,16 @@ const struct arm64_cpu_capabilities arm64_errata[] = { MIDR_ALL_VERSIONS(MIDR_CORTEX_A75), .enable = enable_psci_bp_hardening, }, + { + .capability = ARM64_HARDEN_BRANCH_PREDICTOR, + MIDR_ALL_VERSIONS(MIDR_BRCM_VULCAN), + .enable = enable_tx2_psci_bp_hardening, + }, + { + .capability = ARM64_HARDEN_BRANCH_PREDICTOR, + MIDR_ALL_VERSIONS(MIDR_CAVIUM_THUNDERX2), + .enable = enable_tx2_psci_bp_hardening, + }, #endif { } -- 2.7.4