]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/blob - queue-4.4/powerpc-fsl-flush-the-branch-predictor-at-each-kernel-entry-32-bit.patch
projects / thirdparty / kernel / stable-queue.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
4.4-stable patches
[thirdparty/kernel/stable-queue.git] / queue-4.4 / powerpc-fsl-flush-the-branch-predictor-at-each-kernel-entry-32-bit.patch
1 From foo@baz Tue 30 Apr 2019 12:38:50 PM CEST
2 From: Diana Craciun <diana.craciun@nxp.com>
3 Date: Mon, 29 Apr 2019 18:49:04 +0300
4 Subject: powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit)
5 To: stable@vger.kernel.org, gregkh@linuxfoundation.org
6 Cc: linuxppc-dev@ozlabs.org, mpe@ellerman.id.au, Diana Craciun <diana.craciun@nxp.com>
7 Message-ID: <1556552948-24957-5-git-send-email-diana.craciun@nxp.com>
8
9 From: Diana Craciun <diana.craciun@nxp.com>
10
11 commit 7fef436295bf6c05effe682c8797dfcb0deb112a upstream.
12
13 In order to protect against speculation attacks on
14 indirect branches, the branch predictor is flushed at
15 kernel entry to protect for the following situations:
16 - userspace process attacking another userspace process
17 - userspace process attacking the kernel
18 Basically when the privillege level change (i.e.the kernel
19 is entered), the branch predictor state is flushed.
20
21 Signed-off-by: Diana Craciun <diana.craciun@nxp.com>
22 Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
23 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
24 ---
25 arch/powerpc/kernel/head_booke.h | 6 ++++++
26 arch/powerpc/kernel/head_fsl_booke.S | 15 +++++++++++++++
27 2 files changed, 21 insertions(+)
28
29 --- a/arch/powerpc/kernel/head_booke.h
30 +++ b/arch/powerpc/kernel/head_booke.h
31 @@ -42,6 +42,9 @@
32 andi. r11, r11, MSR_PR; /* check whether user or kernel */\
33 mr r11, r1; \
34 beq 1f; \
35 +START_BTB_FLUSH_SECTION \
36 + BTB_FLUSH(r11) \
37 +END_BTB_FLUSH_SECTION \
38 /* if from user, start at top of this thread's kernel stack */ \
39 lwz r11, THREAD_INFO-THREAD(r10); \
40 ALLOC_STACK_FRAME(r11, THREAD_SIZE); \
41 @@ -127,6 +130,9 @@
42 stw r9,_CCR(r8); /* save CR on stack */\
43 mfspr r11,exc_level_srr1; /* check whether user or kernel */\
44 DO_KVM BOOKE_INTERRUPT_##intno exc_level_srr1; \
45 +START_BTB_FLUSH_SECTION \
46 + BTB_FLUSH(r10) \
47 +END_BTB_FLUSH_SECTION \
48 andi. r11,r11,MSR_PR; \
49 mfspr r11,SPRN_SPRG_THREAD; /* if from user, start at top of */\
50 lwz r11,THREAD_INFO-THREAD(r11); /* this thread's kernel stack */\
51 --- a/arch/powerpc/kernel/head_fsl_booke.S
52 +++ b/arch/powerpc/kernel/head_fsl_booke.S
53 @@ -451,6 +451,13 @@ END_FTR_SECTION_IFSET(CPU_FTR_EMB_HV)
54 mfcr r13
55 stw r13, THREAD_NORMSAVE(3)(r10)
56 DO_KVM BOOKE_INTERRUPT_DTLB_MISS SPRN_SRR1
57 +START_BTB_FLUSH_SECTION
58 + mfspr r11, SPRN_SRR1
59 + andi. r10,r11,MSR_PR
60 + beq 1f
61 + BTB_FLUSH(r10)
62 +1:
63 +END_BTB_FLUSH_SECTION
64 mfspr r10, SPRN_DEAR /* Get faulting address */
65
66 /* If we are faulting a kernel address, we have to use the
67 @@ -545,6 +552,14 @@ END_FTR_SECTION_IFSET(CPU_FTR_EMB_HV)
68 mfcr r13
69 stw r13, THREAD_NORMSAVE(3)(r10)
70 DO_KVM BOOKE_INTERRUPT_ITLB_MISS SPRN_SRR1
71 +START_BTB_FLUSH_SECTION
72 + mfspr r11, SPRN_SRR1
73 + andi. r10,r11,MSR_PR
74 + beq 1f
75 + BTB_FLUSH(r10)
76 +1:
77 +END_BTB_FLUSH_SECTION
78 +
79 mfspr r10, SPRN_SRR0 /* Get faulting address */
80
81 /* If we are faulting a kernel address, we have to use the
Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git