]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/blob - releases/4.4.180/powerpc-fsl-flush-the-branch-predictor-at-each-kernel-entry-64bit.patch
projects / thirdparty / kernel / stable-queue.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
4.14-stable patches
[thirdparty/kernel/stable-queue.git] / releases / 4.4.180 / powerpc-fsl-flush-the-branch-predictor-at-each-kernel-entry-64bit.patch
1 From foo@baz Mon 29 Apr 2019 11:38:37 AM CEST
2 From: Michael Ellerman <mpe@ellerman.id.au>
3 Date: Mon, 22 Apr 2019 00:20:34 +1000
4 Subject: powerpc/fsl: Flush the branch predictor at each kernel entry (64bit)
5 To: stable@vger.kernel.org, gregkh@linuxfoundation.org
6 Cc: linuxppc-dev@ozlabs.org, diana.craciun@nxp.com, msuchanek@suse.de, npiggin@gmail.com, christophe.leroy@c-s.fr
7 Message-ID: <20190421142037.21881-50-mpe@ellerman.id.au>
8
9 From: Diana Craciun <diana.craciun@nxp.com>
10
11 commit 10c5e83afd4a3f01712d97d3bb1ae34d5b74a185 upstream.
12
13 In order to protect against speculation attacks on
14 indirect branches, the branch predictor is flushed at
15 kernel entry to protect for the following situations:
16 - userspace process attacking another userspace process
17 - userspace process attacking the kernel
18 Basically when the privillege level change (i.e. the
19 kernel is entered), the branch predictor state is flushed.
20
21 Signed-off-by: Diana Craciun <diana.craciun@nxp.com>
22 Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
23 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
24 ---
25 arch/powerpc/kernel/entry_64.S | 5 +++++
26 arch/powerpc/kernel/exceptions-64e.S | 26 +++++++++++++++++++++++++-
27 arch/powerpc/mm/tlb_low_64e.S | 7 +++++++
28 3 files changed, 37 insertions(+), 1 deletion(-)
29
30 --- a/arch/powerpc/kernel/entry_64.S
31 +++ b/arch/powerpc/kernel/entry_64.S
32 @@ -77,6 +77,11 @@ END_FTR_SECTION_IFSET(CPU_FTR_TM)
33 std r0,GPR0(r1)
34 std r10,GPR1(r1)
35 beq 2f /* if from kernel mode */
36 +#ifdef CONFIG_PPC_FSL_BOOK3E
37 +START_BTB_FLUSH_SECTION
38 + BTB_FLUSH(r10)
39 +END_BTB_FLUSH_SECTION
40 +#endif
41 ACCOUNT_CPU_USER_ENTRY(r10, r11)
42 2: std r2,GPR2(r1)
43 std r3,GPR3(r1)
44 --- a/arch/powerpc/kernel/exceptions-64e.S
45 +++ b/arch/powerpc/kernel/exceptions-64e.S
46 @@ -295,7 +295,8 @@ ret_from_mc_except:
47 andi. r10,r11,MSR_PR; /* save stack pointer */ \
48 beq 1f; /* branch around if supervisor */ \
49 ld r1,PACAKSAVE(r13); /* get kernel stack coming from usr */\
50 -1: cmpdi cr1,r1,0; /* check if SP makes sense */ \
51 +1: type##_BTB_FLUSH \
52 + cmpdi cr1,r1,0; /* check if SP makes sense */ \
53 bge- cr1,exc_##n##_bad_stack;/* bad stack (TODO: out of line) */ \
54 mfspr r10,SPRN_##type##_SRR0; /* read SRR0 before touching stack */
55
56 @@ -327,6 +328,29 @@ ret_from_mc_except:
57 #define SPRN_MC_SRR0 SPRN_MCSRR0
58 #define SPRN_MC_SRR1 SPRN_MCSRR1
59
60 +#ifdef CONFIG_PPC_FSL_BOOK3E
61 +#define GEN_BTB_FLUSH \
62 + START_BTB_FLUSH_SECTION \
63 + beq 1f; \
64 + BTB_FLUSH(r10) \
65 + 1: \
66 + END_BTB_FLUSH_SECTION
67 +
68 +#define CRIT_BTB_FLUSH \
69 + START_BTB_FLUSH_SECTION \
70 + BTB_FLUSH(r10) \
71 + END_BTB_FLUSH_SECTION
72 +
73 +#define DBG_BTB_FLUSH CRIT_BTB_FLUSH
74 +#define MC_BTB_FLUSH CRIT_BTB_FLUSH
75 +#define GDBELL_BTB_FLUSH GEN_BTB_FLUSH
76 +#else
77 +#define GEN_BTB_FLUSH
78 +#define CRIT_BTB_FLUSH
79 +#define DBG_BTB_FLUSH
80 +#define GDBELL_BTB_FLUSH
81 +#endif
82 +
83 #define NORMAL_EXCEPTION_PROLOG(n, intnum, addition) \
84 EXCEPTION_PROLOG(n, intnum, GEN, addition##_GEN(n))
85
86 --- a/arch/powerpc/mm/tlb_low_64e.S
87 +++ b/arch/powerpc/mm/tlb_low_64e.S
88 @@ -69,6 +69,13 @@ END_FTR_SECTION_IFSET(CPU_FTR_EMB_HV)
89 std r15,EX_TLB_R15(r12)
90 std r10,EX_TLB_CR(r12)
91 #ifdef CONFIG_PPC_FSL_BOOK3E
92 +START_BTB_FLUSH_SECTION
93 + mfspr r11, SPRN_SRR1
94 + andi. r10,r11,MSR_PR
95 + beq 1f
96 + BTB_FLUSH(r10)
97 +1:
98 +END_BTB_FLUSH_SECTION
99 std r7,EX_TLB_R7(r12)
100 #endif
101 TLB_MISS_PROLOG_STATS
Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git