1 From dacb2a9aa38fd5f0e5facd87c6f58e3c550732c2 Mon Sep 17 00:00:00 2001
2 From: Diana Craciun <diana.craciun@nxp.com>
3 Date: Thu, 11 Apr 2019 21:46:23 +1000
4 Subject: powerpc/fsl: Flush the branch predictor at each kernel entry (64bit)
6 commit 10c5e83afd4a3f01712d97d3bb1ae34d5b74a185 upstream.
8 In order to protect against speculation attacks on
9 indirect branches, the branch predictor is flushed at
10 kernel entry to protect for the following situations:
11 - userspace process attacking another userspace process
12 - userspace process attacking the kernel
13 Basically when the privillege level change (i.e. the
14 kernel is entered), the branch predictor state is flushed.
16 Signed-off-by: Diana Craciun <diana.craciun@nxp.com>
17 Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
18 Signed-off-by: Sasha Levin <sashal@kernel.org>
20 arch/powerpc/kernel/entry_64.S | 5 +++++
21 arch/powerpc/kernel/exceptions-64e.S | 26 +++++++++++++++++++++++++-
22 arch/powerpc/mm/tlb_low_64e.S | 7 +++++++
23 3 files changed, 37 insertions(+), 1 deletion(-)
25 diff --git a/arch/powerpc/kernel/entry_64.S b/arch/powerpc/kernel/entry_64.S
26 index 6625cec9e7c0..390ebf4ef384 100644
27 --- a/arch/powerpc/kernel/entry_64.S
28 +++ b/arch/powerpc/kernel/entry_64.S
29 @@ -80,6 +80,11 @@ END_FTR_SECTION_IFSET(CPU_FTR_TM)
32 beq 2f /* if from kernel mode */
33 +#ifdef CONFIG_PPC_FSL_BOOK3E
34 +START_BTB_FLUSH_SECTION
36 +END_BTB_FLUSH_SECTION
38 ACCOUNT_CPU_USER_ENTRY(r13, r10, r11)
41 diff --git a/arch/powerpc/kernel/exceptions-64e.S b/arch/powerpc/kernel/exceptions-64e.S
42 index ca03eb229a9a..79c6fee6368d 100644
43 --- a/arch/powerpc/kernel/exceptions-64e.S
44 +++ b/arch/powerpc/kernel/exceptions-64e.S
45 @@ -295,7 +295,8 @@ ret_from_mc_except:
46 andi. r10,r11,MSR_PR; /* save stack pointer */ \
47 beq 1f; /* branch around if supervisor */ \
48 ld r1,PACAKSAVE(r13); /* get kernel stack coming from usr */\
49 -1: cmpdi cr1,r1,0; /* check if SP makes sense */ \
50 +1: type##_BTB_FLUSH \
51 + cmpdi cr1,r1,0; /* check if SP makes sense */ \
52 bge- cr1,exc_##n##_bad_stack;/* bad stack (TODO: out of line) */ \
53 mfspr r10,SPRN_##type##_SRR0; /* read SRR0 before touching stack */
55 @@ -327,6 +328,29 @@ ret_from_mc_except:
56 #define SPRN_MC_SRR0 SPRN_MCSRR0
57 #define SPRN_MC_SRR1 SPRN_MCSRR1
59 +#ifdef CONFIG_PPC_FSL_BOOK3E
60 +#define GEN_BTB_FLUSH \
61 + START_BTB_FLUSH_SECTION \
65 + END_BTB_FLUSH_SECTION
67 +#define CRIT_BTB_FLUSH \
68 + START_BTB_FLUSH_SECTION \
70 + END_BTB_FLUSH_SECTION
72 +#define DBG_BTB_FLUSH CRIT_BTB_FLUSH
73 +#define MC_BTB_FLUSH CRIT_BTB_FLUSH
74 +#define GDBELL_BTB_FLUSH GEN_BTB_FLUSH
76 +#define GEN_BTB_FLUSH
77 +#define CRIT_BTB_FLUSH
78 +#define DBG_BTB_FLUSH
79 +#define GDBELL_BTB_FLUSH
82 #define NORMAL_EXCEPTION_PROLOG(n, intnum, addition) \
83 EXCEPTION_PROLOG(n, intnum, GEN, addition##_GEN(n))
85 diff --git a/arch/powerpc/mm/tlb_low_64e.S b/arch/powerpc/mm/tlb_low_64e.S
86 index eb82d787d99a..b7e9c09dfe19 100644
87 --- a/arch/powerpc/mm/tlb_low_64e.S
88 +++ b/arch/powerpc/mm/tlb_low_64e.S
89 @@ -69,6 +69,13 @@ END_FTR_SECTION_IFSET(CPU_FTR_EMB_HV)
90 std r15,EX_TLB_R15(r12)
91 std r10,EX_TLB_CR(r12)
92 #ifdef CONFIG_PPC_FSL_BOOK3E
93 +START_BTB_FLUSH_SECTION
94 + mfspr r11, SPRN_SRR1
95 + andi. r10,r11,MSR_PR
99 +END_BTB_FLUSH_SECTION
100 std r7,EX_TLB_R7(r12)
102 TLB_MISS_PROLOG_STATS
projects / thirdparty / kernel / stable-queue.git / blob