From patchwork Mon Jan 8 06:53:36 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jayachandran C X-Patchwork-Id: 10149119 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 749EF60210 for ; Mon, 8 Jan 2018 06:55:36 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 679B023E64 for ; Mon, 8 Jan 2018 06:55:36 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5B27126D08; Mon, 8 Jan 2018 06:55:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAD_ENC_HEADER,BAYES_00, DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_MED autolearn=unavailable version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id EF1FC26E76 for ; Mon, 8 Jan 2018 06:55:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=gdgw3UmwJM/hMQslWLnD6hSmI5/qBDR3L5g+Pe3zEAQ=; b=RiWIhRH7YCXQO5 3cpi2te72RVCjoeRTCAezGryu3r950ZEO5OrtyLyzlo9uhD5aHY2E0mz6NvkTXowt2rmaee8V5xey 3o3LcqfVI5J0FjFqz+fZAGDvOtk+ohvX5OPWA6PNuULVNmTSOOlaYR7rsUx5cM1ZweArAIAx9bGPf Vv1JVbFU8BPxT64U8seKmqbEOxmDI3beXX6UGvMmZ1wUv9F6KbCFp4iWj+jm6cXLl9hxT22ilWcnw eKYiaxjZkTlXXKgq4TmQgVO9JT2RFEtt2TToXR++Dh34x3hJ3tBQgQnAHOOusJ8jS/uUNa+Y4tgNh 0i2vqvQwq7HmhDkG4lnQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.89 #1 (Red Hat Linux)) id 1eYRLI-0003oR-Vp; Mon, 08 Jan 2018 06:55:32 +0000 Received: from mail-bn3nam01on0047.outbound.protection.outlook.com ([104.47.33.47] helo=NAM01-BN3-obe.outbound.protection.outlook.com) by bombadil.infradead.org with esmtps (Exim 4.89 #1 (Red Hat Linux)) id 1eYRKj-000330-92 for linux-arm-kernel@lists.infradead.org; Mon, 08 Jan 2018 06:54:59 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=CAVIUMNETWORKS.onmicrosoft.com; s=selector1-cavium-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=OrGP9eiSnn1Dxs/LH1NchJMxlnvTez5d5uNr60PJQmw=; b=GUUgvFXviYOtjUX1AfEJOVb5ZA5bLvK/gNFpmlaY5bMJBt7dFhb1mPuWNcgCw4wb6ak/BWFj3ou4eOkpUwJFBbJ3DjYXOvTCl0a5x4R6lLc6x+nRgNMI4Lrrp1lpDTRbfGZEfxUOAGWsQ16Wii5clRWthH7nU4jkIlXuM7OVxrE= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Jayachandran.Nair@cavium.com; Received: from jc-sabre.caveonetworks.com (50.233.148.156) by DM2PR0701MB1066.namprd07.prod.outlook.com (2a01:111:e400:2472::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.386.5; Mon, 8 Jan 2018 06:54:39 +0000 From: Jayachandran C To: Will Deacon , marc.zyngier@arm.com Subject: [PATCH 2/2] arm64: Branch predictor hardening for Cavium ThunderX2 Date: Sun, 7 Jan 2018 22:53:36 -0800 Message-Id: <1515394416-166994-2-git-send-email-jnair@caviumnetworks.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515394416-166994-1-git-send-email-jnair@caviumnetworks.com> References: <20180108063115.GA163286@jc-sabre> <1515394416-166994-1-git-send-email-jnair@caviumnetworks.com> MIME-Version: 1.0 X-Originating-IP: [50.233.148.156] X-ClientProxiedBy: MWHPR1701CA0016.namprd17.prod.outlook.com (2603:10b6:301:14::26) To DM2PR0701MB1066.namprd07.prod.outlook.com (2a01:111:e400:2472::19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 88370e2e-4404-479c-03e9-08d55664b0cc X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:DM2PR0701MB1066; X-Microsoft-Exchange-Diagnostics: 1; DM2PR0701MB1066; 3:corU3EhDjnZORHRJDCxEgKvJHX4sElXnawsWZCqNlvZfatEt0/XBD3+BUSV1oijJq1CRQPkDgvR28Suqb5ko+k65lQL4nrg9O5TNv670ljjOhMAc5SESdnFVLpHh8IlsevgT2TIpz9b7a55OUc1/ZOWXmjNyvWqTMILfIz94Nlatahuqgez6Ir2DjGRBBYcDHVp/1SG+ZKhnwPpAK+OIJIm5VttUb4dpHqf2MG6HZHNGZB1xzV8i6MUQS1HZ9Wua; 25:7dof6r4O09cq18K/nwPlk5t4u1etB6o15WSt33THKp9bHvPgzumfj/XswVtGkokPGPB5j0mO66X8U7o8lQYfaDolZQg4z/OSraoO5Kp+TTpCaX/WV5nR/vX+sGNDUMJ2rLNAVHJWo9qn4Zq4xGN9sAP3gZvNKJ74x3H7gs8j0pBgCNdA6GePne0/Rx9rRknTtlMUbFwiO1fUmr2N552rpKblZ6fg0DFAPnLQ1+pYXooCMlWGz+EvYLcOcvALRgW3TK6swV6WsFzoU0/gjLbo9rN49ryal2H7aEVYQYbe0UUq2Uis5P5x4O/xyKmotj1J7WqNAs2yypDwfV13Nx2wdQ==; 31:VgUjbm6P/a1TAdqQY9X8MQvndvW6g3qciNHAoe/xnCpc5y/XmotjHsDhPJX4NB6pBtL8tvb9pkwFeQlqqswCp0eFqxeAIBZnJ2fxaI2Na5tefnx90oeuHhXOrB1LVFiMIUa9lbYeMYvNIMgRppe2m1yBfAP6l+4YxTpMCDBEyilfeqW8z4VGSY+Y99+wKok4DM1k+ELTIqFekcH2gCRVi13tDEfabW2+RYsBW5ahJsk= X-MS-TrafficTypeDiagnostic: DM2PR0701MB1066: X-Microsoft-Exchange-Diagnostics: 1; DM2PR0701MB1066; 20:fJDHfmVV8snHAwvqp2GYfXzG8w3QwbSF8PR1un54iBuyWorxf5dZzbEmW14ZH5R6nkeBE+Yi/BkbHZnmPX7grhnhgFwNOizJtsaRhXN7TLOsRS438xknutUnF7DQFf/pDbvEMdbLMMQ5u6rOfX5eDC3g//ML0Uk896rMRF7ZKHALP8N3sVCXDeE2S33kTRptPjHJuB2BDmKXTe70twtA3AMXxBlfdDO3kvfF0QM/8HqBzlW4pNB80KF7FAlinvQWTSbXu6YcPnCD3GWfwri1elvg7prYFMmzvNNssqqzujbo2BgHdrD/ewn8vWP3Euvt5OwRoBdlz2VDs6C6Xf2b1OEN7egYhMOWkkFB6Cq65clw/IqJQ7UumW+Gqy+Sf1vr5TC5BVB/D+AObJ3DytoeFSgkk8tSoIsulrRAW6PN9j55ygzI0+WvMNVMdIEFGiCy2hBdLQTNTR8+tWBLdBmiBfAqk87rqT1BWDrJjafwbzeh1BPLhxy7avbTzLQbO2uom7KkE8dioB7yf2sE/FUzDWE/kjAR9782DTLgOGNIERZ9yjuT4QbqG2I7KG7wU7zrtBCptVcQBPIc+HFdRXc8jh3Md2sqJtqCLk1WaUsfp5s=; 4:A7bGxWKR5DdmmKcg8JdHotuNRaJxrwYCLjIUAGwnxLVswm/bW4ihXU2VVQCrngUeoGWUGFMh2uvuPIHsG9ccfZtW/ka9ZQ7IkzRZ925o9A6i3WMAWOs6B9+TAxjMZtH6naCYtvYnYswaCNlXMbF61NlbMy4UYv/nbsmuQzlL5hcxrIjzsBwHo/I1gYpMruvuBD+VfWcSB5e34COzbQoV6T8Asxr0z40Fgn9C0TDFvMVYOKiYbM1MqTKDMkWSdoIqVhiAKjbswLUlWFel11v0Og== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040470)(2401047)(5005006)(8121501046)(93006095)(10201501046)(3002001)(3231023)(944501075)(6041268)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123558120)(20161123564045)(6072148)(201708071742011); SRVR:DM2PR0701MB1066; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:DM2PR0701MB1066; X-Forefront-PRVS: 054642504A X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(366004)(39380400002)(346002)(376002)(396003)(39850400004)(189003)(199004)(3846002)(386003)(6506007)(6116002)(478600001)(8936002)(6512007)(8676002)(81156014)(81166006)(107886003)(50226002)(47776003)(52116002)(66066001)(6486002)(53936002)(51416003)(69596002)(72206003)(76176011)(68736007)(25786009)(16526018)(2906002)(7736002)(16586007)(316002)(105586002)(106356001)(36756003)(97736004)(53416004)(575784001)(5660300001)(305945005)(42882006)(2950100002)(6666003)(4326008)(48376002)(50466002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR0701MB1066; H:jc-sabre.caveonetworks.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: cavium.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR0701MB1066; 23:Hh422v9+wRW6BIaSqCrQLW2ykZ52omQbqq+wIH5?= =?us-ascii?Q?KWHm8BY9SrN2ZntKZtl9/A12vb9Tn74Tl5oU4v62WE3WjIP5f0DtjtVw3GM3?= =?us-ascii?Q?XXyf8w3/GfNfTPAzyoZifJ+HebtY4ry55Nu8pQqv48WAck1ijvLAZkUgstgr?= =?us-ascii?Q?D+Z64hpBGTe+d8gt9Ns/SyAp+B3trI6kPSJ1vZxMYQ8jtwPFtwDpOrHKTQrf?= =?us-ascii?Q?2G15oxFrxwSemi608iOlmXNbV7wpi6RPiq2T55T1vmIJO2eXHzUCdm9ztBx/?= =?us-ascii?Q?qdLyRH8vMLcWa6v1Qxp0UdU8OBqlnl6Hxkq/iYxR42j0tj61Fw5mfmQEgANi?= =?us-ascii?Q?weIB6V/T1lB/pZOyh9kaXdbP4slBGOKzgk4Nt0X5CHlUKwpDMcxn0M1UvgDo?= =?us-ascii?Q?Zbood72+SaxE5GjOMc92//WILggoPFuTYZqy58r4Y8Wh/9wZJKaczfrGXTpo?= =?us-ascii?Q?3ha0HIlfmcYZ+Xid7nk6GB7GkYb8GfeT9mVVgCPTs7834eylGLLlbt5vFfOQ?= =?us-ascii?Q?l6icyNI7WfS7rRonsS8QytFVwlKj9RijeSZD1bDnFubb9pAGOA2IkZ2L5Aj8?= =?us-ascii?Q?d+G6/+D9+lLyWTQjUZYQ2BAqfLzVi1jK82o9sjR/IW1Q08r22AvZhiD54ucZ?= =?us-ascii?Q?eYOznvUtaLp5U/kWddIGNQT5bp+Z+ZO5oHcdxgC1wS928oJjr8jctJRQJj/2?= =?us-ascii?Q?c1pS7m73ghXArtMyrAnn9ooj7udReXK6MPOMP9+qj8+kXm/NYAuEMmVY7W1F?= =?us-ascii?Q?eK1etiHoBnE9XBpCC83K/qC/+9c72d55d0s7FXjzQ8ORDEzyIYvLU5f22N8X?= =?us-ascii?Q?vzg0qe8LpA3bObsJJapSEA7LcUVjJ6M/S2j6CuRh+E015+TJd2eLowL62Rpu?= =?us-ascii?Q?0QdZTQtKGRpdWCAW6n/F2kckVEIyAKNvYqpITR7RiqLP1GbB5eKHGTkUf/yf?= =?us-ascii?Q?z6P3ziCLciJy+BSzRojdmCZcYsMp98vERp9d2k7R3ZsSKWC3iZKGpCrhezqS?= =?us-ascii?Q?mOUiYcml5bA+vVzIUr17MR2kDOlbPwFOo2hdb4bkcXT7gGuJsf8UWENMRRis?= =?us-ascii?Q?USHVsjLD8xvGHzA8rOb+VfJYi3b/xdMq1VtBGHT+hs3+rylC6uqtI+uiQcQG?= =?us-ascii?Q?+EvkNXgNB99GyBLngdtUYgJWZkeOLQIFrVexaJRoVczJ1iIPqJLyUQQ=3D?= =?us-ascii?Q?=3D?= X-Microsoft-Exchange-Diagnostics: 1; DM2PR0701MB1066; 6:GGsgVFrtZNK3MWwET6TekGJolEaarjViNjr19wLH05EczCLOvntPvA5vUv3gn7vr83ul8zrIpripBMwaEM80Vk1UCikHSZyezo7r6CKzdKBt+VhbvKJDVIibRcfFP5cMf/wnKbqIVpOXBWZMwU9dw9lRqTeLZ0FxP/zgoSnSF65/iVFaP9eEketeyUzHJnoTjEpnxQZT5WGu5hvS45pfWvpDJ6H6CDUPHE8OVQiRHpyFE3rBy5US88u8lqW67t6ItNbt3gaq+I7S2vrXyTh18bEQN/JCj4AYi6NjKNgQZmjiIPo/horviRuIyNyiK5oJ9rhh39rrpIWzq4GP1t5FzXmyoRY2aEm16rbsRtDtFfE=; 5:W5rlLo9v83e5V+l/LyAXFP5gPfNmJnw1s4PdGIWE71Q3loSXh3LZuov7iMeHFSNpdVMAzXH2nCLqh6H4zx4MfaWJcZUdhTesdO3Ktg74h1bxs6y+WmjYsdCb8m99jA54XrGzUkK3HZtzgcz3VeA89cHf1JHcP4x5l7nYRuwYc3A=; 24:VjDHjY6XC1UOHzOwFct3OR8Hekvh2PW9aft/hgSLrL3K+xtuPr4CjyyGs6Sfh2SjYMbsc0eCQKEbUHGNGUnMovhxVZ12d4/f8TuHVDC+87E=; 7:J2RLXlYrkONNlhwEYKu523+TB2mZfH5FTLYwESR+ATxZkC5DupZZTCH8O/1HRg94nt2kXqwqNbrgowprSogDgzLHqRf6rbHGAJ6TGh+XOlMJsIz5DExkH7DR8qLIwSNxydQyGHeWASS2o92hI4VpdyJLHNdV610VwU+qLBhlfKr53CmBX/SnUblFWrvNkyRl9694+R3i8L4d2S9q/Ko4Y0OuYd93TupYn2Yb3rEfhNYocFdv/k5+FgEEK6x0GE1e SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: caviumnetworks.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2018 06:54:39.8171 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 88370e2e-4404-479c-03e9-08d55664b0cc X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 711e4ccf-2e9b-4bcf-a551-4094005b6194 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0701MB1066 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180107_225457_403210_05E64876 X-CRM114-Status: GOOD ( 11.20 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: lorenzo.pieralisi@arm.com, ard.biesheuvel@linaro.org, catalin.marinas@arm.com, linux-kernel@vger.kernel.org, christoffer.dall@linaro.org, labbott@redhat.com, linux-arm-kernel@lists.infradead.org, Jayachandran C Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP Use PSCI based mitigation for speculative execution attacks targeting the branch predictor. The approach is similar to the one used for Cortex-A CPUs, but in case of ThunderX2 we add another SMC call to test if the firmware supports the capability. If the secure firmware has been updated with the mitigation code to invalidate the branch target buffer, we use the PSCI version call to invoke it. Signed-off-by: Jayachandran C --- arch/arm64/kernel/cpu_errata.c | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index cb0fb37..abceb5d 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -124,6 +124,7 @@ static void install_bp_hardening_cb(const struct arm64_cpu_capabilities *entry, __install_bp_hardening_cb(fn, hyp_vecs_start, hyp_vecs_end); } +#include #include static int enable_psci_bp_hardening(void *data) @@ -138,6 +139,33 @@ static int enable_psci_bp_hardening(void *data) return 0; } + +#define CAVIUM_TX2_SIP_SMC_CALL 0xC200FF00 +#define CAVIUM_TX2_BTB_HARDEN_CAP 0xB0A0 + +static int enable_tx2_psci_bp_hardening(void *data) +{ + const struct arm64_cpu_capabilities *entry = data; + struct arm_smccc_res res; + + if (!entry->matches(entry, SCOPE_LOCAL_CPU)) + return; + + arm_smccc_smc(CAVIUM_TX2_SIP_SMC_CALL, CAVIUM_TX2_BTB_HARDEN_CAP, 0, 0, 0, 0, 0, 0, &res); + if (res.a0 != 0) { + pr_warn("Error: CONFIG_HARDEN_BRANCH_PREDICTOR enabled, but firmware does not support it\n"); + return 0; + } + if (res.a1 == 1 && psci_ops.get_version) { + pr_info("CPU%d: Branch predictor hardening enabled\n", smp_processor_id()); + install_bp_hardening_cb(entry, + (bp_hardening_cb_t)psci_ops.get_version, + __psci_hyp_bp_inval_start, + __psci_hyp_bp_inval_end); + } + + return 0; +} #endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */ #define MIDR_RANGE(model, min, max) \ @@ -302,6 +330,16 @@ const struct arm64_cpu_capabilities arm64_errata[] = { MIDR_ALL_VERSIONS(MIDR_CORTEX_A75), .enable = enable_psci_bp_hardening, }, + { + .capability = ARM64_HARDEN_BRANCH_PREDICTOR, + MIDR_ALL_VERSIONS(MIDR_BRCM_VULCAN), + .enable = enable_tx2_psci_bp_hardening, + }, + { + .capability = ARM64_HARDEN_BRANCH_PREDICTOR, + MIDR_ALL_VERSIONS(MIDR_CAVIUM_THUNDERX2), + .enable = enable_tx2_psci_bp_hardening, + }, #endif { }