|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 0/5] xen/arm64: Branch predictor hardening (XSA-254 variant 2)
Hi all, This series provides a framework for mitigating branch predictor hardening on Arm64 on exception entry. It also implements a dummy PSCI "VERSION" call as the hook for affected Cortex-A CPUs. This will invalidate the predictor state with the latest Arm Trusted Firmware patches which will appear at [1] and SoC vendors with affected CPUs are strongly encouraged to update. We plan to switch to a more efficient, special-purpose call when it is available and the PSCI spec has been updated accordingly. For more information about the impact of this issue and the software mitigations for Arm processors, please see http://www.arm.com/security-update. [1] https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-6 Julien Grall (5): xen/arm: Introduce enable callback to enable a capabilities on each online CPU xen/arm64: Add missing MIDR values for Cortex-A72, A73 and A75 xen/arm: cpuerrata: Add MIDR_ALL_VERSIONS xen/arm64: Add skeleton to harden the branch predictor aliasing attacks xen/arm64: Implement branch predictor hardening for affected Cortex-A CPUs xen/arch/arm/Kconfig | 20 ++++ xen/arch/arm/arm64/Makefile | 1 + xen/arch/arm/arm64/bpi.S | 89 +++++++++++++++++ xen/arch/arm/cpuerrata.c | 203 +++++++++++++++++++++++++++++++++++++++ xen/arch/arm/cpufeature.c | 29 ++++++ xen/arch/arm/setup.c | 1 + xen/arch/arm/traps.c | 5 +- xen/include/asm-arm/cpuerrata.h | 2 + xen/include/asm-arm/cpufeature.h | 6 +- xen/include/asm-arm/processor.h | 11 ++- 10 files changed, 363 insertions(+), 4 deletions(-) create mode 100644 xen/arch/arm/arm64/bpi.S -- 2.11.0 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |