|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 5/5] xen/arm64: Implement branch predictor hardening for affected Cortex-A CPUs
On Tue, 16 Jan 2018, Julien Grall wrote:
> Cortex-A57, A72, A73 and A75 are susceptible to branch predictor
> aliasing and can theoritically be attacked by malicious code.
>
> This patch implements a PSCI-based mitigation for these CPUs when
> available. The call into firmware will invalidate the branch predictor
> state, preventing any malicious entries from affection other victim
> contexts.
>
> Ported from Linux
> git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git
> branch kpti.
>
> Signed-off-by: Marc Zyngier <marc.zyngier@xxxxxxx>
> Signed-off-by: Will Deacon <will.deacon@xxxxxxx>
>
> This is part of XSA-254.
>
> Signed-off-by: Julien Grall <julien.grall@xxxxxxxxxx>
> ---
> xen/arch/arm/arm64/bpi.S | 25 ++++++++++++++++++++++++
> xen/arch/arm/cpuerrata.c | 49
> ++++++++++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 74 insertions(+)
>
> diff --git a/xen/arch/arm/arm64/bpi.S b/xen/arch/arm/arm64/bpi.S
> index 6cc2f17529..4b7f1dc21f 100644
> --- a/xen/arch/arm/arm64/bpi.S
> +++ b/xen/arch/arm/arm64/bpi.S
> @@ -56,6 +56,31 @@ ENTRY(__bp_harden_hyp_vecs_start)
> .endr
> ENTRY(__bp_harden_hyp_vecs_end)
>
> +ENTRY(__psci_hyp_bp_inval_start)
> + sub sp, sp, #(8 * 18)
> + stp x16, x17, [sp, #(16 * 0)]
> + stp x14, x15, [sp, #(16 * 1)]
> + stp x12, x13, [sp, #(16 * 2)]
> + stp x10, x11, [sp, #(16 * 3)]
> + stp x8, x9, [sp, #(16 * 4)]
> + stp x6, x7, [sp, #(16 * 5)]
> + stp x4, x5, [sp, #(16 * 6)]
> + stp x2, x3, [sp, #(16 * 7)]
> + stp x0, x1, [sp, #(16 * 8)]
> + mov x0, #0x84000000
> + smc #0
> + ldp x16, x17, [sp, #(16 * 0)]
> + ldp x14, x15, [sp, #(16 * 1)]
> + ldp x12, x13, [sp, #(16 * 2)]
> + ldp x10, x11, [sp, #(16 * 3)]
> + ldp x8, x9, [sp, #(16 * 4)]
> + ldp x6, x7, [sp, #(16 * 5)]
> + ldp x4, x5, [sp, #(16 * 6)]
> + ldp x2, x3, [sp, #(16 * 7)]
> + ldp x0, x1, [sp, #(16 * 8)]
> + add sp, sp, #(8 * 18)
> +ENTRY(__psci_hyp_bp_inval_end)
> +
> /*
> * Local variables:
> * mode: ASM
> diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c
> index 76d98e771d..f1ea7f3c5b 100644
> --- a/xen/arch/arm/cpuerrata.c
> +++ b/xen/arch/arm/cpuerrata.c
> @@ -4,8 +4,10 @@
> #include <xen/smp.h>
> #include <xen/spinlock.h>
> #include <xen/vmap.h>
> +#include <xen/warning.h>
> #include <asm/cpufeature.h>
> #include <asm/cpuerrata.h>
> +#include <asm/psci.h>
>
> /* Override macros from asm/page.h to make them work with mfn_t */
> #undef virt_to_mfn
> @@ -141,6 +143,31 @@ install_bp_hardening_vec(const struct
> arm_cpu_capabilities *entry,
> return ret;
> }
>
> +extern char __psci_hyp_bp_inval_start[], __psci_hyp_bp_inval_end[];
> +
> +static int enable_psci_bp_hardening(void *data)
> +{
> + bool ret = true;
> + static bool warned = false;
> +
> + /*
> + * The mitigation is using PSCI version function to invalidate the
> + * branch predictor. This function is only available with PSCI 0.2
> + * and later.
> + */
> + if ( psci_ver >= PSCI_VERSION(0, 2) )
> + ret = install_bp_hardening_vec(data, __psci_hyp_bp_inval_start,
> + __psci_hyp_bp_inval_end);
> + else if ( !warned )
> + {
> + ASSERT(system_state < SYS_STATE_active);
> + warning_add("PSCI 0.2 or later is required for the branch predictor
> hardening.\n");
> + warned = true;
> + }
> +
> + return !ret;
> +}
> +
> #endif /* CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR */
>
> #define MIDR_RANGE(model, min, max) \
> @@ -205,6 +232,28 @@ static const struct arm_cpu_capabilities arm_errata[] = {
> (1 << MIDR_VARIANT_SHIFT) | 2),
> },
> #endif
> +#ifdef CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR
> + {
> + .capability = ARM_HARDEN_BRANCH_PREDICTOR,
> + MIDR_ALL_VERSIONS(MIDR_CORTEX_A57),
> + .enable = enable_psci_bp_hardening,
> + },
> + {
> + .capability = ARM_HARDEN_BRANCH_PREDICTOR,
> + MIDR_ALL_VERSIONS(MIDR_CORTEX_A72),
> + .enable = enable_psci_bp_hardening,
> + },
> + {
> + .capability = ARM_HARDEN_BRANCH_PREDICTOR,
> + MIDR_ALL_VERSIONS(MIDR_CORTEX_A73),
> + .enable = enable_psci_bp_hardening,
> + },
> + {
> + .capability = ARM_HARDEN_BRANCH_PREDICTOR,
> + MIDR_ALL_VERSIONS(MIDR_CORTEX_A75),
> + .enable = enable_psci_bp_hardening,
> + },
We need to add a basic description in the desc field as it is printed by
update_cpu_capabilities.
> +#endif
> {},
> };
>
> --
> 2.11.0
>
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |