Commit 7fef4362 authored by Diana Craciun's avatar Diana Craciun Committed by Michael Ellerman

powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit)

In order to protect against speculation attacks on
indirect branches, the branch predictor is flushed at
kernel entry to protect for the following situations:
- userspace process attacking another userspace process
- userspace process attacking the kernel
Basically when the privillege level change (i.e.the kernel
is entered), the branch predictor state is flushed.
Signed-off-by: default avatarDiana Craciun <diana.craciun@nxp.com>
Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
parent 10c5e83a
...@@ -43,6 +43,9 @@ ...@@ -43,6 +43,9 @@
andi. r11, r11, MSR_PR; /* check whether user or kernel */\ andi. r11, r11, MSR_PR; /* check whether user or kernel */\
mr r11, r1; \ mr r11, r1; \
beq 1f; \ beq 1f; \
START_BTB_FLUSH_SECTION \
BTB_FLUSH(r11) \
END_BTB_FLUSH_SECTION \
/* if from user, start at top of this thread's kernel stack */ \ /* if from user, start at top of this thread's kernel stack */ \
lwz r11, THREAD_INFO-THREAD(r10); \ lwz r11, THREAD_INFO-THREAD(r10); \
ALLOC_STACK_FRAME(r11, THREAD_SIZE); \ ALLOC_STACK_FRAME(r11, THREAD_SIZE); \
...@@ -128,6 +131,9 @@ ...@@ -128,6 +131,9 @@
stw r9,_CCR(r8); /* save CR on stack */\ stw r9,_CCR(r8); /* save CR on stack */\
mfspr r11,exc_level_srr1; /* check whether user or kernel */\ mfspr r11,exc_level_srr1; /* check whether user or kernel */\
DO_KVM BOOKE_INTERRUPT_##intno exc_level_srr1; \ DO_KVM BOOKE_INTERRUPT_##intno exc_level_srr1; \
START_BTB_FLUSH_SECTION \
BTB_FLUSH(r10) \
END_BTB_FLUSH_SECTION \
andi. r11,r11,MSR_PR; \ andi. r11,r11,MSR_PR; \
mfspr r11,SPRN_SPRG_THREAD; /* if from user, start at top of */\ mfspr r11,SPRN_SPRG_THREAD; /* if from user, start at top of */\
lwz r11,THREAD_INFO-THREAD(r11); /* this thread's kernel stack */\ lwz r11,THREAD_INFO-THREAD(r11); /* this thread's kernel stack */\
......
...@@ -453,6 +453,13 @@ END_FTR_SECTION_IFSET(CPU_FTR_EMB_HV) ...@@ -453,6 +453,13 @@ END_FTR_SECTION_IFSET(CPU_FTR_EMB_HV)
mfcr r13 mfcr r13
stw r13, THREAD_NORMSAVE(3)(r10) stw r13, THREAD_NORMSAVE(3)(r10)
DO_KVM BOOKE_INTERRUPT_DTLB_MISS SPRN_SRR1 DO_KVM BOOKE_INTERRUPT_DTLB_MISS SPRN_SRR1
START_BTB_FLUSH_SECTION
mfspr r11, SPRN_SRR1
andi. r10,r11,MSR_PR
beq 1f
BTB_FLUSH(r10)
1:
END_BTB_FLUSH_SECTION
mfspr r10, SPRN_DEAR /* Get faulting address */ mfspr r10, SPRN_DEAR /* Get faulting address */
/* If we are faulting a kernel address, we have to use the /* If we are faulting a kernel address, we have to use the
...@@ -547,6 +554,14 @@ END_FTR_SECTION_IFSET(CPU_FTR_EMB_HV) ...@@ -547,6 +554,14 @@ END_FTR_SECTION_IFSET(CPU_FTR_EMB_HV)
mfcr r13 mfcr r13
stw r13, THREAD_NORMSAVE(3)(r10) stw r13, THREAD_NORMSAVE(3)(r10)
DO_KVM BOOKE_INTERRUPT_ITLB_MISS SPRN_SRR1 DO_KVM BOOKE_INTERRUPT_ITLB_MISS SPRN_SRR1
START_BTB_FLUSH_SECTION
mfspr r11, SPRN_SRR1
andi. r10,r11,MSR_PR
beq 1f
BTB_FLUSH(r10)
1:
END_BTB_FLUSH_SECTION
mfspr r10, SPRN_SRR0 /* Get faulting address */ mfspr r10, SPRN_SRR0 /* Get faulting address */
/* If we are faulting a kernel address, we have to use the /* If we are faulting a kernel address, we have to use the
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment