On 12.01.2018 15:54, Warner Losh wrote:
On Fri, Jan 12, 2018 at 7:52 AM, Andrew Turner <and...@freebsd.org
<mailto:and...@freebsd.org>> wrote:
On 12 Jan 2018, at 14:37, Warner Losh <i...@bsdimp.com
<mailto:i...@bsdimp.com>> wrote:
On Fri, Jan 12, 2018 at 7:15 AM, Andrew Turner <and...@freebsd.org
<mailto:and...@freebsd.org>> wrote:
On 12 Jan 2018, at 14:10, Marcin Wojtas <m...@semihalf.com
<mailto:m...@semihalf.com>> wrote:
Hi Andrew,
2018-01-12 15:01 GMT+01:00 Andrew Turner <and...@freebsd.org
<mailto:and...@freebsd.org>>:
Author: andrew
Date: Fri Jan 12 14:01:38 2018
New Revision: 327876
URL: https://svnweb.freebsd.org/changeset/base/327876
<https://svnweb.freebsd.org/changeset/base/327876>
Log:
Workaround Spectre Variant 2 on arm64.
We need to handle two cases:
1. One process attacking another process.
2. A process attacking the kernel.
For the first case we clear the branch predictor state on
context switch
between different processes. For the second we do this when
taking an
instruction abort on a non-userspace address.
To clear the branch predictor state a per-CPU function
pointer has been
added. This is set by the new cpu errata code based on if
the CPU is
known to be affected.
On Cortex-A57, A72, A73, and A75 we call into the PSCI
firmware as newer
versions of this will clear the branch predictor state for us.
It has been reported the ThunderX is unaffected, however
the ThunderX2 is
vulnerable. The Qualcomm Falkor core is also affected. As
FreeBSD doesn't
yet run on the ThunderX2 or Falkor no workaround is
included for these CPUs.
Regardless ThunderX2 / Falkor work-arounds, do I understand
correctly
that pure CA72 machines, such as Marvell Armada 7k/8k are
immune to
Variant 2 now?
It is my understanding that the A72 will be immune with this
patch and an updated Arm Trusted Firmware as documented in [1].
Andrew
[1]
https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-6
<https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-6>
Are you also working on aarch32 mitigation?
No. I think a similar technique could be used, however as aarch32
has instructions to invalidate the branch predictor these can be
used directly.
That's my reading as well. It looks fairly easy to do it always, but
I've not researched it sufficiently.
I work on patches for armv6/7. But for aarch32, there is, unfortunately,
much less information available about affective mitigation of variant 2.
BPIALL while switching pmap is clear and we have it in code for years
(well, BPIALL is effectively NOP for A15/A17, it must be explicitly
enabled).
But is not clear for me for which trap is branch predictor flush necessary.
Michal
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
