[PATCH 2/2] arm64: entry: Apply BP hardening for suspicious interrupts from EL0

Fri Feb 2 09:51:11 PST 2018

On 02/02/18 17:31, Will Deacon wrote:
> It is possible to take an IRQ from EL0 following a branch to a kernel
> address in such a way that the IRQ is prioritised over the instruction
> abort. Whilst an attacker would need to get the starts to align here,
> it might be sufficient with enough calibration so perform BP hardening
> in the rare case that we see a kernel address in the ELR when handling
> an IRQ from EL0.
> 
> Reported-by: Dan Hettena <dhettena at nvidia.com>
> Signed-off-by: Will Deacon <will.deacon at arm.com>

Reviewed-by: Marc Zyngier <marc.zyngier at arm.com>

	M.
-- 
Jazz is not dead. It just smells funny...