[PATCH v2 1/6] arm: Add BTB invalidation on switch_mm for Cortex-A9, A12 and A17

Andre Przywara andre.przywara at arm.com
Tue Jan 9 06:14:22 PST 2018 

Hi,

On 08/01/18 18:55, Marc Zyngier wrote:
> In order to avoid aliasing attacks against the branch predictor,
> some implementations require to invalidate the BTB when switching
> from one user context to another.
> 
> For this, we reuse the existing implementation for Cortex-A8, and
> apply it to A9, A12 and A17.
> 
> Signed-off-by: Marc Zyngier <marc.zyngier at arm.com>
> ---
>  arch/arm/mm/proc-v7-2level.S |  4 ++--
>  arch/arm/mm/proc-v7-3level.S |  6 ++++++
>  arch/arm/mm/proc-v7.S        | 30 +++++++++++++++---------------
>  3 files changed, 23 insertions(+), 17 deletions(-)
> 
> diff --git a/arch/arm/mm/proc-v7-2level.S b/arch/arm/mm/proc-v7-2level.S
> index c6141a5435c3..0422e58b74e8 100644
> --- a/arch/arm/mm/proc-v7-2level.S
> +++ b/arch/arm/mm/proc-v7-2level.S
> @@ -41,7 +41,7 @@
>   *	even on Cortex-A8 revisions not affected by 430973.
>   *	If IBE is not set, the flush BTAC/BTB won't do anything.
>   */
> -ENTRY(cpu_ca8_switch_mm)
> +ENTRY(cpu_v7_btbinv_switch_mm)
>  #ifdef CONFIG_MMU
>  	mov	r2, #0
>  	mcr	p15, 0, r2, c7, c5, 6		@ flush BTAC/BTB
> @@ -66,7 +66,7 @@ ENTRY(cpu_v7_switch_mm)
>  #endif
>  	bx	lr
>  ENDPROC(cpu_v7_switch_mm)
> -ENDPROC(cpu_ca8_switch_mm)
> +ENDPROC(cpu_v7_btbinv_switch_mm)
>  
>  /*
>   *	cpu_v7_set_pte_ext(ptep, pte)
> diff --git a/arch/arm/mm/proc-v7-3level.S b/arch/arm/mm/proc-v7-3level.S
> index 7d16bbc4102b..f6adfe88ead2 100644
> --- a/arch/arm/mm/proc-v7-3level.S
> +++ b/arch/arm/mm/proc-v7-3level.S
> @@ -54,6 +54,11 @@
>   * Set the translation table base pointer to be pgd_phys (physical address of
>   * the new TTB).
>   */
> +ENTRY(cpu_v7_btbinv_switch_mm)
> +#ifdef CONFIG_MMU
> +	mov	r3, #0

As Robin pointed out correctly, BPIALL ignores Rt, so you can get rid of
that line entirely (which is not matching the actual Rt below, btw).
Might be worth to add a comment about this.

Cheers,
Andre.

> +	mcr	p15, 0, r2, c7, c5, 6			@ flush BTAC/BTB
> +#endif
>  ENTRY(cpu_v7_switch_mm)
>  #ifdef CONFIG_MMU
>  	mmid	r2, r2
> @@ -64,6 +69,7 @@ ENTRY(cpu_v7_switch_mm)
>  #endif
>  	ret	lr
>  ENDPROC(cpu_v7_switch_mm)
> +ENDPROC(cpu_v7_btbinv_switch_mm)
>  
>  #ifdef __ARMEB__
>  #define rl r3
> diff --git a/arch/arm/mm/proc-v7.S b/arch/arm/mm/proc-v7.S
> index 01d64c0b2563..0a14967fd400 100644
> --- a/arch/arm/mm/proc-v7.S
> +++ b/arch/arm/mm/proc-v7.S
> @@ -159,18 +159,18 @@ ENDPROC(cpu_v7_do_resume)
>  #endif
>  
>  /*
> - * Cortex-A8
> + * Cortex-A8/A12/A17 that require a BTB invalidation on switch_mm
>   */
> -	globl_equ	cpu_ca8_proc_init,	cpu_v7_proc_init
> -	globl_equ	cpu_ca8_proc_fin,	cpu_v7_proc_fin
> -	globl_equ	cpu_ca8_reset,		cpu_v7_reset
> -	globl_equ	cpu_ca8_do_idle,	cpu_v7_do_idle
> -	globl_equ	cpu_ca8_dcache_clean_area, cpu_v7_dcache_clean_area
> -	globl_equ	cpu_ca8_set_pte_ext,	cpu_v7_set_pte_ext
> -	globl_equ	cpu_ca8_suspend_size,	cpu_v7_suspend_size
> +	globl_equ	cpu_v7_btbinv_proc_init,	cpu_v7_proc_init
> +	globl_equ	cpu_v7_btbinv_proc_fin,		cpu_v7_proc_fin
> +	globl_equ	cpu_v7_btbinv_reset,		cpu_v7_reset
> +	globl_equ	cpu_v7_btbinv_do_idle,		cpu_v7_do_idle
> +	globl_equ	cpu_v7_btbinv_dcache_clean_area, cpu_v7_dcache_clean_area
> +	globl_equ	cpu_v7_btbinv_set_pte_ext,	cpu_v7_set_pte_ext
> +	globl_equ	cpu_v7_btbinv_suspend_size,	cpu_v7_suspend_size
>  #ifdef CONFIG_ARM_CPU_SUSPEND
> -	globl_equ	cpu_ca8_do_suspend,	cpu_v7_do_suspend
> -	globl_equ	cpu_ca8_do_resume,	cpu_v7_do_resume
> +	globl_equ	cpu_v7_btbinv_do_suspend,	cpu_v7_do_suspend
> +	globl_equ	cpu_v7_btbinv_do_resume,	cpu_v7_do_resume
>  #endif
>  
>  /*
> @@ -181,7 +181,7 @@ ENDPROC(cpu_v7_do_resume)
>  	globl_equ	cpu_ca9mp_reset,	cpu_v7_reset
>  	globl_equ	cpu_ca9mp_do_idle,	cpu_v7_do_idle
>  	globl_equ	cpu_ca9mp_dcache_clean_area, cpu_v7_dcache_clean_area
> -	globl_equ	cpu_ca9mp_switch_mm,	cpu_v7_switch_mm
> +	globl_equ	cpu_ca9mp_switch_mm,	cpu_v7_btbinv_switch_mm
>  	globl_equ	cpu_ca9mp_set_pte_ext,	cpu_v7_set_pte_ext
>  .globl	cpu_ca9mp_suspend_size
>  .equ	cpu_ca9mp_suspend_size, cpu_v7_suspend_size + 4 * 2
> @@ -548,8 +548,8 @@ __v7_setup_stack:
>  
>  	@ define struct processor (see <asm/proc-fns.h> and proc-macros.S)
>  	define_processor_functions v7, dabort=v7_early_abort, pabort=v7_pabort, suspend=1
> +	define_processor_functions v7_btbinv, dabort=v7_early_abort, pabort=v7_pabort, suspend=1
>  #ifndef CONFIG_ARM_LPAE
> -	define_processor_functions ca8, dabort=v7_early_abort, pabort=v7_pabort, suspend=1
>  	define_processor_functions ca9mp, dabort=v7_early_abort, pabort=v7_pabort, suspend=1
>  #endif
>  #ifdef CONFIG_CPU_PJ4B
> @@ -614,7 +614,7 @@ __v7_ca9mp_proc_info:
>  __v7_ca8_proc_info:
>  	.long	0x410fc080
>  	.long	0xff0ffff0
> -	__v7_proc __v7_ca8_proc_info, __v7_setup, proc_fns = ca8_processor_functions
> +	__v7_proc __v7_ca8_proc_info, __v7_setup, proc_fns = v7_btbinv_processor_functions
>  	.size	__v7_ca8_proc_info, . - __v7_ca8_proc_info
>  
>  #endif	/* CONFIG_ARM_LPAE */
> @@ -658,7 +658,7 @@ __v7_ca7mp_proc_info:
>  __v7_ca12mp_proc_info:
>  	.long	0x410fc0d0
>  	.long	0xff0ffff0
> -	__v7_proc __v7_ca12mp_proc_info, __v7_ca12mp_setup
> +	__v7_proc __v7_ca12mp_proc_info, __v7_ca12mp_setup, proc_fns = v7_btbinv_processor_functions
>  	.size	__v7_ca12mp_proc_info, . - __v7_ca12mp_proc_info
>  
>  	/*
> @@ -688,7 +688,7 @@ __v7_b15mp_proc_info:
>  __v7_ca17mp_proc_info:
>  	.long	0x410fc0e0
>  	.long	0xff0ffff0
> -	__v7_proc __v7_ca17mp_proc_info, __v7_ca17mp_setup
> +	__v7_proc __v7_ca17mp_proc_info, __v7_ca17mp_setup, proc_fns = v7_btbinv_processor_functions
>  	.size	__v7_ca17mp_proc_info, . - __v7_ca17mp_proc_info
>  
>  	/*
>

More information about the linux-arm-kernel mailing list