Patch "[PATCH stable v4.14 25/32] powerpc/fsl: Flush the branch predictor at each kernel entry (64bit)" has been added to the 4.14-stable tree

public inbox for linuxppc-dev@ozlabs.org 
 help / color / mirror / Atom feed

From: <gregkh@linuxfoundation•org>
To: christophe.leroy@c-s•fr, diana.craciun@nxp•com,
	gregkh@linuxfoundation•org, linuxppc-dev@ozlabs•org,
	mpe@ellerman•id.au, msuchanek@suse•de
Cc: stable-commits@vger•kernel.org
Subject: Patch "[PATCH stable v4.14 25/32] powerpc/fsl: Flush the branch predictor at each kernel entry (64bit)" has been added to the 4.14-stable tree
Date: Fri, 29 Mar 2019 15:54:47 +0100	[thread overview]
Message-ID: <1553871287218144@kroah.com> (raw)
In-Reply-To: <20190329112620.14489-26-mpe@ellerman.id.au>


This is a note to let you know that I've just added the patch titled

    [PATCH stable v4.14 25/32] powerpc/fsl: Flush the branch predictor at each kernel entry (64bit)

to the 4.14-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     powerpc-fsl-flush-the-branch-predictor-at-each-kernel-entry-64bit.patch
and it can be found in the queue-4.14 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger•kernel.org> know about it.


From foo@baz Fri Mar 29 15:53:50 CET 2019
From: Michael Ellerman <mpe@ellerman•id.au>
Date: Fri, 29 Mar 2019 22:26:13 +1100
Subject: [PATCH stable v4.14 25/32] powerpc/fsl: Flush the branch predictor at each kernel entry (64bit)
To: stable@vger•kernel.org, gregkh@linuxfoundation•org
Cc: linuxppc-dev@ozlabs•org, diana.craciun@nxp•com, msuchanek@suse•de, christophe.leroy@c-s•fr
Message-ID: <20190329112620.14489-26-mpe@ellerman•id.au>

From: Michael Ellerman <mpe@ellerman•id.au>

From: Diana Craciun <diana.craciun@nxp•com>

commit 10c5e83afd4a3f01712d97d3bb1ae34d5b74a185 upstream.

In order to protect against speculation attacks on
indirect branches, the branch predictor is flushed at
kernel entry to protect for the following situations:
- userspace process attacking another userspace process
- userspace process attacking the kernel
Basically when the privillege level change (i.e. the
kernel is entered), the branch predictor state is flushed.

Signed-off-by: Diana Craciun <diana.craciun@nxp•com>
Signed-off-by: Michael Ellerman <mpe@ellerman•id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation•org>
---
 arch/powerpc/kernel/entry_64.S       |    5 +++++
 arch/powerpc/kernel/exceptions-64e.S |   26 +++++++++++++++++++++++++-
 arch/powerpc/mm/tlb_low_64e.S        |    7 +++++++
 3 files changed, 37 insertions(+), 1 deletion(-)

--- a/arch/powerpc/kernel/entry_64.S
+++ b/arch/powerpc/kernel/entry_64.S
@@ -78,6 +78,11 @@ END_FTR_SECTION_IFSET(CPU_FTR_TM)
 	std	r0,GPR0(r1)
 	std	r10,GPR1(r1)
 	beq	2f			/* if from kernel mode */
+#ifdef CONFIG_PPC_FSL_BOOK3E
+START_BTB_FLUSH_SECTION
+	BTB_FLUSH(r10)
+END_BTB_FLUSH_SECTION
+#endif
 	ACCOUNT_CPU_USER_ENTRY(r13, r10, r11)
 2:	std	r2,GPR2(r1)
 	std	r3,GPR3(r1)
--- a/arch/powerpc/kernel/exceptions-64e.S
+++ b/arch/powerpc/kernel/exceptions-64e.S
@@ -295,7 +295,8 @@ ret_from_mc_except:
 	andi.	r10,r11,MSR_PR;		/* save stack pointer */	    \
 	beq	1f;			/* branch around if supervisor */   \
 	ld	r1,PACAKSAVE(r13);	/* get kernel stack coming from usr */\
-1:	cmpdi	cr1,r1,0;		/* check if SP makes sense */	    \
+1:	type##_BTB_FLUSH		\
+	cmpdi	cr1,r1,0;		/* check if SP makes sense */	    \
 	bge-	cr1,exc_##n##_bad_stack;/* bad stack (TODO: out of line) */ \
 	mfspr	r10,SPRN_##type##_SRR0;	/* read SRR0 before touching stack */
 
@@ -327,6 +328,29 @@ ret_from_mc_except:
 #define SPRN_MC_SRR0	SPRN_MCSRR0
 #define SPRN_MC_SRR1	SPRN_MCSRR1
 
+#ifdef CONFIG_PPC_FSL_BOOK3E
+#define GEN_BTB_FLUSH			\
+	START_BTB_FLUSH_SECTION		\
+		beq 1f;			\
+		BTB_FLUSH(r10)			\
+		1:		\
+	END_BTB_FLUSH_SECTION
+
+#define CRIT_BTB_FLUSH			\
+	START_BTB_FLUSH_SECTION		\
+		BTB_FLUSH(r10)		\
+	END_BTB_FLUSH_SECTION
+
+#define DBG_BTB_FLUSH CRIT_BTB_FLUSH
+#define MC_BTB_FLUSH CRIT_BTB_FLUSH
+#define GDBELL_BTB_FLUSH GEN_BTB_FLUSH
+#else
+#define GEN_BTB_FLUSH
+#define CRIT_BTB_FLUSH
+#define DBG_BTB_FLUSH
+#define GDBELL_BTB_FLUSH
+#endif
+
 #define NORMAL_EXCEPTION_PROLOG(n, intnum, addition)			    \
 	EXCEPTION_PROLOG(n, intnum, GEN, addition##_GEN(n))
 
--- a/arch/powerpc/mm/tlb_low_64e.S
+++ b/arch/powerpc/mm/tlb_low_64e.S
@@ -69,6 +69,13 @@ END_FTR_SECTION_IFSET(CPU_FTR_EMB_HV)
 	std	r15,EX_TLB_R15(r12)
 	std	r10,EX_TLB_CR(r12)
 #ifdef CONFIG_PPC_FSL_BOOK3E
+START_BTB_FLUSH_SECTION
+	mfspr r11, SPRN_SRR1
+	andi. r10,r11,MSR_PR
+	beq 1f
+	BTB_FLUSH(r10)
+1:
+END_BTB_FLUSH_SECTION
 	std	r7,EX_TLB_R7(r12)
 #endif
 	TLB_MISS_PROLOG_STATS


Patches currently in stable-queue which might be from mpe@ellerman•id.au are

queue-4.14/powerpc-fsl-emulate-sprn_bucsr-register.patch
queue-4.14/powerpc-64-make-stf-barrier-ppc_book3s_64-specific.patch
queue-4.14/powerpc-fsl-fix-spectre_v2-mitigations-reporting.patch
queue-4.14/powerpc-64s-patch-barrier_nospec-in-modules.patch
queue-4.14/powerpc-pseries-query-hypervisor-for-count-cache-flush-settings.patch
queue-4.14/powerpc-64s-add-support-for-software-count-cache-flush.patch
queue-4.14/powerpc64s-show-ori31-availability-in-spectre_v1-sysfs-file-not-v2.patch
queue-4.14/powerpc-fsl-flush-the-branch-predictor-at-each-kernel-entry-64bit.patch
queue-4.14/powerpc-fsl-update-spectre-v2-reporting.patch
queue-4.14/powerpc-64-make-meltdown-reporting-book3s-64-specific.patch
queue-4.14/powerpc-64s-add-support-for-ori-barrier_nospec-patching.patch
queue-4.14/powerpc-use-barrier_nospec-in-copy_from_user.patch
queue-4.14/powerpc-fsl-sanitize-the-syscall-table-for-nxp-powerpc-32-bit-platforms.patch
queue-4.14/powerpc-fsl-add-macro-to-flush-the-branch-predictor.patch
queue-4.14/powerpc-fsl-add-barrier_nospec-implementation-for-nxp-powerpc-book3e.patch
queue-4.14/powerpc-security-fix-spectre_v2-reporting.patch
queue-4.14/powerpc-64-disable-the-speculation-barrier-from-the-command-line.patch
queue-4.14/powerpc-fsl-fix-the-flush-of-branch-predictor.patch
queue-4.14/powerpc-64-add-config_ppc_barrier_nospec.patch
queue-4.14/powerpc-fsl-enable-runtime-patching-if-nospectre_v2-boot-arg-is-used.patch
queue-4.14/powerpc-64-use-barrier_nospec-in-syscall-entry.patch
queue-4.14/powerpc-fsl-fixed-warning-orphan-section-__btb_flush_fixup.patch
queue-4.14/powerpc-fsl-add-nospectre_v2-command-line-argument.patch
queue-4.14/powerpc-64s-add-new-security-feature-flags-for-count-cache-flush.patch
queue-4.14/powerpc-fsl-add-infrastructure-to-fixup-branch-predictor-flush.patch
queue-4.14/powerpc-64s-enhance-the-information-in-cpu_show_spectre_v1.patch
queue-4.14/powerpc-64-call-setup_barrier_nospec-from-setup_arch.patch
queue-4.14/powerpc-asm-add-a-patch_site-macro-helpers-for-patching-instructions.patch
queue-4.14/powerpc-fsl-flush-the-branch-predictor-at-each-kernel-entry-32-bit.patch
queue-4.14/powerpc-64s-enable-barrier_nospec-based-on-firmware-settings.patch
queue-4.14/powerpc-fsl-flush-branch-predictor-when-entering-kvm.patch
queue-4.14/powerpc-powernv-query-firmware-for-count-cache-flush-settings.patch

next prev parent reply	other threads:[~2019-03-29 15:42 UTC|newest]

Thread overview: 87+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-03-29 11:25 [PATCH stable v4.14 00/32] powerpc spectre backports for 4.14 Michael Ellerman
2019-03-29 11:25 ` [PATCH stable v4.14 01/32] powerpc/64s: Add support for ori barrier_nospec patching Michael Ellerman
2019-03-29 14:54   ` Patch "[PATCH stable v4.14 01/32] powerpc/64s: Add support for ori barrier_nospec patching" has been added to the 4.14-stable tree gregkh
2019-03-29 11:25 ` [PATCH stable v4.14 02/32] powerpc/64s: Patch barrier_nospec in modules Michael Ellerman
2019-03-29 14:54   ` Patch "[PATCH stable v4.14 02/32] powerpc/64s: Patch barrier_nospec in modules" has been added to the 4.14-stable tree gregkh
2019-03-29 11:25 ` [PATCH stable v4.14 03/32] powerpc/64s: Enable barrier_nospec based on firmware settings Michael Ellerman
2019-03-29 14:54   ` Patch "[PATCH stable v4.14 03/32] powerpc/64s: Enable barrier_nospec based on firmware settings" has been added to the 4.14-stable tree gregkh
2019-03-29 11:25 ` [PATCH stable v4.14 04/32] powerpc: Use barrier_nospec in copy_from_user() Michael Ellerman
2019-03-29 14:54   ` Patch "[PATCH stable v4.14 04/32] powerpc: Use barrier_nospec in copy_from_user()" has been added to the 4.14-stable tree gregkh
2019-03-29 11:25 ` [PATCH stable v4.14 05/32] powerpc/64: Use barrier_nospec in syscall entry Michael Ellerman
2019-03-29 14:54   ` Patch "[PATCH stable v4.14 05/32] powerpc/64: Use barrier_nospec in syscall entry" has been added to the 4.14-stable tree gregkh
2019-03-29 11:25 ` [PATCH stable v4.14 06/32] powerpc/64s: Enhance the information in cpu_show_spectre_v1() Michael Ellerman
2019-03-29 14:54   ` Patch "[PATCH stable v4.14 06/32] powerpc/64s: Enhance the information in cpu_show_spectre_v1()" has been added to the 4.14-stable tree gregkh
2019-03-29 11:25 ` [PATCH stable v4.14 07/32] powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 Michael Ellerman
2019-03-29 14:54   ` Patch "[PATCH stable v4.14 07/32] powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2" has been added to the 4.14-stable tree gregkh
2019-03-29 11:25 ` [PATCH stable v4.14 08/32] powerpc/64: Disable the speculation barrier from the command line Michael Ellerman
2019-03-29 14:54   ` Patch "[PATCH stable v4.14 08/32] powerpc/64: Disable the speculation barrier from the command line" has been added to the 4.14-stable tree gregkh
2019-03-29 11:25 ` [PATCH stable v4.14 09/32] powerpc/64: Make stf barrier PPC_BOOK3S_64 specific Michael Ellerman
2019-03-29 14:54   ` Patch "[PATCH stable v4.14 09/32] powerpc/64: Make stf barrier PPC_BOOK3S_64 specific." has been added to the 4.14-stable tree gregkh
2019-03-29 11:25 ` [PATCH stable v4.14 10/32] powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC Michael Ellerman
2019-03-29 14:54   ` Patch "[PATCH stable v4.14 10/32] powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC" has been added to the 4.14-stable tree gregkh
2019-03-29 11:25 ` [PATCH stable v4.14 11/32] powerpc/64: Call setup_barrier_nospec() from setup_arch() Michael Ellerman
2019-03-29 14:54   ` Patch "[PATCH stable v4.14 11/32] powerpc/64: Call setup_barrier_nospec() from setup_arch()" has been added to the 4.14-stable tree gregkh
2019-03-29 11:26 ` [PATCH stable v4.14 12/32] powerpc/64: Make meltdown reporting Book3S 64 specific Michael Ellerman
2019-03-29 14:54   ` Patch "[PATCH stable v4.14 12/32] powerpc/64: Make meltdown reporting Book3S 64 specific" has been added to the 4.14-stable tree gregkh
2019-03-29 11:26 ` [PATCH stable v4.14 13/32] powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E Michael Ellerman
2019-03-29 14:54   ` Patch "[PATCH stable v4.14 13/32] powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E" has been added to the 4.14-stable tree gregkh
2019-03-29 16:22   ` [PATCH stable v4.14 13/32] powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E Joakim Tjernlund
2019-04-02  6:19     ` Michael Ellerman
2019-04-02  6:56       ` Joakim Tjernlund
2019-04-03  0:53         ` Michael Ellerman
2019-04-03  4:38           ` Joakim Tjernlund
2019-03-29 11:26 ` [PATCH stable v4.14 14/32] powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms Michael Ellerman
2019-03-29 14:54   ` Patch "[PATCH stable v4.14 14/32] powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms" has been added to the 4.14-stable tree gregkh
2019-03-29 11:26 ` [PATCH stable v4.14 15/32] powerpc/asm: Add a patch_site macro & helpers for patching instructions Michael Ellerman
2019-03-29 14:54   ` Patch "[PATCH stable v4.14 15/32] powerpc/asm: Add a patch_site macro & helpers for patching instructions" has been added to the 4.14-stable tree gregkh
2019-03-29 11:26 ` [PATCH stable v4.14 16/32] powerpc/64s: Add new security feature flags for count cache flush Michael Ellerman
2019-03-29 14:54   ` Patch "[PATCH stable v4.14 16/32] powerpc/64s: Add new security feature flags for count cache flush" has been added to the 4.14-stable tree gregkh
2019-03-29 11:26 ` [PATCH stable v4.14 17/32] powerpc/64s: Add support for software count cache flush Michael Ellerman
2019-03-29 14:54   ` Patch "[PATCH stable v4.14 17/32] powerpc/64s: Add support for software count cache flush" has been added to the 4.14-stable tree gregkh
2019-03-29 11:26 ` [PATCH stable v4.14 18/32] powerpc/pseries: Query hypervisor for count cache flush settings Michael Ellerman
2019-03-29 14:54   ` Patch "[PATCH stable v4.14 18/32] powerpc/pseries: Query hypervisor for count cache flush settings" has been added to the 4.14-stable tree gregkh
2019-03-29 11:26 ` [PATCH stable v4.14 19/32] powerpc/powernv: Query firmware for count cache flush settings Michael Ellerman
2019-03-29 14:54   ` Patch "[PATCH stable v4.14 19/32] powerpc/powernv: Query firmware for count cache flush settings" has been added to the 4.14-stable tree gregkh
2019-03-29 11:26 ` [PATCH stable v4.14 20/32] powerpc/fsl: Add infrastructure to fixup branch predictor flush Michael Ellerman
2019-03-29 14:54   ` Patch "[PATCH stable v4.14 20/32] powerpc/fsl: Add infrastructure to fixup branch predictor flush" has been added to the 4.14-stable tree gregkh
2019-03-29 15:07   ` Patch "powerpc/fsl: Add infrastructure to fixup branch predictor flush" has been added to the 4.19-stable tree gregkh
2019-03-29 11:26 ` [PATCH stable v4.14 21/32] powerpc/fsl: Add macro to flush the branch predictor Michael Ellerman
2019-03-29 14:54   ` Patch "[PATCH stable v4.14 21/32] powerpc/fsl: Add macro to flush the branch predictor" has been added to the 4.14-stable tree gregkh
2019-03-29 15:07   ` Patch "powerpc/fsl: Add macro to flush the branch predictor" has been added to the 4.19-stable tree gregkh
2019-03-29 11:26 ` [PATCH stable v4.14 22/32] powerpc/fsl: Fix spectre_v2 mitigations reporting Michael Ellerman
2019-03-29 14:54   ` Patch "[PATCH stable v4.14 22/32] powerpc/fsl: Fix spectre_v2 mitigations reporting" has been added to the 4.14-stable tree gregkh
2019-03-29 11:26 ` [PATCH stable v4.14 23/32] powerpc/fsl: Emulate SPRN_BUCSR register Michael Ellerman
2019-03-29 14:54   ` Patch "[PATCH stable v4.14 23/32] powerpc/fsl: Emulate SPRN_BUCSR register" has been added to the 4.14-stable tree gregkh
2019-03-29 15:07   ` Patch "powerpc/fsl: Emulate SPRN_BUCSR register" has been added to the 4.19-stable tree gregkh
2019-03-29 11:26 ` [PATCH stable v4.14 24/32] powerpc/fsl: Add nospectre_v2 command line argument Michael Ellerman
2019-03-29 14:54   ` Patch "[PATCH stable v4.14 24/32] powerpc/fsl: Add nospectre_v2 command line argument" has been added to the 4.14-stable tree gregkh
2019-03-29 15:07   ` Patch "powerpc/fsl: Add nospectre_v2 command line argument" has been added to the 4.19-stable tree gregkh
2019-03-29 11:26 ` [PATCH stable v4.14 25/32] powerpc/fsl: Flush the branch predictor at each kernel entry (64bit) Michael Ellerman
2019-03-29 14:54   ` gregkh [this message]
2019-03-29 15:07   ` Patch "powerpc/fsl: Flush the branch predictor at each kernel entry (64bit)" has been added to the 4.19-stable tree gregkh
2019-03-29 11:26 ` [PATCH stable v4.14 26/32] powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit) Michael Ellerman
2019-03-29 14:54   ` Patch "[PATCH stable v4.14 26/32] powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit)" has been added to the 4.14-stable tree gregkh
2019-03-29 15:07   ` Patch "powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit)" has been added to the 4.19-stable tree gregkh
2019-03-29 11:26 ` [PATCH stable v4.14 27/32] powerpc/fsl: Flush branch predictor when entering KVM Michael Ellerman
2019-03-29 14:54   ` Patch "[PATCH stable v4.14 27/32] powerpc/fsl: Flush branch predictor when entering KVM" has been added to the 4.14-stable tree gregkh
2019-03-29 15:07   ` Patch "powerpc/fsl: Flush branch predictor when entering KVM" has been added to the 4.19-stable tree gregkh
2019-03-29 11:26 ` [PATCH stable v4.14 28/32] powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used Michael Ellerman
2019-03-29 14:54   ` Patch "[PATCH stable v4.14 28/32] powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used" has been added to the 4.14-stable tree gregkh
2019-03-29 15:07   ` Patch "powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used" has been added to the 4.19-stable tree gregkh
2019-03-29 11:26 ` [PATCH stable v4.14 29/32] powerpc/fsl: Update Spectre v2 reporting Michael Ellerman
2019-03-29 14:54   ` Patch "[PATCH stable v4.14 29/32] powerpc/fsl: Update Spectre v2 reporting" has been added to the 4.14-stable tree gregkh
2019-03-29 15:07   ` Patch "powerpc/fsl: Update Spectre v2 reporting" has been added to the 4.19-stable tree gregkh
2019-03-29 11:26 ` [PATCH stable v4.14 30/32] powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup' Michael Ellerman
2019-03-29 14:54   ` Patch "[PATCH stable v4.14 30/32] powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup'" has been added to the 4.14-stable tree gregkh
2019-03-29 15:07   ` Patch "powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup'" has been added to the 4.19-stable tree gregkh
2019-03-29 11:26 ` [PATCH stable v4.14 31/32] powerpc/fsl: Fix the flush of branch predictor Michael Ellerman
2019-03-29 14:54   ` Patch "[PATCH stable v4.14 31/32] powerpc/fsl: Fix the flush of branch predictor." has been added to the 4.14-stable tree gregkh
2019-03-29 15:07   ` Patch "powerpc/fsl: Fix the flush of branch predictor." has been added to the 4.19-stable tree gregkh
2019-03-29 11:26 ` [PATCH stable v4.14 32/32] powerpc/security: Fix spectre_v2 reporting Michael Ellerman
2019-03-29 14:54   ` Patch "[PATCH stable v4.14 32/32] powerpc/security: Fix spectre_v2 reporting" has been added to the 4.14-stable tree gregkh
2019-03-29 15:07   ` Patch "powerpc/security: Fix spectre_v2 reporting" has been added to the 4.19-stable tree gregkh
2019-03-29 14:51 ` [PATCH stable v4.14 00/32] powerpc spectre backports for 4.14 Greg KH
2019-03-29 15:09   ` Greg KH
2019-03-31  9:53     ` Michael Ellerman
2019-04-02 15:21       ` Diana Madalina Craciun
2019-04-02 15:49         ` Greg KH

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1553871287218144@kroah.com \
    --to=gregkh@linuxfoundation$(echo .)org \
    --cc=christophe.leroy@c-s$(echo .)fr \
    --cc=diana.craciun@nxp$(echo .)com \
    --cc=linuxppc-dev@ozlabs$(echo .)org \
    --cc=mpe@ellerman$(echo .)id.au \
    --cc=msuchanek@suse$(echo .)de \
    --cc=stable-commits@vger$(echo .)kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox