Commit 228a26b9 authored by James Morse's avatar James Morse
Browse files

arm64: Use the clearbhb instruction in mitigations 



Future CPUs may implement a clearbhb instruction that is sufficient
to mitigate SpectreBHB. CPUs that implement this instruction, but
not CSV2.3 must be affected by Spectre-BHB.

Add support to use this instruction as the BHB mitigation on CPUs
that support it. The instruction is in the hint space, so it will
be treated by a NOP as older CPUs.

Reviewed-by: default avatarRussell King (Oracle) <rmk+kernel@armlinux.org.uk>
Reviewed-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
Signed-off-by: default avatarJames Morse <james.morse@arm.com>
parent a5905d6a

arch/arm64/include/asm/assembler.h

+17 −0
Original line number Diff line number Diff line
@@ -108,6 +108,13 @@ 
	hint	#20

	.endm



/*

 * Clear Branch History instruction

 */

	.macro clearbhb

	hint	#22

	.endm



/*

 * Speculation barrier

 */
@@ -884,6 +891,16 @@ alternative_cb smccc_patch_fw_mitigation_conduit 
alternative_cb_end

	ldp	x2, x3, [sp], #16

	ldp	x0, x1, [sp], #16

#endif /* CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY */

	.endm



	.macro mitigate_spectre_bhb_clear_insn

#ifdef CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY

alternative_cb	spectre_bhb_patch_clearbhb

	/* Patched to NOP when not supported */

	clearbhb

	isb

alternative_cb_end

#endif /* CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY */

	.endm

#endif	/* __ASM_ASSEMBLER_H */

arch/arm64/include/asm/cpufeature.h

+13 −0
Original line number Diff line number Diff line
@@ -653,6 +653,19 @@ static inline bool supports_csv2p3(int scope) 
	return csv2_val == 3;

}



static inline bool supports_clearbhb(int scope)

{

	u64 isar2;



	if (scope == SCOPE_LOCAL_CPU)

		isar2 = read_sysreg_s(SYS_ID_AA64ISAR2_EL1);

	else

		isar2 = read_sanitised_ftr_reg(SYS_ID_AA64ISAR2_EL1);



	return cpuid_feature_extract_unsigned_field(isar2,

						    ID_AA64ISAR2_CLEARBHB_SHIFT);

}



const struct cpumask *system_32bit_el0_cpumask(void);

DECLARE_STATIC_KEY_FALSE(arm64_mismatched_32bit_el0);

arch/arm64/include/asm/insn.h

+1 −0
Original line number Diff line number Diff line
@@ -65,6 +65,7 @@ enum aarch64_insn_hint_cr_op { 
	AARCH64_INSN_HINT_PSB  = 0x11 << 5,

	AARCH64_INSN_HINT_TSB  = 0x12 << 5,

	AARCH64_INSN_HINT_CSDB = 0x14 << 5,

	AARCH64_INSN_HINT_CLEARBHB = 0x16 << 5,



	AARCH64_INSN_HINT_BTI   = 0x20 << 5,

	AARCH64_INSN_HINT_BTIC  = 0x22 << 5,

arch/arm64/include/asm/sysreg.h

+1 −0
Original line number Diff line number Diff line
@@ -773,6 +773,7 @@ 
#define ID_AA64ISAR1_GPI_IMP_DEF		0x1



/* id_aa64isar2 */

#define ID_AA64ISAR2_CLEARBHB_SHIFT	28

#define ID_AA64ISAR2_RPRES_SHIFT	4

#define ID_AA64ISAR2_WFXT_SHIFT		0

arch/arm64/include/asm/vectors.h

+7 −0
Original line number Diff line number Diff line
@@ -32,6 +32,12 @@ enum arm64_bp_harden_el1_vectors { 
	 * canonical vectors.

	 */

	EL1_VECTOR_BHB_FW,



	/*

	 * Use the ClearBHB instruction, before branching to the canonical

	 * vectors.

	 */

	EL1_VECTOR_BHB_CLEAR_INSN,

#endif /* CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY */



	/*
@@ -43,6 +49,7 @@ enum arm64_bp_harden_el1_vectors { 
#ifndef CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY

#define EL1_VECTOR_BHB_LOOP		-1

#define EL1_VECTOR_BHB_FW		-1

#define EL1_VECTOR_BHB_CLEAR_INSN	-1

#endif /* !CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY */



/* The vectors to use on return from EL0. e.g. to remap the kernel */