From owner-svn-src-head@freebsd.org Thu Dec 19 08:52:17 2019 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 919CF1D9DF6; Thu, 19 Dec 2019 08:52:17 +0000 (UTC) (envelope-from andrew@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47dlxY3JVCz4Qdw; Thu, 19 Dec 2019 08:52:17 +0000 (UTC) (envelope-from andrew@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 53A6EC382; Thu, 19 Dec 2019 08:52:17 +0000 (UTC) (envelope-from andrew@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id xBJ8qHRA002681; Thu, 19 Dec 2019 08:52:17 GMT (envelope-from andrew@FreeBSD.org) Received: (from andrew@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id xBJ8qGJi002679; Thu, 19 Dec 2019 08:52:16 GMT (envelope-from andrew@FreeBSD.org) Message-Id: <201912190852.xBJ8qGJi002679@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: andrew set sender to andrew@FreeBSD.org using -f From: Andrew Turner Date: Thu, 19 Dec 2019 08:52:16 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r355907 - in head/sys/arm64: arm64 include X-SVN-Group: head X-SVN-Commit-Author: andrew X-SVN-Commit-Paths: in head/sys/arm64: arm64 include X-SVN-Commit-Revision: 355907 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Dec 2019 08:52:17 -0000 Author: andrew Date: Thu Dec 19 08:52:16 2019 New Revision: 355907 URL: https://svnweb.freebsd.org/changeset/base/355907 Log: Stop speculation past an eret instruction On arm64 the eret instruction is used to return from an exception handler. Some implementations may speculate past this instruction into the next function. As the user may control many registers in these functions add a synchronisation barrier sequence after the eret instruction to stop these CPUs from speculating out of the exception handler. PR: 242676 Submitted by: Anthony Steinhauser (previous version) MFC after: 1 week Modified: head/sys/arm64/arm64/exception.S head/sys/arm64/arm64/swtch.S head/sys/arm64/include/asm.h Modified: head/sys/arm64/arm64/exception.S ============================================================================== --- head/sys/arm64/arm64/exception.S Thu Dec 19 04:58:11 2019 (r355906) +++ head/sys/arm64/arm64/exception.S Thu Dec 19 08:52:16 2019 (r355907) @@ -175,7 +175,7 @@ ENTRY(handle_el1h_sync) mov x1, sp bl do_el1h_sync restore_registers 1 - eret + ERET END(handle_el1h_sync) ENTRY(handle_el1h_irq) @@ -183,7 +183,7 @@ ENTRY(handle_el1h_irq) mov x0, sp bl intr_irq_handler restore_registers 1 - eret + ERET END(handle_el1h_irq) ENTRY(handle_el0_sync) @@ -194,7 +194,7 @@ ENTRY(handle_el0_sync) bl do_el0_sync do_ast restore_registers 0 - eret + ERET END(handle_el0_sync) ENTRY(handle_el0_irq) @@ -203,7 +203,7 @@ ENTRY(handle_el0_irq) bl intr_irq_handler do_ast restore_registers 0 - eret + ERET END(handle_el0_irq) ENTRY(handle_serror) Modified: head/sys/arm64/arm64/swtch.S ============================================================================== --- head/sys/arm64/arm64/swtch.S Thu Dec 19 04:58:11 2019 (r355906) +++ head/sys/arm64/arm64/swtch.S Thu Dec 19 08:52:16 2019 (r355907) @@ -253,7 +253,7 @@ ENTRY(fork_trampoline) * No need for interrupts reenabling since PSR * will be set to the desired value anyway. */ - eret + ERET END(fork_trampoline) Modified: head/sys/arm64/include/asm.h ============================================================================== --- head/sys/arm64/include/asm.h Thu Dec 19 04:58:11 2019 (r355906) +++ head/sys/arm64/include/asm.h Thu Dec 19 08:52:16 2019 (r355907) @@ -90,4 +90,16 @@ .inst 0xd500409f | (1 << 8); /* Set PAN */ \ 999: +/* + * Some AArch64 CPUs speculate past an eret instruction. As the user may + * control the registers at this point add a speculation barrier usable on + * all AArch64 CPUs after the eret instruction. + * TODO: ARMv8.5 adds a specific instruction for this, we could use that + * if we know we are running on something that supports it. + */ +#define ERET \ + eret; \ + dsb sy; \ + isb + #endif /* _MACHINE_ASM_H_ */