From owner-svn-src-all@freebsd.org Fri Jan 12 17:15:19 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D19A0E70DF4; Fri, 12 Jan 2018 17:15:19 +0000 (UTC) (envelope-from melounmichal@gmail.com) Received: from mail-wm0-x22d.google.com (mail-wm0-x22d.google.com [IPv6:2a00:1450:400c:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 70A2E74A20; Fri, 12 Jan 2018 17:15:19 +0000 (UTC) (envelope-from melounmichal@gmail.com) Received: by mail-wm0-x22d.google.com with SMTP id i11so13160842wmf.4; Fri, 12 Jan 2018 09:15:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:reply-to:subject:to:cc:references:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=DFIqFFsB+WCLtaB4gYDxwooQr3DS1Lwg3AwN4OW9MJo=; b=AqhwHsII2W1E8LSp15NIyeO+iJDPbeYDtHpnQYNrdow5tJSTN0zXTAnCfc/wyG6TUm oo5hitq0w8JurB7HBrHynIhsbx6TP4FHH396dsnVwJYtsZcl0iECP1iJq60icMrDOYAD rGgCeXmpxg/6+t6IE2znUBNzJLKr7RLQa9PqBikVji5bHSNnUszRZQicWrtqyL1KplC5 k3fAE3A3uM6A+CaUaqbCJqbAYMkPcmieu3l1rNsKkx3Cu9+onUSWdWk3jS+J0J12HznH 4rzsk/1y0S5GWRdQtCM1X3C2wCScsmpSTcJx8hz6iOZw4uplr9wLGSjijI8+xRrKp6YR lfag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:reply-to:subject:to:cc:references :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=DFIqFFsB+WCLtaB4gYDxwooQr3DS1Lwg3AwN4OW9MJo=; b=Dj7O6bpJIOy5JAwBLlGqEqgBjvtIWyS9isnOdjaZOCGBZiWT3Ymjc9p68H2GqSEtk3 cXTjQC2o7aR0ekLc6IKuNDK8/+QPGVsJp84Tb9sV2VVm2sLfIFVC4eHMPcGeKPslyGoc RTJrvVb01ydMXvUKGuA9UemXTmoZ3UaT1PcDXHkPTMCKb4KhcMmDYteyc01fz35AegAp wEuqL6CLgnwBPZLFZScg6LkKU+a1TJ+It1Ac41AiJrHyZyUf8c3NscELxvnifq5m1uQ9 CgmLuAEdpbckoX9WgdF0JtexLICnVyz5za/z2wasWW+cVZD5AtUsxQhGZqeZvSgyo7ud cdNA== X-Gm-Message-State: AKwxytdHVKAKof29ciRiev6XYbPfrGdpjfUnDXwRroxJE38ndyIZfRju EvoHIoZzsTmu3mM2c2BvFJ86qJmz X-Google-Smtp-Source: ACJfBouXcczM3yImdHg4B2Khb1ROfQhqMl7xI2wH93D4/PfIoVzJBARsvRdciIp3n5sxvHJU3cfafQ== X-Received: by 10.28.168.8 with SMTP id r8mr2620802wme.157.1515777317501; Fri, 12 Jan 2018 09:15:17 -0800 (PST) Received: from [88.208.79.100] (halouny.humusoft.cz. [88.208.79.100]) by smtp.gmail.com with ESMTPSA id 187sm5979333wmu.19.2018.01.12.09.15.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 12 Jan 2018 09:15:16 -0800 (PST) From: Michal Meloun X-Google-Original-From: Michal Meloun Reply-To: mmel@freebsd.org Subject: Re: svn commit: r327876 - in head/sys/arm64: arm64 include To: Warner Losh , Andrew Turner Cc: Marcin Wojtas , src-committers , svn-src-all@freebsd.org, svn-src-head@freebsd.org References: <201801121401.w0CE1cW4058239@repo.freebsd.org> Message-ID: <187e75c7-343f-aea6-cb59-61c77fd64023@freebsd.org> Date: Fri, 12 Jan 2018 18:15:15 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Jan 2018 17:15:19 -0000 On 12.01.2018 15:54, Warner Losh wrote: > > > On Fri, Jan 12, 2018 at 7:52 AM, Andrew Turner > wrote: > > > >> On 12 Jan 2018, at 14:37, Warner Losh > > wrote: >> >> >> >> On Fri, Jan 12, 2018 at 7:15 AM, Andrew Turner > > wrote: >> >> >> >>> On 12 Jan 2018, at 14:10, Marcin Wojtas >> > wrote: >>> >>> Hi Andrew, >>> >>> >>> >>> 2018-01-12 15:01 GMT+01:00 Andrew Turner >> >: >>>> Author: andrew >>>> Date: Fri Jan 12 14:01:38 2018 >>>> New Revision: 327876 >>>> URL: https://svnweb.freebsd.org/changeset/base/327876 >>>> >>>> >>>> Log: >>>>  Workaround Spectre Variant 2 on arm64. >>>> >>>>  We need to handle two cases: >>>> >>>>  1. One process attacking another process. >>>>  2. A process attacking the kernel. >>>> >>>>  For the first case we clear the branch predictor state on >>>> context switch >>>>  between different processes. For the second we do this when >>>> taking an >>>>  instruction abort on a non-userspace address. >>>> >>>>  To clear the branch predictor state a per-CPU function >>>> pointer has been >>>>  added. This is set by the new cpu errata code based on if >>>> the CPU is >>>>  known to be affected. >>>> >>>>  On Cortex-A57, A72, A73, and A75 we call into the PSCI >>>> firmware as newer >>>>  versions of this will clear the branch predictor state for us. >>>> >>>>  It has been reported the ThunderX is unaffected, however >>>> the ThunderX2 is >>>>  vulnerable. The Qualcomm Falkor core is also affected. As >>>> FreeBSD doesn't >>>>  yet run on the ThunderX2 or Falkor no workaround is >>>> included for these CPUs. >>> >>> Regardless ThunderX2 / Falkor work-arounds, do I understand >>> correctly >>> that pure CA72 machines, such as Marvell Armada 7k/8k are >>> immune to >>> Variant 2 now? >> >> It is my understanding that the A72 will be immune with this >> patch and an updated Arm Trusted Firmware as documented in [1]. >> >> Andrew >> >> [1] >> https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-6 >> >> >> >> Are you also working on aarch32 mitigation? > > No. I think a similar technique could be used, however as aarch32 > has instructions to invalidate the branch predictor these can be > used directly. > > > That's my reading as well. It looks fairly easy to do it always, but > I've not researched it sufficiently. > I work on patches for armv6/7. But for aarch32, there is, unfortunately, much less information available about affective mitigation of variant 2. BPIALL while switching pmap is clear and we have it in code for years (well, BPIALL is effectively NOP for A15/A17, it must be explicitly enabled). But is not clear for me for which trap is branch predictor flush necessary. Michal