ARM: spectre-v2: harden user aborts in kernel space

In order to prevent aliasing attacks on the branch predictor, invalidate the BTB or instruction cache on CPUs that are known to be affected when taking an abort on a address that is outside of a user task limit: Cortex A8, A9, A12, A17, A73, A75: flush BTB. Cortex A15, Brahma B15: invalidate icache. If the IBE bit is not set, then there is little point to enabling the workaround. Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk> Boot-tested-by: Tony Lindgren <tony@atomide.com> Reviewed-by: Tony Lindgren <tony@atomide.com>
author: Russell King <rmk+kernel@armlinux.org.uk> 2018-05-14 14:20:21 +0100
committer: Russell King <rmk+kernel@armlinux.org.uk> 2018-05-31 10:40:32 +0100
commit: f5fe12b1eaee220ce62ff9afb8b90929c396595f (patch)
tree: c1a1264964eb0d9e6e4ed77ee2788139553108d6 /arch/arm/mm/fault.c
parent: e388b80288aade31135aca23d32eee93dd106795 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c
index b75eada23d0a..3b1ba003c4f9 100644
--- a/arch/arm/mm/fault.c
+++ b/arch/arm/mm/fault.c
@@ -163,6 +163,9 @@ __do_user_fault(struct task_struct *tsk, unsigned long addr,
 {
 	struct siginfo si;
 
+	if (addr > TASK_SIZE)
+		harden_branch_predictor();
+
 #ifdef CONFIG_DEBUG_USER
 	if (((user_debug & UDBG_SEGV) && (sig == SIGSEGV)) ||
 	    ((user_debug & UDBG_BUS)  && (sig == SIGBUS))) {
author	Russell King <rmk+kernel@armlinux.org.uk>	2018-05-14 14:20:21 +0100
committer	Russell King <rmk+kernel@armlinux.org.uk>	2018-05-31 10:40:32 +0100
commit	f5fe12b1eaee220ce62ff9afb8b90929c396595f (patch)
tree	c1a1264964eb0d9e6e4ed77ee2788139553108d6 /arch/arm/mm/fault.c
parent	e388b80288aade31135aca23d32eee93dd106795 (diff)