d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a36b6ec0f9
freebsd-dev/sys
History
Michal Meloun a36b6ec0f9 Implement mitigation for Spectre version 2 attacks on ARMv7. 
Similarly as we already do for arm64, for mitigation is necessary to
flush branch predictor when we:
- do task switch
- receive prefetch abort on non-userspace address

The user can disable this mitigation by setting 'machdep.disable_bp_hardening'
sysctl variable, or it can check actual system status by reading
'machdep.spectre_v2_safe'

The situation is complicated by fact that:
- for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit
  in ACTLR is set.
- for Cortex-A15, the BPIALL is always NOP. The branch predictor can be
  only flushed by doing ICIALLU with special bit (Enable invalidates  of BTB)
  set in ACTLR.

Since access to the ACTLR register is locked to secure monitor/firmware on
most boards, they will also need update of firmware / U-boot.
In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard),
the board is unfixable.

MFC after:	2 weeks
Reviewed by:	imp, emaste
Differential Revision:	https://reviews.freebsd.org/D13931
2018-01-27 11:19:41 +00:00
..
amd64 Add SPDX identifiers to linux_ptrace.c and cfumass.c. 2018-01-24 17:04:01 +00:00
arm Implement mitigation for Spectre version 2 attacks on ARMv7. 2018-01-27 11:19:41 +00:00
arm64 Fix pmap_fault(). 2018-01-27 09:49:47 +00:00
bsm sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
cam Finish the incomplete move of CAM_PERIPH_PRINT(). 2018-01-27 07:18:02 +00:00
cddl MFV r328253: 8835 Speculative prefetch in ZFS not working for misaligned reads 2018-01-22 05:57:14 +00:00
compat Decouple Linux files from the belonging character device right after open 2018-01-26 10:49:02 +00:00
conf Track Ref / DeRef and Hold / Unhold that da is doing to track down 2018-01-25 21:38:30 +00:00
contrib style: Remove remaining deprecated MALLOC/FREE macros 2018-01-25 22:25:13 +00:00
crypto ccp(4): Store IV in output buffer in GCM software fallback when requested 2018-01-27 07:41:31 +00:00
ddb Implement 'domainset', a cpuset based NUMA policy mechanism. This allows 2018-01-12 22:48:23 +00:00
dev Use bus_dmamem_alloc(9) KPI instead of contigmalloc(9). 2018-01-26 22:22:26 +00:00
dts Add a skeleton Clock Manager for RPi2/3, and use that from pwm 2018-01-22 07:10:30 +00:00
fs nfs: Remove NFSSOCKADDRALLOC, NFSSOCKADDRFREE macros 2018-01-25 22:38:39 +00:00
gdb sys/gdb: further adoption of SPDX licensing ID tags. 2017-11-27 15:16:59 +00:00
geom Refactoring of reading and writing of the UFS/FFS superblock. 2018-01-26 00:58:32 +00:00
gnu Revert r327828, r327949, r327953, r328016-r328026, r328041: 2018-01-21 15:42:36 +00:00
i386 Use BSD-2-Clause-FreeBSD license on linux_support.s 2018-01-23 20:35:43 +00:00
isa On further testing on actual machines with this hardware, we should 2017-12-30 08:16:31 +00:00
kern For many years the message "fsync: giving up on dirty" has occationally 2018-01-26 18:17:11 +00:00
kgssapi sys/kgssapi: general adoption of SPDX licensing ID tags. 2017-11-27 15:49:00 +00:00
libkern SPDX: fix wrong license ID tag in libkern. 2017-12-28 01:20:30 +00:00
mips Revert r327828, r327949, r327953, r328016-r328026, r328041: 2018-01-21 15:42:36 +00:00
modules Fix LINT build. 2018-01-26 06:21:24 +00:00
net BPF: Switch to 32 bit compatible mode only when thread is 32 bit 2018-01-25 12:13:41 +00:00
net80211 net80211: sanitize input for ieee80211_output() 2017-12-30 00:40:34 +00:00
netgraph Revert r327828, r327949, r327953, r328016-r328026, r328041: 2018-01-21 15:42:36 +00:00
netinet style: Remove remaining deprecated MALLOC/FREE macros 2018-01-25 22:25:13 +00:00
netinet6 Do not generate illegal mbuf chains during IP fragment reassembly. Only 2018-01-24 05:09:21 +00:00
netipsec Adopt revision 1.76 and 1.77 from NetBSD: 2018-01-24 19:48:25 +00:00
netpfil When IPv6 packet is handled by O_REJECT opcode, convert ICMP code 2018-01-24 12:40:28 +00:00
netsmb Unsign some values related to allocation. 2018-01-22 02:08:10 +00:00
nfs Do pass removing some write-only variables from the kernel. 2017-12-25 04:48:39 +00:00
nfsclient style: Remove remaining deprecated MALLOC/FREE macros 2018-01-25 22:25:13 +00:00
nfsserver sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
nlm Do pass removing some write-only variables from the kernel. 2017-12-25 04:48:39 +00:00
ofed sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
opencrypto Move per-operation data out of the csession structure. 2018-01-26 23:21:50 +00:00
powerpc PPC: Add place for NULL chars in intrnames 2018-01-26 09:38:40 +00:00
riscv Remove SFBUF_OPTIONAL_DIRECT_MAP and such hacks, replacing them across the 2018-01-19 17:46:31 +00:00
rpc Do pass removing some write-only variables from the kernel. 2017-12-25 04:48:39 +00:00
security Do pass removing some write-only variables from the kernel. 2017-12-25 04:48:39 +00:00
sparc64 Remove SFBUF_OPTIONAL_DIRECT_MAP and such hacks, replacing them across the 2018-01-19 17:46:31 +00:00
sys style: Remove remaining deprecated MALLOC/FREE macros 2018-01-25 22:25:13 +00:00
teken sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
tests
tools embed_mfs: correctly test grep return value 2018-01-03 19:22:10 +00:00
ufs Refactoring of reading and writing of the UFS/FFS superblock. 2018-01-26 00:58:32 +00:00
vm Assign map->header values to avoid boundary checks. 2018-01-20 12:19:02 +00:00
x86 Unsign some values related to allocation. 2018-01-22 02:08:10 +00:00
xdr sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
xen sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
Makefile Move sys/boot to stand. Fix all references to new location 2017-11-14 23:02:19 +00:00