arm64: Add CONFIG_HARDEN_BRANCH_PREDICTOR option
authorMartin Gao <marting@nvidia.com>
Thu, 21 Dec 2017 23:48:19 +0000 (15:48 -0800)
committerWinnie Hsu <whsu@nvidia.com>
Mon, 12 Mar 2018 17:20:02 +0000 (10:20 -0700)
commitbe3054755156b8dad49ed2ef3e92dbb8ede90fbe
tree2c140b28bdc889eda2f37c6beaa25cf492b15adf
parentff63ca2e2ad36209af6b225062ef8370dad0837f
arm64: Add CONFIG_HARDEN_BRANCH_PREDICTOR option

Aliasing attacks against CPU branch predictors can allow an attacker to
redirect speculative control flow on some CPUs and potentially divulge
information from one context to another.

This patch adds a Kconfig option to enable implementation-specific
mitigations against these attacks for CPUs that are affected. Currently,
a workaround is only implemented for Cortex-A57 and Cortex-A72, which
additionally relies on the EL3 firmware setting CPUACTLR_EL1[0] to 1.

Back ported from K4.9: https://git-master.nvidia.com/r/1621628/

Bug 1975157

Change-Id: Id0b12003837f64a60780ec96b2cf22725615ad35
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Gagan Grover <ggrover@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/1626828
(cherry picked from commit bfb554062622f53f47eb762302c98df1f3ee4959)
Signed-off-by: Jeetesh Burman <jburman@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/1648611
Reviewed-by: Bibek Basu <bbasu@nvidia.com>
GVS: Gerrit_Virtual_Submit
arch/arm64/Kconfig
arch/arm64/include/asm/cpufeature.h
arch/arm64/include/asm/cputype.h
arch/arm64/kernel/cpu_errata.c
arch/arm64/kernel/entry.S
arch/arm64/mm/fault.c
arch/arm64/mm/proc.S