powerpc/fsl: Flush the branch predictor at each kernel entry (64bit)

commit 10c5e83afd4a3f01712d97d3bb1ae34d5b74a185 upstream. In order to protect against speculation attacks on indirect branches, the branch predictor is flushed at kernel entry to protect for the following situations: - userspace process attacking another userspace process - userspace process attacking the kernel Basically when the privillege level change (i.e. the kernel is entered), the branch predictor state is flushed. Signed-off-by: Diana Craciun <diana.craciun@nxp.com> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Diana Craciun <diana.craciun@nxp.com> 2019-04-22 00:20:34 +1000
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-05-16 19:44:50 +0200
commit: 0454f7b3282bec5d72b6f5c916ac1fe31bd26c67 (patch)
tree: 468c55d1cfa65f918a8476aea8ac5ca322f3fe3a /arch/powerpc/mm
parent: 932e8acaa806376db8ed1f33d8c0159569b935ff (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/arch/powerpc/mm/tlb_low_64e.S b/arch/powerpc/mm/tlb_low_64e.S
index 29d6987c37ba..5486d56da289 100644
--- a/arch/powerpc/mm/tlb_low_64e.S
+++ b/arch/powerpc/mm/tlb_low_64e.S
@@ -69,6 +69,13 @@ END_FTR_SECTION_IFSET(CPU_FTR_EMB_HV)
 	std	r15,EX_TLB_R15(r12)
 	std	r10,EX_TLB_CR(r12)
 #ifdef CONFIG_PPC_FSL_BOOK3E
+START_BTB_FLUSH_SECTION
+	mfspr r11, SPRN_SRR1
+	andi. r10,r11,MSR_PR
+	beq 1f
+	BTB_FLUSH(r10)
+1:
+END_BTB_FLUSH_SECTION
 	std	r7,EX_TLB_R7(r12)
 #endif
 	TLB_MISS_PROLOG_STATS
author	Diana Craciun <diana.craciun@nxp.com>	2019-04-22 00:20:34 +1000
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2019-05-16 19:44:50 +0200
commit	0454f7b3282bec5d72b6f5c916ac1fe31bd26c67 (patch)
tree	468c55d1cfa65f918a8476aea8ac5ca322f3fe3a /arch/powerpc/mm
parent	932e8acaa806376db8ed1f33d8c0159569b935ff (diff)