On Fri, Jan 19, 2018 at 11:37:24AM +0800, Li Kun wrote: > 在 2018/1/17 18:07, Will Deacon 写道: > >On Wed, Jan 17, 2018 at 12:10:33PM +0800, Yisheng Xie wrote: > >>On 2018/1/5 21:12, Will Deacon wrote: > >>>diff --git a/arch/arm64/mm/context.c b/arch/arm64/mm/context.c > >>>index 5f7097d0cd12..d99b36555a16 100644 > >>>--- a/arch/arm64/mm/context.c > >>>+++ b/arch/arm64/mm/context.c > >>>@@ -246,6 +246,8 @@ asmlinkage void post_ttbr_update_workaround(void) > >>> "ic iallu; dsb nsh; isb", > >>> ARM64_WORKAROUND_CAVIUM_27456, > >>> CONFIG_CAVIUM_ERRATUM_27456)); > >>>+ > >>>+ arm64_apply_bp_hardening(); > >>> } > >>post_ttbr_update_workaround was used for fix Cavium erratum 2745? so does > >>that > >>means, if we do not have this erratum, we do not need > >>arm64_apply_bp_hardening()? > >>when mm_swtich and kernel_exit? > >> > >> From the code logical, it seems not only related to erratum 2745 anymore? > >>should it be renamed? > >post_ttbr_update_workaround just runs code after a TTBR update, which > >includes mitigations against variant 2 of "spectre" and also a workaround > >for a Cavium erratum. These are separate issues. > But AFAIU, according to the theory of spectre, we don't need to clear the > BTB every time we return to user? > If we enable CONFIG_ARM64_SW_TTBR0_PAN, there will be a call to > arm64_apply_bp_hardening every time kernel exit to el0. > kernel_exit > post_ttbr_update_workaround > arm64_apply_bp_hardening
That's a really good point, thanks. What it means is that post_ttbr_update_workaround is actually the wrong place for this, and we should be doing it more directly on the switch_mm path -- probably in check_and_switch_context. Will
