Module Name: src Committed By: martin Date: Tue Dec 24 17:30:28 UTC 2019
Modified Files: src/sys/arch/aarch64/aarch64 [netbsd-9]: cpuswitch.S src/sys/arch/aarch64/include [netbsd-9]: asm.h Log Message: Pull up following revision(s) (requested by ryo in ticket #574): sys/arch/aarch64/include/asm.h: revision 1.5 sys/arch/aarch64/aarch64/cpuswitch.S: revision 1.13 Add a speculation barrier after the 'eret'. Some aarch64 cpus speculatively execute instructions after 'eret', and this potentiates side-channel attack. from https://github.com/torvalds/linux/commit/679db70801da9fda91d26caf13bf5b5ccc74e8e8 To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.11.4.1 src/sys/arch/aarch64/aarch64/cpuswitch.S cvs rdiff -u -r1.3 -r1.3.4.1 src/sys/arch/aarch64/include/asm.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/arch/aarch64/aarch64/cpuswitch.S diff -u src/sys/arch/aarch64/aarch64/cpuswitch.S:1.11 src/sys/arch/aarch64/aarch64/cpuswitch.S:1.11.4.1 --- src/sys/arch/aarch64/aarch64/cpuswitch.S:1.11 Thu Dec 27 09:55:27 2018 +++ src/sys/arch/aarch64/aarch64/cpuswitch.S Tue Dec 24 17:30:28 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: cpuswitch.S,v 1.11 2018/12/27 09:55:27 mrg Exp $ */ +/* $NetBSD: cpuswitch.S,v 1.11.4.1 2019/12/24 17:30:28 martin Exp $ */ /*- * Copyright (c) 2014 The NetBSD Foundation, Inc. @@ -37,7 +37,7 @@ #include "opt_ddb.h" #include "opt_kasan.h" -RCSID("$NetBSD: cpuswitch.S,v 1.11 2018/12/27 09:55:27 mrg Exp $") +RCSID("$NetBSD: cpuswitch.S,v 1.11.4.1 2019/12/24 17:30:28 martin Exp $") /* * At IPL_SCHED: @@ -268,7 +268,7 @@ ENTRY_NP(el1_trap_exit) ldp x1, x2, [x0, #TF_X1] ldr x0, [x0, #TF_X0] - eret + ERET END(el1_trap_exit) #ifdef DDB END(el1_trap) @@ -339,7 +339,7 @@ ENTRY_NP(el0_trap_exit) unwind_x0_x2 /* leave sp at l_md.md_utf, return back to EL0 user process */ - eret + ERET END(el0_trap_exit) #ifdef DDB END(el0_trap) Index: src/sys/arch/aarch64/include/asm.h diff -u src/sys/arch/aarch64/include/asm.h:1.3 src/sys/arch/aarch64/include/asm.h:1.3.4.1 --- src/sys/arch/aarch64/include/asm.h:1.3 Tue Jul 17 18:08:37 2018 +++ src/sys/arch/aarch64/include/asm.h Tue Dec 24 17:30:28 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: asm.h,v 1.3 2018/07/17 18:08:37 christos Exp $ */ +/* $NetBSD: asm.h,v 1.3.4.1 2019/12/24 17:30:28 martin Exp $ */ #ifndef _AARCH64_ASM_H_ #define _AARCH64_ASM_H_ @@ -8,4 +8,12 @@ #define fp x29 #define lr x30 +/* + * Add a speculation barrier after the 'eret'. + * Some aarch64 cpus speculatively execute instructions after 'eret', + * and this potentiates side-channel attacks. + */ +#define ERET \ + eret; dsb sy; isb + #endif /* !_AARCH64_ASM_H_ */