"a36b6ec0" (history) in projects: freebsd

Project(s)

Full Search
Definition
Symbol
File Path
History
Type

Searched hist:a36b6ec0 (Results 1 – 8 of 8) sorted by relevance

/freebsd/sys/arm/include/
H A D	cpuinfo.h	a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931
H A D	pcpu.h	a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931
/freebsd/sys/arm/arm/
H A D	swtch-v6.S	a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931
H A D	cpuinfo.c	a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931
H A D	trap-v6.c	a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931
H A D	genassym.c	a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931
H A D	mp_machdep.c	a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931
H A D	machdep.c	a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931 a36b6ec0 Sat Jan 27 11:19:41 GMT 2018 Michal Meloun <mmel@FreeBSD.org> Implement mitigation for Spectre version 2 attacks on ARMv7. Similarly as we already do for arm64, for mitigation is necessary to flush branch predictor when we: - do task switch - receive prefetch abort on non-userspace address The user can disable this mitigation by setting 'machdep.disable_bp_hardening' sysctl variable, or it can check actual system status by reading 'machdep.spectre_v2_safe' The situation is complicated by fact that: - for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit in ACTLR is set. - for Cortex-A15, the BPIALL is always NOP. The branch predictor can be only flushed by doing ICIALLU with special bit (Enable invalidates of BTB) set in ACTLR. Since access to the ACTLR register is locked to secure monitor/firmware on most boards, they will also need update of firmware / U-boot. In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard), the board is unfixable. MFC after: 2 weeks Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D13931