SVNews r327876

NOTE: This service is experimental and subject to change! Use at your own risk!

2018-01-12 14:01:38 - r327876 by andrew (Andrew Turner)

Complete list of files affected by revision r327876:

(Note: At the moment, these links point to ViewVC on They are probably slow. Do not overuse.)

  History   Contents   Diff   MODIFY   /head/sys/arm64/arm64/cpu_errata.c  
  History   Contents   Diff   MODIFY   /head/sys/arm64/arm64/pmap.c  
  History   Contents   Diff   MODIFY   /head/sys/arm64/arm64/trap.c  
  History   Contents   Diff   MODIFY   /head/sys/arm64/include/pcpu.h  

Commit message:

Workaround Spectre Variant 2 on arm64.

We need to handle two cases:

1. One process attacking another process.
2. A process attacking the kernel.

For the first case we clear the branch predictor state on context switch
between different processes. For the second we do this when taking an
instruction abort on a non-userspace address.

To clear the branch predictor state a per-CPU function pointer has been
added. This is set by the new cpu errata code based on if the CPU is
known to be affected.

On Cortex-A57, A72, A73, and A75 we call into the PSCI firmware as newer
versions of this will clear the branch predictor state for us.

It has been reported the ThunderX is unaffected, however the ThunderX2 is
vulnerable. The Qualcomm Falkor core is also affected. As FreeBSD doesn't
yet run on the ThunderX2 or Falkor no workaround is included for these CPUs.

MFC after: 3 days
Sponsored by: DARPA, AFRL
Differential Revision:


Powered by Python FreeBSD support by secnetix GmbH & Co. KG

Page generated in 9 ms, 4 files printed. Current time is 2018-04-19 15:18:11. All times are in UTC/GMT.