Differential D13812

Workaround Spectre Variant 2 on arm64.
ClosedPublic
Actions

Authored by andrew on Jan 9 2018, 3:58 PM.

Details

Reviewers

None

Group Reviewers

arm64

Commits

rS327876: Workaround Spectre Variant 2 on arm64.

Summary

We need to handle two cases:

One process attacking another process.
A process attacking the kernel.

For the first case we clear the branch predictor state on context switch
between different processes. For the second we do this when taking an
instruction abort on a non-userspace address.

To clear the branch predictor state a per-CPU function pointer has been
added. This is set by the new cpu errata code based on if the CPU is
known to be affected.

On Cortex-A57, A72, A73, and A75 we call into the PSCI firmware as newer
versions of this will clear this for us.

It has been reported the ThunderX is unaffected, however the ThunderX2 is
vulnerable. The Qualcomm Falkor core is also affected. As FreeBSD doesn't
yet run on the ThunderX2 or Falkor no workaround is needed for these CPUs.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

andrew created this revision.Jan 9 2018, 3:58 PM

Harbormaster completed remote builds in B14219: Diff 37681.Jan 9 2018, 3:58 PM

Herald added a subscriber: emaste. · View Herald TranscriptJan 9 2018, 3:58 PM

ThunderX is not vulnerable to CVE-2017-5715, CVE-2017-5753, or CVE-2017-5754.

Should we create a tunable to disable this?

It would also be useful if someone with an A57, e.g. a SoftIron, could test & benchmark this. I have one, but haven't had time to update it to a recent enough kernel.

In D13812#289964, @andrew wrote:

Should we create a tunable to disable this?

It would also be useful if someone with an A57, e.g. a SoftIron, could test & benchmark this. I have one, but haven't had time to update it to a recent enough kernel.

I would be happy to test on my SoftIron OverDrive 1000. I'll start on that today.

In D13812#289967, @lattera-gmail.com wrote:

I would be happy to test on my SoftIron OverDrive 1000. I'll start on that today.

Do you have any results yet? This change seems pretty straightforward so I'd suggest @andrew just commits it.

In D13812#290701, @emaste wrote:

Do you have any results yet? This change seems pretty straightforward so I'd suggest @andrew just commits it.

Not yet. I was pulled away from the system when it finished compiling world + kernel (takes five hours to build world + kernel). I should have results by the end of the day today.

The OverDrive 1000 booted fine. I don't have any arm64 PoC for Spectre or Meltdown that works on FreeBSD right now.

emaste added inline comments.Jan 12 2018, 3:31 AM

sys/arm64/include/pcpu.h
45 ↗	(On Diff #37681)	how do we end up with this odd-looking pad size? why did pad decrease by 4?

andrew added inline comments.Jan 12 2018, 1:57 PM

sys/arm64/include/pcpu.h
45 ↗	(On Diff #37681)	It's padded out to be divisible of a page size. I'm not sure why it's this value as it doesn't make sense based on the cache size constant. It was decreased by 4 because I forgot that pointers are 8 bytes on arm64.