Workaround Spectre Variant 2 on arm64.
ClosedPublic

Authored by andrew on Jan 9 2018, 3:58 PM.

Details

Reviewers
None
Group Reviewers
arm64
Commits
rS327876: Workaround Spectre Variant 2 on arm64.
Summary

We need to handle two cases:

  1. One process attacking another process.
  2. A process attacking the kernel.

For the first case we clear the branch predictor state on context switch
between different processes. For the second we do this when taking an
instruction abort on a non-userspace address.

To clear the branch predictor state a per-CPU function pointer has been
added. This is set by the new cpu errata code based on if the CPU is
known to be affected.

On Cortex-A57, A72, A73, and A75 we call into the PSCI firmware as newer
versions of this will clear this for us.

It has been reported the ThunderX is unaffected, however the ThunderX2 is
vulnerable. The Qualcomm Falkor core is also affected. As FreeBSD doesn't
yet run on the ThunderX2 or Falkor no workaround is needed for these CPUs.

Diff Detail

Repository
rS FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.
andrew created this revision.Jan 9 2018, 3:58 PM
emaste added a comment.Jan 9 2018, 6:36 PM

ThunderX is not vulnerable to CVE-2017-5715, CVE-2017-5753, or CVE-2017-5754.

Should we create a tunable to disable this?

It would also be useful if someone with an A57, e.g. a SoftIron, could test & benchmark this. I have one, but haven't had time to update it to a recent enough kernel.

Should we create a tunable to disable this?

It would also be useful if someone with an A57, e.g. a SoftIron, could test & benchmark this. I have one, but haven't had time to update it to a recent enough kernel.

I would be happy to test on my SoftIron OverDrive 1000. I'll start on that today.

I would be happy to test on my SoftIron OverDrive 1000. I'll start on that today.

Do you have any results yet? This change seems pretty straightforward so I'd suggest @andrew just commits it.

Do you have any results yet? This change seems pretty straightforward so I'd suggest @andrew just commits it.

Not yet. I was pulled away from the system when it finished compiling world + kernel (takes five hours to build world + kernel). I should have results by the end of the day today.

The OverDrive 1000 booted fine. I don't have any arm64 PoC for Spectre or Meltdown that works on FreeBSD right now.

emaste added inline comments.Jan 12 2018, 3:31 AM
sys/arm64/include/pcpu.h
45 ↗(On Diff #37681)
  • how do we end up with this odd-looking pad size?
  • why did pad decrease by 4?
andrew added inline comments.Jan 12 2018, 1:57 PM
sys/arm64/include/pcpu.h
45 ↗(On Diff #37681)

It's padded out to be divisible of a page size. I'm not sure why it's this value as it doesn't make sense based on the cache size constant.

It was decreased by 4 because I forgot that pointers are 8 bytes on arm64.

This revision was not accepted when it landed; it landed in state Needs Review.Jan 12 2018, 2:01 PM
Closed by commit rS327876: Workaround Spectre Variant 2 on arm64. (authored by andrew, committed by ). · Explain Why
This revision was automatically updated to reflect the committed changes.