Implement the SSBD (CVE-2018-3639) workaround on arm64
ClosedPublic
Actions

Authored by andrew on Jun 15 2018, 10:08 AM.

Details

Reviewers

manu
kib
emaste
delphij

Group Reviewers

arm64
secteam

Commits

rS336967: Implement the SSBD (CVE-2018-3639) workaround on arm64

Summary

This calls into the Arm Trusted Firmware to enable and disable the workaround
for the Speculative Store Bypass Disable (SSBD) issue, also known as Spectre
Variant 4.

As this may have a large performance overhead, and how exploitable SSBD is
is unknown we follow the Linux lead of allowing the administrator to select
between always on, always off, or only enabled in the kernel, with the latter
being the default.

PR: 228955

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

andrew created this revision.Jun 15 2018, 10:08 AM

Herald added a reviewer: manu. · View Herald TranscriptJun 15 2018, 10:08 AM

Harbormaster completed remote builds in B17296: Diff 43804.Jun 15 2018, 10:08 AM

admin_njoyx.net added a subscriber: admin_njoyx.net.Jun 15 2018, 10:51 AM

admin_njoyx.net removed a subscriber: admin_njoyx.net.

rgrimes added a subscriber: rgrimes.Jun 15 2018, 1:38 PM

Fix the SMCCC_ARCH_WORKAROUND_2 function ID

Harbormaster completed remote builds in B17539: Diff 44298.Jun 22 2018, 12:39 PM

Adding kib@ and emaste@. (I think secteam@ do want to pay attention on this one but is probably more of a "FYI" or "Cc" role rather than a reviewer but thanks for the heads up).

This revision was not accepted when it landed; it landed in state Needs Review.Jul 31 2018, 12:53 PM

Closed by commit rS336967: Implement the SSBD (CVE-2018-3639) workaround on arm64 (authored by andrew). · Explain Why

This revision was automatically updated to reflect the committed changes.

Herald added a subscriber: imp. · View Herald TranscriptJul 31 2018, 12:53 PM