Re: [PATCH stable 4.9] arm64: entry: Place an SB sequence following an ERET instruction
On Tue, Jun 23, 2020 at 11:46:37AM -0700, Florian Fainelli wrote: > On 6/11/20 9:42 PM, Florian Fainelli wrote: > > From: Will Deacon > > > > commit 679db70801da9fda91d26caf13bf5b5ccc74e8e8 upstream > > > > Some CPUs can speculate past an ERET instruction and potentially perform > > speculative accesses to memory before processing the exception return. > > Since the register state is often controlled by a lower privilege level > > at the point of an ERET, this could potentially be used as part of a > > side-channel attack. > > > > This patch emits an SB sequence after each ERET so that speculation is > > held up on exception return. > > > > Signed-off-by: Will Deacon > > [florian: Adjust hyp-entry.S to account for the label] > > Signed-off-by: Florian Fainelli > > --- > > Will, > > > > Can you confirm that for 4.9 these are the only places that require > > patching? Thank you! > > Hi Will, Catalin, > > Does this look good to you for a 4.9 backport? I would like to see this > included at some point since this pertains to CVE-2020-13844. I think you're missing one of the ERET instructions in hyp/entry.S Will
Re: [PATCH stable 4.9] arm64: entry: Place an SB sequence following an ERET instruction
On 6/11/20 9:42 PM, Florian Fainelli wrote: > From: Will Deacon > > commit 679db70801da9fda91d26caf13bf5b5ccc74e8e8 upstream > > Some CPUs can speculate past an ERET instruction and potentially perform > speculative accesses to memory before processing the exception return. > Since the register state is often controlled by a lower privilege level > at the point of an ERET, this could potentially be used as part of a > side-channel attack. > > This patch emits an SB sequence after each ERET so that speculation is > held up on exception return. > > Signed-off-by: Will Deacon > [florian: Adjust hyp-entry.S to account for the label] > Signed-off-by: Florian Fainelli > --- > Will, > > Can you confirm that for 4.9 these are the only places that require > patching? Thank you! Hi Will, Catalin, Does this look good to you for a 4.9 backport? I would like to see this included at some point since this pertains to CVE-2020-13844. Thanks! -- Florian
