Re: [PATCH 08/11] arm64: KVM: Use per-CPU vector when BP hardening is enabled

From: Ard Biesheuvel
Date: Thu Jan 04 2018 - 12:05:24 EST

Next message: Alan Cox: "Re: Avoid speculative indirect calls in kernel"
Previous message: Willy Tarreau: "Re: [PATCH 4.4 00/37] 4.4.110-stable review"
In reply to: Marc Zyngier: "Re: [PATCH 08/11] arm64: KVM: Use per-CPU vector when BP hardening is enabled"
Next in thread: Will Deacon: "[PATCH 05/11] drivers/firmware: Expose psci_get_version through psci_ops structure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 4 January 2018 at 17:04, Marc Zyngier <marc.zyngier@xxxxxxx> wrote:
> On 04/01/18 16:28, Ard Biesheuvel wrote:
>> On 4 January 2018 at 15:08, Will Deacon <will.deacon@xxxxxxx> wrote:
>>> From: Marc Zyngier <marc.zyngier@xxxxxxx>
>>>
>>> Now that we have per-CPU vectors, let's plug then in the KVM/arm64 code.
>>>
>>
>> Why does bp hardening require per-cpu vectors?
>
> The description is not 100% accurate. We have per *CPU type* vectors.
> This stems from the following, slightly conflicting requirements:
>
> - We have systems with more than one CPU type (think big-little)
> - Different implementations require different BP hardening sequences
> - The BP hardening sequence must be executed before doing any branch
>
> The natural solution is to have one set of vectors per CPU type,
> containing the BP hardening sequence for that particular implementation,
> ending with a branch to the common code.
>

Crystal clear, thanks.

Next message: Alan Cox: "Re: Avoid speculative indirect calls in kernel"
Previous message: Willy Tarreau: "Re: [PATCH 4.4 00/37] 4.4.110-stable review"
In reply to: Marc Zyngier: "Re: [PATCH 08/11] arm64: KVM: Use per-CPU vector when BP hardening is enabled"
Next in thread: Will Deacon: "[PATCH 05/11] drivers/firmware: Expose psci_get_version through psci_ops structure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]