1. 03 Dec, 2020 15 commits
    • Christophe Leroy's avatar
      powerpc/vdso: Provide __kernel_clock_gettime64() on vdso32 · d0e3fc69
      Christophe Leroy authored
      Provides __kernel_clock_gettime64() on vdso32. This is the
      64 bits version of __kernel_clock_gettime() which is
      y2038 compliant.
      Signed-off-by: default avatarChristophe Leroy <christophe.leroy@csgroup.eu>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Link: https://lore.kernel.org/r/20201126131006.2431205-9-mpe@ellerman.id.au
      d0e3fc69
    • Christophe Leroy's avatar
      powerpc/vdso: Switch VDSO to generic C implementation. · ab037dd8
      Christophe Leroy authored
      With the C VDSO, the performance is slightly lower, but it is worth
      it as it will ease maintenance and evolution, and also brings clocks
      that are not supported with the ASM VDSO.
      
      On an 8xx at 132 MHz, vdsotest with the ASM VDSO:
        gettimeofday:    		  vdso:  828 nsec/call
        clock-getres-realtime-coarse:   vdso:  391 nsec/call
        clock-gettime-realtime-coarse:  vdso:  614 nsec/call
        clock-getres-realtime:    	  vdso:  460 nsec/call
        clock-gettime-realtime:    	  vdso:  876 nsec/call
        clock-getres-monotonic-coarse:  vdso:  399 nsec/call
        clock-gettime-monotonic-coarse: vdso:  691 nsec/call
        clock-getres-monotonic:    	  vdso:  460 nsec/call
        clock-gettime-monotonic:    	  vdso: 1026 nsec/call
      
      On an 8xx at 132 MHz, vdsotest with the C VDSO:
        gettimeofday:    		  vdso:  955 nsec/call
        clock-getres-realtime-coarse:   vdso:  545 nsec/call
        clock-gettime-realtime-coarse:  vdso:  592 nsec/call
        clock-getres-realtime:          vdso:  545 nsec/call
        clock-gettime-realtime:    	  vdso:  941 nsec/call
        clock-getres-monotonic-coarse:  vdso:  545 nsec/call
        clock-gettime-monotonic-coarse: vdso:  591 nsec/call
        clock-getres-monotonic:         vdso:  545 nsec/call
        clock-gettime-monotonic:        vdso:  940 nsec/call
      
      It is even better for gettime with monotonic clocks.
      
      Unsupported clocks with ASM VDSO:
        clock-gettime-boottime:         vdso: 3851 nsec/call
        clock-gettime-tai:      	  vdso: 3852 nsec/call
        clock-gettime-monotonic-raw:    vdso: 3396 nsec/call
      
      Same clocks with C VDSO:
        clock-gettime-tai:              vdso:  941 nsec/call
        clock-gettime-monotonic-raw:    vdso: 1001 nsec/call
        clock-gettime-monotonic-coarse: vdso:  591 nsec/call
      
      On an 8321E at 333 MHz, vdsotest with the ASM VDSO:
        gettimeofday:     		  vdso: 220 nsec/call
        clock-getres-realtime-coarse:   vdso: 102 nsec/call
        clock-gettime-realtime-coarse:  vdso: 178 nsec/call
        clock-getres-realtime:          vdso: 129 nsec/call
        clock-gettime-realtime:    	  vdso: 235 nsec/call
        clock-getres-monotonic-coarse:  vdso: 105 nsec/call
        clock-gettime-monotonic-coarse: vdso: 208 nsec/call
        clock-getres-monotonic:         vdso: 129 nsec/call
        clock-gettime-monotonic:        vdso: 274 nsec/call
      
      On an 8321E at 333 MHz, vdsotest with the C VDSO:
        gettimeofday:    		  vdso: 272 nsec/call
        clock-getres-realtime-coarse:   vdso: 160 nsec/call
        clock-gettime-realtime-coarse:  vdso: 184 nsec/call
        clock-getres-realtime:          vdso: 166 nsec/call
        clock-gettime-realtime:         vdso: 281 nsec/call
        clock-getres-monotonic-coarse:  vdso: 160 nsec/call
        clock-gettime-monotonic-coarse: vdso: 184 nsec/call
        clock-getres-monotonic:         vdso: 169 nsec/call
        clock-gettime-monotonic:        vdso: 275 nsec/call
      
      On a Power9 Nimbus DD2.2 at 3.8GHz, with the ASM VDSO:
        clock-gettime-monotonic:    	  vdso:  35 nsec/call
        clock-getres-monotonic:    	  vdso:  16 nsec/call
        clock-gettime-monotonic-coarse: vdso:  18 nsec/call
        clock-getres-monotonic-coarse:  vdso: 522 nsec/call
        clock-gettime-monotonic-raw:    vdso: 598 nsec/call
        clock-getres-monotonic-raw:     vdso: 520 nsec/call
        clock-gettime-realtime:    	  vdso:  34 nsec/call
        clock-getres-realtime:    	  vdso:  16 nsec/call
        clock-gettime-realtime-coarse:  vdso:  18 nsec/call
        clock-getres-realtime-coarse:   vdso: 517 nsec/call
        getcpu:    			  vdso:   8 nsec/call
        gettimeofday:    		  vdso:  25 nsec/call
      
      And with the C VDSO:
        clock-gettime-monotonic:    	  vdso:  37 nsec/call
        clock-getres-monotonic:    	  vdso:  20 nsec/call
        clock-gettime-monotonic-coarse: vdso:  21 nsec/call
        clock-getres-monotonic-coarse:  vdso:  19 nsec/call
        clock-gettime-monotonic-raw:    vdso:  38 nsec/call
        clock-getres-monotonic-raw:     vdso:  20 nsec/call
        clock-gettime-realtime:    	  vdso:  37 nsec/call
        clock-getres-realtime:    	  vdso:  20 nsec/call
        clock-gettime-realtime-coarse:  vdso:  20 nsec/call
        clock-getres-realtime-coarse:   vdso:  19 nsec/call
        getcpu:    			  vdso:   8 nsec/call
        gettimeofday:    		  vdso:  28 nsec/call
      Signed-off-by: default avatarChristophe Leroy <christophe.leroy@csgroup.eu>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Link: https://lore.kernel.org/r/20201126131006.2431205-8-mpe@ellerman.id.au
      ab037dd8
    • Christophe Leroy's avatar
      7fec9f5d
    • Christophe Leroy's avatar
      powerpc/vdso: Prepare for switching VDSO to generic C implementation. · ce7d8056
      Christophe Leroy authored
      Prepare for switching VDSO to generic C implementation in following
      patch. Here, we:
      - Prepare the helpers to call the C VDSO functions
      - Prepare the required callbacks for the C VDSO functions
      - Prepare the clocksource.h files to define VDSO_ARCH_CLOCKMODES
      - Add the C trampolines to the generic C VDSO functions
      
      powerpc is a bit special for VDSO as well as system calls in the
      way that it requires setting CR SO bit which cannot be done in C.
      Therefore, entry/exit needs to be performed in ASM.
      
      Implementing __arch_get_vdso_data() would clobber the link register,
      requiring the caller to save it. As the ASM calling function already
      has to set a stack frame and saves the link register before calling
      the C vdso function, retriving the vdso data pointer there is lighter.
      
      Implement __arch_vdso_capable() and always return true.
      
      Provide vdso_shift_ns(), as the generic x >> s gives the following
      bad result:
      
        18:	35 25 ff e0 	addic.  r9,r5,-32
        1c:	41 80 00 10 	blt     2c <shift+0x14>
        20:	7c 64 4c 30 	srw     r4,r3,r9
        24:	38 60 00 00 	li      r3,0
        ...
        2c:	54 69 08 3c 	rlwinm  r9,r3,1,0,30
        30:	21 45 00 1f 	subfic  r10,r5,31
        34:	7c 84 2c 30 	srw     r4,r4,r5
        38:	7d 29 50 30 	slw     r9,r9,r10
        3c:	7c 63 2c 30 	srw     r3,r3,r5
        40:	7d 24 23 78 	or      r4,r9,r4
      
      In our case the shift is always <= 32. In addition,  the upper 32 bits
      of the result are likely nul. Lets GCC know it, it also optimises the
      following calculations.
      
      With the patch, we get:
         0:	21 25 00 20 	subfic  r9,r5,32
         4:	7c 69 48 30 	slw     r9,r3,r9
         8:	7c 84 2c 30 	srw     r4,r4,r5
         c:	7d 24 23 78 	or      r4,r9,r4
        10:	7c 63 2c 30 	srw     r3,r3,r5
      Signed-off-by: default avatarChristophe Leroy <christophe.leroy@csgroup.eu>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Link: https://lore.kernel.org/r/20201126131006.2431205-6-mpe@ellerman.id.au
      ce7d8056
    • Michael Ellerman's avatar
      powerpc/barrier: Use CONFIG_PPC64 for barrier selection · 1f1676bb
      Michael Ellerman authored
      Currently we use ifdef __powerpc64__ in barrier.h to decide if we
      should use lwsync or eieio for SMPWMB which is then used by
      __smp_wmb().
      
      That means when we are building the compat VDSO we will use eieio,
      because it's 32-bit code, even though we're building a 64-bit kernel
      for a 64-bit CPU.
      
      Although eieio should work, it would be cleaner if we always used the
      same barrier, even for the 32-bit VDSO.
      
      So change the ifdef to CONFIG_PPC64, so that the selection is made
      based on the bitness of the kernel we're building for, not the current
      compilation unit.
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Link: https://lore.kernel.org/r/20201126131006.2431205-5-mpe@ellerman.id.au
      1f1676bb
    • Michael Ellerman's avatar
      powerpc/time: Fix mftb()/get_tb() for use with the compat VDSO · 5c189c52
      Michael Ellerman authored
      When we're building the compat VDSO we are building 32-bit code but in
      the context of a 64-bit kernel configuration.
      
      To make this work we need to be careful in some places when using
      ifdefs to differentiate between CONFIG_PPC64 and __powerpc64__.
      
      CONFIG_PPC64 indicates the kernel we're building is 64-bit, but it
      doesn't tell us that we're currently building 64-bit code - we could
      be building 32-bit code for the compat VDSO.
      
      On the other hand __powerpc64__ tells us that we are currently
      building 64-bit code (and therefore we must also be building a 64-bit
      kernel).
      
      In the case of get_tb() we want to use the 32-bit code sequence
      regardless of whether the kernel we're building for is 64-bit or
      32-bit, what matters is the word size of the current object. So we
      need to check __powerpc64__ to decide if we use mftb() or the
      mftbu()/mftb() sequence.
      
      For mftb() the logic for CPU_FTR_CELL_TB_BUG only makes sense if we're
      building 64-bit code, so guard that with a __powerpc64__ check.
      Signed-off-by: default avatarChristophe Leroy <christophe.leroy@csgroup.eu>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Link: https://lore.kernel.org/r/20201126131006.2431205-4-mpe@ellerman.id.au
      5c189c52
    • Christophe Leroy's avatar
      powerpc/time: Move timebase functions into new asm/vdso/timebase.h · d26b3817
      Christophe Leroy authored
      In order to easily use get_tb() from C VDSO, move timebase
      functions into a new header named asm/vdso/timebase.h
      Signed-off-by: default avatarChristophe Leroy <christophe.leroy@csgroup.eu>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Link: https://lore.kernel.org/r/20201126131006.2431205-3-mpe@ellerman.id.au
      d26b3817
    • Christophe Leroy's avatar
      powerpc/processor: Move cpu_relax() into asm/vdso/processor.h · 8f8cffd9
      Christophe Leroy authored
      cpu_relax() need to be in asm/vdso/processor.h to be used by
      the C VDSO generic library.
      
      Move it there.
      Signed-off-by: default avatarChristophe Leroy <christophe.leroy@csgroup.eu>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Link: https://lore.kernel.org/r/20201126131006.2431205-2-mpe@ellerman.id.au
      8f8cffd9
    • Christophe Leroy's avatar
      powerpc/feature: Use CONFIG_PPC64 instead of __powerpc64__ to define possible features · 8d1eeabf
      Christophe Leroy authored
      In order to build VDSO32 for PPC64, we need to have CPU_FTRS_POSSIBLE
      and CPU_FTRS_ALWAYS independant of whether we are building the
      32 bits VDSO or the 64 bits VDSO.
      
      Use #ifdef CONFIG_PPC64 instead of #ifdef __powerpc64__
      Signed-off-by: default avatarChristophe Leroy <christophe.leroy@csgroup.eu>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Link: https://lore.kernel.org/r/20201126131006.2431205-1-mpe@ellerman.id.au
      8d1eeabf
    • Michael Ellerman's avatar
      powerpc: Update NUMA Kconfig description & help text · bae80c27
      Michael Ellerman authored
      Update the NUMA Kconfig description to match other architectures, and
      add some help text. Shamelessly borrowed from x86/arm64.
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Reviewed-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Link: https://lore.kernel.org/r/20201124120547.1940635-3-mpe@ellerman.id.au
      bae80c27
    • Michael Ellerman's avatar
      powerpc: Make NUMA default y for powernv · 4c28b32b
      Michael Ellerman authored
      Our NUMA option is default y for pseries, but not powernv. The bulk of
      powernv systems are NUMA, so make NUMA default y for powernv also.
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Reviewed-by: default avatarSrikar Dronamraju <srikar@linux.vnet.ibm.com>
      Link: https://lore.kernel.org/r/20201124120547.1940635-2-mpe@ellerman.id.au
      4c28b32b
    • Michael Ellerman's avatar
      powerpc: Make NUMA depend on SMP · 25395cd2
      Michael Ellerman authored
      Our Kconfig allows NUMA to be enabled without SMP, but none of
      our defconfigs use that combination. This means it can easily be
      broken inadvertently by code changes, which has happened recently.
      
      Although it's theoretically possible to have a machine with a single
      CPU and multiple memory nodes, I can't think of any real systems where
      that's the case. Even so if such a system exists, it can just run an
      SMP kernel anyway.
      
      So to avoid the need to add extra #ifdefs and/or build breaks, make
      NUMA depend on SMP.
      Reported-by: default avatarkernel test robot <lkp@intel.com>
      Reported-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Reviewed-by: default avatarSrikar Dronamraju <srikar@linux.vnet.ibm.com>
      Reviewed-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Link: https://lore.kernel.org/r/20201124120547.1940635-1-mpe@ellerman.id.au
      25395cd2
    • Christophe Leroy's avatar
      powerpc: inline iomap accessors · 894fa235
      Christophe Leroy authored
      ioreadXX()/ioreadXXbe() accessors are equivalent to ppc
      in_leXX()/in_be16() accessors but they are not inlined.
      
      Since commit 0eb57368 ("powerpc/kerenl: Enable EEH for IO
      accessors"), the 'le' versions are equivalent to the ones
      defined in asm-generic/io.h, allthough the ones there are inlined.
      
      Include asm-generic/io.h to get them. Keep ppc versions of the
      'be' ones as they are optimised, but make them inline in ppc io.h.
      
      This reduces the size of ppc64e_defconfig build by 3 kbytes:
      
         text	   data	    bss	    dec	    hex	filename
      10160733	4343422	 562972	15067127	 e5e7f7	vmlinux.before
      10159239	4341590	 562972	15063801	 e5daf9	vmlinux.after
      
      A typical function using ioread and iowrite before the change:
      
      c00000000066a3c4 <.ata_bmdma_stop>:
      c00000000066a3c4:	7c 08 02 a6 	mflr    r0
      c00000000066a3c8:	fb c1 ff f0 	std     r30,-16(r1)
      c00000000066a3cc:	f8 01 00 10 	std     r0,16(r1)
      c00000000066a3d0:	fb e1 ff f8 	std     r31,-8(r1)
      c00000000066a3d4:	f8 21 ff 81 	stdu    r1,-128(r1)
      c00000000066a3d8:	eb e3 00 00 	ld      r31,0(r3)
      c00000000066a3dc:	eb df 00 98 	ld      r30,152(r31)
      c00000000066a3e0:	7f c3 f3 78 	mr      r3,r30
      c00000000066a3e4:	4b 9b 6f 7d 	bl      c000000000021360 <.ioread8>
      c00000000066a3e8:	60 00 00 00 	nop
      c00000000066a3ec:	7f c4 f3 78 	mr      r4,r30
      c00000000066a3f0:	54 63 06 3c 	rlwinm  r3,r3,0,24,30
      c00000000066a3f4:	4b 9b 70 4d 	bl      c000000000021440 <.iowrite8>
      c00000000066a3f8:	60 00 00 00 	nop
      c00000000066a3fc:	7f e3 fb 78 	mr      r3,r31
      c00000000066a400:	38 21 00 80 	addi    r1,r1,128
      c00000000066a404:	e8 01 00 10 	ld      r0,16(r1)
      c00000000066a408:	eb c1 ff f0 	ld      r30,-16(r1)
      c00000000066a40c:	7c 08 03 a6 	mtlr    r0
      c00000000066a410:	eb e1 ff f8 	ld      r31,-8(r1)
      c00000000066a414:	4b ff ff 8c 	b       c00000000066a3a0 <.ata_sff_dma_pause>
      
      The same function with this patch:
      
      c000000000669cb4 <.ata_bmdma_stop>:
      c000000000669cb4:	e8 63 00 00 	ld      r3,0(r3)
      c000000000669cb8:	e9 43 00 98 	ld      r10,152(r3)
      c000000000669cbc:	7c 00 04 ac 	hwsync
      c000000000669cc0:	89 2a 00 00 	lbz     r9,0(r10)
      c000000000669cc4:	0c 09 00 00 	twi     0,r9,0
      c000000000669cc8:	4c 00 01 2c 	isync
      c000000000669ccc:	55 29 06 3c 	rlwinm  r9,r9,0,24,30
      c000000000669cd0:	7c 00 04 ac 	hwsync
      c000000000669cd4:	99 2a 00 00 	stb     r9,0(r10)
      c000000000669cd8:	a1 4d 06 f0 	lhz     r10,1776(r13)
      c000000000669cdc:	2c 2a 00 00 	cmpdi   r10,0
      c000000000669ce0:	41 c2 00 08 	beq-    c000000000669ce8 <.ata_bmdma_stop+0x34>
      c000000000669ce4:	b1 4d 06 f2 	sth     r10,1778(r13)
      c000000000669ce8:	4b ff ff a8 	b       c000000000669c90 <.ata_sff_dma_pause>
      Signed-off-by: default avatarChristophe Leroy <christophe.leroy@csgroup.eu>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Link: https://lore.kernel.org/r/18b357d68c4cde149f75c7a1031c850925cd8128.1605981539.git.christophe.leroy@csgroup.eu
      894fa235
    • Athira Rajeev's avatar
      powerpc/perf: Fix crash with is_sier_available when pmu is not set · f75e7d73
      Athira Rajeev authored
      On systems without any specific PMU driver support registered, running
      'perf record' with —intr-regs  will crash ( perf record -I <workload> ).
      
      The relevant portion from crash logs and Call Trace:
      
      Unable to handle kernel paging request for data at address 0x00000068
      Faulting instruction address: 0xc00000000013eb18
      Oops: Kernel access of bad area, sig: 11 [#1]
      CPU: 2 PID: 13435 Comm: kill Kdump: loaded Not tainted 4.18.0-193.el8.ppc64le #1
      NIP:  c00000000013eb18 LR: c000000000139f2c CTR: c000000000393d80
      REGS: c0000004a07ab4f0 TRAP: 0300   Not tainted  (4.18.0-193.el8.ppc64le)
      NIP [c00000000013eb18] is_sier_available+0x18/0x30
      LR [c000000000139f2c] perf_reg_value+0x6c/0xb0
      Call Trace:
      [c0000004a07ab770] [c0000004a07ab7c8] 0xc0000004a07ab7c8 (unreliable)
      [c0000004a07ab7a0] [c0000000003aa77c] perf_output_sample+0x60c/0xac0
      [c0000004a07ab840] [c0000000003ab3f0] perf_event_output_forward+0x70/0xb0
      [c0000004a07ab8c0] [c00000000039e208] __perf_event_overflow+0x88/0x1a0
      [c0000004a07ab910] [c00000000039e42c] perf_swevent_hrtimer+0x10c/0x1d0
      [c0000004a07abc50] [c000000000228b9c] __hrtimer_run_queues+0x17c/0x480
      [c0000004a07abcf0] [c00000000022aaf4] hrtimer_interrupt+0x144/0x520
      [c0000004a07abdd0] [c00000000002a864] timer_interrupt+0x104/0x2f0
      [c0000004a07abe30] [c0000000000091c4] decrementer_common+0x114/0x120
      
      When perf record session is started with "-I" option, capturing registers
      on each sample calls is_sier_available() to check for the
      SIER (Sample Instruction Event Register) availability in the platform.
      This function in core-book3s accesses 'ppmu->flags'. If a platform specific
      PMU driver is not registered, ppmu is set to NULL and accessing its
      members results in a crash. Fix the crash by returning false in
      is_sier_available() if ppmu is not set.
      
      Fixes: 333804dc ("powerpc/perf: Update perf_regs structure to include SIER")
      Reported-by: default avatarSachin Sant <sachinp@linux.vnet.ibm.com>
      Signed-off-by: default avatarAthira Rajeev <atrajeev@linux.vnet.ibm.com>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Link: https://lore.kernel.org/r/1606185640-1720-1-git-send-email-atrajeev@linux.vnet.ibm.com
      f75e7d73
    • Alan Modra's avatar
      powerpc/boot: Make use of REL16 relocs in powerpc/boot/util.S · 3d635aba
      Alan Modra authored
      Use bcl 20,31,0f rather than plain bl to avoid unbalancing the link
      stack.
      
      Update the code to use REL16 relocs, available for ppc64 in 2009 (and
      ppc32 in 2005).
      Signed-off-by: default avatarAlan Modra <amodra@gmail.com>
      [mpe: Incorporate more detail into the change log]
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      3d635aba
  2. 26 Nov, 2020 7 commits
  3. 25 Nov, 2020 1 commit
  4. 23 Nov, 2020 2 commits
    • Stephen Rothwell's avatar
      powerpc/64s: Fix allnoconfig build since uaccess flush · b6b79dd5
      Stephen Rothwell authored
      Using DECLARE_STATIC_KEY_FALSE needs linux/jump_table.h.
      
      Otherwise the build fails with eg:
      
        arch/powerpc/include/asm/book3s/64/kup-radix.h:66:1: warning: data definition has no type or storage class
           66 | DECLARE_STATIC_KEY_FALSE(uaccess_flush_key);
      
      Fixes: 9a32a7e7 ("powerpc/64s: flush L1D after user accesses")
      Signed-off-by: default avatarStephen Rothwell <sfr@canb.auug.org.au>
      [mpe: Massage change log]
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Link: https://lore.kernel.org/r/20201123184016.693fe464@canb.auug.org.au
      b6b79dd5
    • Michael Ellerman's avatar
      Merge tag 'powerpc-cve-2020-4788' into fixes · 962f8e64
      Michael Ellerman authored
      From Daniel's cover letter:
      
      IBM Power9 processors can speculatively operate on data in the L1 cache
      before it has been completely validated, via a way-prediction mechanism. It
      is not possible for an attacker to determine the contents of impermissible
      memory using this method, since these systems implement a combination of
      hardware and software security measures to prevent scenarios where
      protected data could be leaked.
      
      However these measures don't address the scenario where an attacker induces
      the operating system to speculatively execute instructions using data that
      the attacker controls. This can be used for example to speculatively bypass
      "kernel user access prevention" techniques, as discovered by Anthony
      Steinhauser of Google's Safeside Project. This is not an attack by itself,
      but there is a possibility it could be used in conjunction with
      side-channels or other weaknesses in the privileged code to construct an
      attack.
      
      This issue can be mitigated by flushing the L1 cache between privilege
      boundaries of concern.
      
      This patch series flushes the L1 cache on kernel entry (patch 2) and after the
      kernel performs any user accesses (patch 3). It also adds a self-test and
      performs some related cleanups.
      962f8e64
  5. 19 Nov, 2020 15 commits