[PATCH] aarch64: fix speculative execution past SVC vulnerability
Anthony Steinhauser
asteinhauser@google.com
Wed Jan 22 20:43:00 GMT 2020
*Florian Weimer
It's the user mode in the case of SVC instruction. I incorrectly
copied that passage from the ERET kernel fixes. Sorry for that.
If there are vendors or CPUs who implement this correctly, it would be
good to make it CPU-specific.
On the ARM and Cavium CPUs that I tested the control flow past SVC is
always mispredicted, so it seems like the barrier there would have
little if any overhead.
However, it does not enhance the performance either. It just prevents
very similar Spectre-like effects as in the ERET case.
*Szabolcs Nagy
I'm not sure whether the endline should be wrong. Without it, the
resulting assembly would look like:
svc 0 // syscall dsb nsh
isb
So the dsb nsh instruction will be commented-out. Or am I missing something?
On Wed, Jan 22, 2020 at 2:12 AM Szabolcs Nagy <Szabolcs.Nagy@arm.com> wrote:
>
> On 22/01/2020 10:08, Szabolcs Nagy wrote:
> > On 22/01/2020 01:29, Anthony Steinhauser wrote:
> >> { \
> >> LOAD_ARGS_##nr (args) \
> >> register long _x8 asm ("x8") = (name); \
> >> - asm volatile ("svc 0 // syscall " # name \
> >> + asm volatile ("svc 0 // syscall\n\t" # name \
>
> \n before the name looks wrong
>
> >> + "dsb nsh\n\t" \
> >> + "isb" \
> >> : "=r" (_x0) : "r"(_x8) ASM_ARGS_##nr : "memory"); \
> >> _sys_result = _x0; \
> >> } \
More information about the Libc-alpha
mailing list