arm64: entry: Place an SB sequence following an ERET instruction

Some CPUs can speculate past an ERET instruction and potentially perform speculative accesses to memory before processing the exception return. Since the register state is often controlled by a lower privilege level at the point of an ERET, this could potentially be used as part of a side-channel attack. This patch emits an SB sequence after each ERET so that speculation is held up on exception return. Signed-off-by: Will Deacon <will.deacon@arm.com>
author: Will Deacon <will.deacon@arm.com> 2018-06-14 11:23:38 +0100
committer: Will Deacon <will.deacon@arm.com> 2018-12-06 16:47:05 +0000
commit: 679db70801da9fda91d26caf13bf5b5ccc74e8e8 (patch)
tree: 99b7df12e3d5dbdb4d14cd0fe317b643ee7a1444 /arch/arm64/kernel/entry.S
parent: bd4fb6d270bc423a9a4098108784f7f9254c4e6d (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
index 039144ecbcb2..a7fc77ab4a0a 100644
--- a/arch/arm64/kernel/entry.S
+++ b/arch/arm64/kernel/entry.S
@@ -363,6 +363,7 @@ alternative_insn eret, nop, ARM64_UNMAP_KERNEL_AT_EL0
 	.else
 	eret
 	.endif
+	sb
 	.endm
 
 	.macro	irq_stack_entry
@@ -1006,6 +1007,7 @@ alternative_insn isb, nop, ARM64_WORKAROUND_QCOM_FALKOR_E1003
 	mrs	x30, far_el1
 	.endif
 	eret
+	sb
 	.endm
 
 	.align	11
author	Will Deacon <will.deacon@arm.com>	2018-06-14 11:23:38 +0100
committer	Will Deacon <will.deacon@arm.com>	2018-12-06 16:47:05 +0000
commit	679db70801da9fda91d26caf13bf5b5ccc74e8e8 (patch)
tree	99b7df12e3d5dbdb4d14cd0fe317b643ee7a1444 /arch/arm64/kernel/entry.S
parent	bd4fb6d270bc423a9a4098108784f7f9254c4e6d (diff)