On Tue, Jun 23, 2020 at 11:46:37AM -0700, Florian Fainelli wrote: > On 6/11/20 9:42 PM, Florian Fainelli wrote: > > From: Will Deacon <will.deacon@xxxxxxx> > > > > commit 679db70801da9fda91d26caf13bf5b5ccc74e8e8 upstream > > > > Some CPUs can speculate past an ERET instruction and potentially perform > > speculative accesses to memory before processing the exception return. > > Since the register state is often controlled by a lower privilege level > > at the point of an ERET, this could potentially be used as part of a > > side-channel attack. > > > > This patch emits an SB sequence after each ERET so that speculation is > > held up on exception return. > > > > Signed-off-by: Will Deacon <will.deacon@xxxxxxx> > > [florian: Adjust hyp-entry.S to account for the label] > > Signed-off-by: Florian Fainelli <f.fainelli@xxxxxxxxx> > > --- > > Will, > > > > Can you confirm that for 4.9 these are the only places that require > > patching? Thank you! > > Hi Will, Catalin, > > Does this look good to you for a 4.9 backport? I would like to see this > included at some point since this pertains to CVE-2020-13844. I think you're missing one of the ERET instructions in hyp/entry.S Will
