linux/Documentation
Nicholas Piggin 9a32a7e78b powerpc/64s: flush L1D after user accesses
IBM Power9 processors can speculatively operate on data in the L1 cache
before it has been completely validated, via a way-prediction mechanism. It
is not possible for an attacker to determine the contents of impermissible
memory using this method, since these systems implement a combination of
hardware and software security measures to prevent scenarios where
protected data could be leaked.

However these measures don't address the scenario where an attacker induces
the operating system to speculatively execute instructions using data that
the attacker controls. This can be used for example to speculatively bypass
"kernel user access prevention" techniques, as discovered by Anthony
Steinhauser of Google's Safeside Project. This is not an attack by itself,
but there is a possibility it could be used in conjunction with
side-channels or other weaknesses in the privileged code to construct an
attack.

This issue can be mitigated by flushing the L1 cache between privilege
boundaries of concern. This patch flushes the L1 cache after user accesses.

This is part of the fix for CVE-2020-4788.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2020-11-19 23:47:18 +11:00
..
ABI docs: ABI: sysfs-class-led-trigger-pattern: remove hw_pattern duplication 2020-10-30 13:15:03 +01:00
PCI Documentation: better locations for sysfs-pci, sysfs-tagging 2020-10-09 09:33:23 -06:00
RCU Merge branch 'for-mingo' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu into core/rcu 2020-10-09 08:21:56 +02:00
accounting
admin-guide powerpc/64s: flush L1D after user accesses 2020-11-19 23:47:18 +11:00
arm As hoped, things calmed down for docs this cycle; fewer changes and almost 2020-10-12 16:21:29 -07:00
arm64 arm64: Add workaround for Arm Cortex-A77 erratum 1508412 2020-10-29 12:56:01 +00:00
block block-5.10-2020-10-24 2020-10-24 12:46:42 -07:00
bpf bpf: Migrate from patchwork.ozlabs.org to patchwork.kernel.org. 2020-10-11 22:05:47 +02:00
cdrom
core-api dma-mapping: document dma_{alloc,free}_pages 2020-10-23 12:07:46 +02:00
cpu-freq
crypto crypto: af_alg - add extra parameters for DRBG interface 2020-09-25 17:48:52 +10:00
dev-tools linux-kselftest-kunit-5.10-rc1 2020-10-18 14:45:59 -07:00
devicetree ARM: SoC fixes for v5.10 2020-10-30 13:06:07 -07:00
doc-guide docs: kerneldoc.py: add support for kerneldoc -nosymbol 2020-10-15 07:49:38 +02:00
driver-api A handful of late-arriving documentation fixes. 2020-10-23 17:13:53 -07:00
fault-injection A handful of late-arriving documentation fixes. 2020-10-23 17:13:53 -07:00
fb drm fixes (round two) for 5.10-rc1 2020-10-23 13:56:34 -07:00
features s390 updates for the 5.10 merge window 2020-10-16 12:36:38 -07:00
filesystems debugfs: remove return value of debugfs_create_devm_seqfile() 2020-10-30 08:37:39 +01:00
firmware-guide docs: add some new files to their respective index.rst files 2020-09-10 10:48:20 -06:00
firmware_class
fpga
gpu drm fixes for 5.10-rc1 2020-10-20 10:19:02 -07:00
hid
hwmon - New Drivers 2020-10-14 15:56:58 -07:00
i2c Documentation: i2c: add testunit docs to index 2020-10-05 22:57:45 +02:00
ia64 docs/ia64: Drop obsolete Xen documentation 2020-08-31 16:16:03 -06:00
ide
iio Documentation: iio: fix a typo 2020-09-09 11:41:20 -06:00
infiniband
input
isdn
kbuild kbuild: doc: describe proper script invocation 2020-10-13 18:38:26 -07:00
kernel-hacking
leds docs: ABI: sysfs-class-led-trigger-pattern: remove hw_pattern duplication 2020-10-30 13:15:03 +01:00
litmus-tests
livepatch
locking seqlock: Introduce seqcount_latch_t 2020-09-10 11:19:28 +02:00
m68k
maintainer Documentation/maintainer: rehome sign-off process 2020-09-03 15:39:24 -06:00
mhi
mips dt: Remove booting-without-of.rst 2020-10-13 13:33:16 -05:00
misc-devices misc: mic: remove the MIC drivers 2020-10-28 19:12:03 +01:00
netlabel
networking Fixes for 5.10-rc1 from the networking tree: 2020-10-23 12:05:49 -07:00
nios2
nvdimm
openrisc
parisc
pcmcia
power PCI/PM: Rename pci_dev.d3_delay to d3hot_delay 2020-09-29 14:21:50 -05:00
powerpc docs updates for v5.10-rc1 2020-10-16 15:02:21 -07:00
process A handful of late-arriving documentation fixes. 2020-10-23 17:13:53 -07:00
riscv
s390
scheduler docs: scheduler: fix the directory name on two files 2020-09-10 10:45:45 -06:00
scsi SPDX patches for 5.10-rc1 2020-10-14 16:19:42 -07:00
security Documentation: remove current_security() reference 2020-09-09 11:33:59 -06:00
sh dt: Remove booting-without-of.rst 2020-10-13 13:33:16 -05:00
sound docs: writing-an-alsa-driver.rst: fix some bad c:func: markups 2020-10-15 07:49:43 +02:00
sparc
sphinx docs: ABI: make it parse ABI/stable as ReST-compatible files 2020-10-30 13:07:02 +01:00
sphinx-static
spi
staging
target
timers
trace docs updates for v5.10-rc1 2020-10-16 15:02:21 -07:00
translations A handful of late-arriving documentation fixes. 2020-10-23 17:13:53 -07:00
usb
userspace-api docs updates for v5.10-rc1 2020-10-16 15:02:21 -07:00
virt x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID 2020-10-28 13:52:05 -04:00
vm A handful of late-arriving documentation fixes. 2020-10-23 17:13:53 -07:00
w1 docs: w1: w1_therm: Fix broken xref, mistakes, clarify text 2020-10-08 09:47:15 +02:00
watchdog
x86 A handful of late-arriving documentation fixes. 2020-10-23 17:13:53 -07:00
xtensa
.gitignore
COPYING-logo
Changes
CodingStyle
Kconfig docs: Kconfig/Makefile: add a check for broken ABI files 2020-10-30 13:08:07 +01:00
Makefile docs: Kconfig/Makefile: add a check for broken ABI files 2020-10-30 13:08:07 +01:00
SubmittingPatches
asm-annotations.rst
atomic_bitops.txt
atomic_t.txt
conf.py docs: add ABI documentation to the admin-guide book 2020-10-30 13:07:01 +01:00
docutils.conf
dontdiff
index.rst
logo.gif
memory-barriers.txt docs/memory-barriers.txt: Fix references for DMA*.txt files 2020-08-31 16:14:44 -06:00
watch_queue.rst docs: watch_queue: fix some warnings 2020-09-10 10:48:56 -06:00