Google Git
Sign in
hafnium / hafnium / d623d31d390fc1d2a351b81e0d1e58e715fd05d8
commitd623d31d390fc1d2a351b81e0d1e58e715fd05d8[log] [tgz]
authorDavid Brazdil <dbrazdil@google.com>Thu Dec 19 16:04:06 2019 +0000
committerDavid Brazdil <dbrazdil@google.com>Fri Dec 20 09:53:10 2019 +0000
treeb5492d96321c40a9dd066646d09e26ffd9a945ef
parent768f69c3720c9de7bd66a8debc76628bd63d1ae9 [diff]
Emit speculation barriers after ERETs

According to Linux commit 679db70801da9fda91d26caf13bf5b5ccc74e8e8
some ARM64 CPUs may speculate past an ERET. This could be used as part
of a side-channel attack.

To mitigate the issue, emit DSB/ISB barriers after every ERET.

Add a build step which dumps the generated ELF and check that this holds
for every ERET in the binary to prevent regressing.

Bug: 146490856
Change-Id: Idf1c2690637a7edb4a366d30fec26ed444069f5e
5 files changed
tree: b5492d96321c40a9dd066646d09e26ffd9a945ef
  1. .vscode/
  2. build/
  3. docs/
  4. driver/
  5. inc/
  6. kokoro/
  7. project/
  8. src/
  9. test/
  10. third_party/
  11. vmlib/
  12. prebuilts
  13. .clang-format
  14. .clang-tidy
  15. .gitignore
  16. .gitmodules
  17. .gn
  18. AUTHORS
  19. BUILD.gn
  20. CONTRIBUTING.md
  21. LICENSE
  22. Makefile
  23. navbar.md
  24. README.md
README.md

Hafnium

Hafnium is a hypervisor, initially supporting aarch64 (64-bit Armv8 CPUs).

Get in touch and keep up-to-date at hafnium-discuss@googlegroups.com.

Getting started

To jump in and build Hafnium, follow the getting started instructions.

If you want to contribute to the project, see details of how we accept contributions.

Documentation

More documentation is available on: