The patch below does not apply to the 3.18-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
>From f78e5623f45bab2b726eec29dc5cefbbab2d0b1c Mon Sep 17 00:00:00 2001
From: Sascha Hauer <s.hauer(a)pengutronix.de>
Date: Tue, 5 Dec 2017 16:01:20 +0100
Subject: [PATCH] ubi: fastmap: Erase outdated anchor PEBs during attach
The fastmap update code might erase the current fastmap anchor PEB
in case it doesn't find any new free PEB. When a power cut happens
in this situation we must not have any outdated fastmap anchor PEB
on the device, because that would be used to attach during next
boot.
The easiest way to make that sure is to erase all outdated fastmap
anchor PEBs synchronously during attach.
Signed-off-by: Sascha Hauer <s.hauer(a)pengutronix.de>
Reviewed-by: Richard Weinberger <richard(a)nod.at>
Fixes: dbb7d2a88d2a ("UBI: Add fastmap core")
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Richard Weinberger <richard(a)nod.at>
diff --git a/drivers/mtd/ubi/wl.c b/drivers/mtd/ubi/wl.c
index b5b8cd6f481c..668b46202507 100644
--- a/drivers/mtd/ubi/wl.c
+++ b/drivers/mtd/ubi/wl.c
@@ -1528,6 +1528,46 @@ static void shutdown_work(struct ubi_device *ubi)
}
}
+/**
+ * erase_aeb - erase a PEB given in UBI attach info PEB
+ * @ubi: UBI device description object
+ * @aeb: UBI attach info PEB
+ * @sync: If true, erase synchronously. Otherwise schedule for erasure
+ */
+static int erase_aeb(struct ubi_device *ubi, struct ubi_ainf_peb *aeb, bool sync)
+{
+ struct ubi_wl_entry *e;
+ int err;
+
+ e = kmem_cache_alloc(ubi_wl_entry_slab, GFP_KERNEL);
+ if (!e)
+ return -ENOMEM;
+
+ e->pnum = aeb->pnum;
+ e->ec = aeb->ec;
+ ubi->lookuptbl[e->pnum] = e;
+
+ if (sync) {
+ err = sync_erase(ubi, e, false);
+ if (err)
+ goto out_free;
+
+ wl_tree_add(e, &ubi->free);
+ ubi->free_count++;
+ } else {
+ err = schedule_erase(ubi, e, aeb->vol_id, aeb->lnum, 0, false);
+ if (err)
+ goto out_free;
+ }
+
+ return 0;
+
+out_free:
+ wl_entry_destroy(ubi, e);
+
+ return err;
+}
+
/**
* ubi_wl_init - initialize the WL sub-system using attaching information.
* @ubi: UBI device description object
@@ -1566,18 +1606,10 @@ int ubi_wl_init(struct ubi_device *ubi, struct ubi_attach_info *ai)
list_for_each_entry_safe(aeb, tmp, &ai->erase, u.list) {
cond_resched();
- e = kmem_cache_alloc(ubi_wl_entry_slab, GFP_KERNEL);
- if (!e)
+ err = erase_aeb(ubi, aeb, false);
+ if (err)
goto out_free;
- e->pnum = aeb->pnum;
- e->ec = aeb->ec;
- ubi->lookuptbl[e->pnum] = e;
- if (schedule_erase(ubi, e, aeb->vol_id, aeb->lnum, 0, false)) {
- wl_entry_destroy(ubi, e);
- goto out_free;
- }
-
found_pebs++;
}
@@ -1635,6 +1667,8 @@ int ubi_wl_init(struct ubi_device *ubi, struct ubi_attach_info *ai)
ubi_assert(!ubi->lookuptbl[e->pnum]);
ubi->lookuptbl[e->pnum] = e;
} else {
+ bool sync = false;
+
/*
* Usually old Fastmap PEBs are scheduled for erasure
* and we don't have to care about them but if we face
@@ -1644,18 +1678,21 @@ int ubi_wl_init(struct ubi_device *ubi, struct ubi_attach_info *ai)
if (ubi->lookuptbl[aeb->pnum])
continue;
- e = kmem_cache_alloc(ubi_wl_entry_slab, GFP_KERNEL);
- if (!e)
- goto out_free;
+ /*
+ * The fastmap update code might not find a free PEB for
+ * writing the fastmap anchor to and then reuses the
+ * current fastmap anchor PEB. When this PEB gets erased
+ * and a power cut happens before it is written again we
+ * must make sure that the fastmap attach code doesn't
+ * find any outdated fastmap anchors, hence we erase the
+ * outdated fastmap anchor PEBs synchronously here.
+ */
+ if (aeb->vol_id == UBI_FM_SB_VOLUME_ID)
+ sync = true;
- e->pnum = aeb->pnum;
- e->ec = aeb->ec;
- ubi_assert(!ubi->lookuptbl[e->pnum]);
- ubi->lookuptbl[e->pnum] = e;
- if (schedule_erase(ubi, e, aeb->vol_id, aeb->lnum, 0, false)) {
- wl_entry_destroy(ubi, e);
+ err = erase_aeb(ubi, aeb, sync);
+ if (err)
goto out_free;
- }
}
found_pebs++;
The patch below does not apply to the 4.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
>From f78e5623f45bab2b726eec29dc5cefbbab2d0b1c Mon Sep 17 00:00:00 2001
From: Sascha Hauer <s.hauer(a)pengutronix.de>
Date: Tue, 5 Dec 2017 16:01:20 +0100
Subject: [PATCH] ubi: fastmap: Erase outdated anchor PEBs during attach
The fastmap update code might erase the current fastmap anchor PEB
in case it doesn't find any new free PEB. When a power cut happens
in this situation we must not have any outdated fastmap anchor PEB
on the device, because that would be used to attach during next
boot.
The easiest way to make that sure is to erase all outdated fastmap
anchor PEBs synchronously during attach.
Signed-off-by: Sascha Hauer <s.hauer(a)pengutronix.de>
Reviewed-by: Richard Weinberger <richard(a)nod.at>
Fixes: dbb7d2a88d2a ("UBI: Add fastmap core")
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Richard Weinberger <richard(a)nod.at>
diff --git a/drivers/mtd/ubi/wl.c b/drivers/mtd/ubi/wl.c
index b5b8cd6f481c..668b46202507 100644
--- a/drivers/mtd/ubi/wl.c
+++ b/drivers/mtd/ubi/wl.c
@@ -1528,6 +1528,46 @@ static void shutdown_work(struct ubi_device *ubi)
}
}
+/**
+ * erase_aeb - erase a PEB given in UBI attach info PEB
+ * @ubi: UBI device description object
+ * @aeb: UBI attach info PEB
+ * @sync: If true, erase synchronously. Otherwise schedule for erasure
+ */
+static int erase_aeb(struct ubi_device *ubi, struct ubi_ainf_peb *aeb, bool sync)
+{
+ struct ubi_wl_entry *e;
+ int err;
+
+ e = kmem_cache_alloc(ubi_wl_entry_slab, GFP_KERNEL);
+ if (!e)
+ return -ENOMEM;
+
+ e->pnum = aeb->pnum;
+ e->ec = aeb->ec;
+ ubi->lookuptbl[e->pnum] = e;
+
+ if (sync) {
+ err = sync_erase(ubi, e, false);
+ if (err)
+ goto out_free;
+
+ wl_tree_add(e, &ubi->free);
+ ubi->free_count++;
+ } else {
+ err = schedule_erase(ubi, e, aeb->vol_id, aeb->lnum, 0, false);
+ if (err)
+ goto out_free;
+ }
+
+ return 0;
+
+out_free:
+ wl_entry_destroy(ubi, e);
+
+ return err;
+}
+
/**
* ubi_wl_init - initialize the WL sub-system using attaching information.
* @ubi: UBI device description object
@@ -1566,18 +1606,10 @@ int ubi_wl_init(struct ubi_device *ubi, struct ubi_attach_info *ai)
list_for_each_entry_safe(aeb, tmp, &ai->erase, u.list) {
cond_resched();
- e = kmem_cache_alloc(ubi_wl_entry_slab, GFP_KERNEL);
- if (!e)
+ err = erase_aeb(ubi, aeb, false);
+ if (err)
goto out_free;
- e->pnum = aeb->pnum;
- e->ec = aeb->ec;
- ubi->lookuptbl[e->pnum] = e;
- if (schedule_erase(ubi, e, aeb->vol_id, aeb->lnum, 0, false)) {
- wl_entry_destroy(ubi, e);
- goto out_free;
- }
-
found_pebs++;
}
@@ -1635,6 +1667,8 @@ int ubi_wl_init(struct ubi_device *ubi, struct ubi_attach_info *ai)
ubi_assert(!ubi->lookuptbl[e->pnum]);
ubi->lookuptbl[e->pnum] = e;
} else {
+ bool sync = false;
+
/*
* Usually old Fastmap PEBs are scheduled for erasure
* and we don't have to care about them but if we face
@@ -1644,18 +1678,21 @@ int ubi_wl_init(struct ubi_device *ubi, struct ubi_attach_info *ai)
if (ubi->lookuptbl[aeb->pnum])
continue;
- e = kmem_cache_alloc(ubi_wl_entry_slab, GFP_KERNEL);
- if (!e)
- goto out_free;
+ /*
+ * The fastmap update code might not find a free PEB for
+ * writing the fastmap anchor to and then reuses the
+ * current fastmap anchor PEB. When this PEB gets erased
+ * and a power cut happens before it is written again we
+ * must make sure that the fastmap attach code doesn't
+ * find any outdated fastmap anchors, hence we erase the
+ * outdated fastmap anchor PEBs synchronously here.
+ */
+ if (aeb->vol_id == UBI_FM_SB_VOLUME_ID)
+ sync = true;
- e->pnum = aeb->pnum;
- e->ec = aeb->ec;
- ubi_assert(!ubi->lookuptbl[e->pnum]);
- ubi->lookuptbl[e->pnum] = e;
- if (schedule_erase(ubi, e, aeb->vol_id, aeb->lnum, 0, false)) {
- wl_entry_destroy(ubi, e);
+ err = erase_aeb(ubi, aeb, sync);
+ if (err)
goto out_free;
- }
}
found_pebs++;
The patch below does not apply to the 4.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
>From a51a0c8d213594bc094cb8e54aad0cb6d7f7b9a6 Mon Sep 17 00:00:00 2001
From: Clay McClure <clay(a)daemons.net>
Date: Thu, 21 Sep 2017 19:01:34 -0700
Subject: [PATCH] ubi: Fix race condition between ubi volume creation and udev
Similar to commit 714fb87e8bc0 ("ubi: Fix race condition between ubi
device creation and udev"), we should make the volume active before
registering it.
Signed-off-by: Clay McClure <clay(a)daemons.net>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Richard Weinberger <richard(a)nod.at>
diff --git a/drivers/mtd/ubi/vmt.c b/drivers/mtd/ubi/vmt.c
index 85237cf661f9..3fd8d7ff7a02 100644
--- a/drivers/mtd/ubi/vmt.c
+++ b/drivers/mtd/ubi/vmt.c
@@ -270,6 +270,12 @@ int ubi_create_volume(struct ubi_device *ubi, struct ubi_mkvol_req *req)
vol->last_eb_bytes = vol->usable_leb_size;
}
+ /* Make volume "available" before it becomes accessible via sysfs */
+ spin_lock(&ubi->volumes_lock);
+ ubi->volumes[vol_id] = vol;
+ ubi->vol_count += 1;
+ spin_unlock(&ubi->volumes_lock);
+
/* Register character device for the volume */
cdev_init(&vol->cdev, &ubi_vol_cdev_operations);
vol->cdev.owner = THIS_MODULE;
@@ -298,11 +304,6 @@ int ubi_create_volume(struct ubi_device *ubi, struct ubi_mkvol_req *req)
if (err)
goto out_sysfs;
- spin_lock(&ubi->volumes_lock);
- ubi->volumes[vol_id] = vol;
- ubi->vol_count += 1;
- spin_unlock(&ubi->volumes_lock);
-
ubi_volume_notify(ubi, vol, UBI_VOLUME_ADDED);
self_check_volumes(ubi);
return err;
@@ -315,6 +316,10 @@ int ubi_create_volume(struct ubi_device *ubi, struct ubi_mkvol_req *req)
*/
cdev_device_del(&vol->cdev, &vol->dev);
out_mapping:
+ spin_lock(&ubi->volumes_lock);
+ ubi->volumes[vol_id] = NULL;
+ ubi->vol_count -= 1;
+ spin_unlock(&ubi->volumes_lock);
ubi_eba_destroy_table(eba_tbl);
out_acc:
spin_lock(&ubi->volumes_lock);
The patch below does not apply to the 4.9-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
>From a51a0c8d213594bc094cb8e54aad0cb6d7f7b9a6 Mon Sep 17 00:00:00 2001
From: Clay McClure <clay(a)daemons.net>
Date: Thu, 21 Sep 2017 19:01:34 -0700
Subject: [PATCH] ubi: Fix race condition between ubi volume creation and udev
Similar to commit 714fb87e8bc0 ("ubi: Fix race condition between ubi
device creation and udev"), we should make the volume active before
registering it.
Signed-off-by: Clay McClure <clay(a)daemons.net>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Richard Weinberger <richard(a)nod.at>
diff --git a/drivers/mtd/ubi/vmt.c b/drivers/mtd/ubi/vmt.c
index 85237cf661f9..3fd8d7ff7a02 100644
--- a/drivers/mtd/ubi/vmt.c
+++ b/drivers/mtd/ubi/vmt.c
@@ -270,6 +270,12 @@ int ubi_create_volume(struct ubi_device *ubi, struct ubi_mkvol_req *req)
vol->last_eb_bytes = vol->usable_leb_size;
}
+ /* Make volume "available" before it becomes accessible via sysfs */
+ spin_lock(&ubi->volumes_lock);
+ ubi->volumes[vol_id] = vol;
+ ubi->vol_count += 1;
+ spin_unlock(&ubi->volumes_lock);
+
/* Register character device for the volume */
cdev_init(&vol->cdev, &ubi_vol_cdev_operations);
vol->cdev.owner = THIS_MODULE;
@@ -298,11 +304,6 @@ int ubi_create_volume(struct ubi_device *ubi, struct ubi_mkvol_req *req)
if (err)
goto out_sysfs;
- spin_lock(&ubi->volumes_lock);
- ubi->volumes[vol_id] = vol;
- ubi->vol_count += 1;
- spin_unlock(&ubi->volumes_lock);
-
ubi_volume_notify(ubi, vol, UBI_VOLUME_ADDED);
self_check_volumes(ubi);
return err;
@@ -315,6 +316,10 @@ int ubi_create_volume(struct ubi_device *ubi, struct ubi_mkvol_req *req)
*/
cdev_device_del(&vol->cdev, &vol->dev);
out_mapping:
+ spin_lock(&ubi->volumes_lock);
+ ubi->volumes[vol_id] = NULL;
+ ubi->vol_count -= 1;
+ spin_unlock(&ubi->volumes_lock);
ubi_eba_destroy_table(eba_tbl);
out_acc:
spin_lock(&ubi->volumes_lock);
Tree/Branch: v3.16.54
Git describe: v3.16.54
Commit: 0b9f4cdd4d Linux 3.16.54
Build Time: 34 min 32 sec
Passed: 9 / 9 (100.00 %)
Failed: 0 / 9 ( 0.00 %)
Errors: 0
Warnings: 9
Section Mismatches: 0
-------------------------------------------------------------------------------
defconfigs with issues (other than build errors):
1 warnings 0 mismatches : arm64-allnoconfig
3 warnings 0 mismatches : arm64-allmodconfig
1 warnings 0 mismatches : arm-multi_v5_defconfig
1 warnings 0 mismatches : arm-multi_v7_defconfig
1 warnings 0 mismatches : x86_64-defconfig
6 warnings 0 mismatches : arm-allmodconfig
1 warnings 0 mismatches : arm-allnoconfig
1 warnings 0 mismatches : x86_64-allnoconfig
3 warnings 0 mismatches : arm64-defconfig
-------------------------------------------------------------------------------
Warnings Summary: 9
7 ../include/linux/stddef.h:8:14: warning: 'return' with a value, in function returning void
2 ../ipc/sem.c:377:6: warning: '___p1' may be used uninitialized in this function [-Wmaybe-uninitialized]
2 ../drivers/net/ethernet/broadcom/genet/bcmgenet.c:2106:1: warning: label 'err_clk_disable' defined but not used [-Wunused-label]
2 ../drivers/net/ethernet/broadcom/genet/bcmgenet.c:1346:17: warning: unused variable 'kdev' [-Wunused-variable]
1 ../drivers/platform/x86/eeepc-laptop.c:279:10: warning: 'value' may be used uninitialized in this function [-Wmaybe-uninitialized]
1 ../drivers/mtd/nand/omap2.c:1318:12: warning: 'omap_calculate_ecc_bch_multi' defined but not used [-Wunused-function]
1 ../drivers/media/platform/davinci/vpfe_capture.c:291:12: warning: 'vpfe_get_ccdc_image_format' defined but not used [-Wunused-function]
1 ../drivers/media/platform/davinci/vpfe_capture.c:1718:1: warning: label 'unlock_out' defined but not used [-Wunused-label]
1 ../arch/x86/kernel/cpu/common.c:1022:13: warning: 'syscall32_cpu_init' defined but not used [-Wunused-function]
===============================================================================
Detailed per-defconfig build reports below:
-------------------------------------------------------------------------------
arm64-allnoconfig : PASS, 0 errors, 1 warnings, 0 section mismatches
Warnings:
../include/linux/stddef.h:8:14: warning: 'return' with a value, in function returning void
-------------------------------------------------------------------------------
arm64-allmodconfig : PASS, 0 errors, 3 warnings, 0 section mismatches
Warnings:
../drivers/net/ethernet/broadcom/genet/bcmgenet.c:1346:17: warning: unused variable 'kdev' [-Wunused-variable]
../drivers/net/ethernet/broadcom/genet/bcmgenet.c:2106:1: warning: label 'err_clk_disable' defined but not used [-Wunused-label]
../include/linux/stddef.h:8:14: warning: 'return' with a value, in function returning void
-------------------------------------------------------------------------------
arm-multi_v5_defconfig : PASS, 0 errors, 1 warnings, 0 section mismatches
Warnings:
../include/linux/stddef.h:8:14: warning: 'return' with a value, in function returning void
-------------------------------------------------------------------------------
arm-multi_v7_defconfig : PASS, 0 errors, 1 warnings, 0 section mismatches
Warnings:
../include/linux/stddef.h:8:14: warning: 'return' with a value, in function returning void
-------------------------------------------------------------------------------
x86_64-defconfig : PASS, 0 errors, 1 warnings, 0 section mismatches
Warnings:
../drivers/platform/x86/eeepc-laptop.c:279:10: warning: 'value' may be used uninitialized in this function [-Wmaybe-uninitialized]
-------------------------------------------------------------------------------
arm-allmodconfig : PASS, 0 errors, 6 warnings, 0 section mismatches
Warnings:
../drivers/mtd/nand/omap2.c:1318:12: warning: 'omap_calculate_ecc_bch_multi' defined but not used [-Wunused-function]
../include/linux/stddef.h:8:14: warning: 'return' with a value, in function returning void
../drivers/media/platform/davinci/vpfe_capture.c:1718:1: warning: label 'unlock_out' defined but not used [-Wunused-label]
../drivers/media/platform/davinci/vpfe_capture.c:291:12: warning: 'vpfe_get_ccdc_image_format' defined but not used [-Wunused-function]
../drivers/net/ethernet/broadcom/genet/bcmgenet.c:1346:17: warning: unused variable 'kdev' [-Wunused-variable]
../drivers/net/ethernet/broadcom/genet/bcmgenet.c:2106:1: warning: label 'err_clk_disable' defined but not used [-Wunused-label]
-------------------------------------------------------------------------------
arm-allnoconfig : PASS, 0 errors, 1 warnings, 0 section mismatches
Warnings:
../include/linux/stddef.h:8:14: warning: 'return' with a value, in function returning void
-------------------------------------------------------------------------------
x86_64-allnoconfig : PASS, 0 errors, 1 warnings, 0 section mismatches
Warnings:
../arch/x86/kernel/cpu/common.c:1022:13: warning: 'syscall32_cpu_init' defined but not used [-Wunused-function]
-------------------------------------------------------------------------------
arm64-defconfig : PASS, 0 errors, 3 warnings, 0 section mismatches
Warnings:
../ipc/sem.c:377:6: warning: '___p1' may be used uninitialized in this function [-Wmaybe-uninitialized]
../ipc/sem.c:377:6: warning: '___p1' may be used uninitialized in this function [-Wmaybe-uninitialized]
../include/linux/stddef.h:8:14: warning: 'return' with a value, in function returning void
-------------------------------------------------------------------------------
Passed with no errors, warnings or mismatches:
This is a note to let you know that I've just added the patch titled
[Variant 2/Spectre-v2] firmware/psci: Expose SMCCC version through psci_ops
to the 4.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
The filename of the patch is:
firmware-psci-expose-smccc-version-through-psci_ops.patch
and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable(a)vger.kernel.org> know about it.
>From foo@baz Wed Feb 14 14:44:54 CET 2018
From: Marc Zyngier <marc.zyngier(a)arm.com>
Date: Tue, 6 Feb 2018 17:56:17 +0000
Subject: [Variant 2/Spectre-v2] firmware/psci: Expose SMCCC version through psci_ops
From: Marc Zyngier <marc.zyngier(a)arm.com>
Commit e78eef554a91 upstream.
Since PSCI 1.0 allows the SMCCC version to be (indirectly) probed,
let's do that at boot time, and expose the version of the calling
convention as part of the psci_ops structure.
Acked-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com>
Reviewed-by: Robin Murphy <robin.murphy(a)arm.com>
Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org>
Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com>
Signed-off-by: Will Deacon <will.deacon(a)arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
drivers/firmware/psci.c | 27 +++++++++++++++++++++++++++
include/linux/psci.h | 6 ++++++
2 files changed, 33 insertions(+)
--- a/drivers/firmware/psci.c
+++ b/drivers/firmware/psci.c
@@ -61,6 +61,7 @@ bool psci_tos_resident_on(int cpu)
struct psci_operations psci_ops = {
.conduit = PSCI_CONDUIT_NONE,
+ .smccc_version = SMCCC_VERSION_1_0,
};
typedef unsigned long (psci_fn)(unsigned long, unsigned long,
@@ -511,6 +512,31 @@ static void __init psci_init_migrate(voi
pr_info("Trusted OS resident on physical CPU 0x%lx\n", cpuid);
}
+static void __init psci_init_smccc(void)
+{
+ u32 ver = ARM_SMCCC_VERSION_1_0;
+ int feature;
+
+ feature = psci_features(ARM_SMCCC_VERSION_FUNC_ID);
+
+ if (feature != PSCI_RET_NOT_SUPPORTED) {
+ u32 ret;
+ ret = invoke_psci_fn(ARM_SMCCC_VERSION_FUNC_ID, 0, 0, 0);
+ if (ret == ARM_SMCCC_VERSION_1_1) {
+ psci_ops.smccc_version = SMCCC_VERSION_1_1;
+ ver = ret;
+ }
+ }
+
+ /*
+ * Conveniently, the SMCCC and PSCI versions are encoded the
+ * same way. No, this isn't accidental.
+ */
+ pr_info("SMC Calling Convention v%d.%d\n",
+ PSCI_VERSION_MAJOR(ver), PSCI_VERSION_MINOR(ver));
+
+}
+
static void __init psci_0_2_set_functions(void)
{
pr_info("Using standard PSCI v0.2 function IDs\n");
@@ -559,6 +585,7 @@ static int __init psci_probe(void)
psci_init_migrate();
if (PSCI_VERSION_MAJOR(ver) >= 1) {
+ psci_init_smccc();
psci_init_cpu_suspend();
psci_init_system_suspend();
}
--- a/include/linux/psci.h
+++ b/include/linux/psci.h
@@ -31,6 +31,11 @@ enum psci_conduit {
PSCI_CONDUIT_HVC,
};
+enum smccc_version {
+ SMCCC_VERSION_1_0,
+ SMCCC_VERSION_1_1,
+};
+
struct psci_operations {
u32 (*get_version)(void);
int (*cpu_suspend)(u32 state, unsigned long entry_point);
@@ -41,6 +46,7 @@ struct psci_operations {
unsigned long lowest_affinity_level);
int (*migrate_info_type)(void);
enum psci_conduit conduit;
+ enum smccc_version smccc_version;
};
extern struct psci_operations psci_ops;
Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are
queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch
queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch
queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch
queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch
queue-4.14/firmware-psci-expose-psci-conduit.patch
queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch
queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch
queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch
queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch
queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch
queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch
queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch
queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch
queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch
queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch
queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch
queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch
queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch
queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch
queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch
queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch
queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch
queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch
queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch
queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch
queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch
queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch
queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch
queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch
This is a note to let you know that I've just added the patch titled
[Variant 3/Meltdown] arm64: use RET instruction for exiting the trampoline
to the 4.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
The filename of the patch is:
arm64-use-ret-instruction-for-exiting-the-trampoline.patch
and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable(a)vger.kernel.org> know about it.
>From foo@baz Wed Feb 14 14:44:54 CET 2018
From: Will Deacon <will.deacon(a)arm.com>
Date: Tue, 14 Nov 2017 16:15:59 +0000
Subject: [Variant 3/Meltdown] arm64: use RET instruction for exiting the trampoline
From: Will Deacon <will.deacon(a)arm.com>
Commit be04a6d1126b upstream.
Speculation attacks against the entry trampoline can potentially resteer
the speculative instruction stream through the indirect branch and into
arbitrary gadgets within the kernel.
This patch defends against these attacks by forcing a misprediction
through the return stack: a dummy BL instruction loads an entry into
the stack, so that the predicted program flow of the subsequent RET
instruction is to a branch-to-self instruction which is finally resolved
as a branch to the kernel vectors with speculation suppressed.
Signed-off-by: Will Deacon <will.deacon(a)arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
arch/arm64/kernel/entry.S | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
--- a/arch/arm64/kernel/entry.S
+++ b/arch/arm64/kernel/entry.S
@@ -981,6 +981,14 @@ alternative_else_nop_endif
.if \regsize == 64
msr tpidrro_el0, x30 // Restored in kernel_ventry
.endif
+ /*
+ * Defend against branch aliasing attacks by pushing a dummy
+ * entry onto the return stack and using a RET instruction to
+ * enter the full-fat kernel vectors.
+ */
+ bl 2f
+ b .
+2:
tramp_map_kernel x30
#ifdef CONFIG_RANDOMIZE_BASE
adr x30, tramp_vectors + PAGE_SIZE
@@ -993,7 +1001,7 @@ alternative_insn isb, nop, ARM64_WORKARO
msr vbar_el1, x30
add x30, x30, #(1b - tramp_vectors)
isb
- br x30
+ ret
.endm
.macro tramp_exit, regsize = 64
Patches currently in stable-queue which might be from will.deacon(a)arm.com are
queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch
queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch
queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch
queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch
queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch
queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch
queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch
queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch
queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch
queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch
queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch
queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch
queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch
queue-4.14/firmware-psci-expose-psci-conduit.patch
queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch
queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch
queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch
queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch
queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch
queue-4.14/arm64-mm-allocate-asids-in-pairs.patch
queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch
queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch
queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch
queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch
queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch
queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch
queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch
queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch
queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch
queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch
queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch
queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch
queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch
queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch
queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch
queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp
queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch
queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch
queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch
queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch
queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch
queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch
queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch
queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch
queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch
queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch
queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch
queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch
queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch
queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch
queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch
queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch
queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch
queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch
queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch
queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch
queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch
queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch
queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch
queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch
queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch
queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch
queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch
queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch
queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch
queue-4.14/arm64-implement-array_index_mask_nospec.patch
queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch
queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch
queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch
queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch
queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch
queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch
queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch
queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch
queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch
queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch
This is a note to let you know that I've just added the patch titled
[Variant 2/Spectre-v2] drivers/firmware: Expose psci_get_version through psci_ops structure
to the 4.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
The filename of the patch is:
drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch
and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable(a)vger.kernel.org> know about it.
>From foo@baz Wed Feb 14 14:44:54 CET 2018
From: Will Deacon <will.deacon(a)arm.com>
Date: Tue, 2 Jan 2018 21:45:41 +0000
Subject: [Variant 2/Spectre-v2] drivers/firmware: Expose psci_get_version through psci_ops structure
From: Will Deacon <will.deacon(a)arm.com>
Commit d68e3ba5303f upstream.
Entry into recent versions of ARM Trusted Firmware will invalidate the CPU
branch predictor state in order to protect against aliasing attacks.
This patch exposes the PSCI "VERSION" function via psci_ops, so that it
can be invoked outside of the PSCI driver where necessary.
Acked-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com>
Signed-off-by: Will Deacon <will.deacon(a)arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
drivers/firmware/psci.c | 2 ++
include/linux/psci.h | 1 +
2 files changed, 3 insertions(+)
--- a/drivers/firmware/psci.c
+++ b/drivers/firmware/psci.c
@@ -496,6 +496,8 @@ static void __init psci_init_migrate(voi
static void __init psci_0_2_set_functions(void)
{
pr_info("Using standard PSCI v0.2 function IDs\n");
+ psci_ops.get_version = psci_get_version;
+
psci_function_id[PSCI_FN_CPU_SUSPEND] =
PSCI_FN_NATIVE(0_2, CPU_SUSPEND);
psci_ops.cpu_suspend = psci_cpu_suspend;
--- a/include/linux/psci.h
+++ b/include/linux/psci.h
@@ -26,6 +26,7 @@ int psci_cpu_init_idle(unsigned int cpu)
int psci_cpu_suspend_enter(unsigned long index);
struct psci_operations {
+ u32 (*get_version)(void);
int (*cpu_suspend)(u32 state, unsigned long entry_point);
int (*cpu_off)(u32 state);
int (*cpu_on)(unsigned long cpuid, unsigned long entry_point);
Patches currently in stable-queue which might be from will.deacon(a)arm.com are
queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch
queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch
queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch
queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch
queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch
queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch
queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch
queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch
queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch
queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch
queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch
queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch
queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch
queue-4.14/firmware-psci-expose-psci-conduit.patch
queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch
queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch
queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch
queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch
queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch
queue-4.14/arm64-mm-allocate-asids-in-pairs.patch
queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch
queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch
queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch
queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch
queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch
queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch
queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch
queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch
queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch
queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch
queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch
queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch
queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch
queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch
queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch
queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp
queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch
queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch
queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch
queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch
queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch
queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch
queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch
queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch
queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch
queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch
queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch
queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch
queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch
queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch
queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch
queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch
queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch
queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch
queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch
queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch
queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch
queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch
queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch
queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch
queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch
queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch
queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch
queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch
queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch
queue-4.14/arm64-implement-array_index_mask_nospec.patch
queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch
queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch
queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch
queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch
queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch
queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch
queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch
queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch
queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch
queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch
This is a note to let you know that I've just added the patch titled
[Variant 1/Spectre-v1] arm64: uaccess: Prevent speculative use of the current addr_limit
to the 4.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
The filename of the patch is:
arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch
and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable(a)vger.kernel.org> know about it.
>From foo@baz Wed Feb 14 14:44:54 CET 2018
From: Will Deacon <will.deacon(a)arm.com>
Date: Mon, 5 Feb 2018 15:34:21 +0000
Subject: [Variant 1/Spectre-v1] arm64: uaccess: Prevent speculative use of the current addr_limit
From: Will Deacon <will.deacon(a)arm.com>
Commit c2f0ad4fc089 upstream.
A mispredicted conditional call to set_fs could result in the wrong
addr_limit being forwarded under speculation to a subsequent access_ok
check, potentially forming part of a spectre-v1 attack using uaccess
routines.
This patch prevents this forwarding from taking place, but putting heavy
barriers in set_fs after writing the addr_limit.
Reviewed-by: Mark Rutland <mark.rutland(a)arm.com>
Signed-off-by: Will Deacon <will.deacon(a)arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
arch/arm64/include/asm/uaccess.h | 7 +++++++
1 file changed, 7 insertions(+)
--- a/arch/arm64/include/asm/uaccess.h
+++ b/arch/arm64/include/asm/uaccess.h
@@ -42,6 +42,13 @@ static inline void set_fs(mm_segment_t f
{
current_thread_info()->addr_limit = fs;
+ /*
+ * Prevent a mispredicted conditional call to set_fs from forwarding
+ * the wrong address limit to access_ok under speculation.
+ */
+ dsb(nsh);
+ isb();
+
/* On user-mode return, check fs is correct */
set_thread_flag(TIF_FSCHECK);
Patches currently in stable-queue which might be from will.deacon(a)arm.com are
queue-4.14/arm64-make-user_ds-an-inclusive-limit.patch
queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch
queue-4.14/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch
queue-4.14/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch
queue-4.14/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch
queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch
queue-4.14/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch
queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch
queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch
queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch
queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch
queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch
queue-4.14/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch
queue-4.14/firmware-psci-expose-psci-conduit.patch
queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch
queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch
queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch
queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch
queue-4.14/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch
queue-4.14/arm64-mm-allocate-asids-in-pairs.patch
queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch
queue-4.14/arm64-use-ret-instruction-for-exiting-the-trampoline.patch
queue-4.14/arm64-futex-mask-__user-pointers-prior-to-dereference.patch
queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch
queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch
queue-4.14/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch
queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch
queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch
queue-4.14/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch
queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch
queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch
queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch
queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch
queue-4.14/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch
queue-4.14/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch
queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp
queue-4.14/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch
queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch
queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch
queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch
queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch
queue-4.14/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch
queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch
queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch
queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch
queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch
queue-4.14/arm64-move-task_-definitions-to-asm-processor.h.patch
queue-4.14/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch
queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch
queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch
queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch
queue-4.14/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch
queue-4.14/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch
queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch
queue-4.14/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch
queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch
queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch
queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch
queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch
queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch
queue-4.14/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch
queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch
queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch
queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch
queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch
queue-4.14/arm64-implement-array_index_mask_nospec.patch
queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch
queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch
queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch
queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch
queue-4.14/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch
queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch
queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch
queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch
queue-4.14/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch
queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch