- Linux-stable-mirror - lists.linaro.org

Patch "[Variant 2/Spectre-v2] arm64: entry: Apply BP hardening for suspicious interrupts from EL0" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: entry: Apply BP hardening for suspicious interrupts from EL0 to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Fri, 2 Feb 2018 17:31:40 +0000 Subject: [Variant 2/Spectre-v2] arm64: entry: Apply BP hardening for suspicious interrupts from EL0 From: Will Deacon <will.deacon(a)arm.com> Commit 30d88c0e3ace upstream. It is possible to take an IRQ from EL0 following a branch to a kernel address in such a way that the IRQ is prioritised over the instruction abort. Whilst an attacker would need to get the stars to align here, it might be sufficient with enough calibration so perform BP hardening in the rare case that we see a kernel address in the ELR when handling an IRQ from EL0. Reported-by: Dan Hettena <dhettena(a)nvidia.com> Reviewed-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/entry.S | 5 +++++ arch/arm64/mm/fault.c | 6 ++++++ 2 files changed, 11 insertions(+) --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -828,6 +828,11 @@ el0_irq_naked: #endif ct_user_exit +#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR + tbz x22, #55, 1f + bl do_el0_irq_bp_hardening +1: +#endif irq_handler #ifdef CONFIG_TRACE_IRQFLAGS --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -707,6 +707,12 @@ asmlinkage void __exception do_mem_abort arm64_notify_die("", regs, &info, esr); } +asmlinkage void __exception do_el0_irq_bp_hardening(void) +{ + /* PC has already been checked in entry.S */ + arm64_apply_bp_hardening(); +} + asmlinkage void __exception do_el0_ia_bp_hardening(unsigned long addr, unsigned int esr, struct pt_regs *regs) Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: entry: Apply BP hardening for high-priority synchronous exceptions" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: entry: Apply BP hardening for high-priority synchronous exceptions to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Fri, 2 Feb 2018 17:31:39 +0000 Subject: [Variant 2/Spectre-v2] arm64: entry: Apply BP hardening for high-priority synchronous exceptions From: Will Deacon <will.deacon(a)arm.com> Commit 5dfc6ed27710 upstream. Software-step and PC alignment fault exceptions have higher priority than instruction abort exceptions, so apply the BP hardening hooks there too if the user PC appears to reside in kernel space. Reported-by: Dan Hettena <dhettena(a)nvidia.com> Reviewed-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/entry.S | 5 ++++- arch/arm64/mm/fault.c | 9 +++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -767,7 +767,10 @@ el0_sp_pc: * Stack or PC alignment exception handling */ mrs x26, far_el1 - enable_daif + enable_da_f +#ifdef CONFIG_TRACE_IRQFLAGS + bl trace_hardirqs_off +#endif ct_user_exit mov x0, x26 mov x1, x25 --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -731,6 +731,12 @@ asmlinkage void __exception do_sp_pc_abo struct siginfo info; struct task_struct *tsk = current; + if (user_mode(regs)) { + if (instruction_pointer(regs) > TASK_SIZE) + arm64_apply_bp_hardening(); + local_irq_enable(); + } + if (show_unhandled_signals && unhandled_signal(tsk, SIGBUS)) pr_info_ratelimited("%s[%d]: %s exception: pc=%p sp=%p\n", tsk->comm, task_pid_nr(tsk), @@ -790,6 +796,9 @@ asmlinkage int __exception do_debug_exce if (interrupts_enabled(regs)) trace_hardirqs_off(); + if (user_mode(regs) && instruction_pointer(regs) > TASK_SIZE) + arm64_apply_bp_hardening(); + if (!inf->fn(addr, esr, regs)) { rv = 1; } else { Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: entry: Add fake CPU feature for unmapping the kernel at EL0" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: entry: Add fake CPU feature for unmapping the kernel at EL0 to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Tue, 14 Nov 2017 14:38:19 +0000 Subject: [Variant 3/Meltdown] arm64: entry: Add fake CPU feature for unmapping the kernel at EL0 From: Will Deacon <will.deacon(a)arm.com> Commit ea1e3de85e94 upstream. Allow explicit disabling of the entry trampoline on the kernel command line (kpti=off) by adding a fake CPU feature (ARM64_UNMAP_KERNEL_AT_EL0) that can be used to toggle the alternative sequences in our entry code and avoid use of the trampoline altogether if desired. This also allows us to make use of a static key in arm64_kernel_unmapped_at_el0(). Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/cpucaps.h | 3 +- arch/arm64/include/asm/mmu.h | 3 +- arch/arm64/kernel/cpufeature.c | 41 +++++++++++++++++++++++++++++++++++++++ arch/arm64/kernel/entry.S | 9 ++++---- 4 files changed, 50 insertions(+), 6 deletions(-) --- a/arch/arm64/include/asm/cpucaps.h +++ b/arch/arm64/include/asm/cpucaps.h @@ -41,7 +41,8 @@ #define ARM64_WORKAROUND_CAVIUM_30115 20 #define ARM64_HAS_DCPOP 21 #define ARM64_SVE 22 +#define ARM64_UNMAP_KERNEL_AT_EL0 23 -#define ARM64_NCAPS 23 +#define ARM64_NCAPS 24 #endif /* __ASM_CPUCAPS_H */ --- a/arch/arm64/include/asm/mmu.h +++ b/arch/arm64/include/asm/mmu.h @@ -36,7 +36,8 @@ typedef struct { static inline bool arm64_kernel_unmapped_at_el0(void) { - return IS_ENABLED(CONFIG_UNMAP_KERNEL_AT_EL0); + return IS_ENABLED(CONFIG_UNMAP_KERNEL_AT_EL0) && + cpus_have_const_cap(ARM64_UNMAP_KERNEL_AT_EL0); } extern void paging_init(void); --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -846,6 +846,40 @@ static bool has_no_fpsimd(const struct a ID_AA64PFR0_FP_SHIFT) < 0; } +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +static int __kpti_forced; /* 0: not forced, >0: forced on, <0: forced off */ + +static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, + int __unused) +{ + /* Forced on command line? */ + if (__kpti_forced) { + pr_info_once("kernel page table isolation forced %s by command line option\n", + __kpti_forced > 0 ? "ON" : "OFF"); + return __kpti_forced > 0; + } + + /* Useful for KASLR robustness */ + if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) + return true; + + return false; +} + +static int __init parse_kpti(char *str) +{ + bool enabled; + int ret = strtobool(str, &enabled); + + if (ret) + return ret; + + __kpti_forced = enabled ? 1 : -1; + return 0; +} +__setup("kpti=", parse_kpti); +#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ + static const struct arm64_cpu_capabilities arm64_features[] = { { .desc = "GIC system register CPU interface", @@ -932,6 +966,13 @@ static const struct arm64_cpu_capabiliti .def_scope = SCOPE_SYSTEM, .matches = hyp_offset_low, }, +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 + { + .capability = ARM64_UNMAP_KERNEL_AT_EL0, + .def_scope = SCOPE_SYSTEM, + .matches = unmap_kernel_at_el0, + }, +#endif { /* FP/SIMD is not implemented */ .capability = ARM64_HAS_NO_FPSIMD, --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -74,6 +74,7 @@ .macro kernel_ventry, el, label, regsize = 64 .align 7 #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +alternative_if ARM64_UNMAP_KERNEL_AT_EL0 .if \el == 0 .if \regsize == 64 mrs x30, tpidrro_el0 @@ -82,6 +83,7 @@ mov x30, xzr .endif .endif +alternative_else_nop_endif #endif sub sp, sp, #S_FRAME_SIZE @@ -323,10 +325,9 @@ alternative_else_nop_endif ldr lr, [sp, #S_LR] add sp, sp, #S_FRAME_SIZE // restore sp -#ifndef CONFIG_UNMAP_KERNEL_AT_EL0 - eret -#else .if \el == 0 +alternative_insn eret, nop, ARM64_UNMAP_KERNEL_AT_EL0 +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 bne 4f msr far_el1, x30 tramp_alias x30, tramp_exit_native @@ -334,10 +335,10 @@ alternative_else_nop_endif 4: tramp_alias x30, tramp_exit_compat br x30 +#endif .else eret .endif -#endif .endm .macro irq_stack_entry Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: entry: Add exception trampoline page for exceptions from EL0" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: entry: Add exception trampoline page for exceptions from EL0 to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Tue, 14 Nov 2017 14:07:40 +0000 Subject: [Variant 3/Meltdown] arm64: entry: Add exception trampoline page for exceptions from EL0 From: Will Deacon <will.deacon(a)arm.com> Commit c7b9adaf85f8 upstream. To allow unmapping of the kernel whilst running at EL0, we need to point the exception vectors at an entry trampoline that can map/unmap the kernel on entry/exit respectively. This patch adds the trampoline page, although it is not yet plugged into the vector table and is therefore unused. Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Laura Abbott <labbott(a)redhat.com> Tested-by: Shanker Donthineni <shankerd(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/entry.S | 86 ++++++++++++++++++++++++++++++++++++++++ arch/arm64/kernel/vmlinux.lds.S | 17 +++++++ 2 files changed, 103 insertions(+) --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -28,6 +28,8 @@ #include <asm/errno.h> #include <asm/esr.h> #include <asm/irq.h> +#include <asm/memory.h> +#include <asm/mmu.h> #include <asm/processor.h> #include <asm/ptrace.h> #include <asm/thread_info.h> @@ -943,6 +945,90 @@ __ni_sys_trace: .popsection // .entry.text +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +/* + * Exception vectors trampoline. + */ + .pushsection ".entry.tramp.text", "ax" + + .macro tramp_map_kernel, tmp + mrs \tmp, ttbr1_el1 + sub \tmp, \tmp, #(SWAPPER_DIR_SIZE + RESERVED_TTBR0_SIZE) + bic \tmp, \tmp, #USER_ASID_FLAG + msr ttbr1_el1, \tmp + .endm + + .macro tramp_unmap_kernel, tmp + mrs \tmp, ttbr1_el1 + add \tmp, \tmp, #(SWAPPER_DIR_SIZE + RESERVED_TTBR0_SIZE) + orr \tmp, \tmp, #USER_ASID_FLAG + msr ttbr1_el1, \tmp + /* + * We avoid running the post_ttbr_update_workaround here because the + * user and kernel ASIDs don't have conflicting mappings, so any + * "blessing" as described in: + * + * http://lkml.kernel.org/r/56BB848A.6060603@caviumnetworks.com + * + * will not hurt correctness. Whilst this may partially defeat the + * point of using split ASIDs in the first place, it avoids + * the hit of invalidating the entire I-cache on every return to + * userspace. + */ + .endm + + .macro tramp_ventry, regsize = 64 + .align 7 +1: + .if \regsize == 64 + msr tpidrro_el0, x30 // Restored in kernel_ventry + .endif + tramp_map_kernel x30 + ldr x30, =vectors + prfm plil1strm, [x30, #(1b - tramp_vectors)] + msr vbar_el1, x30 + add x30, x30, #(1b - tramp_vectors) + isb + br x30 + .endm + + .macro tramp_exit, regsize = 64 + adr x30, tramp_vectors + msr vbar_el1, x30 + tramp_unmap_kernel x30 + .if \regsize == 64 + mrs x30, far_el1 + .endif + eret + .endm + + .align 11 +ENTRY(tramp_vectors) + .space 0x400 + + tramp_ventry + tramp_ventry + tramp_ventry + tramp_ventry + + tramp_ventry 32 + tramp_ventry 32 + tramp_ventry 32 + tramp_ventry 32 +END(tramp_vectors) + +ENTRY(tramp_exit_native) + tramp_exit +END(tramp_exit_native) + +ENTRY(tramp_exit_compat) + tramp_exit 32 +END(tramp_exit_compat) + + .ltorg + .popsection // .entry.tramp.text +#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ + /* * Special system call wrappers. */ --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -57,6 +57,17 @@ jiffies = jiffies_64; #define HIBERNATE_TEXT #endif +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +#define TRAMP_TEXT \ + . = ALIGN(PAGE_SIZE); \ + VMLINUX_SYMBOL(__entry_tramp_text_start) = .; \ + *(.entry.tramp.text) \ + . = ALIGN(PAGE_SIZE); \ + VMLINUX_SYMBOL(__entry_tramp_text_end) = .; +#else +#define TRAMP_TEXT +#endif + /* * The size of the PE/COFF section that covers the kernel image, which * runs from stext to _edata, must be a round multiple of the PE/COFF @@ -113,6 +124,7 @@ SECTIONS HYPERVISOR_TEXT IDMAP_TEXT HIBERNATE_TEXT + TRAMP_TEXT *(.fixup) *(.gnu.warning) . = ALIGN(16); @@ -214,6 +226,11 @@ SECTIONS . += RESERVED_TTBR0_SIZE; #endif +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 + tramp_pg_dir = .; + . += PAGE_SIZE; +#endif + __pecoff_data_size = ABSOLUTE(. - __initdata_begin); _end = .; Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Jayachandran C <jnair(a)caviumnetworks.com> Date: Sun, 7 Jan 2018 22:53:35 -0800 Subject: [Variant 3/Meltdown] arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs From: Jayachandran C <jnair(a)caviumnetworks.com> Commit 0d90718871fe upstream. Add the older Broadcom ID as well as the new Cavium ID for ThunderX2 CPUs. Signed-off-by: Jayachandran C <jnair(a)caviumnetworks.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/cputype.h | 3 +++ 1 file changed, 3 insertions(+) --- a/arch/arm64/include/asm/cputype.h +++ b/arch/arm64/include/asm/cputype.h @@ -87,6 +87,7 @@ #define CAVIUM_CPU_PART_THUNDERX 0x0A1 #define CAVIUM_CPU_PART_THUNDERX_81XX 0x0A2 #define CAVIUM_CPU_PART_THUNDERX_83XX 0x0A3 +#define CAVIUM_CPU_PART_THUNDERX2 0x0AF #define BRCM_CPU_PART_VULCAN 0x516 @@ -100,6 +101,8 @@ #define MIDR_THUNDERX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX) #define MIDR_THUNDERX_81XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_81XX) #define MIDR_THUNDERX_83XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_83XX) +#define MIDR_CAVIUM_THUNDERX2 MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX2) +#define MIDR_BRCM_VULCAN MIDR_CPU_MODEL(ARM_CPU_IMP_BRCM, BRCM_CPU_PART_VULCAN) #define MIDR_QCOM_FALKOR_V1 MIDR_CPU_MODEL(ARM_CPU_IMP_QCOM, QCOM_CPU_PART_FALKOR_V1) #define MIDR_QCOM_FALKOR MIDR_CPU_MODEL(ARM_CPU_IMP_QCOM, QCOM_CPU_PART_FALKOR) #define MIDR_QCOM_KRYO MIDR_CPU_MODEL(ARM_CPU_IMP_QCOM, QCOM_CPU_PART_KRYO) Patches currently in stable-queue which might be from jnair(a)caviumnetworks.com are queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75 to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Wed, 3 Jan 2018 11:19:34 +0000 Subject: [Variant 2/Spectre-v2] arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75 From: Will Deacon <will.deacon(a)arm.com> Commit a65d219fe5dc upstream. Hook up MIDR values for the Cortex-A72 and Cortex-A75 CPUs, since they will soon need MIDR matches for hardening the branch predictor. Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/cputype.h | 4 ++++ 1 file changed, 4 insertions(+) --- a/arch/arm64/include/asm/cputype.h +++ b/arch/arm64/include/asm/cputype.h @@ -79,8 +79,10 @@ #define ARM_CPU_PART_AEM_V8 0xD0F #define ARM_CPU_PART_FOUNDATION 0xD00 #define ARM_CPU_PART_CORTEX_A57 0xD07 +#define ARM_CPU_PART_CORTEX_A72 0xD08 #define ARM_CPU_PART_CORTEX_A53 0xD03 #define ARM_CPU_PART_CORTEX_A73 0xD09 +#define ARM_CPU_PART_CORTEX_A75 0xD0A #define APM_CPU_PART_POTENZA 0x000 @@ -97,7 +99,9 @@ #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53) #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57) +#define MIDR_CORTEX_A72 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72) #define MIDR_CORTEX_A73 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A73) +#define MIDR_CORTEX_A75 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A75) #define MIDR_THUNDERX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX) #define MIDR_THUNDERX_81XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_81XX) #define MIDR_THUNDERX_83XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_83XX) Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: cpufeature: Pass capability structure to ->enable callback" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: cpufeature: Pass capability structure to ->enable callback to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-cpufeature-pass-capability-structure-to-enable-callback.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Will Deacon <will.deacon(a)arm.com> Date: Tue, 2 Jan 2018 21:37:25 +0000 Subject: [Variant 2/Spectre-v2] arm64: cpufeature: Pass capability structure to ->enable callback From: Will Deacon <will.deacon(a)arm.com> Commit 0a0d111d40fd upstream. In order to invoke the CPU capability ->matches callback from the ->enable callback for applying local-CPU workarounds, we need a handle on the capability structure. This patch passes a pointer to the capability structure to the ->enable callback. Reviewed-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/cpufeature.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -1215,7 +1215,7 @@ void __init enable_cpu_capabilities(cons * uses an IPI, giving us a PSTATE that disappears when * we return. */ - stop_machine(caps->enable, NULL, cpu_online_mask); + stop_machine(caps->enable, (void *)caps, cpu_online_mask); } } } @@ -1259,7 +1259,7 @@ verify_local_cpu_features(const struct a cpu_die_early(); } if (caps->enable) - caps->enable(NULL); + caps->enable((void *)caps); } } Patches currently in stable-queue which might be from will.deacon(a)arm.com are queue-4.15/arm64-make-user_ds-an-inclusive-limit.patch queue-4.15/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch queue-4.15/arm64-uaccess-don-t-bother-eliding-access_ok-checks-in-__-get-put-_user.patch queue-4.15/arm64-cpufeature-pass-capability-structure-to-enable-callback.patch queue-4.15/arm64-uaccess-mask-__user-pointers-for-__arch_-clear-copy_-_user.patch queue-4.15/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.15/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.15/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.15/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.15/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.15/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.15/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/firmware-psci-expose-psci-conduit.patch queue-4.15/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.15/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.15/arm64-mm-permit-transitioning-from-global-to-non-global-without-bbm.patch queue-4.15/arm64-mm-allocate-asids-in-pairs.patch queue-4.15/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.15/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.15/arm64-futex-mask-__user-pointers-prior-to-dereference.patch queue-4.15/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.15/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm-arm64-kvm-add-psci_version-helper.patch queue-4.15/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.15/arm64-entry-ensure-branch-through-syscall-table-is-bounded-under-speculation.patch queue-4.15/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.15/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.15/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.15/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-uaccess-prevent-speculative-use-of-the-current-addr_limit.patch queue-4.15/arm64-use-pointer-masking-to-limit-uaccess-speculation.patch queue-4.15/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch queue-4.15/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.15/drivers-firmware-expose-psci_get_version-through-psci_ops-structure.patch queue-4.15/arm64-mm-rename-post_ttbr0_update_workaround.patch queue-4.15/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.15/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.15/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.15/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.15/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.15/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch queue-4.15/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.15/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.15/arm64-cputype-add-missing-midr-values-for-cortex-a72-and-cortex-a75.patch queue-4.15/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.15/arm64-barrier-add-csdb-macros-to-control-data-value-prediction.patch queue-4.15/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.15/perf-arm_spe-fail-device-probe-when-arm64_kernel_unmapped_at_el0.patch queue-4.15/arm64-implement-branch-predictor-hardening-for-falkor.patch queue-4.15/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.15/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.15/arm64-run-enable-method-for-errata-work-arounds-on-late-cpus.patch queue-4.15/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch queue-4.15/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.15/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.15/arm64-implement-array_index_mask_nospec.patch queue-4.15/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.15/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.15/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch queue-4.15/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.15/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.15/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch queue-4.15/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: James Morse <james.morse(a)arm.com> Date: Mon, 15 Jan 2018 19:38:54 +0000 Subject: [Variant 2/Spectre-v2] arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early From: James Morse <james.morse(a)arm.com> Commit edf298cfce47 upstream. this_cpu_has_cap() tests caps->desc not caps->matches, so it stops walking the list when it finds a 'silent' feature, instead of walking to the end of the list. Prior to v4.6's 644c2ae198412 ("arm64: cpufeature: Test 'matches' pointer to find the end of the list") we always tested desc to find the end of a capability list. This was changed for dubious things like PAN_NOT_UAO. v4.7's e3661b128e53e ("arm64: Allow a capability to be checked on single CPU") added this_cpu_has_cap() using the old desc style test. CC: Suzuki K Poulose <suzuki.poulose(a)arm.com> Reviewed-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> Acked-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: James Morse <james.morse(a)arm.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/cpufeature.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -1173,9 +1173,8 @@ static bool __this_cpu_has_cap(const str if (WARN_ON(preemptible())) return false; - for (caps = cap_array; caps->desc; caps++) + for (caps = cap_array; caps->matches; caps++) if (caps->capability == cap && - caps->matches && caps->matches(caps, SCOPE_LOCAL_CPU)) return true; return false; Patches currently in stable-queue which might be from james.morse(a)arm.com are queue-4.15/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.15/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 3/Meltdown] arm64: cpu_errata: Add Kryo to Falkor 1003 errata" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: cpu_errata: Add Kryo to Falkor 1003 errata to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Stephen Boyd <sboyd(a)codeaurora.org> Date: Wed, 13 Dec 2017 14:19:37 -0800 Subject: [Variant 3/Meltdown] arm64: cpu_errata: Add Kryo to Falkor 1003 errata From: Stephen Boyd <sboyd(a)codeaurora.org> Commit bb48711800e6 upstream. The Kryo CPUs are also affected by the Falkor 1003 errata, so we need to do the same workaround on Kryo CPUs. The MIDR is slightly more complicated here, where the PART number is not always the same when looking at all the bits from 15 to 4. Drop the lower 8 bits and just look at the top 4 to see if it's '2' and then consider those as Kryo CPUs. This covers all the combinations without having to list them all out. Fixes: 38fd94b0275c ("arm64: Work around Falkor erratum 1003") Acked-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Stephen Boyd <sboyd(a)codeaurora.org> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Conflicts: arch/arm64/include/asm/cputype.h Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- Documentation/arm64/silicon-errata.txt | 2 +- arch/arm64/include/asm/cputype.h | 2 ++ arch/arm64/kernel/cpu_errata.c | 21 +++++++++++++++++++++ 3 files changed, 24 insertions(+), 1 deletion(-) --- a/Documentation/arm64/silicon-errata.txt +++ b/Documentation/arm64/silicon-errata.txt @@ -72,7 +72,7 @@ stable kernels. | Hisilicon | Hip0{6,7} | #161010701 | N/A | | Hisilicon | Hip07 | #161600802 | HISILICON_ERRATUM_161600802 | | | | | | -| Qualcomm Tech. | Falkor v1 | E1003 | QCOM_FALKOR_ERRATUM_1003 | +| Qualcomm Tech. | Kryo/Falkor v1 | E1003 | QCOM_FALKOR_ERRATUM_1003 | | Qualcomm Tech. | Falkor v1 | E1009 | QCOM_FALKOR_ERRATUM_1009 | | Qualcomm Tech. | QDF2400 ITS | E0065 | QCOM_QDF2400_ERRATUM_0065 | | Qualcomm Tech. | Falkor v{1,2} | E1041 | QCOM_FALKOR_ERRATUM_1041 | --- a/arch/arm64/include/asm/cputype.h +++ b/arch/arm64/include/asm/cputype.h @@ -92,6 +92,7 @@ #define QCOM_CPU_PART_FALKOR_V1 0x800 #define QCOM_CPU_PART_FALKOR 0xC00 +#define QCOM_CPU_PART_KRYO 0x200 #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53) #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57) @@ -101,6 +102,7 @@ #define MIDR_THUNDERX_83XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_83XX) #define MIDR_QCOM_FALKOR_V1 MIDR_CPU_MODEL(ARM_CPU_IMP_QCOM, QCOM_CPU_PART_FALKOR_V1) #define MIDR_QCOM_FALKOR MIDR_CPU_MODEL(ARM_CPU_IMP_QCOM, QCOM_CPU_PART_FALKOR) +#define MIDR_QCOM_KRYO MIDR_CPU_MODEL(ARM_CPU_IMP_QCOM, QCOM_CPU_PART_KRYO) #ifndef __ASSEMBLY__ --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -30,6 +30,20 @@ is_affected_midr_range(const struct arm6 entry->midr_range_max); } +static bool __maybe_unused +is_kryo_midr(const struct arm64_cpu_capabilities *entry, int scope) +{ + u32 model; + + WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible()); + + model = read_cpuid_id(); + model &= MIDR_IMPLEMENTOR_MASK | (0xf00 << MIDR_PARTNUM_SHIFT) | + MIDR_ARCHITECTURE_MASK; + + return model == entry->midr_model; +} + static bool has_mismatched_cache_line_size(const struct arm64_cpu_capabilities *entry, int scope) @@ -169,6 +183,13 @@ const struct arm64_cpu_capabilities arm6 MIDR_CPU_VAR_REV(0, 0), MIDR_CPU_VAR_REV(0, 0)), }, + { + .desc = "Qualcomm Technologies Kryo erratum 1003", + .capability = ARM64_WORKAROUND_QCOM_FALKOR_E1003, + .def_scope = SCOPE_LOCAL_CPU, + .midr_model = MIDR_QCOM_KRYO, + .matches = is_kryo_midr, + }, #endif #ifdef CONFIG_QCOM_FALKOR_ERRATUM_1009 { Patches currently in stable-queue which might be from sboyd(a)codeaurora.org are queue-4.15/arm64-cpu_errata-add-kryo-to-falkor-1003-errata.patch

7 years, 4 months

1
0
0 0

Patch "[Variant 2/Spectre-v2] arm64: Branch predictor hardening for Cavium ThunderX2" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [Variant 2/Spectre-v2] arm64: Branch predictor hardening for Cavium ThunderX2 to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-branch-predictor-hardening-for-cavium-thunderx2.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Feb 13 17:25:10 CET 2018 From: Jayachandran C <jnair(a)caviumnetworks.com> Date: Fri, 19 Jan 2018 04:22:47 -0800 Subject: [Variant 2/Spectre-v2] arm64: Branch predictor hardening for Cavium ThunderX2 From: Jayachandran C <jnair(a)caviumnetworks.com> Commit f3d795d9b360 upstream. Use PSCI based mitigation for speculative execution attacks targeting the branch predictor. We use the same mechanism as the one used for Cortex-A CPUs, we expect the PSCI version call to have a side effect of clearing the BTBs. Acked-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Jayachandran C <jnair(a)caviumnetworks.com> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kernel/cpu_errata.c | 10 ++++++++++ 1 file changed, 10 insertions(+) --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -359,6 +359,16 @@ const struct arm64_cpu_capabilities arm6 .capability = ARM64_HARDEN_BP_POST_GUEST_EXIT, MIDR_ALL_VERSIONS(MIDR_QCOM_FALKOR_V1), }, + { + .capability = ARM64_HARDEN_BRANCH_PREDICTOR, + MIDR_ALL_VERSIONS(MIDR_BRCM_VULCAN), + .enable = enable_psci_bp_hardening, + }, + { + .capability = ARM64_HARDEN_BRANCH_PREDICTOR, + MIDR_ALL_VERSIONS(MIDR_CAVIUM_THUNDERX2), + .enable = enable_psci_bp_hardening, + }, #endif { } Patches currently in stable-queue which might be from jnair(a)caviumnetworks.com are queue-4.15/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.15/arm64-branch-predictor-hardening-for-cavium-thunderx2.patch queue-4.15/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch

7 years, 4 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror