[ Sasha's backport helper bot ]
Hi,
✅ All tests passed successfully. No issues detected. No action required from the submitter.
The upstream commit SHA1 provided is correct: e403e8538359d8580cbee1976ff71813e947101e
WARNING: Author mismatch between patch and upstream commit: Backport author: Pu Lehuipulehui@huaweicloud.com Commit author: Douglas Andersondianders@chromium.org
Status in newer kernel trees: 6.15.y | Present (exact SHA1) 6.14.y | Present (different SHA1: 1847162b0f1d) 6.12.y | Present (different SHA1: 3b0f2526c87e) 6.6.y | Present (different SHA1: 3ca6b0c9171b) 6.1.y | Present (different SHA1: f2e4ca0c40cd) 5.15.y | Present (different SHA1: 8cb58a817a45)
Note: The patch differs from the upstream commit: --- 1: e403e8538359d ! 1: 85de55abe5b05 arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB @@ Metadata ## Commit message ## arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB
+ [ Upstream commit e403e8538359d8580cbee1976ff71813e947101e ] + The code for detecting CPUs that are vulnerable to Spectre BHB was based on a hardcoded list of CPU IDs that were known to be affected. Unfortunately, the list mostly only contained the IDs of standard ARM @@ Commit message Signed-off-by: Douglas Anderson dianders@chromium.org Link: https://lore.kernel.org/r/20250107120555.v4.2.I2040fa004dafe196243f67ebcc647... Signed-off-by: Catalin Marinas catalin.marinas@arm.com + Conflicts: + arch/arm64/kernel/proton-pack.c + [The conflicts were mainly due to LTS commit e192c8baa69a + differ from mainline commit 558c303c9734] + Signed-off-by: Pu Lehui pulehui@huawei.com
## arch/arm64/include/asm/spectre.h ## -@@ arch/arm64/include/asm/spectre.h: enum mitigation_state arm64_get_meltdown_state(void); - +@@ arch/arm64/include/asm/spectre.h: void spectre_v4_enable_task_mitigation(struct task_struct *tsk); enum mitigation_state arm64_get_spectre_bhb_state(void); bool is_spectre_bhb_affected(const struct arm64_cpu_capabilities *entry, int scope); + bool is_spectre_bhb_fw_mitigated(void); -u8 spectre_bhb_loop_affected(int scope); void spectre_bhb_enable_mitigation(const struct arm64_cpu_capabilities *__unused); bool try_emulate_el1_ssbs(struct pt_regs *regs, u32 instr); - + #endif /* __ASM_SPECTRE_H */
## arch/arm64/kernel/proton-pack.c ## -@@ arch/arm64/kernel/proton-pack.c: static unsigned long system_bhb_mitigations; +@@ arch/arm64/kernel/proton-pack.c: enum mitigation_state arm64_get_spectre_bhb_state(void) * This must be called with SCOPE_LOCAL_CPU for each type of CPU, before any * SCOPE_SYSTEM call will give the right answer. */ @@ arch/arm64/kernel/proton-pack.c: static enum mitigation_state spectre_bhb_get_cp
static bool supports_ecbhb(int scope) @@ arch/arm64/kernel/proton-pack.c: static bool supports_ecbhb(int scope) - ID_AA64MMFR1_EL1_ECBHB_SHIFT); + ID_AA64MMFR1_ECBHB_SHIFT); }
+static u8 max_bhb_k; @@ arch/arm64/kernel/proton-pack.c: bool is_spectre_bhb_affected(const struct arm64 }
static void this_cpu_set_vectors(enum arm64_bp_harden_el1_vectors slot) -@@ arch/arm64/kernel/proton-pack.c: early_param("nospectre_bhb", parse_spectre_bhb_param); +@@ arch/arm64/kernel/proton-pack.c: static bool spectre_bhb_fw_mitigated; + void spectre_bhb_enable_mitigation(const struct arm64_cpu_capabilities *entry) { - bp_hardening_cb_t cpu_cb; - enum mitigation_state fw_state, state = SPECTRE_VULNERABLE; + enum mitigation_state state = SPECTRE_VULNERABLE; - struct bp_hardening_data *data = this_cpu_ptr(&bp_hardening_data);
if (!is_spectre_bhb_affected(entry, SCOPE_LOCAL_CPU)) + return; @@ arch/arm64/kernel/proton-pack.c: void spectre_bhb_enable_mitigation(const struct arm64_cpu_capabilities *entry) this_cpu_set_vectors(EL1_VECTOR_BHB_CLEAR_INSN); + state = SPECTRE_MITIGATED; - set_bit(BHB_INSN, &system_bhb_mitigations); - } else if (spectre_bhb_loop_affected(SCOPE_LOCAL_CPU)) { +- switch (spectre_bhb_loop_affected(SCOPE_SYSTEM)) { + } else if (spectre_bhb_loop_affected()) { - /* - * Ensure KVM uses the indirect vector which will have the - * branchy-loop added. A57/A72-r0 will already have selected ++ switch (max_bhb_k) { + case 8: + kvm_setup_bhb_slot(__spectre_bhb_loop_k8); + break; @@ arch/arm64/kernel/proton-pack.c: void spectre_bhb_enable_mitigation(const struct arm64_cpu_capabilities *entry) this_cpu_set_vectors(EL1_VECTOR_BHB_LOOP); + state = SPECTRE_MITIGATED; - set_bit(BHB_LOOP, &system_bhb_mitigations); - } else if (is_spectre_bhb_fw_affected(SCOPE_LOCAL_CPU)) { - fw_state = spectre_bhb_get_cpu_fw_mitigation_state(); - if (fw_state == SPECTRE_MITIGATED) { -- /* -- * Ensure KVM uses one of the spectre bp_hardening -- * vectors. The indirect vector doesn't include the EL3 -- * call, so needs upgrading to -- * HYP_VECTOR_SPECTRE_INDIRECT. -- */ -- if (!data->slot || data->slot == HYP_VECTOR_INDIRECT) -- data->slot += 1; -- +- kvm_setup_bhb_slot(__smccc_workaround_3_smc); - this_cpu_set_vectors(EL1_VECTOR_BHB_FW); - -- /* -- * The WA3 call in the vectors supersedes the WA1 call -- * made during context-switch. Uninstall any firmware -- * bp_hardening callback. -- */ -- cpu_cb = spectre_v2_get_sw_mitigation_cb(); -- if (__this_cpu_read(bp_hardening_data.fn) != cpu_cb) -- __this_cpu_write(bp_hardening_data.fn, NULL); -- - state = SPECTRE_MITIGATED; -- set_bit(BHB_FW, &system_bhb_mitigations); +- spectre_bhb_fw_mitigated = true; - } + } else if (has_spectre_bhb_fw_mitigation()) { -+ /* -+ * Ensure KVM uses one of the spectre bp_hardening -+ * vectors. The indirect vector doesn't include the EL3 -+ * call, so needs upgrading to -+ * HYP_VECTOR_SPECTRE_INDIRECT. -+ */ -+ if (!data->slot || data->slot == HYP_VECTOR_INDIRECT) -+ data->slot += 1; -+ ++ kvm_setup_bhb_slot(__smccc_workaround_3_smc); + this_cpu_set_vectors(EL1_VECTOR_BHB_FW); + -+ /* -+ * The WA3 call in the vectors supersedes the WA1 call -+ * made during context-switch. Uninstall any firmware -+ * bp_hardening callback. -+ */ -+ cpu_cb = spectre_v2_get_sw_mitigation_cb(); -+ if (__this_cpu_read(bp_hardening_data.fn) != cpu_cb) -+ __this_cpu_write(bp_hardening_data.fn, NULL); -+ + state = SPECTRE_MITIGATED; -+ set_bit(BHB_FW, &system_bhb_mitigations); ++ spectre_bhb_fw_mitigated = true; }
update_mitigation_state(&spectre_bhb_state, state); ---
Results of testing on various branches:
| Branch | Patch Apply | Build Test | |---------------------------|-------------|------------| | stable/linux-5.15.y | Success | Success |