[SRU][B/master-next] arm64: Spectre v4 mitigation
Paolo Pisati
paolo.pisati at canonical.com
Thu Aug 30 09:26:06 UTC 2018
BugLink: https://bugs.launchpad.net/bugs/1787993
[Impact]
Spectre v4 mitigation (Speculative Store Bypass Disable) for arm64
was implemented in the Arm Trusted Firmware with SMCCC v1.1 and
SMCCC_ARCH_WORKAROUND_2[1, 2].
This patch series implements the Linux kernel side of the "Spectre-v4"
mitigation.
[Fix]
Original fix:
http://lkml.iu.edu/hypermail/linux/kernel/1805.2/05868.html
This patchset is a cherry pick of those patches (and prerequisistes) from the
stable / linux-4.14.y tree, forward ported to our Bionic kernel.
[Test]
Boot a patched kernel and add on the cmdline:
ssbd=force-on
on dmesg you should see something like:
[ 0.779901] ssbd: forced from command-line
Same goes for the off case:
ssbd=force-off
[ 0.781002] ssbd: disabled from command-line
[Regression Potential]
Since it's "new code" to our Bionic kernel, there's some regression potential,
but it was a clean pick from linux-4.14.y without almost any modification (except
for some mechanical diff to make it apply).
1: https://developer.arm.com/cache-speculation-vulnerability-firmware-specification
2: https://github.com/ARM-software/arm-trusted-firmware/pull/1392
The following changes since commit eb8e0abeb302275fe7328b10c3f6374abcb70d83:
UBUNTU: Start new release (2018-08-28 10:09:44 -0700)
are available in the git repository at:
git://git.launchpad.net/~p-pisati/ubuntu/+source/linux b-master-next-spectrev4
for you to fetch changes up to b943fd8c926a0e64dd1d498216c0844f102126d1:
UBUNTU: [Config] ARM64_SSBD=y (2018-08-30 10:33:58 +0200)
----------------------------------------------------------------
Christoffer Dall (1):
KVM: arm64: Avoid storing the vcpu pointer on the stack
Marc Zyngier (16):
arm64: alternatives: Add dynamic patching feature
KVM: arm/arm64: Do not use kern_hyp_va() with kvm_vgic_global_state
arm/arm64: smccc: Add SMCCC-specific return codes
arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1
arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2
arm64: Add ARCH_WORKAROUND_2 probing
arm64: Add 'ssbd' command-line option
arm64: ssbd: Add global mitigation state accessor
arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation
arm64: ssbd: Restore mitigation status on CPU resume
arm64: ssbd: Introduce thread flag to control userspace mitigation
arm64: ssbd: Add prctl interface for per-thread mitigation
arm64: KVM: Add HYP per-cpu accessors
arm64: KVM: Add ARCH_WORKAROUND_2 support for guests
arm64: KVM: Handle guest's ARCH_WORKAROUND_2 requests
arm64: KVM: Add ARCH_WORKAROUND_2 discovery through ARCH_FEATURES_FUNC_ID
Paolo Pisati (1):
UBUNTU: [Config] ARM64_SSBD=y
Documentation/admin-guide/kernel-parameters.txt | 17 +++
arch/arm/include/asm/kvm_host.h | 12 ++
arch/arm/include/asm/kvm_mmu.h | 12 ++
arch/arm64/Kconfig | 9 ++
arch/arm64/include/asm/alternative.h | 41 +++++-
arch/arm64/include/asm/cpucaps.h | 3 +-
arch/arm64/include/asm/cpufeature.h | 22 +++
arch/arm64/include/asm/kvm_asm.h | 41 ++++++
arch/arm64/include/asm/kvm_host.h | 41 ++++++
arch/arm64/include/asm/kvm_mmu.h | 44 ++++++
arch/arm64/include/asm/thread_info.h | 1 +
arch/arm64/kernel/Makefile | 1 +
arch/arm64/kernel/alternative.c | 43 ++++--
arch/arm64/kernel/asm-offsets.c | 2 +
arch/arm64/kernel/cpu_errata.c | 180 ++++++++++++++++++++++++
arch/arm64/kernel/entry.S | 30 ++++
arch/arm64/kernel/hibernate.c | 11 ++
arch/arm64/kernel/ssbd.c | 108 ++++++++++++++
arch/arm64/kernel/suspend.c | 8 ++
arch/arm64/kvm/hyp/entry.S | 6 +-
arch/arm64/kvm/hyp/hyp-entry.S | 66 ++++++---
arch/arm64/kvm/hyp/switch.c | 43 +++++-
arch/arm64/kvm/hyp/sysreg-sr.c | 5 +
arch/arm64/kvm/reset.c | 4 +
debian.master/config/config.common.ubuntu | 1 +
include/linux/arm-smccc.h | 10 ++
virt/kvm/arm/arm.c | 4 +
virt/kvm/arm/hyp/vgic-v2-sr.c | 2 +-
virt/kvm/arm/psci.c | 18 ++-
29 files changed, 738 insertions(+), 47 deletions(-)
create mode 100644 arch/arm64/kernel/ssbd.c
--
bye,
p.
More information about the kernel-team
mailing list