* Patch "[Variant 2/Spectre-v2] arm64: Implement branch predictor hardening for Falkor" has been added to the 4.14-stable tree
@ 2018-02-14 13:53 gregkh
2018-02-14 16:16 ` Timur Tabi
0 siblings, 1 reply; 7+ messages in thread
From: gregkh @ 2018-02-14 13:53 UTC (permalink / raw)
To: shankerd, ard.biesheuvel, catalin.marinas, gregkh, will.deacon
Cc: stable, stable-commits
This is a note to let you know that I've just added the patch titled
[Variant 2/Spectre-v2] arm64: Implement branch predictor hardening for Falkor
to the 4.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
arm64-implement-branch-predictor-hardening-for-falkor.patch
and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From foo@baz Wed Feb 14 14:44:54 CET 2018
From: Shanker Donthineni <shankerd@codeaurora.org>
Date: Fri, 5 Jan 2018 14:28:59 -0600
Subject: [Variant 2/Spectre-v2] arm64: Implement branch predictor hardening for Falkor
From: Shanker Donthineni <shankerd@codeaurora.org>
Commit ec82b567a74f upstream.
Falkor is susceptible to branch predictor aliasing and can
theoretically be attacked by malicious code. This patch
implements a mitigation for these attacks, preventing any
malicious entries from affecting other victim contexts.
Signed-off-by: Shanker Donthineni <shankerd@codeaurora.org>
[will: fix label name when !CONFIG_KVM and remove references to MIDR_FALKOR]
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/include/asm/cpucaps.h | 3 +-
arch/arm64/include/asm/kvm_asm.h | 2 +
arch/arm64/kernel/bpi.S | 8 +++++++
arch/arm64/kernel/cpu_errata.c | 40 +++++++++++++++++++++++++++++++++++++--
arch/arm64/kvm/hyp/entry.S | 12 +++++++++++
arch/arm64/kvm/hyp/switch.c | 8 +++++++
6 files changed, 70 insertions(+), 3 deletions(-)
--- a/arch/arm64/include/asm/cpucaps.h
+++ b/arch/arm64/include/asm/cpucaps.h
@@ -42,7 +42,8 @@
#define ARM64_HAS_DCPOP 21
#define ARM64_UNMAP_KERNEL_AT_EL0 23
#define ARM64_HARDEN_BRANCH_PREDICTOR 24
+#define ARM64_HARDEN_BP_POST_GUEST_EXIT 25
-#define ARM64_NCAPS 25
+#define ARM64_NCAPS 26
#endif /* __ASM_CPUCAPS_H */
--- a/arch/arm64/include/asm/kvm_asm.h
+++ b/arch/arm64/include/asm/kvm_asm.h
@@ -66,6 +66,8 @@ extern u32 __kvm_get_mdcr_el2(void);
extern u32 __init_stage2_translation(void);
+extern void __qcom_hyp_sanitize_btac_predictors(void);
+
#endif
#endif /* __ARM_KVM_ASM_H__ */
--- a/arch/arm64/kernel/bpi.S
+++ b/arch/arm64/kernel/bpi.S
@@ -77,3 +77,11 @@ ENTRY(__psci_hyp_bp_inval_start)
ldp x0, x1, [sp, #(16 * 8)]
add sp, sp, #(8 * 18)
ENTRY(__psci_hyp_bp_inval_end)
+
+ENTRY(__qcom_hyp_sanitize_link_stack_start)
+ stp x29, x30, [sp, #-16]!
+ .rept 16
+ bl . + 4
+ .endr
+ ldp x29, x30, [sp], #16
+ENTRY(__qcom_hyp_sanitize_link_stack_end)
--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c
@@ -68,6 +68,8 @@ DEFINE_PER_CPU_READ_MOSTLY(struct bp_har
#ifdef CONFIG_KVM
extern char __psci_hyp_bp_inval_start[], __psci_hyp_bp_inval_end[];
+extern char __qcom_hyp_sanitize_link_stack_start[];
+extern char __qcom_hyp_sanitize_link_stack_end[];
static void __copy_hyp_vect_bpi(int slot, const char *hyp_vecs_start,
const char *hyp_vecs_end)
@@ -110,8 +112,10 @@ static void __install_bp_hardening_cb(bp
spin_unlock(&bp_lock);
}
#else
-#define __psci_hyp_bp_inval_start NULL
-#define __psci_hyp_bp_inval_end NULL
+#define __psci_hyp_bp_inval_start NULL
+#define __psci_hyp_bp_inval_end NULL
+#define __qcom_hyp_sanitize_link_stack_start NULL
+#define __qcom_hyp_sanitize_link_stack_end NULL
static void __install_bp_hardening_cb(bp_hardening_cb_t fn,
const char *hyp_vecs_start,
@@ -152,6 +156,29 @@ static int enable_psci_bp_hardening(void
return 0;
}
+
+static void qcom_link_stack_sanitization(void)
+{
+ u64 tmp;
+
+ asm volatile("mov %0, x30 \n"
+ ".rept 16 \n"
+ "bl . + 4 \n"
+ ".endr \n"
+ "mov x30, %0 \n"
+ : "=&r" (tmp));
+}
+
+static int qcom_enable_link_stack_sanitization(void *data)
+{
+ const struct arm64_cpu_capabilities *entry = data;
+
+ install_bp_hardening_cb(entry, qcom_link_stack_sanitization,
+ __qcom_hyp_sanitize_link_stack_start,
+ __qcom_hyp_sanitize_link_stack_end);
+
+ return 0;
+}
#endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */
#define MIDR_RANGE(model, min, max) \
@@ -323,6 +350,15 @@ const struct arm64_cpu_capabilities arm6
MIDR_ALL_VERSIONS(MIDR_CORTEX_A75),
.enable = enable_psci_bp_hardening,
},
+ {
+ .capability = ARM64_HARDEN_BRANCH_PREDICTOR,
+ MIDR_ALL_VERSIONS(MIDR_QCOM_FALKOR_V1),
+ .enable = qcom_enable_link_stack_sanitization,
+ },
+ {
+ .capability = ARM64_HARDEN_BP_POST_GUEST_EXIT,
+ MIDR_ALL_VERSIONS(MIDR_QCOM_FALKOR_V1),
+ },
#endif
{
}
--- a/arch/arm64/kvm/hyp/entry.S
+++ b/arch/arm64/kvm/hyp/entry.S
@@ -196,3 +196,15 @@ alternative_endif
eret
ENDPROC(__fpsimd_guest_restore)
+
+ENTRY(__qcom_hyp_sanitize_btac_predictors)
+ /**
+ * Call SMC64 with Silicon provider serviceID 23<<8 (0xc2001700)
+ * 0xC2000000-0xC200FFFF: assigned to SiP Service Calls
+ * b15-b0: contains SiP functionID
+ */
+ movz x0, #0x1700
+ movk x0, #0xc200, lsl #16
+ smc #0
+ ret
+ENDPROC(__qcom_hyp_sanitize_btac_predictors)
--- a/arch/arm64/kvm/hyp/switch.c
+++ b/arch/arm64/kvm/hyp/switch.c
@@ -364,6 +364,14 @@ again:
/* 0 falls through to be handled out of EL2 */
}
+ if (cpus_have_const_cap(ARM64_HARDEN_BP_POST_GUEST_EXIT)) {
+ u32 midr = read_cpuid_id();
+
+ /* Apply BTAC predictors mitigation to all Falkor chips */
+ if ((midr & MIDR_CPU_MODEL_MASK) == MIDR_QCOM_FALKOR_V1)
+ __qcom_hyp_sanitize_btac_predictors();
+ }
+
fp_enabled = __fpsimd_enabled();
__sysreg_save_guest_state(guest_ctxt);
Patches currently in stable-queue which might be from shankerd@codeaurora.org are
queue-4.14/arm64-mm-remove-pre_ttbr0_update_workaround-for-falkor-erratum-e1003.patch
queue-4.14/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch
queue-4.14/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch
queue-4.14/arm64-mm-allocate-asids-in-pairs.patch
queue-4.14/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch
queue-4.14/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch
queue-4.14/arm64-mm-use-non-global-mappings-for-kernel-space.patch
queue-4.14/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch
queue-4.14/.arm64-add-software-workaround-for-falkor-erratum-1041.patch.swp
queue-4.14/arm64-erratum-work-around-falkor-erratum-e1003-in-trampoline-code.patch
queue-4.14/arm64-mm-fix-and-re-enable-arm64_sw_ttbr0_pan.patch
queue-4.14/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch
queue-4.14/arm64-mm-rename-post_ttbr0_update_workaround.patch
queue-4.14/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch
queue-4.14/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch
queue-4.14/arm64-mm-introduce-ttbr_asid_mask-for-getting-at-the-asid-in-the-ttbr.patch
queue-4.14/arm64-implement-branch-predictor-hardening-for-falkor.patch
queue-4.14/arm64-kconfig-add-config_unmap_kernel_at_el0.patch
queue-4.14/arm64-add-software-workaround-for-falkor-erratum-1041.patch
queue-4.14/arm64-mm-temporarily-disable-arm64_sw_ttbr0_pan.patch
queue-4.14/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch
queue-4.14/arm64-define-cputype-macros-for-falkor-cpu.patch
queue-4.14/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Patch "[Variant 2/Spectre-v2] arm64: Implement branch predictor hardening for Falkor" has been added to the 4.14-stable tree
2018-02-14 13:53 Patch "[Variant 2/Spectre-v2] arm64: Implement branch predictor hardening for Falkor" has been added to the 4.14-stable tree gregkh
@ 2018-02-14 16:16 ` Timur Tabi
2018-02-14 18:23 ` Greg Kroah-Hartman
2018-02-19 23:57 ` Jon Masters
0 siblings, 2 replies; 7+ messages in thread
From: Timur Tabi @ 2018-02-14 16:16 UTC (permalink / raw)
To: lkml
Cc: Shanker Donthineni, Ard Biesheuvel, Catalin Marinas,
Greg Kroah-Hartman, Will Deacon, stable, stable-commits
On Wed, Feb 14, 2018 at 7:53 AM, <gregkh@linuxfoundation.org> wrote:
>
> This is a note to let you know that I've just added the patch titled
>
> [Variant 2/Spectre-v2] arm64: Implement branch predictor hardening for Falkor
>
> to the 4.14-stable tree which can be found at:
> http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
>
> The filename of the patch is:
> arm64-implement-branch-predictor-hardening-for-falkor.patch
> and it can be found in the queue-4.14 subdirectory.
>
> If you, or anyone else, feels it should not be added to the stable tree,
> please let <stable@vger.kernel.org> know about it.
Please note that there is a follow-on patch, also from Shanker, that
fixes this patch (it was slightly mangled when merged into 4.16-rc1):
https://www.spinics.net/lists/arm-kernel/msg633726.html
I would love for it to be included in 4.14.20, but it hasn't been
merged into Linus' tree yet. I will send a patch request when it does
land in 4.16-rc2.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Patch "[Variant 2/Spectre-v2] arm64: Implement branch predictor hardening for Falkor" has been added to the 4.14-stable tree
2018-02-14 16:16 ` Timur Tabi
@ 2018-02-14 18:23 ` Greg Kroah-Hartman
2018-02-14 18:49 ` Catalin Marinas
2018-02-19 23:57 ` Jon Masters
1 sibling, 1 reply; 7+ messages in thread
From: Greg Kroah-Hartman @ 2018-02-14 18:23 UTC (permalink / raw)
To: Timur Tabi
Cc: lkml, Shanker Donthineni, Ard Biesheuvel, Catalin Marinas,
Will Deacon, stable, stable-commits
On Wed, Feb 14, 2018 at 10:16:51AM -0600, Timur Tabi wrote:
> On Wed, Feb 14, 2018 at 7:53 AM, <gregkh@linuxfoundation.org> wrote:
> >
> > This is a note to let you know that I've just added the patch titled
> >
> > [Variant 2/Spectre-v2] arm64: Implement branch predictor hardening for Falkor
> >
> > to the 4.14-stable tree which can be found at:
> > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
> >
> > The filename of the patch is:
> > arm64-implement-branch-predictor-hardening-for-falkor.patch
> > and it can be found in the queue-4.14 subdirectory.
> >
> > If you, or anyone else, feels it should not be added to the stable tree,
> > please let <stable@vger.kernel.org> know about it.
>
> Please note that there is a follow-on patch, also from Shanker, that
> fixes this patch (it was slightly mangled when merged into 4.16-rc1):
>
> https://www.spinics.net/lists/arm-kernel/msg633726.html
>
> I would love for it to be included in 4.14.20, but it hasn't been
> merged into Linus' tree yet. I will send a patch request when it does
> land in 4.16-rc2.
There's nothing I can do unless it's in Linus's tree :)
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Patch "[Variant 2/Spectre-v2] arm64: Implement branch predictor hardening for Falkor" has been added to the 4.14-stable tree
2018-02-14 18:23 ` Greg Kroah-Hartman
@ 2018-02-14 18:49 ` Catalin Marinas
0 siblings, 0 replies; 7+ messages in thread
From: Catalin Marinas @ 2018-02-14 18:49 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Timur Tabi, lkml, Shanker Donthineni, Ard Biesheuvel,
Will Deacon, stable, stable-commits
On Wed, Feb 14, 2018 at 07:23:46PM +0100, Greg Kroah-Hartman wrote:
> On Wed, Feb 14, 2018 at 10:16:51AM -0600, Timur Tabi wrote:
> > On Wed, Feb 14, 2018 at 7:53 AM, <gregkh@linuxfoundation.org> wrote:
> > >
> > > This is a note to let you know that I've just added the patch titled
> > >
> > > [Variant 2/Spectre-v2] arm64: Implement branch predictor hardening for Falkor
> > >
> > > to the 4.14-stable tree which can be found at:
> > > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
> > >
> > > The filename of the patch is:
> > > arm64-implement-branch-predictor-hardening-for-falkor.patch
> > > and it can be found in the queue-4.14 subdirectory.
> > >
> > > If you, or anyone else, feels it should not be added to the stable tree,
> > > please let <stable@vger.kernel.org> know about it.
> >
> > Please note that there is a follow-on patch, also from Shanker, that
> > fixes this patch (it was slightly mangled when merged into 4.16-rc1):
> >
> > https://www.spinics.net/lists/arm-kernel/msg633726.html
> >
> > I would love for it to be included in 4.14.20, but it hasn't been
> > merged into Linus' tree yet. I will send a patch request when it does
> > land in 4.16-rc2.
>
> There's nothing I can do unless it's in Linus's tree :)
It will land in 4.16-rc2 (already queued on my local tree).
--
Catalin
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Patch "[Variant 2/Spectre-v2] arm64: Implement branch predictor hardening for Falkor" has been added to the 4.14-stable tree
2018-02-14 16:16 ` Timur Tabi
2018-02-14 18:23 ` Greg Kroah-Hartman
@ 2018-02-19 23:57 ` Jon Masters
2018-02-20 10:47 ` Greg Kroah-Hartman
1 sibling, 1 reply; 7+ messages in thread
From: Jon Masters @ 2018-02-19 23:57 UTC (permalink / raw)
To: Timur Tabi, lkml
Cc: Shanker Donthineni, Ard Biesheuvel, Catalin Marinas,
Greg Kroah-Hartman, Will Deacon, stable, stable-commits
On 02/14/2018 11:16 AM, Timur Tabi wrote:
> On Wed, Feb 14, 2018 at 7:53 AM, <gregkh@linuxfoundation.org> wrote:
>>
>> This is a note to let you know that I've just added the patch titled
>>
>> [Variant 2/Spectre-v2] arm64: Implement branch predictor hardening for Falkor
>>
>> to the 4.14-stable tree which can be found at:
>> http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
>>
>> The filename of the patch is:
>> arm64-implement-branch-predictor-hardening-for-falkor.patch
>> and it can be found in the queue-4.14 subdirectory.
>>
>> If you, or anyone else, feels it should not be added to the stable tree,
>> please let <stable@vger.kernel.org> know about it.
>
> Please note that there is a follow-on patch, also from Shanker, that
> fixes this patch (it was slightly mangled when merged into 4.16-rc1):
>
> https://www.spinics.net/lists/arm-kernel/msg633726.html
>
> I would love for it to be included in 4.14.20, but it hasn't been
> merged into Linus' tree yet. I will send a patch request when it does
> land in 4.16-rc2.
That has now landed in Linus's tree.
Jon.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Patch "[Variant 2/Spectre-v2] arm64: Implement branch predictor hardening for Falkor" has been added to the 4.14-stable tree
2018-02-19 23:57 ` Jon Masters
@ 2018-02-20 10:47 ` Greg Kroah-Hartman
2018-02-20 10:49 ` Greg Kroah-Hartman
0 siblings, 1 reply; 7+ messages in thread
From: Greg Kroah-Hartman @ 2018-02-20 10:47 UTC (permalink / raw)
To: Jon Masters
Cc: Timur Tabi, lkml, Shanker Donthineni, Ard Biesheuvel,
Catalin Marinas, Will Deacon, stable, stable-commits
On Mon, Feb 19, 2018 at 06:57:12PM -0500, Jon Masters wrote:
> On 02/14/2018 11:16 AM, Timur Tabi wrote:
> > On Wed, Feb 14, 2018 at 7:53 AM, <gregkh@linuxfoundation.org> wrote:
> >>
> >> This is a note to let you know that I've just added the patch titled
> >>
> >> [Variant 2/Spectre-v2] arm64: Implement branch predictor hardening for Falkor
> >>
> >> to the 4.14-stable tree which can be found at:
> >> http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
> >>
> >> The filename of the patch is:
> >> arm64-implement-branch-predictor-hardening-for-falkor.patch
> >> and it can be found in the queue-4.14 subdirectory.
> >>
> >> If you, or anyone else, feels it should not be added to the stable tree,
> >> please let <stable@vger.kernel.org> know about it.
> >
> > Please note that there is a follow-on patch, also from Shanker, that
> > fixes this patch (it was slightly mangled when merged into 4.16-rc1):
> >
> > https://www.spinics.net/lists/arm-kernel/msg633726.html
> >
> > I would love for it to be included in 4.14.20, but it hasn't been
> > merged into Linus' tree yet. I will send a patch request when it does
> > land in 4.16-rc2.
>
> That has now landed in Linus's tree.
What is the git commit id for it?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Patch "[Variant 2/Spectre-v2] arm64: Implement branch predictor hardening for Falkor" has been added to the 4.14-stable tree
2018-02-20 10:47 ` Greg Kroah-Hartman
@ 2018-02-20 10:49 ` Greg Kroah-Hartman
0 siblings, 0 replies; 7+ messages in thread
From: Greg Kroah-Hartman @ 2018-02-20 10:49 UTC (permalink / raw)
To: Jon Masters
Cc: Timur Tabi, lkml, Shanker Donthineni, Ard Biesheuvel,
Catalin Marinas, Will Deacon, stable, stable-commits
On Tue, Feb 20, 2018 at 11:47:38AM +0100, Greg Kroah-Hartman wrote:
> On Mon, Feb 19, 2018 at 06:57:12PM -0500, Jon Masters wrote:
> > On 02/14/2018 11:16 AM, Timur Tabi wrote:
> > > On Wed, Feb 14, 2018 at 7:53 AM, <gregkh@linuxfoundation.org> wrote:
> > >>
> > >> This is a note to let you know that I've just added the patch titled
> > >>
> > >> [Variant 2/Spectre-v2] arm64: Implement branch predictor hardening for Falkor
> > >>
> > >> to the 4.14-stable tree which can be found at:
> > >> http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
> > >>
> > >> The filename of the patch is:
> > >> arm64-implement-branch-predictor-hardening-for-falkor.patch
> > >> and it can be found in the queue-4.14 subdirectory.
> > >>
> > >> If you, or anyone else, feels it should not be added to the stable tree,
> > >> please let <stable@vger.kernel.org> know about it.
> > >
> > > Please note that there is a follow-on patch, also from Shanker, that
> > > fixes this patch (it was slightly mangled when merged into 4.16-rc1):
> > >
> > > https://www.spinics.net/lists/arm-kernel/msg633726.html
> > >
> > > I would love for it to be included in 4.14.20, but it hasn't been
> > > merged into Linus' tree yet. I will send a patch request when it does
> > > land in 4.16-rc2.
> >
> > That has now landed in Linus's tree.
>
> What is the git commit id for it?
Nevermind, I found it myself...
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2018-02-20 10:49 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-02-14 13:53 Patch "[Variant 2/Spectre-v2] arm64: Implement branch predictor hardening for Falkor" has been added to the 4.14-stable tree gregkh
2018-02-14 16:16 ` Timur Tabi
2018-02-14 18:23 ` Greg Kroah-Hartman
2018-02-14 18:49 ` Catalin Marinas
2018-02-19 23:57 ` Jon Masters
2018-02-20 10:47 ` Greg Kroah-Hartman
2018-02-20 10:49 ` Greg Kroah-Hartman
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.