* [PATCH 4.14 1/2] arm64: add sentinel to kpti_safe_list
2020-01-16 9:14 [PATCH 4.14 0/2] arm64 KPTI fixes Juerg Haefliger
@ 2020-01-16 9:14 ` Juerg Haefliger
2020-01-16 9:14 ` [PATCH 4.14 2/2] arm64: Check for errata before evaluating cpu features Juerg Haefliger
2020-01-16 9:28 ` [PATCH 4.14 0/2] arm64 KPTI fixes Greg KH
2 siblings, 0 replies; 4+ messages in thread
From: Juerg Haefliger @ 2020-01-16 9:14 UTC (permalink / raw)
To: stable
Cc: Mark Rutland, Jan Kiszka, Suzuki K Poulose, Catalin Marinas,
Will Deacon, Juerg Haefliger
From: Mark Rutland <mark.rutland@arm.com>
commit 71c751f2a43fa03fae3cf5f0067ed3001a397013 upstream.
We're missing a sentinel entry in kpti_safe_list. Thus is_midr_in_range_list()
can walk past the end of kpti_safe_list. Depending on the contents of memory,
this could erroneously match a CPU's MIDR, cause a data abort, or other bad
outcomes.
Add the sentinel entry to avoid this.
Fixes: be5b299830c63ed7 ("arm64: capabilities: Add support for checks based on a list of MIDRs")
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Reported-by: Jan Kiszka <jan.kiszka@siemens.com>
Tested-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Juerg Haefliger <juergh@canonical.com>
---
arch/arm64/kernel/cpufeature.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 60066315d669..ae28979676c1 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -836,6 +836,7 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
MIDR_ALL_VERSIONS(MIDR_CORTEX_A57),
MIDR_ALL_VERSIONS(MIDR_CORTEX_A72),
MIDR_ALL_VERSIONS(MIDR_CORTEX_A73),
+ { /* sentinel */ }
};
char const *str = "kpti command line option";
bool meltdown_safe;
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 4.14 2/2] arm64: Check for errata before evaluating cpu features
2020-01-16 9:14 [PATCH 4.14 0/2] arm64 KPTI fixes Juerg Haefliger
2020-01-16 9:14 ` [PATCH 4.14 1/2] arm64: add sentinel to kpti_safe_list Juerg Haefliger
@ 2020-01-16 9:14 ` Juerg Haefliger
2020-01-16 9:28 ` [PATCH 4.14 0/2] arm64 KPTI fixes Greg KH
2 siblings, 0 replies; 4+ messages in thread
From: Juerg Haefliger @ 2020-01-16 9:14 UTC (permalink / raw)
To: stable
Cc: Dirk Mueller, Suzuki K Poulose, Marc Zyngier, Will Deacon,
Juerg Haefliger
From: Dirk Mueller <dmueller@suse.com>
commit dc0e36581eb2da1aa3c63ceeff0f10ef1e899b2a upstream.
Since commit d3aec8a28be3b8 ("arm64: capabilities: Restrict KPTI
detection to boot-time CPUs") we rely on errata flags being already
populated during feature enumeration. The order of errata and
features was flipped as part of commit ed478b3f9e4a ("arm64:
capabilities: Group handling of features and errata workarounds").
Return to the orginal order of errata and feature evaluation to
ensure errata flags are present during feature evaluation.
Fixes: ed478b3f9e4a ("arm64: capabilities: Group handling of
features and errata workarounds")
CC: Suzuki K Poulose <suzuki.poulose@arm.com>
CC: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Dirk Mueller <dmueller@suse.com>
Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Juerg Haefliger <juergh@canonical.com>
---
arch/arm64/kernel/cpufeature.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index ae28979676c1..09c6499bc500 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -1278,9 +1278,9 @@ static void __update_cpu_capabilities(const struct arm64_cpu_capabilities *caps,
static void update_cpu_capabilities(u16 scope_mask)
{
- __update_cpu_capabilities(arm64_features, scope_mask, "detected:");
__update_cpu_capabilities(arm64_errata, scope_mask,
"enabling workaround for");
+ __update_cpu_capabilities(arm64_features, scope_mask, "detected:");
}
static int __enable_cpu_capability(void *arg)
@@ -1335,8 +1335,8 @@ __enable_cpu_capabilities(const struct arm64_cpu_capabilities *caps,
static void __init enable_cpu_capabilities(u16 scope_mask)
{
- __enable_cpu_capabilities(arm64_features, scope_mask);
__enable_cpu_capabilities(arm64_errata, scope_mask);
+ __enable_cpu_capabilities(arm64_features, scope_mask);
}
/*
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 4.14 0/2] arm64 KPTI fixes
2020-01-16 9:14 [PATCH 4.14 0/2] arm64 KPTI fixes Juerg Haefliger
2020-01-16 9:14 ` [PATCH 4.14 1/2] arm64: add sentinel to kpti_safe_list Juerg Haefliger
2020-01-16 9:14 ` [PATCH 4.14 2/2] arm64: Check for errata before evaluating cpu features Juerg Haefliger
@ 2020-01-16 9:28 ` Greg KH
2 siblings, 0 replies; 4+ messages in thread
From: Greg KH @ 2020-01-16 9:28 UTC (permalink / raw)
To: Juerg Haefliger; +Cc: stable, Juerg Haefliger
On Thu, Jan 16, 2020 at 10:14:20AM +0100, Juerg Haefliger wrote:
> Please consider the following two patches for inclusion in 4.14.
>
> The second patch fixes a boot issue on ThunderX when erratum 27456 is
> enabled. Without it, KPTI is not turned off due to the incorrect order
> of evaluating features and errata which leads to all sorts of problems.
>
> Dirk Mueller (1):
> arm64: Check for errata before evaluating cpu features
>
> Mark Rutland (1):
> arm64: add sentinel to kpti_safe_list
>
> arch/arm64/kernel/cpufeature.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
Both now queued up, thanks.
greg k-h
^ permalink raw reply [flat|nested] 4+ messages in thread