All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 4.14 0/2] arm64 KPTI fixes
@ 2020-01-16  9:14 Juerg Haefliger
  2020-01-16  9:14 ` [PATCH 4.14 1/2] arm64: add sentinel to kpti_safe_list Juerg Haefliger
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Juerg Haefliger @ 2020-01-16  9:14 UTC (permalink / raw)
  To: stable; +Cc: Juerg Haefliger

Please consider the following two patches for inclusion in 4.14.

The second patch fixes a boot issue on ThunderX when erratum 27456 is
enabled. Without it, KPTI is not turned off due to the incorrect order
of evaluating features and errata which leads to all sorts of problems.

Dirk Mueller (1):
  arm64: Check for errata before evaluating cpu features

Mark Rutland (1):
  arm64: add sentinel to kpti_safe_list

 arch/arm64/kernel/cpufeature.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

-- 
2.20.1


^ permalink raw reply	[flat|nested] 4+ messages in thread
* [PATCH 4.14 1/2] arm64: add sentinel to kpti_safe_list
  2020-01-16  9:14 [PATCH 4.14 0/2] arm64 KPTI fixes Juerg Haefliger
@ 2020-01-16  9:14 ` Juerg Haefliger
  2020-01-16  9:14 ` [PATCH 4.14 2/2] arm64: Check for errata before evaluating cpu features Juerg Haefliger
  2020-01-16  9:28 ` [PATCH 4.14 0/2] arm64 KPTI fixes Greg KH
  2 siblings, 0 replies; 4+ messages in thread
From: Juerg Haefliger @ 2020-01-16  9:14 UTC (permalink / raw)
  To: stable
  Cc: Mark Rutland, Jan Kiszka, Suzuki K Poulose, Catalin Marinas,
	Will Deacon, Juerg Haefliger

From: Mark Rutland <mark.rutland@arm.com>

commit 71c751f2a43fa03fae3cf5f0067ed3001a397013 upstream.

We're missing a sentinel entry in kpti_safe_list. Thus is_midr_in_range_list()
can walk past the end of kpti_safe_list. Depending on the contents of memory,
this could erroneously match a CPU's MIDR, cause a data abort, or other bad
outcomes.

Add the sentinel entry to avoid this.

Fixes: be5b299830c63ed7 ("arm64: capabilities: Add support for checks based on a list of MIDRs")
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Reported-by: Jan Kiszka <jan.kiszka@siemens.com>
Tested-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Juerg Haefliger <juergh@canonical.com>
---
 arch/arm64/kernel/cpufeature.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 60066315d669..ae28979676c1 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -836,6 +836,7 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
 		MIDR_ALL_VERSIONS(MIDR_CORTEX_A57),
 		MIDR_ALL_VERSIONS(MIDR_CORTEX_A72),
 		MIDR_ALL_VERSIONS(MIDR_CORTEX_A73),
+		{ /* sentinel */ }
 	};
 	char const *str = "kpti command line option";
 	bool meltdown_safe;
-- 
2.20.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [PATCH 4.14 2/2] arm64: Check for errata before evaluating cpu features
  2020-01-16  9:14 [PATCH 4.14 0/2] arm64 KPTI fixes Juerg Haefliger
  2020-01-16  9:14 ` [PATCH 4.14 1/2] arm64: add sentinel to kpti_safe_list Juerg Haefliger
@ 2020-01-16  9:14 ` Juerg Haefliger
  2020-01-16  9:28 ` [PATCH 4.14 0/2] arm64 KPTI fixes Greg KH
  2 siblings, 0 replies; 4+ messages in thread
From: Juerg Haefliger @ 2020-01-16  9:14 UTC (permalink / raw)
  To: stable
  Cc: Dirk Mueller, Suzuki K Poulose, Marc Zyngier, Will Deacon,
	Juerg Haefliger

From: Dirk Mueller <dmueller@suse.com>

commit dc0e36581eb2da1aa3c63ceeff0f10ef1e899b2a upstream.

Since commit d3aec8a28be3b8 ("arm64: capabilities: Restrict KPTI
detection to boot-time CPUs") we rely on errata flags being already
populated during feature enumeration. The order of errata and
features was flipped as part of commit ed478b3f9e4a ("arm64:
capabilities: Group handling of features and errata workarounds").

Return to the orginal order of errata and feature evaluation to
ensure errata flags are present during feature evaluation.

Fixes: ed478b3f9e4a ("arm64: capabilities: Group handling of
    features and errata workarounds")
CC: Suzuki K Poulose <suzuki.poulose@arm.com>
CC: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Dirk Mueller <dmueller@suse.com>
Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Juerg Haefliger <juergh@canonical.com>
---
 arch/arm64/kernel/cpufeature.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index ae28979676c1..09c6499bc500 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -1278,9 +1278,9 @@ static void __update_cpu_capabilities(const struct arm64_cpu_capabilities *caps,
 
 static void update_cpu_capabilities(u16 scope_mask)
 {
-	__update_cpu_capabilities(arm64_features, scope_mask, "detected:");
 	__update_cpu_capabilities(arm64_errata, scope_mask,
 				  "enabling workaround for");
+	__update_cpu_capabilities(arm64_features, scope_mask, "detected:");
 }
 
 static int __enable_cpu_capability(void *arg)
@@ -1335,8 +1335,8 @@ __enable_cpu_capabilities(const struct arm64_cpu_capabilities *caps,
 
 static void __init enable_cpu_capabilities(u16 scope_mask)
 {
-	__enable_cpu_capabilities(arm64_features, scope_mask);
 	__enable_cpu_capabilities(arm64_errata, scope_mask);
+	__enable_cpu_capabilities(arm64_features, scope_mask);
 }
 
 /*
-- 
2.20.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH 4.14 0/2] arm64 KPTI fixes
  2020-01-16  9:14 [PATCH 4.14 0/2] arm64 KPTI fixes Juerg Haefliger
  2020-01-16  9:14 ` [PATCH 4.14 1/2] arm64: add sentinel to kpti_safe_list Juerg Haefliger
  2020-01-16  9:14 ` [PATCH 4.14 2/2] arm64: Check for errata before evaluating cpu features Juerg Haefliger
@ 2020-01-16  9:28 ` Greg KH
  2 siblings, 0 replies; 4+ messages in thread
From: Greg KH @ 2020-01-16  9:28 UTC (permalink / raw)
  To: Juerg Haefliger; +Cc: stable, Juerg Haefliger

On Thu, Jan 16, 2020 at 10:14:20AM +0100, Juerg Haefliger wrote:
> Please consider the following two patches for inclusion in 4.14.
> 
> The second patch fixes a boot issue on ThunderX when erratum 27456 is
> enabled. Without it, KPTI is not turned off due to the incorrect order
> of evaluating features and errata which leads to all sorts of problems.
> 
> Dirk Mueller (1):
>   arm64: Check for errata before evaluating cpu features
> 
> Mark Rutland (1):
>   arm64: add sentinel to kpti_safe_list
> 
>  arch/arm64/kernel/cpufeature.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)

Both now queued up, thanks.

greg k-h

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-01-16  9:28 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-16  9:14 [PATCH 4.14 0/2] arm64 KPTI fixes Juerg Haefliger
2020-01-16  9:14 ` [PATCH 4.14 1/2] arm64: add sentinel to kpti_safe_list Juerg Haefliger
2020-01-16  9:14 ` [PATCH 4.14 2/2] arm64: Check for errata before evaluating cpu features Juerg Haefliger
2020-01-16  9:28 ` [PATCH 4.14 0/2] arm64 KPTI fixes Greg KH

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.