From: Julien Thierry <julien.thierry@arm.com>
To: Viresh Kumar <viresh.kumar@linaro.org>
Cc: linux-arm-kernel@lists.infradead.org, stable@vger.kernel.org,
Catalin Marinas <catalin.marinas@arm.com>,
Marc Zyngier <marc.zyngier@arm.com>,
Mark Rutland <mark.rutland@arm.com>,
Will Deacon <will.deacon@arm.com>,
Russell King <rmk+kernel@arm.linux.org.uk>,
Vincent Guittot <vincent.guittot@linaro.org>,
mark.brown@arm.com
Subject: Re: [PATCH v4.4 00/45] V4.4 backport of arm64 Spectre patches
Date: Wed, 19 Jun 2019 12:03:39 +0100 [thread overview]
Message-ID: <ed7d6125-e8ec-c3a1-06c7-2a2fa2c92d32@arm.com> (raw)
In-Reply-To: <20190618102122.z52oi37pp3wigqxx@vireshk-i7>
Hi Viresh,
On 18/06/2019 11:21, Viresh Kumar wrote:
> On 17-06-19, 17:03, Julien Thierry wrote:
>> On 14/06/2019 04:07, Viresh Kumar wrote:
[...]
> I have updated the stable/v4.4.y/spectre branch with all the changes you
> suggested and pushed the earlier version to stable/v4.4.y/spectre-v1 branch.
>
> Will it be possible for you to have a look at stable/v4.4.y/spectre branch to
> see if it is okay, so I can send the v2 version ? Don't want to spam list
> unnecessary with so many patches :)
>
I've given a run for your new version and it looks like the BP hardening
is not taking place.
I believe the culprit is update_cpu_capabilities(), which in 4.4 tests
for capability.desc to know where to stop (and requires all valid
capabilities to have a description).
Since commit 644c2ae19 "arm64: cpufeature: Test 'matches' pointer to
find the end of the list", the restriction was lifted.
Unfortunately for you, the errata workarounds using BP hardening were
introduced after that commit and were not given a description. So they
do not get applied and also, in the current state, would prevent
following entries in the errata table from getting applied.
So either 644c2ae19 needs to be backported, or the workarounds need to
be given descriptions.
I'll let you know if I find anything else.
Cheers,
--
Julien Thierry
WARNING: multiple messages have this Message-ID (diff)
From: Julien Thierry <julien.thierry@arm.com>
To: Viresh Kumar <viresh.kumar@linaro.org>
Cc: Mark Rutland <mark.rutland@arm.com>,
Marc Zyngier <marc.zyngier@arm.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
stable@vger.kernel.org, mark.brown@arm.com,
Russell King <rmk+kernel@arm.linux.org.uk>,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH v4.4 00/45] V4.4 backport of arm64 Spectre patches
Date: Wed, 19 Jun 2019 12:03:39 +0100 [thread overview]
Message-ID: <ed7d6125-e8ec-c3a1-06c7-2a2fa2c92d32@arm.com> (raw)
In-Reply-To: <20190618102122.z52oi37pp3wigqxx@vireshk-i7>
Hi Viresh,
On 18/06/2019 11:21, Viresh Kumar wrote:
> On 17-06-19, 17:03, Julien Thierry wrote:
>> On 14/06/2019 04:07, Viresh Kumar wrote:
[...]
> I have updated the stable/v4.4.y/spectre branch with all the changes you
> suggested and pushed the earlier version to stable/v4.4.y/spectre-v1 branch.
>
> Will it be possible for you to have a look at stable/v4.4.y/spectre branch to
> see if it is okay, so I can send the v2 version ? Don't want to spam list
> unnecessary with so many patches :)
>
I've given a run for your new version and it looks like the BP hardening
is not taking place.
I believe the culprit is update_cpu_capabilities(), which in 4.4 tests
for capability.desc to know where to stop (and requires all valid
capabilities to have a description).
Since commit 644c2ae19 "arm64: cpufeature: Test 'matches' pointer to
find the end of the list", the restriction was lifted.
Unfortunately for you, the errata workarounds using BP hardening were
introduced after that commit and were not given a description. So they
do not get applied and also, in the current state, would prevent
following entries in the errata table from getting applied.
So either 644c2ae19 needs to be backported, or the workarounds need to
be given descriptions.
I'll let you know if I find anything else.
Cheers,
--
Julien Thierry
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-06-19 11:03 UTC|newest]
Thread overview: 114+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-14 3:07 [PATCH v4.4 00/45] V4.4 backport of arm64 Spectre patches Viresh Kumar
2019-06-14 3:07 ` Viresh Kumar
2019-06-14 3:07 ` [PATCH v4.4 01/45] arm64: barrier: Add CSDB macros to control data-value prediction Viresh Kumar
2019-06-14 3:07 ` Viresh Kumar
2019-06-14 3:07 ` [PATCH v4.4 02/45] arm64: Implement array_index_mask_nospec() Viresh Kumar
2019-06-14 3:07 ` Viresh Kumar
2019-06-14 3:07 ` [PATCH v4.4 03/45] arm64: remove duplicate macro __KERNEL__ check Viresh Kumar
2019-06-14 3:07 ` Viresh Kumar
2019-06-14 3:07 ` [PATCH v4.4 04/45] arm64: move TASK_* definitions to <asm/processor.h> Viresh Kumar
2019-06-14 3:07 ` Viresh Kumar
2019-06-14 3:07 ` [PATCH v4.4 05/45] arm64: Make USER_DS an inclusive limit Viresh Kumar
2019-06-14 3:07 ` Viresh Kumar
2019-06-14 3:07 ` [PATCH v4.4 06/45] arm64: Use pointer masking to limit uaccess speculation Viresh Kumar
2019-06-14 3:07 ` Viresh Kumar
2019-06-14 3:07 ` [PATCH v4.4 07/45] arm64: entry: Ensure branch through syscall table is bounded under speculation Viresh Kumar
2019-06-14 3:07 ` Viresh Kumar
2019-06-14 3:07 ` [PATCH v4.4 08/45] arm64: uaccess: Prevent speculative use of the current addr_limit Viresh Kumar
2019-06-14 3:07 ` Viresh Kumar
2019-06-14 3:07 ` [PATCH v4.4 09/45] arm64: uaccess: Don't bother eliding access_ok checks in __{get, put}_user Viresh Kumar
2019-06-14 3:07 ` Viresh Kumar
2019-06-14 3:07 ` [PATCH v4.4 10/45] mm/kasan: add API to check memory regions Viresh Kumar
2019-06-14 3:07 ` Viresh Kumar
2019-07-04 14:15 ` Julien Thierry
2019-07-04 14:15 ` Julien Thierry
2019-07-05 3:13 ` Viresh Kumar
2019-07-05 3:13 ` Viresh Kumar
2019-06-14 3:07 ` [PATCH v4.4 11/45] arm64: kasan: instrument user memory access API Viresh Kumar
2019-06-14 3:07 ` Viresh Kumar
2019-06-14 3:07 ` [PATCH v4.4 12/45] arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user Viresh Kumar
2019-06-14 3:07 ` Viresh Kumar
2019-06-14 3:07 ` [PATCH v4.4 13/45] arm64: cpufeature: Pass capability structure to ->enable callback Viresh Kumar
2019-06-14 3:07 ` Viresh Kumar
2019-06-14 3:07 ` [PATCH v4.4 14/45] drivers/firmware: Expose psci_get_version through psci_ops structure Viresh Kumar
2019-06-14 3:07 ` Viresh Kumar
2019-06-14 3:07 ` [PATCH v4.4 15/45] arm64: Factor out TTBR0_EL1 post-update workaround into a specific asm macro Viresh Kumar
2019-06-14 3:07 ` Viresh Kumar
2019-06-14 3:07 ` [PATCH v4.4 16/45] arm64: Move post_ttbr_update_workaround to C code Viresh Kumar
2019-06-14 3:07 ` Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 17/45] arm64: cpufeature: Add scope for capability check Viresh Kumar
2019-06-14 3:08 ` Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 18/45] arm64: Add skeleton to harden the branch predictor against aliasing attacks Viresh Kumar
2019-06-14 3:08 ` Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 19/45] arm64: Move BP hardening to check_and_switch_context Viresh Kumar
2019-06-14 3:08 ` Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 20/45] mm: Introduce lm_alias Viresh Kumar
2019-06-14 3:08 ` Viresh Kumar
2019-06-17 12:33 ` Julien Thierry
2019-06-17 12:33 ` Julien Thierry
2019-06-18 5:00 ` Viresh Kumar
2019-06-18 5:00 ` Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 21/45] arm64: entry: Apply BP hardening for high-priority synchronous exceptions Viresh Kumar
2019-06-14 3:08 ` Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 22/45] arm64: entry: Apply BP hardening for suspicious interrupts from EL0 Viresh Kumar
2019-06-14 3:08 ` Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 23/45] arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75 Viresh Kumar
2019-06-14 3:08 ` Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 24/45] arm64: cpu_errata: Allow an erratum to be match for all revisions of a core Viresh Kumar
2019-06-14 3:08 ` Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 25/45] arm64: Implement branch predictor hardening for affected Cortex-A CPUs Viresh Kumar
2019-06-14 3:08 ` Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 26/45] arm64: cputype info for Broadcom Vulcan Viresh Kumar
2019-06-14 3:08 ` Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 27/45] arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs Viresh Kumar
2019-06-14 3:08 ` Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 28/45] arm64: Branch predictor hardening for Cavium ThunderX2 Viresh Kumar
2019-06-14 3:08 ` Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 29/45] arm64: KVM: Increment PC after handling an SMC trap Viresh Kumar
2019-06-14 3:08 ` Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 30/45] arm/arm64: KVM: Consolidate the PSCI include files Viresh Kumar
2019-06-14 3:08 ` Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 31/45] arm/arm64: KVM: Add PSCI_VERSION helper Viresh Kumar
2019-06-14 3:08 ` Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 32/45] arm/arm64: KVM: Add smccc accessors to PSCI code Viresh Kumar
2019-06-14 3:08 ` Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 33/45] ARM: 8478/2: arm/arm64: add arm-smccc Viresh Kumar
2019-06-14 3:08 ` Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 34/45] arm/arm64: KVM: Implement PSCI 1.0 support Viresh Kumar
2019-06-14 3:08 ` Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 35/45] arm/arm64: KVM: Advertise SMCCC v1.1 Viresh Kumar
2019-06-14 3:08 ` Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 36/45] arm/arm64: KVM: Turn kvm_psci_version into a static inline Viresh Kumar
2019-06-14 3:08 ` Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 37/45] arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support Viresh Kumar
2019-06-14 3:08 ` Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 38/45] arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling Viresh Kumar
2019-06-14 3:08 ` Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 39/45] firmware/psci: Expose PSCI conduit Viresh Kumar
2019-06-14 3:08 ` Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 40/45] firmware/psci: Expose SMCCC version through psci_ops Viresh Kumar
2019-06-14 3:08 ` Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 41/45] arm/arm64: smccc: Make function identifiers an unsigned quantity Viresh Kumar
2019-06-14 3:08 ` Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 42/45] arm/arm64: smccc: Implement SMCCC v1.1 inline primitive Viresh Kumar
2019-06-14 3:08 ` Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 43/45] arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support Viresh Kumar
2019-06-14 3:08 ` Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 44/45] arm64: Kill PSCI_GET_VERSION as a variant-2 workaround Viresh Kumar
2019-06-14 3:08 ` Viresh Kumar
2019-06-14 3:08 ` [PATCH v4.4 45/45] arm64: futex: Mask __user pointers prior to dereference Viresh Kumar
2019-06-14 3:08 ` Viresh Kumar
2019-06-17 12:10 ` [PATCH v4.4 00/45] V4.4 backport of arm64 Spectre patches Greg KH
2019-06-17 12:10 ` Greg KH
2019-06-17 16:03 ` Julien Thierry
2019-06-17 16:03 ` Julien Thierry
2019-06-18 10:21 ` Viresh Kumar
2019-06-18 10:21 ` Viresh Kumar
2019-06-19 11:03 ` Julien Thierry [this message]
2019-06-19 11:03 ` Julien Thierry
2019-06-19 11:20 ` Viresh Kumar
2019-06-19 11:20 ` Viresh Kumar
2019-06-17 16:30 ` Julien Thierry
2019-06-17 16:30 ` Julien Thierry
2019-07-11 13:57 ` Julien Thierry
2019-07-11 13:57 ` Julien Thierry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ed7d6125-e8ec-c3a1-06c7-2a2fa2c92d32@arm.com \
--to=julien.thierry@arm.com \
--cc=catalin.marinas@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=marc.zyngier@arm.com \
--cc=mark.brown@arm.com \
--cc=mark.rutland@arm.com \
--cc=rmk+kernel@arm.linux.org.uk \
--cc=stable@vger.kernel.org \
--cc=vincent.guittot@linaro.org \
--cc=viresh.kumar@linaro.org \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.