Commit cd22a8bf authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'arm64-spectre-bhb-for-v5.17-2' of... 

Merge tag 'arm64-spectre-bhb-for-v5.17-2' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull arm64 spectre fixes from James Morse:
 "ARM64 Spectre-BHB mitigations:

   - Make EL1 vectors per-cpu

   - Add mitigation sequences to the EL1 and EL2 vectors on vulnerble
     CPUs

   - Implement ARCH_WORKAROUND_3 for KVM guests

   - Report Vulnerable when unprivileged eBPF is enabled"

* tag 'arm64-spectre-bhb-for-v5.17-2' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting
  arm64: Use the clearbhb instruction in mitigations
  KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated
  arm64: Mitigate spectre style branch history side channels
  arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2
  arm64: Add percpu vectors for EL1
  arm64: entry: Add macro for reading symbol addresses from the trampoline
  arm64: entry: Add vectors that have the bhb mitigation sequences
  arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations
  arm64: entry: Allow the trampoline text to occupy multiple pages
  arm64: entry: Make the kpti trampoline's kpti sequence optional
  arm64: entry: Move trampoline macros out of ifdef'd section
  arm64: entry: Don't assume tramp_vectors is the start of the vectors
  arm64: entry: Allow tramp_alias to access symbols after the 4K boundary
  arm64: entry: Move the trampoline data page before the text page
  arm64: entry: Free up another register on kpti's tramp_exit path
  arm64: entry: Make the trampoline cleanup optional
  KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A
  arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit
  arm64: entry.S: Add ventry overflow sanity checks
parents fc55c23a 58c9a506

arch/arm64/Kconfig

+9 −0
Original line number Diff line number Diff line
@@ -1383,6 +1383,15 @@ config UNMAP_KERNEL_AT_EL0 


	  If unsure, say Y.



config MITIGATE_SPECTRE_BRANCH_HISTORY

	bool "Mitigate Spectre style attacks against branch history" if EXPERT

	default y

	help

	  Speculation attacks against some high-performance processors can

	  make use of branch history to influence future speculation.

	  When taking an exception from user-space, a sequence of branches

	  or a firmware call overwrites the branch history.



config RODATA_FULL_DEFAULT_ENABLED

	bool "Apply r/o permissions of VM areas also to their linear aliases"

	default y

arch/arm64/include/asm/assembler.h

+53 −0
Original line number Diff line number Diff line
@@ -108,6 +108,13 @@ 
	hint	#20

	.endm



/*

 * Clear Branch History instruction

 */

	.macro clearbhb

	hint	#22

	.endm



/*

 * Speculation barrier

 */
@@ -850,4 +857,50 @@ alternative_endif 


#endif /* GNU_PROPERTY_AARCH64_FEATURE_1_DEFAULT */



	.macro __mitigate_spectre_bhb_loop      tmp

#ifdef CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY

alternative_cb  spectre_bhb_patch_loop_iter

	mov	\tmp, #32		// Patched to correct the immediate

alternative_cb_end

.Lspectre_bhb_loop\@:

	b	. + 4

	subs	\tmp, \tmp, #1

	b.ne	.Lspectre_bhb_loop\@

	sb

#endif /* CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY */

	.endm



	.macro mitigate_spectre_bhb_loop	tmp

#ifdef CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY

alternative_cb	spectre_bhb_patch_loop_mitigation_enable

	b	.L_spectre_bhb_loop_done\@	// Patched to NOP

alternative_cb_end

	__mitigate_spectre_bhb_loop	\tmp

.L_spectre_bhb_loop_done\@:

#endif /* CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY */

	.endm



	/* Save/restores x0-x3 to the stack */

	.macro __mitigate_spectre_bhb_fw

#ifdef CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY

	stp	x0, x1, [sp, #-16]!

	stp	x2, x3, [sp, #-16]!

	mov	w0, #ARM_SMCCC_ARCH_WORKAROUND_3

alternative_cb	smccc_patch_fw_mitigation_conduit

	nop					// Patched to SMC/HVC #0

alternative_cb_end

	ldp	x2, x3, [sp], #16

	ldp	x0, x1, [sp], #16

#endif /* CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY */

	.endm



	.macro mitigate_spectre_bhb_clear_insn

#ifdef CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY

alternative_cb	spectre_bhb_patch_clearbhb

	/* Patched to NOP when not supported */

	clearbhb

	isb

alternative_cb_end

#endif /* CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY */

	.endm

#endif	/* __ASM_ASSEMBLER_H */

arch/arm64/include/asm/cpufeature.h

+29 −0
Original line number Diff line number Diff line
@@ -637,6 +637,35 @@ static inline bool cpu_supports_mixed_endian_el0(void) 
	return id_aa64mmfr0_mixed_endian_el0(read_cpuid(ID_AA64MMFR0_EL1));

}





static inline bool supports_csv2p3(int scope)

{

	u64 pfr0;

	u8 csv2_val;



	if (scope == SCOPE_LOCAL_CPU)

		pfr0 = read_sysreg_s(SYS_ID_AA64PFR0_EL1);

	else

		pfr0 = read_sanitised_ftr_reg(SYS_ID_AA64PFR0_EL1);



	csv2_val = cpuid_feature_extract_unsigned_field(pfr0,

							ID_AA64PFR0_CSV2_SHIFT);

	return csv2_val == 3;

}



static inline bool supports_clearbhb(int scope)

{

	u64 isar2;



	if (scope == SCOPE_LOCAL_CPU)

		isar2 = read_sysreg_s(SYS_ID_AA64ISAR2_EL1);

	else

		isar2 = read_sanitised_ftr_reg(SYS_ID_AA64ISAR2_EL1);



	return cpuid_feature_extract_unsigned_field(isar2,

						    ID_AA64ISAR2_CLEARBHB_SHIFT);

}



const struct cpumask *system_32bit_el0_cpumask(void);

DECLARE_STATIC_KEY_FALSE(arm64_mismatched_32bit_el0);

arch/arm64/include/asm/cputype.h

+8 −0
Original line number Diff line number Diff line
@@ -73,10 +73,14 @@ 
#define ARM_CPU_PART_CORTEX_A76		0xD0B

#define ARM_CPU_PART_NEOVERSE_N1	0xD0C

#define ARM_CPU_PART_CORTEX_A77		0xD0D

#define ARM_CPU_PART_NEOVERSE_V1	0xD40

#define ARM_CPU_PART_CORTEX_A78		0xD41

#define ARM_CPU_PART_CORTEX_X1		0xD44

#define ARM_CPU_PART_CORTEX_A510	0xD46

#define ARM_CPU_PART_CORTEX_A710	0xD47

#define ARM_CPU_PART_CORTEX_X2		0xD48

#define ARM_CPU_PART_NEOVERSE_N2	0xD49

#define ARM_CPU_PART_CORTEX_A78C	0xD4B



#define APM_CPU_PART_POTENZA		0x000
@@ -117,10 +121,14 @@ 
#define MIDR_CORTEX_A76	MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A76)

#define MIDR_NEOVERSE_N1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N1)

#define MIDR_CORTEX_A77	MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A77)

#define MIDR_NEOVERSE_V1	MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_V1)

#define MIDR_CORTEX_A78	MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78)

#define MIDR_CORTEX_X1	MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X1)

#define MIDR_CORTEX_A510 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A510)

#define MIDR_CORTEX_A710 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A710)

#define MIDR_CORTEX_X2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X2)

#define MIDR_NEOVERSE_N2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N2)

#define MIDR_CORTEX_A78C	MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78C)

#define MIDR_THUNDERX	MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX)

#define MIDR_THUNDERX_81XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_81XX)

#define MIDR_THUNDERX_83XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_83XX)

arch/arm64/include/asm/fixmap.h

+4 −2
Original line number Diff line number Diff line
@@ -62,9 +62,11 @@ enum fixed_addresses { 
#endif /* CONFIG_ACPI_APEI_GHES */



#ifdef CONFIG_UNMAP_KERNEL_AT_EL0

	FIX_ENTRY_TRAMP_TEXT3,

	FIX_ENTRY_TRAMP_TEXT2,

	FIX_ENTRY_TRAMP_TEXT1,

	FIX_ENTRY_TRAMP_DATA,

	FIX_ENTRY_TRAMP_TEXT,

#define TRAMP_VALIAS		(__fix_to_virt(FIX_ENTRY_TRAMP_TEXT))

#define TRAMP_VALIAS		(__fix_to_virt(FIX_ENTRY_TRAMP_TEXT1))

#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */

	__end_of_permanent_fixed_addresses,