On Thu, Aug 01, 2019 at 10:50:11AM +0530, Viresh Kumar wrote:
On 31-07-19, 17:45, Mark Rutland wrote:
On Fri, Jul 12, 2019 at 10:58:12AM +0530, Viresh Kumar wrote:
From: Will Deacon will.deacon@arm.com
commit 0f15adbb2861ce6f75ccfc5a92b19eae0ef327d0 upstream.
Aliasing attacks against CPU branch predictors can allow an attacker to redirect speculative control flow on some CPUs and potentially divulge information from one context to another.
This patch adds initial skeleton code behind a new Kconfig option to enable implementation-specific mitigations against these attacks for CPUs that are affected.
Co-developed-by: Marc Zyngier marc.zyngier@arm.com Signed-off-by: Will Deacon will.deacon@arm.com Signed-off-by: Catalin Marinas catalin.marinas@arm.com [ v4.4: Changes made according to 4.4 codebase ] Signed-off-by: Viresh Kumar viresh.kumar@linaro.org
[...]
/* id_aa64pfr0 */ +#define ID_AA64PFR0_CSV2_SHIFT 56
Note: CSV3 is bits 63-60,
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 474b34243521..040a42d79990 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -83,7 +83,8 @@ static struct arm64_ftr_bits ftr_id_aa64isar0[] = { }; static struct arm64_ftr_bits ftr_id_aa64pfr0[] = {
- ARM64_FTR_BITS(FTR_STRICT, FTR_EXACT, 32, 32, 0),
- ARM64_FTR_BITS(FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR0_CSV2_SHIFT, 4, 0),
- ARM64_FTR_BITS(FTR_STRICT, FTR_EXACT, 32, 28, 0),
This line should be:
ARM64_FTR_BITS(FTR_STRICT, FTR_EXACT, 32, 24, 0),
... as it was in the v4.9 backbort, making it cover bits 55:32. As in this patch, it covers 59:32, overlapping with CSV2.
Fixed thanks.
We also need to cater for bits 63:60. In the v4.9 backport, the meltdown bits were applied first, so nothing special was necessary.
What's the plan w.r.t. meltdown mitigations and v4.4?
I haven't started looking at meltdown patches yet and so that will be done at a later point of time, if at all done by me. I have been asked to backport both Spectre and Meltdown though to 4.4.
Upstream and in v4.9, the meltdown patches came before the spectre patches, and doing this in the opposite order causes context problems like the above.
Given that, I think it would be less surprising to do the meltdown backport first, though I apprecaite that's more work to get these patches in. :/
Thanks, Mark.