Please consider the following two patches for inclusion in 4.14.
The second patch fixes a boot issue on ThunderX when erratum 27456 is enabled. Without it, KPTI is not turned off due to the incorrect order of evaluating features and errata which leads to all sorts of problems.
Dirk Mueller (1): arm64: Check for errata before evaluating cpu features
Mark Rutland (1): arm64: add sentinel to kpti_safe_list
arch/arm64/kernel/cpufeature.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)
From: Mark Rutland mark.rutland@arm.com
commit 71c751f2a43fa03fae3cf5f0067ed3001a397013 upstream.
We're missing a sentinel entry in kpti_safe_list. Thus is_midr_in_range_list() can walk past the end of kpti_safe_list. Depending on the contents of memory, this could erroneously match a CPU's MIDR, cause a data abort, or other bad outcomes.
Add the sentinel entry to avoid this.
Fixes: be5b299830c63ed7 ("arm64: capabilities: Add support for checks based on a list of MIDRs") Signed-off-by: Mark Rutland mark.rutland@arm.com Reported-by: Jan Kiszka jan.kiszka@siemens.com Tested-by: Jan Kiszka jan.kiszka@siemens.com Reviewed-by: Suzuki K Poulose suzuki.poulose@arm.com Cc: Catalin Marinas catalin.marinas@arm.com Cc: Suzuki K Poulose suzuki.poulose@arm.com Cc: Will Deacon will.deacon@arm.com Signed-off-by: Will Deacon will.deacon@arm.com Signed-off-by: Juerg Haefliger juergh@canonical.com --- arch/arm64/kernel/cpufeature.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 60066315d669..ae28979676c1 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -836,6 +836,7 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, MIDR_ALL_VERSIONS(MIDR_CORTEX_A57), MIDR_ALL_VERSIONS(MIDR_CORTEX_A72), MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), + { /* sentinel */ } }; char const *str = "kpti command line option"; bool meltdown_safe;
From: Dirk Mueller dmueller@suse.com
commit dc0e36581eb2da1aa3c63ceeff0f10ef1e899b2a upstream.
Since commit d3aec8a28be3b8 ("arm64: capabilities: Restrict KPTI detection to boot-time CPUs") we rely on errata flags being already populated during feature enumeration. The order of errata and features was flipped as part of commit ed478b3f9e4a ("arm64: capabilities: Group handling of features and errata workarounds").
Return to the orginal order of errata and feature evaluation to ensure errata flags are present during feature evaluation.
Fixes: ed478b3f9e4a ("arm64: capabilities: Group handling of features and errata workarounds") CC: Suzuki K Poulose suzuki.poulose@arm.com CC: Marc Zyngier marc.zyngier@arm.com Signed-off-by: Dirk Mueller dmueller@suse.com Reviewed-by: Suzuki K Poulose suzuki.poulose@arm.com Signed-off-by: Will Deacon will.deacon@arm.com Signed-off-by: Juerg Haefliger juergh@canonical.com --- arch/arm64/kernel/cpufeature.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index ae28979676c1..09c6499bc500 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -1278,9 +1278,9 @@ static void __update_cpu_capabilities(const struct arm64_cpu_capabilities *caps,
static void update_cpu_capabilities(u16 scope_mask) { - __update_cpu_capabilities(arm64_features, scope_mask, "detected:"); __update_cpu_capabilities(arm64_errata, scope_mask, "enabling workaround for"); + __update_cpu_capabilities(arm64_features, scope_mask, "detected:"); }
static int __enable_cpu_capability(void *arg) @@ -1335,8 +1335,8 @@ __enable_cpu_capabilities(const struct arm64_cpu_capabilities *caps,
static void __init enable_cpu_capabilities(u16 scope_mask) { - __enable_cpu_capabilities(arm64_features, scope_mask); __enable_cpu_capabilities(arm64_errata, scope_mask); + __enable_cpu_capabilities(arm64_features, scope_mask); }
/*
On Thu, Jan 16, 2020 at 10:14:20AM +0100, Juerg Haefliger wrote:
Please consider the following two patches for inclusion in 4.14.
The second patch fixes a boot issue on ThunderX when erratum 27456 is enabled. Without it, KPTI is not turned off due to the incorrect order of evaluating features and errata which leads to all sorts of problems.
Dirk Mueller (1): arm64: Check for errata before evaluating cpu features
Mark Rutland (1): arm64: add sentinel to kpti_safe_list
arch/arm64/kernel/cpufeature.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)
Both now queued up, thanks.
greg k-h
linux-stable-mirror@lists.linaro.org
-
Greg KH -
Juerg Haefliger