Commit 0a21ac0d authored by Will Deacon's avatar Will Deacon
Browse files

Merge branch 'for-next/ghostbusters' into for-next/core 

Fix and subsequently rewrite Spectre mitigations, including the addition
of support for PR_SPEC_DISABLE_NOEXEC.

(Will Deacon and Marc Zyngier)
* for-next/ghostbusters: (22 commits)
  arm64: Add support for PR_SPEC_DISABLE_NOEXEC prctl() option
  arm64: Pull in task_stack_page() to Spectre-v4 mitigation code
  KVM: arm64: Allow patching EL2 vectors even with KASLR is not enabled
  arm64: Get rid of arm64_ssbd_state
  KVM: arm64: Convert ARCH_WORKAROUND_2 to arm64_get_spectre_v4_state()
  KVM: arm64: Get rid of kvm_arm_have_ssbd()
  KVM: arm64: Simplify handling of ARCH_WORKAROUND_2
  arm64: Rewrite Spectre-v4 mitigation code
  arm64: Move SSBD prctl() handler alongside other spectre mitigation code
  arm64: Rename ARM64_SSBD to ARM64_SPECTRE_V4
  arm64: Treat SSBS as a non-strict system feature
  arm64: Group start_thread() functions together
  KVM: arm64: Set CSV2 for guests on hardware unaffected by Spectre-v2
  arm64: Rewrite Spectre-v2 mitigation code
  arm64: Introduce separate file for spectre mitigations and reporting
  arm64: Rename ARM64_HARDEN_BRANCH_PREDICTOR to ARM64_SPECTRE_V2
  KVM: arm64: Simplify install_bp_hardening_cb()
  KVM: arm64: Replace CONFIG_KVM_INDIRECT_VECTORS with CONFIG_RANDOMIZE_BASE
  arm64: Remove Spectre-related CONFIG_* options
  arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs
  ...
parents 57b8b1b4 780c083a

arch/arm64/Kconfig

+0 −26
Original line number Diff line number Diff line
@@ -1172,32 +1172,6 @@ config UNMAP_KERNEL_AT_EL0 


	  If unsure, say Y.



config HARDEN_BRANCH_PREDICTOR

	bool "Harden the branch predictor against aliasing attacks" if EXPERT

	default y

	help

	  Speculation attacks against some high-performance processors rely on

	  being able to manipulate the branch predictor for a victim context by

	  executing aliasing branches in the attacker context.  Such attacks

	  can be partially mitigated against by clearing internal branch

	  predictor state and limiting the prediction logic in some situations.



	  This config option will take CPU-specific actions to harden the

	  branch predictor against aliasing attacks and may rely on specific

	  instruction sequences or control bits being set by the system

	  firmware.



	  If unsure, say Y.



config ARM64_SSBD

	bool "Speculative Store Bypass Disable" if EXPERT

	default y

	help

	  This enables mitigation of the bypassing of previous stores

	  by speculative loads.



	  If unsure, say Y.



config RODATA_FULL_DEFAULT_ENABLED

	bool "Apply r/o permissions of VM areas also to their linear aliases"

	default y

arch/arm64/include/asm/cpucaps.h

+2 −2
Original line number Diff line number Diff line
@@ -31,13 +31,13 @@ 
#define ARM64_HAS_DCPOP				21

#define ARM64_SVE				22

#define ARM64_UNMAP_KERNEL_AT_EL0		23

#define ARM64_HARDEN_BRANCH_PREDICTOR		24

#define ARM64_SPECTRE_V2			24

#define ARM64_HAS_RAS_EXTN			25

#define ARM64_WORKAROUND_843419			26

#define ARM64_HAS_CACHE_IDC			27

#define ARM64_HAS_CACHE_DIC			28

#define ARM64_HW_DBM				29

#define ARM64_SSBD				30

#define ARM64_SPECTRE_V4			30

#define ARM64_MISMATCHED_CACHE_TYPE		31

#define ARM64_HAS_STAGE2_FWB			32

#define ARM64_HAS_CRC32				33

arch/arm64/include/asm/cpufeature.h

+0 −24
Original line number Diff line number Diff line
@@ -698,30 +698,6 @@ static inline bool system_supports_tlb_range(void) 
		cpus_have_const_cap(ARM64_HAS_TLB_RANGE);

}



#define ARM64_BP_HARDEN_UNKNOWN		-1

#define ARM64_BP_HARDEN_WA_NEEDED	0

#define ARM64_BP_HARDEN_NOT_REQUIRED	1



int get_spectre_v2_workaround_state(void);



#define ARM64_SSBD_UNKNOWN		-1

#define ARM64_SSBD_FORCE_DISABLE	0

#define ARM64_SSBD_KERNEL		1

#define ARM64_SSBD_FORCE_ENABLE		2

#define ARM64_SSBD_MITIGATED		3



static inline int arm64_get_ssbd_state(void)

{

#ifdef CONFIG_ARM64_SSBD

	extern int ssbd_state;

	return ssbd_state;

#else

	return ARM64_SSBD_UNKNOWN;

#endif

}



void arm64_set_ssbd_mitigation(bool state);



extern int do_emulate_mrs(struct pt_regs *regs, u32 sys_reg, u32 rt);



static inline u32 id_aa64mmfr0_parange_to_phys_shift(int parange)

arch/arm64/include/asm/kvm_asm.h

+0 −5
Original line number Diff line number Diff line
@@ -9,9 +9,6 @@ 


#include <asm/virt.h>



#define	VCPU_WORKAROUND_2_FLAG_SHIFT	0

#define	VCPU_WORKAROUND_2_FLAG		(_AC(1, UL) << VCPU_WORKAROUND_2_FLAG_SHIFT)



#define ARM_EXIT_WITH_SERROR_BIT  31

#define ARM_EXCEPTION_CODE(x)	  ((x) & ~(1U << ARM_EXIT_WITH_SERROR_BIT))

#define ARM_EXCEPTION_IS_TRAP(x)  (ARM_EXCEPTION_CODE((x)) == ARM_EXCEPTION_TRAP)
@@ -102,11 +99,9 @@ DECLARE_KVM_HYP_SYM(__kvm_hyp_vector); 
#define __kvm_hyp_init		CHOOSE_NVHE_SYM(__kvm_hyp_init)

#define __kvm_hyp_vector	CHOOSE_HYP_SYM(__kvm_hyp_vector)



#ifdef CONFIG_KVM_INDIRECT_VECTORS

extern atomic_t arm64_el2_vector_last_slot;

DECLARE_KVM_HYP_SYM(__bp_harden_hyp_vecs);

#define __bp_harden_hyp_vecs	CHOOSE_HYP_SYM(__bp_harden_hyp_vecs)

#endif



extern void __kvm_flush_vm_context(void);

extern void __kvm_tlb_flush_vmid_ipa(struct kvm_s2_mmu *mmu, phys_addr_t ipa,

arch/arm64/include/asm/kvm_emulate.h

+0 −14
Original line number Diff line number Diff line
@@ -383,20 +383,6 @@ static inline unsigned long kvm_vcpu_get_mpidr_aff(struct kvm_vcpu *vcpu) 
	return vcpu_read_sys_reg(vcpu, MPIDR_EL1) & MPIDR_HWID_BITMASK;

}



static inline bool kvm_arm_get_vcpu_workaround_2_flag(struct kvm_vcpu *vcpu)

{

	return vcpu->arch.workaround_flags & VCPU_WORKAROUND_2_FLAG;

}



static inline void kvm_arm_set_vcpu_workaround_2_flag(struct kvm_vcpu *vcpu,

						      bool flag)

{

	if (flag)

		vcpu->arch.workaround_flags |= VCPU_WORKAROUND_2_FLAG;

	else

		vcpu->arch.workaround_flags &= ~VCPU_WORKAROUND_2_FLAG;

}



static inline void kvm_vcpu_set_be(struct kvm_vcpu *vcpu)

{

	if (vcpu_mode_is_32bit(vcpu)) {

CRA Git | Maintained and supported by SUSTech CRA and CCSE