From patchwork Thu Aug 30 09:26:06 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paolo Pisati <paolo.pisati@canonical.com>
X-Patchwork-Id: 963808
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 421HDR2H6Kz9s0n;
	Thu, 30 Aug 2018 19:26:15 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fvJDN-0002qv-EL; Thu, 30 Aug 2018 09:26:09 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <paolo.pisati@canonical.com>)
	id 1fvJDL-0002qp-87
	for kernel-team@lists.ubuntu.com; Thu, 30 Aug 2018 09:26:07 +0000
Received: from 1.general.ppisati.uk.vpn ([10.172.193.134] helo=canonical.com)
	by youngberry.canonical.com with esmtpsa
	(TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76)
	(envelope-from <paolo.pisati@canonical.com>) id 1fvJDK-0006BH-Vd
	for kernel-team@lists.ubuntu.com; Thu, 30 Aug 2018 09:26:07 +0000
Date: Thu, 30 Aug 2018 11:26:06 +0200
From: Paolo Pisati <paolo.pisati@canonical.com>
To: Ubuntu Kernel Team <kernel-team@lists.ubuntu.com>
Subject: [SRU][B/master-next] arm64: Spectre v4 mitigation
Message-ID: <20180830092606.GA2864@harukaze>
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.5.24 (2015-08-30)
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

BugLink: https://bugs.launchpad.net/bugs/1787993

[Impact]
Spectre v4 mitigation (Speculative Store Bypass Disable) for arm64
was implemented in the Arm Trusted Firmware with SMCCC v1.1 and
SMCCC_ARCH_WORKAROUND_2[1, 2].

This patch series implements the Linux kernel side of the "Spectre-v4"
mitigation.

[Fix]

Original fix:
http://lkml.iu.edu/hypermail/linux/kernel/1805.2/05868.html

This patchset is a cherry pick of those patches (and prerequisistes) from the
stable / linux-4.14.y tree, forward ported to our Bionic kernel.

[Test]

Boot a patched kernel and add on the cmdline:

ssbd=force-on

on dmesg you should see something like:

[ 0.779901] ssbd: forced from command-line

Same goes for the off case:

ssbd=force-off

[ 0.781002] ssbd: disabled from command-line

[Regression Potential]

Since it's "new code" to our Bionic kernel, there's some regression potential,
but it was a clean pick from linux-4.14.y without almost any modification (except
for some mechanical diff to make it apply).

1: https://developer.arm.com/cache-speculation-vulnerability-firmware-specification
2: https://github.com/ARM-software/arm-trusted-firmware/pull/1392

The following changes since commit eb8e0abeb302275fe7328b10c3f6374abcb70d83:

  UBUNTU: Start new release (2018-08-28 10:09:44 -0700)

are available in the git repository at:

  git://git.launchpad.net/~p-pisati/ubuntu/+source/linux b-master-next-spectrev4

for you to fetch changes up to b943fd8c926a0e64dd1d498216c0844f102126d1:

  UBUNTU: [Config] ARM64_SSBD=y (2018-08-30 10:33:58 +0200)

----------------------------------------------------------------
Christoffer Dall (1):
      KVM: arm64: Avoid storing the vcpu pointer on the stack

Marc Zyngier (16):
      arm64: alternatives: Add dynamic patching feature
      KVM: arm/arm64: Do not use kern_hyp_va() with kvm_vgic_global_state
      arm/arm64: smccc: Add SMCCC-specific return codes
      arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1
      arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2
      arm64: Add ARCH_WORKAROUND_2 probing
      arm64: Add 'ssbd' command-line option
      arm64: ssbd: Add global mitigation state accessor
      arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation
      arm64: ssbd: Restore mitigation status on CPU resume
      arm64: ssbd: Introduce thread flag to control userspace mitigation
      arm64: ssbd: Add prctl interface for per-thread mitigation
      arm64: KVM: Add HYP per-cpu accessors
      arm64: KVM: Add ARCH_WORKAROUND_2 support for guests
      arm64: KVM: Handle guest's ARCH_WORKAROUND_2 requests
      arm64: KVM: Add ARCH_WORKAROUND_2 discovery through ARCH_FEATURES_FUNC_ID

Paolo Pisati (1):
      UBUNTU: [Config] ARM64_SSBD=y

 Documentation/admin-guide/kernel-parameters.txt |  17 +++
 arch/arm/include/asm/kvm_host.h                 |  12 ++
 arch/arm/include/asm/kvm_mmu.h                  |  12 ++
 arch/arm64/Kconfig                              |   9 ++
 arch/arm64/include/asm/alternative.h            |  41 +++++-
 arch/arm64/include/asm/cpucaps.h                |   3 +-
 arch/arm64/include/asm/cpufeature.h             |  22 +++
 arch/arm64/include/asm/kvm_asm.h                |  41 ++++++
 arch/arm64/include/asm/kvm_host.h               |  41 ++++++
 arch/arm64/include/asm/kvm_mmu.h                |  44 ++++++
 arch/arm64/include/asm/thread_info.h            |   1 +
 arch/arm64/kernel/Makefile                      |   1 +
 arch/arm64/kernel/alternative.c                 |  43 ++++--
 arch/arm64/kernel/asm-offsets.c                 |   2 +
 arch/arm64/kernel/cpu_errata.c                  | 180 ++++++++++++++++++++++++
 arch/arm64/kernel/entry.S                       |  30 ++++
 arch/arm64/kernel/hibernate.c                   |  11 ++
 arch/arm64/kernel/ssbd.c                        | 108 ++++++++++++++
 arch/arm64/kernel/suspend.c                     |   8 ++
 arch/arm64/kvm/hyp/entry.S                      |   6 +-
 arch/arm64/kvm/hyp/hyp-entry.S                  |  66 ++++++---
 arch/arm64/kvm/hyp/switch.c                     |  43 +++++-
 arch/arm64/kvm/hyp/sysreg-sr.c                  |   5 +
 arch/arm64/kvm/reset.c                          |   4 +
 debian.master/config/config.common.ubuntu       |   1 +
 include/linux/arm-smccc.h                       |  10 ++
 virt/kvm/arm/arm.c                              |   4 +
 virt/kvm/arm/hyp/vgic-v2-sr.c                   |   2 +-
 virt/kvm/arm/psci.c                             |  18 ++-
 29 files changed, 738 insertions(+), 47 deletions(-)
 create mode 100644 arch/arm64/kernel/ssbd.c
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>