Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp186396imu; Wed, 21 Nov 2018 17:50:31 -0800 (PST) X-Google-Smtp-Source: AFSGD/WfXZhVAJnM3K/E5OeMXrwEy05wxtAcXl8PIKR9Yu27o/r7zUj6uuOFNGYcLe2hK9jelLn/ X-Received: by 2002:a17:902:f44:: with SMTP id 62mr6979521ply.38.1542851431092; Wed, 21 Nov 2018 17:50:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542851431; cv=none; d=google.com; s=arc-20160816; b=wV1aO0up9uclrSnZ8HyetoquyE4H4hIF9JZnT8Gr9F3h3pI4WzgPwdO8caT0jW/CiF IYix3Knyv98xoUXUBTfoCpTRpi/nW+XBXpUEjvk3I5g80DZSG2Pa2XTDY+CNdMlhSklg wtl2owy45drjUTduhIn48h7eYfpNYkf+RlKOkc1q9xkREYepEq/gArrVN5esUSIukPFr wrZER2iN+QzjHxySmAE2VATiUvk6DUqqDOHqAdr9YMVQlow8V0OMbSZhbcX6OhXActgx rJc0jMf9m8/bBBssBahdVAT6xmgHrzGJh1wV6RXdaHwnHuBoGqNsD7QjH7TAhp/nEr+8 z32A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=W209muZcijZquKbRQ5i4OnjJ9VCXt15GTqOEKtWv0kY=; b=zI8SPDrfGdqxDwYD9PrT6/661Us7Gakrp0AtdZSAX0P7CXicLpNakg8ZToMGW4P6ZN 4RU1tuFiV3d7SH9zN0y2oTS5pVws0FIQ5NHAwDWlm4F9QYArswBblXkvxdEGRZKT4W5T MLuB+ar4MRL3NohmzNZuLm46Pok16sboLpWBKyz3g1DGYi0u9GDzhvBniVNvZmToUixc jHiZqDYhBHJo8kTFPD3cU3O4KSpsqIk3UVTymmfEzz1v9i8gaNYZu31tGptDb7Zth7XD npfvq7Af4y7CZifZiT1L//fsWQ0mCBrmOqajJkjTHoD9tJqf+gbU1xQwJIXwRmi3kixu fnxw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=O4ehgeaj; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y2si45549994pgl.148.2018.11.21.17.49.42; Wed, 21 Nov 2018 17:50:31 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=O4ehgeaj; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388923AbeKVFqp (ORCPT + 99 others); Thu, 22 Nov 2018 00:46:45 -0500 Received: from mail.kernel.org ([198.145.29.99]:42036 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730565AbeKVFqn (ORCPT ); Thu, 22 Nov 2018 00:46:43 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 93349206BB; Wed, 21 Nov 2018 19:11:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1542827470; bh=0V+EcljG7uTtMeKojsAE9ahLzUrXKeJe4pmeaN2Sf+I=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=O4ehgeajRFQq9TCGw1gblpca6EdjLcDFnRzo5Uf5XIKuIh/ttYCuK7CDuxPsazecw Ge15s8tv6GLPbBjZqchqAcopwVbGWNQZ/tl+VRPA8FeY0k8/tx8gmsw8Njtl5ggYVe 73ni1GKLNpMkSWzSdeysDI5vOjGRajgsQwj8Hdo0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Russell King , Tony Lindgren , Marc Zyngier , "David A. Long" Subject: [PATCH 4.9 44/59] ARM: spectre-v2: add firmware based hardening Date: Wed, 21 Nov 2018 20:06:59 +0100 Message-Id: <20181121183510.003048339@linuxfoundation.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181121183508.262873520@linuxfoundation.org> References: <20181121183508.262873520@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Russell King Commit 10115105cb3aa17b5da1cb726ae8dd5f6854bd93 upstream. Commit 6282e916f774e37845c65d1eae9f8c649004f033 upstream. Add firmware based hardening for cores that require more complex handling in firmware. Signed-off-by: Russell King Boot-tested-by: Tony Lindgren Reviewed-by: Tony Lindgren Reviewed-by: Marc Zyngier Signed-off-by: David A. Long Signed-off-by: Greg Kroah-Hartman --- arch/arm/mm/proc-v7-bugs.c | 60 +++++++++++++++++++++++++++++++++++++++++++++ arch/arm/mm/proc-v7.S | 21 +++++++++++++++ 2 files changed, 81 insertions(+) --- a/arch/arm/mm/proc-v7-bugs.c +++ b/arch/arm/mm/proc-v7-bugs.c @@ -1,14 +1,20 @@ // SPDX-License-Identifier: GPL-2.0 +#include #include +#include #include #include #include +#include #include #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR DEFINE_PER_CPU(harden_branch_predictor_fn_t, harden_branch_predictor_fn); +extern void cpu_v7_smc_switch_mm(phys_addr_t pgd_phys, struct mm_struct *mm); +extern void cpu_v7_hvc_switch_mm(phys_addr_t pgd_phys, struct mm_struct *mm); + static void harden_branch_predictor_bpiall(void) { write_sysreg(0, BPIALL); @@ -19,6 +25,16 @@ static void harden_branch_predictor_icia write_sysreg(0, ICIALLU); } +static void __maybe_unused call_smc_arch_workaround_1(void) +{ + arm_smccc_1_1_smc(ARM_SMCCC_ARCH_WORKAROUND_1, NULL); +} + +static void __maybe_unused call_hvc_arch_workaround_1(void) +{ + arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_WORKAROUND_1, NULL); +} + static void cpu_v7_spectre_init(void) { const char *spectre_v2_method = NULL; @@ -45,7 +61,51 @@ static void cpu_v7_spectre_init(void) harden_branch_predictor_iciallu; spectre_v2_method = "ICIALLU"; break; + +#ifdef CONFIG_ARM_PSCI + default: + /* Other ARM CPUs require no workaround */ + if (read_cpuid_implementor() == ARM_CPU_IMP_ARM) + break; + /* fallthrough */ + /* Cortex A57/A72 require firmware workaround */ + case ARM_CPU_PART_CORTEX_A57: + case ARM_CPU_PART_CORTEX_A72: { + struct arm_smccc_res res; + + if (psci_ops.smccc_version == SMCCC_VERSION_1_0) + break; + + switch (psci_ops.conduit) { + case PSCI_CONDUIT_HVC: + arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, + ARM_SMCCC_ARCH_WORKAROUND_1, &res); + if ((int)res.a0 != 0) + break; + per_cpu(harden_branch_predictor_fn, cpu) = + call_hvc_arch_workaround_1; + processor.switch_mm = cpu_v7_hvc_switch_mm; + spectre_v2_method = "hypervisor"; + break; + + case PSCI_CONDUIT_SMC: + arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, + ARM_SMCCC_ARCH_WORKAROUND_1, &res); + if ((int)res.a0 != 0) + break; + per_cpu(harden_branch_predictor_fn, cpu) = + call_smc_arch_workaround_1; + processor.switch_mm = cpu_v7_smc_switch_mm; + spectre_v2_method = "firmware"; + break; + + default: + break; + } } +#endif + } + if (spectre_v2_method) pr_info("CPU%u: Spectre v2: using %s workaround\n", smp_processor_id(), spectre_v2_method); --- a/arch/arm/mm/proc-v7.S +++ b/arch/arm/mm/proc-v7.S @@ -9,6 +9,7 @@ * * This is the "shell" of the ARMv7 processor support. */ +#include #include #include #include @@ -88,6 +89,26 @@ ENTRY(cpu_v7_dcache_clean_area) ret lr ENDPROC(cpu_v7_dcache_clean_area) +#ifdef CONFIG_ARM_PSCI + .arch_extension sec +ENTRY(cpu_v7_smc_switch_mm) + stmfd sp!, {r0 - r3} + movw r0, #:lower16:ARM_SMCCC_ARCH_WORKAROUND_1 + movt r0, #:upper16:ARM_SMCCC_ARCH_WORKAROUND_1 + smc #0 + ldmfd sp!, {r0 - r3} + b cpu_v7_switch_mm +ENDPROC(cpu_v7_smc_switch_mm) + .arch_extension virt +ENTRY(cpu_v7_hvc_switch_mm) + stmfd sp!, {r0 - r3} + movw r0, #:lower16:ARM_SMCCC_ARCH_WORKAROUND_1 + movt r0, #:upper16:ARM_SMCCC_ARCH_WORKAROUND_1 + hvc #0 + ldmfd sp!, {r0 - r3} + b cpu_v7_switch_mm +ENDPROC(cpu_v7_hvc_switch_mm) +#endif ENTRY(cpu_v7_iciallu_switch_mm) mov r3, #0 mcr p15, 0, r3, c7, c5, 0 @ ICIALLU