Patch "arm64: errata: Fix KVM Spectre-v2 mitigation selection for Cortex-A57/A72" has been added to the 4.19-stable tree

From: <gregkh@linuxfoundation.org>
To: catalin.marinas@arm.com,gregkh@linuxfoundation.org,james.morse@arm.com,linux-arm-kernel@lists.infradead.org
Cc: <stable-commits@vger.kernel.org>
Subject: Patch "arm64: errata: Fix KVM Spectre-v2 mitigation selection for Cortex-A57/A72" has been added to the 4.19-stable tree
Date: Sat, 03 Dec 2022 14:55:03 +0100	[thread overview]
Message-ID: <1670075703238233@kroah.com> (raw)
In-Reply-To: <20221130182907.739150-3-james.morse@arm.com>


This is a note to let you know that I've just added the patch titled

    arm64: errata: Fix KVM Spectre-v2 mitigation selection for Cortex-A57/A72

to the 4.19-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     arm64-errata-fix-kvm-spectre-v2-mitigation-selection-for-cortex-a57-a72.patch
and it can be found in the queue-4.19 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


From foo@baz Sat Dec  3 02:31:45 PM CET 2022
From: James Morse <james.morse@arm.com>
Date: Wed, 30 Nov 2022 18:29:07 +0000
Subject: arm64: errata: Fix KVM Spectre-v2 mitigation selection for Cortex-A57/A72
To: stable@vger.kernel.org, linux-arm-kernel@lists.infradead.org
Cc: Catalin Marinas <catalin.marinas@arm.com>, James Morse <james.morse@arm.com>
Message-ID: <20221130182907.739150-3-james.morse@arm.com>

From: James Morse <james.morse@arm.com>

Both the Spectre-v2 and Spectre-BHB mitigations involve running a sequence
immediately after exiting a guest, before any branches. In the stable
kernels these sequences are built by copying templates into an empty vector
slot.

For Spectre-BHB, Cortex-A57 and A72 require the branchy loop with k=8.
If Spectre-v2 needs mitigating at the same time, a firmware call to EL3 is
needed. The work EL3 does at this point is also enough to mitigate
Spectre-BHB.

When enabling the Spectre-BHB mitigation, spectre_bhb_enable_mitigation()
should check if a slot has already been allocated for Spectre-v2, meaning
no work is needed for Spectre-BHB.

This check was missed in the earlier backport, add it.

Fixes: c20d55174479 ("arm64: Mitigate spectre style branch history side channels")
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/arm64/kernel/cpu_errata.c |    8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c
@@ -1246,7 +1246,13 @@ void spectre_bhb_enable_mitigation(const
 	} else if (spectre_bhb_loop_affected(SCOPE_LOCAL_CPU)) {
 		switch (spectre_bhb_loop_affected(SCOPE_SYSTEM)) {
 		case 8:
-			kvm_setup_bhb_slot(__spectre_bhb_loop_k8_start);
+			/*
+			 * A57/A72-r0 will already have selected the
+			 * spectre-indirect vector, which is sufficient
+			 * for BHB too.
+			 */
+			if (!__this_cpu_read(bp_hardening_data.fn))
+				kvm_setup_bhb_slot(__spectre_bhb_loop_k8_start);
 			break;
 		case 24:
 			kvm_setup_bhb_slot(__spectre_bhb_loop_k24_start);


Patches currently in stable-queue which might be from james.morse@arm.com are

queue-4.19/arm64-errata-fix-kvm-spectre-v2-mitigation-selection-for-cortex-a57-a72.patch
queue-4.19/arm64-fix-panic-when-spectre-v2-causes-spectre-bhb-to-re-allocate-kvm-vectors.patch

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
