From: Sasha Levin <sashal@kernel.org>
To: patches@lists.linux.dev, stable@vger.kernel.org
Cc: Mark Rutland <mark.rutland@arm.com>,
James Morse <james.morse@arm.com>, Will Deacon <will@kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Ryan Roberts <ryan.roberts@arm.com>,
Sasha Levin <sashal@kernel.org>,
linux-arm-kernel@lists.infradead.org
Subject: [PATCH AUTOSEL 6.17-6.16] arm64: errata: Apply workarounds for Neoverse-V3AE
Date: Thu, 2 Oct 2025 11:30:19 -0400 [thread overview]
Message-ID: <20251002153025.2209281-32-sashal@kernel.org> (raw)
In-Reply-To: <20251002153025.2209281-1-sashal@kernel.org>
From: Mark Rutland <mark.rutland@arm.com>
[ Upstream commit 0c33aa1804d101c11ba1992504f17a42233f0e11 ]
Neoverse-V3AE is also affected by erratum #3312417, as described in its
Software Developer Errata Notice (SDEN) document:
Neoverse V3AE (MP172) SDEN v9.0, erratum 3312417
https://developer.arm.com/documentation/SDEN-2615521/9-0/
Enable the workaround for Neoverse-V3AE, and document this.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: James Morse <james.morse@arm.com>
Cc: Will Deacon <will@kernel.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Ryan Roberts <ryan.roberts@arm.com>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
LLM Generated explanations, may be completely bogus:
Based on my comprehensive analysis, here is my determination:
## **Backport Status: YES**
### Detailed Analysis
#### 1. **Nature of the Fix**
This commit adds ARM Neoverse-V3AE to the existing workaround for
erratum 3194386/3312417, which addresses a **speculative execution
vulnerability** related to SSBS (Speculative Store Bypass Safe). The
erratum description states: "MSR SSBS, #0 instructions may not affect
subsequent speculative instructions, which may permit unexpected
speculative store bypassing." This is a security-related issue similar
to Spectre v4.
#### 2. **Code Changes Analysis**
The changes are **minimal and surgical**:
- **Documentation** (`silicon-errata.rst`): Adds 1 table entry
documenting Neoverse-V3AE erratum 3312417
- **Kconfig** (`arch/arm64/Kconfig`): Adds 1 line to the list of
affected CPUs in the ARM64_ERRATUM_3194386 help text
- **Errata code** (`cpu_errata.c`): Adds 1 line
`MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V3AE)` to the
`erratum_spec_ssbs_list[]` array
This simply registers a new CPU variant to an existing, well-tested
workaround infrastructure.
#### 3. **Established Backporting Pattern**
The erratum 3194386 infrastructure has a **clear history of being
expanded and backported**:
- Base erratum introduced in v6.10 (commit 7187bb7d0b5c7)
- First expansion in v6.11 (commit 75b3c43eab594) - **backported to
v6.10.x**
- Second expansion in v6.11 (commit adeec61a4723f) - **backported to
v6.10.x**
- Third expansion in v6.12 (commit 081eb7932c2b2) - **backported to
v6.11.x**
The backport commits show `Signed-off-by: Sasha Levin
<sashal@kernel.org>`, confirming stable team involvement. This
establishes that ARM errata workarounds for speculative execution are
**routinely backported**.
#### 4. **Risk Assessment: VERY LOW**
- **No architectural changes** - uses existing workaround mechanism
- **No new code paths** - just adds a CPU ID to a matching list
- **Zero impact if hardware not present** - the MIDR check only triggers
on affected CPUs
- **Well-contained** - changes are confined to ARM64 errata subsystem
- **Already tested** - the workaround logic is proven on 20+ other ARM
cores with the same erratum
#### 5. **Dependencies**
This commit depends on `3bbf004c4808e` ("arm64: cputype: Add
Neoverse-V3AE definitions") which adds the `MIDR_NEOVERSE_V3AE`
constant. Both commits are part of the same September 2025 patch series
and should be backported together as a pair.
#### 6. **User Impact**
- **Security**: Users with Neoverse-V3AE CPUs are vulnerable to
speculative store bypass attacks without this fix
- **Hardware availability**: ARM has published SDEN v9.0 for
Neoverse-V3AE (MP172), indicating this hardware exists or will exist
in production systems
- **Protection**: The workaround places speculation barriers after SSBS
changes to prevent information leakage
#### 7. **Stable Kernel Criteria Compliance**
✅ **Fixes important bug** - Security/speculative execution vulnerability
✅ **Small and contained** - 3 single-line additions
✅ **No new features** - Just hardware support
✅ **Minimal regression risk** - Uses proven infrastructure
✅ **Clear benefit** - Protects affected hardware
### Recommendation
**STRONGLY RECOMMEND BACKPORTING** this commit along with its dependency
(3bbf004c4808e) to all stable kernels that contain the base
ARM64_ERRATUM_3194386 infrastructure (v6.10+). This follows the
established pattern for ARM errata workarounds and provides essential
security protection for Neoverse-V3AE hardware.
Documentation/arch/arm64/silicon-errata.rst | 2 ++
arch/arm64/Kconfig | 1 +
arch/arm64/kernel/cpu_errata.c | 1 +
3 files changed, 4 insertions(+)
diff --git a/Documentation/arch/arm64/silicon-errata.rst b/Documentation/arch/arm64/silicon-errata.rst
index b18ef4064bc04..a7ec57060f64f 100644
--- a/Documentation/arch/arm64/silicon-errata.rst
+++ b/Documentation/arch/arm64/silicon-errata.rst
@@ -200,6 +200,8 @@ stable kernels.
+----------------+-----------------+-----------------+-----------------------------+
| ARM | Neoverse-V3 | #3312417 | ARM64_ERRATUM_3194386 |
+----------------+-----------------+-----------------+-----------------------------+
+| ARM | Neoverse-V3AE | #3312417 | ARM64_ERRATUM_3194386 |
++----------------+-----------------+-----------------+-----------------------------+
| ARM | MMU-500 | #841119,826419 | ARM_SMMU_MMU_500_CPRE_ERRATA|
| | | #562869,1047329 | |
+----------------+-----------------+-----------------+-----------------------------+
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index e9bbfacc35a64..93f391e67af15 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -1138,6 +1138,7 @@ config ARM64_ERRATUM_3194386
* ARM Neoverse-V1 erratum 3324341
* ARM Neoverse V2 erratum 3324336
* ARM Neoverse-V3 erratum 3312417
+ * ARM Neoverse-V3AE erratum 3312417
On affected cores "MSR SSBS, #0" instructions may not affect
subsequent speculative instructions, which may permit unexepected
diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
index 59d723c9ab8f5..21f86c160aab2 100644
--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c
@@ -545,6 +545,7 @@ static const struct midr_range erratum_spec_ssbs_list[] = {
MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V1),
MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V2),
MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V3),
+ MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V3AE),
{}
};
#endif
--
2.51.0
next prev parent reply other threads:[~2025-10-02 15:31 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-02 15:29 [PATCH AUTOSEL 6.17-5.4] hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Sasha Levin
2025-10-02 15:29 ` [PATCH AUTOSEL 6.17-6.12] arm64: sysreg: Correct sign definitions for EIESB and DoubleLock Sasha Levin
2025-10-02 15:29 ` [PATCH AUTOSEL 6.17-5.4] hfs: clear offset and space out of valid records in b-tree node Sasha Levin
2025-10-02 15:29 ` [PATCH AUTOSEL 6.17-5.4] hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Sasha Levin
2025-10-02 15:29 ` [PATCH AUTOSEL 6.17-6.1] powerpc/32: Remove PAGE_KERNEL_TEXT to fix startup failure Sasha Levin
2025-10-02 15:29 ` [PATCH AUTOSEL 6.17-5.4] m68k: bitops: Fix find_*_bit() signatures Sasha Levin
2025-10-02 15:29 ` [PATCH AUTOSEL 6.17] smb: client: make use of ib_wc_status_msg() and skip IB_WC_WR_FLUSH_ERR logging Sasha Levin
2025-10-02 15:29 ` [PATCH AUTOSEL 6.17-6.16] arm64: realm: ioremap: Allow mapping memory as encrypted Sasha Levin
2025-10-02 16:43 ` Suzuki K Poulose
2025-10-21 15:38 ` Sasha Levin
2025-10-02 15:29 ` [PATCH AUTOSEL 6.17-6.12] gfs2: Fix unlikely race in gdlm_put_lock Sasha Levin
2025-10-02 15:29 ` [PATCH AUTOSEL 6.17-6.1] smb: server: let smb_direct_flush_send_list() invalidate a remote key first Sasha Levin
2025-10-02 15:29 ` [PATCH AUTOSEL 6.17-5.15] nios2: ensure that memblock.current_limit is set when setting pfn limits Sasha Levin
2025-10-02 15:29 ` [PATCH AUTOSEL 6.17-6.12] s390/mm: Use __GFP_ACCOUNT for user page table allocations Sasha Levin
2025-10-02 15:30 ` [PATCH AUTOSEL 6.17-6.16] riscv: mm: Return intended SATP mode for noXlvl options Sasha Levin
2025-10-02 15:30 ` [PATCH AUTOSEL 6.17-6.16] gfs2: Fix LM_FLAG_TRY* logic in add_to_queue Sasha Levin
2025-10-02 15:30 ` [PATCH AUTOSEL 6.17-6.16] dlm: move to rinfo for all middle conversion cases Sasha Levin
2025-10-02 15:30 ` [PATCH AUTOSEL 6.17-5.4] hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() Sasha Levin
2025-10-02 15:30 ` [PATCH AUTOSEL 6.17-5.4] exec: Fix incorrect type for ret Sasha Levin
2025-10-02 15:30 ` [PATCH AUTOSEL 6.17-5.4] hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() Sasha Levin
2025-10-02 15:30 ` [PATCH AUTOSEL 6.17-6.1] lkdtm: fortify: Fix potential NULL dereference on kmalloc failure Sasha Levin
2025-10-02 15:30 ` [PATCH AUTOSEL 6.17-6.16] riscv: mm: Use mmu-type from FDT to limit SATP mode Sasha Levin
2025-10-02 15:30 ` [PATCH AUTOSEL 6.17-6.6] Unbreak 'make tools/*' for user-space targets Sasha Levin
2025-10-02 15:30 ` [PATCH AUTOSEL 6.17-5.4] hfs: make proper initalization of struct hfs_find_data Sasha Levin
2025-10-02 15:30 ` [PATCH AUTOSEL 6.17-5.4] hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() Sasha Levin
2025-10-02 15:30 ` [PATCH AUTOSEL 6.17-6.16] riscv: cpufeature: add validation for zfa, zfh and zfhmin Sasha Levin
2025-10-02 15:30 ` [PATCH AUTOSEL 6.17-6.12] PCI: Test for bit underflow in pcie_set_readrq() Sasha Levin
2025-10-02 15:30 ` [PATCH AUTOSEL 6.17-6.16] s390/pkey: Forward keygenflags to ep11_unwrapkey Sasha Levin
2025-10-02 15:30 ` [PATCH AUTOSEL 6.17-6.6] drivers/perf: hisi: Relax the event ID check in the framework Sasha Levin
2025-10-02 15:30 ` [PATCH AUTOSEL 6.17-5.4] hfs: validate record offset in hfsplus_bmap_alloc Sasha Levin
2025-10-02 15:30 ` [PATCH AUTOSEL 6.17] smb: client: limit the range of info->receive_credit_target Sasha Levin
2025-10-02 15:30 ` [PATCH AUTOSEL 6.17-5.4] dlm: check for defined force value in dlm_lockspace_release Sasha Levin
2025-10-02 15:30 ` [PATCH AUTOSEL 6.17-6.12] binfmt_elf: preserve original ELF e_flags for core dumps Sasha Levin
2025-10-02 15:58 ` Kees Cook
2025-10-02 15:30 ` Sasha Levin [this message]
2025-10-02 15:30 ` [PATCH AUTOSEL 6.17-6.16] smb: client: queue post_recv_credits_work also if the peer raises the credit target Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251002153025.2209281-32-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=james.morse@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=mark.rutland@arm.com \
--cc=patches@lists.linux.dev \
--cc=ryan.roberts@arm.com \
--cc=stable@vger.kernel.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).