From: Sasha Levin <sashal@kernel.org>
To: stable@vger.kernel.org
Cc: Pu Lehui <pulehui@huaweicloud.com>, Sasha Levin <sashal@kernel.org>
Subject: Re: [PATCH 5.10 06/14] arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB
Date: Sun, 8 Jun 2025 22:34:20 -0400 [thread overview]
Message-ID: <20250608191741-46a0167fe6ba9e1e@stable.kernel.org> (raw)
In-Reply-To: <20250607152521.2828291-7-pulehui@huaweicloud.com>
[ Sasha's backport helper bot ]
Hi,
✅ All tests passed successfully. No issues detected.
No action required from the submitter.
The upstream commit SHA1 provided is correct: e403e8538359d8580cbee1976ff71813e947101e
WARNING: Author mismatch between patch and upstream commit:
Backport author: Pu Lehui<pulehui@huaweicloud.com>
Commit author: Douglas Anderson<dianders@chromium.org>
Status in newer kernel trees:
6.15.y | Present (exact SHA1)
6.14.y | Present (different SHA1: 1847162b0f1d)
6.12.y | Present (different SHA1: 3b0f2526c87e)
6.6.y | Present (different SHA1: 3ca6b0c9171b)
6.1.y | Present (different SHA1: f2e4ca0c40cd)
5.15.y | Present (different SHA1: 8cb58a817a45)
Note: The patch differs from the upstream commit:
---
1: e403e8538359d ! 1: 85de55abe5b05 arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB
@@ Metadata
## Commit message ##
arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB
+ [ Upstream commit e403e8538359d8580cbee1976ff71813e947101e ]
+
The code for detecting CPUs that are vulnerable to Spectre BHB was
based on a hardcoded list of CPU IDs that were known to be affected.
Unfortunately, the list mostly only contained the IDs of standard ARM
@@ Commit message
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Link: https://lore.kernel.org/r/20250107120555.v4.2.I2040fa004dafe196243f67ebcc647cbedbb516e6@changeid
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
+ Conflicts:
+ arch/arm64/kernel/proton-pack.c
+ [The conflicts were mainly due to LTS commit e192c8baa69a
+ differ from mainline commit 558c303c9734]
+ Signed-off-by: Pu Lehui <pulehui@huawei.com>
## arch/arm64/include/asm/spectre.h ##
-@@ arch/arm64/include/asm/spectre.h: enum mitigation_state arm64_get_meltdown_state(void);
-
+@@ arch/arm64/include/asm/spectre.h: void spectre_v4_enable_task_mitigation(struct task_struct *tsk);
enum mitigation_state arm64_get_spectre_bhb_state(void);
bool is_spectre_bhb_affected(const struct arm64_cpu_capabilities *entry, int scope);
+ bool is_spectre_bhb_fw_mitigated(void);
-u8 spectre_bhb_loop_affected(int scope);
void spectre_bhb_enable_mitigation(const struct arm64_cpu_capabilities *__unused);
bool try_emulate_el1_ssbs(struct pt_regs *regs, u32 instr);
-
+ #endif /* __ASM_SPECTRE_H */
## arch/arm64/kernel/proton-pack.c ##
-@@ arch/arm64/kernel/proton-pack.c: static unsigned long system_bhb_mitigations;
+@@ arch/arm64/kernel/proton-pack.c: enum mitigation_state arm64_get_spectre_bhb_state(void)
* This must be called with SCOPE_LOCAL_CPU for each type of CPU, before any
* SCOPE_SYSTEM call will give the right answer.
*/
@@ arch/arm64/kernel/proton-pack.c: static enum mitigation_state spectre_bhb_get_cp
static bool supports_ecbhb(int scope)
@@ arch/arm64/kernel/proton-pack.c: static bool supports_ecbhb(int scope)
- ID_AA64MMFR1_EL1_ECBHB_SHIFT);
+ ID_AA64MMFR1_ECBHB_SHIFT);
}
+static u8 max_bhb_k;
@@ arch/arm64/kernel/proton-pack.c: bool is_spectre_bhb_affected(const struct arm64
}
static void this_cpu_set_vectors(enum arm64_bp_harden_el1_vectors slot)
-@@ arch/arm64/kernel/proton-pack.c: early_param("nospectre_bhb", parse_spectre_bhb_param);
+@@ arch/arm64/kernel/proton-pack.c: static bool spectre_bhb_fw_mitigated;
+
void spectre_bhb_enable_mitigation(const struct arm64_cpu_capabilities *entry)
{
- bp_hardening_cb_t cpu_cb;
- enum mitigation_state fw_state, state = SPECTRE_VULNERABLE;
+ enum mitigation_state state = SPECTRE_VULNERABLE;
- struct bp_hardening_data *data = this_cpu_ptr(&bp_hardening_data);
if (!is_spectre_bhb_affected(entry, SCOPE_LOCAL_CPU))
+ return;
@@ arch/arm64/kernel/proton-pack.c: void spectre_bhb_enable_mitigation(const struct arm64_cpu_capabilities *entry)
this_cpu_set_vectors(EL1_VECTOR_BHB_CLEAR_INSN);
+
state = SPECTRE_MITIGATED;
- set_bit(BHB_INSN, &system_bhb_mitigations);
- } else if (spectre_bhb_loop_affected(SCOPE_LOCAL_CPU)) {
+- switch (spectre_bhb_loop_affected(SCOPE_SYSTEM)) {
+ } else if (spectre_bhb_loop_affected()) {
- /*
- * Ensure KVM uses the indirect vector which will have the
- * branchy-loop added. A57/A72-r0 will already have selected
++ switch (max_bhb_k) {
+ case 8:
+ kvm_setup_bhb_slot(__spectre_bhb_loop_k8);
+ break;
@@ arch/arm64/kernel/proton-pack.c: void spectre_bhb_enable_mitigation(const struct arm64_cpu_capabilities *entry)
this_cpu_set_vectors(EL1_VECTOR_BHB_LOOP);
+
state = SPECTRE_MITIGATED;
- set_bit(BHB_LOOP, &system_bhb_mitigations);
- } else if (is_spectre_bhb_fw_affected(SCOPE_LOCAL_CPU)) {
- fw_state = spectre_bhb_get_cpu_fw_mitigation_state();
- if (fw_state == SPECTRE_MITIGATED) {
-- /*
-- * Ensure KVM uses one of the spectre bp_hardening
-- * vectors. The indirect vector doesn't include the EL3
-- * call, so needs upgrading to
-- * HYP_VECTOR_SPECTRE_INDIRECT.
-- */
-- if (!data->slot || data->slot == HYP_VECTOR_INDIRECT)
-- data->slot += 1;
--
+- kvm_setup_bhb_slot(__smccc_workaround_3_smc);
- this_cpu_set_vectors(EL1_VECTOR_BHB_FW);
-
-- /*
-- * The WA3 call in the vectors supersedes the WA1 call
-- * made during context-switch. Uninstall any firmware
-- * bp_hardening callback.
-- */
-- cpu_cb = spectre_v2_get_sw_mitigation_cb();
-- if (__this_cpu_read(bp_hardening_data.fn) != cpu_cb)
-- __this_cpu_write(bp_hardening_data.fn, NULL);
--
- state = SPECTRE_MITIGATED;
-- set_bit(BHB_FW, &system_bhb_mitigations);
+- spectre_bhb_fw_mitigated = true;
- }
+ } else if (has_spectre_bhb_fw_mitigation()) {
-+ /*
-+ * Ensure KVM uses one of the spectre bp_hardening
-+ * vectors. The indirect vector doesn't include the EL3
-+ * call, so needs upgrading to
-+ * HYP_VECTOR_SPECTRE_INDIRECT.
-+ */
-+ if (!data->slot || data->slot == HYP_VECTOR_INDIRECT)
-+ data->slot += 1;
-+
++ kvm_setup_bhb_slot(__smccc_workaround_3_smc);
+ this_cpu_set_vectors(EL1_VECTOR_BHB_FW);
+
-+ /*
-+ * The WA3 call in the vectors supersedes the WA1 call
-+ * made during context-switch. Uninstall any firmware
-+ * bp_hardening callback.
-+ */
-+ cpu_cb = spectre_v2_get_sw_mitigation_cb();
-+ if (__this_cpu_read(bp_hardening_data.fn) != cpu_cb)
-+ __this_cpu_write(bp_hardening_data.fn, NULL);
-+
+ state = SPECTRE_MITIGATED;
-+ set_bit(BHB_FW, &system_bhb_mitigations);
++ spectre_bhb_fw_mitigated = true;
}
update_mitigation_state(&spectre_bhb_state, state);
---
Results of testing on various branches:
| Branch | Patch Apply | Build Test |
|---------------------------|-------------|------------|
| stable/linux-5.15.y | Success | Success |
next prev parent reply other threads:[~2025-06-09 2:34 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-07 15:25 [PATCH 5.10 00/14] backport for CVE-2025-37948 and CVE-2025-37963 Pu Lehui
2025-06-07 15:25 ` [PATCH 5.10 01/14] arm64: insn: Add barrier encodings Pu Lehui
2025-06-09 2:34 ` Sasha Levin
2025-06-07 15:25 ` [PATCH 5.10 02/14] arm64: move AARCH64_BREAK_FAULT into insn-def.h Pu Lehui
2025-06-09 2:34 ` Sasha Levin
2025-06-07 15:25 ` [PATCH 5.10 03/14] arm64: insn: add encoders for atomic operations Pu Lehui
2025-06-09 2:34 ` Sasha Levin
2025-06-07 15:25 ` [PATCH 5.10 04/14] arm64: insn: Add support for encoding DSB Pu Lehui
2025-06-09 2:34 ` Sasha Levin
2025-06-07 15:25 ` [PATCH 5.10 05/14] arm64: proton-pack: Expose whether the platform is mitigated by firmware Pu Lehui
2025-06-09 2:34 ` Sasha Levin
2025-06-07 15:25 ` [PATCH 5.10 06/14] arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB Pu Lehui
2025-06-09 2:34 ` Sasha Levin [this message]
2025-06-07 15:25 ` [PATCH 5.10 07/14] arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list Pu Lehui
2025-06-09 2:34 ` Sasha Levin
2025-06-07 15:25 ` [PATCH 5.10 08/14] arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists Pu Lehui
2025-06-09 2:34 ` Sasha Levin
2025-06-07 15:25 ` [PATCH 5.10 09/14] arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays Pu Lehui
2025-06-09 2:34 ` Sasha Levin
2025-06-07 15:25 ` [PATCH 5.10 10/14] arm64: proton-pack: Expose whether the branchy loop k value Pu Lehui
2025-06-09 2:34 ` Sasha Levin
2025-06-07 15:25 ` [PATCH 5.10 11/14] arm64: spectre: increase parameters that can be used to turn off bhb mitigation individually Pu Lehui
2025-06-09 2:34 ` Sasha Levin
2025-06-07 15:25 ` [PATCH 5.10 12/14] arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs Pu Lehui
2025-06-09 2:34 ` Sasha Levin
2025-06-07 15:25 ` [PATCH 5.10 13/14] arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users Pu Lehui
2025-06-09 2:34 ` Sasha Levin
2025-06-07 15:25 ` [PATCH 5.10 14/14] arm64: proton-pack: Add new CPUs 'k' values for branch mitigation Pu Lehui
2025-06-09 2:34 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250608191741-46a0167fe6ba9e1e@stable.kernel.org \
--to=sashal@kernel.org \
--cc=pulehui@huaweicloud.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox