Merge 4.19.234 into android-4.19-stable (a54c48f8) · Commits · e / devices / android_kernel_fairphone_FP4

Documentation/admin-guide/hw-vuln/spectre.rst

+32 −16

Original line number	Diff line number	Diff line
		@@ -60,8 +60,8 @@ privileged data touched during the speculative execution.
		Spectre variant 1 attacks take advantage of speculative execution of
		conditional branches, while Spectre variant 2 attacks use speculative
		execution of indirect branches to leak privileged memory.
		See :ref:`[1] <spec_ref1>` :ref:`[5] <spec_ref5>` :ref:`[7] <spec_ref7>`
		:ref:`[10] <spec_ref10>` :ref:`[11] <spec_ref11>`.
		See :ref:`[1] <spec_ref1>` :ref:`[5] <spec_ref5>` :ref:`[6] <spec_ref6>`
		:ref:`[7] <spec_ref7>` :ref:`[10] <spec_ref10>` :ref:`[11] <spec_ref11>`.

		Spectre variant 1 (Bounds Check Bypass)
		---------------------------------------
		@@ -131,6 +131,19 @@ steer its indirect branch speculations to gadget code, and measure the
		speculative execution's side effects left in level 1 cache to infer the
		victim's data.

		Yet another variant 2 attack vector is for the attacker to poison the
		Branch History Buffer (BHB) to speculatively steer an indirect branch
		to a specific Branch Target Buffer (BTB) entry, even if the entry isn't
		associated with the source address of the indirect branch. Specifically,
		the BHB might be shared across privilege levels even in the presence of
		Enhanced IBRS.

		Currently the only known real-world BHB attack vector is via
		unprivileged eBPF. Therefore, it's highly recommended to not enable
		unprivileged eBPF, especially when eIBRS is used (without retpolines).
		For a full mitigation against BHB attacks, it's recommended to use
		retpolines (or eIBRS combined with retpolines).

		Attack scenarios
		----------------

		@@ -364,13 +377,15 @@ The possible values in this file are:

		- Kernel status:

		==================================== =================================
		======================================== =================================
		'Not affected' The processor is not vulnerable
		'Vulnerable' Vulnerable, no mitigation
		'Mitigation: Full generic retpoline' Software-focused mitigation
		'Mitigation: Full AMD retpoline' AMD-specific software mitigation
		'Mitigation: None' Vulnerable, no mitigation
		'Mitigation: Retpolines' Use Retpoline thunks
		'Mitigation: LFENCE' Use LFENCE instructions
		'Mitigation: Enhanced IBRS' Hardware-focused mitigation
		==================================== =================================
		'Mitigation: Enhanced IBRS + Retpolines' Hardware-focused + Retpolines
		'Mitigation: Enhanced IBRS + LFENCE' Hardware-focused + LFENCE
		======================================== =================================

		- Firmware status: Show if Indirect Branch Restricted Speculation (IBRS) is
		used to protect against Spectre variant 2 attacks when calling firmware (x86 only).
		@@ -584,12 +599,13 @@ kernel command line.

		Specific mitigations can also be selected manually:

		retpoline
		replace indirect branches
		retpoline,generic
		google's original retpoline
		retpoline,amd
		AMD-specific minimal thunk
		retpoline auto pick between generic,lfence
		retpoline,generic Retpolines
		retpoline,lfence LFENCE; indirect branch
		retpoline,amd alias for retpoline,lfence
		eibrs enhanced IBRS
		eibrs,retpoline enhanced IBRS + Retpolines
		eibrs,lfence enhanced IBRS + LFENCE

		Not specifying this option is equivalent to
		spectre_v2=auto.
		@@ -730,7 +746,7 @@ AMD white papers:

		.. _spec_ref6:

		[6] `Software techniques for managing speculation on AMD processors <https://developer.amd.com/wp-content/resources/90343-B_SoftwareTechniquesforManagingSpeculation_WP_7-18Update_FNL.pdf>`_.
		[6] `Software techniques for managing speculation on AMD processors <https://developer.amd.com/wp-content/resources/Managing-Speculation-on-AMD-Processors.pdf>`_.

		ARM white papers:

Documentation/admin-guide/kernel-parameters.txt

+6 −2

Original line number	Diff line number	Diff line
		@@ -4359,8 +4359,12 @@
		Specific mitigations can also be selected manually:

		retpoline - replace indirect branches
		retpoline,generic - google's original retpoline
		retpoline,amd - AMD-specific minimal thunk
		retpoline,generic - Retpolines
		retpoline,lfence - LFENCE; indirect branch
		retpoline,amd - alias for retpoline,lfence
		eibrs - enhanced IBRS
		eibrs,retpoline - enhanced IBRS + Retpolines
		eibrs,lfence - enhanced IBRS + LFENCE

		Not specifying this option is equivalent to
		spectre_v2=auto.

Makefile

+1 −1

Original line number	Diff line number	Diff line
		# SPDX-License-Identifier: GPL-2.0
		VERSION = 4
		PATCHLEVEL = 19
		SUBLEVEL = 233
		SUBLEVEL = 234
		EXTRAVERSION =
		NAME = "People's Front"

arch/arm/include/asm/assembler.h

+10 −0

Original line number	Diff line number	Diff line
		@@ -110,6 +110,16 @@
		.endm
		#endif

		#if __LINUX_ARM_ARCH__ < 7
		.macro dsb, args
		mcr p15, 0, r0, c7, c10, 4
		.endm

		.macro isb, args
		mcr p15, 0, r0, c7, c5, 4
		.endm
		#endif

		.macro asm_trace_hardirqs_off, save=1
		#if defined(CONFIG_TRACE_IRQFLAGS)
		.if \save

arch/arm/include/asm/spectre.h

0 → 100644

+32 −0

Original line number	Diff line number	Diff line
		/* SPDX-License-Identifier: GPL-2.0-only */

		#ifndef __ASM_SPECTRE_H
		#define __ASM_SPECTRE_H

		enum {
		SPECTRE_UNAFFECTED,
		SPECTRE_MITIGATED,
		SPECTRE_VULNERABLE,
		};

		enum {
		__SPECTRE_V2_METHOD_BPIALL,
		__SPECTRE_V2_METHOD_ICIALLU,
		__SPECTRE_V2_METHOD_SMC,
		__SPECTRE_V2_METHOD_HVC,
		__SPECTRE_V2_METHOD_LOOP8,
		};

		enum {
		SPECTRE_V2_METHOD_BPIALL = BIT(__SPECTRE_V2_METHOD_BPIALL),
		SPECTRE_V2_METHOD_ICIALLU = BIT(__SPECTRE_V2_METHOD_ICIALLU),
		SPECTRE_V2_METHOD_SMC = BIT(__SPECTRE_V2_METHOD_SMC),
		SPECTRE_V2_METHOD_HVC = BIT(__SPECTRE_V2_METHOD_HVC),
		SPECTRE_V2_METHOD_LOOP8 = BIT(__SPECTRE_V2_METHOD_LOOP8),
		};

		void spectre_v2_update_state(unsigned int state, unsigned int methods);

		int spectre_bhb_update_vectors(unsigned int method);

		#endif