Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c0136321 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux 

Pull more arm64 updates from Catalin Marinas:
 "As I mentioned in the last pull request, there's a second batch of
  security updates for arm64 with mitigations for Spectre/v1 and an
  improved one for Spectre/v2 (via a newly defined firmware interface
  API).

  Spectre v1 mitigation:

   - back-end version of array_index_mask_nospec()

   - masking of the syscall number to restrict speculation through the
     syscall table

   - masking of __user pointers prior to deference in uaccess routines

  Spectre v2 mitigation update:

   - using the new firmware SMC calling convention specification update

   - removing the current PSCI GET_VERSION firmware call mitigation as
     vendors are deploying new SMCCC-capable firmware

   - additional branch predictor hardening for synchronous exceptions
     and interrupts while in user mode

  Meltdown v3 mitigation update:

    - Cavium Thunder X is unaffected but a hardware erratum gets in the
      way. The kernel now starts with the page tables mapped as global
      and switches to non-global if kpti needs to be enabled.

  Other:

   - Theoretical trylock bug fixed"

* tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: (38 commits)
  arm64: Kill PSCI_GET_VERSION as a variant-2 workaround
  arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support
  arm/arm64: smccc: Implement SMCCC v1.1 inline primitive
  arm/arm64: smccc: Make function identifiers an unsigned quantity
  firmware/psci: Expose SMCCC version through psci_ops
  firmware/psci: Expose PSCI conduit
  arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling
  arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support
  arm/arm64: KVM: Turn kvm_psci_version into a static inline
  arm/arm64: KVM: Advertise SMCCC v1.1
  arm/arm64: KVM: Implement PSCI 1.0 support
  arm/arm64: KVM: Add smccc accessors to PSCI code
  arm/arm64: KVM: Add PSCI_VERSION helper
  arm/arm64: KVM: Consolidate the PSCI include files
  arm64: KVM: Increment PC after handling an SMC trap
  arm: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
  arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
  arm64: entry: Apply BP hardening for suspicious interrupts from EL0
  arm64: entry: Apply BP hardening for high-priority synchronous exceptions
  arm64: futex: Mask __user pointers prior to dereference
  ...
parents 846ade7d 3a0a397f

arch/arm/include/asm/kvm_host.h

+7 −0
Original line number Diff line number Diff line
@@ -306,4 +306,11 @@ static inline void kvm_fpsimd_flush_cpu_state(void) {} 


static inline void kvm_arm_vhe_guest_enter(void) {}

static inline void kvm_arm_vhe_guest_exit(void) {}



static inline bool kvm_arm_harden_branch_predictor(void)

{

	/* No way to detect it yet, pretend it is not there. */

	return false;

}



#endif /* __ARM_KVM_HOST_H__ */

arch/arm/include/asm/kvm_psci.h

deleted100644 → 0
+0 −27
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2012 - ARM Ltd

 * Author: Marc Zyngier <marc.zyngier@arm.com>

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 as

 * published by the Free Software Foundation.

 *

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * along with this program.  If not, see <http://www.gnu.org/licenses/>.

 */



#ifndef __ARM_KVM_PSCI_H__

#define __ARM_KVM_PSCI_H__



#define KVM_ARM_PSCI_0_1	1

#define KVM_ARM_PSCI_0_2	2



int kvm_psci_version(struct kvm_vcpu *vcpu);

int kvm_psci_call(struct kvm_vcpu *vcpu);



#endif /* __ARM_KVM_PSCI_H__ */

arch/arm/kvm/handle_exit.c

+13 −4
Original line number Diff line number Diff line
@@ -21,7 +21,7 @@ 
#include <asm/kvm_emulate.h>

#include <asm/kvm_coproc.h>

#include <asm/kvm_mmu.h>

#include <asm/kvm_psci.h>

#include <kvm/arm_psci.h>

#include <trace/events/kvm.h>



#include "trace.h"
@@ -36,9 +36,9 @@ static int handle_hvc(struct kvm_vcpu *vcpu, struct kvm_run *run) 
		      kvm_vcpu_hvc_get_imm(vcpu));

	vcpu->stat.hvc_exit_stat++;



	ret = kvm_psci_call(vcpu);

	ret = kvm_hvc_call_handler(vcpu);

	if (ret < 0) {

		kvm_inject_undefined(vcpu);

		vcpu_set_reg(vcpu, 0, ~0UL);

		return 1;

	}
@@ -47,7 +47,16 @@ static int handle_hvc(struct kvm_vcpu *vcpu, struct kvm_run *run) 


static int handle_smc(struct kvm_vcpu *vcpu, struct kvm_run *run)

{

	kvm_inject_undefined(vcpu);

	/*

	 * "If an SMC instruction executed at Non-secure EL1 is

	 * trapped to EL2 because HCR_EL2.TSC is 1, the exception is a

	 * Trap exception, not a Secure Monitor Call exception [...]"

	 *

	 * We need to advance the PC after the trap, as it would

	 * otherwise return to the same address...

	 */

	vcpu_set_reg(vcpu, 0, ~0UL);

	kvm_skip_instr(vcpu, kvm_vcpu_trap_il_is32bit(vcpu));

	return 1;

}

arch/arm64/include/asm/assembler.h

+42 −1
Original line number Diff line number Diff line
@@ -115,6 +115,24 @@ 
	hint    #16

	.endm



/*

 * Value prediction barrier

 */

	.macro	csdb

	hint	#20

	.endm



/*

 * Sanitise a 64-bit bounded index wrt speculation, returning zero if out

 * of bounds.

 */

	.macro	mask_nospec64, idx, limit, tmp

	sub	\tmp, \idx, \limit

	bic	\tmp, \tmp, \idx

	and	\idx, \idx, \tmp, asr #63

	csdb

	.endm



/*

 * NOP sequence

 */
@@ -514,7 +532,7 @@ alternative_endif 
 * 	phys:	physical address, preserved

 * 	ttbr:	returns the TTBR value

 */

	.macro	phys_to_ttbr, phys, ttbr

	.macro	phys_to_ttbr, ttbr, phys

#ifdef CONFIG_ARM64_PA_BITS_52

	orr	\ttbr, \phys, \phys, lsr #46

	and	\ttbr, \ttbr, #TTBR_BADDR_MASK_52
@@ -523,6 +541,29 @@ alternative_endif 
#endif

	.endm



	.macro	phys_to_pte, pte, phys

#ifdef CONFIG_ARM64_PA_BITS_52

	/*

	 * We assume \phys is 64K aligned and this is guaranteed by only

	 * supporting this configuration with 64K pages.

	 */

	orr	\pte, \phys, \phys, lsr #36

	and	\pte, \pte, #PTE_ADDR_MASK

#else

	mov	\pte, \phys

#endif

	.endm



	.macro	pte_to_phys, phys, pte

#ifdef CONFIG_ARM64_PA_BITS_52

	ubfiz	\phys, \pte, #(48 - 16 - 12), #16

	bfxil	\phys, \pte, #16, #32

	lsl	\phys, \phys, #16

#else

	and	\phys, \pte, #PTE_ADDR_MASK

#endif

	.endm



/**

 * Errata workaround prior to disable MMU. Insert an ISB immediately prior

 * to executing the MSR that will change SCTLR_ELn[M] from a value of 1 to 0.

arch/arm64/include/asm/barrier.h

+22 −0
Original line number Diff line number Diff line
@@ -32,6 +32,7 @@ 
#define dsb(opt)	asm volatile("dsb " #opt : : : "memory")



#define psb_csync()	asm volatile("hint #17" : : : "memory")

#define csdb()		asm volatile("hint #20" : : : "memory")



#define mb()		dsb(sy)

#define rmb()		dsb(ld)
@@ -40,6 +41,27 @@ 
#define dma_rmb()	dmb(oshld)

#define dma_wmb()	dmb(oshst)



/*

 * Generate a mask for array_index__nospec() that is ~0UL when 0 <= idx < sz

 * and 0 otherwise.

 */

#define array_index_mask_nospec array_index_mask_nospec

static inline unsigned long array_index_mask_nospec(unsigned long idx,

						    unsigned long sz)

{

	unsigned long mask;



	asm volatile(

	"	cmp	%1, %2\n"

	"	sbc	%0, xzr, xzr\n"

	: "=r" (mask)

	: "r" (idx), "Ir" (sz)

	: "cc");



	csdb();

	return mask;

}



#define __smp_mb()	dmb(ish)

#define __smp_rmb()	dmb(ishld)

#define __smp_wmb()	dmb(ishst)