Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b65b0eb4 authored by Shanker Donthineni's avatar Shanker Donthineni Committed by Greg Kroah-Hartman
Browse files

arm64: KVM: Use SMCCC_ARCH_WORKAROUND_1 for Falkor BP hardening 



[ Upstream commit 4bc352ff ]

The function SMCCC_ARCH_WORKAROUND_1 was introduced as part of SMC
V1.1 Calling Convention to mitigate CVE-2017-5715. This patch uses
the standard call SMCCC_ARCH_WORKAROUND_1 for Falkor chips instead
of Silicon provider service ID 0xC2001700.

Cc: <stable@vger.kernel.org> # 4.14+
Signed-off-by: default avatarShanker Donthineni <shankerd@codeaurora.org>
[maz: reworked errata framework integration]
Signed-off-by: default avatarMarc Zyngier <marc.zyngier@arm.com>
Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 197a83aa

arch/arm64/include/asm/cpucaps.h

+3 −4
Original line number Diff line number Diff line
@@ -42,10 +42,9 @@ 
#define ARM64_HAS_DCPOP				21

#define ARM64_UNMAP_KERNEL_AT_EL0		23

#define ARM64_HARDEN_BRANCH_PREDICTOR		24

#define ARM64_HARDEN_BP_POST_GUEST_EXIT		25

#define ARM64_SSBD				26

#define ARM64_MISMATCHED_CACHE_TYPE		27

#define ARM64_SSBD				25

#define ARM64_MISMATCHED_CACHE_TYPE		26



#define ARM64_NCAPS				28

#define ARM64_NCAPS				27



#endif /* __ASM_CPUCAPS_H */

arch/arm64/include/asm/kvm_asm.h

+0 −2
Original line number Diff line number Diff line
@@ -70,8 +70,6 @@ extern u32 __kvm_get_mdcr_el2(void); 


extern u32 __init_stage2_translation(void);



extern void __qcom_hyp_sanitize_btac_predictors(void);



/* Home-grown __this_cpu_{ptr,read} variants that always work at HYP */

#define __hyp_this_cpu_ptr(sym)						\

	({								\

arch/arm64/kernel/bpi.S

+0 −7
Original line number Diff line number Diff line
@@ -55,13 +55,6 @@ ENTRY(__bp_harden_hyp_vecs_start) 
	.endr

ENTRY(__bp_harden_hyp_vecs_end)



ENTRY(__qcom_hyp_sanitize_link_stack_start)

	stp     x29, x30, [sp, #-16]!

	.rept	16

	bl	. + 4

	.endr

	ldp	x29, x30, [sp], #16

ENTRY(__qcom_hyp_sanitize_link_stack_end)



.macro smccc_workaround_1 inst

	sub	sp, sp, #(8 * 4)

arch/arm64/kernel/cpu_errata.c

+17 −37
Original line number Diff line number Diff line
@@ -83,8 +83,6 @@ cpu_enable_trap_ctr_access(const struct arm64_cpu_capabilities *__unused) 
DEFINE_PER_CPU_READ_MOSTLY(struct bp_hardening_data, bp_hardening_data);



#ifdef CONFIG_KVM

extern char __qcom_hyp_sanitize_link_stack_start[];

extern char __qcom_hyp_sanitize_link_stack_end[];

extern char __smccc_workaround_1_smc_start[];

extern char __smccc_workaround_1_smc_end[];

extern char __smccc_workaround_1_hvc_start[];
@@ -131,8 +129,6 @@ static void __install_bp_hardening_cb(bp_hardening_cb_t fn, 
	spin_unlock(&bp_lock);

}

#else

#define __qcom_hyp_sanitize_link_stack_start	NULL

#define __qcom_hyp_sanitize_link_stack_end	NULL

#define __smccc_workaround_1_smc_start		NULL

#define __smccc_workaround_1_smc_end		NULL

#define __smccc_workaround_1_hvc_start		NULL
@@ -177,12 +173,25 @@ static void call_hvc_arch_workaround_1(void) 
	arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_WORKAROUND_1, NULL);

}



static void qcom_link_stack_sanitization(void)

{

	u64 tmp;



	asm volatile("mov	%0, x30		\n"

		     ".rept	16		\n"

		     "bl	. + 4		\n"

		     ".endr			\n"

		     "mov	x30, %0		\n"

		     : "=&r" (tmp));

}



static void

enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry)

{

	bp_hardening_cb_t cb;

	void *smccc_start, *smccc_end;

	struct arm_smccc_res res;

	u32 midr = read_cpuid_id();



	if (!entry->matches(entry, SCOPE_LOCAL_CPU))

		return;
@@ -215,30 +224,14 @@ enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) 
		return;

	}



	if (((midr & MIDR_CPU_MODEL_MASK) == MIDR_QCOM_FALKOR) ||

	    ((midr & MIDR_CPU_MODEL_MASK) == MIDR_QCOM_FALKOR_V1))

		cb = qcom_link_stack_sanitization;



	install_bp_hardening_cb(entry, cb, smccc_start, smccc_end);



	return;

}



static void qcom_link_stack_sanitization(void)

{

	u64 tmp;



	asm volatile("mov	%0, x30		\n"

		     ".rept	16		\n"

		     "bl	. + 4		\n"

		     ".endr			\n"

		     "mov	x30, %0		\n"

		     : "=&r" (tmp));

}



static void

qcom_enable_link_stack_sanitization(const struct arm64_cpu_capabilities *entry)

{

	install_bp_hardening_cb(entry, qcom_link_stack_sanitization,

				__qcom_hyp_sanitize_link_stack_start,

				__qcom_hyp_sanitize_link_stack_end);

}

#endif	/* CONFIG_HARDEN_BRANCH_PREDICTOR */



#ifdef CONFIG_ARM64_SSBD
@@ -463,10 +456,6 @@ static const struct midr_range arm64_bp_harden_smccc_cpus[] = { 
	MIDR_ALL_VERSIONS(MIDR_CORTEX_A75),

	MIDR_ALL_VERSIONS(MIDR_BRCM_VULCAN),

	MIDR_ALL_VERSIONS(MIDR_CAVIUM_THUNDERX2),

	{},

};



static const struct midr_range qcom_bp_harden_cpus[] = {

	MIDR_ALL_VERSIONS(MIDR_QCOM_FALKOR_V1),

	MIDR_ALL_VERSIONS(MIDR_QCOM_FALKOR),

	{},
@@ -618,15 +607,6 @@ const struct arm64_cpu_capabilities arm64_errata[] = { 
		ERRATA_MIDR_RANGE_LIST(arm64_bp_harden_smccc_cpus),

		.cpu_enable = enable_smccc_arch_workaround_1,

	},

	{

		.capability = ARM64_HARDEN_BRANCH_PREDICTOR,

		ERRATA_MIDR_RANGE_LIST(qcom_bp_harden_cpus),

		.cpu_enable = qcom_enable_link_stack_sanitization,

	},

	{

		.capability = ARM64_HARDEN_BP_POST_GUEST_EXIT,

		ERRATA_MIDR_RANGE_LIST(qcom_bp_harden_cpus),

	},

#endif

#ifdef CONFIG_ARM64_SSBD

	{

arch/arm64/kvm/hyp/entry.S

+0 −12
Original line number Diff line number Diff line
@@ -196,15 +196,3 @@ alternative_endif 


	eret

ENDPROC(__fpsimd_guest_restore)
 


ENTRY(__qcom_hyp_sanitize_btac_predictors)

	/**

	 * Call SMC64 with Silicon provider serviceID 23<<8 (0xc2001700)

	 * 0xC2000000-0xC200FFFF: assigned to SiP Service Calls

	 * b15-b0: contains SiP functionID

	 */

	movz    x0, #0x1700

	movk    x0, #0xc200, lsl #16

	smc     #0

	ret

ENDPROC(__qcom_hyp_sanitize_btac_predictors)