Commit 310712f9 authored by James Morse's avatar James Morse Committed by Zheng Zengkai
Browse files

arm64: Use the clearbhb instruction in mitigations 

stable inclusion
from stable-v5.10.105
commit 551717cf3b58f11311d10f70eb027d4b275135de
category: bugfix
bugzilla: 186460 https://gitee.com/src-openeuler/kernel/issues/I53MHA
CVE: CVE-2022-23960

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=551717cf3b58



--------------------------------

commit 228a26b9 upstream.

Future CPUs may implement a clearbhb instruction that is sufficient
to mitigate SpectreBHB. CPUs that implement this instruction, but
not CSV2.3 must be affected by Spectre-BHB.

Add support to use this instruction as the BHB mitigation on CPUs
that support it. The instruction is in the hint space, so it will
be treated by a NOP as older CPUs.

Reviewed-by: default avatarRussell King (Oracle) <rmk+kernel@armlinux.org.uk>
Reviewed-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
[ modified for stable: Use a KVM vector template instead of alternatives,
  removed bitmap of mitigations ]
Signed-off-by: default avatarJames Morse <james.morse@arm.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarChen Jiahao <chenjiahao16@huawei.com>
Reviewed-by: default avatarLiao Chang <liaochang1@huawei.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parent 69c49d89

arch/arm64/include/asm/assembler.h

+7 −0
Original line number Diff line number Diff line
@@ -106,6 +106,13 @@ 
	hint	#20

	.endm



/*

 * Clear Branch History instruction

 */

	.macro clearbhb

	hint	#22

	.endm



/*

 * Speculation barrier

 */

arch/arm64/include/asm/cpufeature.h

+13 −0
Original line number Diff line number Diff line
@@ -623,6 +623,19 @@ static inline bool supports_csv2p3(int scope) 
	return csv2_val == 3;

}



static inline bool supports_clearbhb(int scope)

{

	u64 isar2;



	if (scope == SCOPE_LOCAL_CPU)

		isar2 = read_sysreg_s(SYS_ID_AA64ISAR2_EL1);

	else

		isar2 = read_sanitised_ftr_reg(SYS_ID_AA64ISAR2_EL1);



	return cpuid_feature_extract_unsigned_field(isar2,

						    ID_AA64ISAR2_CLEARBHB_SHIFT);

}



static inline bool system_supports_32bit_el0(void)

{

	return cpus_have_const_cap(ARM64_HAS_32BIT_EL0);

arch/arm64/include/asm/insn.h

+1 −0
Original line number Diff line number Diff line
@@ -64,6 +64,7 @@ enum aarch64_insn_hint_cr_op { 
	AARCH64_INSN_HINT_PSB  = 0x11 << 5,

	AARCH64_INSN_HINT_TSB  = 0x12 << 5,

	AARCH64_INSN_HINT_CSDB = 0x14 << 5,

	AARCH64_INSN_HINT_CLEARBHB = 0x16 << 5,



	AARCH64_INSN_HINT_BTI   = 0x20 << 5,

	AARCH64_INSN_HINT_BTIC  = 0x22 << 5,

arch/arm64/include/asm/kvm_asm.h

+2 −0
Original line number Diff line number Diff line
@@ -37,6 +37,7 @@ 
#define __SMCCC_WORKAROUND_1_SMC_SZ 36

#define __SMCCC_WORKAROUND_3_SMC_SZ 36

#define __SPECTRE_BHB_LOOP_SZ       44

#define __SPECTRE_BHB_CLEARBHB_SZ   12



#define KVM_HOST_SMCCC_ID(id)						\

	ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL,				\
@@ -205,6 +206,7 @@ extern char __smccc_workaround_3_smc[__SMCCC_WORKAROUND_3_SMC_SZ]; 
extern char __spectre_bhb_loop_k8[__SPECTRE_BHB_LOOP_SZ];

extern char __spectre_bhb_loop_k24[__SPECTRE_BHB_LOOP_SZ];

extern char __spectre_bhb_loop_k32[__SPECTRE_BHB_LOOP_SZ];

extern char __spectre_bhb_clearbhb[__SPECTRE_BHB_LOOP_SZ];



/*

 * Obtain the PC-relative address of a kernel symbol

arch/arm64/include/asm/sysreg.h

+1 −0
Original line number Diff line number Diff line
@@ -707,6 +707,7 @@ 
#define ID_AA64ISAR1_GPI_IMP_DEF		0x1



/* id_aa64isar2 */

#define ID_AA64ISAR2_CLEARBHB_SHIFT	28

#define ID_AA64ISAR2_RPRES_SHIFT	4

#define ID_AA64ISAR2_WFXT_SHIFT		0