** Description changed: [Impact] - Track: Spectre v4 mitigation (Speculative Store Bypass Disable) support for arm64 using SMC firmware call to set a hardware chicken bit. Patch now in 4.18 to Bionic. + Spectre v4 mitigation (Speculative Store Bypass Disable) support for arm64 + was implemented in the Arm Trusted Firmware with SMCCC v1.1 and SMCCC_ARCH_WORKAROUND_2[1, 2]. + + Kernel patches were later produced to toggle the workaround, enable it + only for the kernel side, both for the host or hypervisor case. + + [Fix] + + Original fix: + http://lkml.iu.edu/hypermail/linux/kernel/1805.2/05868.html + + This patchset is a cherry pick of those patches (and prerequisistes) + from the stable / linux-4.14.y tree, forward ported to our Bionic + kernel. [Test] - [Fix] - http://lkml.iu.edu/hypermail/linux/kernel/1805.2/05868.html + Boot a patched kernel and add on the cmdline: - -- From 4.18 -- - eff0e9e1078e arm/arm64: smccc: Add SMCCC-specific return codes - 8e2906245f1e arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1 - 5cf9ce6e5ea5 arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2 - a725e3dda181 arm64: Add ARCH_WORKAROUND_2 probing - a43ae4dfe56a arm64: Add 'ssbd' command-line option - c32e1736ca03 arm64: ssbd: Add global mitigation state accessor - 986372c4367f arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation - 647d0519b53f arm64: ssbd: Restore mitigation status on CPU resume - 9dd9614f5476 arm64: ssbd: Introduce thread flag to control userspace mitigation - 85478bab4091 arm64: KVM: Add HYP per-cpu accessors - 55e3748e8902 arm64: KVM: Add ARCH_WORKAROUND_2 support for guests the first line - b4f18c063a13 arm64: KVM: Handle guest's ARCH_WORKAROUND_2 requests - 5d81f7dc9bca arm64: KVM: Add ARCH_WORKAROUND_2 discovery through ARCH_FEATURES_FUNC_ID + ssbd=force-on + + on dmesg you should see something like: + + [ 0.779901] ssbd: forced from command-line + + Same goes for the off case: + + ssbd=force-off + + [ 0.781002] ssbd: disabled from command-line + [Regression Potential] + + Since it's "new code" to our Bionic kernel, there's some regression + potential, but it was a clean pick from linux-4.14.y without almost any + modication (except for some mechanical diff to make it apply). + + + 1: https://developer.arm.com/cache-speculation-vulnerability-firmware-specification + 2: https://github.com/ARM-software/arm-trusted-firmware/pull/1392
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787993 Title: [Bionic] Spectre v4 mitigation (Speculative Store Bypass Disable) support for arm64 using SMC firmware call to set a hardware chicken bit Status in linux package in Ubuntu: Incomplete Bug description: [Impact] Spectre v4 mitigation (Speculative Store Bypass Disable) support for arm64 was implemented in the Arm Trusted Firmware with SMCCC v1.1 and SMCCC_ARCH_WORKAROUND_2[1, 2]. Kernel patches were later produced to toggle the workaround, enable it only for the kernel side, both for the host or hypervisor case. [Fix] Original fix: http://lkml.iu.edu/hypermail/linux/kernel/1805.2/05868.html This patchset is a cherry pick of those patches (and prerequisistes) from the stable / linux-4.14.y tree, forward ported to our Bionic kernel. [Test] Boot a patched kernel and add on the cmdline: ssbd=force-on on dmesg you should see something like: [ 0.779901] ssbd: forced from command-line Same goes for the off case: ssbd=force-off [ 0.781002] ssbd: disabled from command-line [Regression Potential] Since it's "new code" to our Bionic kernel, there's some regression potential, but it was a clean pick from linux-4.14.y without almost any modication (except for some mechanical diff to make it apply). 1: https://developer.arm.com/cache-speculation-vulnerability-firmware-specification 2: https://github.com/ARM-software/arm-trusted-firmware/pull/1392 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787993/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
