29b2566...
by
Shanker Donthineni <email address hidden>
on 2018-02-12
arm64: Add missing Falkor part number for branch predictor hardening
References to CPU part number MIDR_QCOM_FALKOR were dropped from the
mailing list patch due to mainline/arm64 branch dependency. So this
patch adds the missing part number.
Fixes: ec82b567a74f ("arm64: Implement branch predictor hardening for Falkor")
Acked-by: Marc Zyngier <email address hidden>
Signed-off-by: Shanker Donthineni <email address hidden>
Signed-off-by: Catalin Marinas <email address hidden>
(cherry picked from commit 16e574d762ac551 2eb922ac0ac5eed 360b7db9d8)
CVE-2017-5753
CVE-2017-5715
CVE-2017-5754
Signed-off-by: Paolo Pisati <email address hidden>
Acked-by: Brad Figg <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>
8aa9c9d...
by
Paolo Pisati
on 2018-02-21
UBUNTU: SAUCE: arm64: __idmap_ cpu_set_ reserved_ ttbr1: fix !ARM64_PA_BITS_52 logic
Signed-off-by: dann frazier <email address hidden>
CVE-2017-5753
CVE-2017-5715
CVE-2017-5754
Signed-off-by: Paolo Pisati <email address hidden>
Acked-by: Brad Figg <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>
c2e4bcf...
by
Paolo Pisati
on 2018-02-21
UBUNTU: [Config] UNMAP_KERNEL_ AT_EL0= y && HARDEN_ BRANCH_ PREDICTOR= y
CVE-2017-5753
CVE-2017-5715
CVE-2017-5754
Signed-off-by: Paolo Pisati <email address hidden>
Acked-by: Brad Figg <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>
41167ce...
by
Marc Zyngier
on 2018-02-06
arm64: Kill PSCI_GET_VERSION as a variant-2 workaround
Commit 3a0a397ff5ff upstream.
Now that we've standardised on SMCCC v1.1 to perform the branch
prediction invalidation, let's drop the previous band-aid.
If vendors haven't updated their firmware to do SMCCC 1.1, they
haven't updated PSCI either, so we don't loose anything.
Tested-by: Ard Biesheuvel <email address hidden>
Signed-off-by: Marc Zyngier <email address hidden>
Signed-off-by: Catalin Marinas <email address hidden>
Signed-off-by: Will Deacon <email address hidden>
Signed-off-by: Ard Biesheuvel <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
(cherry picked from commit c584c903bae9a1e c6e881847713df9 c1b8b87df0)
CVE-2017-5753
CVE-2017-5715
CVE-2017-5754
Signed-off-by: Paolo Pisati <email address hidden>
Acked-by: Brad Figg <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>
ebbd554...
by
Marc Zyngier
on 2018-02-06
arm64: Add ARM_SMCCC_ ARCH_WORKAROUND _1 BP hardening support
Commit b092201e0020 upstream.
Add the detection and runtime code for ARM_SMCCC_ ARCH_WORKAROUND _1.
It is lovely. Really.
Tested-by: Ard Biesheuvel <email address hidden>
Signed-off-by: Marc Zyngier <email address hidden>
Signed-off-by: Catalin Marinas <email address hidden>
Signed-off-by: Will Deacon <email address hidden>
Signed-off-by: Ard Biesheuvel <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
(cherry picked from commit dbca45b996550f1 ab646011f48bede 5b9c2e2ea9)
CVE-2017-5753
CVE-2017-5715
CVE-2017-5754
Signed-off-by: Paolo Pisati <email address hidden>
Acked-by: Brad Figg <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>
b3e4935...
by
Marc Zyngier
on 2018-02-06
arm/arm64: smccc: Implement SMCCC v1.1 inline primitive
Commit f2d3b2e8759a upstream.
One of the major improvement of SMCCC v1.1 is that it only clobbers
the first 4 registers, both on 32 and 64bit. This means that it
becomes very easy to provide an inline version of the SMC call
primitive, and avoid performing a function call to stash the
registers that would otherwise be clobbered by SMCCC v1.0.
Reviewed-by: Robin Murphy <email address hidden>
Tested-by: Ard Biesheuvel <email address hidden>
Signed-off-by: Marc Zyngier <email address hidden>
Signed-off-by: Catalin Marinas <email address hidden>
Signed-off-by: Will Deacon <email address hidden>
Signed-off-by: Ard Biesheuvel <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
(cherry picked from commit ac63fdb4a2b229b dd7ad8449a88791 ad5da5f572)
CVE-2017-5753
CVE-2017-5715
CVE-2017-5754
Signed-off-by: Paolo Pisati <email address hidden>
Acked-by: Brad Figg <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>
093534b...
by
Marc Zyngier
on 2018-02-06
arm/arm64: smccc: Make function identifiers an unsigned quantity
Commit ded4c39e93f3 upstream.
Function identifiers are a 32bit, unsigned quantity. But we never
tell so to the compiler, resulting in the following:
4ac: b26187e0 mov x0, #0xffffffff80000001
We thus rely on the firmware narrowing it for us, which is not
always a reasonable expectation.
Cc: <email address hidden>
Reported-by: Ard Biesheuvel <email address hidden>
Acked-by: Ard Biesheuvel <email address hidden>
Reviewed-by: Robin Murphy <email address hidden>
Tested-by: Ard Biesheuvel <email address hidden>
Signed-off-by: Marc Zyngier <email address hidden>
Signed-off-by: Catalin Marinas <email address hidden>
Signed-off-by: Will Deacon <email address hidden>
Signed-off-by: Ard Biesheuvel <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
(cherry picked from commit 37dc3e6c117eced 753d6ce6cce8553 5cec3ad013)
CVE-2017-5753
CVE-2017-5715
CVE-2017-5754
Signed-off-by: Paolo Pisati <email address hidden>
Acked-by: Brad Figg <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>
7a4c2fc...
by
Marc Zyngier
on 2018-02-06
firmware/psci: Expose SMCCC version through psci_ops
Commit e78eef554a91 upstream.
Since PSCI 1.0 allows the SMCCC version to be (indirectly) probed,
let's do that at boot time, and expose the version of the calling
convention as part of the psci_ops structure.
Acked-by: Lorenzo Pieralisi <email address hidden>
Reviewed-by: Robin Murphy <email address hidden>
Tested-by: Ard Biesheuvel <email address hidden>
Signed-off-by: Marc Zyngier <email address hidden>
Signed-off-by: Catalin Marinas <email address hidden>
Signed-off-by: Will Deacon <email address hidden>
Signed-off-by: Ard Biesheuvel <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
(cherry picked from commit 908ad7a1484d782 28bc88d24212157 4f86eb35e8)
CVE-2017-5753
CVE-2017-5715
CVE-2017-5754
Signed-off-by: Paolo Pisati <email address hidden>
Acked-by: Brad Figg <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>
061c4bd...
by
Marc Zyngier
on 2018-02-06
firmware/psci: Expose PSCI conduit
Commit 09a8d6d48499 upstream.
In order to call into the firmware to apply workarounds, it is
useful to find out whether we're using HVC or SMC. Let's expose
this through the psci_ops.
Acked-by: Lorenzo Pieralisi <email address hidden>
Reviewed-by: Robin Murphy <email address hidden>
Tested-by: Ard Biesheuvel <email address hidden>
Signed-off-by: Marc Zyngier <email address hidden>
Signed-off-by: Catalin Marinas <email address hidden>
Signed-off-by: Will Deacon <email address hidden>
Signed-off-by: Ard Biesheuvel <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
(cherry picked from commit 906a9f396cc8005 807f6741e881da0 ad317c4091)
CVE-2017-5753
CVE-2017-5715
CVE-2017-5754
Signed-off-by: Paolo Pisati <email address hidden>
Acked-by: Brad Figg <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>
b36aa71...
by
Marc Zyngier
on 2018-02-06
arm64: KVM: Add SMCCC_ARCH_ WORKAROUND_ 1 fast handling
Commit f72af90c3783 upstream.
We want SMCCC_ARCH_ WORKAROUND_ 1 to be fast. As fast as possible.
So let's intercept it as early as we can by testing for the
function call number as soon as we've identified a HVC call
coming from the guest.
Tested-by: Ard Biesheuvel <email address hidden>
Reviewed-by: Christoffer Dall <email address hidden>
Signed-off-by: Marc Zyngier <email address hidden>
Signed-off-by: Catalin Marinas <email address hidden>
Signed-off-by: Will Deacon <email address hidden>
Signed-off-by: Ard Biesheuvel <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
(cherry picked from commit 6db26ad1dc46858 43ab3c4d655b517 77e04d131e)
CVE-2017-5753
CVE-2017-5715
CVE-2017-5754
Signed-off-by: Paolo Pisati <email address hidden>
Acked-by: Brad Figg <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>