fixup queue-4.9/arm64-mitigate-spectre-style-branch-history-side-channels.patch to...

diff --git a/queue-4.9/arm64-mitigate-spectre-style-branch-history-side-channels.patch b/queue-4.9/arm64-mitigate-spectre-style-branch-history-side-channels.patch
index 7bb47506111e003e2070da54c8e8bc238310b236..e0cf5965a099e7793f272a34b73047537ed9cdf2 100644 (file)
--- a/queue-4.9/arm64-mitigate-spectre-style-branch-history-side-channels.patch
+++ b/queue-4.9/arm64-mitigate-spectre-style-branch-history-side-channels.patch
@@ -44,12 +44,12 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  arch/arm64/Kconfig                  |   10 +
  arch/arm64/include/asm/assembler.h  |    4 
  arch/arm64/include/asm/cpufeature.h |   27 +++
- arch/arm64/include/asm/cputype.h    |    8 +
+ arch/arm64/include/asm/cputype.h    |    8 
  arch/arm64/include/asm/sysreg.h     |    1 
  arch/arm64/include/asm/vectors.h    |    6 
- arch/arm64/kernel/cpu_errata.c      |  284 +++++++++++++++++++++++++++++++++++-
+ arch/arm64/kernel/cpu_errata.c      |  290 +++++++++++++++++++++++++++++++++++-
  arch/arm64/kvm/hyp/hyp-entry.S      |    4 
- 8 files changed, 341 insertions(+), 3 deletions(-)
+ 8 files changed, 346 insertions(+), 4 deletions(-)
 
 --- a/arch/arm64/Kconfig
 +++ b/arch/arm64/Kconfig
@@ -222,7 +222,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  }
  #endif        /* CONFIG_KVM */
  
-@@ -553,9 +557,207 @@ const struct arm64_cpu_capabilities arm6
+@@ -553,9 +557,210 @@ const struct arm64_cpu_capabilities arm6
        },
  #endif
        {
@@ -230,7 +230,9 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 +              .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM,
 +              .capability = ARM64_SPECTRE_BHB,
 +              .matches = is_spectre_bhb_affected,
++#ifdef CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY
 +              .cpu_enable = spectre_bhb_enable_mitigation,
++#endif
 +      },
 +      {
        }
@@ -240,8 +242,8 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 + * We try to ensure that the mitigation state can never change as the result of
 + * onlining a late CPU.
 + */
-+static void update_mitigation_state(enum mitigation_state *oldp,
-+                                  enum mitigation_state new)
++static void __maybe_unused update_mitigation_state(enum mitigation_state *oldp,
++                                                 enum mitigation_state new)
 +{
 +      enum mitigation_state state;
 +
@@ -377,7 +379,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 +      return false;
 +}
 +
-+static bool supports_ecbhb(int scope)
++static bool __maybe_unused supports_ecbhb(int scope)
 +{
 +      u64 mmfr1;
 +
@@ -407,6 +409,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 +      return false;
 +}
 +
++#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR
 +static void this_cpu_set_vectors(enum arm64_bp_harden_el1_vectors slot)
 +{
 +      const char *v = arm64_get_bp_hardening_vector(slot);
@@ -430,7 +433,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  #ifdef CONFIG_KVM
  static const char *kvm_bhb_get_vecs_end(const char *start)
  {
-@@ -571,7 +773,7 @@ static const char *kvm_bhb_get_vecs_end(
+@@ -571,7 +776,7 @@ static const char *kvm_bhb_get_vecs_end(
        return NULL;
  }
  
@@ -439,13 +442,14 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  {
        int cpu, slot = -1;
        const char *hyp_vecs_end;
-@@ -609,5 +811,83 @@ void kvm_setup_bhb_slot(const char *hyp_
+@@ -609,5 +814,84 @@ void kvm_setup_bhb_slot(const char *hyp_
  #define __spectre_bhb_loop_k24_start NULL
  #define __spectre_bhb_loop_k32_start NULL
  
 -void kvm_setup_bhb_slot(const char *hyp_vecs_start) { };
+-#endif
 +static void kvm_setup_bhb_slot(const char *hyp_vecs_start) { };
- #endif
++#endif /* CONFIG_KVM */
 +
 +static bool is_spectrev2_safe(void)
 +{
@@ -524,6 +528,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 +                                       AARCH64_INSN_MOVEWIDE_ZERO);
 +      *updptr++ = cpu_to_le32(insn);
 +}
++#endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */
 --- a/arch/arm64/kvm/hyp/hyp-entry.S
 +++ b/arch/arm64/kvm/hyp/hyp-entry.S
 @@ -136,6 +136,10 @@ el1_hvc_guest:

diff --git a/queue-4.9/arm64-use-the-clearbhb-instruction-in-mitigations.patch b/queue-4.9/arm64-use-the-clearbhb-instruction-in-mitigations.patch
index 192b0f0c490e13e46a20bcf3ce1196f0f4ca60ff..bc4bce80b49a800c9eb97f683d8a65b8a011768e 100644 (file)
--- a/queue-4.9/arm64-use-the-clearbhb-instruction-in-mitigations.patch
+++ b/queue-4.9/arm64-use-the-clearbhb-instruction-in-mitigations.patch
@@ -129,7 +129,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  
  static void __copy_hyp_vect_bpi(int slot, const char *hyp_vecs_start,
                                const char *hyp_vecs_end)
-@@ -590,6 +592,7 @@ static void update_mitigation_state(enum
+@@ -592,6 +594,7 @@ static void __maybe_unused update_mitiga
   * - Mitigated by a branchy loop a CPU specific number of times, and listed
   *   in our "loop mitigated list".
   * - Mitigated in software by the firmware Spectre v2 call.
@@ -137,7 +137,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
   * - Has the 'Exception Clears Branch History Buffer' (ECBHB) feature, so no
   *   software mitigation in the vectors is needed.
   * - Has CSV2.3, so is unaffected.
-@@ -729,6 +732,9 @@ bool is_spectre_bhb_affected(const struc
+@@ -731,6 +734,9 @@ bool is_spectre_bhb_affected(const struc
        if (supports_csv2p3(scope))
                return false;
  
@@ -147,7 +147,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
        if (spectre_bhb_loop_affected(scope))
                return true;
  
-@@ -769,6 +775,8 @@ static const char *kvm_bhb_get_vecs_end(
+@@ -772,6 +778,8 @@ static const char *kvm_bhb_get_vecs_end(
                return __spectre_bhb_loop_k24_end;
        else if (start == __spectre_bhb_loop_k32_start)
                return __spectre_bhb_loop_k32_end;
@@ -156,15 +156,15 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  
        return NULL;
  }
-@@ -810,6 +818,7 @@ static void kvm_setup_bhb_slot(const cha
+@@ -813,6 +821,7 @@ static void kvm_setup_bhb_slot(const cha
  #define __spectre_bhb_loop_k8_start NULL
  #define __spectre_bhb_loop_k24_start NULL
  #define __spectre_bhb_loop_k32_start NULL
 +#define __spectre_bhb_clearbhb_start NULL
  
  static void kvm_setup_bhb_slot(const char *hyp_vecs_start) { };
- #endif
-@@ -835,6 +844,11 @@ void spectre_bhb_enable_mitigation(const
+ #endif /* CONFIG_KVM */
+@@ -838,6 +847,11 @@ void spectre_bhb_enable_mitigation(const
                pr_info_once("spectre-bhb mitigation disabled by command line option\n");
        } else if (supports_ecbhb(SCOPE_LOCAL_CPU)) {
                state = SPECTRE_MITIGATED;