From: Greg Kroah-Hartman Date: Wed, 26 Oct 2022 17:01:59 +0000 (+0200) Subject: 4.9-stable patches X-Git-Tag: v5.10.151~47 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0a717072edd0c3beb126cbb1834cfce202cdb032;p=thirdparty%2Fkernel%2Fstable-queue.git 4.9-stable patches added patches: arm64-errata-remove-aes-hwcap-for-compat-tasks.patch --- diff --git a/queue-4.9/arm64-errata-remove-aes-hwcap-for-compat-tasks.patch b/queue-4.9/arm64-errata-remove-aes-hwcap-for-compat-tasks.patch new file mode 100644 index 00000000000..c3f56019a0a --- /dev/null +++ b/queue-4.9/arm64-errata-remove-aes-hwcap-for-compat-tasks.patch @@ -0,0 +1,154 @@ +From 44b3834b2eed595af07021b1c64e6f9bc396398b Mon Sep 17 00:00:00 2001 +From: James Morse +Date: Thu, 14 Jul 2022 17:15:23 +0100 +Subject: arm64: errata: Remove AES hwcap for COMPAT tasks + +From: James Morse + +commit 44b3834b2eed595af07021b1c64e6f9bc396398b upstream. + +Cortex-A57 and Cortex-A72 have an erratum where an interrupt that +occurs between a pair of AES instructions in aarch32 mode may corrupt +the ELR. The task will subsequently produce the wrong AES result. + +The AES instructions are part of the cryptographic extensions, which are +optional. User-space software will detect the support for these +instructions from the hwcaps. If the platform doesn't support these +instructions a software implementation should be used. + +Remove the hwcap bits on affected parts to indicate user-space should +not use the AES instructions. + +Acked-by: Ard Biesheuvel +Signed-off-by: James Morse +Link: https://lore.kernel.org/r/20220714161523.279570-3-james.morse@arm.com +Signed-off-by: Will Deacon +[florian: resolved conflicts in arch/arm64/tools/cpucaps and cpu_errata.c] +Signed-off-by: Florian Fainelli +Signed-off-by: Greg Kroah-Hartman +--- + Documentation/arm64/silicon-errata.txt | 2 ++ + arch/arm64/Kconfig | 16 ++++++++++++++++ + arch/arm64/include/asm/cpucaps.h | 3 ++- + arch/arm64/kernel/cpu_errata.c | 16 ++++++++++++++++ + arch/arm64/kernel/cpufeature.c | 13 ++++++++++++- + 5 files changed, 48 insertions(+), 2 deletions(-) + +--- a/Documentation/arm64/silicon-errata.txt ++++ b/Documentation/arm64/silicon-errata.txt +@@ -53,7 +53,9 @@ stable kernels. + | ARM | Cortex-A57 | #832075 | ARM64_ERRATUM_832075 | + | ARM | Cortex-A57 | #852523 | N/A | + | ARM | Cortex-A57 | #834220 | ARM64_ERRATUM_834220 | ++| ARM | Cortex-A57 | #1742098 | ARM64_ERRATUM_1742098 | + | ARM | Cortex-A72 | #853709 | N/A | ++| ARM | Cortex-A72 | #1655431 | ARM64_ERRATUM_1742098 | + | ARM | Cortex-A55 | #1024718 | ARM64_ERRATUM_1024718 | + | ARM | Cortex-A76 | #1188873 | ARM64_ERRATUM_1188873 | + | ARM | MMU-500 | #841119,#826419 | N/A | +--- a/arch/arm64/Kconfig ++++ b/arch/arm64/Kconfig +@@ -455,6 +455,22 @@ config ARM64_ERRATUM_1188873 + + If unsure, say Y. + ++config ARM64_ERRATUM_1742098 ++ bool "Cortex-A57/A72: 1742098: ELR recorded incorrectly on interrupt taken between cryptographic instructions in a sequence" ++ depends on COMPAT ++ default y ++ help ++ This option removes the AES hwcap for aarch32 user-space to ++ workaround erratum 1742098 on Cortex-A57 and Cortex-A72. ++ ++ Affected parts may corrupt the AES state if an interrupt is ++ taken between a pair of AES instructions. These instructions ++ are only present if the cryptography extensions are present. ++ All software should have a fallback implementation for CPUs ++ that don't implement the cryptography extensions. ++ ++ If unsure, say Y. ++ + config CAVIUM_ERRATUM_22375 + bool "Cavium erratum 22375, 24313" + default y +--- a/arch/arm64/include/asm/cpucaps.h ++++ b/arch/arm64/include/asm/cpucaps.h +@@ -40,7 +40,8 @@ + #define ARM64_MISMATCHED_CACHE_TYPE 19 + #define ARM64_WORKAROUND_1188873 20 + #define ARM64_SPECTRE_BHB 21 ++#define ARM64_WORKAROUND_1742098 22 + +-#define ARM64_NCAPS 22 ++#define ARM64_NCAPS 23 + + #endif /* __ASM_CPUCAPS_H */ +--- a/arch/arm64/kernel/cpu_errata.c ++++ b/arch/arm64/kernel/cpu_errata.c +@@ -448,6 +448,14 @@ static const struct midr_range arm64_bp_ + + #endif + ++#ifdef CONFIG_ARM64_ERRATUM_1742098 ++static struct midr_range broken_aarch32_aes[] = { ++ MIDR_RANGE(MIDR_CORTEX_A57, 0, 1, 0xf, 0xf), ++ MIDR_ALL_VERSIONS(MIDR_CORTEX_A72), ++ {}, ++}; ++#endif ++ + const struct arm64_cpu_capabilities arm64_errata[] = { + #if defined(CONFIG_ARM64_ERRATUM_826319) || \ + defined(CONFIG_ARM64_ERRATUM_827319) || \ +@@ -567,6 +575,14 @@ const struct arm64_cpu_capabilities arm6 + .cpu_enable = spectre_bhb_enable_mitigation, + #endif + }, ++#ifdef CONFIG_ARM64_ERRATUM_1742098 ++ { ++ .desc = "ARM erratum 1742098", ++ .capability = ARM64_WORKAROUND_1742098, ++ CAP_MIDR_RANGE_LIST(broken_aarch32_aes), ++ .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, ++ }, ++#endif + { + } + }; +--- a/arch/arm64/kernel/cpufeature.c ++++ b/arch/arm64/kernel/cpufeature.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -885,6 +886,14 @@ static void cpu_copy_el2regs(const struc + write_sysreg(read_sysreg(tpidr_el1), tpidr_el2); + } + ++static void elf_hwcap_fixup(void) ++{ ++#ifdef CONFIG_ARM64_ERRATUM_1742098 ++ if (cpus_have_const_cap(ARM64_WORKAROUND_1742098)) ++ compat_elf_hwcap2 &= ~COMPAT_HWCAP2_AES; ++#endif /* ARM64_ERRATUM_1742098 */ ++} ++ + static const struct arm64_cpu_capabilities arm64_features[] = { + { + .desc = "GIC system register CPU interface", +@@ -1304,8 +1313,10 @@ void __init setup_cpu_features(void) + mark_const_caps_ready(); + setup_elf_hwcaps(arm64_elf_hwcaps); + +- if (system_supports_32bit_el0()) ++ if (system_supports_32bit_el0()) { + setup_elf_hwcaps(compat_elf_hwcaps); ++ elf_hwcap_fixup(); ++ } + + /* Advertise that we have computed the system capabilities */ + set_sys_caps_initialised(); diff --git a/queue-4.9/series b/queue-4.9/series index ad61da478c4..0a338346304 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -2,3 +2,4 @@ ocfs2-clear-dinode-links-count-in-case-of-error.patch ocfs2-fix-bug-when-iput-after-ocfs2_mknod-fails.patch ata-ahci-imx-fix-module_alias.patch ata-ahci-match-em_max_slots-with-sata_pmp_max_ports.patch +arm64-errata-remove-aes-hwcap-for-compat-tasks.patch