From: Sasha Levin Date: Tue, 14 Jul 2020 00:00:59 +0000 (-0400) Subject: Drop arm64-entry-place-an-sb-sequence-following-an-eret-i.patch X-Git-Tag: v5.7.9~24 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a39e9e194c051447bb995c362e1b539816216c12;p=thirdparty%2Fkernel%2Fstable-queue.git Drop arm64-entry-place-an-sb-sequence-following-an-eret-i.patch Signed-off-by: Sasha Levin --- diff --git a/queue-4.14/arm64-entry-place-an-sb-sequence-following-an-eret-i.patch b/queue-4.14/arm64-entry-place-an-sb-sequence-following-an-eret-i.patch deleted file mode 100644 index f53d50307b5..00000000000 --- a/queue-4.14/arm64-entry-place-an-sb-sequence-following-an-eret-i.patch +++ /dev/null @@ -1,97 +0,0 @@ -From e65825fd4c33fba63f4b221058b060b697afbf9f Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Thu, 14 Jun 2018 11:23:38 +0100 -Subject: arm64: entry: Place an SB sequence following an ERET instruction - -From: Will Deacon - -[ Upstream commit 679db70801da9fda91d26caf13bf5b5ccc74e8e8 ] - -Some CPUs can speculate past an ERET instruction and potentially perform -speculative accesses to memory before processing the exception return. -Since the register state is often controlled by a lower privilege level -at the point of an ERET, this could potentially be used as part of a -side-channel attack. - -This patch emits an SB sequence after each ERET so that speculation is -held up on exception return. - -Signed-off-by: Will Deacon -Signed-off-by: Sasha Levin ---- - arch/arm64/kernel/entry.S | 2 ++ - arch/arm64/kvm/hyp/entry.S | 1 + - arch/arm64/kvm/hyp/hyp-entry.S | 4 ++++ - 3 files changed, 7 insertions(+) - -diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S -index c1ffa95c0ad24..f70e0893ba518 100644 ---- a/arch/arm64/kernel/entry.S -+++ b/arch/arm64/kernel/entry.S -@@ -367,6 +367,7 @@ alternative_insn eret, nop, ARM64_UNMAP_KERNEL_AT_EL0 - .else - eret - .endif -+ sb - .endm - - .macro irq_stack_entry -@@ -1046,6 +1047,7 @@ alternative_insn isb, nop, ARM64_WORKAROUND_QCOM_FALKOR_E1003 - mrs x30, far_el1 - .endif - eret -+ sb - .endm - - .align 11 -diff --git a/arch/arm64/kvm/hyp/entry.S b/arch/arm64/kvm/hyp/entry.S -index a360ac6e89e9d..bc5c6cdb8538d 100644 ---- a/arch/arm64/kvm/hyp/entry.S -+++ b/arch/arm64/kvm/hyp/entry.S -@@ -83,6 +83,7 @@ ENTRY(__guest_enter) - - // Do not touch any register after this! - eret -+ sb - ENDPROC(__guest_enter) - - ENTRY(__guest_exit) -diff --git a/arch/arm64/kvm/hyp/hyp-entry.S b/arch/arm64/kvm/hyp/hyp-entry.S -index 3c283fd8c8f5a..b4d6a6c6c6ce5 100644 ---- a/arch/arm64/kvm/hyp/hyp-entry.S -+++ b/arch/arm64/kvm/hyp/hyp-entry.S -@@ -96,6 +96,7 @@ el1_sync: // Guest trapped into EL2 - do_el2_call - - eret -+ sb - - el1_hvc_guest: - /* -@@ -146,6 +147,7 @@ wa_epilogue: - mov x0, xzr - add sp, sp, #16 - eret -+ sb - - el1_trap: - get_vcpu_ptr x1, x0 -@@ -204,6 +206,7 @@ el2_error: - b.ne __hyp_panic - mov x0, #(1 << ARM_EXIT_WITH_SERROR_BIT) - eret -+ sb - - ENTRY(__hyp_do_panic) - mov lr, #(PSR_F_BIT | PSR_I_BIT | PSR_A_BIT | PSR_D_BIT |\ -@@ -212,6 +215,7 @@ ENTRY(__hyp_do_panic) - ldr lr, =panic - msr elr_el2, lr - eret -+ sb - ENDPROC(__hyp_do_panic) - - ENTRY(__hyp_panic) --- -2.25.1 - diff --git a/queue-4.14/series b/queue-4.14/series index 3fe55e97fd6..c97718782bc 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -3,7 +3,6 @@ spi-spi-fsl-dspi-adding-shutdown-hook.patch spi-spi-fsl-dspi-fix-lockup-if-device-is-removed-dur.patch spi-spi-fsl-dspi-use-irqf_shared-mode-to-request-irq.patch spi-spi-fsl-dspi-fix-external-abort-on-interrupt-in-.patch -arm64-entry-place-an-sb-sequence-following-an-eret-i.patch arm-dts-omap4-droid4-fix-spi-configuration-and-incre.patch gpu-host1x-detach-driver-on-unregister.patch spi-spidev-fix-a-race-between-spidev_release-and-spi.patch diff --git a/queue-4.19/arm64-entry-place-an-sb-sequence-following-an-eret-i.patch b/queue-4.19/arm64-entry-place-an-sb-sequence-following-an-eret-i.patch deleted file mode 100644 index 52143d15c93..00000000000 --- a/queue-4.19/arm64-entry-place-an-sb-sequence-following-an-eret-i.patch +++ /dev/null @@ -1,97 +0,0 @@ -From 93b953dc1d489d1802312434f36e502793729084 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Thu, 14 Jun 2018 11:23:38 +0100 -Subject: arm64: entry: Place an SB sequence following an ERET instruction - -From: Will Deacon - -[ Upstream commit 679db70801da9fda91d26caf13bf5b5ccc74e8e8 ] - -Some CPUs can speculate past an ERET instruction and potentially perform -speculative accesses to memory before processing the exception return. -Since the register state is often controlled by a lower privilege level -at the point of an ERET, this could potentially be used as part of a -side-channel attack. - -This patch emits an SB sequence after each ERET so that speculation is -held up on exception return. - -Signed-off-by: Will Deacon -Signed-off-by: Sasha Levin ---- - arch/arm64/kernel/entry.S | 2 ++ - arch/arm64/kvm/hyp/entry.S | 1 + - arch/arm64/kvm/hyp/hyp-entry.S | 4 ++++ - 3 files changed, 7 insertions(+) - -diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S -index 5f800384cb9a8..49f80b5627fac 100644 ---- a/arch/arm64/kernel/entry.S -+++ b/arch/arm64/kernel/entry.S -@@ -363,6 +363,7 @@ alternative_insn eret, nop, ARM64_UNMAP_KERNEL_AT_EL0 - .else - eret - .endif -+ sb - .endm - - .macro irq_stack_entry -@@ -994,6 +995,7 @@ alternative_insn isb, nop, ARM64_WORKAROUND_QCOM_FALKOR_E1003 - mrs x30, far_el1 - .endif - eret -+ sb - .endm - - .align 11 -diff --git a/arch/arm64/kvm/hyp/entry.S b/arch/arm64/kvm/hyp/entry.S -index fad1e164fe488..675fdc186e3ba 100644 ---- a/arch/arm64/kvm/hyp/entry.S -+++ b/arch/arm64/kvm/hyp/entry.S -@@ -83,6 +83,7 @@ ENTRY(__guest_enter) - - // Do not touch any register after this! - eret -+ sb - ENDPROC(__guest_enter) - - ENTRY(__guest_exit) -diff --git a/arch/arm64/kvm/hyp/hyp-entry.S b/arch/arm64/kvm/hyp/hyp-entry.S -index 24b4fbafe3e4a..e35abf84eb960 100644 ---- a/arch/arm64/kvm/hyp/hyp-entry.S -+++ b/arch/arm64/kvm/hyp/hyp-entry.S -@@ -96,6 +96,7 @@ el1_sync: // Guest trapped into EL2 - do_el2_call - - eret -+ sb - - el1_hvc_guest: - /* -@@ -146,6 +147,7 @@ wa_epilogue: - mov x0, xzr - add sp, sp, #16 - eret -+ sb - - el1_trap: - get_vcpu_ptr x1, x0 -@@ -185,6 +187,7 @@ el2_error: - b.ne __hyp_panic - mov x0, #(1 << ARM_EXIT_WITH_SERROR_BIT) - eret -+ sb - - ENTRY(__hyp_do_panic) - mov lr, #(PSR_F_BIT | PSR_I_BIT | PSR_A_BIT | PSR_D_BIT |\ -@@ -193,6 +196,7 @@ ENTRY(__hyp_do_panic) - ldr lr, =panic - msr elr_el2, lr - eret -+ sb - ENDPROC(__hyp_do_panic) - - ENTRY(__hyp_panic) --- -2.25.1 - diff --git a/queue-4.19/series b/queue-4.19/series index 34f8e09b8a2..81858ed2b0b 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -3,7 +3,6 @@ spi-spi-fsl-dspi-adding-shutdown-hook.patch spi-spi-fsl-dspi-fix-lockup-if-device-is-removed-dur.patch spi-spi-fsl-dspi-use-irqf_shared-mode-to-request-irq.patch spi-spi-fsl-dspi-fix-external-abort-on-interrupt-in-.patch -arm64-entry-place-an-sb-sequence-following-an-eret-i.patch regmap-fix-alignment-issue.patch arm-dts-omap4-droid4-fix-spi-configuration-and-incre.patch drm-tegra-hub-do-not-enable-orphaned-window-group.patch diff --git a/queue-4.9/arm64-entry-place-an-sb-sequence-following-an-eret-i.patch b/queue-4.9/arm64-entry-place-an-sb-sequence-following-an-eret-i.patch deleted file mode 100644 index 4713590681c..00000000000 --- a/queue-4.9/arm64-entry-place-an-sb-sequence-following-an-eret-i.patch +++ /dev/null @@ -1,106 +0,0 @@ -From 96929d575b8921e10268c7f8456188ca6c14b0df Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Thu, 9 Jul 2020 12:50:23 -0700 -Subject: arm64: entry: Place an SB sequence following an ERET instruction - -From: Will Deacon - -commit 679db70801da9fda91d26caf13bf5b5ccc74e8e8 upstream - -Some CPUs can speculate past an ERET instruction and potentially perform -speculative accesses to memory before processing the exception return. -Since the register state is often controlled by a lower privilege level -at the point of an ERET, this could potentially be used as part of a -side-channel attack. - -This patch emits an SB sequence after each ERET so that speculation is -held up on exception return. - -Signed-off-by: Will Deacon -[florian: Adjust hyp-entry.S to account for the label - added change to hyp/entry.S] -Signed-off-by: Florian Fainelli -Signed-off-by: Sasha Levin ---- - arch/arm64/kernel/entry.S | 2 ++ - arch/arm64/kvm/hyp/entry.S | 2 ++ - arch/arm64/kvm/hyp/hyp-entry.S | 4 ++++ - 3 files changed, 8 insertions(+) - -diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S -index ca978d7d98eb4..3408c782702c2 100644 ---- a/arch/arm64/kernel/entry.S -+++ b/arch/arm64/kernel/entry.S -@@ -255,6 +255,7 @@ alternative_insn eret, nop, ARM64_UNMAP_KERNEL_AT_EL0 - .else - eret - .endif -+ sb - .endm - - .macro get_thread_info, rd -@@ -945,6 +946,7 @@ __ni_sys_trace: - mrs x30, far_el1 - .endif - eret -+ sb - .endm - - .align 11 -diff --git a/arch/arm64/kvm/hyp/entry.S b/arch/arm64/kvm/hyp/entry.S -index a360ac6e89e9d..93704e6894d2e 100644 ---- a/arch/arm64/kvm/hyp/entry.S -+++ b/arch/arm64/kvm/hyp/entry.S -@@ -83,6 +83,7 @@ ENTRY(__guest_enter) - - // Do not touch any register after this! - eret -+ sb - ENDPROC(__guest_enter) - - ENTRY(__guest_exit) -@@ -195,4 +196,5 @@ alternative_endif - ldp x0, x1, [sp], #16 - - eret -+ sb - ENDPROC(__fpsimd_guest_restore) -diff --git a/arch/arm64/kvm/hyp/hyp-entry.S b/arch/arm64/kvm/hyp/hyp-entry.S -index bf4988f9dae8f..3675e7f0ab726 100644 ---- a/arch/arm64/kvm/hyp/hyp-entry.S -+++ b/arch/arm64/kvm/hyp/hyp-entry.S -@@ -97,6 +97,7 @@ el1_sync: // Guest trapped into EL2 - do_el2_call - - 2: eret -+ sb - - el1_hvc_guest: - /* -@@ -147,6 +148,7 @@ wa_epilogue: - mov x0, xzr - add sp, sp, #16 - eret -+ sb - - el1_trap: - get_vcpu_ptr x1, x0 -@@ -198,6 +200,7 @@ el2_error: - b.ne __hyp_panic - mov x0, #(1 << ARM_EXIT_WITH_SERROR_BIT) - eret -+ sb - - ENTRY(__hyp_do_panic) - mov lr, #(PSR_F_BIT | PSR_I_BIT | PSR_A_BIT | PSR_D_BIT |\ -@@ -206,6 +209,7 @@ ENTRY(__hyp_do_panic) - ldr lr, =panic - msr elr_el2, lr - eret -+ sb - ENDPROC(__hyp_do_panic) - - ENTRY(__hyp_panic) --- -2.25.1 - diff --git a/queue-4.9/series b/queue-4.9/series index 43a27bd0b73..4a9bb65616c 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -1,5 +1,4 @@ kvm-s390-reduce-number-of-io-pins-to-1.patch -arm64-entry-place-an-sb-sequence-following-an-eret-i.patch gpu-host1x-detach-driver-on-unregister.patch spi-spidev-fix-a-race-between-spidev_release-and-spi.patch spi-spidev-fix-a-potential-use-after-free-in-spidev_.patch