| 2018-08-20 16:47:04 |
Manoj Iyer |
bug |
|
|
added bug |
| 2018-08-20 17:00:07 |
Ubuntu Kernel Bot |
linux (Ubuntu): status |
New |
Incomplete |
|
| 2018-08-20 17:00:08 |
Ubuntu Kernel Bot |
tags |
cavium |
bionic cavium |
|
| 2018-08-20 20:42:37 |
Manoj Iyer |
linux (Ubuntu): assignee |
|
Canonical Kernel Team (canonical-kernel-team) |
|
| 2018-08-22 01:38:27 |
Tyler Hicks |
bug |
|
|
added subscriber Tyler Hicks |
| 2018-08-30 09:08:35 |
Paolo Pisati |
description |
[Impact]
Track: Spectre v4 mitigation (Speculative Store Bypass Disable) support for arm64 using SMC firmware call to set a hardware chicken bit. Patch now in 4.18 to Bionic.
[Test]
[Fix]
http://lkml.iu.edu/hypermail/linux/kernel/1805.2/05868.html
-- From 4.18 --
eff0e9e1078e arm/arm64: smccc: Add SMCCC-specific return codes
8e2906245f1e arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1
5cf9ce6e5ea5 arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2
a725e3dda181 arm64: Add ARCH_WORKAROUND_2 probing
a43ae4dfe56a arm64: Add 'ssbd' command-line option
c32e1736ca03 arm64: ssbd: Add global mitigation state accessor
986372c4367f arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation
647d0519b53f arm64: ssbd: Restore mitigation status on CPU resume
9dd9614f5476 arm64: ssbd: Introduce thread flag to control userspace mitigation
85478bab4091 arm64: KVM: Add HYP per-cpu accessors
55e3748e8902 arm64: KVM: Add ARCH_WORKAROUND_2 support for guests the first line
b4f18c063a13 arm64: KVM: Handle guest's ARCH_WORKAROUND_2 requests
5d81f7dc9bca arm64: KVM: Add ARCH_WORKAROUND_2 discovery through ARCH_FEATURES_FUNC_ID
[Regression Potential] |
[Impact]
Spectre v4 mitigation (Speculative Store Bypass Disable) support for arm64
was implemented in the Arm Trusted Firmware with SMCCC v1.1 and SMCCC_ARCH_WORKAROUND_2[1, 2].
Kernel patches were later produced to toggle the workaround, enable it only for the kernel side, both for the host or hypervisor case.
[Fix]
Original fix:
http://lkml.iu.edu/hypermail/linux/kernel/1805.2/05868.html
This patchset is a cherry pick of those patches (and prerequisistes) from the stable / linux-4.14.y tree, forward ported to our Bionic kernel.
[Test]
Boot a patched kernel and add on the cmdline:
ssbd=force-on
on dmesg you should see something like:
[ 0.779901] ssbd: forced from command-line
Same goes for the off case:
ssbd=force-off
[ 0.781002] ssbd: disabled from command-line
[Regression Potential]
Since it's "new code" to our Bionic kernel, there's some regression potential, but it was a clean pick from linux-4.14.y without almost any modication (except for some mechanical diff to make it apply).
1: https://developer.arm.com/cache-speculation-vulnerability-firmware-specification
2: https://github.com/ARM-software/arm-trusted-firmware/pull/1392 |
|
| 2018-08-30 10:05:45 |
Stefan Bader |
nominated for series |
|
Ubuntu Bionic |
|
| 2018-08-30 10:05:45 |
Stefan Bader |
bug task added |
|
linux (Ubuntu Bionic) |
|
| 2018-08-30 10:06:02 |
Stefan Bader |
linux (Ubuntu Bionic): importance |
Undecided |
High |
|
| 2018-09-05 12:31:28 |
Kleber Sacilotto de Souza |
linux (Ubuntu Bionic): status |
New |
In Progress |
|
| 2018-09-05 13:08:52 |
Kleber Sacilotto de Souza |
linux (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
| 2018-09-14 17:03:12 |
Brad Figg |
tags |
bionic cavium |
bionic cavium verification-needed-bionic |
|
| 2018-09-17 15:53:04 |
Manoj Iyer |
tags |
bionic cavium verification-needed-bionic |
bionic cavium verification-done-bionic |
|
| 2018-10-01 17:15:35 |
Launchpad Janitor |
linux (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
| 2018-10-01 17:15:35 |
Launchpad Janitor |
cve linked |
|
2017-5715 |
|
| 2018-10-01 17:15:35 |
Launchpad Janitor |
cve linked |
|
2018-14633 |
|
| 2018-10-01 17:15:35 |
Launchpad Janitor |
cve linked |
|
2018-15572 |
|
| 2018-10-01 17:15:35 |
Launchpad Janitor |
cve linked |
|
2018-15594 |
|
| 2018-10-01 17:15:35 |
Launchpad Janitor |
cve linked |
|
2018-17182 |
|
| 2018-10-01 17:15:35 |
Launchpad Janitor |
cve linked |
|
2018-3639 |
|
| 2018-10-01 17:15:35 |
Launchpad Janitor |
cve linked |
|
2018-6554 |
|
| 2018-10-01 17:15:35 |
Launchpad Janitor |
cve linked |
|
2018-6555 |
|
| 2019-07-24 20:23:12 |
Brad Figg |
tags |
bionic cavium verification-done-bionic |
bionic cavium cscc verification-done-bionic |
|
