Thread (57 messages) 57 messages, 3 authors, 2019-07-11

Re: [PATCH v4.4 00/45] V4.4 backport of arm64 Spectre patches

From: Julien Thierry <hidden>
Date: 2019-06-17 16:04:04
Also in: stable 

Hi Viresh,

Thanks for doing that work and having provided a detailed description
for the backport process.

I haven't finished reviewing/testing the whole series yet, but I have
some concerns (do let me know in case I'm missing something and that it
turns out these aren't really issues).

Please see comments below.

On 14/06/2019 04:07, Viresh Kumar wrote:
Hello,

Here is an attempt to backport arm64 spectre patches to v4.4 stable
tree.

I have started this backport with Mark Rutland's backport of Spectre to
4.9 [1] and tried applying the upstream version of them over 4.4 and
resolved conflicts by checking how they have been resolved in 4.9.

I had to pick few extra upstream patches to avoid unnecessary conflicts
(upstream commit ids mentioned):

  a842789837c0 arm64: remove duplicate macro __KERNEL__ check
I'm a bit unfamiliar with what gets or doesn't get backported. My
understanding is that we try to backport only what's necessary to reduce
the noise and potential introduction of issues in stable releases.

This commit is just a cleanup and (while valid) doesn't really seem
necessary (and potential conflicts from its absence would easily be
resolved IMO). So I'm just concerned that this doesn't constitute a
candidate for back porting (someone can correct me if I'm wrong).

  64f8ebaf115b mm/kasan: add API to check memory regions
  bffe1baff5d5 arm64: kasan: instrument user memory access API
  92406f0cc9e3 arm64: cpufeature: Add scope for capability check
  9eb8a2cdf65c arm64: cputype info for Broadcom Vulcan
  0d90718871fe arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs
  98dd64f34f47 ARM: 8478/2: arm/arm64: add arm-smccc


I had to drop few patches as well as they weren't getting applied
properly due to missing files/features (upstream commit id mentioned):

  93f339ef4175 arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early
  3c31fa5a06b4 arm64: Run enable method for errata work arounds on late CPUs
Looking at this and at the patches that implement the BP callbacks, we
need that patch or an equivalent, otherwise we won't be using the
correct vectors for late CPUs...

I appreciate the code has changed, but it might be worth considering
6a6efbb45b7d95c84840010095367eb06a64f342 as a needed dependency for BP
hardening.

  6840bdd73d07 arm64: KVM: Use per-CPU vector when BP hardening is enabled
I don't believe we can do without this patch. Otherwise we're only using
the vector that has no mitigation for kvm guests.

In v4.4, it looks like the contents of virt/kvm/arm/arm.c were contained
in arch/arm/kvm/arm.c (yes, even for amr64). Are there other reasons
this patch was not applying?

Thanks,

-- 
Julien Thierry

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help