From: James Morse <james.morse@xxxxxxx> commit c47e4d04ba0f1ea17353d85d45f611277507e07a upstream. Spectre-BHB needs to add sequences to the vectors. Having one global set of vectors is a problem for big/little systems where the sequence is costly on cpus that are not vulnerable. Making the vectors per-cpu in the style of KVM's bh_harden_hyp_vecs requires the vectors to be generated by macros. Make the kpti re-mapping of the kernel optional, so the macros can be used without kpti. Reviewed-by: Russell King (Oracle) <rmk+kernel@xxxxxxxxxxxxxxx> Reviewed-by: Catalin Marinas <catalin.marinas@xxxxxxx> Signed-off-by: James Morse <james.morse@xxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- arch/arm64/kernel/entry.S | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -970,9 +970,10 @@ alternative_else_nop_endif sub \dst, \dst, PAGE_SIZE .endm - .macro tramp_ventry, vector_start, regsize + .macro tramp_ventry, vector_start, regsize, kpti .align 7 1: + .if \kpti == 1 .if \regsize == 64 msr tpidrro_el0, x30 // Restored in kernel_ventry .endif @@ -994,8 +995,12 @@ alternative_insn isb, nop, ARM64_WORKARO #endif prfm plil1strm, [x30, #(1b - \vector_start)] msr vbar_el1, x30 - add x30, x30, #(1b - \vector_start + 4) isb + .else + ldr x30, =vectors + .endif // \kpti == 1 + + add x30, x30, #(1b - \vector_start + 4) ret .org 1b + 128 // Did we overflow the ventry slot? .endm @@ -1012,15 +1017,15 @@ alternative_insn isb, nop, ARM64_WORKARO eret .endm - .macro generate_tramp_vector + .macro generate_tramp_vector, kpti .Lvector_start\@: .space 0x400 .rept 4 - tramp_ventry .Lvector_start\@, 64 + tramp_ventry .Lvector_start\@, 64, \kpti .endr .rept 4 - tramp_ventry .Lvector_start\@, 32 + tramp_ventry .Lvector_start\@, 32, \kpti .endr .endm @@ -1031,7 +1036,7 @@ alternative_insn isb, nop, ARM64_WORKARO .pushsection ".entry.tramp.text", "ax" .align 11 ENTRY(tramp_vectors) - generate_tramp_vector + generate_tramp_vector kpti=1 END(tramp_vectors) ENTRY(tramp_exit_native) Patches currently in stable-queue which might be from james.morse@xxxxxxx are queue-4.19/arm64-entry-add-macro-for-reading-symbol-addresses-from-the-trampoline.patch queue-4.19/arm64-use-the-clearbhb-instruction-in-mitigations.patch queue-4.19/arm64-add-percpu-vectors-for-el1.patch queue-4.19/arm64-entry-free-up-another-register-on-kpti-s-tramp_exit-path.patch queue-4.19/arm64-entry-don-t-assume-tramp_vectors-is-the-start-of-the-vectors.patch queue-4.19/arm64-entry-make-the-trampoline-cleanup-optional.patch queue-4.19/kvm-arm64-add-templates-for-bhb-mitigation-sequences.patch queue-4.19/arm64-entry-add-non-kpti-__bp_harden_el1_vectors-for-mitigations.patch queue-4.19/arm64-add-id_aa64isar2_el1-sys-register.patch queue-4.19/kvm-arm64-allow-smccc_arch_workaround_3-to-be-discovered-and-migrated.patch queue-4.19/arm64-add-neoverse-n2-cortex-a710-cpu-part-definition.patch queue-4.19/arm64-entry-move-trampoline-macros-out-of-ifdef-d-section.patch queue-4.19/arm64-entry-allow-tramp_alias-to-access-symbols-after-the-4k-boundary.patch queue-4.19/arm64-add-part-number-for-arm-cortex-a77.patch queue-4.19/arm64-entry-move-the-trampoline-data-page-before-the-text-page.patch queue-4.19/arm64-entry.s-add-ventry-overflow-sanity-checks.patch queue-4.19/arm64-entry-add-vectors-that-have-the-bhb-mitigation-sequences.patch queue-4.19/arm64-mitigate-spectre-style-branch-history-side-channels.patch queue-4.19/arm64-entry-allow-the-trampoline-text-to-occupy-multiple-pages.patch queue-4.19/arm64-proton-pack-report-spectre-bhb-vulnerabilities-as-part-of-spectre-v2.patch queue-4.19/arm64-add-cortex-x2-cpu-part-definition.patch queue-4.19/arm64-entry-make-the-kpti-trampoline-s-kpti-sequence-optional.patch