This is a note to let you know that I've just added the patch titled [Variant 3/Meltdown] arm64: Force KPTI to be disabled on Cavium ThunderX to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From foo@baz Wed Feb 14 14:44:54 CET 2018 From: Marc Zyngier <marc.zyngier@xxxxxxx> Date: Mon, 29 Jan 2018 11:59:56 +0000 Subject: [Variant 3/Meltdown] arm64: Force KPTI to be disabled on Cavium ThunderX From: Marc Zyngier <marc.zyngier@xxxxxxx> Commit 6dc52b15c4a4 upstream. Cavium ThunderX's erratum 27456 results in a corruption of icache entries that are loaded from memory that is mapped as non-global (i.e. ASID-tagged). As KPTI is based on memory being mapped non-global, let's prevent it from kicking in if this erratum is detected. Signed-off-by: Marc Zyngier <marc.zyngier@xxxxxxx> [will: Update comment] Signed-off-by: Will Deacon <will.deacon@xxxxxxx> Signed-off-by: Catalin Marinas <catalin.marinas@xxxxxxx> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- arch/arm64/kernel/cpufeature.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -803,12 +803,23 @@ static int __kpti_forced; /* 0: not forc static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, int __unused) { + char const *str = "command line option"; u64 pfr0 = read_sanitised_ftr_reg(SYS_ID_AA64PFR0_EL1); - /* Forced on command line? */ + /* + * For reasons that aren't entirely clear, enabling KPTI on Cavium + * ThunderX leads to apparent I-cache corruption of kernel text, which + * ends as well as you might imagine. Don't even try. + */ + if (cpus_have_const_cap(ARM64_WORKAROUND_CAVIUM_27456)) { + str = "ARM64_WORKAROUND_CAVIUM_27456"; + __kpti_forced = -1; + } + + /* Forced? */ if (__kpti_forced) { - pr_info_once("kernel page table isolation forced %s by command line option\n", - __kpti_forced > 0 ? "ON" : "OFF"); + pr_info_once("kernel page table isolation forced %s by %s\n", + __kpti_forced > 0 ? "ON" : "OFF", str); return __kpti_forced > 0; } Patches currently in stable-queue which might be from marc.zyngier@xxxxxxx are queue-4.14/arm-arm64-smccc-make-function-identifiers-an-unsigned-quantity.patch queue-4.14/arm64-move-bp-hardening-to-check_and_switch_context.patch queue-4.14/arm-arm64-kvm-advertise-smccc-v1.1.patch queue-4.14/arm64-move-post_ttbr_update_workaround-to-c-code.patch queue-4.14/firmware-psci-expose-psci-conduit.patch queue-4.14/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.14/arm64-entry-apply-bp-hardening-for-high-priority-synchronous-exceptions.patch queue-4.14/arm64-kpti-fix-the-interaction-between-asid-switching-and-software-pan.patch queue-4.14/firmware-psci-expose-smccc-version-through-psci_ops.patch queue-4.14/arm64-implement-branch-predictor-hardening-for-affected-cortex-a-cpus.patch queue-4.14/arm-arm64-kvm-add-psci_version-helper.patch queue-4.14/arm64-kill-psci_get_version-as-a-variant-2-workaround.patch queue-4.14/arm64-entry-apply-bp-hardening-for-suspicious-interrupts-from-el0.patch queue-4.14/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.14/arm64-add-arm_smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-kvm-turn-kvm_psci_version-into-a-static-inline.patch queue-4.14/arm-arm64-kvm-implement-psci-1.0-support.patch queue-4.14/arm64-kvm-add-smccc_arch_workaround_1-fast-handling.patch queue-4.14/arm64-kvm-report-smccc_arch_workaround_1-bp-hardening-support.patch queue-4.14/arm-arm64-smccc-implement-smccc-v1.1-inline-primitive.patch queue-4.14/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.14/arm64-kvm-make-psci_version-a-fast-path.patch queue-4.14/arm64-cpufeature-__this_cpu_has_cap-shouldn-t-stop-early.patch queue-4.14/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.14/arm-arm64-kvm-consolidate-the-psci-include-files.patch queue-4.14/arm64-add-skeleton-to-harden-the-branch-predictor-against-aliasing-attacks.patch queue-4.14/arm-arm64-kvm-add-smccc-accessors-to-psci-code.patch queue-4.14/arm64-kvm-use-per-cpu-vector-when-bp-hardening-is-enabled.patch queue-4.14/arm64-kvm-increment-pc-after-handling-an-smc-trap.patch