This is a note to let you know that I've just added the patch titled arm64: entry: Reword comment about post_ttbr_update_workaround to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From foo@baz Thu Apr 5 21:39:28 CEST 2018 From: Mark Rutland <mark.rutland@xxxxxxx> Date: Tue, 3 Apr 2018 12:09:22 +0100 Subject: arm64: entry: Reword comment about post_ttbr_update_workaround To: stable@xxxxxxxxxxxxxxx Cc: mark.brown@xxxxxxxxxx, ard.biesheuvel@xxxxxxxxxx, marc.zyngier@xxxxxxx, will.deacon@xxxxxxx Message-ID: <20180403110923.43575-27-mark.rutland@xxxxxxx> From: Will Deacon <will.deacon@xxxxxxx> commit f167211a93ac upstream. We don't fully understand the Cavium ThunderX erratum, but it appears that mapping the kernel as nG can lead to horrible consequences such as attempting to execute userspace from kernel context. Since kpti isn't enabled for these CPUs anyway, simplify the comment justifying the lack of post_ttbr_update_workaround in the exception trampoline. Signed-off-by: Will Deacon <will.deacon@xxxxxxx> Signed-off-by: Catalin Marinas <catalin.marinas@xxxxxxx> Signed-off-by: Alex Shi <alex.shi@xxxxxxxxxx> [v4.9 backport] Signed-off-by: Mark Rutland <mark.rutland@xxxxxxx> [v4.9 backport] Tested-by: Will Deacon <will.deacon@xxxxxxx> Tested-by: Greg Hackmann <ghackmann@xxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- arch/arm64/kernel/entry.S | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -861,16 +861,9 @@ __ni_sys_trace: orr \tmp, \tmp, #USER_ASID_FLAG msr ttbr1_el1, \tmp /* - * We avoid running the post_ttbr_update_workaround here because the - * user and kernel ASIDs don't have conflicting mappings, so any - * "blessing" as described in: - * - * http://lkml.kernel.org/r/56BB848A.6060603@xxxxxxxxxxxxxxxxxx - * - * will not hurt correctness. Whilst this may partially defeat the - * point of using split ASIDs in the first place, it avoids - * the hit of invalidating the entire I-cache on every return to - * userspace. + * We avoid running the post_ttbr_update_workaround here because + * it's only needed by Cavium ThunderX, which requires KPTI to be + * disabled. */ .endm Patches currently in stable-queue which might be from mark.rutland@xxxxxxx are queue-4.9/arm64-mm-add-arm64_kernel_unmapped_at_el0-helper.patch queue-4.9/arm64-entry-reword-comment-about-post_ttbr_update_workaround.patch queue-4.9/arm64-kaslr-put-kernel-vectors-address-in-separate-data-page.patch queue-4.9/arm64-turn-on-kpti-only-on-cpus-that-need-it.patch queue-4.9/arm64-force-kpti-to-be-disabled-on-cavium-thunderx.patch queue-4.9/arm64-mm-allocate-asids-in-pairs.patch queue-4.9/arm64-tls-avoid-unconditional-zeroing-of-tpidrro_el0-for-native-tasks.patch queue-4.9/arm64-use-ret-instruction-for-exiting-the-trampoline.patch queue-4.9/arm64-entry-explicitly-pass-exception-level-to-kernel_ventry-macro.patch queue-4.9/arm64-kpti-make-use-of-ng-dependent-on-arm64_kernel_unmapped_at_el0.patch queue-4.9/arm64-mm-use-non-global-mappings-for-kernel-space.patch queue-4.9/arm64-capabilities-handle-duplicate-entries-for-a-capability.patch queue-4.9/arm64-entry-hook-up-entry-trampoline-to-exception-vectors.patch queue-4.9/arm64-mm-invalidate-both-kernel-and-user-asids-when-performing-tlbi.patch queue-4.9/arm64-mm-map-entry-trampoline-into-trampoline-and-kernel-page-tables.patch queue-4.9/module-extend-rodata-off-boot-cmdline-parameter-to-module-mappings.patch queue-4.9/arm64-kconfig-reword-unmap_kernel_at_el0-kconfig-entry.patch queue-4.9/arm64-mm-move-asid-from-ttbr0-to-ttbr1.patch queue-4.9/arm64-allow-checking-of-a-cpu-local-erratum.patch queue-4.9/arm64-take-into-account-id_aa64pfr0_el1.csv3.patch queue-4.9/arm64-kconfig-add-config_unmap_kernel_at_el0.patch queue-4.9/arm64-idmap-use-awx-flags-for-.idmap.text-.pushsection-directives.patch queue-4.9/arm64-factor-out-entry-stack-manipulation.patch queue-4.9/arm64-entry-add-exception-trampoline-page-for-exceptions-from-el0.patch queue-4.9/arm64-kpti-add-enable-callback-to-remap-swapper-using-ng-mappings.patch queue-4.9/arm64-entry-add-fake-cpu-feature-for-unmapping-the-kernel-at-el0.patch queue-4.9/arm64-cputype-add-midr-values-for-cavium-thunderx2-cpus.patch