| Message ID | 20221107063617.872524-1-dqfext@gmail.com |
|---|---|
| State | Changes Requested, archived |
| Headers | show |
| Series | arm64: only enable BHI mitigation on affected CPUs | expand |
On 11/7/22 07:36, DENG Qingfang wrote: > When kernel 5.15 support was added, a new config symbol for ARM64 BHI > mitigation was enabled, which was also later backported to 5.10. However, > only a few CPUs are affected by BHI [0]. > Disable it by default, and enable it only on Cortex-A72 targets. > > [0] https://developer.arm.com/Arm%20Security%20Center/Spectre-BHB > Fixes: 9a038e7fd12e ("generic: 5.15: copy config and patch from 5.10") > Fixes: 048f0b170296 ("kernel: bump 5.10 to 5.10.105") > Signed-off-by: DENG Qingfang <dqfext@gmail.com> > --- > target/linux/bcm27xx/bcm2711/config-5.15 | 1 + > target/linux/generic/config-5.10 | 2 +- > target/linux/generic/config-5.15 | 2 +- > target/linux/mvebu/cortexa72/config-5.10 | 1 + > target/linux/mvebu/cortexa72/config-5.15 | 1 + > 5 files changed, 5 insertions(+), 2 deletions(-) > Sorry for the late answer. Please rebase this patch, it does not apply any more. The armvirt and the layerscape target could also run on out of order CPUs. For octeontx I am not sure. Please activate it there too. Hauke
diff --git a/target/linux/bcm27xx/bcm2711/config-5.15 b/target/linux/bcm27xx/bcm2711/config-5.15 index d98d76c333..37bc00b942 100644 --- a/target/linux/bcm27xx/bcm2711/config-5.15 +++ b/target/linux/bcm27xx/bcm2711/config-5.15 @@ -296,6 +296,7 @@ CONFIG_MFD_CORE=y # CONFIG_MFD_RPISENSE_CORE is not set CONFIG_MFD_SYSCON=y CONFIG_MIGRATION=y +CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY=y CONFIG_MMC=y CONFIG_MMC_BCM2835=y CONFIG_MMC_BCM2835_DMA=y diff --git a/target/linux/generic/config-5.10 b/target/linux/generic/config-5.10 index 5220f65b56..3d229c0f4c 100644 --- a/target/linux/generic/config-5.10 +++ b/target/linux/generic/config-5.10 @@ -3419,7 +3419,7 @@ CONFIG_MISC_FILESYSTEMS=y # CONFIG_MISDN_NETJET is not set # CONFIG_MISDN_SPEEDFAX is not set # CONFIG_MISDN_W6692 is not set -CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY=y +# CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY is not set # CONFIG_MKISS is not set # CONFIG_MLX4_CORE is not set # CONFIG_MLX4_EN is not set diff --git a/target/linux/generic/config-5.15 b/target/linux/generic/config-5.15 index 699be4d6fb..fcfa51254c 100644 --- a/target/linux/generic/config-5.15 +++ b/target/linux/generic/config-5.15 @@ -3572,7 +3572,7 @@ CONFIG_MISC_FILESYSTEMS=y # CONFIG_MISDN_NETJET is not set # CONFIG_MISDN_SPEEDFAX is not set # CONFIG_MISDN_W6692 is not set -CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY=y +# CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY is not set # CONFIG_MKISS is not set # CONFIG_MLX4_CORE is not set # CONFIG_MLX4_EN is not set diff --git a/target/linux/mvebu/cortexa72/config-5.10 b/target/linux/mvebu/cortexa72/config-5.10 index 584c3fc9b8..94d04602b0 100644 --- a/target/linux/mvebu/cortexa72/config-5.10 +++ b/target/linux/mvebu/cortexa72/config-5.10 @@ -65,6 +65,7 @@ CONFIG_MDIO_DEVRES=y CONFIG_MFD_CORE=y CONFIG_MFD_IEI_WT61P803_PUZZLE=y CONFIG_MFD_SYSCON=y +CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY=y CONFIG_MMC_SDHCI_XENON=y CONFIG_MODULES_USE_ELF_RELA=y CONFIG_MVEBU_GICP=y diff --git a/target/linux/mvebu/cortexa72/config-5.15 b/target/linux/mvebu/cortexa72/config-5.15 index cb27e0285f..7981609b12 100644 --- a/target/linux/mvebu/cortexa72/config-5.15 +++ b/target/linux/mvebu/cortexa72/config-5.15 @@ -52,6 +52,7 @@ CONFIG_MARVELL_10G_PHY=y CONFIG_MFD_CORE=y CONFIG_MFD_IEI_WT61P803_PUZZLE=y CONFIG_MFD_SYSCON=y +CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY=y CONFIG_MMC_SDHCI_XENON=y CONFIG_MODULES_USE_ELF_RELA=y CONFIG_MVEBU_GICP=y
When kernel 5.15 support was added, a new config symbol for ARM64 BHI mitigation was enabled, which was also later backported to 5.10. However, only a few CPUs are affected by BHI [0]. Disable it by default, and enable it only on Cortex-A72 targets. [0] https://developer.arm.com/Arm%20Security%20Center/Spectre-BHB Fixes: 9a038e7fd12e ("generic: 5.15: copy config and patch from 5.10") Fixes: 048f0b170296 ("kernel: bump 5.10 to 5.10.105") Signed-off-by: DENG Qingfang <dqfext@gmail.com> --- target/linux/bcm27xx/bcm2711/config-5.15 | 1 + target/linux/generic/config-5.10 | 2 +- target/linux/generic/config-5.15 | 2 +- target/linux/mvebu/cortexa72/config-5.10 | 1 + target/linux/mvebu/cortexa72/config-5.15 | 1 + 5 files changed, 5 insertions(+), 2 deletions(-)