| Message ID | 20180830092606.GA2864@harukaze |
|---|---|
| State | New |
| Headers | show |
| Series | [SRU,B/master-next] arm64: Spectre v4 mitigation | expand |
On 30.08.2018 11:26, Paolo Pisati wrote: > BugLink: https://bugs.launchpad.net/bugs/1787993 > > [Impact] > Spectre v4 mitigation (Speculative Store Bypass Disable) for arm64 > was implemented in the Arm Trusted Firmware with SMCCC v1.1 and > SMCCC_ARCH_WORKAROUND_2[1, 2]. > > This patch series implements the Linux kernel side of the "Spectre-v4" > mitigation. > > [Fix] > > Original fix: > http://lkml.iu.edu/hypermail/linux/kernel/1805.2/05868.html > > This patchset is a cherry pick of those patches (and prerequisistes) from the > stable / linux-4.14.y tree, forward ported to our Bionic kernel. > > [Test] > > Boot a patched kernel and add on the cmdline: > > ssbd=force-on > > on dmesg you should see something like: > > [ 0.779901] ssbd: forced from command-line > > Same goes for the off case: > > ssbd=force-off > > [ 0.781002] ssbd: disabled from command-line > > [Regression Potential] > > Since it's "new code" to our Bionic kernel, there's some regression potential, > but it was a clean pick from linux-4.14.y without almost any modification (except > for some mechanical diff to make it apply). > > 1: https://developer.arm.com/cache-speculation-vulnerability-firmware-specification > 2: https://github.com/ARM-software/arm-trusted-firmware/pull/1392 > > The following changes since commit eb8e0abeb302275fe7328b10c3f6374abcb70d83: > > UBUNTU: Start new release (2018-08-28 10:09:44 -0700) > > are available in the git repository at: > > git://git.launchpad.net/~p-pisati/ubuntu/+source/linux b-master-next-spectrev4 > > for you to fetch changes up to b943fd8c926a0e64dd1d498216c0844f102126d1: > > UBUNTU: [Config] ARM64_SSBD=y (2018-08-30 10:33:58 +0200) > > ---------------------------------------------------------------- > Christoffer Dall (1): > KVM: arm64: Avoid storing the vcpu pointer on the stack > > Marc Zyngier (16): > arm64: alternatives: Add dynamic patching feature > KVM: arm/arm64: Do not use kern_hyp_va() with kvm_vgic_global_state > arm/arm64: smccc: Add SMCCC-specific return codes > arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1 > arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2 > arm64: Add ARCH_WORKAROUND_2 probing > arm64: Add 'ssbd' command-line option > arm64: ssbd: Add global mitigation state accessor > arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation > arm64: ssbd: Restore mitigation status on CPU resume > arm64: ssbd: Introduce thread flag to control userspace mitigation > arm64: ssbd: Add prctl interface for per-thread mitigation > arm64: KVM: Add HYP per-cpu accessors > arm64: KVM: Add ARCH_WORKAROUND_2 support for guests > arm64: KVM: Handle guest's ARCH_WORKAROUND_2 requests > arm64: KVM: Add ARCH_WORKAROUND_2 discovery through ARCH_FEATURES_FUNC_ID > > Paolo Pisati (1): > UBUNTU: [Config] ARM64_SSBD=y > > Documentation/admin-guide/kernel-parameters.txt | 17 +++ > arch/arm/include/asm/kvm_host.h | 12 ++ > arch/arm/include/asm/kvm_mmu.h | 12 ++ > arch/arm64/Kconfig | 9 ++ > arch/arm64/include/asm/alternative.h | 41 +++++- > arch/arm64/include/asm/cpucaps.h | 3 +- > arch/arm64/include/asm/cpufeature.h | 22 +++ > arch/arm64/include/asm/kvm_asm.h | 41 ++++++ > arch/arm64/include/asm/kvm_host.h | 41 ++++++ > arch/arm64/include/asm/kvm_mmu.h | 44 ++++++ > arch/arm64/include/asm/thread_info.h | 1 + > arch/arm64/kernel/Makefile | 1 + > arch/arm64/kernel/alternative.c | 43 ++++-- > arch/arm64/kernel/asm-offsets.c | 2 + > arch/arm64/kernel/cpu_errata.c | 180 ++++++++++++++++++++++++ > arch/arm64/kernel/entry.S | 30 ++++ > arch/arm64/kernel/hibernate.c | 11 ++ > arch/arm64/kernel/ssbd.c | 108 ++++++++++++++ > arch/arm64/kernel/suspend.c | 8 ++ > arch/arm64/kvm/hyp/entry.S | 6 +- > arch/arm64/kvm/hyp/hyp-entry.S | 66 ++++++--- > arch/arm64/kvm/hyp/switch.c | 43 +++++- > arch/arm64/kvm/hyp/sysreg-sr.c | 5 + > arch/arm64/kvm/reset.c | 4 + > debian.master/config/config.common.ubuntu | 1 + > include/linux/arm-smccc.h | 10 ++ > virt/kvm/arm/arm.c | 4 + > virt/kvm/arm/hyp/vgic-v2-sr.c | 2 +- > virt/kvm/arm/psci.c | 18 ++- > 29 files changed, 738 insertions(+), 47 deletions(-) > create mode 100644 arch/arm64/kernel/ssbd.c > I have not looked at the pull-request. So if not already done so, all the patches should probably have a "CVE-2018-3639 (arm64)" line added. I believe that was the correct number (maybe double check). Acked-by: Stefan Bader <stefan.bader@canonical.com>
CVE-2018-3639 (arm64) line added to all the patches and pushed: if you pull now, you will get it. On Thu, Aug 30, 2018 at 12:12 PM, Stefan Bader <stefan.bader@canonical.com> wrote: > On 30.08.2018 11:26, Paolo Pisati wrote: >> BugLink: https://bugs.launchpad.net/bugs/1787993 >> >> [Impact] >> Spectre v4 mitigation (Speculative Store Bypass Disable) for arm64 >> was implemented in the Arm Trusted Firmware with SMCCC v1.1 and >> SMCCC_ARCH_WORKAROUND_2[1, 2]. >> >> This patch series implements the Linux kernel side of the "Spectre-v4" >> mitigation. >> >> [Fix] >> >> Original fix: >> http://lkml.iu.edu/hypermail/linux/kernel/1805.2/05868.html >> >> This patchset is a cherry pick of those patches (and prerequisistes) from the >> stable / linux-4.14.y tree, forward ported to our Bionic kernel. >> >> [Test] >> >> Boot a patched kernel and add on the cmdline: >> >> ssbd=force-on >> >> on dmesg you should see something like: >> >> [ 0.779901] ssbd: forced from command-line >> >> Same goes for the off case: >> >> ssbd=force-off >> >> [ 0.781002] ssbd: disabled from command-line >> >> [Regression Potential] >> >> Since it's "new code" to our Bionic kernel, there's some regression potential, >> but it was a clean pick from linux-4.14.y without almost any modification (except >> for some mechanical diff to make it apply). >> >> 1: https://developer.arm.com/cache-speculation-vulnerability-firmware-specification >> 2: https://github.com/ARM-software/arm-trusted-firmware/pull/1392 >> >> The following changes since commit eb8e0abeb302275fe7328b10c3f6374abcb70d83: >> >> UBUNTU: Start new release (2018-08-28 10:09:44 -0700) >> >> are available in the git repository at: >> >> git://git.launchpad.net/~p-pisati/ubuntu/+source/linux b-master-next-spectrev4 >> >> for you to fetch changes up to b943fd8c926a0e64dd1d498216c0844f102126d1: >> >> UBUNTU: [Config] ARM64_SSBD=y (2018-08-30 10:33:58 +0200) >> >> ---------------------------------------------------------------- >> Christoffer Dall (1): >> KVM: arm64: Avoid storing the vcpu pointer on the stack >> >> Marc Zyngier (16): >> arm64: alternatives: Add dynamic patching feature >> KVM: arm/arm64: Do not use kern_hyp_va() with kvm_vgic_global_state >> arm/arm64: smccc: Add SMCCC-specific return codes >> arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1 >> arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2 >> arm64: Add ARCH_WORKAROUND_2 probing >> arm64: Add 'ssbd' command-line option >> arm64: ssbd: Add global mitigation state accessor >> arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation >> arm64: ssbd: Restore mitigation status on CPU resume >> arm64: ssbd: Introduce thread flag to control userspace mitigation >> arm64: ssbd: Add prctl interface for per-thread mitigation >> arm64: KVM: Add HYP per-cpu accessors >> arm64: KVM: Add ARCH_WORKAROUND_2 support for guests >> arm64: KVM: Handle guest's ARCH_WORKAROUND_2 requests >> arm64: KVM: Add ARCH_WORKAROUND_2 discovery through ARCH_FEATURES_FUNC_ID >> >> Paolo Pisati (1): >> UBUNTU: [Config] ARM64_SSBD=y >> >> Documentation/admin-guide/kernel-parameters.txt | 17 +++ >> arch/arm/include/asm/kvm_host.h | 12 ++ >> arch/arm/include/asm/kvm_mmu.h | 12 ++ >> arch/arm64/Kconfig | 9 ++ >> arch/arm64/include/asm/alternative.h | 41 +++++- >> arch/arm64/include/asm/cpucaps.h | 3 +- >> arch/arm64/include/asm/cpufeature.h | 22 +++ >> arch/arm64/include/asm/kvm_asm.h | 41 ++++++ >> arch/arm64/include/asm/kvm_host.h | 41 ++++++ >> arch/arm64/include/asm/kvm_mmu.h | 44 ++++++ >> arch/arm64/include/asm/thread_info.h | 1 + >> arch/arm64/kernel/Makefile | 1 + >> arch/arm64/kernel/alternative.c | 43 ++++-- >> arch/arm64/kernel/asm-offsets.c | 2 + >> arch/arm64/kernel/cpu_errata.c | 180 ++++++++++++++++++++++++ >> arch/arm64/kernel/entry.S | 30 ++++ >> arch/arm64/kernel/hibernate.c | 11 ++ >> arch/arm64/kernel/ssbd.c | 108 ++++++++++++++ >> arch/arm64/kernel/suspend.c | 8 ++ >> arch/arm64/kvm/hyp/entry.S | 6 +- >> arch/arm64/kvm/hyp/hyp-entry.S | 66 ++++++--- >> arch/arm64/kvm/hyp/switch.c | 43 +++++- >> arch/arm64/kvm/hyp/sysreg-sr.c | 5 + >> arch/arm64/kvm/reset.c | 4 + >> debian.master/config/config.common.ubuntu | 1 + >> include/linux/arm-smccc.h | 10 ++ >> virt/kvm/arm/arm.c | 4 + >> virt/kvm/arm/hyp/vgic-v2-sr.c | 2 +- >> virt/kvm/arm/psci.c | 18 ++- >> 29 files changed, 738 insertions(+), 47 deletions(-) >> create mode 100644 arch/arm64/kernel/ssbd.c >> > I have not looked at the pull-request. So if not already done so, all the > patches should probably have a "CVE-2018-3639 (arm64)" line added. I believe > that was the correct number (maybe double check). > > Acked-by: Stefan Bader <stefan.bader@canonical.com> >
On 08/30/18 11:26, Paolo Pisati wrote: > BugLink: https://bugs.launchpad.net/bugs/1787993 > > [Impact] > Spectre v4 mitigation (Speculative Store Bypass Disable) for arm64 > was implemented in the Arm Trusted Firmware with SMCCC v1.1 and > SMCCC_ARCH_WORKAROUND_2[1, 2]. > > This patch series implements the Linux kernel side of the "Spectre-v4" > mitigation. > > [Fix] > > Original fix: > http://lkml.iu.edu/hypermail/linux/kernel/1805.2/05868.html > > This patchset is a cherry pick of those patches (and prerequisistes) from the > stable / linux-4.14.y tree, forward ported to our Bionic kernel. > > [Test] > > Boot a patched kernel and add on the cmdline: > > ssbd=force-on > > on dmesg you should see something like: > > [ 0.779901] ssbd: forced from command-line > > Same goes for the off case: > > ssbd=force-off > > [ 0.781002] ssbd: disabled from command-line > > [Regression Potential] > > Since it's "new code" to our Bionic kernel, there's some regression potential, > but it was a clean pick from linux-4.14.y without almost any modification (except > for some mechanical diff to make it apply). > > 1: https://developer.arm.com/cache-speculation-vulnerability-firmware-specification > 2: https://github.com/ARM-software/arm-trusted-firmware/pull/1392 > > The following changes since commit eb8e0abeb302275fe7328b10c3f6374abcb70d83: > > UBUNTU: Start new release (2018-08-28 10:09:44 -0700) > > are available in the git repository at: > > git://git.launchpad.net/~p-pisati/ubuntu/+source/linux b-master-next-spectrev4 > > for you to fetch changes up to b943fd8c926a0e64dd1d498216c0844f102126d1: > > UBUNTU: [Config] ARM64_SSBD=y (2018-08-30 10:33:58 +0200) > > ---------------------------------------------------------------- > Christoffer Dall (1): > KVM: arm64: Avoid storing the vcpu pointer on the stack > > Marc Zyngier (16): > arm64: alternatives: Add dynamic patching feature > KVM: arm/arm64: Do not use kern_hyp_va() with kvm_vgic_global_state > arm/arm64: smccc: Add SMCCC-specific return codes > arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1 > arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2 > arm64: Add ARCH_WORKAROUND_2 probing > arm64: Add 'ssbd' command-line option > arm64: ssbd: Add global mitigation state accessor > arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation > arm64: ssbd: Restore mitigation status on CPU resume > arm64: ssbd: Introduce thread flag to control userspace mitigation > arm64: ssbd: Add prctl interface for per-thread mitigation > arm64: KVM: Add HYP per-cpu accessors > arm64: KVM: Add ARCH_WORKAROUND_2 support for guests > arm64: KVM: Handle guest's ARCH_WORKAROUND_2 requests > arm64: KVM: Add ARCH_WORKAROUND_2 discovery through ARCH_FEATURES_FUNC_ID > > Paolo Pisati (1): > UBUNTU: [Config] ARM64_SSBD=y > > Documentation/admin-guide/kernel-parameters.txt | 17 +++ > arch/arm/include/asm/kvm_host.h | 12 ++ > arch/arm/include/asm/kvm_mmu.h | 12 ++ > arch/arm64/Kconfig | 9 ++ > arch/arm64/include/asm/alternative.h | 41 +++++- > arch/arm64/include/asm/cpucaps.h | 3 +- > arch/arm64/include/asm/cpufeature.h | 22 +++ > arch/arm64/include/asm/kvm_asm.h | 41 ++++++ > arch/arm64/include/asm/kvm_host.h | 41 ++++++ > arch/arm64/include/asm/kvm_mmu.h | 44 ++++++ > arch/arm64/include/asm/thread_info.h | 1 + > arch/arm64/kernel/Makefile | 1 + > arch/arm64/kernel/alternative.c | 43 ++++-- > arch/arm64/kernel/asm-offsets.c | 2 + > arch/arm64/kernel/cpu_errata.c | 180 ++++++++++++++++++++++++ > arch/arm64/kernel/entry.S | 30 ++++ > arch/arm64/kernel/hibernate.c | 11 ++ > arch/arm64/kernel/ssbd.c | 108 ++++++++++++++ > arch/arm64/kernel/suspend.c | 8 ++ > arch/arm64/kvm/hyp/entry.S | 6 +- > arch/arm64/kvm/hyp/hyp-entry.S | 66 ++++++--- > arch/arm64/kvm/hyp/switch.c | 43 +++++- > arch/arm64/kvm/hyp/sysreg-sr.c | 5 + > arch/arm64/kvm/reset.c | 4 + > debian.master/config/config.common.ubuntu | 1 + > include/linux/arm-smccc.h | 10 ++ > virt/kvm/arm/arm.c | 4 + > virt/kvm/arm/hyp/vgic-v2-sr.c | 2 +- > virt/kvm/arm/psci.c | 18 ++- > 29 files changed, 738 insertions(+), 47 deletions(-) > create mode 100644 arch/arm64/kernel/ssbd.c > Limited to arm, upstream fixes. With the CVE references fixes: Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
On 08/30/18 11:26, Paolo Pisati wrote: > BugLink: https://bugs.launchpad.net/bugs/1787993 > > [Impact] > Spectre v4 mitigation (Speculative Store Bypass Disable) for arm64 > was implemented in the Arm Trusted Firmware with SMCCC v1.1 and > SMCCC_ARCH_WORKAROUND_2[1, 2]. > > This patch series implements the Linux kernel side of the "Spectre-v4" > mitigation. > > [Fix] > > Original fix: > http://lkml.iu.edu/hypermail/linux/kernel/1805.2/05868.html > > This patchset is a cherry pick of those patches (and prerequisistes) from the > stable / linux-4.14.y tree, forward ported to our Bionic kernel. > > [Test] > > Boot a patched kernel and add on the cmdline: > > ssbd=force-on > > on dmesg you should see something like: > > [ 0.779901] ssbd: forced from command-line > > Same goes for the off case: > > ssbd=force-off > > [ 0.781002] ssbd: disabled from command-line > > [Regression Potential] > > Since it's "new code" to our Bionic kernel, there's some regression potential, > but it was a clean pick from linux-4.14.y without almost any modification (except > for some mechanical diff to make it apply). > > 1: https://developer.arm.com/cache-speculation-vulnerability-firmware-specification > 2: https://github.com/ARM-software/arm-trusted-firmware/pull/1392 > > The following changes since commit eb8e0abeb302275fe7328b10c3f6374abcb70d83: > > UBUNTU: Start new release (2018-08-28 10:09:44 -0700) > > are available in the git repository at: > > git://git.launchpad.net/~p-pisati/ubuntu/+source/linux b-master-next-spectrev4 > > for you to fetch changes up to b943fd8c926a0e64dd1d498216c0844f102126d1: > > UBUNTU: [Config] ARM64_SSBD=y (2018-08-30 10:33:58 +0200) > > ---------------------------------------------------------------- > Christoffer Dall (1): > KVM: arm64: Avoid storing the vcpu pointer on the stack > > Marc Zyngier (16): > arm64: alternatives: Add dynamic patching feature > KVM: arm/arm64: Do not use kern_hyp_va() with kvm_vgic_global_state > arm/arm64: smccc: Add SMCCC-specific return codes > arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1 > arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2 > arm64: Add ARCH_WORKAROUND_2 probing > arm64: Add 'ssbd' command-line option > arm64: ssbd: Add global mitigation state accessor > arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation > arm64: ssbd: Restore mitigation status on CPU resume > arm64: ssbd: Introduce thread flag to control userspace mitigation > arm64: ssbd: Add prctl interface for per-thread mitigation > arm64: KVM: Add HYP per-cpu accessors > arm64: KVM: Add ARCH_WORKAROUND_2 support for guests > arm64: KVM: Handle guest's ARCH_WORKAROUND_2 requests > arm64: KVM: Add ARCH_WORKAROUND_2 discovery through ARCH_FEATURES_FUNC_ID > > Paolo Pisati (1): > UBUNTU: [Config] ARM64_SSBD=y > > Documentation/admin-guide/kernel-parameters.txt | 17 +++ > arch/arm/include/asm/kvm_host.h | 12 ++ > arch/arm/include/asm/kvm_mmu.h | 12 ++ > arch/arm64/Kconfig | 9 ++ > arch/arm64/include/asm/alternative.h | 41 +++++- > arch/arm64/include/asm/cpucaps.h | 3 +- > arch/arm64/include/asm/cpufeature.h | 22 +++ > arch/arm64/include/asm/kvm_asm.h | 41 ++++++ > arch/arm64/include/asm/kvm_host.h | 41 ++++++ > arch/arm64/include/asm/kvm_mmu.h | 44 ++++++ > arch/arm64/include/asm/thread_info.h | 1 + > arch/arm64/kernel/Makefile | 1 + > arch/arm64/kernel/alternative.c | 43 ++++-- > arch/arm64/kernel/asm-offsets.c | 2 + > arch/arm64/kernel/cpu_errata.c | 180 ++++++++++++++++++++++++ > arch/arm64/kernel/entry.S | 30 ++++ > arch/arm64/kernel/hibernate.c | 11 ++ > arch/arm64/kernel/ssbd.c | 108 ++++++++++++++ > arch/arm64/kernel/suspend.c | 8 ++ > arch/arm64/kvm/hyp/entry.S | 6 +- > arch/arm64/kvm/hyp/hyp-entry.S | 66 ++++++--- > arch/arm64/kvm/hyp/switch.c | 43 +++++- > arch/arm64/kvm/hyp/sysreg-sr.c | 5 + > arch/arm64/kvm/reset.c | 4 + > debian.master/config/config.common.ubuntu | 1 + > include/linux/arm-smccc.h | 10 ++ > virt/kvm/arm/arm.c | 4 + > virt/kvm/arm/hyp/vgic-v2-sr.c | 2 +- > virt/kvm/arm/psci.c | 18 ++- > 29 files changed, 738 insertions(+), 47 deletions(-) > create mode 100644 arch/arm64/kernel/ssbd.c > Applied to bionic/master-next branch. Thanks, Kleber
BugLink: https://bugs.launchpad.net/bugs/1787993 [Impact] Spectre v4 mitigation (Speculative Store Bypass Disable) for arm64 was implemented in the Arm Trusted Firmware with SMCCC v1.1 and SMCCC_ARCH_WORKAROUND_2[1, 2]. This patch series implements the Linux kernel side of the "Spectre-v4" mitigation. [Fix] Original fix: http://lkml.iu.edu/hypermail/linux/kernel/1805.2/05868.html This patchset is a cherry pick of those patches (and prerequisistes) from the stable / linux-4.14.y tree, forward ported to our Bionic kernel. [Test] Boot a patched kernel and add on the cmdline: ssbd=force-on on dmesg you should see something like: [ 0.779901] ssbd: forced from command-line Same goes for the off case: ssbd=force-off [ 0.781002] ssbd: disabled from command-line [Regression Potential] Since it's "new code" to our Bionic kernel, there's some regression potential, but it was a clean pick from linux-4.14.y without almost any modification (except for some mechanical diff to make it apply). 1: https://developer.arm.com/cache-speculation-vulnerability-firmware-specification 2: https://github.com/ARM-software/arm-trusted-firmware/pull/1392 The following changes since commit eb8e0abeb302275fe7328b10c3f6374abcb70d83: UBUNTU: Start new release (2018-08-28 10:09:44 -0700) are available in the git repository at: git://git.launchpad.net/~p-pisati/ubuntu/+source/linux b-master-next-spectrev4 for you to fetch changes up to b943fd8c926a0e64dd1d498216c0844f102126d1: UBUNTU: [Config] ARM64_SSBD=y (2018-08-30 10:33:58 +0200) ---------------------------------------------------------------- Christoffer Dall (1): KVM: arm64: Avoid storing the vcpu pointer on the stack Marc Zyngier (16): arm64: alternatives: Add dynamic patching feature KVM: arm/arm64: Do not use kern_hyp_va() with kvm_vgic_global_state arm/arm64: smccc: Add SMCCC-specific return codes arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1 arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2 arm64: Add ARCH_WORKAROUND_2 probing arm64: Add 'ssbd' command-line option arm64: ssbd: Add global mitigation state accessor arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation arm64: ssbd: Restore mitigation status on CPU resume arm64: ssbd: Introduce thread flag to control userspace mitigation arm64: ssbd: Add prctl interface for per-thread mitigation arm64: KVM: Add HYP per-cpu accessors arm64: KVM: Add ARCH_WORKAROUND_2 support for guests arm64: KVM: Handle guest's ARCH_WORKAROUND_2 requests arm64: KVM: Add ARCH_WORKAROUND_2 discovery through ARCH_FEATURES_FUNC_ID Paolo Pisati (1): UBUNTU: [Config] ARM64_SSBD=y Documentation/admin-guide/kernel-parameters.txt | 17 +++ arch/arm/include/asm/kvm_host.h | 12 ++ arch/arm/include/asm/kvm_mmu.h | 12 ++ arch/arm64/Kconfig | 9 ++ arch/arm64/include/asm/alternative.h | 41 +++++- arch/arm64/include/asm/cpucaps.h | 3 +- arch/arm64/include/asm/cpufeature.h | 22 +++ arch/arm64/include/asm/kvm_asm.h | 41 ++++++ arch/arm64/include/asm/kvm_host.h | 41 ++++++ arch/arm64/include/asm/kvm_mmu.h | 44 ++++++ arch/arm64/include/asm/thread_info.h | 1 + arch/arm64/kernel/Makefile | 1 + arch/arm64/kernel/alternative.c | 43 ++++-- arch/arm64/kernel/asm-offsets.c | 2 + arch/arm64/kernel/cpu_errata.c | 180 ++++++++++++++++++++++++ arch/arm64/kernel/entry.S | 30 ++++ arch/arm64/kernel/hibernate.c | 11 ++ arch/arm64/kernel/ssbd.c | 108 ++++++++++++++ arch/arm64/kernel/suspend.c | 8 ++ arch/arm64/kvm/hyp/entry.S | 6 +- arch/arm64/kvm/hyp/hyp-entry.S | 66 ++++++--- arch/arm64/kvm/hyp/switch.c | 43 +++++- arch/arm64/kvm/hyp/sysreg-sr.c | 5 + arch/arm64/kvm/reset.c | 4 + debian.master/config/config.common.ubuntu | 1 + include/linux/arm-smccc.h | 10 ++ virt/kvm/arm/arm.c | 4 + virt/kvm/arm/hyp/vgic-v2-sr.c | 2 +- virt/kvm/arm/psci.c | 18 ++- 29 files changed, 738 insertions(+), 47 deletions(-) create mode 100644 arch/arm64/kernel/ssbd.c