[Bionic] Spectre v4 mitigation (Speculative Store Bypass Disable) support for arm64 using SMC firmware call to set a hardware chicken bit

Bug #1787993 reported by Manoj Iyer on 2018-08-20
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
High
Canonical Kernel Team
Bionic
High
Unassigned

Bug Description

[Impact]
Spectre v4 mitigation (Speculative Store Bypass Disable) support for arm64
was implemented in the Arm Trusted Firmware with SMCCC v1.1 and SMCCC_ARCH_WORKAROUND_2[1, 2].

Kernel patches were later produced to toggle the workaround, enable it only for the kernel side, both for the host or hypervisor case.

[Fix]

Original fix:
http://lkml.iu.edu/hypermail/linux/kernel/1805.2/05868.html

This patchset is a cherry pick of those patches (and prerequisistes) from the stable / linux-4.14.y tree, forward ported to our Bionic kernel.

[Test]

Boot a patched kernel and add on the cmdline:

ssbd=force-on

on dmesg you should see something like:

[ 0.779901] ssbd: forced from command-line

Same goes for the off case:

ssbd=force-off

[ 0.781002] ssbd: disabled from command-line

[Regression Potential]

Since it's "new code" to our Bionic kernel, there's some regression potential, but it was a clean pick from linux-4.14.y without almost any modication (except for some mechanical diff to make it apply).

1: https://developer.arm.com/cache-speculation-vulnerability-firmware-specification
2: https://github.com/ARM-software/arm-trusted-firmware/pull/1392

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1787993

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
tags: added: bionic
Manoj Iyer (manjo) on 2018-08-20
Changed in linux (Ubuntu):
assignee: nobody → Canonical Kernel Team (canonical-kernel-team)
Manoj Iyer (manjo) wrote :

Tyler Hicks pointed out that Cortex-A57, Cortex-A72, Cortex-A73, and Cortex-A75 all just receive
firmware updates that disabled memory disambiguation at boot time to mitigate SSB. The following page indicates that the patches are only relevant for Cortex-A76. https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability

Paolo Pisati (p-pisati) on 2018-08-30
description: updated
Stefan Bader (smb) on 2018-08-30
Changed in linux (Ubuntu Bionic):
importance: Undecided → High
Changed in linux (Ubuntu Bionic):
status: New → In Progress
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-bionic
Manoj Iyer (manjo) wrote :

-- SRU verification --

No regressions were found booting with the SRU kernel.

ubuntu@helo:~$ uname -a
Linux helo 4.15.0-35-generic #38-Ubuntu SMP Wed Sep 12 10:35:16 UTC 2018 aarch64 aarch64 aarch64 GNU/Linux

ubuntu@helo:~$ dmesg | grep -i ssbd
[ 0.000000] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-4.15.0-35-generic root=UUID=06508e54-5e22-4f62-a30c-56a9268e39be ro ssbd=force-on

tags: added: verification-done-bionic
removed: verification-needed-bionic
Manoj Iyer (manjo) wrote :

-- SRU Verification --
Enabled SSBD v4 in firmware and booted the -proposed kernel, no regressions were found on boot.

- Enable SSBD V4 in firmware. -
CAVM_CN99xx# env set core_feature_mask 0x20
core_feature_mask is set to 32
Env Var core_feature_mask set with Value 32
Execute 'env save' Command to make the changes persistent
CAVM_CN99xx# env save

-----------------------------------
       ENV Variable Settings
-----------------------------------
Name : Value
-----------------------------------
turbo : 0
smt : 4
corefreq : 2199
numcores : 28
icispeed : 1
socnclk : 666
socsclk : 1199
memclk : 2199
ddrspeed_auto : 0
ddrspeed : 2400
progcpufreq : 1
progdevfreq : 1
dmc_node_channel_mask : 0000ffff
thermcontrol : 1
thermlimit : 105
enter_debug_shell : 0
dbg_speed_up_ddr_lvl : 0
enable_dram_scrub : 0
ipmbcontrol : 1
ddr_dmt_advanced : 0
cppccontrol : 0
loglevel : 0
uart_params : 115200/8-N-1 none
core_feature_mask : 32
sys_feature_mask : 0x00000000
ddr_refresh_rate : 1
fw_feature_mask : 0x00000000
dram_ce_threshold : 500
dram_ce_window : 60 sec
dram_ce_leak_rate : 1 msec/error
-----------------------------------
CAVM_CN99xx#

- Boot the -proposed kernel -
ubuntu@helo:~$ uname -a
Linux helo 4.15.0-35-generic #38-Ubuntu SMP Wed Sep 12 10:35:16 UTC 2018 aarch64 aarch64 aarch64 GNU/Linux
ubuntu@helo:~$

ubuntu@helo:~$ dmesg | grep -i ssbd
[ 0.000000] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-4.15.0-35-generic root=UUID=06508e54-5e22-4f62-a30c-56a9268e39be ro ssbd=force-on

Launchpad Janitor (janitor) wrote :
Download full text (23.5 KiB)

This bug was fixed in the package linux - 4.15.0-36.39

---------------
linux (4.15.0-36.39) bionic; urgency=medium

  * CVE-2018-14633
    - iscsi target: Use hex2bin instead of a re-implementation

  * CVE-2018-17182
    - mm: get rid of vmacache_flush_all() entirely

linux (4.15.0-35.38) bionic; urgency=medium

  * linux: 4.15.0-35.38 -proposed tracker (LP: #1791719)

  * device hotplug of vfio devices can lead to deadlock in vfio_pci_release
    (LP: #1792099)
    - SAUCE: vfio -- release device lock before userspace requests

  * L1TF mitigation not effective in some CPU and RAM combinations
    (LP: #1788563)
    - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
    - x86/speculation/l1tf: Fix off-by-one error when warning that system has too
      much RAM
    - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+

  * CVE-2018-15594
    - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests

  * CVE-2017-5715 (Spectre v2 s390x)
    - KVM: s390: implement CPU model only facilities
    - s390: detect etoken facility
    - KVM: s390: add etoken support for guests
    - s390/lib: use expoline for all bcr instructions
    - s390: fix br_r1_trampoline for machines without exrl
    - SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT

  * Ubuntu18.04.1: cpuidle: powernv: Fix promotion from snooze if next state
    disabled (performance) (LP: #1790602)
    - cpuidle: powernv: Fix promotion from snooze if next state disabled

  * Watchdog CPU:19 Hard LOCKUP when kernel crash was triggered (LP: #1790636)
    - powerpc: hard disable irqs in smp_send_stop loop
    - powerpc: Fix deadlock with multiple calls to smp_send_stop
    - powerpc: smp_send_stop do not offline stopped CPUs
    - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled

  * Security fix: check if IOMMU page is contained in the pinned physical page
    (LP: #1785675)
    - vfio/spapr: Use IOMMU pageshift rather than pagesize
    - KVM: PPC: Check if IOMMU page is contained in the pinned physical page

  * Missing Intel GPU pci-id's (LP: #1789924)
    - drm/i915/kbl: Add KBL GT2 sku
    - drm/i915/whl: Introducing Whiskey Lake platform
    - drm/i915/aml: Introducing Amber Lake platform
    - drm/i915/cfl: Add a new CFL PCI ID.

  * CVE-2018-15572
    - x86/speculation: Protect against userspace-userspace spectreRSB

  * Support Power Management for Thunderbolt Controller (LP: #1789358)
    - thunderbolt: Handle NULL boot ACL entries properly
    - thunderbolt: Notify userspace when boot_acl is changed
    - thunderbolt: Use 64-bit DMA mask if supported by the platform
    - thunderbolt: Do not unnecessarily call ICM get route
    - thunderbolt: No need to take tb->lock in domain suspend/complete
    - thunderbolt: Use correct ICM commands in system suspend
    - thunderbolt: Add support for runtime PM

  * random oopses on s390 systems using NVMe devices (LP: #1790480)
    - s390/pci: fix out of bounds access during irq setup

  * [Bionic] Spectre v4 mitigation (Speculative Store Bypass Disable) support
    for arm64 using SMC firmware call to set a hardware chicken bit
    (LP: #1787993) // CVE-2018...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers