[0/4] arm64: mitigate CVE-2024-7881 in the absence of firmware mitigation

Message ID	20250128155428.210645-1-mark.rutland@arm.com (mailing list archive)
Headers	show Return-Path: <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org> From: Mark Rutland <mark.rutland@arm.com> To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, joey.gouly@arm.com, kvmarm@lists.linux.dev, mark.rutland@arm.com, maz@kernel.org, oliver.upton@linux.dev, suzuki.poulose@arm.com, will@kernel.org, yuzenghui@huawei.com Subject: [PATCH 0/4] arm64: mitigate CVE-2024-7881 in the absence of firmware mitigation Date: Tue, 28 Jan 2025 15:54:24 +0000 Message-Id: <20250128155428.210645-1-mark.rutland@arm.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org> Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org
Series	arm64: mitigate CVE-2024-7881 in the absence of firmware mitigation \| expand [0/4] arm64: mitigate CVE-2024-7881 in the absence of firmware mitigation [1/4] arm64: cpufeature: rename unmap_kernel_at_el0() -> needs_kpti() [2/4] arm64: cpufeature: factor out cpu_is_meltdown_safe() [3/4] arm64: cpufeature: mitigate CVE-2024-7881 [4/4] KVM: arm64: expose SMCCC_ARCH_WORKAROUND_4 to guests

Message ID

20250128155428.210645-1-mark.rutland@arm.com (mailing list archive)

Headers

From: Mark Rutland <mark.rutland@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: catalin.marinas@arm.com,
	joey.gouly@arm.com,
	kvmarm@lists.linux.dev,
	mark.rutland@arm.com,
	maz@kernel.org,
	oliver.upton@linux.dev,
	suzuki.poulose@arm.com,
	will@kernel.org,
	yuzenghui@huawei.com
Subject: [PATCH 0/4] arm64: mitigate CVE-2024-7881 in the absence of firmware
 mitigation
Date: Tue, 28 Jan 2025 15:54:24 +0000
Message-Id: <20250128155428.210645-1-mark.rutland@arm.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: list
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

Series

arm64: mitigate CVE-2024-7881 in the absence of firmware mitigation | expand

Message

Mark Rutland Jan. 28, 2025, 3:54 p.m. UTC

On some CPUs from Arm Ltd, it is possible for unprivileged code to cause
a hardware prefetcher to form an address using the contents of a memory
location which is accessible by privileged accesses in the active
translation regime, potentially leaking the contents of this memory
location via a side channel. This has been assigned CVE-2024-7881:

  https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881

Arm's recommended mitigation is that firmware configures an
IMPLEMENTATION DEFINED control bit (CPUACTLR6_EL1[41]) to disable the
affected prefetcher, and updates to Trusted Firmware-A are available to
do this. For systems which have not yet recevied a firmware update, KPTI
can help to mitigate the issue.

These patches enable KPTI for affected parts when the firmware
mitigation is not present. The presence of the mitigation is identified
by the presence of the SMCCC_ARCH_WORKAROUND_4 SMCCC call, which was
deployed with the mitigation. This is documented in the SMCCC 1.6 G BET0
specification:

  https://developer.arm.com/documentation/den0028/gbet0/?lang=en

I have tested this on a few configurations of virtual platforms. I'd
appreciate any feedback, especially on the KVM changes.

Mark.

Mark Rutland (4):
  arm64: cpufeature: rename unmap_kernel_at_el0() -> needs_kpti()
  arm64: cpufeature: factor out cpu_is_meltdown_safe()
  arm64: cpufeature: mitigate CVE-2024-7881
  KVM: arm64: expose SMCCC_ARCH_WORKAROUND_4 to guests

 arch/arm64/include/asm/spectre.h  |  2 +
 arch/arm64/include/uapi/asm/kvm.h |  4 ++
 arch/arm64/kernel/cpufeature.c    | 95 ++++++++++++++++++++++++-------
 arch/arm64/kvm/hypercalls.c       | 21 +++++++
 include/linux/arm-smccc.h         |  5 ++
 5 files changed, 107 insertions(+), 20 deletions(-)

Comments

Oliver Upton Jan. 30, 2025, 9:48 p.m. UTC | #1

Hi Mark,

On Tue, Jan 28, 2025 at 03:54:24PM +0000, Mark Rutland wrote:
> On some CPUs from Arm Ltd, it is possible for unprivileged code to cause
> a hardware prefetcher to form an address using the contents of a memory
> location which is accessible by privileged accesses in the active
> translation regime, potentially leaking the contents of this memory
> location via a side channel. This has been assigned CVE-2024-7881:
> 
>   https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881
> 
> Arm's recommended mitigation is that firmware configures an
> IMPLEMENTATION DEFINED control bit (CPUACTLR6_EL1[41]) to disable the
> affected prefetcher, and updates to Trusted Firmware-A are available to
> do this. For systems which have not yet recevied a firmware update, KPTI
> can help to mitigate the issue.
> 
> These patches enable KPTI for affected parts when the firmware
> mitigation is not present. The presence of the mitigation is identified
> by the presence of the SMCCC_ARCH_WORKAROUND_4 SMCCC call, which was
> deployed with the mitigation. This is documented in the SMCCC 1.6 G BET0
> specification:
> 
>   https://developer.arm.com/documentation/den0028/gbet0/?lang=en
> 
> I have tested this on a few configurations of virtual platforms. I'd
> appreciate any feedback, especially on the KVM changes.

The KVM changes look reasonable and follow the usual model for this
crud. It would be nice to report the mitigation state to userspace
somehow as I would like to have a KVM selftest for all of the hardware
vulnerabilities.

But anyway,

Reviewed-by: Oliver Upton <oliver.upton@linux.dev>