arm64: ssbd: Restore mitigation status on CPU resume

BugLink: https://bugs.launchpad.net/bugs/1787993
CVE-2018-3639 (arm64)

commit 647d0519b53f440a55df163de21c52a8205431cc upstream.

On a system where firmware can dynamically change the state of the
mitigation, the CPU will always come up with the mitigation enabled,
including when coming back from suspend.

If the user has requested "no mitigation" via a command line option,
let's enforce it by calling into the firmware again to disable it.

Similarily, for a resume from hibernate, the mitigation could have
been disabled by the boot kernel. Let's ensure that it is set
back on in that case.

Acked-by: Will Deacon <will.deacon@arm.com>
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit c5c89bb4deb8e1f0eed0968f37dfa936f6b5e4c1
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git /
linux-4.14.y)
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h
index 9a6fa29062c21c20a0933c1aa7107ef08756971b..3666cdf28164421bc48bfbf39436c6f92813607b 100644 (file)
--- a/arch/arm64/include/asm/cpufeature.h
+++ b/arch/arm64/include/asm/cpufeature.h
@@ -323,6 +323,12 @@ static inline int arm64_get_ssbd_state(void)
 #endif
 }
 
+#ifdef CONFIG_ARM64_SSBD
+void arm64_set_ssbd_mitigation(bool state);
+#else
+static inline void arm64_set_ssbd_mitigation(bool state) {}
+#endif
+
 #endif /* __ASSEMBLY__ */
 
 #endif

diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
index 012dab9d9a010c64ac7051038a4b3841ce632aaa..eccdb28b4a39c98c3d55686bd7647a7e3732acc3 100644 (file)
--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c
@@ -299,7 +299,7 @@ void __init arm64_enable_wa2_handling(struct alt_instr *alt,
                *updptr = cpu_to_le32(aarch64_insn_gen_nop());
 }
 
-static void arm64_set_ssbd_mitigation(bool state)
+void arm64_set_ssbd_mitigation(bool state)
 {
        switch (psci_ops.conduit) {
        case PSCI_CONDUIT_HVC:

diff --git a/arch/arm64/kernel/hibernate.c b/arch/arm64/kernel/hibernate.c
index 3009b8b80f08043e99802e8623022c35398f02e4..f76c02f28ae5c5f1597932429b51536cc062f0e3 100644 (file)
--- a/arch/arm64/kernel/hibernate.c
+++ b/arch/arm64/kernel/hibernate.c
@@ -314,6 +314,17 @@ int swsusp_arch_suspend(void)
 
                sleep_cpu = -EINVAL;
                __cpu_suspend_exit();
+
+               /*
+                * Just in case the boot kernel did turn the SSBD
+                * mitigation off behind our back, let's set the state
+                * to what we expect it to be.
+                */
+               switch (arm64_get_ssbd_state()) {
+               case ARM64_SSBD_FORCE_ENABLE:
+               case ARM64_SSBD_KERNEL:
+                       arm64_set_ssbd_mitigation(true);
+               }
        }
 
        local_daif_restore(flags);

diff --git a/arch/arm64/kernel/suspend.c b/arch/arm64/kernel/suspend.c
index a307b9e1339293d57010619857c5e8f2e32fdbfc..70c283368b6469f34156aeeac04a7eb4bc8fda92 100644 (file)
--- a/arch/arm64/kernel/suspend.c
+++ b/arch/arm64/kernel/suspend.c
@@ -62,6 +62,14 @@ void notrace __cpu_suspend_exit(void)
         */
        if (hw_breakpoint_restore)
                hw_breakpoint_restore(cpu);
+
+       /*
+        * On resume, firmware implementing dynamic mitigation will
+        * have turned the mitigation on. If the user has forcefully
+        * disabled it, make sure their wishes are obeyed.
+        */
+       if (arm64_get_ssbd_state() == ARM64_SSBD_FORCE_DISABLE)
+               arm64_set_ssbd_mitigation(false);
 }
 
 /*