mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-10 15:10:38 +00:00
0aebc6a440
- Security mitigations: - variant 2: invalidating the branch predictor with a call to secure firmware - variant 3: implementing KPTI for arm64 - 52-bit physical address support for arm64 (ARMv8.2) - arm64 support for RAS (firmware first only) and SDEI (software delegated exception interface; allows firmware to inject a RAS error into the OS) - Perf support for the ARM DynamIQ Shared Unit PMU - CPUID and HWCAP bits updated for new floating point multiplication instructions in ARMv8.4 - Removing some virtual memory layout printks during boot - Fix initial page table creation to cope with larger than 32M kernel images when 16K pages are enabled -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE5RElWfyWxS+3PLO2a9axLQDIXvEFAlpwxDMACgkQa9axLQDI XvF55BAAniMpxPXnYNfv6l7/4O8eKo1lJIaG1wbej4JRZ/rT3K4Z3OBXW1dKHO8d /PTbVmZ90IqIGROkoDrE+6xyjjn9yK3uuW4ytN2zQkBa8VFaHAnHlX+zKQcuwy9f yxwiHk+C7vK5JR7mpXTazjRknsUv1MPtlTt7DQrSdq0KRDJVDNFC+grmbew2rz0X cjQDqZqgzuFyrKxdiQVjDmc3zH9NsNBhDo0hlGHf2jK6bGJsAPtI8M2JcLrK8ITG Ye/dD7BJp1mWD8ff0BPaMxu24qfAMNLH8f2dpTa986/H78irVz7i/t5HG0/1+5Jh EE4OFRTKZ59Qgyo1zWcaJvdp8YjiaX/L4PWJg8CxM5OhP9dIac9ydcFQfWzpKpUs xyZfmK6XliGFReAkVOOf5tEqFUDhMtsqhzPYmbmU1lp61wmSYIZ8CTenpWWCJSRO NOGyG1X2uFBvP69+iPNlfTGz1r7tg1URY5iO8fUEIhY8LrgyORkiqw4OvPEgnMXP Ngy+dXhyvnps2AAWbSX0O4puRlTgEYLT5KaMLzH/+gWsXATT0rzUCD/aOwUQq/Y7 SWXZHkb3jpmOZZnzZsLL2MNzEIPCFBwSUE9fSv4dA9d/N6tUmlmZALJjHkfzCDpj +mPsSmAMTj72kUYzm0b5GCtOu/iQ2kDWOZjOM1m4+v/B+f7JoEE= =iEjP -----END PGP SIGNATURE----- Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 updates from Catalin Marinas: "The main theme of this pull request is security covering variants 2 and 3 for arm64. I expect to send additional patches next week covering an improved firmware interface (requires firmware changes) for variant 2 and way for KPTI to be disabled on unaffected CPUs (Cavium's ThunderX doesn't work properly with KPTI enabled because of a hardware erratum). Summary: - Security mitigations: - variant 2: invalidate the branch predictor with a call to secure firmware - variant 3: implement KPTI for arm64 - 52-bit physical address support for arm64 (ARMv8.2) - arm64 support for RAS (firmware first only) and SDEI (software delegated exception interface; allows firmware to inject a RAS error into the OS) - perf support for the ARM DynamIQ Shared Unit PMU - CPUID and HWCAP bits updated for new floating point multiplication instructions in ARMv8.4 - remove some virtual memory layout printks during boot - fix initial page table creation to cope with larger than 32M kernel images when 16K pages are enabled" * tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: (104 commits) arm64: Fix TTBR + PAN + 52-bit PA logic in cpu_do_switch_mm arm64: Turn on KPTI only on CPUs that need it arm64: Branch predictor hardening for Cavium ThunderX2 arm64: Run enable method for errata work arounds on late CPUs arm64: Move BP hardening to check_and_switch_context arm64: mm: ignore memory above supported physical address size arm64: kpti: Fix the interaction between ASID switching and software PAN KVM: arm64: Emulate RAS error registers and set HCR_EL2's TERR & TEA KVM: arm64: Handle RAS SErrors from EL2 on guest exit KVM: arm64: Handle RAS SErrors from EL1 on guest exit KVM: arm64: Save ESR_EL2 on guest SError KVM: arm64: Save/Restore guest DISR_EL1 KVM: arm64: Set an impdef ESR for Virtual-SError using VSESR_EL2. KVM: arm/arm64: mask/unmask daif around VHE guests arm64: kernel: Prepare for a DISR user arm64: Unconditionally enable IESB on exception entry/return for firmware-first arm64: kernel: Survive corrected RAS errors notified by SError arm64: cpufeature: Detect CPU RAS Extentions arm64: sysreg: Move to use definitions for all the SCTLR bits arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early ...
79 lines
4.9 KiB
Plaintext
79 lines
4.9 KiB
Plaintext
Silicon Errata and Software Workarounds
|
|
=======================================
|
|
|
|
Author: Will Deacon <will.deacon@arm.com>
|
|
Date : 27 November 2015
|
|
|
|
It is an unfortunate fact of life that hardware is often produced with
|
|
so-called "errata", which can cause it to deviate from the architecture
|
|
under specific circumstances. For hardware produced by ARM, these
|
|
errata are broadly classified into the following categories:
|
|
|
|
Category A: A critical error without a viable workaround.
|
|
Category B: A significant or critical error with an acceptable
|
|
workaround.
|
|
Category C: A minor error that is not expected to occur under normal
|
|
operation.
|
|
|
|
For more information, consult one of the "Software Developers Errata
|
|
Notice" documents available on infocenter.arm.com (registration
|
|
required).
|
|
|
|
As far as Linux is concerned, Category B errata may require some special
|
|
treatment in the operating system. For example, avoiding a particular
|
|
sequence of code, or configuring the processor in a particular way. A
|
|
less common situation may require similar actions in order to declassify
|
|
a Category A erratum into a Category C erratum. These are collectively
|
|
known as "software workarounds" and are only required in the minority of
|
|
cases (e.g. those cases that both require a non-secure workaround *and*
|
|
can be triggered by Linux).
|
|
|
|
For software workarounds that may adversely impact systems unaffected by
|
|
the erratum in question, a Kconfig entry is added under "Kernel
|
|
Features" -> "ARM errata workarounds via the alternatives framework".
|
|
These are enabled by default and patched in at runtime when an affected
|
|
CPU is detected. For less-intrusive workarounds, a Kconfig option is not
|
|
available and the code is structured (preferably with a comment) in such
|
|
a way that the erratum will not be hit.
|
|
|
|
This approach can make it slightly onerous to determine exactly which
|
|
errata are worked around in an arbitrary kernel source tree, so this
|
|
file acts as a registry of software workarounds in the Linux Kernel and
|
|
will be updated when new workarounds are committed and backported to
|
|
stable kernels.
|
|
|
|
| Implementor | Component | Erratum ID | Kconfig |
|
|
+----------------+-----------------+-----------------+-----------------------------+
|
|
| ARM | Cortex-A53 | #826319 | ARM64_ERRATUM_826319 |
|
|
| ARM | Cortex-A53 | #827319 | ARM64_ERRATUM_827319 |
|
|
| ARM | Cortex-A53 | #824069 | ARM64_ERRATUM_824069 |
|
|
| ARM | Cortex-A53 | #819472 | ARM64_ERRATUM_819472 |
|
|
| ARM | Cortex-A53 | #845719 | ARM64_ERRATUM_845719 |
|
|
| ARM | Cortex-A53 | #843419 | ARM64_ERRATUM_843419 |
|
|
| ARM | Cortex-A57 | #832075 | ARM64_ERRATUM_832075 |
|
|
| ARM | Cortex-A57 | #852523 | N/A |
|
|
| ARM | Cortex-A57 | #834220 | ARM64_ERRATUM_834220 |
|
|
| ARM | Cortex-A72 | #853709 | N/A |
|
|
| ARM | Cortex-A73 | #858921 | ARM64_ERRATUM_858921 |
|
|
| ARM | MMU-500 | #841119,#826419 | N/A |
|
|
| | | | |
|
|
| Cavium | ThunderX ITS | #22375, #24313 | CAVIUM_ERRATUM_22375 |
|
|
| Cavium | ThunderX ITS | #23144 | CAVIUM_ERRATUM_23144 |
|
|
| Cavium | ThunderX GICv3 | #23154 | CAVIUM_ERRATUM_23154 |
|
|
| Cavium | ThunderX Core | #27456 | CAVIUM_ERRATUM_27456 |
|
|
| Cavium | ThunderX Core | #30115 | CAVIUM_ERRATUM_30115 |
|
|
| Cavium | ThunderX SMMUv2 | #27704 | N/A |
|
|
| Cavium | ThunderX2 SMMUv3| #74 | N/A |
|
|
| Cavium | ThunderX2 SMMUv3| #126 | N/A |
|
|
| | | | |
|
|
| Freescale/NXP | LS2080A/LS1043A | A-008585 | FSL_ERRATUM_A008585 |
|
|
| | | | |
|
|
| Hisilicon | Hip0{5,6,7} | #161010101 | HISILICON_ERRATUM_161010101 |
|
|
| Hisilicon | Hip0{6,7} | #161010701 | N/A |
|
|
| Hisilicon | Hip07 | #161600802 | HISILICON_ERRATUM_161600802 |
|
|
| | | | |
|
|
| Qualcomm Tech. | Kryo/Falkor v1 | E1003 | QCOM_FALKOR_ERRATUM_1003 |
|
|
| Qualcomm Tech. | Falkor v1 | E1009 | QCOM_FALKOR_ERRATUM_1009 |
|
|
| Qualcomm Tech. | QDF2400 ITS | E0065 | QCOM_QDF2400_ERRATUM_0065 |
|
|
| Qualcomm Tech. | Falkor v{1,2} | E1041 | QCOM_FALKOR_ERRATUM_1041 |
|