[PATCH 0/4] arm64: mitigate CVE-2024-7881 in the absence of firmware mitigation
Mark Rutland
mark.rutland at arm.com
Tue Jan 28 07:54:24 PST 2025
On some CPUs from Arm Ltd, it is possible for unprivileged code to cause
a hardware prefetcher to form an address using the contents of a memory
location which is accessible by privileged accesses in the active
translation regime, potentially leaking the contents of this memory
location via a side channel. This has been assigned CVE-2024-7881:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881
Arm's recommended mitigation is that firmware configures an
IMPLEMENTATION DEFINED control bit (CPUACTLR6_EL1[41]) to disable the
affected prefetcher, and updates to Trusted Firmware-A are available to
do this. For systems which have not yet recevied a firmware update, KPTI
can help to mitigate the issue.
These patches enable KPTI for affected parts when the firmware
mitigation is not present. The presence of the mitigation is identified
by the presence of the SMCCC_ARCH_WORKAROUND_4 SMCCC call, which was
deployed with the mitigation. This is documented in the SMCCC 1.6 G BET0
specification:
https://developer.arm.com/documentation/den0028/gbet0/?lang=en
I have tested this on a few configurations of virtual platforms. I'd
appreciate any feedback, especially on the KVM changes.
Mark.
Mark Rutland (4):
arm64: cpufeature: rename unmap_kernel_at_el0() -> needs_kpti()
arm64: cpufeature: factor out cpu_is_meltdown_safe()
arm64: cpufeature: mitigate CVE-2024-7881
KVM: arm64: expose SMCCC_ARCH_WORKAROUND_4 to guests
arch/arm64/include/asm/spectre.h | 2 +
arch/arm64/include/uapi/asm/kvm.h | 4 ++
arch/arm64/kernel/cpufeature.c | 95 ++++++++++++++++++++++++-------
arch/arm64/kvm/hypercalls.c | 21 +++++++
include/linux/arm-smccc.h | 5 ++
5 files changed, 107 insertions(+), 20 deletions(-)
--
2.30.2
More information about the linux-arm-kernel
mailing list