[PATCH] arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays

Thu May 1 04:33:39 PDT 2025

On Thu, 01 May 2025, Will Deacon wrote:

> Commit a5951389e58d ("arm64: errata: Add newer ARM cores to the
> spectre_bhb_loop_affected() lists") added some additional CPUs to the
> Spectre-BHB workaround, including some new arrays for designs that
> require new 'k' values for the workaround to be effective.
> 
> Unfortunately, the new arrays omitted the sentinel entry and so
> is_midr_in_range_list() will walk off the end when it doesn't find a
> match. With UBSAN enabled, this leads to a crash during boot when
> is_midr_in_range_list() is inlined (which was more common prior to
> c8c2647e69be ("arm64: Make  _midr_in_range_list() an exported
> function")):
> 
>  |  Internal error: aarch64 BRK: 00000000f2000001 [#1] PREEMPT SMP
>  |  pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
>  |  pc : spectre_bhb_loop_affected+0x28/0x30
>  |  lr : is_spectre_bhb_affected+0x170/0x190
>  | [...]
>  |  Call trace:
>  |   spectre_bhb_loop_affected+0x28/0x30
>  |   update_cpu_capabilities+0xc0/0x184
>  |   init_cpu_features+0x188/0x1a4
>  |   cpuinfo_store_boot_cpu+0x4c/0x60
>  |   smp_prepare_boot_cpu+0x38/0x54
>  |   start_kernel+0x8c/0x478
>  |   __primary_switched+0xc8/0xd4
>  |  Code: 6b09011f 54000061 52801080 d65f03c0 (d4200020)
>  |  ---[ end trace 0000000000000000 ]---
>  |  Kernel panic - not syncing: aarch64 BRK: Fatal exception
> 
> Add the missing sentinel entries.
> 
> Cc: Lee Jones <lee at kernel.org>
> Cc: James Morse <james.morse at arm.com>
> Cc: Doug Anderson <dianders at chromium.org>
> Cc: Shameer Kolothum <shameerali.kolothum.thodi at huawei.com>
> Cc: Catalin Marinas <catalin.marinas at arm.com>
> Reported-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
> Fixes: a5951389e58d ("arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists")
> Signed-off-by: Will Deacon <will at kernel.org>
> ---
>  arch/arm64/kernel/proton-pack.c | 2 ++
>  1 file changed, 2 insertions(+)

Nice catch!

Reviewed-by: Lee Jones <lee at kernel.org>

> diff --git a/arch/arm64/kernel/proton-pack.c b/arch/arm64/kernel/proton-pack.c
> index b198dde79e59..b607f6dfc5e6 100644
> --- a/arch/arm64/kernel/proton-pack.c
> +++ b/arch/arm64/kernel/proton-pack.c
> @@ -879,10 +879,12 @@ static u8 spectre_bhb_loop_affected(void)
>  	static const struct midr_range spectre_bhb_k132_list[] = {
>  		MIDR_ALL_VERSIONS(MIDR_CORTEX_X3),
>  		MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V2),
> +		{},
>  	};
>  	static const struct midr_range spectre_bhb_k38_list[] = {
>  		MIDR_ALL_VERSIONS(MIDR_CORTEX_A715),
>  		MIDR_ALL_VERSIONS(MIDR_CORTEX_A720),
> +		{},
>  	};
>  	static const struct midr_range spectre_bhb_k32_list[] = {
>  		MIDR_ALL_VERSIONS(MIDR_CORTEX_A78),
> -- 
> 2.49.0.906.g1f30a19c02-goog
> 

-- 
Lee Jones [李琼斯]