[PATCH OLK-6.6 0/2] Handling Kunpeng Chip ARM Spectre-BHB (CVE-2022-23960) Issue
Previously, the mitigation for HIP09 had been incorporated into 6.6. Now, the mitigation for TSV100 is being incorporated into 6.6. And non-privileged eBPF is disabled by default. In addition, the GRUB in the distribution needs to include 'nospectre-bhb'. Jinqian Yang (2): arm64: Add support for TSV110 Spectre-BHB mitigation config: Disable unprivileged BPF syscall by default arch/arm64/configs/openeuler_defconfig | 2 +- arch/arm64/kernel/proton-pack.c | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) -- 2.33.0
virt inclusion category: other bugzilla: https://gitee.com/openeuler/kernel/issues/IDC3UF ------------------------------------------------------------------------ The TSV110 processor is vulnerable to the Spectre-BHB (Branch History Buffer) attack, which can be exploited to leak information through branch prediction side channels. This commit adds the MIDR of TSV110 to the list for software mitigation. Signed-off-by: Jinqian Yang <yangjinqian1@huawei.com> --- arch/arm64/kernel/proton-pack.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/kernel/proton-pack.c b/arch/arm64/kernel/proton-pack.c index 22e5e23438af..c8e13f196899 100644 --- a/arch/arm64/kernel/proton-pack.c +++ b/arch/arm64/kernel/proton-pack.c @@ -896,6 +896,7 @@ static u8 spectre_bhb_loop_affected(void) MIDR_ALL_VERSIONS(MIDR_CORTEX_X2), MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V1), + MIDR_ALL_VERSIONS(MIDR_HISI_TSV110), {}, }; static const struct midr_range spectre_bhb_k24_list[] = { -- 2.33.0
virt inclusion category: other bugzilla: https://gitee.com/openeuler/kernel/issues/IDC3UF ------------------------------------------------------------------------ The presence of unprivileged BPF facilitates the exploitation of hardware vulnerabilities such as Spectre-BHB. Therefore, unprivileged BPF is disabled by default. Signed-off-by: Jinqian Yang <yangjinqian1@huawei.com> --- arch/arm64/configs/openeuler_defconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/configs/openeuler_defconfig b/arch/arm64/configs/openeuler_defconfig index d4237341e76d..37925fe351db 100644 --- a/arch/arm64/configs/openeuler_defconfig +++ b/arch/arm64/configs/openeuler_defconfig @@ -85,7 +85,7 @@ CONFIG_BPF_SYSCALL=y CONFIG_BPF_JIT=y CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_BPF_JIT_DEFAULT_ON=y -# CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set +CONFIG_BPF_UNPRIV_DEFAULT_OFF=y # CONFIG_BPF_PRELOAD is not set CONFIG_BPF_LSM=y CONFIG_BPF_SCHED=y -- 2.33.0
反馈: 您发送到kernel@openeuler.org的补丁/补丁集,已成功转换为PR! PR链接地址: https://gitee.com/openeuler/kernel/pulls/19617 邮件列表地址:https://mailweb.openeuler.org/archives/list/kernel@openeuler.org/message/VQE... FeedBack: The patch(es) which you have sent to kernel@openeuler.org mailing list has been converted to a pull request successfully! Pull request link: https://gitee.com/openeuler/kernel/pulls/19617 Mailing list address: https://mailweb.openeuler.org/archives/list/kernel@openeuler.org/message/VQE...
participants (2)
-
Jinqian Yang -
patchwork bot