** Changed in: linux (Ubuntu Bionic)
Status: New => In Progress
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1787993
Title:
[Bionic] Spectre v4 mitigation (Speculative Store Bypass Disable)
support for arm64 using SMC firmware call to set a hardware chicken
bit
Status in linux package in Ubuntu:
Incomplete
Status in linux source package in Bionic:
In Progress
Bug description:
[Impact]
Spectre v4 mitigation (Speculative Store Bypass Disable) support for arm64
was implemented in the Arm Trusted Firmware with SMCCC v1.1 and
SMCCC_ARCH_WORKAROUND_2[1, 2].
Kernel patches were later produced to toggle the workaround, enable it
only for the kernel side, both for the host or hypervisor case.
[Fix]
Original fix:
http://lkml.iu.edu/hypermail/linux/kernel/1805.2/05868.html
This patchset is a cherry pick of those patches (and prerequisistes)
from the stable / linux-4.14.y tree, forward ported to our Bionic
kernel.
[Test]
Boot a patched kernel and add on the cmdline:
ssbd=force-on
on dmesg you should see something like:
[ 0.779901] ssbd: forced from command-line
Same goes for the off case:
ssbd=force-off
[ 0.781002] ssbd: disabled from command-line
[Regression Potential]
Since it's "new code" to our Bionic kernel, there's some regression
potential, but it was a clean pick from linux-4.14.y without almost
any modication (except for some mechanical diff to make it apply).
1:
https://developer.arm.com/cache-speculation-vulnerability-firmware-specification
2: https://github.com/ARM-software/arm-trusted-firmware/pull/1392
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787993/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
