Spectre-v1&v2 mitigation

cancel
Showing results for 
Search instead for 
Did you mean: 

Spectre-v1&v2 mitigation

292 Views
GET
Contributor II

Hi,
Currently we use a 4.19.114 kernel in our builds.
During boot, I can see following log entry:
[ 0.000000] ARM_SMCCC_ARCH_WORKAROUND_1 missing from firmware

I can see this log entry comes from arch/arm64/kernel/cpu_errata.c, because detect_harden_bp_fw() returns -1 due to following defition in the drivers/firmware/psci.c:

 

struct psci_operations psci_ops = {
 .conduit = PSCI_CONDUIT_NONE,
 .smccc_version = SMCCC_VERSION_1_0,
};

 

At the same time I can see that spectre-v2 mitigated and Spectre-v2 not:

 

# cat /sys/devices/system/cpu/vulnerabilities/*
Not affected
Not affected
Not affected
Not affected
Vulnerable
Mitigation: __user pointer sanitization
Vulnerable
Not affected
# ls -l /sys/devices/system/cpu/vulnerabilities/*                                                                                                                                                      
-r--r--r--    1 root     root          4096 Dec  8 12:18 /sys/devices/system/cpu/vulnerabilities/itlb_multihit
-r--r--r--    1 root     root          4096 Dec  8 12:18 /sys/devices/system/cpu/vulnerabilities/l1tf
-r--r--r--    1 root     root          4096 Dec  8 12:18 /sys/devices/system/cpu/vulnerabilities/mds
-r--r--r--    1 root     root          4096 Dec  8 12:18 /sys/devices/system/cpu/vulnerabilities/meltdown
-r--r--r--    1 root     root          4096 Dec  8 12:18 /sys/devices/system/cpu/vulnerabilities/spec_store_bypass
-r--r--r--    1 root     root          4096 Dec  8 12:18 /sys/devices/system/cpu/vulnerabilities/spectre_v1
-r--r--r--    1 root     root          4096 Dec  8 12:18 /sys/devices/system/cpu/vulnerabilities/spectre_v2
-r--r--r--    1 root     root          4096 Dec  8 12:18 /sys/devices/system/cpu/vulnerabilities/tsx_async_abort

 

 We don't have any KVM options enabled in the defconfig.

I can see ARM trusted firmware has support for SMCCC 1.1

So my question is how to get rid of that log print and to properly apply possible mitigations? Can I just redefine psci_ops structure to use SMCCC version 1.1?

Labels (1)
0 Kudos
1 Reply

265 Views
yipingwang
NXP TechSupport
NXP TechSupport
0 Kudos