Bug 1175912

Summary: VUL-0: CVE-2018-3640: Arm: V3a - Rogue Register Load
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: E-mail List <kvm-bugs>
Status: IN_PROGRESS --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium    
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2020-08-29 05:58:39 UTC
This is the Spectre v3a tracker bug for ARM.

+++ This bug was initially created as a clone of Bug #1087083 +++
+++ This bug was initially created as a clone of Bug #1087078 +++
Comment 1 Liang Yan 2020-09-01 15:38:24 UTC
Did a first round try, below patches are needed:

(included)dea5e2a4c5bc arm64: alternatives: Add dynamic patching feature
(included)1bb32a44aea1 KVM: arm/arm64: Keep GICv2 HYP VAs in kvm_vgic_global_state
(included)3ddd45565373 KVM: arm64: Fix HYP idmap unmap when using 52bit PA

a264bf34424c arm64: insn: Add N immediate encoding
ef3935eeebff arm64: insn: Add encoder for bitwise operations using literals
2b4d1606aac2 arm64: KVM: Dynamically patch the kernel/hyp VA mask
a1efdff442ec arm64: cpufeatures: Drop the ARM64_HYP_OFFSET_LOW feature flag
44a497abd621 KVM: arm/arm64: Do not use kern_hyp_va() with kvm_vgic_global_state
b4ef04995d33 KVM: arm/arm64: Demote HYP VA range display to being a debug feature
807a378425d2 KVM: arm/arm64: Move ioremap calls to create_hyp_io_mappings
46fef158f10d KVM: arm/arm64: Fix idmap size and alignment
e3f019b37b58 KVM: arm/arm64: Move HYP IO VAs to the "idmap" range
9f2efa320d39 arm64; insn: Add encoder for the EXTR instruction
11d764079c9f arm64: insn: Allow ADD/SUB (immediate) with LSL #12
005e975a3bd0 arm64: KVM: Dynamically compute the HYP VA mask
ed57cac83e05 arm64: KVM: Introduce EL2 VA randomisation
6bb934af1f73 arm64: Update the KVM memory map documentation
3c5e81232ea4 arm64: KVM: Move vector offsetting from hyp-init.S to kvm_get_hyp_vector
7e80f637fd8b arm64: KVM: Move stashing of x0/x1 into the vector code itself
4340ba80bd3a arm64: KVM: Move BP hardening vectors into .hyp.text section
f0445dfadbb2 arm64: KVM: Reserve 4 additional instructions in the BPI template
71dcb8be6d29 arm64: KVM: Allow far branches from vector slots to the main vectors
dc2e4633ff39 arm/arm64: KVM: Introduce EL2-specific executable mappings
4205a89b8060 arm64: Make BP hardening slot counter available
dee39247dc75 arm64: KVM: Allow mapping of vectors outside of the RAM region
4b472ffd1513 arm64: Enable ARM64_HARDEN_EL2_VECTORS on Cortex-A57 and A72