Spectre v4 mitigation needed

[afaerber]

@kostapr As of last night, a pull request https://github.com/ARM-software/arm-trusted-firmware/pull/1392 is pending upstream with mitigations for CVE-2018-3639 (new Spectre variant 4). Please backport the CA72 mitigation.

[kostapr]

This is in our plans for the next month

Kosta

On Tue, May 22, 2018, 21:09 Andreas Färber notifications@github.com wrote:

@kostapr https://github.com/kostapr As of last night, a pull request ARM-software/arm-trusted-firmware#1392 https://github.com/ARM-software/arm-trusted-firmware/pull/1392 is pending upstream with mitigations for CVE-2018-3639 (new Spectre variant 4). Please backport the CA72 mitigation.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/MarvellEmbeddedProcessors/atf-marvell/issues/11, or mute the thread https://github.com/notifications/unsubscribe-auth/AIhiYneIYfCcg_ttnAAMeuPpKjjQBlJMks5t1FRXgaJpZM4UJJB8 .

[kostapr]

@afaerber Please correct me if I am wrong. Only this patch need to be ported to ATF 1.3 https://github.com/ARM-software/arm-trusted-firmware/pull/1392/commits/b8a25bbb0bab4e4afdbfb04bee98f0bf28141c4b

[afaerber]

That'll be the absolute minimum. I'd have to check but the dynamic mitigation (third commit) may be the one to introduce the SMCCC interface for querying mitigation presence from Linux? For cherry-picking to v1.5 I needed to backport two code movements beyond that pull: https://build.opensuse.org/package/show/hardware:boot/arm-trusted-firmware

[kostapr]

@afaerber I pushed the first back-porting draft here: https://github.com/kostapr/atf-marvell/commits/atf-v1.3-armada-17.10-spectre-v4 Would please take a look? If these patches are OK, I will add them to the next 17.10 release (17.10.9).

[afaerber]

Looks okay on a quick peek. But there's 18.06 branches now, so not sure if it still makes sense for 17.10?

[kostapr]

The 17.10 considered LTS version.