ARM64 Mitigation Posted For Spectre 4 / SSBD

Following the Intel/AMD Spectre Variant 4 mitigation landing yesterday with "Speculative Store Bypass Disable" (SSBD) and then the POWER CPU mitigation landing today, ARM developers have posted their set of patches for 64-bit ARM CPUs to mitigate against this latest Spectre vulnerability around speculative execution.

ARM CPUs are hit hard too by the Speculative Store Bypass / Spectre V4 issue and ARM is releasing a firmware update and also has accompanying kernel patches for dealing with it and also allowing the support to be toggled, providing a prctl() back-end that matches the x86 interfaces, and an initial implementation for KVM.

For all released Arm Cortex-A CPUs that are affected by this issue, then the preferred mitigation is simply to set a chicken bit in the firmware during CPU initialisation and therefore no change to Linux is required. Other CPUs may require the chicken bit to be toggled dynamically (for example, when switching between user-mode and kernel-mode) and this is achieved by calling into EL3 via an SMC.

Details via this patch series. It's quite likely this code will land in Linux 4.17 in the very near future and also for back-porting to stable release streams.