Errata kernel module

The errata kernel module allows you to choose hardware-specific mitigations to apply to your system, rather than having to apply all mitigations at once, which is inefficient and can affect runtime performance.

The errata kernel module assigns each erratum a unique identifier, which is contained within the module_errata_identifier_t enumeration.

Since errata are hardware-specific, the errata kernel module depends on the system's startup program to determine if it's affected by a given erratum for each CPU. If so, the module then determines whether the kernel should apply a mitigation for that erratum. The module applies these mitigations at boot time so that once the system is running (i.e., user code begins executing), the set of mitigated errata is static.

Querying mitigations

The errata kernel module handles a distinct class of messages that route to the module's message handler when sent to the procnto process. The messages have a sub-type dependent payload that begins with the modulemsg_header_t structure:
typedef struct {
    _Uint16t type;
    _Uint16t subtype;
} modulemsg_header_t;

The fields include:

type

The message type. Set this to MODULEMSG_ERRATA for messages intended to be handled by the module.

subtype
The message sub-type. A modulemsg_errata_subtypes_t enumeration constant that corresponds to an operation that a client can invoke on the module. Currently, the only sub-type option is:
  • MODULEMSG_ERRATA_CPUINFO — Sent by a user-space program to determine if a mitigation has been applied for a given erratum on a given CPU.
    Note:
    This query mechanism only indicates whether or not a mitigation was applied. It doesn't say if the erratum affects or is applicable to the given CPU.
    When type is also MODULEMSG_ERRATA, the module replies to the client in one of the following ways:
    • An errno error code — The query couldn't be fulfilled.
    • 1 — The errata was mitigated for the given CPU.
    • 0 — The errata wasn't mitigated for the given CPU.
These messages are sent with a payload of a modulemsg_errata_cpuinfo_t structure:
typedef struct {
    modulemsg_header_t             header;
    _Uint32t                       cpu_num;
    module_errata_identifier_t     errata_id;
} modulemsg_errata_cpuinfo_t;

The fields include:

header
The message header.
cpu_num
The zero-based index of the CPU to query.
errata_id

A module_errata_identifier_t enumeration constant identifying the erratum to query. Set this field to one of the options listed in the Mitigations section below.

Mitigations

MODULE_ERRATA_SPECTRE_V2
The module_errata_identifier_t enumeration constant that corresponds to Spectre V2 (CVE-2017-5715).

The errata kernel module supports the ARM MMU-based mitigation for Spectre V2. Specifically, it supports the MMU-based mitigation for Cortex-A57, Cortex-A72, and Cortex-A76 cores, as described in the ARM Article ID 110280, version 3-0.

You must also set the -Espectrev2startup option to instruct the errata kernel module to apply the mitigation.

The errata kernel module makes the following modifications to the default kernel to implement this mitigation:
  • Disables and re-enables the MMU when the kernel is entered from user-space.
  • Disables and re-enables the MMU when a cross-process context switch is performed.
Page updated: