From patchwork Wed Jan  9 23:55:41 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jeremy Linton <jeremy.linton@arm.com>
X-Patchwork-Id: 155100
Delivered-To: patch@linaro.org
Received: by 2002:a02:48:0:0:0:0:0 with SMTP id 69csp1277673jaa;
 Wed, 9 Jan 2019 15:56:22 -0800 (PST)
X-Google-Smtp-Source: ALg8bN4Wj3drzzf4OERBB6ge5MFAMzAU0IyOTzxSSIrKJNYkDdi7A5IXIpW9SdXb5rAccQawwMAd
X-Received: by 2002:a62:1f9d:: with SMTP id l29mr7960096pfj.14.1547078182630; 
 Wed, 09 Jan 2019 15:56:22 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1547078182; cv=none;
 d=google.com; s=arc-20160816;
 b=BeDvTr/huasAIgm61pDtzCJH7nua34EVNt6SoqQKp3a+R1B1KD2NecHhaKL8jMFstn
 SzIxHwV9aGXDfvkoB/rEzcdZ7U2W3S7oZSPmOKDV+3zY9t7FnW4zsEM8YyKJX/oOcwgx
 yws6iLw8gxrZ9TMceIi88Pd3Uu7H2o/PVBK4A6CNOGnETToZyPPT99UQYAEEthxd8wla
 Lr/RgechHbVvID2swAwZ9fteH+lVenyYSsEesLiEEUPfAU/UgiStdx7756wzp0nFCSYj
 sZs/7HBIp4wFUSVwAkRhjEmRJItdfS1YPLJW7Q/72zpiYmURC0MNoD87CHGUx1I6+8mC
 5sTA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:sender:references:in-reply-to:message-id:date
 :subject:cc:to:from;
 bh=KByQZHSiNBV/e7GM6HyiXfiEiM9o2jTwVhj3CJ2IrvI=;
 b=W8EtgXa+0uGGtgfvDgD19jG2lk3+30uKavedC4g9sV620BJW2IxbsCdVJx8EoyheuF
 NNHPwUbZSzqp2SSeCrFwAMxxQl5NDgOY6+otVb+2OpOukEwEFKncgBNKocwLX+Z2PS6j
 if37Ad8mGh6UCfi+SVhdT3f+a+HbipwbPHRhVnHzoOVcpAO3VtIcOWnsR/t3Da3UfW4I
 bQ0e7LSvBobmYgZsoNPd1jWk9ppymdImmCyrQoUzUoQD8VbElyqBvJTgbznN3xRMqw67
 VhKIiX4PfTltPQNlWlU09Q+xcjN8IanAMFUVoN1ory1N848tPpi7qGSArB/W8qLYrf41
 66aA==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 s11si63665503pgk.344.2019.01.09.15.56.22; 
 Wed, 09 Jan 2019 15:56:22 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1726932AbfAIX4V (ORCPT <rfc822;igor.opaniuk@linaro.org>
 + 31 others); Wed, 9 Jan 2019 18:56:21 -0500
Received: from foss.arm.com ([217.140.101.70]:53358 "EHLO foss.arm.com"
 rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
 id S1726652AbfAIXzz (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
 Wed, 9 Jan 2019 18:55:55 -0500
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249])
 by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id E675315BF;
 Wed,  9 Jan 2019 15:55:54 -0800 (PST)
Received: from beelzebub.austin.arm.com (beelzebub.austin.arm.com
 [10.118.12.119])
 by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id
 4AD533F5AF; Wed,  9 Jan 2019 15:55:54 -0800 (PST)
From: Jeremy Linton <jeremy.linton@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: catalin.marinas@arm.com, will.deacon@arm.com, marc.zyngier@arm.com,
 suzuki.poulose@arm.com, dave.martin@arm.com,
 shankerd@codeaurora.org, linux-kernel@vger.kernel.org,
 ykaukab@suse.de, julien.thierry@arm.com, mlangsdo@redhat.com,
 steven.price@arm.com, stefan.wahren@i2se.com,
 Jeremy Linton <jeremy.linton@arm.com>
Subject: [PATCH v3 4/7] arm64: add sysfs vulnerability show for meltdown
Date: Wed,  9 Jan 2019 17:55:41 -0600
Message-Id: <20190109235544.2992426-5-jeremy.linton@arm.com>
X-Mailer: git-send-email 2.17.2
In-Reply-To: <20190109235544.2992426-1-jeremy.linton@arm.com>
References: <20190109235544.2992426-1-jeremy.linton@arm.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Display the mitigation status if active, otherwise
assume the cpu is safe unless it doesn't have CSV3
and isn't in our whitelist.

Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
---
 arch/arm64/kernel/cpufeature.c | 32 +++++++++++++++++++++++++++-----
 1 file changed, 27 insertions(+), 5 deletions(-)

-- 
2.17.2

diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index ab784d7a0083..ef7bbc49ef78 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -944,8 +944,12 @@ has_useable_cnp(const struct arm64_cpu_capabilities *entry, int scope)
 	return has_cpuid_feature(entry, scope);
 }
 
+/* default value is invalid until unmap_kernel_at_el0() runs */
+static bool __meltdown_safe = true;
+
 #ifdef CONFIG_UNMAP_KERNEL_AT_EL0
 static int __kpti_forced; /* 0: not forced, >0: forced on, <0: forced off */
+extern uint arm64_requested_vuln_attrs;
 
 static bool is_cpu_meltdown_safe(void)
 {
@@ -972,6 +976,14 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
 {
 	char const *str = "command line option";
 
+	bool meltdown_safe = is_cpu_meltdown_safe() ||
+		has_cpuid_feature(entry, scope);
+
+	if (!meltdown_safe)
+		__meltdown_safe = false;
+
+	arm64_requested_vuln_attrs |= VULN_MELTDOWN;
+
 	/*
 	 * For reasons that aren't entirely clear, enabling KPTI on Cavium
 	 * ThunderX leads to apparent I-cache corruption of kernel text, which
@@ -993,11 +1005,7 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
 	if (IS_ENABLED(CONFIG_RANDOMIZE_BASE))
 		return true;
 
-	if (is_cpu_meltdown_safe())
-		return false;
-
-	/* Defer to CPU feature registers */
-	return !has_cpuid_feature(entry, scope);
+	return !meltdown_safe;
 }
 
 static void
@@ -2065,3 +2073,17 @@ static int __init enable_mrs_emulation(void)
 }
 
 core_initcall(enable_mrs_emulation);
+
+#ifdef CONFIG_GENERIC_CPU_VULNERABILITIES
+ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr,
+		char *buf)
+{
+	if (arm64_kernel_unmapped_at_el0())
+		return sprintf(buf, "Mitigation: KPTI\n");
+
+	if (__meltdown_safe)
+		return sprintf(buf, "Not affected\n");
+
+	return sprintf(buf, "Vulnerable\n");
+}
+#endif