From patchwork Thu Mar 21 23:05:54 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Linton X-Patchwork-Id: 160832 Delivered-To: patch@linaro.org Received: by 2002:a02:c6d8:0:0:0:0:0 with SMTP id r24csp140296jan; Thu, 21 Mar 2019 16:06:40 -0700 (PDT) X-Google-Smtp-Source: APXvYqwDAxZr9SJBm5iGsmPkvnZ8u+zTxD+tqIWpR0fPX64YiZxBZlgwU4aPU91actlMHhlWo10q X-Received: by 2002:a63:e554:: with SMTP id z20mr5427435pgj.234.1553209600547; Thu, 21 Mar 2019 16:06:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553209600; cv=none; d=google.com; s=arc-20160816; b=eEHFgNVzh78qbEptQ8fCrn7giu5KYkRT6vUP62fFjq+z/f6+bw6kjy4zPgbqZ9sH7T Cw+3hW/OqCOSONoScCf3o1BevZbfaiYOicnhWkOgdjfJnJNxsKIiDpYuZOyrJV+wxZNC gckkRqNWbiwkS2aKCR+WMOIHN3vfcBWB9ZmA/hTKxxta/AQUHytCoD+l1QSE0PHZB9Qz e92+ShGeLQvPpWNPpRvkCv6TmjpkhGWz9jawS2EeYWthsTj7Mpjv584uzQ6IGFadMNZ5 c5Bcu/EvL9l8eRpBOtXwhoNMBYBV022+t6o1Pk8OIezrSrqzm/6kwQ555cBYfAjk4HmO Vz6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=BoNCxGNa0bE2cwg0fFN7vKySJ0m/+Slx5HuxQW7WPxo=; b=VLhHXpUDO4AY4dtpNoqP2DKC/FfwwaQKEZv9RGnlePsdWl7rjTZ2hMHKQA7GKC+DtW AEgrwyi/WhzU+ZGcsP4WWvWGnu+ClED2djJYOK+y2V2I+bN5t7s/FbuvPbOV5wLAZkIZ 16hvwVebKM5v53UzK6NPfcA42dMTrcOX5iOqcUDFajGaGOmB4Cs+FGSBG2OxZolQxI1h V/dCE63LFfGAZmISXmekNDZB1Wl/luVAsP/wXgC1R0/3I/5Rtbkrmfxuvei/Z3iHfFg4 NGj5rvHHqVOS0XwbH4iTgWiZaLRtilG6Oz+NH5DJWH+5cQf7f8lJUbthxdWeM4xO/02S nHgA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i10si5155660pfj.186.2019.03.21.16.06.40; Thu, 21 Mar 2019 16:06:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727501AbfCUXGY (ORCPT + 31 others); Thu, 21 Mar 2019 19:06:24 -0400 Received: from foss.arm.com ([217.140.101.70]:35794 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727474AbfCUXGU (ORCPT ); Thu, 21 Mar 2019 19:06:20 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 412AE374; Thu, 21 Mar 2019 16:06:20 -0700 (PDT) Received: from beelzebub.austin.arm.com (mammon-tx2.austin.arm.com [10.118.29.246]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 90FF83F614; Thu, 21 Mar 2019 16:06:19 -0700 (PDT) From: Jeremy Linton To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will.deacon@arm.com, marc.zyngier@arm.com, suzuki.poulose@arm.com, Dave.Martin@arm.com, shankerd@codeaurora.org, julien.thierry@arm.com, mlangsdo@redhat.com, stefan.wahren@i2e.com, Andre.Przywara@arm.com, linux-kernel@vger.kernel.org, Jeremy Linton , Andre Przywara , Stefan Wahren Subject: [PATCH v6 07/10] arm64: add sysfs vulnerability show for spectre v2 Date: Thu, 21 Mar 2019 18:05:54 -0500 Message-Id: <20190321230557.45107-8-jeremy.linton@arm.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190321230557.45107-1-jeremy.linton@arm.com> References: <20190321230557.45107-1-jeremy.linton@arm.com> MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add code to track whether all the cores in the machine are vulnerable, and whether all the vulnerable cores have been mitigated. Once we have that information we can add the sysfs stub and provide an accurate view of what is known about the machine. Signed-off-by: Jeremy Linton Reviewed-by: Andre Przywara Tested-by: Stefan Wahren --- arch/arm64/kernel/cpu_errata.c | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) -- 2.20.1 diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 74c4a66500c4..fb8eb6c6088f 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -512,6 +512,10 @@ cpu_enable_cache_maint_trap(const struct arm64_cpu_capabilities *__unused) .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, \ CAP_MIDR_RANGE_LIST(midr_list) +/* Track overall mitigation state. We are only mitigated if all cores are ok */ +static bool __hardenbp_enab = true; +static bool __spectrev2_safe = true; + /* * List of CPUs that do not need any Spectre-v2 mitigation at all. */ @@ -522,6 +526,10 @@ static const struct midr_range spectre_v2_safe_list[] = { { /* sentinel */ } }; +/* + * Track overall bp hardening for all heterogeneous cores in the machine. + * We are only considered "safe" if all booted cores are known safe. + */ static bool __maybe_unused check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope) { @@ -543,19 +551,25 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope) if (!need_wa) return false; + __spectrev2_safe = false; + if (!IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR)) { pr_warn_once("spectrev2 mitigation disabled by configuration\n"); + __hardenbp_enab = false; return false; } /* forced off */ if (__nospectre_v2) { pr_info_once("spectrev2 mitigation disabled by command line option\n"); + __hardenbp_enab = false; return false; } - if (need_wa < 0) + if (need_wa < 0) { pr_warn_once("ARM_SMCCC_ARCH_WORKAROUND_1 missing from firmware\n"); + __hardenbp_enab = false; + } return (need_wa > 0); } @@ -778,3 +792,15 @@ ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, { return sprintf(buf, "Mitigation: __user pointer sanitization\n"); } + +ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, + char *buf) +{ + if (__spectrev2_safe) + return sprintf(buf, "Not affected\n"); + + if (__hardenbp_enab) + return sprintf(buf, "Mitigation: Branch predictor hardening\n"); + + return sprintf(buf, "Vulnerable\n"); +}