From patchwork Wed Apr 10 23:12:34 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Linton X-Patchwork-Id: 162045 Delivered-To: patch@linaro.org Received: by 2002:a02:c6d8:0:0:0:0:0 with SMTP id r24csp6763093jan; Wed, 10 Apr 2019 16:13:02 -0700 (PDT) X-Google-Smtp-Source: APXvYqymbIfLRtbqkVeLCUyyxWRjnLqsJxDefYg+A6gasbb6fGN08wFhPs62aFsfF59PIIvrb1Ra X-Received: by 2002:a63:3d85:: with SMTP id k127mr43764068pga.152.1554937982791; Wed, 10 Apr 2019 16:13:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554937982; cv=none; d=google.com; s=arc-20160816; b=E2KvGts7AFnTm38jVJdjv/1ldyk1ujSuz6M95TpI/TjVocKw1JotS2nvE2uJUnZ4mP uXqVpjDYOcQBnN1SQ2HqKuzS5zS94zBuAXSS2FcHyRBRfsrDIIwIvFuK9uklyiOzKuGv YjW4UqXA54O572Zqh5Xod6X+wIkcqNhusxHaEjGfzcdLprBJXU18+crjJyzoKJ55MFXK J1lP3JKq4GTn4PWFvHBZMUytp7j0FZXJnaA+zOobr5Cw9MU1SpbNmSMLPCP9W+ef9N/B v2dbouWMkNlJ3SS7KC0pFPpJLx5OSHUj62QdyWvlwfPe2IRMVejZv+fbxR2HMMr3ioLG NerQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=tFX/nk1fZcsr+TW86i3BXcO84JlB8Gg69OP6zIVoIuU=; b=GhKgl81rbqgSI5bIabOpLql/oGvNSCfgC/R42PxVWsfxlEtaPPDdHqwFlrn4AKPxdb hpHty7emE4NIBTDwrPwBIbsKeIvQLwwfuQdLFcMObc4JXgijye5kgAvxI8ngPqHPxgQH ZnyLGNYuiMIyPf50xse6BDTpLP/8VX/Ap9wW7KXY346T0legMPOGnyKvRMgPoYcqeM8d PTjmVn6zUhRL5lR4xCwrjQMtPGtMzPGdS02SMajKcZBZ7oUMqWw9EzmMrWjqLZNNSkxw 8Gup+v7lCF0PsixtflcDQn6rofnpILFxjYp4logRk9Mp2OqGEkgGrC68FuR5s6bh0P0Z OBqQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a73si17723611pge.358.2019.04.10.16.13.02; Wed, 10 Apr 2019 16:13:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726865AbfDJXNB (ORCPT + 31 others); Wed, 10 Apr 2019 19:13:01 -0400 Received: from foss.arm.com ([217.140.101.70]:33046 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726830AbfDJXM7 (ORCPT ); Wed, 10 Apr 2019 19:12:59 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id DB8C51713; Wed, 10 Apr 2019 16:12:58 -0700 (PDT) Received: from mammon-tx2.austin.arm.com (mammon-tx2.austin.arm.com [10.118.29.246]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 3D4DD3F557; Wed, 10 Apr 2019 16:12:58 -0700 (PDT) From: Jeremy Linton To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will.deacon@arm.com, marc.zyngier@arm.com, suzuki.poulose@arm.com, Dave.Martin@arm.com, shankerd@codeaurora.org, julien.thierry@arm.com, mlangsdo@redhat.com, stefan.wahren@i2se.com, Andre.Przywara@arm.com, linux-kernel@vger.kernel.org, Jeremy Linton , Andre Przywara Subject: [v7 07/10] arm64: add sysfs vulnerability show for spectre v2 Date: Wed, 10 Apr 2019 18:12:34 -0500 Message-Id: <20190410231237.52506-8-jeremy.linton@arm.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190410231237.52506-1-jeremy.linton@arm.com> References: <20190410231237.52506-1-jeremy.linton@arm.com> MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add code to track whether all the cores in the machine are vulnerable, and whether all the vulnerable cores have been mitigated. Once we have that information we can add the sysfs stub and provide an accurate view of what is known about the machine. Signed-off-by: Jeremy Linton Reviewed-by: Andre Przywara Reviewed-by: Catalin Marinas Tested-by: Stefan Wahren --- arch/arm64/kernel/cpu_errata.c | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) -- 2.20.1 diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 74c4a66500c4..fb8eb6c6088f 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -512,6 +512,10 @@ cpu_enable_cache_maint_trap(const struct arm64_cpu_capabilities *__unused) .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, \ CAP_MIDR_RANGE_LIST(midr_list) +/* Track overall mitigation state. We are only mitigated if all cores are ok */ +static bool __hardenbp_enab = true; +static bool __spectrev2_safe = true; + /* * List of CPUs that do not need any Spectre-v2 mitigation at all. */ @@ -522,6 +526,10 @@ static const struct midr_range spectre_v2_safe_list[] = { { /* sentinel */ } }; +/* + * Track overall bp hardening for all heterogeneous cores in the machine. + * We are only considered "safe" if all booted cores are known safe. + */ static bool __maybe_unused check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope) { @@ -543,19 +551,25 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope) if (!need_wa) return false; + __spectrev2_safe = false; + if (!IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR)) { pr_warn_once("spectrev2 mitigation disabled by configuration\n"); + __hardenbp_enab = false; return false; } /* forced off */ if (__nospectre_v2) { pr_info_once("spectrev2 mitigation disabled by command line option\n"); + __hardenbp_enab = false; return false; } - if (need_wa < 0) + if (need_wa < 0) { pr_warn_once("ARM_SMCCC_ARCH_WORKAROUND_1 missing from firmware\n"); + __hardenbp_enab = false; + } return (need_wa > 0); } @@ -778,3 +792,15 @@ ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, { return sprintf(buf, "Mitigation: __user pointer sanitization\n"); } + +ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, + char *buf) +{ + if (__spectrev2_safe) + return sprintf(buf, "Not affected\n"); + + if (__hardenbp_enab) + return sprintf(buf, "Mitigation: Branch predictor hardening\n"); + + return sprintf(buf, "Vulnerable\n"); +}