From patchwork Mon Apr 15 21:21:28 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Linton X-Patchwork-Id: 162275 Delivered-To: patch@linaro.org Received: by 2002:a02:c6d8:0:0:0:0:0 with SMTP id r24csp3418331jan; Mon, 15 Apr 2019 14:21:57 -0700 (PDT) X-Google-Smtp-Source: APXvYqw4B88akBaXAGB2KEYMEx3D3rLYzVZTZdvmPB7Bnm8rVaD6dnXnPHir9Nbq7joZimOKYV+O X-Received: by 2002:a63:1548:: with SMTP id 8mr67776332pgv.277.1555363317427; Mon, 15 Apr 2019 14:21:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555363317; cv=none; d=google.com; s=arc-20160816; b=HivyHQ0Ih0T2xXAbQTBVPNyKjxBxrK39QlUMTpwq7sttx5YrSWUM4/JH6r6Kkgk7TS uwxBu8sEIWXg7mtnAqannLTYWgoNKP8CToh3nwyFOBw2Q7PVzUThTKL5ChkIHAwiYPpO LORB33qa9dDo8mc65CldqcBM0CUL3oe4UgdFwSyUQjXlZLLaGDEA4G544ijbcBHH3gDA /qQLUPOBrSF7BskrwUAHYqq5GdEWHpzWFZcmvpfJeoBZrVMK1EkDhVMFC4uWSV6BYWns MDNL+j0y+KLJNarGdwJ6r3qwDrCNFeOwU2Lp2f6+TKe5G0xQmAurUGvi0OxJnaHRDO5E yoqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=4IPirhIWpEhHX50QcML3PL4JkIvCza74un+fVA/lSg4=; b=yzWsioe1YJxchqrtw6FjgqSH2c+3nszS2dQXCRsg1YD4DOrIZtNnv7UKXQW4YdGq/z mEhWljsmfeyUhaKRDiDCnz5BEF+0NbNHbD07unqrYwcNhebV2EFjgmVRdWknrboIrGE3 RPIaAY+RHQgpolt1y5WqBbO5xvAeq2Zlw5jBB4i6IKuy+qvmOTwLbvmd9ER/rxKgDgHJ AhYDrRelPT/r9K6gjj1BJvxUGI9rfV6GgJwjjl3DNnhk70Lw9SzveIs5mmSEx1xFE/s3 rgnkkpQhMadIQs5CkKc7RpYZXKU/0H+5avZu89RSDB7M5XNXlFGHKP67Dh3LnTDntQZB bPEg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a64si46197305pge.592.2019.04.15.14.21.57; Mon, 15 Apr 2019 14:21:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728120AbfDOVV4 (ORCPT + 30 others); Mon, 15 Apr 2019 17:21:56 -0400 Received: from foss.arm.com ([217.140.101.70]:42926 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728055AbfDOVVp (ORCPT ); Mon, 15 Apr 2019 17:21:45 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id DA729374; Mon, 15 Apr 2019 14:21:44 -0700 (PDT) Received: from mammon-tx2.austin.arm.com (mammon-tx2.austin.arm.com [10.118.29.246]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 47CD83F68F; Mon, 15 Apr 2019 14:21:44 -0700 (PDT) From: Jeremy Linton To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will.deacon@arm.com, marc.zyngier@arm.com, suzuki.poulose@arm.com, Dave.Martin@arm.com, shankerd@codeaurora.org, julien.thierry@arm.com, mlangsdo@redhat.com, stefan.wahren@i2se.com, Andre.Przywara@arm.com, linux-kernel@vger.kernel.org, Jeremy Linton Subject: [v8 09/10] arm64: add sysfs vulnerability show for speculative store bypass Date: Mon, 15 Apr 2019 16:21:28 -0500 Message-Id: <20190415212129.1112-10-jeremy.linton@arm.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190415212129.1112-1-jeremy.linton@arm.com> References: <20190415212129.1112-1-jeremy.linton@arm.com> MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return status based on ssbd_state and __ssb_safe. If the mitigation is disabled, or the firmware isn't responding then return the expected machine state based on a whitelist of known good cores. Given a heterogeneous machine, the overall machine vulnerability defaults to safe but is reset to unsafe when we miss the whitelist and the firmware doesn't explicitly tell us the core is safe. In order to make that work we delay transitioning to vulnerable until we know the firmware isn't responding to avoid a case where we miss the whitelist, but the firmware goes ahead and reports the core is not vulnerable. If all the cores in the machine have SSBS, then __ssb_safe will remain true. Signed-off-by: Jeremy Linton --- arch/arm64/kernel/cpu_errata.c | 42 ++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) -- 2.20.1 Tested-by: Stefan Wahren diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 5814645afd73..91e551e0ad28 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -278,6 +278,7 @@ static int detect_harden_bp_fw(void) DEFINE_PER_CPU_READ_MOSTLY(u64, arm64_ssbd_callback_required); int ssbd_state __read_mostly = ARM64_SSBD_KERNEL; +static bool __ssb_safe = true; static const struct ssbd_options { const char *str; @@ -383,6 +384,7 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, struct arm_smccc_res res; bool required = true; s32 val; + bool this_cpu_safe = false; WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible()); @@ -391,8 +393,14 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, goto out_printmsg; } + /* delay setting __ssb_safe until we get a firmware response */ + if (is_midr_in_range_list(read_cpuid_id(), entry->midr_range_list)) + this_cpu_safe = true; + if (psci_ops.smccc_version == SMCCC_VERSION_1_0) { ssbd_state = ARM64_SSBD_UNKNOWN; + if (!this_cpu_safe) + __ssb_safe = false; return false; } @@ -409,6 +417,8 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, default: ssbd_state = ARM64_SSBD_UNKNOWN; + if (!this_cpu_safe) + __ssb_safe = false; return false; } @@ -417,14 +427,18 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, switch (val) { case SMCCC_RET_NOT_SUPPORTED: ssbd_state = ARM64_SSBD_UNKNOWN; + if (!this_cpu_safe) + __ssb_safe = false; return false; + /* machines with mixed mitigation requirements must not return this */ case SMCCC_RET_NOT_REQUIRED: pr_info_once("%s mitigation not required\n", entry->desc); ssbd_state = ARM64_SSBD_MITIGATED; return false; case SMCCC_RET_SUCCESS: + __ssb_safe = false; required = true; break; @@ -434,6 +448,8 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, default: WARN_ON(1); + if (!this_cpu_safe) + __ssb_safe = false; return false; } @@ -474,6 +490,14 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, return required; } +/* known invulnerable cores */ +static const struct midr_range arm64_ssb_cpus[] = { + MIDR_ALL_VERSIONS(MIDR_CORTEX_A35), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A53), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A55), + {}, +}; + static void __maybe_unused cpu_enable_cache_maint_trap(const struct arm64_cpu_capabilities *__unused) { @@ -769,6 +793,7 @@ const struct arm64_cpu_capabilities arm64_errata[] = { .capability = ARM64_SSBD, .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, .matches = has_ssbd_mitigation, + .midr_range_list = arm64_ssb_cpus, }, #ifdef CONFIG_ARM64_ERRATUM_1188873 { @@ -807,3 +832,20 @@ ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, return sprintf(buf, "Vulnerable\n"); } + +ssize_t cpu_show_spec_store_bypass(struct device *dev, + struct device_attribute *attr, char *buf) +{ + if (__ssb_safe) + return sprintf(buf, "Not affected\n"); + + switch (ssbd_state) { + case ARM64_SSBD_KERNEL: + case ARM64_SSBD_FORCE_ENABLE: + if (IS_ENABLED(CONFIG_ARM64_SSBD)) + return sprintf(buf, + "Mitigation: Speculative Store Bypass disabled via prctl\n"); + } + + return sprintf(buf, "Vulnerable\n"); +}