From patchwork Thu Oct 24 12:48:33 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 177470 Delivered-To: patch@linaro.org Received: by 2002:a92:409a:0:0:0:0:0 with SMTP id d26csp2143299ill; Thu, 24 Oct 2019 05:50:07 -0700 (PDT) X-Google-Smtp-Source: APXvYqx0ULoobar/wYhrGPA7bN8Tw0ikRu4M2jVUkyXvD3GkXrXT76h5I2VtiQsmrlZjef7+jWLa X-Received: by 2002:aa7:cd79:: with SMTP id ca25mr9155487edb.33.1571921406986; Thu, 24 Oct 2019 05:50:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571921406; cv=none; d=google.com; s=arc-20160816; b=Te2iJ5ueg9HR2fKJL09JHmi+dM6rCd8dNVKfk+7AnQVKTr3Wh5BcaqEcieyjIb7FHy ShEwKNeH/yuC8FvSMRrFJkhI9bU0smYmv7S+tgkzJgLObUn7Tx+gX7wV6YXK6p9WMntg hIXKz0Zt9Lp5zVpPMEoRUw8jK+vZj4qYjJsecT0i8bfyFKtCW2e+JgQcsg/R0Ycmg67H Vmp9A/TH3cVw5dK+vN4/S27aoWJLEK6hI+HiTmKf5LJnltITC1j9+Ut+KVXtI97X0x0S rJG77jlUkn0cPvngLRIFLFnUStpMHW1Si4CzxGGnme2o/sBQiDpctcMRibbCM+ctHBup ezcA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=QmCjICzY2i9rUIUTi7UhbZQWZwT1wFzhpUhnqyvWKvM=; b=iyayQrqP+nfgTeqCItdQL8HO43StkQgyuXre02a3+93mkMaufLGMwTPnn5ecoVH2bo xIIkKw4yp3EGIJIsLKyULPI62Uwa7CHP+0YyzfWeGGCM84k3tERdJchDom+RrvpZlYQ5 mW4u0VG19651r5jDYpChHxrlrqGQHYCTM5o01wy/lQaHIOBRAp65ncvtV7Bo4ZPNP6rv ztbuhIGYL+dFjLqx+aOtCr3HrKK4JpCP1GprXCB94EaRyI6f6VckODX66BjrryY8kgfQ r9aPyr7lAyWtPsCk5MYk0kAocx4QBDe2rU70P9/17r0QWtlJZPU2jspN6soo2mhJPEy7 drVw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=D1IhCgoM; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y71si17602216ede.135.2019.10.24.05.50.06; Thu, 24 Oct 2019 05:50:06 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=D1IhCgoM; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2502139AbfJXMuG (ORCPT + 14 others); Thu, 24 Oct 2019 08:50:06 -0400 Received: from mail-wm1-f68.google.com ([209.85.128.68]:52299 "EHLO mail-wm1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2502116AbfJXMuG (ORCPT ); Thu, 24 Oct 2019 08:50:06 -0400 Received: by mail-wm1-f68.google.com with SMTP id p21so1256168wmg.2 for ; Thu, 24 Oct 2019 05:50:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=QmCjICzY2i9rUIUTi7UhbZQWZwT1wFzhpUhnqyvWKvM=; b=D1IhCgoMed2V7PBVHajI0HpwYi6E8eujUPdq3imfhL1fXvnjwMkyq1bAR5Gx04KqUe VVzu+T4mV5w4ipJSUC1jBt8icy1zWGio7A27Ccu7RqGcWhbgzPV97HpiWmEcewc6JbRa La8wuCaTKeP+96MPFgiqoP1KqIfVdXBTws7FuElbTauDrCckLXpzuLinO6xC3PlBatn/ Kw8C3ZwYTkyUHO8AKpu4GGqpAUK0gQHQgCgT1M5eMavasrLOwTdHuVPnn63SfLguSHtH /8O0cpdVNjaBv/nW0oWcty86ySOkBrv+usP/rYruWPyVctzLNHD3LF33GrekUz7KDNlB q/jA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=QmCjICzY2i9rUIUTi7UhbZQWZwT1wFzhpUhnqyvWKvM=; b=c4WJrjhLZ2lrfCknxokLsN6/nv7UJPnMcQjT1jo4xy9MonNyTY58Bj40irhwMU+JjZ qQyyl+0C48iXAvpZCLGHdDJODQ61P14CCO8QRSdjbW+s2yThQdADLP7VxOGB8ILD0qP+ yb6hBg8Mt0aAxVwlCWrP736ZiXkUaaJsUlJg+b2LG38sPt4c0jWh3iY51Khve0G1zDjd kysy7sXhY7K5hYOOVhE4uddWrhf6xKcs5OtfvNuNNVed2TXAMOx12Uj0+u+zlrOzXHjK 1S7GWBxa/NybBXjV1nL7pcchRt+TrJ8KdbIQeoPB/BDib9AiUofcz0hvqjVj0a0OlBXD yTcQ== X-Gm-Message-State: APjAAAWTmsHOAyCUFl4k2WolFA1cQMlPTr/7x81SSfB72djOvIop8++e 5HFBjiSdTdLEqdEi0t+bfAh0hvxOslcuXVze X-Received: by 2002:a1c:6a07:: with SMTP id f7mr5125517wmc.124.1571921403109; Thu, 24 Oct 2019 05:50:03 -0700 (PDT) Received: from localhost.localdomain (aaubervilliers-681-1-126-126.w90-88.abo.wanadoo.fr. [90.88.7.126]) by smtp.gmail.com with ESMTPSA id j22sm29111038wrd.41.2019.10.24.05.50.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Oct 2019 05:50:02 -0700 (PDT) From: Ard Biesheuvel To: stable@vger.kernel.org Cc: Ard Biesheuvel , Will Deacon , Catalin Marinas , Marc Zyngier , Mark Rutland , Suzuki K Poulose , Jeremy Linton , Andre Przywara , Alexandru Elisei , Josh Poimboeuf , Will Deacon Subject: [PATCH for-stable-4.14 48/48] arm64/speculation: Support 'mitigations=' cmdline option Date: Thu, 24 Oct 2019 14:48:33 +0200 Message-Id: <20191024124833.4158-49-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191024124833.4158-1-ard.biesheuvel@linaro.org> References: <20191024124833.4158-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Josh Poimboeuf [ Upstream commit a111b7c0f20e13b54df2fa959b3dc0bdf1925ae6 ] Configure arm64 runtime CPU speculation bug mitigations in accordance with the 'mitigations=' cmdline option. This affects Meltdown, Spectre v2, and Speculative Store Bypass. The default behavior is unchanged. Signed-off-by: Josh Poimboeuf [will: reorder checks so KASLR implies KPTI and SSBS is affected by cmdline] Signed-off-by: Will Deacon Signed-off-by: Ard Biesheuvel --- Documentation/admin-guide/kernel-parameters.txt | 8 +++++--- arch/arm64/kernel/cpu_errata.c | 6 +++++- arch/arm64/kernel/cpufeature.c | 8 +++++++- 3 files changed, 17 insertions(+), 5 deletions(-) -- 2.20.1 diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 5205740ed39b..b67a6cd08ca1 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -2389,8 +2389,8 @@ http://repo.or.cz/w/linux-2.6/mini2440.git mitigations= - [X86,PPC,S390] Control optional mitigations for CPU - vulnerabilities. This is a set of curated, + [X86,PPC,S390,ARM64] Control optional mitigations for + CPU vulnerabilities. This is a set of curated, arch-independent options, each of which is an aggregation of existing arch-specific options. @@ -2399,12 +2399,14 @@ improves system performance, but it may also expose users to several CPU vulnerabilities. Equivalent to: nopti [X86,PPC] + kpti=0 [ARM64] nospectre_v1 [PPC] nobp=0 [S390] nospectre_v1 [X86] - nospectre_v2 [X86,PPC,S390] + nospectre_v2 [X86,PPC,S390,ARM64] spectre_v2_user=off [X86] spec_store_bypass_disable=off [X86,PPC] + ssbd=force-off [ARM64] l1tf=off [X86] mds=off [X86] diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index ca718250d5bd..7d15f4cb6393 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -19,6 +19,7 @@ #include #include #include +#include #include #include #include @@ -347,6 +348,9 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible()); + if (cpu_mitigations_off()) + ssbd_state = ARM64_SSBD_FORCE_DISABLE; + /* delay setting __ssb_safe until we get a firmware response */ if (is_midr_in_range_list(read_cpuid_id(), entry->midr_range_list)) this_cpu_safe = true; @@ -544,7 +548,7 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope) } /* forced off */ - if (__nospectre_v2) { + if (__nospectre_v2 || cpu_mitigations_off()) { pr_info_once("spectrev2 mitigation disabled by command line option\n"); __hardenbp_enab = false; return false; diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index b782e98633da..15ce2c8b9ee2 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include #include @@ -841,7 +842,7 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, MIDR_ALL_VERSIONS(MIDR_CORTEX_A72), MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), }; - char const *str = "command line option"; + char const *str = "kpti command line option"; bool meltdown_safe; meltdown_safe = is_midr_in_range_list(read_cpuid_id(), kpti_safe_list); @@ -871,6 +872,11 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, } } + if (cpu_mitigations_off() && !__kpti_forced) { + str = "mitigations=off"; + __kpti_forced = -1; + } + if (!IS_ENABLED(CONFIG_UNMAP_KERNEL_AT_EL0)) { pr_info_once("kernel page table isolation disabled by kernel configuration\n"); return false;