From patchwork Sun Oct 27 21:00:57 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 177854 Delivered-To: patch@linaro.org Received: by 2002:a92:409a:0:0:0:0:0 with SMTP id d26csp2532620ill; Sun, 27 Oct 2019 14:10:33 -0700 (PDT) X-Google-Smtp-Source: APXvYqzGTQRUYnzjMgPTBH82E9w9LFlKizau0xFqbqMIs1IMtvb1L741Qfybc3uyhLqm0wdVUyBN X-Received: by 2002:a17:906:6bc3:: with SMTP id t3mr13413049ejs.147.1572210633645; Sun, 27 Oct 2019 14:10:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1572210633; cv=none; d=google.com; s=arc-20160816; b=Ev+oJ5HpEUFUEosdwaE5skKalQcbNB1M8JtbGy+p/0VfYkHm9cDANesZxOrR9Wf6O9 dWy9/jM0jtLt5EafZfaaBRLKPu4OZRoTxaMKHACMVsRislNElr7YCLv2idCEYKKoQxWj HQjPHogYgMP4Yu6CjvkvvYUM7azB9ZR5cstS9Y4exJraj9gPomMFnpniWcDsTcOB8pqg vNIisrkUgAAvkk+MN4c7TDmW9m/fi+O3X3jfvctgyrArUfL5PadqNL93f84e8FiaSp0D O3cSXRZl+lLKEdp6xXWPsRBkhxOfx63gvOVtyRA3NzuZboX81oALWhIS7ZNZbcxgSolt l6nQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=4XMVI8C1keFVK4p6VN8D4G+qFQLqftFrYg00kJwXYho=; b=SgyeEChWTtvUx/0TTyq/2g+j7moAm+gdwY7i8NcnwNaruo8uNR0hDMISaB/K/o1E2l scWbOxj8KtNGZwncx5y4trdQjEFYSpN2eZg0Bvh/7+qLx+GV+84e3xXDhvIdMGTcZW39 0oMYa4XzRg+pWCifvBx7+rKDV0k/ukpN7z4dWJZ0H+1glBm9fJTvZIqhSSWZbYNH0Avz blXi+AO0WBo26n7eGasI8lj9Bh4H5PqLmcROhgbUT/WUhGbqQKpvwWZxqoDUIjyltSyK 5oRUCN2Y3xR/49DvbVo/useAwfI2Hn8IjF4ACYAELCZTN9IyqBaPvOOaVfcjLkhxTsMz OfWQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=LCEKyqRM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k19si6202812ede.293.2019.10.27.14.10.33; Sun, 27 Oct 2019 14:10:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=LCEKyqRM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729717AbfJ0VKc (ORCPT + 26 others); Sun, 27 Oct 2019 17:10:32 -0400 Received: from mail.kernel.org ([198.145.29.99]:56898 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728941AbfJ0VK2 (ORCPT ); Sun, 27 Oct 2019 17:10:28 -0400 Received: from localhost (100.50.158.77.rev.sfr.net [77.158.50.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id C086420873; Sun, 27 Oct 2019 21:10:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1572210628; bh=+yKp7NklvlZlBkgkFvszlOM54k+V+JZS76hX3hJkoao=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=LCEKyqRMT2pjpwJww+8KcQFZ3wWTsXev0kAq27u+1ga1DZtZ5/9VTMA2L/cNc+eHr qOYaseinzJ01e+gcU/BAgtIThoGYDo9TMBDT0wCUEj4Q37baeUtjmfXDFzQEKokK4B oQrftiYlLZKOVhjtStlTyaE/frflyiwULYOkOfxk= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , Stefan Wahren , Jeremy Linton , Will Deacon , Ard Biesheuvel Subject: [PATCH 4.14 080/119] arm64: add sysfs vulnerability show for speculative store bypass Date: Sun, 27 Oct 2019 22:00:57 +0100 Message-Id: <20191027203345.072433303@linuxfoundation.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191027203259.948006506@linuxfoundation.org> References: <20191027203259.948006506@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jeremy Linton [ Upstream commit 526e065dbca6df0b5a130b84b836b8b3c9f54e21 ] Return status based on ssbd_state and __ssb_safe. If the mitigation is disabled, or the firmware isn't responding then return the expected machine state based on a whitelist of known good cores. Given a heterogeneous machine, the overall machine vulnerability defaults to safe but is reset to unsafe when we miss the whitelist and the firmware doesn't explicitly tell us the core is safe. In order to make that work we delay transitioning to vulnerable until we know the firmware isn't responding to avoid a case where we miss the whitelist, but the firmware goes ahead and reports the core is not vulnerable. If all the cores in the machine have SSBS, then __ssb_safe will remain true. Tested-by: Stefan Wahren Signed-off-by: Jeremy Linton Signed-off-by: Will Deacon Signed-off-by: Ard Biesheuvel Signed-off-by: Greg Kroah-Hartman --- arch/arm64/kernel/cpu_errata.c | 42 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -225,6 +225,7 @@ static int detect_harden_bp_fw(void) DEFINE_PER_CPU_READ_MOSTLY(u64, arm64_ssbd_callback_required); int ssbd_state __read_mostly = ARM64_SSBD_KERNEL; +static bool __ssb_safe = true; static const struct ssbd_options { const char *str; @@ -328,6 +329,7 @@ static bool has_ssbd_mitigation(const st struct arm_smccc_res res; bool required = true; s32 val; + bool this_cpu_safe = false; WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible()); @@ -336,8 +338,14 @@ static bool has_ssbd_mitigation(const st goto out_printmsg; } + /* delay setting __ssb_safe until we get a firmware response */ + if (is_midr_in_range_list(read_cpuid_id(), entry->midr_range_list)) + this_cpu_safe = true; + if (psci_ops.smccc_version == SMCCC_VERSION_1_0) { ssbd_state = ARM64_SSBD_UNKNOWN; + if (!this_cpu_safe) + __ssb_safe = false; return false; } @@ -354,6 +362,8 @@ static bool has_ssbd_mitigation(const st default: ssbd_state = ARM64_SSBD_UNKNOWN; + if (!this_cpu_safe) + __ssb_safe = false; return false; } @@ -362,14 +372,18 @@ static bool has_ssbd_mitigation(const st switch (val) { case SMCCC_RET_NOT_SUPPORTED: ssbd_state = ARM64_SSBD_UNKNOWN; + if (!this_cpu_safe) + __ssb_safe = false; return false; + /* machines with mixed mitigation requirements must not return this */ case SMCCC_RET_NOT_REQUIRED: pr_info_once("%s mitigation not required\n", entry->desc); ssbd_state = ARM64_SSBD_MITIGATED; return false; case SMCCC_RET_SUCCESS: + __ssb_safe = false; required = true; break; @@ -379,6 +393,8 @@ static bool has_ssbd_mitigation(const st default: WARN_ON(1); + if (!this_cpu_safe) + __ssb_safe = false; return false; } @@ -419,6 +435,14 @@ out_printmsg: return required; } +/* known invulnerable cores */ +static const struct midr_range arm64_ssb_cpus[] = { + MIDR_ALL_VERSIONS(MIDR_CORTEX_A35), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A53), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A55), + {}, +}; + #define CAP_MIDR_RANGE(model, v_min, r_min, v_max, r_max) \ .matches = is_affected_midr_range, \ .midr_range = MIDR_RANGE(model, v_min, r_min, v_max, r_max) @@ -666,6 +690,7 @@ const struct arm64_cpu_capabilities arm6 .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, .capability = ARM64_SSBD, .matches = has_ssbd_mitigation, + .midr_range_list = arm64_ssb_cpus, }, { } @@ -688,3 +713,20 @@ ssize_t cpu_show_spectre_v2(struct devic return sprintf(buf, "Vulnerable\n"); } + +ssize_t cpu_show_spec_store_bypass(struct device *dev, + struct device_attribute *attr, char *buf) +{ + if (__ssb_safe) + return sprintf(buf, "Not affected\n"); + + switch (ssbd_state) { + case ARM64_SSBD_KERNEL: + case ARM64_SSBD_FORCE_ENABLE: + if (IS_ENABLED(CONFIG_ARM64_SSBD)) + return sprintf(buf, + "Mitigation: Speculative Store Bypass disabled via prctl\n"); + } + + return sprintf(buf, "Vulnerable\n"); +}