From patchwork Wed Jan 9 23:55:38 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Linton X-Patchwork-Id: 155101 Delivered-To: patch@linaro.org Received: by 2002:a02:48:0:0:0:0:0 with SMTP id 69csp1277728jaa; Wed, 9 Jan 2019 15:56:27 -0800 (PST) X-Google-Smtp-Source: ALg8bN6eiBWMyV3jG+xKIWeRdDiAVQ39vA1vOguWfhE6dxlYZtxVulZFvTdIJ8PCNIXFIdvP7lJX X-Received: by 2002:a17:902:7e44:: with SMTP id a4mr8071834pln.338.1547078187481; Wed, 09 Jan 2019 15:56:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547078187; cv=none; d=google.com; s=arc-20160816; b=RftJG0C/jhEWW+Hj7D1DkIFn5zKSYhpoEToBUqqnzXCd1Pja2TQp/bifaZAYveyqg9 6mcgPfl1UoEo5JlyNYxrSynH3ZlWao3RNvGwFKkd5wYlJOsPvO3bPfkq5Q4rgnn3A0cZ uLfA28aKCYxWGz4k7rXKq2ZXRdeJZHGK7jdKHQ0ne+lVc2MlMeVhTjk+H0RjTZ62J65r nlBsuQA6ZxVVhnKzQl9J/QRa8eIdBKGqWJdHkjAKgIo7efa+dQuruXE1YP8VETY89PTB CeqxKYQo1z96xgilS5PH4cPRGfqGJG3EzG2nT+31fLKfRqCmCUndJPtwmBSMj/XWSCaE PEVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=FYEo7amLAuhKwshQZG+Qf2EK5pl5Mljv9+HdocEpOeA=; b=TgXrE5JGuyrojhOOdFvTXFUyW2wQ5+8UJbbXhFQezSNTpKcXByG62qd17pzPuag86H JFztsv+mjyDkrOrkRdp/YgEvaUCa9iUSc2ptKaQUeDDer9cjQReAxAJ2Wqo7fVu8R24R qP2J/NW1wi1GdTvJ46sV6dBdNiwDohMf7jReqcgDQZqXsyjzyQdVfg7PRS9amJR6afzh KBittAMP7behNi4Aj5MM7mRykKLNhPqXkCjGxFn1G5V507IE5NBUKWWLg2fTizjxhnzV gPytM3XYZcz2n34G7FcWKpeuLqas38D5ElxqpglyHWGmcoJJGx/pH7coStF7SZGEB1eL 2QsQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h8si13501600pfc.171.2019.01.09.15.56.27; Wed, 09 Jan 2019 15:56:27 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726646AbfAIXzy (ORCPT + 31 others); Wed, 9 Jan 2019 18:55:54 -0500 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:53304 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726286AbfAIXzv (ORCPT ); Wed, 9 Jan 2019 18:55:51 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id EE8C9EBD; Wed, 9 Jan 2019 15:55:50 -0800 (PST) Received: from beelzebub.austin.arm.com (beelzebub.austin.arm.com [10.118.12.119]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 019CC3F5AF; Wed, 9 Jan 2019 15:55:49 -0800 (PST) From: Jeremy Linton To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will.deacon@arm.com, marc.zyngier@arm.com, suzuki.poulose@arm.com, dave.martin@arm.com, shankerd@codeaurora.org, linux-kernel@vger.kernel.org, ykaukab@suse.de, julien.thierry@arm.com, mlangsdo@redhat.com, steven.price@arm.com, stefan.wahren@i2se.com, Jeremy Linton , Greg Kroah-Hartman , "Rafael J . Wysocki" , Thomas Gleixner , Josh Poimboeuf , Konrad Rzeszutek Wilk , Ingo Molnar , Waiman Long , Andi Kleen , Jiri Kosina Subject: [PATCH v3 1/7] sysfs/cpu: Allow individual architectures to select vulnerabilities Date: Wed, 9 Jan 2019 17:55:38 -0600 Message-Id: <20190109235544.2992426-2-jeremy.linton@arm.com> X-Mailer: git-send-email 2.17.2 In-Reply-To: <20190109235544.2992426-1-jeremy.linton@arm.com> References: <20190109235544.2992426-1-jeremy.linton@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org As suggested on the list, https://lkml.org/lkml/2019/1/4/282, there are a number of cases where its useful for a system to avoid exporting a sysfs entry for a given vulnerability. This set adds an architecture specific callback which returns the bitmap of vulnerabilities the architecture would like to advertise. Signed-off-by: Jeremy Linton Cc: Greg Kroah-Hartman Cc: Rafael J. Wysocki Cc: Thomas Gleixner Cc: Josh Poimboeuf Cc: Konrad Rzeszutek Wilk Cc: Ingo Molnar Cc: Waiman Long Cc: Andi Kleen Cc: Jiri Kosina --- drivers/base/cpu.c | 19 +++++++++++++++++++ include/linux/cpu.h | 7 +++++++ 2 files changed, 26 insertions(+) -- 2.17.2 diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c index eb9443d5bae1..35f6dfb24cd6 100644 --- a/drivers/base/cpu.c +++ b/drivers/base/cpu.c @@ -561,6 +561,11 @@ static struct attribute *cpu_root_vulnerabilities_attrs[] = { NULL }; +uint __weak arch_supported_vuln_attr_fields(void) +{ + return VULN_MELTDOWN|VULN_SPECTREV1|VULN_SPECTREV2|VULN_SSB|VULN_L1TF; +} + static const struct attribute_group cpu_root_vulnerabilities_group = { .name = "vulnerabilities", .attrs = cpu_root_vulnerabilities_attrs, @@ -568,6 +573,20 @@ static const struct attribute_group cpu_root_vulnerabilities_group = { static void __init cpu_register_vulnerabilities(void) { + int fld; + int max_fields = ARRAY_SIZE(cpu_root_vulnerabilities_attrs) - 1; + struct attribute **hd = cpu_root_vulnerabilities_attrs; + uint enabled_fields = arch_supported_vuln_attr_fields(); + + /* only enable entries requested by the arch code */ + for (fld = 0; fld < max_fields; fld++) { + if (enabled_fields & 1 << fld) { + *hd = cpu_root_vulnerabilities_attrs[fld]; + hd++; + } + } + *hd = NULL; + if (sysfs_create_group(&cpu_subsys.dev_root->kobj, &cpu_root_vulnerabilities_group)) pr_err("Unable to register CPU vulnerabilities\n"); diff --git a/include/linux/cpu.h b/include/linux/cpu.h index 218df7f4d3e1..5e45814bcc24 100644 --- a/include/linux/cpu.h +++ b/include/linux/cpu.h @@ -189,4 +189,11 @@ static inline void cpu_smt_check_topology_early(void) { } static inline void cpu_smt_check_topology(void) { } #endif +/* generic cpu vulnerability attributes */ +#define VULN_MELTDOWN 0x01 +#define VULN_SPECTREV1 0x02 +#define VULN_SPECTREV2 0x04 +#define VULN_SSB 0x08 +#define VULN_L1TF 0x10 + #endif /* _LINUX_CPU_H_ */ From patchwork Wed Jan 9 23:55:39 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Linton X-Patchwork-Id: 155099 Delivered-To: patch@linaro.org Received: by 2002:a02:48:0:0:0:0:0 with SMTP id 69csp1277631jaa; Wed, 9 Jan 2019 15:56:18 -0800 (PST) X-Google-Smtp-Source: ALg8bN6nXlhIifVToI3JTRycuPjrk5EjYLTo+9TAPNS/96yNGXXojDaDGVpvRPoDIzxYCw8xDzyN X-Received: by 2002:a17:902:4624:: with SMTP id o33mr7905975pld.289.1547078178422; Wed, 09 Jan 2019 15:56:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547078178; cv=none; d=google.com; s=arc-20160816; b=C77TFvHpC/8q5mbPD1/ESaGI1tFbyE4SIKamxRuneM22Gn+NaHc7R4qaQgOep31HuC Cmy5/96mNcELcEQoKmTrZd/DlfXc6LI+VsPAU4Wbz4WRuax3DjsfyYQs4sAmmhINLGBj 4R2OzSDNokOa7QQNV/aOCwbMcK8i/z1PWMgihwOPCmrAn9Jhkhi+AfnABO/9mh9vo/aK q/70LCip6tkuHEV+RWG/gaF+40BNyuHxdYnQt1GxXcr4KCO/I9v7Nq/oFZfRacNjTrHX 4rGaxNGcPysZKXNkCvwQIwTXE7t3h5rJNUKPBUN0ZXlxTgW28c5u0FsbQCU1VfEJ4L/A DUHQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=Si3Ru5NVN82DRY1UeuwaI0c5Re2hjXa33RQJSiSoovE=; b=yncL1NYRBaEkjwZdXquvKa/oWvZ0uYQ0C22tI8aYQljr+TRNOfitynFUW8hbpYQQ9e uIMk8jjAHQIA4ECHz8FTgok7dFdHdbEFk33H7IGA7vot+7e+cbnLUTlKizudrM6F/3oP JLpfFmXMERUq70OYOVYeKjvmRon+1zA54BisaS91CPwO5NIsEqr+XW4Kto0Wtcqvo1h3 2a3+dYR6dfz6OkLkUzzoK4vYoPqOa137i4kVnpLJs+vuIwr4pRmFPb0pzsM4l3Q7HIGp CukkkHx/vdQAseGAAzDTloObpS8IcTBP6NJ92s9qtBvkhEOG8ineyrNTn1VdVeq51YRv RvjA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v35si60524889pgl.130.2019.01.09.15.56.18; Wed, 09 Jan 2019 15:56:18 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726640AbfAIXz5 (ORCPT + 31 others); Wed, 9 Jan 2019 18:55:57 -0500 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:53328 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726580AbfAIXzw (ORCPT ); Wed, 9 Jan 2019 18:55:52 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 5FA8AA78; Wed, 9 Jan 2019 15:55:52 -0800 (PST) Received: from beelzebub.austin.arm.com (beelzebub.austin.arm.com [10.118.12.119]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id AF7233F5AF; Wed, 9 Jan 2019 15:55:51 -0800 (PST) From: Jeremy Linton To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will.deacon@arm.com, marc.zyngier@arm.com, suzuki.poulose@arm.com, dave.martin@arm.com, shankerd@codeaurora.org, linux-kernel@vger.kernel.org, ykaukab@suse.de, julien.thierry@arm.com, mlangsdo@redhat.com, steven.price@arm.com, stefan.wahren@i2se.com, Jeremy Linton Subject: [PATCH v3 2/7] arm64: add sysfs vulnerability show for spectre v1 Date: Wed, 9 Jan 2019 17:55:39 -0600 Message-Id: <20190109235544.2992426-3-jeremy.linton@arm.com> X-Mailer: git-send-email 2.17.2 In-Reply-To: <20190109235544.2992426-1-jeremy.linton@arm.com> References: <20190109235544.2992426-1-jeremy.linton@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mian Yousaf Kaukab spectre v1, has been mitigated, and the mitigation is always active. Signed-off-by: Mian Yousaf Kaukab Signed-off-by: Jeremy Linton --- arch/arm64/kernel/cpu_errata.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) -- 2.17.2 diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 09ac548c9d44..8dde8c616b7e 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -109,6 +109,8 @@ cpu_enable_trap_ctr_access(const struct arm64_cpu_capabilities *__unused) atomic_t arm64_el2_vector_last_slot = ATOMIC_INIT(-1); +uint arm64_requested_vuln_attrs = VULN_SPECTREV1; + #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR #include #include @@ -742,3 +744,18 @@ const struct arm64_cpu_capabilities arm64_errata[] = { { } }; + +#ifdef CONFIG_GENERIC_CPU_VULNERABILITIES + +uint arch_supported_vuln_attr_fields(void) +{ + return arm64_requested_vuln_attrs; +} + +ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, + char *buf) +{ + return sprintf(buf, "Mitigation: __user pointer sanitization\n"); +} + +#endif From patchwork Wed Jan 9 23:55:40 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Linton X-Patchwork-Id: 155102 Delivered-To: patch@linaro.org Received: by 2002:a02:48:0:0:0:0:0 with SMTP id 69csp1277741jaa; Wed, 9 Jan 2019 15:56:30 -0800 (PST) X-Google-Smtp-Source: ALg8bN7hp8KcmH0jhB68ljLSvfPF811Z8LlrNd6B4ctqb5bvw2FaCAT8cd/tjjDRmGmCEItXsRr6 X-Received: by 2002:a17:902:7201:: with SMTP id ba1mr8038162plb.105.1547078189955; Wed, 09 Jan 2019 15:56:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547078189; cv=none; d=google.com; s=arc-20160816; b=Qm4ssO7vRwonvlaM1putSTEDlJA9wv557csq1N1iv+igU9DC784Nr53GwPP4hT1a9d m/LT49JcAoS1GszpzuBLRoX+pQ9L/QPO9si8dpY9J2DKoGiucQkP1ALzEgPPalx5oiKe 7NpLjGBTO5yim4E5blTnU793VFNwgRwz+LuAF6XCg8oPVz0P4gNDP9U39SzZA5Sfvu1X HOTH4KUVX/cRx2gTHuysI03bMKaHaOqWGDFKVIb8MO5M+bvMK889FuEPXZFg/rtuJ+rK Zr8xpgxodv4opiDS6dFqcLy91TKXjg7JsCp55Wd8+Xio7wwRmp0tD1pw8V+z5ysqLKYB 9EWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=WXdEmfHn2+iMM7oygZUFDZkDFuQPUNuxEMCjNq8SnZw=; b=YL4Q5QMT6HQEQ6qbsywjaGsKyTzBeYAgCROVi2KbnZqCSHF7RKi0ofsUGjj4XCphsn zT+f160lGUmJjJyBCfcQpKHi5RNueWasiuvPX3+04XY9cmRHTQkWHk+LPlR25SLwb1kx Ofkq0ArlNFuKXupYmCBTIER5cFh/i7VvqliozmjGwXVA5dpAJFFVsPBGzqsTVdIbpPvI pAmU9PWcJfe4U500YwdPLY0UGVqbxFJ4wZ885xWcF95S0mq6VkmzPI1eahcLae54WB8+ BkMyypeQza2KUXR55e+pKK8vf9OKw56ULwB/vRL6T4o16j272MmRhA3YdYn/IHfR4IpS xVbA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h8si13501600pfc.171.2019.01.09.15.56.29; Wed, 09 Jan 2019 15:56:29 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726952AbfAIX42 (ORCPT + 31 others); Wed, 9 Jan 2019 18:56:28 -0500 Received: from foss.arm.com ([217.140.101.70]:53342 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726620AbfAIXzy (ORCPT ); Wed, 9 Jan 2019 18:55:54 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 953BA15BE; Wed, 9 Jan 2019 15:55:53 -0800 (PST) Received: from beelzebub.austin.arm.com (beelzebub.austin.arm.com [10.118.12.119]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id ED75C3F5AF; Wed, 9 Jan 2019 15:55:52 -0800 (PST) From: Jeremy Linton To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will.deacon@arm.com, marc.zyngier@arm.com, suzuki.poulose@arm.com, dave.martin@arm.com, shankerd@codeaurora.org, linux-kernel@vger.kernel.org, ykaukab@suse.de, julien.thierry@arm.com, mlangsdo@redhat.com, steven.price@arm.com, stefan.wahren@i2se.com, Jeremy Linton Subject: [PATCH v3 3/7] arm64: kpti: move check for non-vulnerable CPUs to a function Date: Wed, 9 Jan 2019 17:55:40 -0600 Message-Id: <20190109235544.2992426-4-jeremy.linton@arm.com> X-Mailer: git-send-email 2.17.2 In-Reply-To: <20190109235544.2992426-1-jeremy.linton@arm.com> References: <20190109235544.2992426-1-jeremy.linton@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mian Yousaf Kaukab Add is_meltdown_safe() which is a whitelist of known safe cores. Signed-off-by: Mian Yousaf Kaukab [Moved location of function] Signed-off-by: Jeremy Linton --- arch/arm64/kernel/cpufeature.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) -- 2.17.2 Reviewed-by: Suzuki K Poulose diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 4f272399de89..ab784d7a0083 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -947,8 +947,7 @@ has_useable_cnp(const struct arm64_cpu_capabilities *entry, int scope) #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 static int __kpti_forced; /* 0: not forced, >0: forced on, <0: forced off */ -static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, - int scope) +static bool is_cpu_meltdown_safe(void) { /* List of CPUs that are not vulnerable and don't need KPTI */ static const struct midr_range kpti_safe_list[] = { @@ -962,6 +961,15 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), { /* sentinel */ } }; + if (is_midr_in_range_list(read_cpuid_id(), kpti_safe_list)) + return true; + + return false; +} + +static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, + int scope) +{ char const *str = "command line option"; /* @@ -985,8 +993,7 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) return true; - /* Don't force KPTI for CPUs that are not vulnerable */ - if (is_midr_in_range_list(read_cpuid_id(), kpti_safe_list)) + if (is_cpu_meltdown_safe()) return false; /* Defer to CPU feature registers */ From patchwork Wed Jan 9 23:55:41 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Linton X-Patchwork-Id: 155100 Delivered-To: patch@linaro.org Received: by 2002:a02:48:0:0:0:0:0 with SMTP id 69csp1277673jaa; Wed, 9 Jan 2019 15:56:22 -0800 (PST) X-Google-Smtp-Source: ALg8bN4Wj3drzzf4OERBB6ge5MFAMzAU0IyOTzxSSIrKJNYkDdi7A5IXIpW9SdXb5rAccQawwMAd X-Received: by 2002:a62:1f9d:: with SMTP id l29mr7960096pfj.14.1547078182630; Wed, 09 Jan 2019 15:56:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547078182; cv=none; d=google.com; s=arc-20160816; b=BeDvTr/huasAIgm61pDtzCJH7nua34EVNt6SoqQKp3a+R1B1KD2NecHhaKL8jMFstn SzIxHwV9aGXDfvkoB/rEzcdZ7U2W3S7oZSPmOKDV+3zY9t7FnW4zsEM8YyKJX/oOcwgx yws6iLw8gxrZ9TMceIi88Pd3Uu7H2o/PVBK4A6CNOGnETToZyPPT99UQYAEEthxd8wla Lr/RgechHbVvID2swAwZ9fteH+lVenyYSsEesLiEEUPfAU/UgiStdx7756wzp0nFCSYj sZs/7HBIp4wFUSVwAkRhjEmRJItdfS1YPLJW7Q/72zpiYmURC0MNoD87CHGUx1I6+8mC 5sTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=KByQZHSiNBV/e7GM6HyiXfiEiM9o2jTwVhj3CJ2IrvI=; b=W8EtgXa+0uGGtgfvDgD19jG2lk3+30uKavedC4g9sV620BJW2IxbsCdVJx8EoyheuF NNHPwUbZSzqp2SSeCrFwAMxxQl5NDgOY6+otVb+2OpOukEwEFKncgBNKocwLX+Z2PS6j if37Ad8mGh6UCfi+SVhdT3f+a+HbipwbPHRhVnHzoOVcpAO3VtIcOWnsR/t3Da3UfW4I bQ0e7LSvBobmYgZsoNPd1jWk9ppymdImmCyrQoUzUoQD8VbElyqBvJTgbznN3xRMqw67 VhKIiX4PfTltPQNlWlU09Q+xcjN8IanAMFUVoN1ory1N848tPpi7qGSArB/W8qLYrf41 66aA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s11si63665503pgk.344.2019.01.09.15.56.22; Wed, 09 Jan 2019 15:56:22 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726932AbfAIX4V (ORCPT + 31 others); Wed, 9 Jan 2019 18:56:21 -0500 Received: from foss.arm.com ([217.140.101.70]:53358 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726652AbfAIXzz (ORCPT ); Wed, 9 Jan 2019 18:55:55 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id E675315BF; Wed, 9 Jan 2019 15:55:54 -0800 (PST) Received: from beelzebub.austin.arm.com (beelzebub.austin.arm.com [10.118.12.119]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 4AD533F5AF; Wed, 9 Jan 2019 15:55:54 -0800 (PST) From: Jeremy Linton To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will.deacon@arm.com, marc.zyngier@arm.com, suzuki.poulose@arm.com, dave.martin@arm.com, shankerd@codeaurora.org, linux-kernel@vger.kernel.org, ykaukab@suse.de, julien.thierry@arm.com, mlangsdo@redhat.com, steven.price@arm.com, stefan.wahren@i2se.com, Jeremy Linton Subject: [PATCH v3 4/7] arm64: add sysfs vulnerability show for meltdown Date: Wed, 9 Jan 2019 17:55:41 -0600 Message-Id: <20190109235544.2992426-5-jeremy.linton@arm.com> X-Mailer: git-send-email 2.17.2 In-Reply-To: <20190109235544.2992426-1-jeremy.linton@arm.com> References: <20190109235544.2992426-1-jeremy.linton@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Display the mitigation status if active, otherwise assume the cpu is safe unless it doesn't have CSV3 and isn't in our whitelist. Signed-off-by: Jeremy Linton --- arch/arm64/kernel/cpufeature.c | 32 +++++++++++++++++++++++++++----- 1 file changed, 27 insertions(+), 5 deletions(-) -- 2.17.2 diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index ab784d7a0083..ef7bbc49ef78 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -944,8 +944,12 @@ has_useable_cnp(const struct arm64_cpu_capabilities *entry, int scope) return has_cpuid_feature(entry, scope); } +/* default value is invalid until unmap_kernel_at_el0() runs */ +static bool __meltdown_safe = true; + #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 static int __kpti_forced; /* 0: not forced, >0: forced on, <0: forced off */ +extern uint arm64_requested_vuln_attrs; static bool is_cpu_meltdown_safe(void) { @@ -972,6 +976,14 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, { char const *str = "command line option"; + bool meltdown_safe = is_cpu_meltdown_safe() || + has_cpuid_feature(entry, scope); + + if (!meltdown_safe) + __meltdown_safe = false; + + arm64_requested_vuln_attrs |= VULN_MELTDOWN; + /* * For reasons that aren't entirely clear, enabling KPTI on Cavium * ThunderX leads to apparent I-cache corruption of kernel text, which @@ -993,11 +1005,7 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) return true; - if (is_cpu_meltdown_safe()) - return false; - - /* Defer to CPU feature registers */ - return !has_cpuid_feature(entry, scope); + return !meltdown_safe; } static void @@ -2065,3 +2073,17 @@ static int __init enable_mrs_emulation(void) } core_initcall(enable_mrs_emulation); + +#ifdef CONFIG_GENERIC_CPU_VULNERABILITIES +ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, + char *buf) +{ + if (arm64_kernel_unmapped_at_el0()) + return sprintf(buf, "Mitigation: KPTI\n"); + + if (__meltdown_safe) + return sprintf(buf, "Not affected\n"); + + return sprintf(buf, "Vulnerable\n"); +} +#endif From patchwork Wed Jan 9 23:55:42 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Linton X-Patchwork-Id: 155096 Delivered-To: patch@linaro.org Received: by 2002:a02:48:0:0:0:0:0 with SMTP id 69csp1277463jaa; Wed, 9 Jan 2019 15:55:59 -0800 (PST) X-Google-Smtp-Source: ALg8bN7WsthvaQiw7r/3SVjrDsEAcMLZFfO6rGhK77bVG/bMqZfawwcWIz1whBjycvJsrK2nNTym X-Received: by 2002:a17:902:6948:: with SMTP id k8mr7976033plt.2.1547078159913; Wed, 09 Jan 2019 15:55:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547078159; cv=none; d=google.com; s=arc-20160816; b=mZyHi45Qw/kWVRlAbJ+52gQgKOO4fhGl5zjlXXTxvSXXEeFrWC8PFBrHYa2S8Bffc4 LvQwxUKM5Te+ZfoGQoueQ7szIKyuHLuxi9YxqCAEyUn4cL0ohjdMxfRlFTvwN3wyWRz0 2w4Rx+Usk4QuQfsOkiv8PAqQ5HslkYBz+YVyWActpZA2oUsCFc1ap/LX3O+05JoIe4nZ Z7WpHYpPP7jpMmAKz5OMcdvkyANDDpb8Ri/U+H7e93yAMbY9HUMe/nhkAHTqKwLWTO66 KgVLGLMe0BHddt1FpV0QW99FfQHQJwCue1/DNWBmBqY49E72WZJGBY8Be2TUgH/ZUKCb e0XA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=YK63iKyAqDXIhhqIVThxgx82aB0sc9rVyK2lfL2eHU4=; b=mUcBE7IP2jtLVkvdjSAOQDS/NiVJW14v7p5B9yNaF6cJMyBHqt5z6+nabLQAZT9lFd xe5x4cpMZ/NJ4jOEna2cIwV5UjM4eMj08YIElx0KHkBx6BcfRrZL7A5Tx8ih9nk0uNSF y0lUukN7fF8WAZ+NzKyAUpRrWO6UnqnegFzwMOURXkLBOQmh7dJmHViXie+5aC5LdDzD Gf0QnAPp8R/3K3CD+664xtTC0SZekoctIIk+tr+SO0lsCaqxRGHPuvIOUKWiAQQ2RO1j 0wqGCY2jXnkBEyDwpnbB2a+T8FVZGDlMwWSuWW0c2ysBYg+NRdaqT0R8ZIPdOBpyn/Kt DyUw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i9si26715912plb.35.2019.01.09.15.55.59; Wed, 09 Jan 2019 15:55:59 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726761AbfAIXz6 (ORCPT + 31 others); Wed, 9 Jan 2019 18:55:58 -0500 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:53366 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726705AbfAIXz4 (ORCPT ); Wed, 9 Jan 2019 18:55:56 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 2F09BA78; Wed, 9 Jan 2019 15:55:56 -0800 (PST) Received: from beelzebub.austin.arm.com (beelzebub.austin.arm.com [10.118.12.119]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 8795C3F5AF; Wed, 9 Jan 2019 15:55:55 -0800 (PST) From: Jeremy Linton To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will.deacon@arm.com, marc.zyngier@arm.com, suzuki.poulose@arm.com, dave.martin@arm.com, shankerd@codeaurora.org, linux-kernel@vger.kernel.org, ykaukab@suse.de, julien.thierry@arm.com, mlangsdo@redhat.com, steven.price@arm.com, stefan.wahren@i2se.com, Jeremy Linton Subject: [PATCH v3 5/7] arm64: add sysfs vulnerability show for spectre v2 Date: Wed, 9 Jan 2019 17:55:42 -0600 Message-Id: <20190109235544.2992426-6-jeremy.linton@arm.com> X-Mailer: git-send-email 2.17.2 In-Reply-To: <20190109235544.2992426-1-jeremy.linton@arm.com> References: <20190109235544.2992426-1-jeremy.linton@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add code to track whether all the cores in the machine are vulnerable, and whether all the vulnerable cores have been mitigated. Once we have that information we can add the sysfs stub and provide an accurate view of what is known about the machine. Signed-off-by: Jeremy Linton --- arch/arm64/kernel/cpu_errata.c | 61 +++++++++++++++++++++++++++++++--- 1 file changed, 56 insertions(+), 5 deletions(-) -- 2.17.2 diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 8dde8c616b7e..ee286d606d9b 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -111,6 +111,11 @@ atomic_t arm64_el2_vector_last_slot = ATOMIC_INIT(-1); uint arm64_requested_vuln_attrs = VULN_SPECTREV1; +#if defined(CONFIG_HARDEN_BRANCH_PREDICTOR) || defined(CONFIG_GENERIC_CPU_VULNERABILITIES) +/* Track overall mitigation state. We are only mitigated if all cores are ok */ +static bool __hardenbp_enab = true; +#endif + #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR #include #include @@ -233,15 +238,19 @@ enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) if (!entry->matches(entry, SCOPE_LOCAL_CPU)) return; - if (psci_ops.smccc_version == SMCCC_VERSION_1_0) + if (psci_ops.smccc_version == SMCCC_VERSION_1_0) { + __hardenbp_enab = false; return; + } switch (psci_ops.conduit) { case PSCI_CONDUIT_HVC: arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, ARM_SMCCC_ARCH_WORKAROUND_1, &res); - if ((int)res.a0 < 0) + if ((int)res.a0 < 0) { + __hardenbp_enab = false; return; + } cb = call_hvc_arch_workaround_1; /* This is a guest, no need to patch KVM vectors */ smccc_start = NULL; @@ -251,14 +260,17 @@ enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) case PSCI_CONDUIT_SMC: arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, ARM_SMCCC_ARCH_WORKAROUND_1, &res); - if ((int)res.a0 < 0) + if ((int)res.a0 < 0) { + __hardenbp_enab = false; return; + } cb = call_smc_arch_workaround_1; smccc_start = __smccc_workaround_1_smc_start; smccc_end = __smccc_workaround_1_smc_end; break; default: + __hardenbp_enab = false; return; } @@ -509,7 +521,32 @@ cpu_enable_cache_maint_trap(const struct arm64_cpu_capabilities *__unused) .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, \ CAP_MIDR_RANGE_LIST(midr_list) -#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR +#if defined(CONFIG_HARDEN_BRANCH_PREDICTOR) || \ + defined(CONFIG_GENERIC_CPU_VULNERABILITIES) + + +static bool __spectrev2_safe = true; + +/* + * Track overall bp hardening for all heterogeneous cores in the machine. + * We are only considered "safe" if all booted cores are known safe. + */ +static bool __maybe_unused +check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope) +{ + bool is_vul; + + WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible()); + + is_vul = is_midr_in_range_list(read_cpuid_id(), entry->midr_range_list); + + if (is_vul) + __spectrev2_safe = false; + + arm64_requested_vuln_attrs |= VULN_SPECTREV2; + + return is_vul; +} /* * List of CPUs where we need to issue a psci call to @@ -707,7 +744,9 @@ const struct arm64_cpu_capabilities arm64_errata[] = { { .capability = ARM64_HARDEN_BRANCH_PREDICTOR, .cpu_enable = enable_smccc_arch_workaround_1, - ERRATA_MIDR_RANGE_LIST(arm64_bp_harden_smccc_cpus), + .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, + .matches = check_branch_predictor, + .midr_range_list = arm64_bp_harden_smccc_cpus, }, #endif #ifdef CONFIG_HARDEN_EL2_VECTORS @@ -758,4 +797,16 @@ ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, return sprintf(buf, "Mitigation: __user pointer sanitization\n"); } +ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, + char *buf) +{ + if (__spectrev2_safe) + return sprintf(buf, "Not affected\n"); + + if (__hardenbp_enab) + return sprintf(buf, "Mitigation: Branch predictor hardening\n"); + + return sprintf(buf, "Vulnerable\n"); +} + #endif From patchwork Wed Jan 9 23:55:43 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Linton X-Patchwork-Id: 155098 Delivered-To: patch@linaro.org Received: by 2002:a02:48:0:0:0:0:0 with SMTP id 69csp1277553jaa; Wed, 9 Jan 2019 15:56:10 -0800 (PST) X-Google-Smtp-Source: ALg8bN6L7qmuHdKBn61wGvQ5NYs+FwVYN+Pg7r54rDc/rfoCSUccuEvmM7OiXZ3EOy8/GSeCmYYP X-Received: by 2002:a62:62c5:: with SMTP id w188mr8048603pfb.160.1547078170615; Wed, 09 Jan 2019 15:56:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547078170; cv=none; d=google.com; s=arc-20160816; b=a3+zJcN39Kz/ckFnVBNpIq3nkH8SxXfr5Fiy38JKsBL4VlmsqAbyjQIeLRogg/b3HB zlaoKeZjzz02ebskva2RiGJEA4kPXpdtlgnU71QCCWr5ndWEokWAiudVdDF8Bl6TCSsw AAM2qOm6yXxGz1OjtIYiumSeUg/LSKiZ02RLvAZTc9WSFpG+VqM4vppI5erLq+6JtizD TVe+g1iyDxJTc10WuMk5r3GjNEocPJmdBkSLI2p0zpj76dF+ZmEtxvNltPReHVH95E5n eHX0XaJiX9vbXXA1KthiaksDyWCABDT9pLnk1eFt9qITwkGUssTxWyTrrbajfaqQ+z7y DuYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=OXFrg6VEV+GvadV0CYFG+ng5CczKdf6EcdEe8+mH7lI=; b=LsXM7O5v9HjVrIUVrt6Y9HBGnwfTboJHjcnPeiNFugShoOEE/i3srEk0a2CNmyrpsr p2UJsTKgierxdUIeUXhciFrp1VlwiptVC0ztBaaDTv55WlogyV4A1iv/Ppiqraumv8Lx 170+QAD05/diQMhKZ5ofRLWUSChR1YQlRmYGFscd+6BDu0l3A/dkgexYsdl9JaZRLMes E46JFFQUCwCweSCs6I4M8ryguHDpjxbfs4TFEDah5nvH81TnygfB4kr7F5wFX5JEkUP3 +XZv8W5Nvq9IgJcYXrfOrJkarcCns2/WRheHzgYyqBU4gG8kjoFIn5yq1rWtbZ+608dy 23eg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v35si60524889pgl.130.2019.01.09.15.56.10; Wed, 09 Jan 2019 15:56:10 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726856AbfAIX4C (ORCPT + 31 others); Wed, 9 Jan 2019 18:56:02 -0500 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:53378 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726729AbfAIXz5 (ORCPT ); Wed, 9 Jan 2019 18:55:57 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 71001165C; Wed, 9 Jan 2019 15:55:57 -0800 (PST) Received: from beelzebub.austin.arm.com (beelzebub.austin.arm.com [10.118.12.119]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id C9AAA3F5AF; Wed, 9 Jan 2019 15:55:56 -0800 (PST) From: Jeremy Linton To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will.deacon@arm.com, marc.zyngier@arm.com, suzuki.poulose@arm.com, dave.martin@arm.com, shankerd@codeaurora.org, linux-kernel@vger.kernel.org, ykaukab@suse.de, julien.thierry@arm.com, mlangsdo@redhat.com, steven.price@arm.com, stefan.wahren@i2se.com, Jeremy Linton Subject: [PATCH v3 6/7] arm64: add sysfs vulnerability show for speculative store bypass Date: Wed, 9 Jan 2019 17:55:43 -0600 Message-Id: <20190109235544.2992426-7-jeremy.linton@arm.com> X-Mailer: git-send-email 2.17.2 In-Reply-To: <20190109235544.2992426-1-jeremy.linton@arm.com> References: <20190109235544.2992426-1-jeremy.linton@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return status based on ssbd_state and the arm64 SSBS feature. If the mitigation is disabled, or the firmware isn't responding then return the expected machine state based on a new blacklist of known vulnerable cores. Signed-off-by: Jeremy Linton --- arch/arm64/kernel/cpu_errata.c | 48 ++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) -- 2.17.2 diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index ee286d606d9b..c8ff96158b94 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -288,6 +288,7 @@ enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) DEFINE_PER_CPU_READ_MOSTLY(u64, arm64_ssbd_callback_required); int ssbd_state __read_mostly = ARM64_SSBD_KERNEL; +static bool __ssb_safe = true; static const struct ssbd_options { const char *str; @@ -385,10 +386,18 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, { struct arm_smccc_res res; bool required = true; + bool is_vul; s32 val; WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible()); + is_vul = is_midr_in_range_list(read_cpuid_id(), entry->midr_range_list); + + if (is_vul) + __ssb_safe = false; + + arm64_requested_vuln_attrs |= VULN_SSB; + if (this_cpu_has_cap(ARM64_SSBS)) { required = false; goto out_printmsg; @@ -422,6 +431,7 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, ssbd_state = ARM64_SSBD_UNKNOWN; return false; + /* machines with mixed mitigation requirements must not return this */ case SMCCC_RET_NOT_REQUIRED: pr_info_once("%s mitigation not required\n", entry->desc); ssbd_state = ARM64_SSBD_MITIGATED; @@ -476,6 +486,17 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, return required; } + +/* known vulnerable cores */ +static const struct midr_range arm64_ssb_cpus[] = { + MIDR_ALL_VERSIONS(MIDR_CORTEX_A57), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A72), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A75), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A76), + {}, +}; + #endif /* CONFIG_ARM64_SSBD */ static void __maybe_unused @@ -762,6 +783,7 @@ const struct arm64_cpu_capabilities arm64_errata[] = { .capability = ARM64_SSBD, .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, .matches = has_ssbd_mitigation, + .midr_range_list = arm64_ssb_cpus, }, #endif #ifdef CONFIG_ARM64_ERRATUM_1188873 @@ -809,4 +831,30 @@ ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, return sprintf(buf, "Vulnerable\n"); } +ssize_t cpu_show_spec_store_bypass(struct device *dev, + struct device_attribute *attr, char *buf) +{ + /* + * Two assumptions: First, get_ssbd_state() reflects the worse case + * for hetrogenous machines, and that if SSBS is supported its + * supported by all cores. + */ + switch (arm64_get_ssbd_state()) { + case ARM64_SSBD_MITIGATED: + return sprintf(buf, "Not affected\n"); + + case ARM64_SSBD_KERNEL: + case ARM64_SSBD_FORCE_ENABLE: + if (cpus_have_cap(ARM64_SSBS)) + return sprintf(buf, "Not affected\n"); + return sprintf(buf, + "Mitigation: Speculative Store Bypass disabled\n"); + } + + if (__ssb_safe) + return sprintf(buf, "Not affected\n"); + + return sprintf(buf, "Vulnerable\n"); +} + #endif From patchwork Wed Jan 9 23:55:44 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Linton X-Patchwork-Id: 155097 Delivered-To: patch@linaro.org Received: by 2002:a02:48:0:0:0:0:0 with SMTP id 69csp1277534jaa; Wed, 9 Jan 2019 15:56:08 -0800 (PST) X-Google-Smtp-Source: ALg8bN5W/u4e/TGEQpdzYZO8eWjvtJCZjtw3Ei098r9H94RecaWAitlentwNLjPlxFqqjujUcoA4 X-Received: by 2002:a63:8c6:: with SMTP id 189mr7306006pgi.322.1547078168436; Wed, 09 Jan 2019 15:56:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547078168; cv=none; d=google.com; s=arc-20160816; b=k7p1uU3vDVCadUyIz7Nrk4L5mPBjJlwc19RQ4HwN5ZyKZQvr81rpKMzp5DBZ778gRY ULkIskJoSd+CBJAUYdX6P3pdeNCPWGCO7nVyjjpgNG0bR39VZSZPlfjLaHhzHvkoKFrp Jq2ddDIKOnIFHGW8uxp2pTkDvF5pbxsIxjE1iX3SvOgtGKoGQBjl1Gkih7gUWq6a4POX 5LXPmLxQ5fRxQhPsav/juKKm0P7VIY8Xmvq/VBU1XJ/UNna0+0CAuJuwsedqjTfh71l9 NjkqBAt6aqiicjnjsv0UdvaR7/aDrRB8U0L8xz8SOxJTG+Bkuz8CPghpKrxXlRFf3O7d GtkA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=2W/YWXLfSLBgeiJ+hz08gWxtcRMh5zmRBIqb2zczsJ0=; b=JtjhapAvbPGzNJXxP/hUqzgIoTm+HocncOtfu3HHBULgMhd6DqVE+7PEBz6CBJcQC1 86Aet4pE83LQSIGTlpbIZpXIIwepRB5xLSHM8Al+z7nI0LQjl5/NjSJOHug/1aOjKZxp l/dywLM41X/dM6g8fuDku1l7erfeh6GUdJi4oXmvUPGM+HqpdWVDxNZXdM1haEQlPW/U MeYucjWtOp3C/Yc+130wCkPkFZiA6XpMdavA3pDfs2I/cCBZQYNVcGF1C22piEYGYBXr cwl0lBoUpeR7WqS46mej4iATvU0GmsIRGNL+Ovlwp3vqiCtwbhamMRXF4wOaCbOfUQjV WNuA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v35si60524889pgl.130.2019.01.09.15.56.08; Wed, 09 Jan 2019 15:56:08 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726895AbfAIX4H (ORCPT + 31 others); Wed, 9 Jan 2019 18:56:07 -0500 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:53390 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726753AbfAIXz7 (ORCPT ); Wed, 9 Jan 2019 18:55:59 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id AF24515BF; Wed, 9 Jan 2019 15:55:58 -0800 (PST) Received: from beelzebub.austin.arm.com (beelzebub.austin.arm.com [10.118.12.119]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 08D263F5AF; Wed, 9 Jan 2019 15:55:57 -0800 (PST) From: Jeremy Linton To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will.deacon@arm.com, marc.zyngier@arm.com, suzuki.poulose@arm.com, dave.martin@arm.com, shankerd@codeaurora.org, linux-kernel@vger.kernel.org, ykaukab@suse.de, julien.thierry@arm.com, mlangsdo@redhat.com, steven.price@arm.com, stefan.wahren@i2se.com, Jeremy Linton Subject: [PATCH v3 7/7] arm64: enable generic CPU vulnerabilites support Date: Wed, 9 Jan 2019 17:55:44 -0600 Message-Id: <20190109235544.2992426-8-jeremy.linton@arm.com> X-Mailer: git-send-email 2.17.2 In-Reply-To: <20190109235544.2992426-1-jeremy.linton@arm.com> References: <20190109235544.2992426-1-jeremy.linton@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mian Yousaf Kaukab Enable CPU vulnerabilty show functions for spectre_v1, spectre_v2, meltdown and store-bypass. Signed-off-by: Mian Yousaf Kaukab Signed-off-by: Jeremy Linton --- arch/arm64/Kconfig | 1 + 1 file changed, 1 insertion(+) -- 2.17.2 diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index a4168d366127..be9872ee1d61 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -88,6 +88,7 @@ config ARM64 select GENERIC_CLOCKEVENTS select GENERIC_CLOCKEVENTS_BROADCAST select GENERIC_CPU_AUTOPROBE + select GENERIC_CPU_VULNERABILITIES select GENERIC_EARLY_IOREMAP select GENERIC_IDLE_POLL_SETUP select GENERIC_IRQ_MULTI_HANDLER