From patchwork Wed Apr 10 23:12:28 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Linton X-Patchwork-Id: 162044 Delivered-To: patch@linaro.org Received: by 2002:a02:c6d8:0:0:0:0:0 with SMTP id r24csp6763021jan; Wed, 10 Apr 2019 16:12:58 -0700 (PDT) X-Google-Smtp-Source: APXvYqwkjFve50vM17e+GF2hCIfPKpVFi7BpAjyfHL+jt2L9Oam5Ks86fIUh0Xx7D3le3prRIDbb X-Received: by 2002:a17:902:6b03:: with SMTP id o3mr46816577plk.226.1554937978855; Wed, 10 Apr 2019 16:12:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554937978; cv=none; d=google.com; s=arc-20160816; b=i22qo2XfDDAgPLzoSVIW/73LbYDdY1sM+BuA7OnaMK5Xh19xzfPjbA7ucd4EPR2JH1 yMrRf7SOxU0Za58SvEu5eUCNsAO454GkRfZwsQolof+VPmUAKTID3+8rbuMEKGAxpkX5 1XweZRc5lVe6YcRHUZ38FJ9wjr6slUHDzN5mDvWG+HeaSdbOm60Z8pO4yHHXIk1Mp4kU taokABTUG+uz6TBY2j3uYvCnDdg2r1oC9eJgrhxGHeLhNNNWy4ptXD0sL8x/79peIXzp 3ATS/TDyFHhM1OkkKwPdYm1FLXVV9QFvSuQc0m0FEiYTr1Bzk+DecIJoNxZ5jDKhBPL1 n5PQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=CT3d/nBKRnTrp1q6CX5C4QJaO2VkT4DsSJpOzC4dACI=; b=IR0Ecxg5lRAUffycHXo5Lrm/5K6zYno7P2/qo+QQfJ8GI4n/7fHqeEHsBxLHqOq3/W JsnbgQP15amM4cpbH/N4EJODeuBvgF1cv1TvFVacmh6yCYopPW8BsDnfAO2VS0PqOpPi WaBkNXokWvqDB3oSshrSPOVeQr9MCJ5BKYi+e68tBhNYZRYxrfKTkcjrxn18Qcr6HWmj gA5ll+fWErZdPNyTWak74gJqpCphmXRPWAXQEPdzuYzGvWH5Wn3hnGYuSn9nwwFtKNPE e7uq0ayMvejBDp+vyTF5N2XXaavkcBbg/GfceKwaS4fcs3qmjDjljFpa/yFU7Au6+h7E vucw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y2si32417243pgl.527.2019.04.10.16.12.58; Wed, 10 Apr 2019 16:12:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726818AbfDJXM5 (ORCPT + 31 others); Wed, 10 Apr 2019 19:12:57 -0400 Received: from foss.arm.com ([217.140.101.70]:32978 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726106AbfDJXMz (ORCPT ); Wed, 10 Apr 2019 19:12:55 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id C53FAA78; Wed, 10 Apr 2019 16:12:54 -0700 (PDT) Received: from mammon-tx2.austin.arm.com (mammon-tx2.austin.arm.com [10.118.29.246]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 154623F557; Wed, 10 Apr 2019 16:12:54 -0700 (PDT) From: Jeremy Linton To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will.deacon@arm.com, marc.zyngier@arm.com, suzuki.poulose@arm.com, Dave.Martin@arm.com, shankerd@codeaurora.org, julien.thierry@arm.com, mlangsdo@redhat.com, stefan.wahren@i2se.com, Andre.Przywara@arm.com, linux-kernel@vger.kernel.org, Jeremy Linton , Andre Przywara , Jonathan Corbet , linux-doc@vger.kernel.org Subject: [v7 01/10] arm64: Provide a command line to disable spectre_v2 mitigation Date: Wed, 10 Apr 2019 18:12:28 -0500 Message-Id: <20190410231237.52506-2-jeremy.linton@arm.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190410231237.52506-1-jeremy.linton@arm.com> References: <20190410231237.52506-1-jeremy.linton@arm.com> MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org There are various reasons, including bencmarking, to disable spectrev2 mitigation on a machine. Provide a command-line to do so. Signed-off-by: Jeremy Linton Reviewed-by: Suzuki K Poulose Reviewed-by: Andre Przywara Reviewed-by: Catalin Marinas Tested-by: Stefan Wahren Cc: Jonathan Corbet Cc: linux-doc@vger.kernel.org --- Documentation/admin-guide/kernel-parameters.txt | 8 ++++---- arch/arm64/kernel/cpu_errata.c | 13 +++++++++++++ 2 files changed, 17 insertions(+), 4 deletions(-) -- 2.20.1 diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 2b8ee90bb644..d153bb15c8c7 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -2873,10 +2873,10 @@ check bypass). With this option data leaks are possible in the system. - nospectre_v2 [X86,PPC_FSL_BOOK3E] Disable all mitigations for the Spectre variant 2 - (indirect branch prediction) vulnerability. System may - allow data leaks with this option, which is equivalent - to spectre_v2=off. + nospectre_v2 [X86,PPC_FSL_BOOK3E,ARM64] Disable all mitigations for + the Spectre variant 2 (indirect branch prediction) + vulnerability. System may allow data leaks with this + option. nospec_store_bypass_disable [HW] Disable all mitigations for the Speculative Store Bypass vulnerability diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 9950bb0cbd52..d2b2c69d31bb 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -220,6 +220,14 @@ static void qcom_link_stack_sanitization(void) : "=&r" (tmp)); } +static bool __nospectre_v2; +static int __init parse_nospectre_v2(char *str) +{ + __nospectre_v2 = true; + return 0; +} +early_param("nospectre_v2", parse_nospectre_v2); + static void enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) { @@ -231,6 +239,11 @@ enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) if (!entry->matches(entry, SCOPE_LOCAL_CPU)) return; + if (__nospectre_v2) { + pr_info_once("spectrev2 mitigation disabled by command line option\n"); + return; + } + if (psci_ops.smccc_version == SMCCC_VERSION_1_0) return; From patchwork Wed Apr 10 23:12:29 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Linton X-Patchwork-Id: 162052 Delivered-To: patch@linaro.org Received: by 2002:a02:c6d8:0:0:0:0:0 with SMTP id r24csp6763523jan; Wed, 10 Apr 2019 16:13:40 -0700 (PDT) X-Google-Smtp-Source: APXvYqxo88LGSkKkl+ru4ubtM+TYARgGEYab3tw3TmwvuuYnIk8zd72l2Oi8dClLs+zJcpaYfa9E X-Received: by 2002:a63:5b0a:: with SMTP id p10mr44062172pgb.282.1554938020676; Wed, 10 Apr 2019 16:13:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554938020; cv=none; d=google.com; s=arc-20160816; b=AWhHEAUQhMUz7lMh9KsLDm9somVfXmA2YfI2IBCeTdAvz4xf7UmPviQpMTgxlJY4MD gbrNboJ6Tk7W0GvFG6diF3TgkDK2FisWFBAj9P63cXhkr/KzvWRBKXxST5U70C42E3qG uR9LtVOHPurjqW15iXe/V+iuRD+95BsJlfVkOt9Es825trm0I/qif7KtQQ/zPKB4pdXF mcL3Ezcr+heLlkQNZ6zG/gOQu1H6yorVDQvi3b1yFkoxbA7vvvzXrhzJvYloyWpP/4Sy J0771nN1hujfW6RRdsf1yXsL+a1Yk4WeGC3rH1YDGChpLgkDN2x8s8XmoWZkxNlcYErR JqWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=icZMQR98thfR3iCLpBwjnjTX/PUYNalFPwZ9x92ZF5Q=; b=DbBII6lAKbPtUYEXg5/KlaxEKiI4UeZwxKuSh3WiEQm0dEZH3NGX9Cah2FbwunX7ZU rI8NxFzljiUhUjsSpQbo2/wveMI24uPsHMaYp5onmjU6NZFCGzrHGh1D3KPtamdbqrjj kfgQ6MWCHnEfDq95W6xWjwUV/SU0HADvH0LURpBigzxk8UUssXtUwNwWZqrQeBeDL8fT Iyn1a4A2HfiCMKy68t7N1t5sQf3F9Ub3YiaibsgGpsz8zndLukP3jBlvWASn2dVwOgG2 giwYFNoOgYXyk4iznfJdty/9SeZ15NKmiwkuCNIhwgTauKh+hYjPMlw41iXI+rVMAJWA 6fNA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w10si30155979plz.37.2019.04.10.16.13.40; Wed, 10 Apr 2019 16:13:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727039AbfDJXNj (ORCPT + 31 others); Wed, 10 Apr 2019 19:13:39 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:32994 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726774AbfDJXM4 (ORCPT ); Wed, 10 Apr 2019 19:12:56 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 86BA815AD; Wed, 10 Apr 2019 16:12:55 -0700 (PDT) Received: from mammon-tx2.austin.arm.com (mammon-tx2.austin.arm.com [10.118.29.246]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id CAA853F557; Wed, 10 Apr 2019 16:12:54 -0700 (PDT) From: Jeremy Linton To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will.deacon@arm.com, marc.zyngier@arm.com, suzuki.poulose@arm.com, Dave.Martin@arm.com, shankerd@codeaurora.org, julien.thierry@arm.com, mlangsdo@redhat.com, stefan.wahren@i2se.com, Andre.Przywara@arm.com, linux-kernel@vger.kernel.org, Mian Yousaf Kaukab , Jeremy Linton , Andre Przywara Subject: [v7 02/10] arm64: add sysfs vulnerability show for spectre v1 Date: Wed, 10 Apr 2019 18:12:29 -0500 Message-Id: <20190410231237.52506-3-jeremy.linton@arm.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190410231237.52506-1-jeremy.linton@arm.com> References: <20190410231237.52506-1-jeremy.linton@arm.com> MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mian Yousaf Kaukab spectre v1, has been mitigated, and the mitigation is always active. Signed-off-by: Mian Yousaf Kaukab Signed-off-by: Jeremy Linton Reviewed-by: Andre Przywara Reviewed-by: Catalin Marinas Tested-by: Stefan Wahren Acked-by: Suzuki K Poulose --- arch/arm64/kernel/cpu_errata.c | 6 ++++++ 1 file changed, 6 insertions(+) -- 2.20.1 diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index d2b2c69d31bb..cf623657cf3c 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -755,3 +755,9 @@ const struct arm64_cpu_capabilities arm64_errata[] = { { } }; + +ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, + char *buf) +{ + return sprintf(buf, "Mitigation: __user pointer sanitization\n"); +} From patchwork Wed Apr 10 23:12:30 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Linton X-Patchwork-Id: 162053 Delivered-To: patch@linaro.org Received: by 2002:a02:c6d8:0:0:0:0:0 with SMTP id r24csp6763564jan; Wed, 10 Apr 2019 16:13:44 -0700 (PDT) X-Google-Smtp-Source: APXvYqyBiQxKtjr7nD4lawZ9Zf8ctH/6nPro1wV4YxVwJf1RcgLiFOhdWYeTGBi31CoDrXANwhjd X-Received: by 2002:a17:902:1621:: with SMTP id g30mr15404954plg.168.1554938024263; Wed, 10 Apr 2019 16:13:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554938024; cv=none; d=google.com; s=arc-20160816; b=SA+UKPdDKtir+O/ZpoqEK4SPYUgtg2T3tHzlgp7kU4+uj7l7b2pi4/vL0BIeUt039d EnN//tneN3UXX4aUz8xL/L9iqiz3P1hkzMja5SpJZpEkTuUWgiYJS7TsmeCNWFCZ7m3V ZzwiCmM29db3Cl/6m8ewMvfHrvYQaZbQ4gsS3L7H0+HAjy5sCgfRilTqtadJkALy9gma qI42c0+ZL1JjrAq+1Zfz2vDPoSaVH/tJUKRCU7k9Uq5rhQZBTOQXSRz2MMxrmY96xY7J sfGbVeS7zTKpNan9VK/XZ8W1AeYGJRAIExk6ujkJxapBTYvjRMD1pVlCZPTPqbmYPydb Qhdg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=a6m7OOqx8DQTBLA6Hx7GSOf6BgSt5i17jWKolol5ZCg=; b=oBD7OisoSRvg00Um8WUBu6h1y5i3uTAHgmIA7SoGbPFAP1kwaI8xnCqbLy/nSCH7b+ QtxJWXtnO+/94JdBLeyBP1E65PV5po1QJwQo+9JhM3CSow/DkOgiy8BZgX2QPF2+hjzn 1xPmM23TqQ1kVYjUVzk74/i7J5O0bSE/UxAnS6IPCF9loqYgNrYG+11lbWHHiNeSoyNn 000E7GJKIO50d2QJFdjeYMgKOzCUvij5YD3m+f3hGPpyYk7cfW/MCVxmZ1PWjkqi57P+ W5yzFViyP4a9xtamF4mbgSYxz3ZaoTFixoZtgRkC0OC6uDKqlk48Ov/WzcqsecRx5Wg6 FZmQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w10si30155979plz.37.2019.04.10.16.13.43; Wed, 10 Apr 2019 16:13:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727020AbfDJXNi (ORCPT + 31 others); Wed, 10 Apr 2019 19:13:38 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:33010 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726801AbfDJXM4 (ORCPT ); Wed, 10 Apr 2019 19:12:56 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 358DA15BF; Wed, 10 Apr 2019 16:12:56 -0700 (PDT) Received: from mammon-tx2.austin.arm.com (mammon-tx2.austin.arm.com [10.118.29.246]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 8C10D3F557; Wed, 10 Apr 2019 16:12:55 -0700 (PDT) From: Jeremy Linton To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will.deacon@arm.com, marc.zyngier@arm.com, suzuki.poulose@arm.com, Dave.Martin@arm.com, shankerd@codeaurora.org, julien.thierry@arm.com, mlangsdo@redhat.com, stefan.wahren@i2se.com, Andre.Przywara@arm.com, linux-kernel@vger.kernel.org, Jeremy Linton , Andre Przywara Subject: [v7 03/10] arm64: add sysfs vulnerability show for meltdown Date: Wed, 10 Apr 2019 18:12:30 -0500 Message-Id: <20190410231237.52506-4-jeremy.linton@arm.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190410231237.52506-1-jeremy.linton@arm.com> References: <20190410231237.52506-1-jeremy.linton@arm.com> MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Display the system vulnerability status. This means that while its possible to have the mitigation enabled, the sysfs entry won't indicate that status. This is because the core ABI doesn't express the concept of mitigation when the system isn't vulnerable. Signed-off-by: Jeremy Linton Reviewed-by: Suzuki K Poulose Reviewed-by: Andre Przywara Reviewed-by: Catalin Marinas Tested-by: Stefan Wahren --- arch/arm64/kernel/cpufeature.c | 58 ++++++++++++++++++++++++++-------- 1 file changed, 44 insertions(+), 14 deletions(-) -- 2.20.1 diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 4061de10cea6..6b7e1556460a 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -947,7 +947,7 @@ has_useable_cnp(const struct arm64_cpu_capabilities *entry, int scope) return has_cpuid_feature(entry, scope); } -#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +static bool __meltdown_safe = true; static int __kpti_forced; /* 0: not forced, >0: forced on, <0: forced off */ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, @@ -967,6 +967,16 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, { /* sentinel */ } }; char const *str = "command line option"; + bool meltdown_safe; + + meltdown_safe = is_midr_in_range_list(read_cpuid_id(), kpti_safe_list); + + /* Defer to CPU feature registers */ + if (has_cpuid_feature(entry, scope)) + meltdown_safe = true; + + if (!meltdown_safe) + __meltdown_safe = false; /* * For reasons that aren't entirely clear, enabling KPTI on Cavium @@ -978,6 +988,19 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, __kpti_forced = -1; } + /* Useful for KASLR robustness */ + if (IS_ENABLED(CONFIG_RANDOMIZE_BASE) && kaslr_offset() > 0) { + if (!__kpti_forced) { + str = "KASLR"; + __kpti_forced = 1; + } + } + + if (!IS_ENABLED(CONFIG_UNMAP_KERNEL_AT_EL0)) { + pr_info_once("kernel page table isolation disabled by CONFIG\n"); + return false; + } + /* Forced? */ if (__kpti_forced) { pr_info_once("kernel page table isolation forced %s by %s\n", @@ -985,18 +1008,10 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, return __kpti_forced > 0; } - /* Useful for KASLR robustness */ - if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) - return kaslr_offset() > 0; - - /* Don't force KPTI for CPUs that are not vulnerable */ - if (is_midr_in_range_list(read_cpuid_id(), kpti_safe_list)) - return false; - - /* Defer to CPU feature registers */ - return !has_cpuid_feature(entry, scope); + return !meltdown_safe; } +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 static void kpti_install_ng_mappings(const struct arm64_cpu_capabilities *__unused) { @@ -1026,6 +1041,12 @@ kpti_install_ng_mappings(const struct arm64_cpu_capabilities *__unused) return; } +#else +static void +kpti_install_ng_mappings(const struct arm64_cpu_capabilities *__unused) +{ +} +#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ static int __init parse_kpti(char *str) { @@ -1039,7 +1060,6 @@ static int __init parse_kpti(char *str) return 0; } early_param("kpti", parse_kpti); -#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ #ifdef CONFIG_ARM64_HW_AFDBM static inline void __cpu_enable_hw_dbm(void) @@ -1306,7 +1326,6 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .field_pos = ID_AA64PFR0_EL0_SHIFT, .min_field_value = ID_AA64PFR0_EL0_32BIT_64BIT, }, -#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 { .desc = "Kernel page table isolation (KPTI)", .capability = ARM64_UNMAP_KERNEL_AT_EL0, @@ -1322,7 +1341,6 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .matches = unmap_kernel_at_el0, .cpu_enable = kpti_install_ng_mappings, }, -#endif { /* FP/SIMD is not implemented */ .capability = ARM64_HAS_NO_FPSIMD, @@ -2101,3 +2119,15 @@ static int __init enable_mrs_emulation(void) } core_initcall(enable_mrs_emulation); + +ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, + char *buf) +{ + if (__meltdown_safe) + return sprintf(buf, "Not affected\n"); + + if (arm64_kernel_unmapped_at_el0()) + return sprintf(buf, "Mitigation: KPTI\n"); + + return sprintf(buf, "Vulnerable\n"); +} From patchwork Wed Apr 10 23:12:31 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Linton X-Patchwork-Id: 162048 Delivered-To: patch@linaro.org Received: by 2002:a02:c6d8:0:0:0:0:0 with SMTP id r24csp6763229jan; Wed, 10 Apr 2019 16:13:15 -0700 (PDT) X-Google-Smtp-Source: APXvYqyxAZFKayU4qVQPPn9JBKaIxrJ4WgnBn0E1gPE3oeLTGQW+cNeuWLJuGy6PZEHXERcojIMS X-Received: by 2002:a17:902:bb94:: with SMTP id m20mr20626746pls.29.1554937995243; Wed, 10 Apr 2019 16:13:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554937995; cv=none; d=google.com; s=arc-20160816; b=rPeqisAmRnzsrSCovwy2ah+YMARVyKt0GSkovh7LG9wRQFDzsRMs3fmIre+DYjYaLB kiLxBBbzeiAPz3QBDvczL/6OopgYLEEQGUzS11FjbKiKwLLYrqm9oxmSDXaUM5jhQs/d tpuYRv+01Sg59zrgmC60oK1XKv/5vDGVet3vghhJiepJSZXxvW9Oroz/4PTrLNyZvDO0 YrMIi/q5rGa8S1A3rSeKiO7FmLqoF9ay9cez3jHEnXLWkKmTvUQOeQRHZ008iTod3vNA ILNJK6fMPoYJZPnqGrJoVqr6LZP+gdK1VntRT73CKBogaubJaUw0iPJjWCeo4XrS8Xm9 JEIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=oZfv3ISwmU1vCwZD/VpOYj/YOzId6J4WMIJmMdECXfw=; b=xuyMvRuHCE3y+JYJ8ztARTLZ9igVfRQADhdKRN3K+s30HtbgiuvuNCjPY1f81/d5XK UNCq/VhPNUVEN0LAwAnE/wLNNHk6wBIFe5vjO0U3SEsq8fes4hFvQUQWIR7ZZx/5sjdp rq3PLhW1dEQw+CfTQ11TRHUO1KBy1Ll260A9VBVQo3Dlc6FFUfQY2sWQVvBZJWvij7iU UzfCm6rwPg++6danuX/NAXo6edMP0tFubbaeDq1kg7QLNou3eg+wW4Tvw4l9syz5hcqq 93Ty6HlpECYMsZ9pAewIXZGZLKlL+wcWzfCr+aVi+R+gR2JEnTGGY6gq/XEg3fijJzxY BYJw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 3si34249665plx.386.2019.04.10.16.13.14; Wed, 10 Apr 2019 16:13:15 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726849AbfDJXNA (ORCPT + 31 others); Wed, 10 Apr 2019 19:13:00 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:33020 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726813AbfDJXM5 (ORCPT ); Wed, 10 Apr 2019 19:12:57 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id DB6931688; Wed, 10 Apr 2019 16:12:56 -0700 (PDT) Received: from mammon-tx2.austin.arm.com (mammon-tx2.austin.arm.com [10.118.29.246]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 3B6D33F557; Wed, 10 Apr 2019 16:12:56 -0700 (PDT) From: Jeremy Linton To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will.deacon@arm.com, marc.zyngier@arm.com, suzuki.poulose@arm.com, Dave.Martin@arm.com, shankerd@codeaurora.org, julien.thierry@arm.com, mlangsdo@redhat.com, stefan.wahren@i2se.com, Andre.Przywara@arm.com, linux-kernel@vger.kernel.org, Jeremy Linton , Andre Przywara Subject: [v7 04/10] arm64: Advertise mitigation of Spectre-v2, or lack thereof Date: Wed, 10 Apr 2019 18:12:31 -0500 Message-Id: <20190410231237.52506-5-jeremy.linton@arm.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190410231237.52506-1-jeremy.linton@arm.com> References: <20190410231237.52506-1-jeremy.linton@arm.com> MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Marc Zyngier We currently have a list of CPUs affected by Spectre-v2, for which we check that the firmware implements ARCH_WORKAROUND_1. It turns out that not all firmwares do implement the required mitigation, and that we fail to let the user know about it. Instead, let's slightly revamp our checks, and rely on a whitelist of cores that are known to be non-vulnerable, and let the user know the status of the mitigation in the kernel log. Signed-off-by: Marc Zyngier [This makes more sense in front of the sysfs patch] [Pick pieces of that patch into this and move it earlier] Signed-off-by: Jeremy Linton Reviewed-by: Andre Przywara Reviewed-by: Suzuki K Poulose Reviewed-by: Catalin Marinas Tested-by: Stefan Wahren --- arch/arm64/kernel/cpu_errata.c | 107 +++++++++++++++++---------------- 1 file changed, 55 insertions(+), 52 deletions(-) -- 2.20.1 diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index cf623657cf3c..2b6e6d8e105b 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -131,9 +131,9 @@ static void __copy_hyp_vect_bpi(int slot, const char *hyp_vecs_start, __flush_icache_range((uintptr_t)dst, (uintptr_t)dst + SZ_2K); } -static void __install_bp_hardening_cb(bp_hardening_cb_t fn, - const char *hyp_vecs_start, - const char *hyp_vecs_end) +static void install_bp_hardening_cb(bp_hardening_cb_t fn, + const char *hyp_vecs_start, + const char *hyp_vecs_end) { static DEFINE_RAW_SPINLOCK(bp_lock); int cpu, slot = -1; @@ -177,23 +177,6 @@ static void __install_bp_hardening_cb(bp_hardening_cb_t fn, } #endif /* CONFIG_KVM_INDIRECT_VECTORS */ -static void install_bp_hardening_cb(const struct arm64_cpu_capabilities *entry, - bp_hardening_cb_t fn, - const char *hyp_vecs_start, - const char *hyp_vecs_end) -{ - u64 pfr0; - - if (!entry->matches(entry, SCOPE_LOCAL_CPU)) - return; - - pfr0 = read_cpuid(ID_AA64PFR0_EL1); - if (cpuid_feature_extract_unsigned_field(pfr0, ID_AA64PFR0_CSV2_SHIFT)) - return; - - __install_bp_hardening_cb(fn, hyp_vecs_start, hyp_vecs_end); -} - #include #include #include @@ -228,31 +211,27 @@ static int __init parse_nospectre_v2(char *str) } early_param("nospectre_v2", parse_nospectre_v2); -static void -enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) +/* + * -1: No workaround + * 0: No workaround required + * 1: Workaround installed + */ +static int detect_harden_bp_fw(void) { bp_hardening_cb_t cb; void *smccc_start, *smccc_end; struct arm_smccc_res res; u32 midr = read_cpuid_id(); - if (!entry->matches(entry, SCOPE_LOCAL_CPU)) - return; - - if (__nospectre_v2) { - pr_info_once("spectrev2 mitigation disabled by command line option\n"); - return; - } - if (psci_ops.smccc_version == SMCCC_VERSION_1_0) - return; + return -1; switch (psci_ops.conduit) { case PSCI_CONDUIT_HVC: arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, ARM_SMCCC_ARCH_WORKAROUND_1, &res); if ((int)res.a0 < 0) - return; + return -1; cb = call_hvc_arch_workaround_1; /* This is a guest, no need to patch KVM vectors */ smccc_start = NULL; @@ -263,23 +242,23 @@ enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, ARM_SMCCC_ARCH_WORKAROUND_1, &res); if ((int)res.a0 < 0) - return; + return -1; cb = call_smc_arch_workaround_1; smccc_start = __smccc_workaround_1_smc_start; smccc_end = __smccc_workaround_1_smc_end; break; default: - return; + return -1; } if (((midr & MIDR_CPU_MODEL_MASK) == MIDR_QCOM_FALKOR) || ((midr & MIDR_CPU_MODEL_MASK) == MIDR_QCOM_FALKOR_V1)) cb = qcom_link_stack_sanitization; - install_bp_hardening_cb(entry, cb, smccc_start, smccc_end); + install_bp_hardening_cb(cb, smccc_start, smccc_end); - return; + return 1; } #endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */ @@ -521,24 +500,48 @@ cpu_enable_cache_maint_trap(const struct arm64_cpu_capabilities *__unused) CAP_MIDR_RANGE_LIST(midr_list) #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR - /* - * List of CPUs where we need to issue a psci call to - * harden the branch predictor. + * List of CPUs that do not need any Spectre-v2 mitigation at all. */ -static const struct midr_range arm64_bp_harden_smccc_cpus[] = { - MIDR_ALL_VERSIONS(MIDR_CORTEX_A57), - MIDR_ALL_VERSIONS(MIDR_CORTEX_A72), - MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), - MIDR_ALL_VERSIONS(MIDR_CORTEX_A75), - MIDR_ALL_VERSIONS(MIDR_BRCM_VULCAN), - MIDR_ALL_VERSIONS(MIDR_CAVIUM_THUNDERX2), - MIDR_ALL_VERSIONS(MIDR_QCOM_FALKOR_V1), - MIDR_ALL_VERSIONS(MIDR_QCOM_FALKOR), - MIDR_ALL_VERSIONS(MIDR_NVIDIA_DENVER), - {}, +static const struct midr_range spectre_v2_safe_list[] = { + MIDR_ALL_VERSIONS(MIDR_CORTEX_A35), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A53), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A55), + { /* sentinel */ } }; +static bool __maybe_unused +check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope) +{ + int need_wa; + + WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible()); + + /* If the CPU has CSV2 set, we're safe */ + if (cpuid_feature_extract_unsigned_field(read_cpuid(ID_AA64PFR0_EL1), + ID_AA64PFR0_CSV2_SHIFT)) + return false; + + /* Alternatively, we have a list of unaffected CPUs */ + if (is_midr_in_range_list(read_cpuid_id(), spectre_v2_safe_list)) + return false; + + /* Fallback to firmware detection */ + need_wa = detect_harden_bp_fw(); + if (!need_wa) + return false; + + /* forced off */ + if (__nospectre_v2) { + pr_info_once("spectrev2 mitigation disabled by command line option\n"); + return false; + } + + if (need_wa < 0) + pr_warn_once("ARM_SMCCC_ARCH_WORKAROUND_1 missing from firmware\n"); + + return (need_wa > 0); +} #endif #ifdef CONFIG_HARDEN_EL2_VECTORS @@ -717,8 +720,8 @@ const struct arm64_cpu_capabilities arm64_errata[] = { #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR { .capability = ARM64_HARDEN_BRANCH_PREDICTOR, - .cpu_enable = enable_smccc_arch_workaround_1, - ERRATA_MIDR_RANGE_LIST(arm64_bp_harden_smccc_cpus), + .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, + .matches = check_branch_predictor, }, #endif #ifdef CONFIG_HARDEN_EL2_VECTORS From patchwork Wed Apr 10 23:12:32 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Linton X-Patchwork-Id: 162050 Delivered-To: patch@linaro.org Received: by 2002:a02:c6d8:0:0:0:0:0 with SMTP id r24csp6763357jan; Wed, 10 Apr 2019 16:13:26 -0700 (PDT) X-Google-Smtp-Source: APXvYqxFKDzzeYCXCtJyZGXmhLxdrYIepFAVqpvQU+cHOxq93nbEQjSP+670PrMqJJRu/JVPaUq+ X-Received: by 2002:a17:902:e684:: with SMTP id cn4mr45347477plb.71.1554938005939; Wed, 10 Apr 2019 16:13:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554938005; cv=none; d=google.com; s=arc-20160816; b=La+dTJYB7ti2rh8PpcVQikOrTqOeXaVesjOVuknjl0h/RNLTXO2WBcdR5SjMCxf/44 cB7W8SzfGCFtaIuN3PEWcP7AN3ac0sYd8by0Pllv8h6BYnM1Aa2U3sA/++TjZS3+An4v E/wtKsAByIEyZ7OaQ/0U/EGMeHzalUmxyeDLImjNmB+bsvS31dQq32t5PR2ipDFOztNs VQRN9cS6aMVbLxJOXG8u13GJAu8+7+PaD6YYin/qD6BLoktG4xLlsSMmUMhK5slQW2pL qMq9giBnW7vvfZ7tE6EhhCz0BUiHGkll8VoiGrw6FTiAb1UO4k/OEEH4guw0XcLPmbVe lnZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=bo57eUr9OjPnj/smZV3KgoX3m1PyLzgouFU30lrFoh0=; b=Dlvh9ym2k3puHlHOD17fNKV3YF0qFI7/eocGF1jSu+eSPzsoDYPRKk6yc7vYJlmE4E 0ts2CXS2jqg2y6gqOf2NUunkpt6d4uKQ+4R76N8Gw3Ln7kAgG8AOIsRZU6S+D45mOonF /K1c+9GtQkiP/yjS71bUTE7S3r+q1vqIzjRRmUQKn/mIq17Xx9KRoW6pgisQV55sY0ZR Odxn//jNYY5zaudTUqY+n24Dd4PYYxfLHQVan4eos2jCrvP3+L09pGm2P4BFyJ816tvE X0pIYEEP4QdX5N6xkKH5f2rmShRvwnc+3Or76pbUhTxsuV9ZtYUH23t7y69GUm9mhnst 6paw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c12si31425683pgq.390.2019.04.10.16.13.25; Wed, 10 Apr 2019 16:13:25 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726968AbfDJXNX (ORCPT + 31 others); Wed, 10 Apr 2019 19:13:23 -0400 Received: from foss.arm.com ([217.140.101.70]:33032 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726671AbfDJXM5 (ORCPT ); Wed, 10 Apr 2019 19:12:57 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 88B06168F; Wed, 10 Apr 2019 16:12:57 -0700 (PDT) Received: from mammon-tx2.austin.arm.com (mammon-tx2.austin.arm.com [10.118.29.246]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id DED983F557; Wed, 10 Apr 2019 16:12:56 -0700 (PDT) From: Jeremy Linton To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will.deacon@arm.com, marc.zyngier@arm.com, suzuki.poulose@arm.com, Dave.Martin@arm.com, shankerd@codeaurora.org, julien.thierry@arm.com, mlangsdo@redhat.com, stefan.wahren@i2se.com, Andre.Przywara@arm.com, linux-kernel@vger.kernel.org, Jeremy Linton , Andre Przywara Subject: [v7 05/10] arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 Date: Wed, 10 Apr 2019 18:12:32 -0500 Message-Id: <20190410231237.52506-6-jeremy.linton@arm.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190410231237.52506-1-jeremy.linton@arm.com> References: <20190410231237.52506-1-jeremy.linton@arm.com> MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Marc Zyngier The SMCCC ARCH_WORKAROUND_1 service can indicate that although the firmware knows about the Spectre-v2 mitigation, this particular CPU is not vulnerable, and it is thus not necessary to call the firmware on this CPU. Let's use this information to our benefit. Signed-off-by: Marc Zyngier Signed-off-by: Jeremy Linton Reviewed-by: Andre Przywara Reviewed-by: Catalin Marinas Tested-by: Stefan Wahren --- arch/arm64/kernel/cpu_errata.c | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) -- 2.20.1 diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 2b6e6d8e105b..e5c4c5d84a4e 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -230,22 +230,36 @@ static int detect_harden_bp_fw(void) case PSCI_CONDUIT_HVC: arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, ARM_SMCCC_ARCH_WORKAROUND_1, &res); - if ((int)res.a0 < 0) + switch ((int)res.a0) { + case 1: + /* Firmware says we're just fine */ + return 0; + case 0: + cb = call_hvc_arch_workaround_1; + /* This is a guest, no need to patch KVM vectors */ + smccc_start = NULL; + smccc_end = NULL; + break; + default: return -1; - cb = call_hvc_arch_workaround_1; - /* This is a guest, no need to patch KVM vectors */ - smccc_start = NULL; - smccc_end = NULL; + } break; case PSCI_CONDUIT_SMC: arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, ARM_SMCCC_ARCH_WORKAROUND_1, &res); - if ((int)res.a0 < 0) + switch ((int)res.a0) { + case 1: + /* Firmware says we're just fine */ + return 0; + case 0: + cb = call_smc_arch_workaround_1; + smccc_start = __smccc_workaround_1_smc_start; + smccc_end = __smccc_workaround_1_smc_end; + break; + default: return -1; - cb = call_smc_arch_workaround_1; - smccc_start = __smccc_workaround_1_smc_start; - smccc_end = __smccc_workaround_1_smc_end; + } break; default: From patchwork Wed Apr 10 23:12:33 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Linton X-Patchwork-Id: 162051 Delivered-To: patch@linaro.org Received: by 2002:a02:c6d8:0:0:0:0:0 with SMTP id r24csp6763452jan; Wed, 10 Apr 2019 16:13:34 -0700 (PDT) X-Google-Smtp-Source: APXvYqwJf+F0XvPZtzwuDbJ7w4CbkUWZU8nXa3h7tZ5JOM1x7Li9ZLoQCudCjZZuOTbH0aKMZ0nF X-Received: by 2002:a63:6942:: with SMTP id e63mr44206733pgc.102.1554938014165; Wed, 10 Apr 2019 16:13:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554938014; cv=none; d=google.com; s=arc-20160816; b=08s9zfY/LGwTnoFdWzMFZKxs6Qq4Zb+hokKt+T4A1CGwpl/Rb5pFU4FFDpaY6A++CG 5yrfjGcFPInRKfAk0SZTWdsAhJjf2V9mybnhNdC1NBURXUFs+fo3bTBP0IyQrhMmxTBy pAREmNYlr6yYW3HFxp+GO1QR1VZmn8s1DGOMMz7e97rbqcBLY2SY1QlXbynmIhZbuf8n JUxuFj1oHceRWY0MwdXHWcwC1Lbu5d15R/pTHP2GQAJb/7x2zpXIbmGOH469cDndPEYS 9HQF52pUA31iK/VR6C8SK4LCSgL7nbDAdmWnXVfmDZyPF9Fpq8sMT69arDleCIScml9U LCfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=QxQC4phGQCHQ5Vpy/JyRv9S0ZLIy7+bnkoVTorPOaQA=; b=VutVwoM1sCOQIvEHDSMPbC9srZrTz+wgEW3Yt2KIbAQUw+BRjin1JniS+/ZjCoDbiC 5mNDWA/S7Chf4VcNQqyei3EeRSsY+bsPMGfL1DXPmCT6f3NB4w9QRjky8uCLo3mbu3bN 77D8S/vDxbrK4wue4Ysi5ZeMMfEdXCgRwlkrydCJlG2NsK92F/kfaCUcvXZ3DlsK23tH AVPmB3gyxF4XnAcwVkXgdz0fc2WQTS7cQ7d7OVhoOtL9N9wAuaO8FJbwXNxGnmCYfwQX OWUOpMO6MP/Ui0QR5X/Bz2o1TOD7B8yWRQw9nnUv4hvsVfy8+biLwJjsxwOqi5WtU/oF kkFQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a22si33446529pfc.217.2019.04.10.16.13.33; Wed, 10 Apr 2019 16:13:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726951AbfDJXNX (ORCPT + 31 others); Wed, 10 Apr 2019 19:13:23 -0400 Received: from foss.arm.com ([217.140.101.70]:33038 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726827AbfDJXM6 (ORCPT ); Wed, 10 Apr 2019 19:12:58 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 37BE616A3; Wed, 10 Apr 2019 16:12:58 -0700 (PDT) Received: from mammon-tx2.austin.arm.com (mammon-tx2.austin.arm.com [10.118.29.246]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 8E1C43F557; Wed, 10 Apr 2019 16:12:57 -0700 (PDT) From: Jeremy Linton To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will.deacon@arm.com, marc.zyngier@arm.com, suzuki.poulose@arm.com, Dave.Martin@arm.com, shankerd@codeaurora.org, julien.thierry@arm.com, mlangsdo@redhat.com, stefan.wahren@i2se.com, Andre.Przywara@arm.com, linux-kernel@vger.kernel.org, Jeremy Linton , Andre Przywara Subject: [v7 06/10] arm64: Always enable spectrev2 vulnerability detection Date: Wed, 10 Apr 2019 18:12:33 -0500 Message-Id: <20190410231237.52506-7-jeremy.linton@arm.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190410231237.52506-1-jeremy.linton@arm.com> References: <20190410231237.52506-1-jeremy.linton@arm.com> MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The sysfs patches need to display machine vulnerability status regardless of kernel config. Prepare for that by breaking out the vulnerability/mitigation detection code from the logic which implements the mitigation. Signed-off-by: Jeremy Linton Reviewed-by: Andre Przywara Reviewed-by: Catalin Marinas Tested-by: Stefan Wahren --- arch/arm64/kernel/cpu_errata.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) -- 2.20.1 diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index e5c4c5d84a4e..74c4a66500c4 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -109,7 +109,6 @@ cpu_enable_trap_ctr_access(const struct arm64_cpu_capabilities *__unused) atomic_t arm64_el2_vector_last_slot = ATOMIC_INIT(-1); -#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR #include #include @@ -270,11 +269,11 @@ static int detect_harden_bp_fw(void) ((midr & MIDR_CPU_MODEL_MASK) == MIDR_QCOM_FALKOR_V1)) cb = qcom_link_stack_sanitization; - install_bp_hardening_cb(cb, smccc_start, smccc_end); + if (IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR)) + install_bp_hardening_cb(cb, smccc_start, smccc_end); return 1; } -#endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */ #ifdef CONFIG_ARM64_SSBD DEFINE_PER_CPU_READ_MOSTLY(u64, arm64_ssbd_callback_required); @@ -513,7 +512,6 @@ cpu_enable_cache_maint_trap(const struct arm64_cpu_capabilities *__unused) .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, \ CAP_MIDR_RANGE_LIST(midr_list) -#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR /* * List of CPUs that do not need any Spectre-v2 mitigation at all. */ @@ -545,6 +543,11 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope) if (!need_wa) return false; + if (!IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR)) { + pr_warn_once("spectrev2 mitigation disabled by configuration\n"); + return false; + } + /* forced off */ if (__nospectre_v2) { pr_info_once("spectrev2 mitigation disabled by command line option\n"); @@ -556,7 +559,6 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope) return (need_wa > 0); } -#endif #ifdef CONFIG_HARDEN_EL2_VECTORS @@ -731,13 +733,11 @@ const struct arm64_cpu_capabilities arm64_errata[] = { ERRATA_MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), }, #endif -#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR { .capability = ARM64_HARDEN_BRANCH_PREDICTOR, .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, .matches = check_branch_predictor, }, -#endif #ifdef CONFIG_HARDEN_EL2_VECTORS { .desc = "EL2 vector hardening", From patchwork Wed Apr 10 23:12:34 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Linton X-Patchwork-Id: 162045 Delivered-To: patch@linaro.org Received: by 2002:a02:c6d8:0:0:0:0:0 with SMTP id r24csp6763093jan; Wed, 10 Apr 2019 16:13:02 -0700 (PDT) X-Google-Smtp-Source: APXvYqymbIfLRtbqkVeLCUyyxWRjnLqsJxDefYg+A6gasbb6fGN08wFhPs62aFsfF59PIIvrb1Ra X-Received: by 2002:a63:3d85:: with SMTP id k127mr43764068pga.152.1554937982791; Wed, 10 Apr 2019 16:13:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554937982; cv=none; d=google.com; s=arc-20160816; b=E2KvGts7AFnTm38jVJdjv/1ldyk1ujSuz6M95TpI/TjVocKw1JotS2nvE2uJUnZ4mP uXqVpjDYOcQBnN1SQ2HqKuzS5zS94zBuAXSS2FcHyRBRfsrDIIwIvFuK9uklyiOzKuGv YjW4UqXA54O572Zqh5Xod6X+wIkcqNhusxHaEjGfzcdLprBJXU18+crjJyzoKJ55MFXK J1lP3JKq4GTn4PWFvHBZMUytp7j0FZXJnaA+zOobr5Cw9MU1SpbNmSMLPCP9W+ef9N/B v2dbouWMkNlJ3SS7KC0pFPpJLx5OSHUj62QdyWvlwfPe2IRMVejZv+fbxR2HMMr3ioLG NerQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=tFX/nk1fZcsr+TW86i3BXcO84JlB8Gg69OP6zIVoIuU=; b=GhKgl81rbqgSI5bIabOpLql/oGvNSCfgC/R42PxVWsfxlEtaPPDdHqwFlrn4AKPxdb hpHty7emE4NIBTDwrPwBIbsKeIvQLwwfuQdLFcMObc4JXgijye5kgAvxI8ngPqHPxgQH ZnyLGNYuiMIyPf50xse6BDTpLP/8VX/Ap9wW7KXY346T0legMPOGnyKvRMgPoYcqeM8d PTjmVn6zUhRL5lR4xCwrjQMtPGtMzPGdS02SMajKcZBZ7oUMqWw9EzmMrWjqLZNNSkxw 8Gup+v7lCF0PsixtflcDQn6rofnpILFxjYp4logRk9Mp2OqGEkgGrC68FuR5s6bh0P0Z OBqQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a73si17723611pge.358.2019.04.10.16.13.02; Wed, 10 Apr 2019 16:13:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726865AbfDJXNB (ORCPT + 31 others); Wed, 10 Apr 2019 19:13:01 -0400 Received: from foss.arm.com ([217.140.101.70]:33046 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726830AbfDJXM7 (ORCPT ); Wed, 10 Apr 2019 19:12:59 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id DB8C51713; Wed, 10 Apr 2019 16:12:58 -0700 (PDT) Received: from mammon-tx2.austin.arm.com (mammon-tx2.austin.arm.com [10.118.29.246]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 3D4DD3F557; Wed, 10 Apr 2019 16:12:58 -0700 (PDT) From: Jeremy Linton To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will.deacon@arm.com, marc.zyngier@arm.com, suzuki.poulose@arm.com, Dave.Martin@arm.com, shankerd@codeaurora.org, julien.thierry@arm.com, mlangsdo@redhat.com, stefan.wahren@i2se.com, Andre.Przywara@arm.com, linux-kernel@vger.kernel.org, Jeremy Linton , Andre Przywara Subject: [v7 07/10] arm64: add sysfs vulnerability show for spectre v2 Date: Wed, 10 Apr 2019 18:12:34 -0500 Message-Id: <20190410231237.52506-8-jeremy.linton@arm.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190410231237.52506-1-jeremy.linton@arm.com> References: <20190410231237.52506-1-jeremy.linton@arm.com> MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add code to track whether all the cores in the machine are vulnerable, and whether all the vulnerable cores have been mitigated. Once we have that information we can add the sysfs stub and provide an accurate view of what is known about the machine. Signed-off-by: Jeremy Linton Reviewed-by: Andre Przywara Reviewed-by: Catalin Marinas Tested-by: Stefan Wahren --- arch/arm64/kernel/cpu_errata.c | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) -- 2.20.1 diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 74c4a66500c4..fb8eb6c6088f 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -512,6 +512,10 @@ cpu_enable_cache_maint_trap(const struct arm64_cpu_capabilities *__unused) .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, \ CAP_MIDR_RANGE_LIST(midr_list) +/* Track overall mitigation state. We are only mitigated if all cores are ok */ +static bool __hardenbp_enab = true; +static bool __spectrev2_safe = true; + /* * List of CPUs that do not need any Spectre-v2 mitigation at all. */ @@ -522,6 +526,10 @@ static const struct midr_range spectre_v2_safe_list[] = { { /* sentinel */ } }; +/* + * Track overall bp hardening for all heterogeneous cores in the machine. + * We are only considered "safe" if all booted cores are known safe. + */ static bool __maybe_unused check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope) { @@ -543,19 +551,25 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope) if (!need_wa) return false; + __spectrev2_safe = false; + if (!IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR)) { pr_warn_once("spectrev2 mitigation disabled by configuration\n"); + __hardenbp_enab = false; return false; } /* forced off */ if (__nospectre_v2) { pr_info_once("spectrev2 mitigation disabled by command line option\n"); + __hardenbp_enab = false; return false; } - if (need_wa < 0) + if (need_wa < 0) { pr_warn_once("ARM_SMCCC_ARCH_WORKAROUND_1 missing from firmware\n"); + __hardenbp_enab = false; + } return (need_wa > 0); } @@ -778,3 +792,15 @@ ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, { return sprintf(buf, "Mitigation: __user pointer sanitization\n"); } + +ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, + char *buf) +{ + if (__spectrev2_safe) + return sprintf(buf, "Not affected\n"); + + if (__hardenbp_enab) + return sprintf(buf, "Mitigation: Branch predictor hardening\n"); + + return sprintf(buf, "Vulnerable\n"); +} From patchwork Wed Apr 10 23:12:35 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Linton X-Patchwork-Id: 162049 Delivered-To: patch@linaro.org Received: by 2002:a02:c6d8:0:0:0:0:0 with SMTP id r24csp6763283jan; Wed, 10 Apr 2019 16:13:19 -0700 (PDT) X-Google-Smtp-Source: APXvYqwBafigVZMpnbh/QYKPLTCAuqf43YOzxkvMteLiofZmY0PjvLjvg8w+MK3IXNhgWx9TKpN8 X-Received: by 2002:a17:902:1c9:: with SMTP id b67mr25187706plb.158.1554937999899; Wed, 10 Apr 2019 16:13:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554937999; cv=none; d=google.com; s=arc-20160816; b=K5hg5pZjY/0ZXaFe+moFeF2q9IwmBLKsf8bDECnaHFLXAZVMj8JKk0abQyRujrppFo REGBPUOyl32/C9OpyeWWTfFR4TsdPv1OrCoNA3oS1TJLNTzkpnW8jZ6FrmjnDy7H0OOa z3xtvP0OE1+OFp2HE+VzHSYKKzc4r1Q4U7Cu9Sgh2WjI/vVyxMaojCXc+gROAoYgjFoe PSQ9HZ88MotSvsmEPk+a3/fDCY+g5OGVKrPoy8Og2tyfj+3ZQfktxs324xYhh+3hLWym ZWd9bkw60KybJvtijp3j9qi/1tXI/u8O4l486C99kJ+H76mkQIx3OEkOcpnYZROtYv4/ KRsg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=Yp1WfCiHn7GDlaVbiQRHbBwtPTYBLV8JF9ZFz6rWl54=; b=mhKLBhSYcUcM23r31bySfi5ICsB4qAUKIAWsiizS17ocYBWTPiF4/udQa64VE/naZX XlqHvDrNSqh2yUshquy5TblQr9Lo00edciPvPGBbmt2PS8lH1lgQXrqaot4SE5vuaqe+ G9p/mBSUV3Ix8zKh3Yg8BJjqWFe7Qk7zfUnx58HuiT4jB5SU/2YQr9yI7KEEjNTvRX9Q ic1dCCWfHzUzwRqIofDV+hZNKbfXD84afs9j2C4t3kkdBO8fzcAiAQGDRxH29zYwbMOb ApP+r6j7v9j+TxF3paLi7ScAv23dyygT81cQV5sK6S+55Do/UIjV78HNbdqDDQ/Y/VZt P6tw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c12si31425683pgq.390.2019.04.10.16.13.19; Wed, 10 Apr 2019 16:13:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726926AbfDJXNS (ORCPT + 31 others); Wed, 10 Apr 2019 19:13:18 -0400 Received: from foss.arm.com ([217.140.101.70]:33052 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726832AbfDJXM7 (ORCPT ); Wed, 10 Apr 2019 19:12:59 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 8A5D3A78; Wed, 10 Apr 2019 16:12:59 -0700 (PDT) Received: from mammon-tx2.austin.arm.com (mammon-tx2.austin.arm.com [10.118.29.246]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id E0C873F557; Wed, 10 Apr 2019 16:12:58 -0700 (PDT) From: Jeremy Linton To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will.deacon@arm.com, marc.zyngier@arm.com, suzuki.poulose@arm.com, Dave.Martin@arm.com, shankerd@codeaurora.org, julien.thierry@arm.com, mlangsdo@redhat.com, stefan.wahren@i2se.com, Andre.Przywara@arm.com, linux-kernel@vger.kernel.org, Jeremy Linton , Andre Przywara Subject: [v7 08/10] arm64: Always enable ssb vulnerability detection Date: Wed, 10 Apr 2019 18:12:35 -0500 Message-Id: <20190410231237.52506-9-jeremy.linton@arm.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190410231237.52506-1-jeremy.linton@arm.com> References: <20190410231237.52506-1-jeremy.linton@arm.com> MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The ssb detection logic is necessary regardless of whether the vulnerability mitigation code is built into the kernel. Break it out so that the CONFIG option only controls the mitigation logic and not the vulnerability detection. Signed-off-by: Jeremy Linton Reviewed-by: Andre Przywara Reviewed-by: Catalin Marinas Tested-by: Stefan Wahren --- arch/arm64/include/asm/cpufeature.h | 4 ---- arch/arm64/kernel/cpu_errata.c | 11 +++++++---- 2 files changed, 7 insertions(+), 8 deletions(-) -- 2.20.1 diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h index e505e1fbd2b9..6ccdc97e5d6a 100644 --- a/arch/arm64/include/asm/cpufeature.h +++ b/arch/arm64/include/asm/cpufeature.h @@ -638,11 +638,7 @@ static inline int arm64_get_ssbd_state(void) #endif } -#ifdef CONFIG_ARM64_SSBD void arm64_set_ssbd_mitigation(bool state); -#else -static inline void arm64_set_ssbd_mitigation(bool state) {} -#endif extern int do_emulate_mrs(struct pt_regs *regs, u32 sys_reg, u32 rt); diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index fb8eb6c6088f..6958dcdabf7d 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -275,7 +275,6 @@ static int detect_harden_bp_fw(void) return 1; } -#ifdef CONFIG_ARM64_SSBD DEFINE_PER_CPU_READ_MOSTLY(u64, arm64_ssbd_callback_required); int ssbd_state __read_mostly = ARM64_SSBD_KERNEL; @@ -346,6 +345,7 @@ void __init arm64_enable_wa2_handling(struct alt_instr *alt, *updptr = cpu_to_le32(aarch64_insn_gen_nop()); } +#ifdef CONFIG_ARM64_SSBD void arm64_set_ssbd_mitigation(bool state) { if (this_cpu_has_cap(ARM64_SSBS)) { @@ -370,6 +370,12 @@ void arm64_set_ssbd_mitigation(bool state) break; } } +#else +void arm64_set_ssbd_mitigation(bool state) +{ + pr_info_once("SSBD disabled by kernel configuration\n"); +} +#endif /* CONFIG_ARM64_SSBD */ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, int scope) @@ -467,7 +473,6 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, return required; } -#endif /* CONFIG_ARM64_SSBD */ static void __maybe_unused cpu_enable_cache_maint_trap(const struct arm64_cpu_capabilities *__unused) @@ -759,14 +764,12 @@ const struct arm64_cpu_capabilities arm64_errata[] = { ERRATA_MIDR_RANGE_LIST(arm64_harden_el2_vectors), }, #endif -#ifdef CONFIG_ARM64_SSBD { .desc = "Speculative Store Bypass Disable", .capability = ARM64_SSBD, .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, .matches = has_ssbd_mitigation, }, -#endif #ifdef CONFIG_ARM64_ERRATUM_1188873 { /* Cortex-A76 r0p0 to r2p0 */ From patchwork Wed Apr 10 23:12:36 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Linton X-Patchwork-Id: 162047 Delivered-To: patch@linaro.org Received: by 2002:a02:c6d8:0:0:0:0:0 with SMTP id r24csp6763197jan; Wed, 10 Apr 2019 16:13:11 -0700 (PDT) X-Google-Smtp-Source: APXvYqzbU3iGBNe4C0P83sUK9/zLbesbqw7Ao7m0pgUeUFvD2p+sy1++rYc8VPTaF5bD156I22cJ X-Received: by 2002:a62:6807:: with SMTP id d7mr45214619pfc.75.1554937991192; Wed, 10 Apr 2019 16:13:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554937991; cv=none; d=google.com; s=arc-20160816; b=q119EnXu2GrvfkhcG7qnzWXePLMg0gj3RsE+Eq4XSp6yRT8TxZg7u95/dghOeA2W16 bRntRhMTgzDiLcpuKV8j3YV7JFFKqb6ItGGbDjQ2zj1apBmaGSJfymUo7GdrV7U/xhXT WzQ7urqC+ZTTJ5+CW6nu5TOTMlS7Q0RCFH6atMkn10ipU8FNrP6336kGh51RRKXwiwSG xH+xxK62YEKEwu1rpwu75OBC9+LSay28LWa6jozTdX+rMQM41FImxSAy4oTWGQvVczu5 ZYYDcgqcqVvcSTsGdz32iGdgTdvUNvJnLcf1Whcq9HilPjWK+No2FQSU99ZQUdpjkwC7 LdCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=JfHrshB1h8F+SNt65S4RsvArHFtI95AHxu/tN13BdW4=; b=yMaFJahh//5/nuPQsIrp0orsPzdewfjbavgrThJ00qdV0luTf6KUp7FBJuqRKJRGDn 1uaCHXPIaI/MKNX0hYFqhh1GFiefv6IovrGpZwRA4uw32VgnHaBREYvUrArdEC/agmiO ep0Le7E9AcI2AM5ERWE1nw94SdkrSZ4Bdxk49L3AlpXR6mXL218sWV9SjubFQtPGAko3 Qd13syez9fPuGZu8Gl/+VAbLJHu6NBRuwYWlRZ19OTc0/a4Qwl+3wkbXe71aGGz/U9Nq JpW9LZqZXHvB+jbFAvuGxa/uqmADai9+oBUyWe/5+wmr6OCTvpH9v89myqL5CfMqSXZ8 k4dQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 3si34249665plx.386.2019.04.10.16.13.10; Wed, 10 Apr 2019 16:13:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726912AbfDJXNJ (ORCPT + 31 others); Wed, 10 Apr 2019 19:13:09 -0400 Received: from foss.arm.com ([217.140.101.70]:33064 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726843AbfDJXNA (ORCPT ); Wed, 10 Apr 2019 19:13:00 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 30937374; Wed, 10 Apr 2019 16:13:00 -0700 (PDT) Received: from mammon-tx2.austin.arm.com (mammon-tx2.austin.arm.com [10.118.29.246]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 8FEDF3F557; Wed, 10 Apr 2019 16:12:59 -0700 (PDT) From: Jeremy Linton To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will.deacon@arm.com, marc.zyngier@arm.com, suzuki.poulose@arm.com, Dave.Martin@arm.com, shankerd@codeaurora.org, julien.thierry@arm.com, mlangsdo@redhat.com, stefan.wahren@i2se.com, Andre.Przywara@arm.com, linux-kernel@vger.kernel.org, Jeremy Linton Subject: [v7 09/10] arm64: add sysfs vulnerability show for speculative store bypass Date: Wed, 10 Apr 2019 18:12:36 -0500 Message-Id: <20190410231237.52506-10-jeremy.linton@arm.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190410231237.52506-1-jeremy.linton@arm.com> References: <20190410231237.52506-1-jeremy.linton@arm.com> MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return status based on ssbd_state and the arm64 SSBS feature. If the mitigation is disabled, or the firmware isn't responding then return the expected machine state based on a whitelist of known good cores. Given a heterogeneous machine, the overall machine vulnerability must be a tristate to assure any vulnerable cores transition to vulnerable and stay there. Further, we delay transitioning to vulnerable until we know the firmware isn't responding to avoid a case where we miss the whitelist, but the firmware goes ahead and reports the core is not vulnerable. Signed-off-by: Jeremy Linton --- arch/arm64/kernel/cpu_errata.c | 62 ++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) -- 2.20.1 diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 6958dcdabf7d..a1f3188c7be0 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -278,6 +278,13 @@ static int detect_harden_bp_fw(void) DEFINE_PER_CPU_READ_MOSTLY(u64, arm64_ssbd_callback_required); int ssbd_state __read_mostly = ARM64_SSBD_KERNEL; +static enum {SSB_UNSET, SSB_SAFE, SSB_UNSAFE} __ssb_safe = SSB_UNSET; + +static inline void ssb_safe(void) +{ + if (__ssb_safe == SSB_UNSET) + __ssb_safe = SSB_SAFE; +} static const struct ssbd_options { const char *str; @@ -383,16 +390,25 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, struct arm_smccc_res res; bool required = true; s32 val; + bool this_cpu_safe = false; WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible()); if (this_cpu_has_cap(ARM64_SSBS)) { required = false; + ssb_safe(); goto out_printmsg; } + if (is_midr_in_range_list(read_cpuid_id(), entry->midr_range_list)) { + ssb_safe(); + this_cpu_safe = true; + } + if (psci_ops.smccc_version == SMCCC_VERSION_1_0) { ssbd_state = ARM64_SSBD_UNKNOWN; + if (!this_cpu_safe) + __ssb_safe = SSB_UNSAFE; return false; } @@ -409,6 +425,8 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, default: ssbd_state = ARM64_SSBD_UNKNOWN; + if (!this_cpu_safe) + __ssb_safe = SSB_UNSAFE; return false; } @@ -417,23 +435,31 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, switch (val) { case SMCCC_RET_NOT_SUPPORTED: ssbd_state = ARM64_SSBD_UNKNOWN; + if (!this_cpu_safe) + __ssb_safe = SSB_UNSAFE; return false; + /* machines with mixed mitigation requirements must not return this */ case SMCCC_RET_NOT_REQUIRED: pr_info_once("%s mitigation not required\n", entry->desc); ssbd_state = ARM64_SSBD_MITIGATED; + ssb_safe(); return false; case SMCCC_RET_SUCCESS: + __ssb_safe = SSB_UNSAFE; required = true; break; case 1: /* Mitigation not required on this CPU */ required = false; + ssb_safe(); break; default: WARN_ON(1); + if (!this_cpu_safe) + __ssb_safe = SSB_UNSAFE; return false; } @@ -474,6 +500,14 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, return required; } +/* known invulnerable cores */ +static const struct midr_range arm64_ssb_cpus[] = { + MIDR_ALL_VERSIONS(MIDR_CORTEX_A35), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A53), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A55), + {}, +}; + static void __maybe_unused cpu_enable_cache_maint_trap(const struct arm64_cpu_capabilities *__unused) { @@ -769,6 +803,7 @@ const struct arm64_cpu_capabilities arm64_errata[] = { .capability = ARM64_SSBD, .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, .matches = has_ssbd_mitigation, + .midr_range_list = arm64_ssb_cpus, }, #ifdef CONFIG_ARM64_ERRATUM_1188873 { @@ -807,3 +842,30 @@ ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, return sprintf(buf, "Vulnerable\n"); } + +ssize_t cpu_show_spec_store_bypass(struct device *dev, + struct device_attribute *attr, char *buf) +{ + /* + * Two assumptions: First, ssbd_state reflects the worse case + * for heterogeneous machines, and that if SSBS is supported its + * supported by all cores. + */ + switch (ssbd_state) { + case ARM64_SSBD_MITIGATED: + return sprintf(buf, "Not affected\n"); + + case ARM64_SSBD_KERNEL: + case ARM64_SSBD_FORCE_ENABLE: + if (cpus_have_cap(ARM64_SSBS)) + return sprintf(buf, "Not affected\n"); + if (IS_ENABLED(CONFIG_ARM64_SSBD)) + return sprintf(buf, + "Mitigation: Speculative Store Bypass disabled\n"); + } + + if (__ssb_safe == SSB_SAFE) + return sprintf(buf, "Not affected\n"); + + return sprintf(buf, "Vulnerable\n"); +} From patchwork Wed Apr 10 23:12:37 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Linton X-Patchwork-Id: 162046 Delivered-To: patch@linaro.org Received: by 2002:a02:c6d8:0:0:0:0:0 with SMTP id r24csp6763133jan; Wed, 10 Apr 2019 16:13:06 -0700 (PDT) X-Google-Smtp-Source: APXvYqxV+dcKlPVEm3JJeO2HfKaKCSeSOTxQavQ+aWGRh85NUITPnOU96g1b8wKXw1+ZKGPM03NK X-Received: by 2002:a63:2045:: with SMTP id r5mr28970379pgm.394.1554937985966; Wed, 10 Apr 2019 16:13:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554937985; cv=none; d=google.com; s=arc-20160816; b=bxfU0EU5Iam0nJ9MsBigfCH9NvEiAHVkF6d+59X7fCf6fMvMp5QNQmvzl1sBIzd66Q 9iIZQ5K3nt/GxLcGcai91vh77aKvrroA5V5J5s/vtCInku2b88SmRLgoIt9v7LmmDEcC NLj7Fmk8yNUPnmzZEf3hFrJSNK1FiULXjd4aE4CWiJKv/+dZskZXTBCMcUnEA9CQ01yq KcklD8vYBxkP1ijGdOANQPv4pDBYaaxxOa7zNx/00c4bjDit3uSkn9TqO/r7qZjZLTbY 0BxCihG+Y6pRB7XgsZs6exyTNBaxXQMLRSoRM8FZa+uyBtpJeAehPWSLxaEeeEy0FA5n +X2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=0845eMM+JUdB6xRyCHRa3XSXP/YqZLXGOWQ2raqbAS0=; b=TXtrNI7SPPHJj+4HcFdk/+wW+shsX4jisrvPuZAxb0Yj752sBcbkUL7JgseUvmYZQ2 QzJgSG/ysdEbp9d+/z57bv+vK9KkBTrwQV/m7wfFaxkAmXzvpDeh0CtcV8mluVQAewKk pc5ESgjIidTNRKhdcqI8CbD8SyWPEkw8cQbo6GZBXMQI8Mf7Zhiz6dtx12mrwqvbz8uw OzMyOPb5Q0RkSHGvf0RFOOBY/ertl24ZCK+2ZbGoibBp14PVbDluEmJCaRqdVzxpZNCn lO2DovSYuYhbC+0YU+KxYtPBStET87XFyYYrQQDu9X8iCXPMhWCNLM7dNwVitWuKqdSV OlJQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a73si17723611pge.358.2019.04.10.16.13.05; Wed, 10 Apr 2019 16:13:05 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726886AbfDJXNE (ORCPT + 31 others); Wed, 10 Apr 2019 19:13:04 -0400 Received: from foss.arm.com ([217.140.101.70]:33070 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726860AbfDJXNB (ORCPT ); Wed, 10 Apr 2019 19:13:01 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id E5FA515AD; Wed, 10 Apr 2019 16:13:00 -0700 (PDT) Received: from mammon-tx2.austin.arm.com (mammon-tx2.austin.arm.com [10.118.29.246]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 362223F557; Wed, 10 Apr 2019 16:13:00 -0700 (PDT) From: Jeremy Linton To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will.deacon@arm.com, marc.zyngier@arm.com, suzuki.poulose@arm.com, Dave.Martin@arm.com, shankerd@codeaurora.org, julien.thierry@arm.com, mlangsdo@redhat.com, stefan.wahren@i2se.com, Andre.Przywara@arm.com, linux-kernel@vger.kernel.org, Mian Yousaf Kaukab , Jeremy Linton , Andre Przywara Subject: [v7 10/10] arm64: enable generic CPU vulnerabilites support Date: Wed, 10 Apr 2019 18:12:37 -0500 Message-Id: <20190410231237.52506-11-jeremy.linton@arm.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190410231237.52506-1-jeremy.linton@arm.com> References: <20190410231237.52506-1-jeremy.linton@arm.com> MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mian Yousaf Kaukab Enable CPU vulnerabilty show functions for spectre_v1, spectre_v2, meltdown and store-bypass. Signed-off-by: Mian Yousaf Kaukab Signed-off-by: Jeremy Linton Reviewed-by: Andre Przywara Reviewed-by: Catalin Marinas Tested-by: Stefan Wahren --- arch/arm64/Kconfig | 1 + 1 file changed, 1 insertion(+) -- 2.20.1 diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 7e34b9eba5de..6a7b7d4e0e90 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -90,6 +90,7 @@ config ARM64 select GENERIC_CLOCKEVENTS select GENERIC_CLOCKEVENTS_BROADCAST select GENERIC_CPU_AUTOPROBE + select GENERIC_CPU_VULNERABILITIES select GENERIC_EARLY_IOREMAP select GENERIC_IDLE_POLL_SETUP select GENERIC_IRQ_MULTI_HANDLER