From patchwork Tue Oct 8 15:39:15 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 175501 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp5864248ill; Tue, 8 Oct 2019 08:40:14 -0700 (PDT) X-Google-Smtp-Source: APXvYqx/x0xHc8POOIIbxu2FSvXVEMRCwJ9M3VJb/ZbRGw84JWmDZyakiF6zCo4IijH+AfuGhEiE X-Received: by 2002:a50:918d:: with SMTP id g13mr34532191eda.64.1570549214094; Tue, 08 Oct 2019 08:40:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570549214; cv=none; d=google.com; s=arc-20160816; b=tgcFBS7NN8Pk7PbJH0QEJ9s75bhon4wRgKVW/90zyB3r5Gcs8KPschomt/2AUE+0fa jB9c0yUH8rVJInnEn8CEl3Qq60lXQPxYeR3A2a+kS7jPMqueixt4CRkieujqXVAPPYva b0XndzdspsKtjV0N4NZg7EOlsYCtlYqfr8Aduoqs6q775Lwg0EaB1RSUzxz3N7NXcpIi Q3fzsHU+RSq0lfxRDsYWLAxIRjCNWrXT6FtcIyKUAoj0IRWy1tfVFG0PewslGXA6zcFp aLLhwetqba4nxiWsg+RQ50sO4iV1fBWVtVNgqGrHQrocrpxSrRDhZLxTclXKKFEOGZaZ IYxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=j2vH7NxScJDJcgais+WV+dY6yPF0+trUdQf6sN03YYQ=; b=DTTPSk/RvsBtXnBdplW5rKIxf8TwiDv7zkj/GEFhsyOkI0JVP3Pg5zPEhjdUi/5uId NM1TzLpVEhnj5v6EHVdnqmjv75uejEkth9ON2kuo5zurPJeYI0/K7whhGScdFMSHROOi NzWYcF859n2E3OkEVJgwGZKL8i/qD6aJl+j5h4d2Z9bEVnaCdxZnKofrsj6WqfwyoT8o ovaDtxGMQM0CYHi3/yUwFf9j4jfRhDng510h9vJ7eXLJjkk2boqx6KaNibFM5TzX9lqV 6UI0VZt76XZIJml2sBpxr90fy8+wlNrJrxJkCHOmkrfhtZLXun9KEzMGbQLI5z3DupKt 4lJg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=akoxP6v6; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l6si10919464edc.67.2019.10.08.08.40.13; Tue, 08 Oct 2019 08:40:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=akoxP6v6; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728081AbfJHPkM (ORCPT + 13 others); Tue, 8 Oct 2019 11:40:12 -0400 Received: from mail-wr1-f66.google.com ([209.85.221.66]:38411 "EHLO mail-wr1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726057AbfJHPkM (ORCPT ); Tue, 8 Oct 2019 11:40:12 -0400 Received: by mail-wr1-f66.google.com with SMTP id w12so19987870wro.5 for ; Tue, 08 Oct 2019 08:40:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=j2vH7NxScJDJcgais+WV+dY6yPF0+trUdQf6sN03YYQ=; b=akoxP6v69U5JfF0hRfeGvOgkbYBnvBnftCVcuLFKkqbcShNQh3iuI2xHPyxEFI/4dh hVLOvqh+6QQmFbxJt/xejTD0xZJL2GWkjSob7waLjyJM3tY2DKAlknToUy6kQx/O7sNq 0wis12WTbE/cWUw0feNsYsVYFn+n5pjD9oVS+F7a668Snl5xD2VrV7u86Z6+uScS58S5 cw214xAEnWTsvdeVaPwtoRrCZw5GBzOELBSVN1U6jEOyK0hZqPpJZkQk0yFerouRQ008 RMhbE4UKPqP8RXPjoMn7mO1nfo0Wdodsd+NwRY32Uf88u2hn3ZfDlgTDU7cQwohDfmXB pnmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=j2vH7NxScJDJcgais+WV+dY6yPF0+trUdQf6sN03YYQ=; b=fVDfYVJg25UVxO4g2RgiWFimPwxQaWO/w65y0jIjNszVSIRGltLiL/j0mNErmoXfnw zpF0B1rXcayMsefNf/8TDnSJNnwudfEpxelFqVOq6PHVQd9Ojw4wC5fi87dTrllUwroe 4Eu0p5azEP/NyJFI+rFK60R1oRiUkaWwhHRoeetMiMTDYR52Ut0tigbK6ns+GFi1wgD+ 5L5926SLzkEGoliKIn3sqSSG659MVeZaWNqzByM6LvuTDAAGjphfnnHRJSwRZnfSoRUh S+KZZcNTocxSeRy4wbxGWeSGSGrVeLvfuK0KwphopjFKhCmB3XrfOFil6JL/tEy3U1la YZYQ== X-Gm-Message-State: APjAAAXEZDkEQO2NfKYqCYi+qN8aP1lLKfY07zXcPb9i26IXmkWIVcWc JuXI3c3CERx/trqr2WVO8e5iPg== X-Received: by 2002:adf:f104:: with SMTP id r4mr7815003wro.128.1570549209430; Tue, 08 Oct 2019 08:40:09 -0700 (PDT) Received: from localhost.localdomain (laubervilliers-657-1-83-120.w92-154.abo.wanadoo.fr. [92.154.90.120]) by smtp.gmail.com with ESMTPSA id x16sm16784723wrl.32.2019.10.08.08.40.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Oct 2019 08:40:08 -0700 (PDT) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: stable@vger.kernel.org, Will Deacon , Suzuki K Poulose , Catalin Marinas , Ard Biesheuvel Subject: [PATCH for-stable-v4.19 01/16] arm64: cpufeature: Detect SSBS and advertise to userspace Date: Tue, 8 Oct 2019 17:39:15 +0200 Message-Id: <20191008153930.15386-2-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191008153930.15386-1-ard.biesheuvel@linaro.org> References: <20191008153930.15386-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon [ Upstream commit d71be2b6c0e19180b5f80a6d42039cc074a693a2 ] Armv8.5 introduces a new PSTATE bit known as Speculative Store Bypass Safe (SSBS) which can be used as a mitigation against Spectre variant 4. Additionally, a CPU may provide instructions to manipulate PSTATE.SSBS directly, so that userspace can toggle the SSBS control without trapping to the kernel. This patch probes for the existence of SSBS and advertise the new instructions to userspace if they exist. Reviewed-by: Suzuki K Poulose Signed-off-by: Will Deacon Signed-off-by: Catalin Marinas Signed-off-by: Ard Biesheuvel --- arch/arm64/include/asm/cpucaps.h | 3 ++- arch/arm64/include/asm/sysreg.h | 16 ++++++++++++---- arch/arm64/include/uapi/asm/hwcap.h | 1 + arch/arm64/kernel/cpufeature.c | 19 +++++++++++++++++-- arch/arm64/kernel/cpuinfo.c | 1 + 5 files changed, 33 insertions(+), 7 deletions(-) -- 2.20.1 diff --git a/arch/arm64/include/asm/cpucaps.h b/arch/arm64/include/asm/cpucaps.h index 25ce9056cf64..c3de0bbf0e9a 100644 --- a/arch/arm64/include/asm/cpucaps.h +++ b/arch/arm64/include/asm/cpucaps.h @@ -52,7 +52,8 @@ #define ARM64_MISMATCHED_CACHE_TYPE 31 #define ARM64_HAS_STAGE2_FWB 32 #define ARM64_WORKAROUND_1463225 33 +#define ARM64_SSBS 34 -#define ARM64_NCAPS 34 +#define ARM64_NCAPS 35 #endif /* __ASM_CPUCAPS_H */ diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h index c1470931b897..2fc6242baf11 100644 --- a/arch/arm64/include/asm/sysreg.h +++ b/arch/arm64/include/asm/sysreg.h @@ -419,6 +419,7 @@ #define SYS_ICH_LR15_EL2 __SYS__LR8_EL2(7) /* Common SCTLR_ELx flags. */ +#define SCTLR_ELx_DSSBS (1UL << 44) #define SCTLR_ELx_EE (1 << 25) #define SCTLR_ELx_IESB (1 << 21) #define SCTLR_ELx_WXN (1 << 19) @@ -439,7 +440,7 @@ (1 << 10) | (1 << 13) | (1 << 14) | (1 << 15) | \ (1 << 17) | (1 << 20) | (1 << 24) | (1 << 26) | \ (1 << 27) | (1 << 30) | (1 << 31) | \ - (0xffffffffUL << 32)) + (0xffffefffUL << 32)) #ifdef CONFIG_CPU_BIG_ENDIAN #define ENDIAN_SET_EL2 SCTLR_ELx_EE @@ -453,7 +454,7 @@ #define SCTLR_EL2_SET (SCTLR_ELx_IESB | ENDIAN_SET_EL2 | SCTLR_EL2_RES1) #define SCTLR_EL2_CLEAR (SCTLR_ELx_M | SCTLR_ELx_A | SCTLR_ELx_C | \ SCTLR_ELx_SA | SCTLR_ELx_I | SCTLR_ELx_WXN | \ - ENDIAN_CLEAR_EL2 | SCTLR_EL2_RES0) + SCTLR_ELx_DSSBS | ENDIAN_CLEAR_EL2 | SCTLR_EL2_RES0) #if (SCTLR_EL2_SET ^ SCTLR_EL2_CLEAR) != 0xffffffffffffffff #error "Inconsistent SCTLR_EL2 set/clear bits" @@ -477,7 +478,7 @@ (1 << 29)) #define SCTLR_EL1_RES0 ((1 << 6) | (1 << 10) | (1 << 13) | (1 << 17) | \ (1 << 27) | (1 << 30) | (1 << 31) | \ - (0xffffffffUL << 32)) + (0xffffefffUL << 32)) #ifdef CONFIG_CPU_BIG_ENDIAN #define ENDIAN_SET_EL1 (SCTLR_EL1_E0E | SCTLR_ELx_EE) @@ -494,7 +495,7 @@ ENDIAN_SET_EL1 | SCTLR_EL1_UCI | SCTLR_EL1_RES1) #define SCTLR_EL1_CLEAR (SCTLR_ELx_A | SCTLR_EL1_CP15BEN | SCTLR_EL1_ITD |\ SCTLR_EL1_UMA | SCTLR_ELx_WXN | ENDIAN_CLEAR_EL1 |\ - SCTLR_EL1_RES0) + SCTLR_ELx_DSSBS | SCTLR_EL1_RES0) #if (SCTLR_EL1_SET ^ SCTLR_EL1_CLEAR) != 0xffffffffffffffff #error "Inconsistent SCTLR_EL1 set/clear bits" @@ -544,6 +545,13 @@ #define ID_AA64PFR0_EL0_64BIT_ONLY 0x1 #define ID_AA64PFR0_EL0_32BIT_64BIT 0x2 +/* id_aa64pfr1 */ +#define ID_AA64PFR1_SSBS_SHIFT 4 + +#define ID_AA64PFR1_SSBS_PSTATE_NI 0 +#define ID_AA64PFR1_SSBS_PSTATE_ONLY 1 +#define ID_AA64PFR1_SSBS_PSTATE_INSNS 2 + /* id_aa64mmfr0 */ #define ID_AA64MMFR0_TGRAN4_SHIFT 28 #define ID_AA64MMFR0_TGRAN64_SHIFT 24 diff --git a/arch/arm64/include/uapi/asm/hwcap.h b/arch/arm64/include/uapi/asm/hwcap.h index 17c65c8f33cb..2bcd6e4f3474 100644 --- a/arch/arm64/include/uapi/asm/hwcap.h +++ b/arch/arm64/include/uapi/asm/hwcap.h @@ -48,5 +48,6 @@ #define HWCAP_USCAT (1 << 25) #define HWCAP_ILRCPC (1 << 26) #define HWCAP_FLAGM (1 << 27) +#define HWCAP_SSBS (1 << 28) #endif /* _UAPI__ASM_HWCAP_H */ diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index a897efdb3ddd..d7552bbdf963 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -164,6 +164,11 @@ static const struct arm64_ftr_bits ftr_id_aa64pfr0[] = { ARM64_FTR_END, }; +static const struct arm64_ftr_bits ftr_id_aa64pfr1[] = { + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_SSBS_SHIFT, 4, ID_AA64PFR1_SSBS_PSTATE_NI), + ARM64_FTR_END, +}; + static const struct arm64_ftr_bits ftr_id_aa64mmfr0[] = { /* * We already refuse to boot CPUs that don't support our configured @@ -379,7 +384,7 @@ static const struct __ftr_reg_entry { /* Op1 = 0, CRn = 0, CRm = 4 */ ARM64_FTR_REG(SYS_ID_AA64PFR0_EL1, ftr_id_aa64pfr0), - ARM64_FTR_REG(SYS_ID_AA64PFR1_EL1, ftr_raz), + ARM64_FTR_REG(SYS_ID_AA64PFR1_EL1, ftr_id_aa64pfr1), ARM64_FTR_REG(SYS_ID_AA64ZFR0_EL1, ftr_raz), /* Op1 = 0, CRn = 0, CRm = 5 */ @@ -669,7 +674,6 @@ void update_cpu_features(int cpu, /* * EL3 is not our concern. - * ID_AA64PFR1 is currently RES0. */ taint |= check_update_ftr_reg(SYS_ID_AA64PFR0_EL1, cpu, info->reg_id_aa64pfr0, boot->reg_id_aa64pfr0); @@ -1254,6 +1258,16 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .cpu_enable = cpu_enable_hw_dbm, }, #endif + { + .desc = "Speculative Store Bypassing Safe (SSBS)", + .capability = ARM64_SSBS, + .type = ARM64_CPUCAP_WEAK_LOCAL_CPU_FEATURE, + .matches = has_cpuid_feature, + .sys_reg = SYS_ID_AA64PFR1_EL1, + .field_pos = ID_AA64PFR1_SSBS_SHIFT, + .sign = FTR_UNSIGNED, + .min_field_value = ID_AA64PFR1_SSBS_PSTATE_ONLY, + }, {}, }; @@ -1299,6 +1313,7 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { #ifdef CONFIG_ARM64_SVE HWCAP_CAP(SYS_ID_AA64PFR0_EL1, ID_AA64PFR0_SVE_SHIFT, FTR_UNSIGNED, ID_AA64PFR0_SVE, CAP_HWCAP, HWCAP_SVE), #endif + HWCAP_CAP(SYS_ID_AA64PFR1_EL1, ID_AA64PFR1_SSBS_SHIFT, FTR_UNSIGNED, ID_AA64PFR1_SSBS_PSTATE_INSNS, CAP_HWCAP, HWCAP_SSBS), {}, }; diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c index e9ab7b3ed317..dce971f2c167 100644 --- a/arch/arm64/kernel/cpuinfo.c +++ b/arch/arm64/kernel/cpuinfo.c @@ -81,6 +81,7 @@ static const char *const hwcap_str[] = { "uscat", "ilrcpc", "flagm", + "ssbs", NULL }; From patchwork Tue Oct 8 15:39:16 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 175502 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp5864263ill; Tue, 8 Oct 2019 08:40:15 -0700 (PDT) X-Google-Smtp-Source: APXvYqxS3Y7ylypDDGh6IazMuOrp8V05+rCihpwEhrZtk4gJ1aoKONdByuLnTcHXKUTuQAAtzscE X-Received: by 2002:a50:8a21:: with SMTP id i30mr33962512edi.229.1570549215033; Tue, 08 Oct 2019 08:40:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570549215; cv=none; d=google.com; s=arc-20160816; b=wN2Jjd3VyJIQdrPec5FS4tAVSA1sVtlh6+AlpmhOCOupZ5QQh5kZeCZpNSOB0J89R7 fPpZMTUnnN9KTDX/TVFChkzSw8TJVsqxeNa5J+Vd6+EOkhhrY9EcU2M/DsHYCkKovOuA p0x0nEnemkkdS65S48Yr25kgSNvj7NFC3U7S3UIdbO8icu/mFZuImOmP+/VUL9Y216EE +spbQP3brVVTFJEqxytRz4MvBtojSB1mxC+Ua8b54ixjD1z0hFVbCGeCw4+umIp3LZT6 G4zkGn5ObRJnbOtdSejt6+Wj/beDbY/bkI9LinXzhBULYSboyhCPWK78OoHAiZvE3YPi XM5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=vlkvgAe6OU2SyP/lheTB8VxvmIpD5b5cXJef0MiMX6o=; b=sBq3obsTH5CtZIoF2+U8pBi4U0lwPLMGGEk89f6nAEQEk5I4n3bYHGQr1UuF+go5g0 pzBcH3cFXNplgxs4NC+K16mq4JDhx/8Ee4EFS4DFDEV49b6asMGB2hby3sFMAQoZGsTb 9QI026Tm2zm9QC0477cSxhWSiRiDJUnAznwW1WMHXvbTeol/hEBOBOL/KHunkeqv941m 0UDe2QxuhlL54pRWfwZffDIwCModPDMbeswWrFFX2cznZrGFQNKBtfzgpHapDDE656/g UU0vGAIWzOl7u+wl6nbGbaBoE23cS+ARSN4JcJo97kQLxhOMKxsqzpLObjzqkVE6qEdB 9BrQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=zpvFE5a2; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l6si10919464edc.67.2019.10.08.08.40.14; Tue, 08 Oct 2019 08:40:15 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=zpvFE5a2; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725908AbfJHPkO (ORCPT + 13 others); Tue, 8 Oct 2019 11:40:14 -0400 Received: from mail-wm1-f65.google.com ([209.85.128.65]:36550 "EHLO mail-wm1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725966AbfJHPkO (ORCPT ); Tue, 8 Oct 2019 11:40:14 -0400 Received: by mail-wm1-f65.google.com with SMTP id m18so3632917wmc.1 for ; Tue, 08 Oct 2019 08:40:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=vlkvgAe6OU2SyP/lheTB8VxvmIpD5b5cXJef0MiMX6o=; b=zpvFE5a2NFSDbMYsqOpKPMN35GbqVUTCAraS8sL5Uq/qf0d0Qt4mupK+Hy8Yrh1qAK +V+9nWWbSsGn2fFn5rizGP86Uryprd1JO0lrwYTW/M3/V4uUx5NkjSqxJLXzp6y9PpdR m/2G5hNtKlmR52nJ4fu80wISO15saJ4Zf9GrYhgXvZJ3Fhnbwjzzj3fgEUn7+QC2RJrE bFsM9QFX6qVqOduiL1fphIisJEgmB02S74Z3GtEdSBO3UFoAcIeEy2gAYNHG3+lT5UZf WMI6hEZkYeFscgMPCjOsE02XtWT7CEgyHvXwfOPGlvBwElDQF6zWXXpYtBOf5sjsSt3x Ceug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=vlkvgAe6OU2SyP/lheTB8VxvmIpD5b5cXJef0MiMX6o=; b=YwcJKgAbSBaauWw5D+LjdGNiWzw+Q7iEPeX09IJAUIsVQT1ofc0tkOawFWECVDrClR vuu5ih5OSn+wzWn5wT/4TUhkwnDjbPH0ylbVoRwW8N2aYan9kArQUWcUc/7B/VFw2wmq vHK9PuhQ19e6+pZxh8dxSSIy9fbMFPvDdjFNv4HTBceb5vrVDveX7JcYmMelzboEarDA W0Mw85Q0/xvlLUjKiv9bcDw+lPxZ1p0ybtSziwfdcnq8j47gCYe6NqH0LaGCu/TaIimJ LYiNsqYY4NpfOUjucwW1z0l99AopFV0FLlFYFHLDfDZ2mQWKJixH7FJrrI4x40E0mP0O ypvQ== X-Gm-Message-State: APjAAAX6CL4AFL/HgPz92+LABQnTnp6JcT9xi8NRWIj3S5nEEcjKzbA/ G+PivNmgTjK5FhnXaPHFRso0Tw== X-Received: by 2002:a1c:7902:: with SMTP id l2mr4278694wme.55.1570549210703; Tue, 08 Oct 2019 08:40:10 -0700 (PDT) Received: from localhost.localdomain (laubervilliers-657-1-83-120.w92-154.abo.wanadoo.fr. [92.154.90.120]) by smtp.gmail.com with ESMTPSA id x16sm16784723wrl.32.2019.10.08.08.40.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Oct 2019 08:40:09 -0700 (PDT) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: stable@vger.kernel.org, Will Deacon , Catalin Marinas , Ard Biesheuvel Subject: [PATCH for-stable-v4.19 02/16] arm64: ssbd: Add support for PSTATE.SSBS rather than trapping to EL3 Date: Tue, 8 Oct 2019 17:39:16 +0200 Message-Id: <20191008153930.15386-3-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191008153930.15386-1-ard.biesheuvel@linaro.org> References: <20191008153930.15386-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon [ Upstream commit 8f04e8e6e29c93421a95b61cad62e3918425eac7 ] On CPUs with support for PSTATE.SSBS, the kernel can toggle the SSBD state without needing to call into firmware. This patch hooks into the existing SSBD infrastructure so that SSBS is used on CPUs that support it, but it's all made horribly complicated by the very real possibility of big/little systems that don't uniformly provide the new capability. Signed-off-by: Will Deacon Signed-off-by: Catalin Marinas Signed-off-by: Ard Biesheuvel --- arch/arm64/include/asm/processor.h | 7 +++ arch/arm64/include/asm/ptrace.h | 1 + arch/arm64/include/asm/sysreg.h | 3 ++ arch/arm64/include/uapi/asm/ptrace.h | 1 + arch/arm64/kernel/cpu_errata.c | 26 ++++++++++- arch/arm64/kernel/cpufeature.c | 45 ++++++++++++++++++++ arch/arm64/kernel/process.c | 4 ++ arch/arm64/kernel/ssbd.c | 21 +++++++++ 8 files changed, 106 insertions(+), 2 deletions(-) -- 2.20.1 diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h index def5a5e807f0..ad208bd402f7 100644 --- a/arch/arm64/include/asm/processor.h +++ b/arch/arm64/include/asm/processor.h @@ -182,6 +182,10 @@ static inline void start_thread(struct pt_regs *regs, unsigned long pc, { start_thread_common(regs, pc); regs->pstate = PSR_MODE_EL0t; + + if (arm64_get_ssbd_state() != ARM64_SSBD_FORCE_ENABLE) + regs->pstate |= PSR_SSBS_BIT; + regs->sp = sp; } @@ -198,6 +202,9 @@ static inline void compat_start_thread(struct pt_regs *regs, unsigned long pc, regs->pstate |= PSR_AA32_E_BIT; #endif + if (arm64_get_ssbd_state() != ARM64_SSBD_FORCE_ENABLE) + regs->pstate |= PSR_AA32_SSBS_BIT; + regs->compat_sp = sp; } #endif diff --git a/arch/arm64/include/asm/ptrace.h b/arch/arm64/include/asm/ptrace.h index 177b851ca6d9..6bc43889d11e 100644 --- a/arch/arm64/include/asm/ptrace.h +++ b/arch/arm64/include/asm/ptrace.h @@ -50,6 +50,7 @@ #define PSR_AA32_I_BIT 0x00000080 #define PSR_AA32_A_BIT 0x00000100 #define PSR_AA32_E_BIT 0x00000200 +#define PSR_AA32_SSBS_BIT 0x00800000 #define PSR_AA32_DIT_BIT 0x01000000 #define PSR_AA32_Q_BIT 0x08000000 #define PSR_AA32_V_BIT 0x10000000 diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h index 2fc6242baf11..3091ae5975a3 100644 --- a/arch/arm64/include/asm/sysreg.h +++ b/arch/arm64/include/asm/sysreg.h @@ -86,11 +86,14 @@ #define REG_PSTATE_PAN_IMM sys_reg(0, 0, 4, 0, 4) #define REG_PSTATE_UAO_IMM sys_reg(0, 0, 4, 0, 3) +#define REG_PSTATE_SSBS_IMM sys_reg(0, 3, 4, 0, 1) #define SET_PSTATE_PAN(x) __emit_inst(0xd5000000 | REG_PSTATE_PAN_IMM | \ (!!x)<<8 | 0x1f) #define SET_PSTATE_UAO(x) __emit_inst(0xd5000000 | REG_PSTATE_UAO_IMM | \ (!!x)<<8 | 0x1f) +#define SET_PSTATE_SSBS(x) __emit_inst(0xd5000000 | REG_PSTATE_SSBS_IMM | \ + (!!x)<<8 | 0x1f) #define SYS_DC_ISW sys_insn(1, 0, 7, 6, 2) #define SYS_DC_CSW sys_insn(1, 0, 7, 10, 2) diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h index 5dff8eccd17d..b0fd1d300154 100644 --- a/arch/arm64/include/uapi/asm/ptrace.h +++ b/arch/arm64/include/uapi/asm/ptrace.h @@ -46,6 +46,7 @@ #define PSR_I_BIT 0x00000080 #define PSR_A_BIT 0x00000100 #define PSR_D_BIT 0x00000200 +#define PSR_SSBS_BIT 0x00001000 #define PSR_PAN_BIT 0x00400000 #define PSR_UAO_BIT 0x00800000 #define PSR_V_BIT 0x10000000 diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index dc6c535cbd13..7fe3a60d1086 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -312,6 +312,14 @@ void __init arm64_enable_wa2_handling(struct alt_instr *alt, void arm64_set_ssbd_mitigation(bool state) { + if (this_cpu_has_cap(ARM64_SSBS)) { + if (state) + asm volatile(SET_PSTATE_SSBS(0)); + else + asm volatile(SET_PSTATE_SSBS(1)); + return; + } + switch (psci_ops.conduit) { case PSCI_CONDUIT_HVC: arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_WORKAROUND_2, state, NULL); @@ -336,6 +344,11 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible()); + if (this_cpu_has_cap(ARM64_SSBS)) { + required = false; + goto out_printmsg; + } + if (psci_ops.smccc_version == SMCCC_VERSION_1_0) { ssbd_state = ARM64_SSBD_UNKNOWN; return false; @@ -384,7 +397,6 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, switch (ssbd_state) { case ARM64_SSBD_FORCE_DISABLE: - pr_info_once("%s disabled from command-line\n", entry->desc); arm64_set_ssbd_mitigation(false); required = false; break; @@ -397,7 +409,6 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, break; case ARM64_SSBD_FORCE_ENABLE: - pr_info_once("%s forced from command-line\n", entry->desc); arm64_set_ssbd_mitigation(true); required = true; break; @@ -407,6 +418,17 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, break; } +out_printmsg: + switch (ssbd_state) { + case ARM64_SSBD_FORCE_DISABLE: + pr_info_once("%s disabled from command-line\n", entry->desc); + break; + + case ARM64_SSBD_FORCE_ENABLE: + pr_info_once("%s forced from command-line\n", entry->desc); + break; + } + return required; } #endif /* CONFIG_ARM64_SSBD */ diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index d7552bbdf963..9c756a1657aa 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -1071,6 +1071,48 @@ static void cpu_has_fwb(const struct arm64_cpu_capabilities *__unused) WARN_ON(val & (7 << 27 | 7 << 21)); } +#ifdef CONFIG_ARM64_SSBD +static int ssbs_emulation_handler(struct pt_regs *regs, u32 instr) +{ + if (user_mode(regs)) + return 1; + + if (instr & BIT(CRm_shift)) + regs->pstate |= PSR_SSBS_BIT; + else + regs->pstate &= ~PSR_SSBS_BIT; + + arm64_skip_faulting_instruction(regs, 4); + return 0; +} + +static struct undef_hook ssbs_emulation_hook = { + .instr_mask = ~(1U << CRm_shift), + .instr_val = 0xd500001f | REG_PSTATE_SSBS_IMM, + .fn = ssbs_emulation_handler, +}; + +static void cpu_enable_ssbs(const struct arm64_cpu_capabilities *__unused) +{ + static bool undef_hook_registered = false; + static DEFINE_SPINLOCK(hook_lock); + + spin_lock(&hook_lock); + if (!undef_hook_registered) { + register_undef_hook(&ssbs_emulation_hook); + undef_hook_registered = true; + } + spin_unlock(&hook_lock); + + if (arm64_get_ssbd_state() == ARM64_SSBD_FORCE_DISABLE) { + sysreg_clear_set(sctlr_el1, 0, SCTLR_ELx_DSSBS); + arm64_set_ssbd_mitigation(false); + } else { + arm64_set_ssbd_mitigation(true); + } +} +#endif /* CONFIG_ARM64_SSBD */ + static const struct arm64_cpu_capabilities arm64_features[] = { { .desc = "GIC system register CPU interface", @@ -1258,6 +1300,7 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .cpu_enable = cpu_enable_hw_dbm, }, #endif +#ifdef CONFIG_ARM64_SSBD { .desc = "Speculative Store Bypassing Safe (SSBS)", .capability = ARM64_SSBS, @@ -1267,7 +1310,9 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .field_pos = ID_AA64PFR1_SSBS_SHIFT, .sign = FTR_UNSIGNED, .min_field_value = ID_AA64PFR1_SSBS_PSTATE_ONLY, + .cpu_enable = cpu_enable_ssbs, }, +#endif {}, }; diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index 7f1628effe6d..ce99c58cd1f1 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -358,6 +358,10 @@ int copy_thread(unsigned long clone_flags, unsigned long stack_start, if (IS_ENABLED(CONFIG_ARM64_UAO) && cpus_have_const_cap(ARM64_HAS_UAO)) childregs->pstate |= PSR_UAO_BIT; + + if (arm64_get_ssbd_state() == ARM64_SSBD_FORCE_DISABLE) + childregs->pstate |= PSR_SSBS_BIT; + p->thread.cpu_context.x19 = stack_start; p->thread.cpu_context.x20 = stk_sz; } diff --git a/arch/arm64/kernel/ssbd.c b/arch/arm64/kernel/ssbd.c index 388f8fc13080..f496fb2f7122 100644 --- a/arch/arm64/kernel/ssbd.c +++ b/arch/arm64/kernel/ssbd.c @@ -3,13 +3,31 @@ * Copyright (C) 2018 ARM Ltd, All Rights Reserved. */ +#include #include #include #include +#include #include #include +static void ssbd_ssbs_enable(struct task_struct *task) +{ + u64 val = is_compat_thread(task_thread_info(task)) ? + PSR_AA32_SSBS_BIT : PSR_SSBS_BIT; + + task_pt_regs(task)->pstate |= val; +} + +static void ssbd_ssbs_disable(struct task_struct *task) +{ + u64 val = is_compat_thread(task_thread_info(task)) ? + PSR_AA32_SSBS_BIT : PSR_SSBS_BIT; + + task_pt_regs(task)->pstate &= ~val; +} + /* * prctl interface for SSBD * FIXME: Drop the below ifdefery once merged in 4.18. @@ -47,12 +65,14 @@ static int ssbd_prctl_set(struct task_struct *task, unsigned long ctrl) return -EPERM; task_clear_spec_ssb_disable(task); clear_tsk_thread_flag(task, TIF_SSBD); + ssbd_ssbs_enable(task); break; case PR_SPEC_DISABLE: if (state == ARM64_SSBD_FORCE_DISABLE) return -EPERM; task_set_spec_ssb_disable(task); set_tsk_thread_flag(task, TIF_SSBD); + ssbd_ssbs_disable(task); break; case PR_SPEC_FORCE_DISABLE: if (state == ARM64_SSBD_FORCE_DISABLE) @@ -60,6 +80,7 @@ static int ssbd_prctl_set(struct task_struct *task, unsigned long ctrl) task_set_spec_ssb_disable(task); task_set_spec_ssb_force_disable(task); set_tsk_thread_flag(task, TIF_SSBD); + ssbd_ssbs_disable(task); break; default: return -ERANGE; From patchwork Tue Oct 8 15:39:17 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 175503 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp5864267ill; Tue, 8 Oct 2019 08:40:15 -0700 (PDT) X-Google-Smtp-Source: APXvYqxRF5FcVZvBN7fxR5rcT9JiWvh12M7HVZPJNN8y8YWAryrEC0lkQJGK5MHWANMHTXmmwSGJ X-Received: by 2002:a17:906:ecb6:: with SMTP id qh22mr29082531ejb.114.1570549215426; Tue, 08 Oct 2019 08:40:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570549215; cv=none; d=google.com; s=arc-20160816; b=ArHAS+2q6QUfA4pwZY3StXbER5dxVP7Y4B61cz4agJpEKynBtb5WoadJ1W3RuV359Y JFx3XXXqjlqzeFsaQBSHItEJk/NvbDB2qObpj40bPr69dkAGjx9Fe19lv3lwiOlQTXQI d+E703vCzwOda9VXbjppYN14kQztjiIT3GKzGDBA8+b3HOe+sGOg/1QYe0eFw18ZyXZb 3qY9AWUKIg98jCRe9igvJ89KapEyZjiprHfXXdzw7TrkoFtobp6wsBItWDFRQ9mKzH3x 7Wa/5/1W8SP/m79RBJt9CZwGOa2jbr1jvWDOYArbV8R8QE0lATrbKPGsFWN5UDFrss7n yO4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=X9k/nqOLAylh00xkHgeHzZJoJeH5DmiWZVGTdUdx6Qk=; b=yy77aZUQH49iRIRQShyHMr3iHXIK7ND9uUUlETrji561JSrdmA2v0LHq2sNCOoqrDS hNNPPUmAClWyIH8i1I7s2zZvxrvwb7jVcl0R83k9lCdZZO6i83afhSdAmDRN5MkLx0g7 TSPC+t7UgaOfBuFgBgAXtQbNFY1/KLzMxGAiNv/p+FSuwq4In23C2J27uJF6wKFcX0pH NF03CHzovKrwwyM+7Bt8Y4gzcTTdaj0gn+zQRx6s5e6XoEQY4ORhwVyXjw7RWXJFFtjP +lrbiKBNaWciu4/uGkaGGpZuqyOCqf8JUgZ/YCLuYoYEwCsfR2mEPPuIOetED1VnJ31Z BrsQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=PZx2hAK0; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l6si10919464edc.67.2019.10.08.08.40.15; Tue, 08 Oct 2019 08:40:15 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=PZx2hAK0; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725966AbfJHPkO (ORCPT + 13 others); Tue, 8 Oct 2019 11:40:14 -0400 Received: from mail-wm1-f66.google.com ([209.85.128.66]:51278 "EHLO mail-wm1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728071AbfJHPkO (ORCPT ); Tue, 8 Oct 2019 11:40:14 -0400 Received: by mail-wm1-f66.google.com with SMTP id 7so3708092wme.1 for ; Tue, 08 Oct 2019 08:40:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=X9k/nqOLAylh00xkHgeHzZJoJeH5DmiWZVGTdUdx6Qk=; b=PZx2hAK0dMyPpXJk37fFKZsntkGJ+X7KJ/3wlIDhuhXMHoTHJOtmAWTPOYOx0ZrsQn F7ULkpC6+VKFX5O0jisCvPKSQ1YXeOGOZ0Srx1BZxajfM0W2Rh9uOG/FxDqz9J5Ejaxk QNpo2SF2pfz0xrFQeYRAya4EpRkvO/8ptWDMkZ4oJ+Iy4vjyDxqijIF1vK5KCgpO9hMj G5O5aAbtoNeLQMUC/p0/bdd5Ku+9OWyBllf67hEsZuIz28hqV+203WEcR+ek6Xy7HQVM R/BlGHMa1YTwBTwgH4NFLgp15KrM0wUSa3vnNQX5w9wGx4sFcOyim5WqQ4G3xvpfgiT/ zXow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=X9k/nqOLAylh00xkHgeHzZJoJeH5DmiWZVGTdUdx6Qk=; b=hEyOn71gJkfbh0M11TAtT0Pse0K1sI0zDOQXmXWqQDiheSrwXYPooKlPt41DmMn4O2 1QPhyxiNaakJxvpSF2i5py4Ib4aYwmCAvkZn/vSH5xK+PjbRjrn/7o0iyR5/QBY5jGFr JDgdK40C8tW7QpNcODCehIaTAmGzEoVvX9xqHXC8zY3mXJnwVq9n4tOOyVR/rQ4PXEGE AujZiL46mUZrzaF7zyGHraFypu7W30i4fT6HPSpl6dE7elRFC+r6j09/TB1ecVRxdTGf p+xgCAQ7/XpJUT2x5eau+abJRYZk/VkFvNXrzyllbYSbhgueVP6XLYV99gwNJMY5cuI9 dsEw== X-Gm-Message-State: APjAAAV8nbLFuiDY9IZB7Hg2zKJlO6AbhU8ao7SScld8MLFd79nVFZ1a S9tSzGw2Pti4MgS+ao5NV/BqgT5+csmHgw== X-Received: by 2002:a1c:ed02:: with SMTP id l2mr4173987wmh.155.1570549211982; Tue, 08 Oct 2019 08:40:11 -0700 (PDT) Received: from localhost.localdomain (laubervilliers-657-1-83-120.w92-154.abo.wanadoo.fr. [92.154.90.120]) by smtp.gmail.com with ESMTPSA id x16sm16784723wrl.32.2019.10.08.08.40.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Oct 2019 08:40:10 -0700 (PDT) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: stable@vger.kernel.org, Will Deacon , Christoffer Dall , Catalin Marinas , Ard Biesheuvel Subject: [PATCH for-stable-v4.19 03/16] KVM: arm64: Set SCTLR_EL2.DSSBS if SSBD is forcefully disabled and !vhe Date: Tue, 8 Oct 2019 17:39:17 +0200 Message-Id: <20191008153930.15386-4-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191008153930.15386-1-ard.biesheuvel@linaro.org> References: <20191008153930.15386-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon [ Upstream commit 7c36447ae5a090729e7b129f24705bb231a07e0b ] When running without VHE, it is necessary to set SCTLR_EL2.DSSBS if SSBD has been forcefully disabled on the kernel command-line. Acked-by: Christoffer Dall Signed-off-by: Will Deacon Signed-off-by: Catalin Marinas Signed-off-by: Ard Biesheuvel --- arch/arm64/include/asm/kvm_host.h | 11 +++++++++++ arch/arm64/kvm/hyp/sysreg-sr.c | 11 +++++++++++ 2 files changed, 22 insertions(+) -- 2.20.1 diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index 6abe4002945f..367b2e0b6d76 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -398,6 +398,8 @@ struct kvm_vcpu *kvm_mpidr_to_vcpu(struct kvm *kvm, unsigned long mpidr); DECLARE_PER_CPU(kvm_cpu_context_t, kvm_host_cpu_state); +void __kvm_enable_ssbs(void); + static inline void __cpu_init_hyp_mode(phys_addr_t pgd_ptr, unsigned long hyp_stack_ptr, unsigned long vector_ptr) @@ -418,6 +420,15 @@ static inline void __cpu_init_hyp_mode(phys_addr_t pgd_ptr, */ BUG_ON(!static_branch_likely(&arm64_const_caps_ready)); __kvm_call_hyp((void *)pgd_ptr, hyp_stack_ptr, vector_ptr, tpidr_el2); + + /* + * Disabling SSBD on a non-VHE system requires us to enable SSBS + * at EL2. + */ + if (!has_vhe() && this_cpu_has_cap(ARM64_SSBS) && + arm64_get_ssbd_state() == ARM64_SSBD_FORCE_DISABLE) { + kvm_call_hyp(__kvm_enable_ssbs); + } } static inline bool kvm_arch_check_sve_has_vhe(void) diff --git a/arch/arm64/kvm/hyp/sysreg-sr.c b/arch/arm64/kvm/hyp/sysreg-sr.c index 963d669ae3a2..7414b76191c2 100644 --- a/arch/arm64/kvm/hyp/sysreg-sr.c +++ b/arch/arm64/kvm/hyp/sysreg-sr.c @@ -293,3 +293,14 @@ void kvm_vcpu_put_sysregs(struct kvm_vcpu *vcpu) vcpu->arch.sysregs_loaded_on_cpu = false; } + +void __hyp_text __kvm_enable_ssbs(void) +{ + u64 tmp; + + asm volatile( + "mrs %0, sctlr_el2\n" + "orr %0, %0, %1\n" + "msr sctlr_el2, %0" + : "=&r" (tmp) : "L" (SCTLR_ELx_DSSBS)); +} From patchwork Tue Oct 8 15:39:18 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 175514 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp5866622ill; Tue, 8 Oct 2019 08:42:18 -0700 (PDT) X-Google-Smtp-Source: APXvYqzphBQASgw2hPDv6PSjIh1xe20vjgyVC6k9DvlHKjKYDeHnrfkQB2RgN/SXwaG5JSQBl+ay X-Received: by 2002:a05:6402:1251:: with SMTP id l17mr34718231edw.270.1570549216506; Tue, 08 Oct 2019 08:40:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570549216; cv=none; d=google.com; s=arc-20160816; b=fkXA/AAc0UNRRrrc8VK3sKiEl1M3p5iywhYZL0wOpt2oZSaeLGY32xsaAJzJSfRpqw aGPrKqSrbgQdbrnC4aZB69qcd2IwdSdmlrhbvQ036D0QJlo0EObBE5xf8Iel2vYiIv0h K3G+1gMGtYoXIPMqVEyB4V2rY5JCLkTtPEtK8aMqUAuqD+yB/ula8UeAyIla9/UsqSC3 7mbn07sU+ykxd4LbqqjAw6V2LM/CKiarq9YVg/5pK63HxRTcrO87Jl8DUCYWkKbHR9rz TjOa4EA/zhecyUAODYKaCPctTm2z0OXC9pGDca7BwG166h6Q35JccIR3/SRiolkfwkcj ejLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=DZ75OeBMeoZr9SzaWQDvyxO7uuvtCYY2aDYU12NSuuI=; b=Cy54a7Ne2+ur00g0wJzy+Vn5fPdyZ12KvgLFGP9JPDVBjYxlXoRQAD9dhgPmJFROoA CC07lcn+3Rg5AapVGNSRh4M8YWn4uPW57YTsN5wIE7QH/GXNNB/nWKu4kK2tZRvH4sKB bmNS+HIjHh06oyoONhFOIo1dgu4DA/jsHSNCdXoB2+tO47rSklvXvOSaNIYhEhplpLTO YewRsa8I9WvAPl/wiZg3v4nhuEiPMoXqZT2VRTvuf9LYr5EeXssgwMLkrwqHC/jmo1e0 XFNb+FNzk00Wqs7k9A+yK4y9XU1kQZ0vTBkVsnKkvY+B6Q5ZCq17A3kOZOcX/L0j+U/A sYpw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="B/loA8Xf"; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l6si10919464edc.67.2019.10.08.08.40.16; Tue, 08 Oct 2019 08:40:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="B/loA8Xf"; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728083AbfJHPkP (ORCPT + 13 others); Tue, 8 Oct 2019 11:40:15 -0400 Received: from mail-wr1-f67.google.com ([209.85.221.67]:38422 "EHLO mail-wr1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726057AbfJHPkP (ORCPT ); Tue, 8 Oct 2019 11:40:15 -0400 Received: by mail-wr1-f67.google.com with SMTP id w12so19988157wro.5 for ; Tue, 08 Oct 2019 08:40:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=DZ75OeBMeoZr9SzaWQDvyxO7uuvtCYY2aDYU12NSuuI=; b=B/loA8XflODrFoDoqVtUDasNehNF1bXoqm3fFdy0PiSuTTcNehEJBzYHes+gyu3kBJ EKap1MovSD5k+vZ8PMEbEY04/kKAKDkjZv2fiH+qetAyuxGemdM9VvK+wUsk66owfolS 2YBshwMSE14mZK4qwCVF0e/kEbZHNMS14q1j4NFUsS4Dmz3ecjElt+fHR1UMlu6d8Apf PGm8wY+x0Go1i7pK4EvquM1ptgJKgl80sdzzQDZ9YFjP3ZLTk0iWc7spNmtsaAV/6PhA WJFmzx98eS7PjeVy4EFeXhC63rQFbmFjw5udFfMIePBiSAWeq3+ZmPTF4GkJBsCAkpPr RYJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=DZ75OeBMeoZr9SzaWQDvyxO7uuvtCYY2aDYU12NSuuI=; b=cWITzGFtcsQuVS1eLm9+6TcnWZ2UlnXXRLwdPLNlNN1D28KHqEs2H5pDktzX6JB8Di /rnRMQqFylCKMhED92hC+1gGODt/Wvo8ZOJf6KsqolW9sogx5Jgp6qfJ25eqFYgk9rTC wxwG0Lgtvrd0b9SKVH1kuDksiqRRG5rSOvelaIKFD7na2BaznSY8C0LcBBzkONyj39xt q5kpnnqw1rK5sKFw2lWa4d1t7ElYIRNBb+Xm/8Lzbok5E3Fvnd77nTqtx+D+vkfycwgk Q0oaFZumpD+cDhGN2FLHAITlL0k+jrbdtLn1the7MuOknmjNgIal+eq0fi0K75sih7Ge fz+w== X-Gm-Message-State: APjAAAXRu9PCccwLQyRGzdwVWh4qJNn2YzybSMXT6qiWQ8Oe0tOTjllP l7ZE2f+aIR3Xrgd8t+Tmx1dP6g== X-Received: by 2002:adf:f649:: with SMTP id x9mr27061505wrp.163.1570549213184; Tue, 08 Oct 2019 08:40:13 -0700 (PDT) Received: from localhost.localdomain (laubervilliers-657-1-83-120.w92-154.abo.wanadoo.fr. [92.154.90.120]) by smtp.gmail.com with ESMTPSA id x16sm16784723wrl.32.2019.10.08.08.40.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Oct 2019 08:40:12 -0700 (PDT) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: stable@vger.kernel.org, Will Deacon , Catalin Marinas , Ard Biesheuvel Subject: [PATCH for-stable-v4.19 04/16] arm64: docs: Document SSBS HWCAP Date: Tue, 8 Oct 2019 17:39:18 +0200 Message-Id: <20191008153930.15386-5-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191008153930.15386-1-ard.biesheuvel@linaro.org> References: <20191008153930.15386-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon [ Upstream commit ee91176120bd584aa10c564e7e9fdcaf397190a1 ] We advertise the MRS/MSR instructions for toggling SSBS at EL0 using an HWCAP, so document it along with the others. Signed-off-by: Will Deacon Signed-off-by: Catalin Marinas Signed-off-by: Ard Biesheuvel --- Documentation/arm64/elf_hwcaps.txt | 4 ++++ 1 file changed, 4 insertions(+) -- 2.20.1 diff --git a/Documentation/arm64/elf_hwcaps.txt b/Documentation/arm64/elf_hwcaps.txt index d6aff2c5e9e2..6feaffe90e22 100644 --- a/Documentation/arm64/elf_hwcaps.txt +++ b/Documentation/arm64/elf_hwcaps.txt @@ -178,3 +178,7 @@ HWCAP_ILRCPC HWCAP_FLAGM Functionality implied by ID_AA64ISAR0_EL1.TS == 0b0001. + +HWCAP_SSBS + + Functionality implied by ID_AA64PFR1_EL1.SSBS == 0b0010. From patchwork Tue Oct 8 15:39:19 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 175504 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp5864301ill; Tue, 8 Oct 2019 08:40:17 -0700 (PDT) X-Google-Smtp-Source: APXvYqzBuG2i2N9kCJD5p+CXE00EuOhr0u4gWlD1tGg3VMcpp89FatimnHPyQEKCIB1G4qXHtlC1 X-Received: by 2002:a17:906:ecb6:: with SMTP id qh22mr29082692ejb.114.1570549217485; Tue, 08 Oct 2019 08:40:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570549217; cv=none; d=google.com; s=arc-20160816; b=ERJSN3KSO2F3WIjxcuVAkzdafsUmYuJDzbYwy4QoY/5vb/axSIPAL+TdqxM7ZI92Kj Uo4e5UVWp46NB8N527oBMib3GriY8w5BwgkMSrJTkOOYIEa1di9KmHmFugbHJgHjQruq ExqX7zBTxfePCsss++3i1CsjGbn86aRkGlNDdxnKvft0puL2z91wH2r6bjEpQdr8R+qd QN2ltcv/N7LeIct+F1S98lo24rOoyASV/TXVaaB148s7Si46v25UdNY7QhedsEsqPcNa E9IdzT9NaJzqQdVkFXDz626MsUCsXreQvZiEoN1wdD/vtDTUy66LhL697WRCO10xvzGt kMeQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=TiS7GtjKACCq/gPzWLfsIVgr7mVCgq9QJv62y5ATfHE=; b=c5nqaR0BeiMfUaJGdtDZXOIiY2aJi/QYxMso5HxAv2YmOS68fFq17reGBR2TyyqAXM f9EM/VbxpHCRebRwLiy9DcwnsOAVb4v97+S9efgTvNVXvZ+Qzh7iFb8gPe0GmKpXlfG9 GHL2bw+997MiGH3WRdP/CxgLNtBoWSU8BxyM/cBbTCxIEBDu+l0c67cTHw9DfMJ5mVOM MVHAOlF+sqAVwfwnnq9s5aZQPVrZeyE8k/x2npunC0lHdeuNwGShVpmW6EvluGLZ8WI1 DDKkgInmzvEUjurQShLOlkqSDjQ+ExpsWlfGvCN1yJ1M1mJpgRWbGzlIRy+CbYTRAJoL k9zg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Rb6AtPIl; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l6si10919464edc.67.2019.10.08.08.40.17; Tue, 08 Oct 2019 08:40:17 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Rb6AtPIl; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728104AbfJHPkQ (ORCPT + 13 others); Tue, 8 Oct 2019 11:40:16 -0400 Received: from mail-wm1-f68.google.com ([209.85.128.68]:51286 "EHLO mail-wm1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728071AbfJHPkQ (ORCPT ); Tue, 8 Oct 2019 11:40:16 -0400 Received: by mail-wm1-f68.google.com with SMTP id 7so3708280wme.1 for ; Tue, 08 Oct 2019 08:40:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=TiS7GtjKACCq/gPzWLfsIVgr7mVCgq9QJv62y5ATfHE=; b=Rb6AtPIls/TUR8VV/nV1wTxl6lCS5Fv2dTAroWe5wdy74pXlVUkWyf2Ekb5xglXmCZ DsjQmN5bN6lBT3fVVnkIub1yJzxdDuFSB9/YVwlC88yg0CaVVgglV8BamvtwpfIpihsS MC6a4m68Brp9JNJpDVD17ZJV9L2CGu2AR0UYdPRwJEu2WE9Z3p5qQtfBSP8ClH8BIGsq mfsiTux20ay0M4M+Sq/pM48DeWxZLByJt4KNHf0RfQh0V6e0w4Hrjw7BMFTgifUze7re LNugtIOcXV6LFZ5MiLzUTknpucRX6cJqUTw/8f9bDAYmpo/zpu0jQEjXAFpr/+r3vJ4e 9xLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=TiS7GtjKACCq/gPzWLfsIVgr7mVCgq9QJv62y5ATfHE=; b=EZ11dS+E5At4b91575D+snf4xDSvr0BWC8UnIZBVFokySErER0mdV35rnsBj9zdwNv C/GCj9TnoQcdYtURJqfvPX92UtRF1v1XhxDtFz2nHyuLSYC/fp5dNvVP6P8I3wvof1TT kBRng3I0RA7Nh9qZJC0n2G1hSiYBm6WuB0abydXZVt3i7thTMT1/T6/lpovKhT30/KbS 3etzMaFL61GdPY157nd9QRF3grqZ8fdvcmhE02Whz9mRVSr+sBNYEEGN8xPgt5r+nJHo Gi1p6+R4d6v/y/HRztpMysiI+D6Tg/2WLwfGbIuLn8Xasgh5VS3QzkfL33z41h9jQKFT 3USA== X-Gm-Message-State: APjAAAUMx7v5yj5XN37WdnBOy3KzC4gcB9nzhU7PSEtOtyrCQEPbjAdS GxVFMunWbBX66JuDDxYmbHNi9kYx29jasQ== X-Received: by 2002:a1c:f718:: with SMTP id v24mr4090040wmh.82.1570549214361; Tue, 08 Oct 2019 08:40:14 -0700 (PDT) Received: from localhost.localdomain (laubervilliers-657-1-83-120.w92-154.abo.wanadoo.fr. [92.154.90.120]) by smtp.gmail.com with ESMTPSA id x16sm16784723wrl.32.2019.10.08.08.40.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Oct 2019 08:40:13 -0700 (PDT) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: stable@vger.kernel.org, Mark Rutland , Catalin Marinas , Suzuki K Poulose , Will Deacon , Ard Biesheuvel Subject: [PATCH for-stable-v4.19 05/16] arm64: fix SSBS sanitization Date: Tue, 8 Oct 2019 17:39:19 +0200 Message-Id: <20191008153930.15386-6-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191008153930.15386-1-ard.biesheuvel@linaro.org> References: <20191008153930.15386-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Mark Rutland [ Upstream commit f54dada8274643e3ff4436df0ea124aeedc43cae ] In valid_user_regs() we treat SSBS as a RES0 bit, and consequently it is unexpectedly cleared when we restore a sigframe or fiddle with GPRs via ptrace. This patch fixes valid_user_regs() to account for this, updating the function to refer to the latest ARM ARM (ARM DDI 0487D.a). For AArch32 tasks, SSBS appears in bit 23 of SPSR_EL1, matching its position in the AArch32-native PSR format, and we don't need to translate it as we have to for DIT. There are no other bit assignments that we need to account for today. As the recent documentation describes the DIT bit, we can drop our comment regarding DIT. While removing SSBS from the RES0 masks, existing inconsistent whitespace is corrected. Fixes: d71be2b6c0e19180 ("arm64: cpufeature: Detect SSBS and advertise to userspace") Signed-off-by: Mark Rutland Cc: Catalin Marinas Cc: Suzuki K Poulose Cc: Will Deacon Signed-off-by: Will Deacon Signed-off-by: Ard Biesheuvel --- arch/arm64/kernel/ptrace.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) -- 2.20.1 diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c index 6219486fa25f..0211c3c7533b 100644 --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -1666,19 +1666,20 @@ void syscall_trace_exit(struct pt_regs *regs) } /* - * SPSR_ELx bits which are always architecturally RES0 per ARM DDI 0487C.a - * We also take into account DIT (bit 24), which is not yet documented, and - * treat PAN and UAO as RES0 bits, as they are meaningless at EL0, and may be - * allocated an EL0 meaning in future. + * SPSR_ELx bits which are always architecturally RES0 per ARM DDI 0487D.a. + * We permit userspace to set SSBS (AArch64 bit 12, AArch32 bit 23) which is + * not described in ARM DDI 0487D.a. + * We treat PAN and UAO as RES0 bits, as they are meaningless at EL0, and may + * be allocated an EL0 meaning in future. * Userspace cannot use these until they have an architectural meaning. * Note that this follows the SPSR_ELx format, not the AArch32 PSR format. * We also reserve IL for the kernel; SS is handled dynamically. */ #define SPSR_EL1_AARCH64_RES0_BITS \ - (GENMASK_ULL(63,32) | GENMASK_ULL(27, 25) | GENMASK_ULL(23, 22) | \ - GENMASK_ULL(20, 10) | GENMASK_ULL(5, 5)) + (GENMASK_ULL(63, 32) | GENMASK_ULL(27, 25) | GENMASK_ULL(23, 22) | \ + GENMASK_ULL(20, 13) | GENMASK_ULL(11, 10) | GENMASK_ULL(5, 5)) #define SPSR_EL1_AARCH32_RES0_BITS \ - (GENMASK_ULL(63,32) | GENMASK_ULL(23, 22) | GENMASK_ULL(20,20)) + (GENMASK_ULL(63, 32) | GENMASK_ULL(22, 22) | GENMASK_ULL(20, 20)) static int valid_compat_regs(struct user_pt_regs *regs) { From patchwork Tue Oct 8 15:39:20 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 175516 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp5867507ill; Tue, 8 Oct 2019 08:42:59 -0700 (PDT) X-Google-Smtp-Source: APXvYqxXH6cT9fX0bewGHvROaPWzgrLtQGlNyJhGQ9dshChdoST0W8kAIcjHTyEBUVOVNXFGcUot X-Received: by 2002:a50:a532:: with SMTP id y47mr34379094edb.273.1570549219535; Tue, 08 Oct 2019 08:40:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570549219; cv=none; d=google.com; s=arc-20160816; b=rAHpZyV4FKJPSO8mq3SlHrNT0jgEapZ9Ym6hxH4cf6qqo3c7SbYztqbe1wV/6yh/Mb Eo8qBeTEaNXXplu18kNtFeChOIlR74XOxpR5ygHmO+kO4kwc1XxLmhht8xp33MWJOnVL ydDKrs/NhvZotX3KnETkenqaqWXBtmQQzuOjPsY2PCsIo/iNXSXMPDz52NziqzZFXcXM 45QQtTHCUfQAlbzm3VnxaWU8U6x0Rva3c7bWu0HY4x6IFHyiQK6XXl6ajjB5klVE5sv2 wSag4Wo1IwLh3a2EllhUjTrZYkCZ61Zuh3tzNF3hWCaP2yAkUpLik3w0C4Ka5yLU0CEm QfXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=/vtISEtUshe9NBLXroiK2UL/EjV2n3/vwtTUKw/aRUg=; b=tB9+zLn/aDOJaobRG2XPiaGtucE0bZRWO80rQQA0xhGZY/h+yvwTeYRMC+wmslRLvZ l7Y4EQI+oq/e+Wi3CG5e7XWLG4BKlg/MfI16tNUc5A5iIAd6wR/OYJ5vlXGQXkAuuRlV dhUXAJoulREQaslTYYnNusKyuYEPLjvjKSNtePOkFKDO8jvENK6PGYSF4OZ5Mdy1hway U8CBynk8HWCI9fD5Li3AibzwbKb134eGCclUFMzesUEv1RDRCecg1Z3BlFtVmnw/tPFb HnnFidcp1bj9VMu0+mw/kNd3Fhy8TtjY6zA0g5uwvzpd9JGs2mpv9Gv7KDZiA0ig0s+Y upng== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=wClrywn5; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l6si10919464edc.67.2019.10.08.08.40.18; Tue, 08 Oct 2019 08:40:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=wClrywn5; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728071AbfJHPkS (ORCPT + 13 others); Tue, 8 Oct 2019 11:40:18 -0400 Received: from mail-wm1-f67.google.com ([209.85.128.67]:38277 "EHLO mail-wm1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726057AbfJHPkR (ORCPT ); Tue, 8 Oct 2019 11:40:17 -0400 Received: by mail-wm1-f67.google.com with SMTP id 3so3617990wmi.3 for ; Tue, 08 Oct 2019 08:40:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=/vtISEtUshe9NBLXroiK2UL/EjV2n3/vwtTUKw/aRUg=; b=wClrywn5UcceOArqPVuFG5qra/XM6cZtX5DJAjrVEQ6P3d4L+EjGNzW/MpRKhBcIaG J9HsmQ0BProl6Vcac0VvkGjBaPy4j/I8j579RADXXKYnRJpVp/q1BF4cYTfKI7qyV1bd kzyj212cWgbL10r9YpsRYZVd9GEjmFpIoZCSKa4wo0j/PeCYLcArzdAc47nm3Zkzl50b 9Uz2LcEz/Oky1r9nEsJcBl5KVhiUSLNi6PlpwHg3lZjwmqg1KResZ6Py8GLN5dfxB9Qk hxtb9BaABS++wxkzCa0e3g2aflnAipyDYjz+THMbhRM+vGS+G6LZLbruSenT/0Jirqdx NXtg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=/vtISEtUshe9NBLXroiK2UL/EjV2n3/vwtTUKw/aRUg=; b=eITOSgWxn00+wUquZmf2APTGkUs3Jz+0y66tGKI8WDzq8q+haaDGF8cvh50GsKor3f OwwIuRTd2aO2B/O5Z+8cnqtIHJKG356F0JuXYlFmrKt3ojOvT63Ws/YaOBXtdrwcD5l5 9aW0ACszCVrKRkVjHdzRGDH9Dc760VsS/MDGY+Z2PQ2QNi9t0fM0TdtokO1B6woLGXTZ cT95aHZgv+CYanq11zGiMiB6wIzgMSSV9N7ueRrIK2JJBSvqRltkD++JVit5o/Keprp+ A2nEntQxWoHMQPdy2hYsPGYBScCUDXrxVQho7nSNK16hQJIlKSex4kNWA2iYLAXT5hYu WzVQ== X-Gm-Message-State: APjAAAWeHswlwUno5Do/EOpGHT9x41IQGdW3VScXiCE1hWcEu89fasdN Va7ZthxDUwmYbVSShHWLnaE36Q== X-Received: by 2002:a05:600c:2319:: with SMTP id 25mr4461682wmo.3.1570549215716; Tue, 08 Oct 2019 08:40:15 -0700 (PDT) Received: from localhost.localdomain (laubervilliers-657-1-83-120.w92-154.abo.wanadoo.fr. [92.154.90.120]) by smtp.gmail.com with ESMTPSA id x16sm16784723wrl.32.2019.10.08.08.40.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Oct 2019 08:40:14 -0700 (PDT) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: stable@vger.kernel.org, Mian Yousaf Kaukab , Jeremy Linton , Andre Przywara , Catalin Marinas , Stefan Wahren , Suzuki K Poulose , Will Deacon , Ard Biesheuvel Subject: [PATCH for-stable-v4.19 06/16] arm64: Add sysfs vulnerability show for spectre-v1 Date: Tue, 8 Oct 2019 17:39:20 +0200 Message-Id: <20191008153930.15386-7-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191008153930.15386-1-ard.biesheuvel@linaro.org> References: <20191008153930.15386-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Mian Yousaf Kaukab [ Upstream commit 3891ebccace188af075ce143d8b072b65e90f695 ] spectre-v1 has been mitigated and the mitigation is always active. Report this to userspace via sysfs Signed-off-by: Mian Yousaf Kaukab Signed-off-by: Jeremy Linton Reviewed-by: Andre Przywara Reviewed-by: Catalin Marinas Tested-by: Stefan Wahren Acked-by: Suzuki K Poulose Signed-off-by: Will Deacon Signed-off-by: Ard Biesheuvel --- arch/arm64/kernel/cpu_errata.c | 6 ++++++ 1 file changed, 6 insertions(+) -- 2.20.1 diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 7fe3a60d1086..3758ba538a43 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -729,3 +729,9 @@ const struct arm64_cpu_capabilities arm64_errata[] = { { } }; + +ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, + char *buf) +{ + return sprintf(buf, "Mitigation: __user pointer sanitization\n"); +} From patchwork Tue Oct 8 15:39:21 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 175505 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp5864399ill; Tue, 8 Oct 2019 08:40:22 -0700 (PDT) X-Google-Smtp-Source: APXvYqwL8UxRE1ctL+3/HhPkExQAOjzFVMFLqD4/AQbyOEjNk2WlIV4Ij3Z/sUUXb8WIm0peuj5V X-Received: by 2002:a17:907:411d:: with SMTP id nw21mr29062272ejb.8.1570549221241; Tue, 08 Oct 2019 08:40:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570549221; cv=none; d=google.com; s=arc-20160816; b=g+NtxiL2i61le8IHIoDalq76Sij95fzMV74IzcltL3WolkQ40fIOwDjTvlm9BHXqZe phtU+ms/tGWbc99fEfGvyP+RUGglT84y6YvcugrHAwMMVUj/RbpSvQuHIO9qpAaJCUUS REDFwl14QzNkoo6gBgZ4PORlz67QWLGDBybwYCb82kIQGb7f+B0dCiiG0M1PwE+EjY+L 37eerwfcsaT2+SD+IH3oAatLw0JVlKDidQhg43bgmQxvW3rL+KgdTxoFoLBoGoe/Ul/U MJ9lQ5YwF0ljSdmJ+OnQuj4zukINSTVq6zE2xaCXE3/ypj+znEqVYoLoHxtxW5GR9MYj Iq2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=kbzBcWnld/N54945YghT0NSVpVg+3HASkkBRpykqA4g=; b=adSCtpud0FWHdaGIVwTGKNTBzi3q4/wPv0gkS34X0JW54Eaa9TDxbdctxdiYFHKMgu gswcWQe8DUCV2rx51KF518hMrTWctrj0/YhFRAe+5lqMgYmXgRVsd6yhNGVhhHHlRdC0 hB7plTTmfb5rTrGcOwwPcDjhHvzslYi2Kx1P/b/Ncvb3w90Zubr7hEyIHgxKQ+jpqTUd drVpAc7uh8O4rSk+sfUZ/0bUJTw01m0z1Ddjtk/NvcYz66UhawNVKGrQZR3C2zcHc1K/ 99wtS9Gg2n89cCy6kc0fB9gSY7MNhyu9xZefADwT3voYJr8priTzFbm6QFS4hFWg/4zI Tyvg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=AOjgSQ5U; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l6si10919464edc.67.2019.10.08.08.40.20; Tue, 08 Oct 2019 08:40:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=AOjgSQ5U; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728116AbfJHPkU (ORCPT + 13 others); Tue, 8 Oct 2019 11:40:20 -0400 Received: from mail-wr1-f67.google.com ([209.85.221.67]:43776 "EHLO mail-wr1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726839AbfJHPkU (ORCPT ); Tue, 8 Oct 2019 11:40:20 -0400 Received: by mail-wr1-f67.google.com with SMTP id j18so19167697wrq.10 for ; Tue, 08 Oct 2019 08:40:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=kbzBcWnld/N54945YghT0NSVpVg+3HASkkBRpykqA4g=; b=AOjgSQ5UM5dZI8mnyvs1Buj1mSIR4IiEF5MT3WaNMNGDjKY/zDzdcXs6wzbvvEGyqa tc9ul4fdH/d3vR4vMFj+CEK7p2Tu6WXu3wjQ/pxPxnfz0rzczFgJKe55673RTq8VF0aV Ad5xKj/ZUJ2ISNX02vCdwCq83flR5ZtloCrrH6LDksK1TK+H9lV/pyHAMpBlyYtANC3w mIGZH7llT4Pz98QM0E9yZwlF6kg6Z31iQtkR/QSldpfSISpFcuaHRNtV+67qDeEiKKC/ U54qqrfjkPPBt/2loB9AEDBpveQQyFEew6vahtJppXmJ16ugzT4XzXOQ9h+Lj5SY6NDA pcdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=kbzBcWnld/N54945YghT0NSVpVg+3HASkkBRpykqA4g=; b=ZQqu+vitoa6U+GTBa/DgBCvyYG4m4WNIAbCtxvyOI6DSM2yYN2UNi5UOWkmL6HInf3 zKczwcRoZeNKPWnLCfx6X2bF/eQXSksH7QJ4v0C5bomx6FLlcVIJkKuCmDhbDPu5Iejo tKhQoU6cxm0sJnUQmLtUUhGFFB2WHzx0Hstn9FZSsr096NO7qImno5pZw0EA8zYYBGpX AbI5AJONPwIWicC4/PQzw3B4NWKYRAna8EU4TLJFCwrAwW1jpEjM44Px4BNSix7kYU2L TQ+YO8i130I5a5gOu4hv2seWYCdrUGyMwtt2eqnqI2bAJPinQjfX3aAfVdgQ+9qPNA5D Istg== X-Gm-Message-State: APjAAAWUksGW0Yl3w/tAuVp2df49bMSydLtDJ2ZWdDiotm25MyKwcxHp 65Wv8EAOntLiahLaZEoJ+TGn/w== X-Received: by 2002:a5d:45cb:: with SMTP id b11mr28845784wrs.109.1570549216953; Tue, 08 Oct 2019 08:40:16 -0700 (PDT) Received: from localhost.localdomain (laubervilliers-657-1-83-120.w92-154.abo.wanadoo.fr. [92.154.90.120]) by smtp.gmail.com with ESMTPSA id x16sm16784723wrl.32.2019.10.08.08.40.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Oct 2019 08:40:16 -0700 (PDT) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: stable@vger.kernel.org, Jeremy Linton , Suzuki K Poulose , Andre Przywara , Catalin Marinas , Stefan Wahren , Will Deacon , Ard Biesheuvel Subject: [PATCH for-stable-v4.19 07/16] arm64: add sysfs vulnerability show for meltdown Date: Tue, 8 Oct 2019 17:39:21 +0200 Message-Id: <20191008153930.15386-8-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191008153930.15386-1-ard.biesheuvel@linaro.org> References: <20191008153930.15386-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jeremy Linton [ Upstream commit 1b3ccf4be0e7be8c4bd8522066b6cbc92591e912 ] We implement page table isolation as a mitigation for meltdown. Report this to userspace via sysfs. Signed-off-by: Jeremy Linton Reviewed-by: Suzuki K Poulose Reviewed-by: Andre Przywara Reviewed-by: Catalin Marinas Tested-by: Stefan Wahren Signed-off-by: Will Deacon Signed-off-by: Ard Biesheuvel --- arch/arm64/kernel/cpufeature.c | 58 +++++++++++++++----- 1 file changed, 44 insertions(+), 14 deletions(-) -- 2.20.1 diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 9c756a1657aa..e636d37d7087 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -889,7 +889,7 @@ static bool has_cache_dic(const struct arm64_cpu_capabilities *entry, return ctr & BIT(CTR_DIC_SHIFT); } -#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 +static bool __meltdown_safe = true; static int __kpti_forced; /* 0: not forced, >0: forced on, <0: forced off */ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, @@ -908,6 +908,16 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, { /* sentinel */ } }; char const *str = "command line option"; + bool meltdown_safe; + + meltdown_safe = is_midr_in_range_list(read_cpuid_id(), kpti_safe_list); + + /* Defer to CPU feature registers */ + if (has_cpuid_feature(entry, scope)) + meltdown_safe = true; + + if (!meltdown_safe) + __meltdown_safe = false; /* * For reasons that aren't entirely clear, enabling KPTI on Cavium @@ -919,6 +929,19 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, __kpti_forced = -1; } + /* Useful for KASLR robustness */ + if (IS_ENABLED(CONFIG_RANDOMIZE_BASE) && kaslr_offset() > 0) { + if (!__kpti_forced) { + str = "KASLR"; + __kpti_forced = 1; + } + } + + if (!IS_ENABLED(CONFIG_UNMAP_KERNEL_AT_EL0)) { + pr_info_once("kernel page table isolation disabled by kernel configuration\n"); + return false; + } + /* Forced? */ if (__kpti_forced) { pr_info_once("kernel page table isolation forced %s by %s\n", @@ -926,18 +949,10 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, return __kpti_forced > 0; } - /* Useful for KASLR robustness */ - if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) - return true; - - /* Don't force KPTI for CPUs that are not vulnerable */ - if (is_midr_in_range_list(read_cpuid_id(), kpti_safe_list)) - return false; - - /* Defer to CPU feature registers */ - return !has_cpuid_feature(entry, scope); + return !meltdown_safe; } +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 static void kpti_install_ng_mappings(const struct arm64_cpu_capabilities *__unused) { @@ -962,6 +977,12 @@ kpti_install_ng_mappings(const struct arm64_cpu_capabilities *__unused) return; } +#else +static void +kpti_install_ng_mappings(const struct arm64_cpu_capabilities *__unused) +{ +} +#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ static int __init parse_kpti(char *str) { @@ -975,7 +996,6 @@ static int __init parse_kpti(char *str) return 0; } early_param("kpti", parse_kpti); -#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ #ifdef CONFIG_ARM64_HW_AFDBM static inline void __cpu_enable_hw_dbm(void) @@ -1196,7 +1216,6 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .field_pos = ID_AA64PFR0_EL0_SHIFT, .min_field_value = ID_AA64PFR0_EL0_32BIT_64BIT, }, -#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 { .desc = "Kernel page table isolation (KPTI)", .capability = ARM64_UNMAP_KERNEL_AT_EL0, @@ -1212,7 +1231,6 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .matches = unmap_kernel_at_el0, .cpu_enable = kpti_install_ng_mappings, }, -#endif { /* FP/SIMD is not implemented */ .capability = ARM64_HAS_NO_FPSIMD, @@ -1853,3 +1871,15 @@ void cpu_clear_disr(const struct arm64_cpu_capabilities *__unused) /* Firmware may have left a deferred SError in this register. */ write_sysreg_s(0, SYS_DISR_EL1); } + +ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, + char *buf) +{ + if (__meltdown_safe) + return sprintf(buf, "Not affected\n"); + + if (arm64_kernel_unmapped_at_el0()) + return sprintf(buf, "Mitigation: PTI\n"); + + return sprintf(buf, "Vulnerable\n"); +} From patchwork Tue Oct 8 15:39:22 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 175509 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp5864406ill; Tue, 8 Oct 2019 08:40:22 -0700 (PDT) X-Google-Smtp-Source: APXvYqwX7V+Ii3W81862+6rbyycPhADNnbrG7rM2J1xoHOmMafdPGILCyAu2Xa9FhBT7+JqYPimu X-Received: by 2002:a17:906:b801:: with SMTP id dv1mr21225716ejb.314.1570549222205; Tue, 08 Oct 2019 08:40:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570549222; cv=none; d=google.com; s=arc-20160816; b=o6T8UWQMxmfZ9g/AOhNfbr0zKNIqah/Dx5pig8mgWwD5kIb8ymzZZVdq22cDxD9lJX JrC87R9lJvHqE6gIA+s34xdWHNJKE2QJky1MLduNTLGAfmmUMRaG1/yZX5FATnH1ctLL p00Ss4YAISw/rMSzlLWo4QzKO+sJqStRgq81mqm0jgajRIkFfmEpVR0obYRHWUhzpfRE 1zoTBY5MVe63Gr46dqzOvMTTXr4zb1aqhwaF76IAt7D3n/C/c+143hIHg0bFTJ1Tc7wR 8Qv7hWynhTYVYwhWuCIu5ZyQ2yl6sU/3e5rh02+7Xp8fAisPnVNS8E9RDNrRfs06yk7E aemA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=v1fBkRqeoTupUy6r5T5rATOuRaKZb5JdrMIl3ut6gZ4=; b=ApSmwkK4xFmRPUdlntLUVyCoKHaAYunfTJUwMa5wwGddJBYPu6cKLii4B15YkELfgo fa9eqv+hiGeWFGEroNcNFvoE14ddor+7WAIublaKoRs+Qp1k6mJU4iDzVkwzON14/i0s XP1X/9UGdVQutxJvTz2DLfxlQGjzWt/co2YVhs18zN8LAnUOgkMqifJDA4gVcQedygqE 7/ZZ2TOHN6eSC+POZgIqKb48DXRpBHtmtHIPELYDm9J645UO5Z2qyqwjJXpNLar/Jpwr mDdf9JxQI1oX98ihawy2OrmcRUtsBD/PojTtpvMxMkCOUUe3rZdszkvqGQS4EUMgFbJG smmQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=xU2wdODr; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l6si10919464edc.67.2019.10.08.08.40.21; Tue, 08 Oct 2019 08:40:22 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=xU2wdODr; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726839AbfJHPkU (ORCPT + 13 others); Tue, 8 Oct 2019 11:40:20 -0400 Received: from mail-wr1-f53.google.com ([209.85.221.53]:43217 "EHLO mail-wr1-f53.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726057AbfJHPkU (ORCPT ); Tue, 8 Oct 2019 11:40:20 -0400 Received: by mail-wr1-f53.google.com with SMTP id j18so19167774wrq.10 for ; Tue, 08 Oct 2019 08:40:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=v1fBkRqeoTupUy6r5T5rATOuRaKZb5JdrMIl3ut6gZ4=; b=xU2wdODr8d5X7dO32U+0Xy2v/2R1Jt2O3m/Ge4vhJfa4x+17e27cA0zf/njfbrm6DA JjgXqRWl82p3KQkz0fs8X2l/WOemYKT2Ch5LYgRcdCfKR43sdLoW6+3UQbeIcNEHpqhC NW2xqnvDkQ6PTjnf8gGVi8cOEKDochDeWTSYiBY8G6z9ZVbjOkJHVc1T42ahU/WDhNO2 vlro6LEEauaVgYwsCGPzsk+1n4J3pdMyjsT42qfLl9lzDIAyeLqS35qi2RGgioVpTpML k1l5zi52Jj63exxuxIK2XHoL02cQyQGNCQadFGokMyyqV/zAs/LT/Vum0rZLtNXlQDI7 Vbyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=v1fBkRqeoTupUy6r5T5rATOuRaKZb5JdrMIl3ut6gZ4=; b=iMtYPjYunF+lWwZjv1jbStHW6G7vN5XJ01XOuIzTfR+u5Jy1vuKD8DZgCIxpfl+MIT Qa/6Nc15o1t+b6M3jEPDEIxt50q8uuxnSaRkgYmiTvVbaORK2sjmhhP+VONsjL4DLzkh Hm6UbPq19neT4nvN6LOGFx814RKcdMAo1gvI6GVXURP/vxwQzR/b83e33cjPYwAzLAXT t3M4l8+rTyhc9kBTlPqgWotXnOOKyUMtjR3p1eg8289Sc2ZTXAXZfj2/5mLNJr1FRRE0 RMLyZDVXTuSYfZwIEuEV/fT8L6luUx9YYsez9u/vMzTIF6uvivP0EQ2UIoQMN4f/2sEn YaOQ== X-Gm-Message-State: APjAAAVW68a/LGynDxcqic7YOX8XcY7UDmDzNMNUh5by3+Cvi/dU/Xeb AM7foIInCOGpUxeJFBLDtUPbag== X-Received: by 2002:adf:f2c4:: with SMTP id d4mr7855414wrp.108.1570549218180; Tue, 08 Oct 2019 08:40:18 -0700 (PDT) Received: from localhost.localdomain (laubervilliers-657-1-83-120.w92-154.abo.wanadoo.fr. [92.154.90.120]) by smtp.gmail.com with ESMTPSA id x16sm16784723wrl.32.2019.10.08.08.40.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Oct 2019 08:40:17 -0700 (PDT) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: stable@vger.kernel.org, Mian Yousaf Kaukab , Jeremy Linton , Andre Przywara , Catalin Marinas , Stefan Wahren , Will Deacon , Ard Biesheuvel Subject: [PATCH for-stable-v4.19 08/16] arm64: enable generic CPU vulnerabilites support Date: Tue, 8 Oct 2019 17:39:22 +0200 Message-Id: <20191008153930.15386-9-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191008153930.15386-1-ard.biesheuvel@linaro.org> References: <20191008153930.15386-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Mian Yousaf Kaukab [ Upstream commit 61ae1321f06c4489c724c803e9b8363dea576da3 ] Enable CPU vulnerabilty show functions for spectre_v1, spectre_v2, meltdown and store-bypass. Signed-off-by: Mian Yousaf Kaukab Signed-off-by: Jeremy Linton Reviewed-by: Andre Przywara Reviewed-by: Catalin Marinas Tested-by: Stefan Wahren Signed-off-by: Will Deacon Signed-off-by: Ard Biesheuvel --- arch/arm64/Kconfig | 1 + 1 file changed, 1 insertion(+) -- 2.20.1 diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index e3ebece79617..51fe21f5d078 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -84,6 +84,7 @@ config ARM64 select GENERIC_CLOCKEVENTS select GENERIC_CLOCKEVENTS_BROADCAST select GENERIC_CPU_AUTOPROBE + select GENERIC_CPU_VULNERABILITIES select GENERIC_EARLY_IOREMAP select GENERIC_IDLE_POLL_SETUP select GENERIC_IRQ_MULTI_HANDLER From patchwork Tue Oct 8 15:39:23 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 175510 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp5864412ill; Tue, 8 Oct 2019 08:40:22 -0700 (PDT) X-Google-Smtp-Source: APXvYqyWABMwxx6bdNVnvGTnsFo0LLgdkFFEmjaxpg91Udjw/gsjpDbP4w2oUzwkRay5u6NUr3PT X-Received: by 2002:a17:906:1e16:: with SMTP id g22mr675975ejj.14.1570549222590; Tue, 08 Oct 2019 08:40:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570549222; cv=none; d=google.com; s=arc-20160816; b=hKiZHiE8YMmwFBsDrJmBihuiLUL666H2bgZF5eA1J/awCL8yDu3tCb/yIsRiE0Zz8K Gb+elUAOUpxSEMhh0CATOJIE5978Cd7Q3Zn0okLcUnAN7aspJuHVY8E/8Ez06XzCa97Y v4KVrX0zH8q5a1sfCKkCDIOpwCQF8E3VJttCy+pyYtxHgZ2I28NvUexYSeAfMKNh7BGs sdodixXSLmtX4hat/fD0Fz9M81bLvBplabRdhvxXJ1wH51T9QZmxjX8YWZwLOVaIqQYb fVBJePY4SaipiZ0loZq90rSaW/EGk0ZZxOIIry20+U5m769wI8pZcvI9frw9WinJH4O4 46DA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=aJGOLVfKZPZGTS15lL718TKBd/G+fSNNirhyvUJGpm8=; b=ojD8UVx6wJmW5+2m7OleMBmQRhLFcBoyhiUQNpy03bul/h1bNCAF0pwaJoHhT1pyOf Joieib3p765+a55DgIZ95lipIbAj6V0BGA1jZlg+JWjfqJSedWnMFC0ByQR6DXwhir0F n8cCEV0jKRDK9ECY+2CQ+Ju0hGae8mApMoG8tzZUv78aKdLUhUSAX4X2C+06ObECHMc5 z4gHei2g47VSDZQqkIKxU1jBUBj5XF4/YUQwiiriDyckpR6Fj3RDqHPO1QNaHmzPnWH5 ZJsEms0akJAgRcCi7y2snbPSXZWiUgu/WgzillVs9DSRjngUdVHkJaCe9dlWhJEB8+Hj 72Pg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=l2aVq144; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l6si10919464edc.67.2019.10.08.08.40.22; Tue, 08 Oct 2019 08:40:22 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=l2aVq144; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728137AbfJHPkV (ORCPT + 13 others); Tue, 8 Oct 2019 11:40:21 -0400 Received: from mail-wm1-f67.google.com ([209.85.128.67]:51294 "EHLO mail-wm1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728111AbfJHPkV (ORCPT ); Tue, 8 Oct 2019 11:40:21 -0400 Received: by mail-wm1-f67.google.com with SMTP id 7so3708610wme.1 for ; Tue, 08 Oct 2019 08:40:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=aJGOLVfKZPZGTS15lL718TKBd/G+fSNNirhyvUJGpm8=; b=l2aVq144mzxKvDDYP57RsaNlrigk/Q2WA76VZfGwyCvgw8GKzbafZgH3b0V6LPq3M6 oQDZ6hxkT3QX6l91ulPrtlgKV5c2QRV5BXT3e7gg8SVPHXY9xrV6d+90/6s4vaJ3jYYi T+pwwOs0EnE0rq7kE+g3TD4dxHzjDO/963hI9q9weq8fxHWW6yi1bdH+HOGLiXh6pd+8 J0uMoay5HLXnb7etduO1dNs5OIQVeX1tu9bpmo7cQ+iUg/1rSz61ThYqT6StPxPZ07bd 2gKpmkdu96Xe2ds8fM01TWoJiZtDuE3RrM3UKg/+/dcO4iwPzoFx34onlW+WTNR0C0wE XCDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=aJGOLVfKZPZGTS15lL718TKBd/G+fSNNirhyvUJGpm8=; b=HdP63KUoQf6yLcedBT66Lcf/esvjsMEdngrJcNIY/XcnoxUtmDpe9Y+hEwZnPo3gSh eNUYE9ji0aAetXEdRzuRIYQ+qh2a3Pc17Cobe0dNFO8/8GPjSG/JDx63WOqn0SH/uvjb Dh9A0NFmn7ioCGxukCM9gbjaYZZdpyaKF+tWeIgU7GCHRKdNDfuDtrTv+R6Ze44KjZxQ Ql5EqSKQKHZd49r+Tz6tiONEhu/EcN0Tb/tHL2q3iywT4ziv+SMbDZBqDp0SqWrU14xP hByQxySfneTKOC8Bk5D7lPcmD+/kYEYDg7RbLiaDNMGuSFnOExpkThCiNhLZveHCkAHW u14g== X-Gm-Message-State: APjAAAVl7ybc8k6MxHYvJLBOM0Om1vJEoRkoYaLNHUiKBlVfmTPVo2yE pQtCVBefcydJ63uE8yhL840Q0g== X-Received: by 2002:a05:600c:cd:: with SMTP id u13mr4038224wmm.37.1570549219399; Tue, 08 Oct 2019 08:40:19 -0700 (PDT) Received: from localhost.localdomain (laubervilliers-657-1-83-120.w92-154.abo.wanadoo.fr. [92.154.90.120]) by smtp.gmail.com with ESMTPSA id x16sm16784723wrl.32.2019.10.08.08.40.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Oct 2019 08:40:18 -0700 (PDT) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: stable@vger.kernel.org, Jeremy Linton , Andre Przywara , Catalin Marinas , Stefan Wahren , Will Deacon , Ard Biesheuvel Subject: [PATCH for-stable-v4.19 09/16] arm64: Always enable ssb vulnerability detection Date: Tue, 8 Oct 2019 17:39:23 +0200 Message-Id: <20191008153930.15386-10-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191008153930.15386-1-ard.biesheuvel@linaro.org> References: <20191008153930.15386-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jeremy Linton [ Upstream commit d42281b6e49510f078ace15a8ea10f71e6262581 ] Ensure we are always able to detect whether or not the CPU is affected by SSB, so that we can later advertise this to userspace. Signed-off-by: Jeremy Linton Reviewed-by: Andre Przywara Reviewed-by: Catalin Marinas Tested-by: Stefan Wahren [will: Use IS_ENABLED instead of #ifdef] Signed-off-by: Will Deacon Signed-off-by: Ard Biesheuvel --- arch/arm64/include/asm/cpufeature.h | 4 ---- arch/arm64/kernel/cpu_errata.c | 9 +++++---- 2 files changed, 5 insertions(+), 8 deletions(-) -- 2.20.1 diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h index 510f687d269a..dda6e5056810 100644 --- a/arch/arm64/include/asm/cpufeature.h +++ b/arch/arm64/include/asm/cpufeature.h @@ -525,11 +525,7 @@ static inline int arm64_get_ssbd_state(void) #endif } -#ifdef CONFIG_ARM64_SSBD void arm64_set_ssbd_mitigation(bool state); -#else -static inline void arm64_set_ssbd_mitigation(bool state) {} -#endif #endif /* __ASSEMBLY__ */ diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 3758ba538a43..10571a378f4c 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -239,7 +239,6 @@ enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) } #endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */ -#ifdef CONFIG_ARM64_SSBD DEFINE_PER_CPU_READ_MOSTLY(u64, arm64_ssbd_callback_required); int ssbd_state __read_mostly = ARM64_SSBD_KERNEL; @@ -312,6 +311,11 @@ void __init arm64_enable_wa2_handling(struct alt_instr *alt, void arm64_set_ssbd_mitigation(bool state) { + if (!IS_ENABLED(CONFIG_ARM64_SSBD)) { + pr_info_once("SSBD disabled by kernel configuration\n"); + return; + } + if (this_cpu_has_cap(ARM64_SSBS)) { if (state) asm volatile(SET_PSTATE_SSBS(0)); @@ -431,7 +435,6 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, return required; } -#endif /* CONFIG_ARM64_SSBD */ #ifdef CONFIG_ARM64_ERRATUM_1463225 DEFINE_PER_CPU(int, __in_cortex_a76_erratum_1463225_wa); @@ -710,14 +713,12 @@ const struct arm64_cpu_capabilities arm64_errata[] = { ERRATA_MIDR_RANGE_LIST(arm64_harden_el2_vectors), }, #endif -#ifdef CONFIG_ARM64_SSBD { .desc = "Speculative Store Bypass Disable", .capability = ARM64_SSBD, .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, .matches = has_ssbd_mitigation, }, -#endif #ifdef CONFIG_ARM64_ERRATUM_1463225 { .desc = "ARM erratum 1463225", From patchwork Tue Oct 8 15:39:24 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 175511 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp5864428ill; Tue, 8 Oct 2019 08:40:23 -0700 (PDT) X-Google-Smtp-Source: APXvYqzG3odY2/cAFAGNwo1h7MjQQKlSwSCj4/0AUw2iF5EMVJvHl3xWBttkLUDwB2fcS43YSDyD X-Received: by 2002:a50:8a21:: with SMTP id i30mr33963145edi.229.1570549223284; Tue, 08 Oct 2019 08:40:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570549223; cv=none; d=google.com; s=arc-20160816; b=FbCiunqORJNKyvyEoGVqNd+UGsNl+SSffR0m9KhKQFI1cp/N86CWkk9LXq+st6FRLA H1xqHWQwJtKOhONZGS6Pwo3SeMnXIYJzLKUdS3cEqczmbEpsh1kUkKRg4QiB3117gZ72 HvZRplN+oVS8jhGHlmQ+NaJ7n9Q2Rqy8y/JP6RKUrNiBxDSys/zUEzCgW3ekuHyDTacu 7dc01WhemkXNHaExrnWFDteq9j5ukT4NM2Vk2QbkFuuusp0SBLl0WkAzYG7ZMVxm4T1Q mhnCN1pjnnxv32UkVSRO3gBncup4Ki8PqKyZBSxYzlq1SLDz12LfmeKy0XHq7yCtX5Wp TfIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=w0Ll+cn1Z5T2Pfe8NP5R+UwThO0oMcc1htOSDXSVIpY=; b=SeBlrh/7t/CW73zDAjaK27kRHhA98z6isLHSzTpUcr8J4neRbaA32Hlva0paqWSPYZ FDDJQzqSoVWixddXFWNQ+EZfkp6J2OwtidJMDWhau/FplIO6/oSn0rFeupHT61lv7yUQ eIII5v0+rvenslcYdW3IjkY0SUL/K+G8UY/Vq5ctL+b4FYE5LkVe3Bh/CegNu6I+RMV1 Tx2qbrMidP/acA3Gif7TO/LEAkwqOwGE0rsHeBInaEmtRM7WnWcKN03jykZS0/i3Ce5o ug0xhyzWfqZjPqpy4qGoo/DBda2Tax605oygHYvig+7tTCB4FGMfvVbL0dzFsFGIEtx6 3rOA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=PxDaDH2H; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l6si10919464edc.67.2019.10.08.08.40.23; Tue, 08 Oct 2019 08:40:23 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=PxDaDH2H; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728111AbfJHPkW (ORCPT + 13 others); Tue, 8 Oct 2019 11:40:22 -0400 Received: from mail-wr1-f67.google.com ([209.85.221.67]:36562 "EHLO mail-wr1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728130AbfJHPkW (ORCPT ); Tue, 8 Oct 2019 11:40:22 -0400 Received: by mail-wr1-f67.google.com with SMTP id y19so19988600wrd.3 for ; Tue, 08 Oct 2019 08:40:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=w0Ll+cn1Z5T2Pfe8NP5R+UwThO0oMcc1htOSDXSVIpY=; b=PxDaDH2HGSTXbe8j2jdQ0F5aNPczREiGJ3IgO4cVYi5hdYsx06jqhLDO7fwYHs0xur ML7c+nfBISC0NSKhNveEtvqBHn2vKXEhajIdaHx9YHrhwR+dGhb/P5lhC3welZuuOJO6 7UO4/a3vjj0km4g5t9hzTLrAjJP6usFbt4FP5q+ZVjgVQVjjGbTqU2JOQLh5Ke7GiZaA Bs4W4+EgqqYBy4Qt8LoPFfNJU2MFBfNyFR07aJfxRlRNk+MWmxD/1xsXtHNPUtlOSBGL vU1Fi31L+fREo2L+23VSMqS0eThBgPYb4q33QcSuG7NF7TdV+/RDpozRKHY9iOaWc3kH 0SCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=w0Ll+cn1Z5T2Pfe8NP5R+UwThO0oMcc1htOSDXSVIpY=; b=uX6pjZVoGgFMBvPY3PUNh8aAxUL8q061EzpINBzHzLjd+4k5fJvC6oDfiIC0AOhwTh RlXwROsYKSY3yj5p1P1uH+4hFxh2VFTlxqv0OvvnvxTMlKBRQJ6I2RsdYMeG1HWVYVHc kly1CvOfUpbZRIx97zZFfW0aJzPJMvWjHp/VOoDW0NJYkaiIp0wneWPqM9X5XqS7j5EF aHhhAgC4Aqqk4uwvUZ+E0AuBp91eQt8fWXbmRT5L8HBFo2/Pl37pp7wfhF/KFawVWGnF TFha9yluxVMUbBIaWHNtQJPFhyK+bdEAydB/Up7k7w9zR6r0NZeQ2HLkf4JeliGixsDs eopA== X-Gm-Message-State: APjAAAXx3fvvgdcq+M9vwJfvq+dQSM7QIi4C7VYi7BmejWMrg7cdMkbF jk9UEtilJxY2nfjpjEEUOeiEAw== X-Received: by 2002:a5d:4a01:: with SMTP id m1mr23040139wrq.343.1570549220750; Tue, 08 Oct 2019 08:40:20 -0700 (PDT) Received: from localhost.localdomain (laubervilliers-657-1-83-120.w92-154.abo.wanadoo.fr. [92.154.90.120]) by smtp.gmail.com with ESMTPSA id x16sm16784723wrl.32.2019.10.08.08.40.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Oct 2019 08:40:19 -0700 (PDT) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: stable@vger.kernel.org, Jeremy Linton , Suzuki K Poulose , Andre Przywara , Catalin Marinas , Stefan Wahren , Jonathan Corbet , linux-doc@vger.kernel.org, Will Deacon , Ard Biesheuvel Subject: [PATCH for-stable-v4.19 10/16] arm64: Provide a command line to disable spectre_v2 mitigation Date: Tue, 8 Oct 2019 17:39:24 +0200 Message-Id: <20191008153930.15386-11-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191008153930.15386-1-ard.biesheuvel@linaro.org> References: <20191008153930.15386-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jeremy Linton [ Upstream commit e5ce5e7267ddcbe13ab9ead2542524e1b7993e5a ] There are various reasons, such as benchmarking, to disable spectrev2 mitigation on a machine. Provide a command-line option to do so. Signed-off-by: Jeremy Linton Reviewed-by: Suzuki K Poulose Reviewed-by: Andre Przywara Reviewed-by: Catalin Marinas Tested-by: Stefan Wahren Cc: Jonathan Corbet Cc: linux-doc@vger.kernel.org Signed-off-by: Will Deacon Signed-off-by: Ard Biesheuvel --- Documentation/admin-guide/kernel-parameters.txt | 8 ++++---- arch/arm64/kernel/cpu_errata.c | 13 +++++++++++++ 2 files changed, 17 insertions(+), 4 deletions(-) -- 2.20.1 diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index e8ddf0ef232e..cc2f5c9a8161 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -2866,10 +2866,10 @@ (bounds check bypass). With this option data leaks are possible in the system. - nospectre_v2 [X86,PPC_FSL_BOOK3E] Disable all mitigations for the Spectre variant 2 - (indirect branch prediction) vulnerability. System may - allow data leaks with this option, which is equivalent - to spectre_v2=off. + nospectre_v2 [X86,PPC_FSL_BOOK3E,ARM64] Disable all mitigations for + the Spectre variant 2 (indirect branch prediction) + vulnerability. System may allow data leaks with this + option. nospec_store_bypass_disable [HW] Disable all mitigations for the Speculative Store Bypass vulnerability diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 10571a378f4c..2394a105ebf4 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -189,6 +189,14 @@ static void qcom_link_stack_sanitization(void) : "=&r" (tmp)); } +static bool __nospectre_v2; +static int __init parse_nospectre_v2(char *str) +{ + __nospectre_v2 = true; + return 0; +} +early_param("nospectre_v2", parse_nospectre_v2); + static void enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) { @@ -200,6 +208,11 @@ enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) if (!entry->matches(entry, SCOPE_LOCAL_CPU)) return; + if (__nospectre_v2) { + pr_info_once("spectrev2 mitigation disabled by command line option\n"); + return; + } + if (psci_ops.smccc_version == SMCCC_VERSION_1_0) return; From patchwork Tue Oct 8 15:39:25 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 175512 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp5864527ill; Tue, 8 Oct 2019 08:40:28 -0700 (PDT) X-Google-Smtp-Source: APXvYqwTwiDjp/cAiZ0bjfp3KFQ9L/4WWQ8qH+f3APKrRbHeKTrQYy1f41ltaAQQOgTUPDTfMIDl X-Received: by 2002:a50:f603:: with SMTP id c3mr33846315edn.208.1570549228516; Tue, 08 Oct 2019 08:40:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570549228; cv=none; d=google.com; s=arc-20160816; b=CLE+Erxw6ztTqoyz0fZixW4M8eAc75yrVr+6g4ITiHj6M7+uEcp3HG1vZW7a6S0neB +d5hz2H6z4bN4LQgYilKa1Kb2ki0+XBF0uCy4ICmlAvXQobrczPmmjVyoozAdDFyCEXN YkHpmYZzxm5gtnmNbnQjjvw0LTi2EPon7c6jSUDft/PbXYoRMKPY98MChTZJ7sQ3u/C9 9pSQ4HvZmNL8i4wArLgQa3zIOX50rCDERoMFF56ezNHbCSqccTn1VlylxYyUyjV/XsjP BIEkJa8Nc6ntvKm7Aevm4I2/x9Bgu3TzLnsoNdpIU0z/aUtlRN98EhU+lN2FB4oV0oU1 EXew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=XTafCg6zUIIurbOW7vaJn/pn9iFWviVt4VHpbP6m92o=; b=mj/2+hgtgrsX8Xnl5lSxC7PM3288xf+fwxP6o7Bp2Fj9P8mR/ooCybUu3PZFRpaB9r vHPPLlaFQ20HxSU8rZ/doZaQo2mn6m9XCbdZXNia8q/7ed4F9RsgKBVqAHxRBFvCBxuW EENrkU0yz/KTFwkgrShht/RWGPOpnp6saFAFzj9+aHjtQ68jbX/EHH6rhnNRnkklCLE0 Z1mBU2TJJfzglCtjbb0T0Zrrd+XWRvFp4fDpqT/p1xUCCnweMX8hhSgqIV+H7nqKsAmk x/17lf6myCm6ctg09dn6AjM9sDgMLR8MYaeBtCdsjTHxGtTNzQF3fs2LX7ZH9FiOgWED KVXQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=HBOSUmC+; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l6si10919464edc.67.2019.10.08.08.40.28; Tue, 08 Oct 2019 08:40:28 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=HBOSUmC+; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728139AbfJHPk1 (ORCPT + 13 others); Tue, 8 Oct 2019 11:40:27 -0400 Received: from mail-wr1-f67.google.com ([209.85.221.67]:45764 "EHLO mail-wr1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726291AbfJHPk0 (ORCPT ); Tue, 8 Oct 2019 11:40:26 -0400 Received: by mail-wr1-f67.google.com with SMTP id r5so19898152wrm.12 for ; Tue, 08 Oct 2019 08:40:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=XTafCg6zUIIurbOW7vaJn/pn9iFWviVt4VHpbP6m92o=; b=HBOSUmC+Uh1sKlxj2qHRBPEkwt9Li+urF+V2wAYgjbeF71B15tqDl1t7XFVLRRDjDq 7WHPHvli8WaQpgfD0J8abnPpv1jdI04FA7UCB+iLaMQhqlwPyGOFxjdZTK8Ipvi33KOW civEL4anHTjkF6ndDAcWVChWHs7LulH6vQnGGRTsQRuXy6JBPDoMqhwqxjloUPtwNczi dFXiOGzd32FMFU3/y22nqsUW1UEV04tz11L9/j++c/JIwWc+MU0B0HG5YLTNM0GCENKk Y0GTSKR4Rl0xA0m3xFyMI9ueQ/t0/RhhhkcBnGMvu2SBps/sauPaPJBJVa56woz7SoiS vEdA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=XTafCg6zUIIurbOW7vaJn/pn9iFWviVt4VHpbP6m92o=; b=jp6yJPnWzn0xBuQeBfvSlJcfSbZUw3ndYKZye2SVfMMBdkOpfiQHnvpm51PHKl0Q+F MgKV2+ZM7L1fezIDkKB1fIakF0OA8bWJVr3UJnYe66AvU2WYi1VqKbNWkXZJwTY8cWJS LMdSDXxWM8Qf6Tfvy9M6Rrv72zX3MKggbYAAQ1SzwQ6VPIZF6evHI0RR6K9UzmXdCa0A PEsunRUxgqDVQSxhqDExo4pGN8+ho6d/3y0bvrW6ehTkzmZkzyCmaVzu71KBDA0LMRaB pMWjkEh6krepwomX085AD1eXQcUaV0nHkLQ/oGUmB7AooOtv7Krmsy4AuXob0z3/Gfsc 2epA== X-Gm-Message-State: APjAAAUgKHLZKTri10hdtSChPEQRfk1LGpzsGuxxu9ziHPwPJbdoEHyj 3iADI5vgD9oDm7lLhbvKA/v4PQ== X-Received: by 2002:adf:fcc9:: with SMTP id f9mr29766929wrs.382.1570549223635; Tue, 08 Oct 2019 08:40:23 -0700 (PDT) Received: from localhost.localdomain (laubervilliers-657-1-83-120.w92-154.abo.wanadoo.fr. [92.154.90.120]) by smtp.gmail.com with ESMTPSA id x16sm16784723wrl.32.2019.10.08.08.40.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Oct 2019 08:40:22 -0700 (PDT) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: stable@vger.kernel.org, Marc Zyngier , Jeremy Linton , Andre Przywara , Suzuki K Poulose , Catalin Marinas , Stefan Wahren , Will Deacon , Ard Biesheuvel Subject: [PATCH for-stable-v4.19 11/16] arm64: Advertise mitigation of Spectre-v2, or lack thereof Date: Tue, 8 Oct 2019 17:39:25 +0200 Message-Id: <20191008153930.15386-12-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191008153930.15386-1-ard.biesheuvel@linaro.org> References: <20191008153930.15386-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Marc Zyngier [ Upstream commit 73f38166095947f3b86b02fbed6bd592223a7ac8 ] We currently have a list of CPUs affected by Spectre-v2, for which we check that the firmware implements ARCH_WORKAROUND_1. It turns out that not all firmwares do implement the required mitigation, and that we fail to let the user know about it. Instead, let's slightly revamp our checks, and rely on a whitelist of cores that are known to be non-vulnerable, and let the user know the status of the mitigation in the kernel log. Signed-off-by: Marc Zyngier Signed-off-by: Jeremy Linton Reviewed-by: Andre Przywara Reviewed-by: Suzuki K Poulose Reviewed-by: Catalin Marinas Tested-by: Stefan Wahren Signed-off-by: Will Deacon Signed-off-by: Ard Biesheuvel --- arch/arm64/kernel/cpu_errata.c | 109 ++++++++++---------- 1 file changed, 56 insertions(+), 53 deletions(-) -- 2.20.1 diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 2394a105ebf4..ffb1b8ff7d82 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -109,9 +109,9 @@ static void __copy_hyp_vect_bpi(int slot, const char *hyp_vecs_start, __flush_icache_range((uintptr_t)dst, (uintptr_t)dst + SZ_2K); } -static void __install_bp_hardening_cb(bp_hardening_cb_t fn, - const char *hyp_vecs_start, - const char *hyp_vecs_end) +static void install_bp_hardening_cb(bp_hardening_cb_t fn, + const char *hyp_vecs_start, + const char *hyp_vecs_end) { static DEFINE_SPINLOCK(bp_lock); int cpu, slot = -1; @@ -138,7 +138,7 @@ static void __install_bp_hardening_cb(bp_hardening_cb_t fn, #define __smccc_workaround_1_smc_start NULL #define __smccc_workaround_1_smc_end NULL -static void __install_bp_hardening_cb(bp_hardening_cb_t fn, +static void install_bp_hardening_cb(bp_hardening_cb_t fn, const char *hyp_vecs_start, const char *hyp_vecs_end) { @@ -146,23 +146,6 @@ static void __install_bp_hardening_cb(bp_hardening_cb_t fn, } #endif /* CONFIG_KVM_INDIRECT_VECTORS */ -static void install_bp_hardening_cb(const struct arm64_cpu_capabilities *entry, - bp_hardening_cb_t fn, - const char *hyp_vecs_start, - const char *hyp_vecs_end) -{ - u64 pfr0; - - if (!entry->matches(entry, SCOPE_LOCAL_CPU)) - return; - - pfr0 = read_cpuid(ID_AA64PFR0_EL1); - if (cpuid_feature_extract_unsigned_field(pfr0, ID_AA64PFR0_CSV2_SHIFT)) - return; - - __install_bp_hardening_cb(fn, hyp_vecs_start, hyp_vecs_end); -} - #include #include #include @@ -197,31 +180,27 @@ static int __init parse_nospectre_v2(char *str) } early_param("nospectre_v2", parse_nospectre_v2); -static void -enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) +/* + * -1: No workaround + * 0: No workaround required + * 1: Workaround installed + */ +static int detect_harden_bp_fw(void) { bp_hardening_cb_t cb; void *smccc_start, *smccc_end; struct arm_smccc_res res; u32 midr = read_cpuid_id(); - if (!entry->matches(entry, SCOPE_LOCAL_CPU)) - return; - - if (__nospectre_v2) { - pr_info_once("spectrev2 mitigation disabled by command line option\n"); - return; - } - if (psci_ops.smccc_version == SMCCC_VERSION_1_0) - return; + return -1; switch (psci_ops.conduit) { case PSCI_CONDUIT_HVC: arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, ARM_SMCCC_ARCH_WORKAROUND_1, &res); if ((int)res.a0 < 0) - return; + return -1; cb = call_hvc_arch_workaround_1; /* This is a guest, no need to patch KVM vectors */ smccc_start = NULL; @@ -232,23 +211,23 @@ enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, ARM_SMCCC_ARCH_WORKAROUND_1, &res); if ((int)res.a0 < 0) - return; + return -1; cb = call_smc_arch_workaround_1; smccc_start = __smccc_workaround_1_smc_start; smccc_end = __smccc_workaround_1_smc_end; break; default: - return; + return -1; } if (((midr & MIDR_CPU_MODEL_MASK) == MIDR_QCOM_FALKOR) || ((midr & MIDR_CPU_MODEL_MASK) == MIDR_QCOM_FALKOR_V1)) cb = qcom_link_stack_sanitization; - install_bp_hardening_cb(entry, cb, smccc_start, smccc_end); + install_bp_hardening_cb(cb, smccc_start, smccc_end); - return; + return 1; } #endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */ @@ -535,24 +514,48 @@ multi_entry_cap_cpu_enable(const struct arm64_cpu_capabilities *entry) } #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR - /* - * List of CPUs where we need to issue a psci call to - * harden the branch predictor. + * List of CPUs that do not need any Spectre-v2 mitigation at all. */ -static const struct midr_range arm64_bp_harden_smccc_cpus[] = { - MIDR_ALL_VERSIONS(MIDR_CORTEX_A57), - MIDR_ALL_VERSIONS(MIDR_CORTEX_A72), - MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), - MIDR_ALL_VERSIONS(MIDR_CORTEX_A75), - MIDR_ALL_VERSIONS(MIDR_BRCM_VULCAN), - MIDR_ALL_VERSIONS(MIDR_CAVIUM_THUNDERX2), - MIDR_ALL_VERSIONS(MIDR_QCOM_FALKOR_V1), - MIDR_ALL_VERSIONS(MIDR_QCOM_FALKOR), - MIDR_ALL_VERSIONS(MIDR_NVIDIA_DENVER), - {}, +static const struct midr_range spectre_v2_safe_list[] = { + MIDR_ALL_VERSIONS(MIDR_CORTEX_A35), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A53), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A55), + { /* sentinel */ } }; +static bool __maybe_unused +check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope) +{ + int need_wa; + + WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible()); + + /* If the CPU has CSV2 set, we're safe */ + if (cpuid_feature_extract_unsigned_field(read_cpuid(ID_AA64PFR0_EL1), + ID_AA64PFR0_CSV2_SHIFT)) + return false; + + /* Alternatively, we have a list of unaffected CPUs */ + if (is_midr_in_range_list(read_cpuid_id(), spectre_v2_safe_list)) + return false; + + /* Fallback to firmware detection */ + need_wa = detect_harden_bp_fw(); + if (!need_wa) + return false; + + /* forced off */ + if (__nospectre_v2) { + pr_info_once("spectrev2 mitigation disabled by command line option\n"); + return false; + } + + if (need_wa < 0) + pr_warn_once("ARM_SMCCC_ARCH_WORKAROUND_1 missing from firmware\n"); + + return (need_wa > 0); +} #endif #ifdef CONFIG_HARDEN_EL2_VECTORS @@ -715,8 +718,8 @@ const struct arm64_cpu_capabilities arm64_errata[] = { #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR { .capability = ARM64_HARDEN_BRANCH_PREDICTOR, - .cpu_enable = enable_smccc_arch_workaround_1, - ERRATA_MIDR_RANGE_LIST(arm64_bp_harden_smccc_cpus), + .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, + .matches = check_branch_predictor, }, #endif #ifdef CONFIG_HARDEN_EL2_VECTORS From patchwork Tue Oct 8 15:39:26 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 175506 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp5864512ill; Tue, 8 Oct 2019 08:40:28 -0700 (PDT) X-Google-Smtp-Source: APXvYqxMt8K7G9OKPA8IJpkMid4v1RpBrZ2WhSq8ByBPHpsPHTX1AF86hvyZMadk4eQJUW4sL+em X-Received: by 2002:a17:906:6c8:: with SMTP id v8mr29964986ejb.252.1570549228113; Tue, 08 Oct 2019 08:40:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570549228; cv=none; d=google.com; s=arc-20160816; b=hsyqbZG6qpnn9kB1g4a6kVDej1ypFaDuXviivEIs+BXcKbPqZd0pA5gpXNFrsNoxd2 aUIQbHvMrhblZjk5149CdzQBd57y3hrR5Iz8Y2NRIS8cuOiWwk1iD9rrQ0Y6H4IKQDh/ mSbZ33nE6kaP+qfa8J8X91kDGi9koxDrc4pFs4LjF+iU8XQSK3FJLa7vjOwNhmDxmKZu /mggodSTj88+BGdnK4QyXfSeYxaAr/8CGzGQxMoXKYdJh/Qx8M0dkY+uPZ1gjw2AQ+lj keIbb+cOL7klC3hAos4Z8hwsRulkmbtE8iuWmcSRDpFJS/JsNa70iphU3uSA7z1QMEAY kYLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=b980Hl78DxMdOTDWa2ywxLFA73lq8TP+ptHAnX2cLHA=; b=mR6qCkJcUN8G0CqgfEibtKOE28tsV3pW3ZMC2mULgivBzfR6RdQR0ItntM/Fmmagh7 8lAS+JyAUUeWh32Wmf3LwPX+KkghqA8izCAr0mY7B9lXIZkaNJJ2bA4ae/d8G74MF3a9 QlYN2dx5WkyS0RyqdzsXMMUcl4dC60HhnxC7zpJppaT2LJ0/3wfBak0eCy+c7Lbv/+Fo a83918cnExGTxvk+QpWTmnFeBUJYi4vosTBSaGj1vdk8uCNO6QO2PjHiNLvKGEOQgmuX sLXHhiZp+lS0Z2afWuJD8yBUmcMqv2cnw9d7RDeZtMjSID4op8+/+cs8OMMQ2fhHruLP +cpQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=j1Q8gOGZ; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l6si10919464edc.67.2019.10.08.08.40.27; Tue, 08 Oct 2019 08:40:28 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=j1Q8gOGZ; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727228AbfJHPk0 (ORCPT + 13 others); Tue, 8 Oct 2019 11:40:26 -0400 Received: from mail-wm1-f67.google.com ([209.85.128.67]:40807 "EHLO mail-wm1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728139AbfJHPk0 (ORCPT ); Tue, 8 Oct 2019 11:40:26 -0400 Received: by mail-wm1-f67.google.com with SMTP id b24so3610500wmj.5 for ; Tue, 08 Oct 2019 08:40:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=b980Hl78DxMdOTDWa2ywxLFA73lq8TP+ptHAnX2cLHA=; b=j1Q8gOGZWX7QaB9s7ddocqr1BtoUdBxNIAjtKQw7ZXf4UKEtQFazekJzePh7ajN8u5 G91896HYqOqb/LdD0v4yUDRE1sxH0J0Cv6IDfwpb0uhnwVl7VYCx4O9VcPcz7GEBQWbN SFNyCqFejMTpqiA9Ld8nNGA8UA1TrqO1bCgsNx3TXp1YPmPbHt3YtooVZXodfytOXigx t0JeSzM5gLAzmYkH0Nu5vugApxhEHu7WN84OKH8mIMtPg5r2epaODTg5nRXznaZFlrkn gSwBwNA/LNGNWC4nghQyeH1DHUCBUdzJuhmI3wV5XzUlrMeRkqlGhbhtaC0iGnn+zTC5 6DDw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=b980Hl78DxMdOTDWa2ywxLFA73lq8TP+ptHAnX2cLHA=; b=YfJrEprHsH03VooohwU2a4t3mnOJRyC3m3rx5FDW9mA07kEpcyXhb6HPnCBDFoIFcD LE9et0614rNVUMv2TxRdCvDJ737AjlrNeBwDMbEwI4X4BK4ZfIFXTHn2Ytlwdobs5vw+ /rEkQ0xU9hNccmiTtmVXDSflwDacd8kzKlmbRFpv8JZmFG/HwcO/y5DQYGjt0MEjZ1N9 0Ia71KTfSF1r5tuNzjhnB6A3TpUHXcAb2r3YsnHFUPt0OuTZ+6rUPkixqOfunELaduw0 0lfz6ffJoetrPg+0PYhSc+MLAuunos+Zbwy3MvSKmePU1OpE5HBWL9vLfI66dB7XhQ6L oLug== X-Gm-Message-State: APjAAAUrRdH4Swyj2eeWHiPlggP6/8rhbdxfXBHJrSEbAlhAhU3wLdLT pzhpv2dEZcbg93GyJtEwluC9Ug== X-Received: by 2002:a1c:a616:: with SMTP id p22mr4234707wme.3.1570549224904; Tue, 08 Oct 2019 08:40:24 -0700 (PDT) Received: from localhost.localdomain (laubervilliers-657-1-83-120.w92-154.abo.wanadoo.fr. [92.154.90.120]) by smtp.gmail.com with ESMTPSA id x16sm16784723wrl.32.2019.10.08.08.40.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Oct 2019 08:40:23 -0700 (PDT) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: stable@vger.kernel.org, Jeremy Linton , Andre Przywara , Catalin Marinas , Stefan Wahren , Will Deacon , Ard Biesheuvel Subject: [PATCH for-stable-v4.19 12/16] arm64: Always enable spectre-v2 vulnerability detection Date: Tue, 8 Oct 2019 17:39:26 +0200 Message-Id: <20191008153930.15386-13-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191008153930.15386-1-ard.biesheuvel@linaro.org> References: <20191008153930.15386-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jeremy Linton [ Upstream commit 8c1e3d2bb44cbb998cb28ff9a18f105fee7f1eb3 ] Ensure we are always able to detect whether or not the CPU is affected by Spectre-v2, so that we can later advertise this to userspace. Signed-off-by: Jeremy Linton Reviewed-by: Andre Przywara Reviewed-by: Catalin Marinas Tested-by: Stefan Wahren Signed-off-by: Will Deacon Signed-off-by: Ard Biesheuvel --- arch/arm64/kernel/cpu_errata.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) -- 2.20.1 diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index ffb1b8ff7d82..96b0319dd0d6 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -87,7 +87,6 @@ cpu_enable_trap_ctr_access(const struct arm64_cpu_capabilities *__unused) atomic_t arm64_el2_vector_last_slot = ATOMIC_INIT(-1); -#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR #include #include @@ -225,11 +224,11 @@ static int detect_harden_bp_fw(void) ((midr & MIDR_CPU_MODEL_MASK) == MIDR_QCOM_FALKOR_V1)) cb = qcom_link_stack_sanitization; - install_bp_hardening_cb(cb, smccc_start, smccc_end); + if (IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR)) + install_bp_hardening_cb(cb, smccc_start, smccc_end); return 1; } -#endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */ DEFINE_PER_CPU_READ_MOSTLY(u64, arm64_ssbd_callback_required); @@ -513,7 +512,6 @@ multi_entry_cap_cpu_enable(const struct arm64_cpu_capabilities *entry) caps->cpu_enable(caps); } -#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR /* * List of CPUs that do not need any Spectre-v2 mitigation at all. */ @@ -545,6 +543,12 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope) if (!need_wa) return false; + if (!IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR)) { + pr_warn_once("spectrev2 mitigation disabled by kernel configuration\n"); + __hardenbp_enab = false; + return false; + } + /* forced off */ if (__nospectre_v2) { pr_info_once("spectrev2 mitigation disabled by command line option\n"); @@ -556,7 +560,6 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope) return (need_wa > 0); } -#endif #ifdef CONFIG_HARDEN_EL2_VECTORS @@ -715,13 +718,11 @@ const struct arm64_cpu_capabilities arm64_errata[] = { ERRATA_MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), }, #endif -#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR { .capability = ARM64_HARDEN_BRANCH_PREDICTOR, .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, .matches = check_branch_predictor, }, -#endif #ifdef CONFIG_HARDEN_EL2_VECTORS { .desc = "EL2 vector hardening", From patchwork Tue Oct 8 15:39:27 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 175513 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp5864538ill; Tue, 8 Oct 2019 08:40:29 -0700 (PDT) X-Google-Smtp-Source: APXvYqyH5wSsAnx2T8/9Ygjr+nqDu4SDhMzqfbK4hJN0zpJ4mmAtah48ZF0zoJ0wWaOemDtEsZN2 X-Received: by 2002:a17:906:cc9b:: with SMTP id oq27mr29408672ejb.125.1570549228919; Tue, 08 Oct 2019 08:40:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570549228; cv=none; d=google.com; s=arc-20160816; b=Jo+2y63SPIJlxnqyE5nswn6p9PeZsNhcLE4q4t/QfY7a9NR5ggGVwRPIvEXkOxTcj+ u/pMq4wzwZ0F/f7Qa7R6oDp1ZoPLabxdRSeZYWo/dVIrR6hUNfYF4hPdFAGy69k/U1iu qGWvHEkNJ0GrMBFiyZroVWpWDrU2aCD3XFBezRliMBmgITUzm6+caQJFWzRU26GxjTJM v/1HX6XDjFm2QYrhChCIRyvrS45iv9vE2hAkEoXBX7/zXfEOpe6dJRSX9lgbuiaMiyOV dm0UuqMhYowqh5Xl8JKJDQBkfMD8UbEl80pZ9q8neqcBglKtvuL4YjRm335pZ+ZxBbJb 6ITg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=xVW9YVfjij9vCoDvPQUdIJ4SaHECQBvveZX1DwTyL70=; b=J63mrLuMrqOAxDLrAFEkm7yh33rhfEybTYw7mG1dvYYC2aJpZ2YEru7hf4cVefsrNw 2e/FiDRYto2kbDh2ZHYMSQJw2ovE9TGN3ekpxusXN6ly/5yONRcWUPo1VWMHUA5/hXxO IBcJj4CqjsWbdLckc1GuUscUJsgd//dyCJB4+SaEruXIXLT1iPwdV4kKyERQfk0IHOCU g23aU6qREbqlrc07dA7Xi7bpAVdnRONtl3Fw/D744uKHJCePZ2/c3Ntmw/sq+ptkYEjO 4o5VuWGAZTVBbPtPZ/KU5zA9h3aHGxBi6F1iNSD4HS/8bVBDG3AyIHTkEEyI7/V/S0TL FcoQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=CkH3V+Bg; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l6si10919464edc.67.2019.10.08.08.40.28; Tue, 08 Oct 2019 08:40:28 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=CkH3V+Bg; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728185AbfJHPk2 (ORCPT + 13 others); Tue, 8 Oct 2019 11:40:28 -0400 Received: from mail-wr1-f68.google.com ([209.85.221.68]:46729 "EHLO mail-wr1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728132AbfJHPk2 (ORCPT ); Tue, 8 Oct 2019 11:40:28 -0400 Received: by mail-wr1-f68.google.com with SMTP id o18so19926564wrv.13 for ; Tue, 08 Oct 2019 08:40:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=xVW9YVfjij9vCoDvPQUdIJ4SaHECQBvveZX1DwTyL70=; b=CkH3V+Bg52IIiejwB7MJHrut8r0ZNm/pGILs03lNlE/a/HfmcdZspkl0VlLvPve04Z rFjR4bEabYl6kAu3KdPXO3SMd9wGbj8wnvGhpicK2sxxyu0cBi5Wcr9QFs2uaRmx5Gtn /Xu+1Le5EZmEZIrb80P3rhiAB+73kHsnCsfrO5wJQmfpe/WxaLxFz4gm94RwlGCjQkfL yhPCi2wQtSHA0uQ3UXcJyHASuZv8P4mnAb5DNXSKLaNRCohQFf4uCWKrul1znbjNqjQF lTjEK5b1HzS52S2OuNQJOUGgw87xRKyuZ7R7IxwixKcUg42UQgG/F1ZpXwARnPKkrqbj XU2Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=xVW9YVfjij9vCoDvPQUdIJ4SaHECQBvveZX1DwTyL70=; b=rDs19DCOBzx4hF9if/4eeZK+JpFQwsMz4Z1yql2XzCeQ4BXi+EQcH+29sLmp7Gnbrw mLYs1q2QFKLK7y9ncWkqQ2ZV0E1nVxdBFE1E5E8VAsIaJ/M0HIjEnwxiJuEmldJ6zvWU JcqKiKg9f16VU280Po6KvYFJki2kd6lN5CLGNVZ4sfoz4G4SNDmSzVlEOfjLL2PBwjet Kiaf+n+h7XbWxPT79dYMCdTwjwxJ754J76HQo4sRsQwX+64Av+/KA+7nyeHLHXZSbZvG ZDPG+eq8rE8cFk8qkzx5jGqvG7gklN1RrKlkETPp1HVwZRmqMjmZrhubnopbzecgo7lJ z0uw== X-Gm-Message-State: APjAAAWdljhzGq+anlFouBncPfE4mSlmzPwjewpjAO6K508CzoAKtrk8 Jguia7LtmyRgTI/ltjrzpK5qCappVPCBuA== X-Received: by 2002:a5d:4043:: with SMTP id w3mr28849130wrp.318.1570549226179; Tue, 08 Oct 2019 08:40:26 -0700 (PDT) Received: from localhost.localdomain (laubervilliers-657-1-83-120.w92-154.abo.wanadoo.fr. [92.154.90.120]) by smtp.gmail.com with ESMTPSA id x16sm16784723wrl.32.2019.10.08.08.40.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Oct 2019 08:40:25 -0700 (PDT) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: stable@vger.kernel.org, Jeremy Linton , Andre Przywara , Catalin Marinas , Stefan Wahren , Will Deacon , Ard Biesheuvel Subject: [PATCH for-stable-v4.19 13/16] arm64: add sysfs vulnerability show for spectre-v2 Date: Tue, 8 Oct 2019 17:39:27 +0200 Message-Id: <20191008153930.15386-14-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191008153930.15386-1-ard.biesheuvel@linaro.org> References: <20191008153930.15386-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jeremy Linton [ Upstream commit d2532e27b5638bb2e2dd52b80b7ea2ec65135377 ] Track whether all the cores in the machine are vulnerable to Spectre-v2, and whether all the vulnerable cores have been mitigated. We then expose this information to userspace via sysfs. Signed-off-by: Jeremy Linton Reviewed-by: Andre Przywara Reviewed-by: Catalin Marinas Tested-by: Stefan Wahren Signed-off-by: Will Deacon Signed-off-by: Ard Biesheuvel --- arch/arm64/kernel/cpu_errata.c | 27 +++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) -- 2.20.1 diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 96b0319dd0d6..b29d0b3b18b2 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -480,6 +480,10 @@ has_cortex_a76_erratum_1463225(const struct arm64_cpu_capabilities *entry, .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, \ CAP_MIDR_RANGE_LIST(midr_list) +/* Track overall mitigation state. We are only mitigated if all cores are ok */ +static bool __hardenbp_enab = true; +static bool __spectrev2_safe = true; + /* * Generic helper for handling capabilties with multiple (match,enable) pairs * of call backs, sharing the same capability bit. @@ -522,6 +526,10 @@ static const struct midr_range spectre_v2_safe_list[] = { { /* sentinel */ } }; +/* + * Track overall bp hardening for all heterogeneous cores in the machine. + * We are only considered "safe" if all booted cores are known safe. + */ static bool __maybe_unused check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope) { @@ -543,6 +551,8 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope) if (!need_wa) return false; + __spectrev2_safe = false; + if (!IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR)) { pr_warn_once("spectrev2 mitigation disabled by kernel configuration\n"); __hardenbp_enab = false; @@ -552,11 +562,14 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope) /* forced off */ if (__nospectre_v2) { pr_info_once("spectrev2 mitigation disabled by command line option\n"); + __hardenbp_enab = false; return false; } - if (need_wa < 0) + if (need_wa < 0) { pr_warn_once("ARM_SMCCC_ARCH_WORKAROUND_1 missing from firmware\n"); + __hardenbp_enab = false; + } return (need_wa > 0); } @@ -753,3 +766,15 @@ ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, { return sprintf(buf, "Mitigation: __user pointer sanitization\n"); } + +ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, + char *buf) +{ + if (__spectrev2_safe) + return sprintf(buf, "Not affected\n"); + + if (__hardenbp_enab) + return sprintf(buf, "Mitigation: Branch predictor hardening\n"); + + return sprintf(buf, "Vulnerable\n"); +} From patchwork Tue Oct 8 15:39:28 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 175507 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp5864573ill; Tue, 8 Oct 2019 08:40:31 -0700 (PDT) X-Google-Smtp-Source: APXvYqzveGL/h3bfaOJJ/aIFFUFXlOPYNMOnWwoSiDejRbK9ZUtLw4mR0aCz8bb/QrYhbjg0o8D7 X-Received: by 2002:a17:906:5584:: with SMTP id y4mr29390713ejp.89.1570549231788; Tue, 08 Oct 2019 08:40:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570549231; cv=none; d=google.com; s=arc-20160816; b=CkgiJEnmsUAFAE8Bl4Zwjq6Uf12AISqj2in5BHGk97Kvrdj2ECsu/SIZAfv9KsDnRV U6cA992ySqL9+67Appd99jXqlV9GNaqBe37LGEaDn5n4YDqp5dmp96lJ7/3yw2ZoNQ6G RFvDfyqW2aKzaKpdXNGnbh/20MDbzWMIUxZ4X+Msp/k6gEkyk+w90QJg1xWjJK4ewPiN WtEWJ7djlJpOMTIouuWmX4XdICmAfvBVTyblMLbUPOz1VolgrKPT8TQaV4lUlrwPMkk7 hAFfpScw3fLNyYekOnSyPOEoO4zo2UvDt+VxEjbhPTKWuoHKFhIKuFsDUQ5w40kV2ZEN 9ZHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=JOvKy1GbTi20JqNMvkeKTi1lW+5+cqwwGpuEUI/Ysxc=; b=Rv2cJrSIDEIzHTRrm3LiAB0x2hJO9iTQvFjtVzdOKxjWjpAPGo3XbN3zJHT2eGP42z FCwRZ7fV1L4bR5j3LA1ZjwAOqv7vg5v+FEaKRw8rXUhSkIE67oOddmqkEe9Lps3RQMx4 zPFy/lqbcb4C9uIP9PNwPSo+p+gSIhJAVD1Hiq3qxTmJyqK3bL+QPxQRhfEdc4OG0YIg Ukz5vWbTEP4nJasBpWXKS7DqSfKc1jFcVsR6S/HSgBUgEye1cAjojEQCS+YFUlsQyPym WKH1buYdADAuULkMirhXhltZyYfk4avbAS6gZclqbsripjDn44nRYxW+1VU+ShFn8Vj6 HA/A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=eSXtLXRf; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l6si10919464edc.67.2019.10.08.08.40.31; Tue, 08 Oct 2019 08:40:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=eSXtLXRf; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728187AbfJHPka (ORCPT + 13 others); Tue, 8 Oct 2019 11:40:30 -0400 Received: from mail-wr1-f66.google.com ([209.85.221.66]:37306 "EHLO mail-wr1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726291AbfJHPka (ORCPT ); Tue, 8 Oct 2019 11:40:30 -0400 Received: by mail-wr1-f66.google.com with SMTP id p14so19031085wro.4 for ; Tue, 08 Oct 2019 08:40:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=JOvKy1GbTi20JqNMvkeKTi1lW+5+cqwwGpuEUI/Ysxc=; b=eSXtLXRfB+u5AM5fRljB1O24I3P9mF3ckg4wSyaX2RllVZNKKj6xFkvYsKcsSOQs7l AXf+eYQqTFeu0M1XsKmUgJ7h+kXXYtOMbtNeSiGi7LdA+8a+jAgMtW4OL2lcP4yt+WQc L7rIoqAO3WA7c5CbGlbO7GqPcOzDBBC225I8bvA/QCZNm3AY0jBF9VusKAaE+/KQjzEf LC+gAx5Tb0Q4xW2QggmTlkTdL0194r40UIyG0M4cX/jhLp58EwC9PFfmXHpPV8rN1nbh v5AaHFpttizItBIhe4Dt0WTo1he9ZkZV6o+Jq5nG+YObDyR/z0nJ6JCRBFUeLPXBQbPh HrKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=JOvKy1GbTi20JqNMvkeKTi1lW+5+cqwwGpuEUI/Ysxc=; b=rcIuVg7TopLssY7MvvDdGszior/Duv+NIx2K8wmN247e/OBQ89/qRpR4TRX24VrhVr O4DDn7KVUUYrUh7bjdlsm778bucmf1XUOIGV3L0alLf1eQeZWmoiR8GaF19haPJ9LixT DKP1DN18K+v2vdmSLn6+AyCJI6FjwLAlr2GTcklcjxZLO0PPSeHbYuUO5zxlZmywPQmP JiGe2TxN1ZoP7ypQlAhJNTRwNxsjd5c3s7OhS4BkIUMWqZSrxNSy3Cn65rCgKemwyaqU j9u5xxW40KNADQpwfN9woD3M4BDig37XfXQDfE6BhDlD6OWr5X0uA5iw5Ahu6vO7UjME 4plw== X-Gm-Message-State: APjAAAV9yQwxvhb+7oWf+m5IucGI+kswVJxUMOj9jU9ibfNDqSnYk+Rf ZXHUdjymsNwTKbuN5O5svsd57w== X-Received: by 2002:a5d:61c1:: with SMTP id q1mr14045394wrv.235.1570549227501; Tue, 08 Oct 2019 08:40:27 -0700 (PDT) Received: from localhost.localdomain (laubervilliers-657-1-83-120.w92-154.abo.wanadoo.fr. [92.154.90.120]) by smtp.gmail.com with ESMTPSA id x16sm16784723wrl.32.2019.10.08.08.40.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Oct 2019 08:40:26 -0700 (PDT) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: stable@vger.kernel.org, Jeremy Linton , Stefan Wahren , Will Deacon Subject: [PATCH for-stable-v4.19 14/16] arm64: add sysfs vulnerability show for speculative store bypass Date: Tue, 8 Oct 2019 17:39:28 +0200 Message-Id: <20191008153930.15386-15-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191008153930.15386-1-ard.biesheuvel@linaro.org> References: <20191008153930.15386-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jeremy Linton [ Upstream commit 526e065dbca6df0b5a130b84b836b8b3c9f54e21 ] Return status based on ssbd_state and __ssb_safe. If the mitigation is disabled, or the firmware isn't responding then return the expected machine state based on a whitelist of known good cores. Given a heterogeneous machine, the overall machine vulnerability defaults to safe but is reset to unsafe when we miss the whitelist and the firmware doesn't explicitly tell us the core is safe. In order to make that work we delay transitioning to vulnerable until we know the firmware isn't responding to avoid a case where we miss the whitelist, but the firmware goes ahead and reports the core is not vulnerable. If all the cores in the machine have SSBS, then __ssb_safe will remain true. Tested-by: Stefan Wahren Signed-off-by: Jeremy Linton Signed-off-by: Will Deacon --- arch/arm64/kernel/cpu_errata.c | 42 ++++++++++++++++++++ 1 file changed, 42 insertions(+) -- 2.20.1 diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index b29d0b3b18b2..0ce4a6aaf6fc 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -233,6 +233,7 @@ static int detect_harden_bp_fw(void) DEFINE_PER_CPU_READ_MOSTLY(u64, arm64_ssbd_callback_required); int ssbd_state __read_mostly = ARM64_SSBD_KERNEL; +static bool __ssb_safe = true; static const struct ssbd_options { const char *str; @@ -336,6 +337,7 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, struct arm_smccc_res res; bool required = true; s32 val; + bool this_cpu_safe = false; WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible()); @@ -344,8 +346,14 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, goto out_printmsg; } + /* delay setting __ssb_safe until we get a firmware response */ + if (is_midr_in_range_list(read_cpuid_id(), entry->midr_range_list)) + this_cpu_safe = true; + if (psci_ops.smccc_version == SMCCC_VERSION_1_0) { ssbd_state = ARM64_SSBD_UNKNOWN; + if (!this_cpu_safe) + __ssb_safe = false; return false; } @@ -362,6 +370,8 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, default: ssbd_state = ARM64_SSBD_UNKNOWN; + if (!this_cpu_safe) + __ssb_safe = false; return false; } @@ -370,14 +380,18 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, switch (val) { case SMCCC_RET_NOT_SUPPORTED: ssbd_state = ARM64_SSBD_UNKNOWN; + if (!this_cpu_safe) + __ssb_safe = false; return false; + /* machines with mixed mitigation requirements must not return this */ case SMCCC_RET_NOT_REQUIRED: pr_info_once("%s mitigation not required\n", entry->desc); ssbd_state = ARM64_SSBD_MITIGATED; return false; case SMCCC_RET_SUCCESS: + __ssb_safe = false; required = true; break; @@ -387,6 +401,8 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, default: WARN_ON(1); + if (!this_cpu_safe) + __ssb_safe = false; return false; } @@ -427,6 +443,14 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, return required; } +/* known invulnerable cores */ +static const struct midr_range arm64_ssb_cpus[] = { + MIDR_ALL_VERSIONS(MIDR_CORTEX_A35), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A53), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A55), + {}, +}; + #ifdef CONFIG_ARM64_ERRATUM_1463225 DEFINE_PER_CPU(int, __in_cortex_a76_erratum_1463225_wa); @@ -748,6 +772,7 @@ const struct arm64_cpu_capabilities arm64_errata[] = { .capability = ARM64_SSBD, .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, .matches = has_ssbd_mitigation, + .midr_range_list = arm64_ssb_cpus, }, #ifdef CONFIG_ARM64_ERRATUM_1463225 { @@ -778,3 +803,20 @@ ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, return sprintf(buf, "Vulnerable\n"); } + +ssize_t cpu_show_spec_store_bypass(struct device *dev, + struct device_attribute *attr, char *buf) +{ + if (__ssb_safe) + return sprintf(buf, "Not affected\n"); + + switch (ssbd_state) { + case ARM64_SSBD_KERNEL: + case ARM64_SSBD_FORCE_ENABLE: + if (IS_ENABLED(CONFIG_ARM64_SSBD)) + return sprintf(buf, + "Mitigation: Speculative Store Bypass disabled via prctl\n"); + } + + return sprintf(buf, "Vulnerable\n"); +} From patchwork Tue Oct 8 15:39:29 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 175515 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp5867059ill; Tue, 8 Oct 2019 08:42:38 -0700 (PDT) X-Google-Smtp-Source: APXvYqx/bcPKh9q+mzkie9UK6CH1cRVfFMXG5fYGB3e5KUYNwTz31f3kZBub8oqqwrajJifWgUBo X-Received: by 2002:a05:6402:2022:: with SMTP id ay2mr34689270edb.109.1570549232408; Tue, 08 Oct 2019 08:40:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570549232; cv=none; d=google.com; s=arc-20160816; b=Gb1rMGqQ7YvDiiYfGqcVw1NIm0Myskx5r2GuljiaDtkpOBXIyAnEO/rz4SMAE549nL q3KAeCoX5WDj2GTIP9U4t4xCX3w2DIznoEWjYjL+YJkr6H2Hb6iurFazl8Esh2blQf8w OqQuOy4Zvtylwq4zD9gqlz1dIkjtA3i55PD+tMLSI+wNxMO3oWLkDbbodlBq0P+F+Jhf cVSFIAyDT7qGTzwyNFgD4f864SJj7+X95F+1W953SL+41X/CrqPkgPY0NO8wtswhZPHQ bU0+Y4ab5YQwIGtSl1piYfR+UxpJ0NsyPPs5w6ULRQZRPNIZzgvErwFoB7PWFEXOCmlK PAMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=O18xZOEMMJydjKMD80TyT8oRhz4SapCait5DnLCUfdg=; b=Sms0GANULxSBsR0z+omJllz5SQFUduUE3zfgmx9dHyOMjlbdXGZdOhSOXqLny7gw62 w0TnE/sGFtGIP/5i04GwrrM7diAeXGk6CbCLR9HPzrqi3yznm3WGLYXYNuerQsFZe0E3 YDtKzVqJCNObcTXPFhx8E2Tolzgr84b4OfjdXPulL0gm1eYo4P3ExgioSFFg9tmFU63+ Xmo8RF2W83uLxrt17ASWQ9beDA9Mur7tmV7eKcb5A+qqptG+FkeRQhvHHioP2eOgbOBC 2Nb1KLZWMy/gjkTaXc2znt5BlJnYIUpuJa4hyIa0PGSkno4J8mdBgFELsKzqbOzWeGkZ v/+A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="zwctIF/u"; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l6si10919464edc.67.2019.10.08.08.40.31; Tue, 08 Oct 2019 08:40:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="zwctIF/u"; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728200AbfJHPka (ORCPT + 13 others); Tue, 8 Oct 2019 11:40:30 -0400 Received: from mail-wr1-f68.google.com ([209.85.221.68]:38463 "EHLO mail-wr1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728132AbfJHPka (ORCPT ); Tue, 8 Oct 2019 11:40:30 -0400 Received: by mail-wr1-f68.google.com with SMTP id w12so19989301wro.5 for ; Tue, 08 Oct 2019 08:40:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=O18xZOEMMJydjKMD80TyT8oRhz4SapCait5DnLCUfdg=; b=zwctIF/ukmMnoeE7TiEtLzRgjRx1h+0miKYBzh8SxwqVgoLeEnVrS1vnd+kTLJIeS3 wGt06XJKluONW8oBFsmSVORQ8/6dl33wDmQqFFQtuHK1GRZ92Q/Q2EcTtYA4SgtjOwgq hSPKNC9jM5vADNrq8yj4lUMT/h+ssjjcwW5gRupYIxBxzpQLLOEOBtEibjfk22CET88x wNwSimuXSoaqRaoa5cXG/bbQ47xof/pD7xMIEbc3e2Z8Xe8VTvmd+Gf/YBXXufxNc/P/ IzkTwKsxKxTWCE7Aq5yrNLhGtK/9+SKni7O7wVx0Kwe+nvMMENEipiQ/1KnodvzrylcG 0gsw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=O18xZOEMMJydjKMD80TyT8oRhz4SapCait5DnLCUfdg=; b=oeN13nJ+x1QAgDKHqMElao75eRITR2K0cUAV1jiz0tHjFEq2FNHU+ZgySeu+VGv2tj BNsLPz1WEy6l9NHFsXwGFRazUA1nMnTAvn+zsI4uXgSI/sr16stcLEeP8BlQdot+9JbS y3j3wu2HlN7ctG8V5U1yXYiUHBnRHtgneAVDled7WaOXcQv9k9SbcyhMITWjYecuE4yA HMbeVfU62HKXaYhaOq4w61QTC9matpj9dI952kwfyG0NcfpgZlDoYdJV08lCx2nGYEDD JyQuVIBh7dvMNGNmCxSzBQEjaN4NUPz9MhR1tbJ6Nah3nQ+/5ORQZ+4HJztnsKdrkt6F bCIQ== X-Gm-Message-State: APjAAAW5zZN8uxO4gQ3V7jBocImM5/HtEtoSfpjOlNdGPksZiIycWmGT WHZCgnV3nRQ8pbDHPvgwxgUoZQ== X-Received: by 2002:a5d:670f:: with SMTP id o15mr26513389wru.242.1570549228737; Tue, 08 Oct 2019 08:40:28 -0700 (PDT) Received: from localhost.localdomain (laubervilliers-657-1-83-120.w92-154.abo.wanadoo.fr. [92.154.90.120]) by smtp.gmail.com with ESMTPSA id x16sm16784723wrl.32.2019.10.08.08.40.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Oct 2019 08:40:27 -0700 (PDT) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: stable@vger.kernel.org, Will Deacon , Ard Biesheuvel Subject: [PATCH for-stable-v4.19 15/16] arm64: ssbs: Don't treat CPUs with SSBS as unaffected by SSB Date: Tue, 8 Oct 2019 17:39:29 +0200 Message-Id: <20191008153930.15386-16-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191008153930.15386-1-ard.biesheuvel@linaro.org> References: <20191008153930.15386-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon [ Upstream commit eb337cdfcd5dd3b10522c2f34140a73a4c285c30 ] SSBS provides a relatively cheap mitigation for SSB, but it is still a mitigation and its presence does not indicate that the CPU is unaffected by the vulnerability. Tweak the mitigation logic so that we report the correct string in sysfs. Signed-off-by: Will Deacon Signed-off-by: Ard Biesheuvel --- arch/arm64/kernel/cpu_errata.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) -- 2.20.1 diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 0ce4a6aaf6fc..292625fcba04 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -341,15 +341,17 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible()); + /* delay setting __ssb_safe until we get a firmware response */ + if (is_midr_in_range_list(read_cpuid_id(), entry->midr_range_list)) + this_cpu_safe = true; + if (this_cpu_has_cap(ARM64_SSBS)) { + if (!this_cpu_safe) + __ssb_safe = false; required = false; goto out_printmsg; } - /* delay setting __ssb_safe until we get a firmware response */ - if (is_midr_in_range_list(read_cpuid_id(), entry->midr_range_list)) - this_cpu_safe = true; - if (psci_ops.smccc_version == SMCCC_VERSION_1_0) { ssbd_state = ARM64_SSBD_UNKNOWN; if (!this_cpu_safe) From patchwork Tue Oct 8 15:39:30 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 175508 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp5864612ill; Tue, 8 Oct 2019 08:40:33 -0700 (PDT) X-Google-Smtp-Source: APXvYqw6eGUFfcMK3YDStK0stSvq0tgriOHmRpfWxhndB9Wac8TQHU6j+ZvMREfFC/1I6borkIUC X-Received: by 2002:a17:906:1d03:: with SMTP id n3mr29604324ejh.287.1570549233540; Tue, 08 Oct 2019 08:40:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570549233; cv=none; d=google.com; s=arc-20160816; b=BBOIvrKXvYmGthj6NsWloN3bupOU2Y+MTAB+0Xplo4Qfz/aD97BTe2GGutG8kAczdK xgf33UYiHMKNjLAiqmeHn+V/qEBhVLNi3JRPX0VyUKr1PnXwRMJz6L7fdrdYGMl4s67X bFfyXoFRe6a16pp7IdT0L+MIApn8N4kJeGxb+PdsP8Kov9xcNh/CdfRmi355t5JHiXmy rsDZAXQmm7LDVDEIIWq0XJEsyuht3vAtvG/U4IcCG8/tj8dYVzlzbTnMMULpG9XeieuS EDBe/fUhImHbA3IiXJDFjIlWfBZSZmGMf7ulRZhx2nD2VdWe0UfFqxrk8nihzGY2v0qt S13Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=EvOKMd/OQko6enWWrnf5RTdaY5yC08L1IEeTVlfB1KE=; b=LS+mH+uyp1T1ju0cHAaVAXQOpcO6Ha0MoHeNA+3UaMm5jGgKbvDWp020f4QxwOGKcH Vc2brubR9UWTwHRUWsQ1n+KlMZOQflrapstEUxON4M3NpxkWZsKVhS4gvmuJiO0FB946 65Kfr778cV0RFUVoSFo2lUe4bHbmnMLPCcdgE6aEHh+rr53MeCTXn9EcrM6TbCVFksqG lSPH1KECkWRcXjP9gXIppJvFVBQ5YglsU0dMBL27V6GPlpGDYrBPad0ZGUWWpBnpC+cb 5siI/kvGgO+ugTbA/BMVIhoJjDR1DgxsOOZxVMqislrVVUk4I3nMwzZ4yiQmcdGVmS3O rRtA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=eAe1Nt3M; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l6si10919464edc.67.2019.10.08.08.40.33; Tue, 08 Oct 2019 08:40:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=eAe1Nt3M; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727496AbfJHPkc (ORCPT + 13 others); Tue, 8 Oct 2019 11:40:32 -0400 Received: from mail-wm1-f65.google.com ([209.85.128.65]:36584 "EHLO mail-wm1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726291AbfJHPkc (ORCPT ); Tue, 8 Oct 2019 11:40:32 -0400 Received: by mail-wm1-f65.google.com with SMTP id m18so3633980wmc.1 for ; Tue, 08 Oct 2019 08:40:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=EvOKMd/OQko6enWWrnf5RTdaY5yC08L1IEeTVlfB1KE=; b=eAe1Nt3M59FCoKdNyg0/uPHL+NGZXHcXN7MIfxXpQDzCXGF1K9AagIcCW0BLviOjV/ 1dVitWM281Nq7nO6Ova3+aZ3rZAAhU91JAxi2YfQOETkBI4f9cTDAZa8E4lE2TI6seb6 GWKGKJgdLbjv6IzR7MDktt+60cosWHE3d9UOxHdJtN0GIts7WVSD7eIGvNgA8HSbraRB zuh8rdNGzGqBgyacKSSFasxcGHoBjrc4Gu7eFV5UQM8CnrZnDGoQsivFdgyRvGGUu1ip 1jzG2fOiw4FE5y1GdaiaGesCsLI8TuR/uCsKq+gvQjOidhHUyjFiT4UQQ+T7a7ZV/G6L K/yg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=EvOKMd/OQko6enWWrnf5RTdaY5yC08L1IEeTVlfB1KE=; b=C3QDBZNeglOGQH14PVTT+xQSI2SlFzAv+7Za46asmATgWiOlSu1l4hAo4EfhzNbpY3 TGrS4vSNrDkQGf2Tm2oCPFrGTi51Epst9zaa5ZIU4dBbhEGWJOaUg5Ya3xH9+xhIG4M8 l6uF0F+S5qZ5C3Fl0dF9Gbat2WhcATWfOPo8I0RXbTpKxY0meQAfzJreRe48FB3J2NNS rqLX2+SgxE09x1IaJ0+DnMQBZp0NlL4Zx9x1POG6xwYFqt3DZVloy8GiS6ePmLrObTET Jz50h5PUZc+TXUqslIuNEs2glKzjlTnVh7wkiWURZlJRwknTcGXXGFXdsVaLRXKRosa8 pmZw== X-Gm-Message-State: APjAAAUDNA/hwBgKlC1fdaZuJFPhJukq2NXvbLL1k8U2WZu2Lagsfhqv uuftCux0dC7+ddzuXSWAG0CA5g== X-Received: by 2002:a7b:cc97:: with SMTP id p23mr4442634wma.111.1570549230029; Tue, 08 Oct 2019 08:40:30 -0700 (PDT) Received: from localhost.localdomain (laubervilliers-657-1-83-120.w92-154.abo.wanadoo.fr. [92.154.90.120]) by smtp.gmail.com with ESMTPSA id x16sm16784723wrl.32.2019.10.08.08.40.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Oct 2019 08:40:28 -0700 (PDT) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: stable@vger.kernel.org, Marc Zyngier , Will Deacon , Ard Biesheuvel Subject: [PATCH for-stable-v4.19 16/16] arm64: Force SSBS on context switch Date: Tue, 8 Oct 2019 17:39:30 +0200 Message-Id: <20191008153930.15386-17-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191008153930.15386-1-ard.biesheuvel@linaro.org> References: <20191008153930.15386-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Marc Zyngier [ Upstream commit cbdf8a189a66001c36007bf0f5c975d0376c5c3a ] On a CPU that doesn't support SSBS, PSTATE[12] is RES0. In a system where only some of the CPUs implement SSBS, we end-up losing track of the SSBS bit across task migration. To address this issue, let's force the SSBS bit on context switch. Fixes: 8f04e8e6e29c ("arm64: ssbd: Add support for PSTATE.SSBS rather than trapping to EL3") Signed-off-by: Marc Zyngier [will: inverted logic and added comments] Signed-off-by: Will Deacon Signed-off-by: Ard Biesheuvel --- arch/arm64/include/asm/processor.h | 14 ++++++++-- arch/arm64/kernel/process.c | 29 +++++++++++++++++++- 2 files changed, 40 insertions(+), 3 deletions(-) -- 2.20.1 diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h index ad208bd402f7..773ea8e0e442 100644 --- a/arch/arm64/include/asm/processor.h +++ b/arch/arm64/include/asm/processor.h @@ -177,6 +177,16 @@ static inline void start_thread_common(struct pt_regs *regs, unsigned long pc) regs->pc = pc; } +static inline void set_ssbs_bit(struct pt_regs *regs) +{ + regs->pstate |= PSR_SSBS_BIT; +} + +static inline void set_compat_ssbs_bit(struct pt_regs *regs) +{ + regs->pstate |= PSR_AA32_SSBS_BIT; +} + static inline void start_thread(struct pt_regs *regs, unsigned long pc, unsigned long sp) { @@ -184,7 +194,7 @@ static inline void start_thread(struct pt_regs *regs, unsigned long pc, regs->pstate = PSR_MODE_EL0t; if (arm64_get_ssbd_state() != ARM64_SSBD_FORCE_ENABLE) - regs->pstate |= PSR_SSBS_BIT; + set_ssbs_bit(regs); regs->sp = sp; } @@ -203,7 +213,7 @@ static inline void compat_start_thread(struct pt_regs *regs, unsigned long pc, #endif if (arm64_get_ssbd_state() != ARM64_SSBD_FORCE_ENABLE) - regs->pstate |= PSR_AA32_SSBS_BIT; + set_compat_ssbs_bit(regs); regs->compat_sp = sp; } diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index ce99c58cd1f1..bc2226608e13 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -360,7 +360,7 @@ int copy_thread(unsigned long clone_flags, unsigned long stack_start, childregs->pstate |= PSR_UAO_BIT; if (arm64_get_ssbd_state() == ARM64_SSBD_FORCE_DISABLE) - childregs->pstate |= PSR_SSBS_BIT; + set_ssbs_bit(childregs); p->thread.cpu_context.x19 = stack_start; p->thread.cpu_context.x20 = stk_sz; @@ -401,6 +401,32 @@ void uao_thread_switch(struct task_struct *next) } } +/* + * Force SSBS state on context-switch, since it may be lost after migrating + * from a CPU which treats the bit as RES0 in a heterogeneous system. + */ +static void ssbs_thread_switch(struct task_struct *next) +{ + struct pt_regs *regs = task_pt_regs(next); + + /* + * Nothing to do for kernel threads, but 'regs' may be junk + * (e.g. idle task) so check the flags and bail early. + */ + if (unlikely(next->flags & PF_KTHREAD)) + return; + + /* If the mitigation is enabled, then we leave SSBS clear. */ + if ((arm64_get_ssbd_state() == ARM64_SSBD_FORCE_ENABLE) || + test_tsk_thread_flag(next, TIF_SSBD)) + return; + + if (compat_user_mode(regs)) + set_compat_ssbs_bit(regs); + else if (user_mode(regs)) + set_ssbs_bit(regs); +} + /* * We store our current task in sp_el0, which is clobbered by userspace. Keep a * shadow copy so that we can restore this upon entry from userspace. @@ -429,6 +455,7 @@ __notrace_funcgraph struct task_struct *__switch_to(struct task_struct *prev, contextidr_thread_switch(next); entry_task_switch(next); uao_thread_switch(next); + ssbs_thread_switch(next); /* * Complete any pending TLB or cache maintenance on this CPU in case