[12/19] arm64: Treat SSBS as a non-strict system feature

Message ID	20200918164729.31994-13-will@kernel.org (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=p7Vf=C3=lists.infradead.org=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9546620789 From: Will Deacon <will@kernel.org> To: linux-arm-kernel@lists.infradead.org Subject: [PATCH 12/19] arm64: Treat SSBS as a non-strict system feature Date: Fri, 18 Sep 2020 17:47:22 +0100 Message-Id: <20200918164729.31994-13-will@kernel.org> In-Reply-To: <20200918164729.31994-1-will@kernel.org> References: <20200918164729.31994-1-will@kernel.org> MIME-Version: 1.0 summary: Content analysis details: (-8.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at https://www.dnswl.org/, high trust [198.145.29.99 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -3.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender Precedence: list Cc: Catalin Marinas <catalin.marinas@arm.com>, David Brazdil <dbrazdil@google.com>, Will Deacon <will@kernel.org>, Suzuki K Poulose <suzuki.poulose@arm.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org> Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org
Series	Fix and rewrite arm64 spectre mitigations \| expand [00/19] Fix and rewrite arm64 spectre mitigations [01/19] arm64: Make use of ARCH_WORKAROUND_1 even when KVM is not enabled [02/19] arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs [03/19] arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs [04/19] arm64: Remove Spectre-related CONFIG_* options [05/19] KVM: arm64: Replace CONFIG_KVM_INDIRECT_VECTORS with CONFIG_RANDOMIZE_BASE [06/19] KVM: arm64: Simplify install_bp_hardening_cb() [07/19] arm64: Rename ARM64_HARDEN_BRANCH_PREDICTOR to ARM64_SPECTRE_V2 [08/19] arm64: Introduce separate file for spectre mitigations and reporting [09/19] arm64: Rewrite Spectre-v2 mitigation code [10/19] KVM: arm64: Set CSV2 for guests on hardware unaffected by Spectre-v2 [11/19] arm64: Group start_thread() functions together [12/19] arm64: Treat SSBS as a non-strict system feature [13/19] arm64: Rename ARM64_SSBD to ARM64_SPECTRE_V4 [14/19] arm64: Move SSBD prctl() handler alongside other spectre mitigation code [15/19] arm64: Rewrite Spectre-v4 mitigation code [16/19] KVM: arm64: Simplify handling of ARCH_WORKAROUND_2 [17/19] KVM: arm64: Get rid of kvm_arm_have_ssbd() [18/19] KVM: arm64: Convert ARCH_WORKAROUND_2 to arm64_get_spectre_v4_state() [19/19] arm64: Get rid of arm64_ssbd_state

Message ID

20200918164729.31994-13-will@kernel.org (mailing list archive)

State

New, archived

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9546620789
From: Will Deacon <will@kernel.org>
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH 12/19] arm64: Treat SSBS as a non-strict system feature
Date: Fri, 18 Sep 2020 17:47:22 +0100
Message-Id: <20200918164729.31994-13-will@kernel.org>
In-Reply-To: <20200918164729.31994-1-will@kernel.org>
References: <20200918164729.31994-1-will@kernel.org>
MIME-Version: 1.0
Precedence: list
Cc: Catalin Marinas <catalin.marinas@arm.com>,
 David Brazdil <dbrazdil@google.com>, Will Deacon <will@kernel.org>,
 Suzuki K Poulose <suzuki.poulose@arm.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org

Series

Fix and rewrite arm64 spectre mitigations | expand

Commit Message

Will Deacon Sept. 18, 2020, 4:47 p.m. UTC

If all CPUs discovered during boot have SSBS, then spectre-v4 will be
considered to be "mitigated". However, we still allow late CPUs without
SSBS to be onlined, albeit with a "SANITY CHECK" warning. This is
problematic for userspace because it means that the system can quietly
transition to "Vulnerable" at runtime.

Avoid this by treating SSBS as a non-strict system feature: if all of
the CPUs discovered during boot have SSBS, then late arriving secondaries
better have it as well.

Signed-off-by: Will Deacon <will@kernel.org>
---
 arch/arm64/kernel/cpufeature.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 4bb45b1d4ae4..033e6c952705 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -227,7 +227,7 @@  static const struct arm64_ftr_bits ftr_id_aa64pfr0[] = {
 static const struct arm64_ftr_bits ftr_id_aa64pfr1[] = {
 	ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_MPAMFRAC_SHIFT, 4, 0),
 	ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_RASFRAC_SHIFT, 4, 0),
-	ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_SSBS_SHIFT, 4, ID_AA64PFR1_SSBS_PSTATE_NI),
+	ARM64_FTR_BITS(FTR_VISIBLE, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR1_SSBS_SHIFT, 4, ID_AA64PFR1_SSBS_PSTATE_NI),
 	ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_BTI),
 				    FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_BT_SHIFT, 4, 0),
 	ARM64_FTR_END,
@@ -487,7 +487,7 @@  static const struct arm64_ftr_bits ftr_id_pfr1[] = {
 };
 
 static const struct arm64_ftr_bits ftr_id_pfr2[] = {
-	ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_PFR2_SSBS_SHIFT, 4, 0),
+	ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_PFR2_SSBS_SHIFT, 4, 0),
 	ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_PFR2_CSV3_SHIFT, 4, 0),
 	ARM64_FTR_END,
 };
@@ -1977,7 +1977,7 @@  static const struct arm64_cpu_capabilities arm64_features[] = {
 	{
 		.desc = "Speculative Store Bypassing Safe (SSBS)",
 		.capability = ARM64_SSBS,
-		.type = ARM64_CPUCAP_WEAK_LOCAL_CPU_FEATURE,
+		.type = ARM64_CPUCAP_SYSTEM_FEATURE,
 		.matches = has_cpuid_feature,
 		.sys_reg = SYS_ID_AA64PFR1_EL1,
 		.field_pos = ID_AA64PFR1_SSBS_SHIFT,

[12/19] arm64: Treat SSBS as a non-strict system feature

Commit Message

Patch