From patchwork Wed Jan 9 23:55:38 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Linton X-Patchwork-Id: 10754993 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6459F6C5 for ; Wed, 9 Jan 2019 23:56:27 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 50F9A28C6F for ; Wed, 9 Jan 2019 23:56:27 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 41A5929289; Wed, 9 Jan 2019 23:56:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id B1EA128C6F for ; Wed, 9 Jan 2019 23:56:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=GV+/tRvzp+paqmRtucWCjE6kLQ71L9i5/1j9yFrQeKE=; b=PndL8UiJ3bXXkGZA5Ub1JQkeWI h9IpuYxKWQ/+M4jLOWtokMlGNhU+j7318wPjGiJtvl6Pucp8zQugA4huprserhNZuCCkvPfjvx03S Vn1Txq5x8WHLHTWaE0iDsN9APp24o3iwKhL091hEDoicGSSfZFNwVzInyE1zUxNRVXc10mOrQOUfr caOcq0trvp8NTYxTaxvflVHu7BVWq4BkOhJlydcB+NCbAMaJL2tjkx5G7yS+IrVCtpF7zGwCgViFT 5jEIwIP5RbdOrEyacItqlsQYCDcPfSxfjUx4UFlie7ZilOkwbJ6JUQ+xSGulxJIe/0jcwRH5tfspt XdxQyzAA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1ghNhu-0006S6-G4; Wed, 09 Jan 2019 23:56:22 +0000 Received: from foss.arm.com ([217.140.101.70]) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1ghNhR-0005xa-IN for linux-arm-kernel@lists.infradead.org; Wed, 09 Jan 2019 23:55:55 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id EE8C9EBD; Wed, 9 Jan 2019 15:55:50 -0800 (PST) Received: from beelzebub.austin.arm.com (beelzebub.austin.arm.com [10.118.12.119]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 019CC3F5AF; Wed, 9 Jan 2019 15:55:49 -0800 (PST) From: Jeremy Linton To: linux-arm-kernel@lists.infradead.org Subject: [PATCH v3 1/7] sysfs/cpu: Allow individual architectures to select vulnerabilities Date: Wed, 9 Jan 2019 17:55:38 -0600 Message-Id: <20190109235544.2992426-2-jeremy.linton@arm.com> X-Mailer: git-send-email 2.17.2 In-Reply-To: <20190109235544.2992426-1-jeremy.linton@arm.com> References: <20190109235544.2992426-1-jeremy.linton@arm.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190109_155553_669342_9DDB6C2B X-CRM114-Status: GOOD ( 14.25 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: mlangsdo@redhat.com, "Rafael J . Wysocki" , catalin.marinas@arm.com, will.deacon@arm.com, Ingo Molnar , stefan.wahren@i2se.com, Andi Kleen , julien.thierry@arm.com, steven.price@arm.com, Waiman Long , dave.martin@arm.com, suzuki.poulose@arm.com, marc.zyngier@arm.com, ykaukab@suse.de, Josh Poimboeuf , Thomas Gleixner , shankerd@codeaurora.org, Konrad Rzeszutek Wilk , Jiri Kosina , linux-kernel@vger.kernel.org, Jeremy Linton , Greg Kroah-Hartman MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP As suggested on the list, https://lkml.org/lkml/2019/1/4/282, there are a number of cases where its useful for a system to avoid exporting a sysfs entry for a given vulnerability. This set adds an architecture specific callback which returns the bitmap of vulnerabilities the architecture would like to advertise. Signed-off-by: Jeremy Linton Cc: Greg Kroah-Hartman Cc: Rafael J. Wysocki Cc: Thomas Gleixner Cc: Josh Poimboeuf Cc: Konrad Rzeszutek Wilk Cc: Ingo Molnar Cc: Waiman Long Cc: Andi Kleen Cc: Jiri Kosina --- drivers/base/cpu.c | 19 +++++++++++++++++++ include/linux/cpu.h | 7 +++++++ 2 files changed, 26 insertions(+) diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c index eb9443d5bae1..35f6dfb24cd6 100644 --- a/drivers/base/cpu.c +++ b/drivers/base/cpu.c @@ -561,6 +561,11 @@ static struct attribute *cpu_root_vulnerabilities_attrs[] = { NULL }; +uint __weak arch_supported_vuln_attr_fields(void) +{ + return VULN_MELTDOWN|VULN_SPECTREV1|VULN_SPECTREV2|VULN_SSB|VULN_L1TF; +} + static const struct attribute_group cpu_root_vulnerabilities_group = { .name = "vulnerabilities", .attrs = cpu_root_vulnerabilities_attrs, @@ -568,6 +573,20 @@ static const struct attribute_group cpu_root_vulnerabilities_group = { static void __init cpu_register_vulnerabilities(void) { + int fld; + int max_fields = ARRAY_SIZE(cpu_root_vulnerabilities_attrs) - 1; + struct attribute **hd = cpu_root_vulnerabilities_attrs; + uint enabled_fields = arch_supported_vuln_attr_fields(); + + /* only enable entries requested by the arch code */ + for (fld = 0; fld < max_fields; fld++) { + if (enabled_fields & 1 << fld) { + *hd = cpu_root_vulnerabilities_attrs[fld]; + hd++; + } + } + *hd = NULL; + if (sysfs_create_group(&cpu_subsys.dev_root->kobj, &cpu_root_vulnerabilities_group)) pr_err("Unable to register CPU vulnerabilities\n"); diff --git a/include/linux/cpu.h b/include/linux/cpu.h index 218df7f4d3e1..5e45814bcc24 100644 --- a/include/linux/cpu.h +++ b/include/linux/cpu.h @@ -189,4 +189,11 @@ static inline void cpu_smt_check_topology_early(void) { } static inline void cpu_smt_check_topology(void) { } #endif +/* generic cpu vulnerability attributes */ +#define VULN_MELTDOWN 0x01 +#define VULN_SPECTREV1 0x02 +#define VULN_SPECTREV2 0x04 +#define VULN_SSB 0x08 +#define VULN_L1TF 0x10 + #endif /* _LINUX_CPU_H_ */ From patchwork Wed Jan 9 23:55:39 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Linton X-Patchwork-Id: 10754991 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3B5DF6C5 for ; Wed, 9 Jan 2019 23:56:11 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 28111291AF for ; Wed, 9 Jan 2019 23:56:11 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1BE93292CB; Wed, 9 Jan 2019 23:56:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id C59FB291AF for ; Wed, 9 Jan 2019 23:56:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=0pyXBdPXcKL20eF8m7/YmfbIEgUdtFOySHcVrr8MLWg=; b=V2H1Jmb3ZxfkCTXHil/hsy0NqJ poWL8UiWyQXqSCfFgErWEk9N7iCBb5cjR3CY1xAVCUe0vhFq1kw9DWmjfr5cMAu/Vv1YyqFwusHfM epd3P7vAIJH3WpWyBOuKjhAuI+8nxeCJoP8S0UBu1htqroENCdlfPFU1EQL16YJ1UroQIrfFmiN7g e44O4n8Fbkz1z5Zf7FNAizx2XlRswIGph/15cowFD7XHgjN5sx/EV9eUMbAu4i0lI7CfD6Ja5Q6Kn dnEfQYukfmC9jahHfX1u54oVE74RLly6lTdYaWslXu6veXezypTtwMd4a0mlDxzf014oAkY0tlGyW 0WKulX9g==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1ghNhd-000698-Rv; Wed, 09 Jan 2019 23:56:05 +0000 Received: from foss.arm.com ([217.140.101.70]) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1ghNhR-0005xZ-IF for linux-arm-kernel@lists.infradead.org; Wed, 09 Jan 2019 23:55:54 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 5FA8AA78; Wed, 9 Jan 2019 15:55:52 -0800 (PST) Received: from beelzebub.austin.arm.com (beelzebub.austin.arm.com [10.118.12.119]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id AF7233F5AF; Wed, 9 Jan 2019 15:55:51 -0800 (PST) From: Jeremy Linton To: linux-arm-kernel@lists.infradead.org Subject: [PATCH v3 2/7] arm64: add sysfs vulnerability show for spectre v1 Date: Wed, 9 Jan 2019 17:55:39 -0600 Message-Id: <20190109235544.2992426-3-jeremy.linton@arm.com> X-Mailer: git-send-email 2.17.2 In-Reply-To: <20190109235544.2992426-1-jeremy.linton@arm.com> References: <20190109235544.2992426-1-jeremy.linton@arm.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190109_155553_607702_4AA62C64 X-CRM114-Status: UNSURE ( 8.49 ) X-CRM114-Notice: Please train this message. X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: stefan.wahren@i2se.com, mlangsdo@redhat.com, suzuki.poulose@arm.com, marc.zyngier@arm.com, catalin.marinas@arm.com, julien.thierry@arm.com, will.deacon@arm.com, linux-kernel@vger.kernel.org, Jeremy Linton , steven.price@arm.com, ykaukab@suse.de, dave.martin@arm.com, shankerd@codeaurora.org MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP From: Mian Yousaf Kaukab spectre v1, has been mitigated, and the mitigation is always active. Signed-off-by: Mian Yousaf Kaukab Signed-off-by: Jeremy Linton --- arch/arm64/kernel/cpu_errata.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 09ac548c9d44..8dde8c616b7e 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -109,6 +109,8 @@ cpu_enable_trap_ctr_access(const struct arm64_cpu_capabilities *__unused) atomic_t arm64_el2_vector_last_slot = ATOMIC_INIT(-1); +uint arm64_requested_vuln_attrs = VULN_SPECTREV1; + #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR #include #include @@ -742,3 +744,18 @@ const struct arm64_cpu_capabilities arm64_errata[] = { { } }; + +#ifdef CONFIG_GENERIC_CPU_VULNERABILITIES + +uint arch_supported_vuln_attr_fields(void) +{ + return arm64_requested_vuln_attrs; +} + +ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, + char *buf) +{ + return sprintf(buf, "Mitigation: __user pointer sanitization\n"); +} + +#endif From patchwork Wed Jan 9 23:55:40 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Linton X-Patchwork-Id: 10755033 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2B80D17D2 for ; Thu, 10 Jan 2019 00:11:45 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0FA2329316 for ; Thu, 10 Jan 2019 00:11:45 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id F2E0929332; Thu, 10 Jan 2019 00:11:44 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 9A08F29316 for ; Thu, 10 Jan 2019 00:11:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=pBqCktKDqGcQXjrE02AEEY/8GBMGKkTN7w1htdJdpIE=; b=JrAOIb7XYfiC0T831bwhZ0L/ql 5Vz1BE0EKml7octpVBXQ7eKfDieJJOKu7Vnek3YjZnZQHleSJUP8euVqFc9IUc4LsqidC7U+9b4UR B2s4+s7yANp/i3RPSZ/q6NroQyzuxD2Q3sSem/c/cir8DA1WvtRZsNz/fkmXebMJZKNtKqXiNuJ7L 6usqh4NClCKuGwHiCBUxzo7CLXB6Z6qqLVRPy9L/YvTXfl2CRergywTUybCx9Ji4tZ+PVBtd3JEAM 8i2Z7FU6M0VrhMHIVCGUs4urzuDtwSvYwwJuvINy3MpnFIw3XgKcCyooVeDwY/mmnAff4skXGpT9t 2PIiOLzQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1ghNwk-0004C6-Kv; Thu, 10 Jan 2019 00:11:42 +0000 Received: from foss.arm.com ([217.140.101.70]) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1ghNhR-0005xz-Sr for linux-arm-kernel@lists.infradead.org; Wed, 09 Jan 2019 23:55:59 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 953BA15BE; Wed, 9 Jan 2019 15:55:53 -0800 (PST) Received: from beelzebub.austin.arm.com (beelzebub.austin.arm.com [10.118.12.119]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id ED75C3F5AF; Wed, 9 Jan 2019 15:55:52 -0800 (PST) From: Jeremy Linton To: linux-arm-kernel@lists.infradead.org Subject: [PATCH v3 3/7] arm64: kpti: move check for non-vulnerable CPUs to a function Date: Wed, 9 Jan 2019 17:55:40 -0600 Message-Id: <20190109235544.2992426-4-jeremy.linton@arm.com> X-Mailer: git-send-email 2.17.2 In-Reply-To: <20190109235544.2992426-1-jeremy.linton@arm.com> References: <20190109235544.2992426-1-jeremy.linton@arm.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190109_155553_979337_DB911A3A X-CRM114-Status: GOOD ( 10.42 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: stefan.wahren@i2se.com, mlangsdo@redhat.com, suzuki.poulose@arm.com, marc.zyngier@arm.com, catalin.marinas@arm.com, julien.thierry@arm.com, will.deacon@arm.com, linux-kernel@vger.kernel.org, Jeremy Linton , steven.price@arm.com, ykaukab@suse.de, dave.martin@arm.com, shankerd@codeaurora.org MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP From: Mian Yousaf Kaukab Add is_meltdown_safe() which is a whitelist of known safe cores. Signed-off-by: Mian Yousaf Kaukab [Moved location of function] Signed-off-by: Jeremy Linton Reviewed-by: Suzuki K Poulose --- arch/arm64/kernel/cpufeature.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 4f272399de89..ab784d7a0083 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -947,8 +947,7 @@ has_useable_cnp(const struct arm64_cpu_capabilities *entry, int scope) #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 static int __kpti_forced; /* 0: not forced, >0: forced on, <0: forced off */ -static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, - int scope) +static bool is_cpu_meltdown_safe(void) { /* List of CPUs that are not vulnerable and don't need KPTI */ static const struct midr_range kpti_safe_list[] = { @@ -962,6 +961,15 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), { /* sentinel */ } }; + if (is_midr_in_range_list(read_cpuid_id(), kpti_safe_list)) + return true; + + return false; +} + +static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, + int scope) +{ char const *str = "command line option"; /* @@ -985,8 +993,7 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) return true; - /* Don't force KPTI for CPUs that are not vulnerable */ - if (is_midr_in_range_list(read_cpuid_id(), kpti_safe_list)) + if (is_cpu_meltdown_safe()) return false; /* Defer to CPU feature registers */ From patchwork Wed Jan 9 23:55:41 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Linton X-Patchwork-Id: 10754995 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 10FA413B5 for ; Wed, 9 Jan 2019 23:56:49 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F082A28C6F for ; Wed, 9 Jan 2019 23:56:48 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E496929289; Wed, 9 Jan 2019 23:56:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 68DAC28C6F for ; Wed, 9 Jan 2019 23:56:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=iADGnPVC7wvEAgHGSuaCTc7b7GE9YNDrm08X0gWuzJ8=; b=BgeHReWD1/WyWjdJ55abYHoI5G FWmMHaaebik4/mWcHeIU8N+CMT9T5F1sRVq7jpq1ip5ktMJ10D9RowtmFR4OYMx262uTaeqeoO1Jl w2Qb9F5fQ0rCY9qEGvFhOEU6HwXhFn/G9H0N9u6zdgn0J5uwQNpCHwGAp1ElhICgF/TYcYe91ugY0 ThDq7OJJ7RJ1p8rgIB1oysB6e+C9O9PzKCIPFv8Qy94vVpaqVo557U8/8E/lCiu+WRf1OXKqYLIMd NRIJtX6zHFNvT/D9rR2yYTohovUP4Na4VIwJzHQfkMDvzBoNZxa/trIHZwPK+DtAzSULVyrJNxX8H Zo6JN9WQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1ghNiH-0006mz-3v; Wed, 09 Jan 2019 23:56:45 +0000 Received: from foss.arm.com ([217.140.101.70]) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1ghNhT-0005xZ-F8 for linux-arm-kernel@lists.infradead.org; Wed, 09 Jan 2019 23:55:57 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id E675315BF; Wed, 9 Jan 2019 15:55:54 -0800 (PST) Received: from beelzebub.austin.arm.com (beelzebub.austin.arm.com [10.118.12.119]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 4AD533F5AF; Wed, 9 Jan 2019 15:55:54 -0800 (PST) From: Jeremy Linton To: linux-arm-kernel@lists.infradead.org Subject: [PATCH v3 4/7] arm64: add sysfs vulnerability show for meltdown Date: Wed, 9 Jan 2019 17:55:41 -0600 Message-Id: <20190109235544.2992426-5-jeremy.linton@arm.com> X-Mailer: git-send-email 2.17.2 In-Reply-To: <20190109235544.2992426-1-jeremy.linton@arm.com> References: <20190109235544.2992426-1-jeremy.linton@arm.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190109_155555_846483_ADC937D4 X-CRM114-Status: GOOD ( 11.50 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: stefan.wahren@i2se.com, mlangsdo@redhat.com, suzuki.poulose@arm.com, marc.zyngier@arm.com, catalin.marinas@arm.com, julien.thierry@arm.com, will.deacon@arm.com, linux-kernel@vger.kernel.org, Jeremy Linton , steven.price@arm.com, ykaukab@suse.de, dave.martin@arm.com, shankerd@codeaurora.org MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP Display the mitigation status if active, otherwise assume the cpu is safe unless it doesn't have CSV3 and isn't in our whitelist. Signed-off-by: Jeremy Linton --- arch/arm64/kernel/cpufeature.c | 32 +++++++++++++++++++++++++++----- 1 file changed, 27 insertions(+), 5 deletions(-) diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index ab784d7a0083..ef7bbc49ef78 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -944,8 +944,12 @@ has_useable_cnp(const struct arm64_cpu_capabilities *entry, int scope) return has_cpuid_feature(entry, scope); } +/* default value is invalid until unmap_kernel_at_el0() runs */ +static bool __meltdown_safe = true; + #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 static int __kpti_forced; /* 0: not forced, >0: forced on, <0: forced off */ +extern uint arm64_requested_vuln_attrs; static bool is_cpu_meltdown_safe(void) { @@ -972,6 +976,14 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, { char const *str = "command line option"; + bool meltdown_safe = is_cpu_meltdown_safe() || + has_cpuid_feature(entry, scope); + + if (!meltdown_safe) + __meltdown_safe = false; + + arm64_requested_vuln_attrs |= VULN_MELTDOWN; + /* * For reasons that aren't entirely clear, enabling KPTI on Cavium * ThunderX leads to apparent I-cache corruption of kernel text, which @@ -993,11 +1005,7 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) return true; - if (is_cpu_meltdown_safe()) - return false; - - /* Defer to CPU feature registers */ - return !has_cpuid_feature(entry, scope); + return !meltdown_safe; } static void @@ -2065,3 +2073,17 @@ static int __init enable_mrs_emulation(void) } core_initcall(enable_mrs_emulation); + +#ifdef CONFIG_GENERIC_CPU_VULNERABILITIES +ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, + char *buf) +{ + if (arm64_kernel_unmapped_at_el0()) + return sprintf(buf, "Mitigation: KPTI\n"); + + if (__meltdown_safe) + return sprintf(buf, "Not affected\n"); + + return sprintf(buf, "Vulnerable\n"); +} +#endif From patchwork Wed Jan 9 23:55:42 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Linton X-Patchwork-Id: 10754997 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 51D0917D2 for ; Wed, 9 Jan 2019 23:57:13 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3EC3529289 for ; Wed, 9 Jan 2019 23:57:13 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2F12029307; Wed, 9 Jan 2019 23:57:13 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id AEA6629289 for ; Wed, 9 Jan 2019 23:57:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=twpVXofTowBjt90yl0f2dXkhAHKMJ+BYY3+SPKEzKqA=; b=N5Z7vtOcrenOutwesAms5bo//A Yord6jZl7g1aZLJageAMhOX3kpMC98ye3kmXxDRJG0WfIQ61oiUFeccO6fx4l8lKr/roWe/u0oGPv N8svd2hO5onoXuRztZdiEkywlkueEDpe6bWENCIsX0E5VcQh5R1e0zd8FoByfwFlt30PHrME4zYcG GvYfhjJ4y7UiLAyJoGmC1OteXAHoyWShWW8XJ6F+dq61MPw/tSeaKOUwwkGbtIB9MvlaRivnnn6+U 2ynZm6dc6ro4spad31ehs835Q38IyPkYtnyEp/flE30sULtPB1k98f8KS26G9n1JtiobQPR++4lw/ hi2kXu8w==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1ghNif-0007BJ-RY; Wed, 09 Jan 2019 23:57:09 +0000 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70] helo=foss.arm.com) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1ghNhU-00060B-N8 for linux-arm-kernel@lists.infradead.org; Wed, 09 Jan 2019 23:56:03 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 2F09BA78; Wed, 9 Jan 2019 15:55:56 -0800 (PST) Received: from beelzebub.austin.arm.com (beelzebub.austin.arm.com [10.118.12.119]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 8795C3F5AF; Wed, 9 Jan 2019 15:55:55 -0800 (PST) From: Jeremy Linton To: linux-arm-kernel@lists.infradead.org Subject: [PATCH v3 5/7] arm64: add sysfs vulnerability show for spectre v2 Date: Wed, 9 Jan 2019 17:55:42 -0600 Message-Id: <20190109235544.2992426-6-jeremy.linton@arm.com> X-Mailer: git-send-email 2.17.2 In-Reply-To: <20190109235544.2992426-1-jeremy.linton@arm.com> References: <20190109235544.2992426-1-jeremy.linton@arm.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190109_155557_343846_D0B9D08C X-CRM114-Status: GOOD ( 14.64 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: stefan.wahren@i2se.com, mlangsdo@redhat.com, suzuki.poulose@arm.com, marc.zyngier@arm.com, catalin.marinas@arm.com, julien.thierry@arm.com, will.deacon@arm.com, linux-kernel@vger.kernel.org, Jeremy Linton , steven.price@arm.com, ykaukab@suse.de, dave.martin@arm.com, shankerd@codeaurora.org MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP Add code to track whether all the cores in the machine are vulnerable, and whether all the vulnerable cores have been mitigated. Once we have that information we can add the sysfs stub and provide an accurate view of what is known about the machine. Signed-off-by: Jeremy Linton --- arch/arm64/kernel/cpu_errata.c | 61 +++++++++++++++++++++++++++++++--- 1 file changed, 56 insertions(+), 5 deletions(-) diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 8dde8c616b7e..ee286d606d9b 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -111,6 +111,11 @@ atomic_t arm64_el2_vector_last_slot = ATOMIC_INIT(-1); uint arm64_requested_vuln_attrs = VULN_SPECTREV1; +#if defined(CONFIG_HARDEN_BRANCH_PREDICTOR) || defined(CONFIG_GENERIC_CPU_VULNERABILITIES) +/* Track overall mitigation state. We are only mitigated if all cores are ok */ +static bool __hardenbp_enab = true; +#endif + #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR #include #include @@ -233,15 +238,19 @@ enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) if (!entry->matches(entry, SCOPE_LOCAL_CPU)) return; - if (psci_ops.smccc_version == SMCCC_VERSION_1_0) + if (psci_ops.smccc_version == SMCCC_VERSION_1_0) { + __hardenbp_enab = false; return; + } switch (psci_ops.conduit) { case PSCI_CONDUIT_HVC: arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, ARM_SMCCC_ARCH_WORKAROUND_1, &res); - if ((int)res.a0 < 0) + if ((int)res.a0 < 0) { + __hardenbp_enab = false; return; + } cb = call_hvc_arch_workaround_1; /* This is a guest, no need to patch KVM vectors */ smccc_start = NULL; @@ -251,14 +260,17 @@ enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) case PSCI_CONDUIT_SMC: arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, ARM_SMCCC_ARCH_WORKAROUND_1, &res); - if ((int)res.a0 < 0) + if ((int)res.a0 < 0) { + __hardenbp_enab = false; return; + } cb = call_smc_arch_workaround_1; smccc_start = __smccc_workaround_1_smc_start; smccc_end = __smccc_workaround_1_smc_end; break; default: + __hardenbp_enab = false; return; } @@ -509,7 +521,32 @@ cpu_enable_cache_maint_trap(const struct arm64_cpu_capabilities *__unused) .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, \ CAP_MIDR_RANGE_LIST(midr_list) -#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR +#if defined(CONFIG_HARDEN_BRANCH_PREDICTOR) || \ + defined(CONFIG_GENERIC_CPU_VULNERABILITIES) + + +static bool __spectrev2_safe = true; + +/* + * Track overall bp hardening for all heterogeneous cores in the machine. + * We are only considered "safe" if all booted cores are known safe. + */ +static bool __maybe_unused +check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope) +{ + bool is_vul; + + WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible()); + + is_vul = is_midr_in_range_list(read_cpuid_id(), entry->midr_range_list); + + if (is_vul) + __spectrev2_safe = false; + + arm64_requested_vuln_attrs |= VULN_SPECTREV2; + + return is_vul; +} /* * List of CPUs where we need to issue a psci call to @@ -707,7 +744,9 @@ const struct arm64_cpu_capabilities arm64_errata[] = { { .capability = ARM64_HARDEN_BRANCH_PREDICTOR, .cpu_enable = enable_smccc_arch_workaround_1, - ERRATA_MIDR_RANGE_LIST(arm64_bp_harden_smccc_cpus), + .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, + .matches = check_branch_predictor, + .midr_range_list = arm64_bp_harden_smccc_cpus, }, #endif #ifdef CONFIG_HARDEN_EL2_VECTORS @@ -758,4 +797,16 @@ ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, return sprintf(buf, "Mitigation: __user pointer sanitization\n"); } +ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, + char *buf) +{ + if (__spectrev2_safe) + return sprintf(buf, "Not affected\n"); + + if (__hardenbp_enab) + return sprintf(buf, "Mitigation: Branch predictor hardening\n"); + + return sprintf(buf, "Vulnerable\n"); +} + #endif From patchwork Wed Jan 9 23:55:43 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Linton X-Patchwork-Id: 10754999 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 025B36C5 for ; Wed, 9 Jan 2019 23:57:29 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E245529289 for ; Wed, 9 Jan 2019 23:57:28 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D393C29307; Wed, 9 Jan 2019 23:57:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 437CC29289 for ; Wed, 9 Jan 2019 23:57:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=9LylZ6FS4SwBTAI+MQz04AvoeT7Ed12EJT/qO7ZT8sQ=; b=KeyfaR/UuvvpXDWDZIypFSjaVX zt+U6jKBG/yWTsDCHPOe0OTAZyoOiOcnaJmvl6ta3cKZdZVLHZzXvkQIvITDsULKULNyWoWtrisHJ yU5oeUQRZvw27kjPAKsU047MwdD8lmR1jRaUMl40RQcofNMZZHSZrRJ/C7cTbzi2dipstICPOso4k o04j9siEf24Ke40Ziw5Mk9FevBJc30c+yORauZU9e0MJrVO0P/Hyk4c/BUwzo/YDlCrbP2RRym25B 1TZoGpeQe5CUGxf2tOA8EINoaPuQhsKmMrtJaJIbrBTUlm8u2qQ5hRh3Kh2QKP2uuppwpbuCaYgxv Ld6z00tQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1ghNiv-0007Pl-JT; Wed, 09 Jan 2019 23:57:25 +0000 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70] helo=foss.arm.com) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1ghNhV-00061X-QC for linux-arm-kernel@lists.infradead.org; Wed, 09 Jan 2019 23:56:06 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 71001165C; Wed, 9 Jan 2019 15:55:57 -0800 (PST) Received: from beelzebub.austin.arm.com (beelzebub.austin.arm.com [10.118.12.119]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id C9AAA3F5AF; Wed, 9 Jan 2019 15:55:56 -0800 (PST) From: Jeremy Linton To: linux-arm-kernel@lists.infradead.org Subject: [PATCH v3 6/7] arm64: add sysfs vulnerability show for speculative store bypass Date: Wed, 9 Jan 2019 17:55:43 -0600 Message-Id: <20190109235544.2992426-7-jeremy.linton@arm.com> X-Mailer: git-send-email 2.17.2 In-Reply-To: <20190109235544.2992426-1-jeremy.linton@arm.com> References: <20190109235544.2992426-1-jeremy.linton@arm.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190109_155558_321621_E6481943 X-CRM114-Status: GOOD ( 13.03 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: stefan.wahren@i2se.com, mlangsdo@redhat.com, suzuki.poulose@arm.com, marc.zyngier@arm.com, catalin.marinas@arm.com, julien.thierry@arm.com, will.deacon@arm.com, linux-kernel@vger.kernel.org, Jeremy Linton , steven.price@arm.com, ykaukab@suse.de, dave.martin@arm.com, shankerd@codeaurora.org MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP Return status based on ssbd_state and the arm64 SSBS feature. If the mitigation is disabled, or the firmware isn't responding then return the expected machine state based on a new blacklist of known vulnerable cores. Signed-off-by: Jeremy Linton --- arch/arm64/kernel/cpu_errata.c | 48 ++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index ee286d606d9b..c8ff96158b94 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -288,6 +288,7 @@ enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) DEFINE_PER_CPU_READ_MOSTLY(u64, arm64_ssbd_callback_required); int ssbd_state __read_mostly = ARM64_SSBD_KERNEL; +static bool __ssb_safe = true; static const struct ssbd_options { const char *str; @@ -385,10 +386,18 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, { struct arm_smccc_res res; bool required = true; + bool is_vul; s32 val; WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible()); + is_vul = is_midr_in_range_list(read_cpuid_id(), entry->midr_range_list); + + if (is_vul) + __ssb_safe = false; + + arm64_requested_vuln_attrs |= VULN_SSB; + if (this_cpu_has_cap(ARM64_SSBS)) { required = false; goto out_printmsg; @@ -422,6 +431,7 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, ssbd_state = ARM64_SSBD_UNKNOWN; return false; + /* machines with mixed mitigation requirements must not return this */ case SMCCC_RET_NOT_REQUIRED: pr_info_once("%s mitigation not required\n", entry->desc); ssbd_state = ARM64_SSBD_MITIGATED; @@ -476,6 +486,17 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry, return required; } + +/* known vulnerable cores */ +static const struct midr_range arm64_ssb_cpus[] = { + MIDR_ALL_VERSIONS(MIDR_CORTEX_A57), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A72), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A75), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A76), + {}, +}; + #endif /* CONFIG_ARM64_SSBD */ static void __maybe_unused @@ -762,6 +783,7 @@ const struct arm64_cpu_capabilities arm64_errata[] = { .capability = ARM64_SSBD, .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, .matches = has_ssbd_mitigation, + .midr_range_list = arm64_ssb_cpus, }, #endif #ifdef CONFIG_ARM64_ERRATUM_1188873 @@ -809,4 +831,30 @@ ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, return sprintf(buf, "Vulnerable\n"); } +ssize_t cpu_show_spec_store_bypass(struct device *dev, + struct device_attribute *attr, char *buf) +{ + /* + * Two assumptions: First, get_ssbd_state() reflects the worse case + * for hetrogenous machines, and that if SSBS is supported its + * supported by all cores. + */ + switch (arm64_get_ssbd_state()) { + case ARM64_SSBD_MITIGATED: + return sprintf(buf, "Not affected\n"); + + case ARM64_SSBD_KERNEL: + case ARM64_SSBD_FORCE_ENABLE: + if (cpus_have_cap(ARM64_SSBS)) + return sprintf(buf, "Not affected\n"); + return sprintf(buf, + "Mitigation: Speculative Store Bypass disabled\n"); + } + + if (__ssb_safe) + return sprintf(buf, "Not affected\n"); + + return sprintf(buf, "Vulnerable\n"); +} + #endif From patchwork Wed Jan 9 23:55:44 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Linton X-Patchwork-Id: 10755001 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D660313B5 for ; Wed, 9 Jan 2019 23:57:45 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C34FC29289 for ; Wed, 9 Jan 2019 23:57:45 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B764A29307; Wed, 9 Jan 2019 23:57:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 4497129289 for ; Wed, 9 Jan 2019 23:57:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=SPJgMzWiPH21f8u/27fFO3Vg1B9hiF63mG6E8wUAD0I=; b=pTnnFXnq37nd9qB5nOhCEf6LZm XDeQD+YOES3PrHfFLc4AMBQIT3nPZweXX9JCMj1JZcw8Gc/vPAOwFTMBhkfVmthbHaqdT+Qb0DwDx 6vKdmZQWbJrzyKR/uWnQuFz2whNclM3z45KIwXdaewWeL86ixtBDIvHDOchHrxb/VYJvDNgnZ3vL/ W6Ctb5Rek7X2EWU+F0j+OqvY2uO1l+mjDUa/wWa9DoRyxyJMEg9aLNPdIFbUT+c5YNyiWnoxCH+Hx 4454mfu1l5MZ2bAcm/UluWP0PSdxrOmugBcnT9PStoow76XbedCHiY6v2W/urJ5s2Ix3JVCrQEjLt bz4g/0cA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1ghNj9-0007d7-4Y; Wed, 09 Jan 2019 23:57:39 +0000 Received: from foss.arm.com ([217.140.101.70]) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1ghNhW-0005xZ-PK for linux-arm-kernel@lists.infradead.org; Wed, 09 Jan 2019 23:56:06 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id AF24515BF; Wed, 9 Jan 2019 15:55:58 -0800 (PST) Received: from beelzebub.austin.arm.com (beelzebub.austin.arm.com [10.118.12.119]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 08D263F5AF; Wed, 9 Jan 2019 15:55:57 -0800 (PST) From: Jeremy Linton To: linux-arm-kernel@lists.infradead.org Subject: [PATCH v3 7/7] arm64: enable generic CPU vulnerabilites support Date: Wed, 9 Jan 2019 17:55:44 -0600 Message-Id: <20190109235544.2992426-8-jeremy.linton@arm.com> X-Mailer: git-send-email 2.17.2 In-Reply-To: <20190109235544.2992426-1-jeremy.linton@arm.com> References: <20190109235544.2992426-1-jeremy.linton@arm.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190109_155559_211258_1B492CE0 X-CRM114-Status: UNSURE ( 8.69 ) X-CRM114-Notice: Please train this message. X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: stefan.wahren@i2se.com, mlangsdo@redhat.com, suzuki.poulose@arm.com, marc.zyngier@arm.com, catalin.marinas@arm.com, julien.thierry@arm.com, will.deacon@arm.com, linux-kernel@vger.kernel.org, Jeremy Linton , steven.price@arm.com, ykaukab@suse.de, dave.martin@arm.com, shankerd@codeaurora.org MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP From: Mian Yousaf Kaukab Enable CPU vulnerabilty show functions for spectre_v1, spectre_v2, meltdown and store-bypass. Signed-off-by: Mian Yousaf Kaukab Signed-off-by: Jeremy Linton --- arch/arm64/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index a4168d366127..be9872ee1d61 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -88,6 +88,7 @@ config ARM64 select GENERIC_CLOCKEVENTS select GENERIC_CLOCKEVENTS_BROADCAST select GENERIC_CPU_AUTOPROBE + select GENERIC_CPU_VULNERABILITIES select GENERIC_EARLY_IOREMAP select GENERIC_IDLE_POLL_SETUP select GENERIC_IRQ_MULTI_HANDLER