From patchwork Thu Mar 21 23:05:47 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Linton X-Patchwork-Id: 160824 Delivered-To: patch@linaro.org Received: by 2002:a02:c6d8:0:0:0:0:0 with SMTP id r24csp139810jan; Thu, 21 Mar 2019 16:06:08 -0700 (PDT) X-Google-Smtp-Source: APXvYqwYEPSpbfvBjAeywpX6JJoLF/C8rHd7XdsggVFH4Ae5Ui3d1OpyU0yFv1GtXoOwr8+8Unu0 X-Received: by 2002:a62:4610:: with SMTP id t16mr6035463pfa.217.1553209568885; Thu, 21 Mar 2019 16:06:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553209568; cv=none; d=google.com; s=arc-20160816; b=kczpUMELEv00tWqZxav3ZV/rFolL9vcvBn61kRNLOu7ohLHncXZ3PPYyZlleLwtY1Q TpSkquOp/K/xK4T2eLyCGMJz5fFQBici8sbLRQtBp0xFILfwzetNiJcXrmCCurFooe71 2KGbP7xyt5iqBV0DqjIoB8D80itYXU2ME4kLC8ny4zsUGsqzFbQgr4b84r74pLzKfWAB izCZfMNrC4oR6u2djVUru9Rh7ZIGtyTlesW6MC5jj9zqU99/QJqh9QrGW/ZhQx/xiAae DZ0YDrwEx0PmUIBA+JmYa+EW++ot2KGdRGOfw+zA3xl1C9dIdltVZo7iv3MHwcQ5ALeD YxAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=Hpc3UmTYVschFWGPO/VCjTJLPRItrauzhff76dl+rMI=; b=HEfnc0kMEjKcdIQ1bWw2eZ1rPUwTo+KBBYHQsGeqGhzQYCHVoxNKvxmH1KKOXQce0x QeJpofFur6daPU9CXcbyStB8Nu8Ln/7vnM5aQznfGh1bQ+HYbTzFGBvmt7L6Nih/9oTQ yZsb/+lOKy3rPS81bOVIqhcFeqMQeKemnHDworGmariDodp5B8ITAO/Z5Xv6cyUt6T08 PJL6Pds65Ay8twM16cVdGgJOAhuLvdViazcNcKtHKW6LI4uFdHpUQTXvMVQNWSOst2K9 E3Anw8NbCmINC/PQ0QMtBVE4lpvYIpdf72lPbN7cS8gG9JaLenEriZyLcl/hKXu3Zwdm 7cRw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h35si5833716plb.180.2019.03.21.16.06.07; Thu, 21 Mar 2019 16:06:08 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727362AbfCUXGG (ORCPT + 31 others); Thu, 21 Mar 2019 19:06:06 -0400 Received: from foss.arm.com ([217.140.101.70]:35688 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726695AbfCUXGG (ORCPT ); Thu, 21 Mar 2019 19:06:06 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 65040374; Thu, 21 Mar 2019 16:06:05 -0700 (PDT) Received: from beelzebub.austin.arm.com (mammon-tx2.austin.arm.com [10.118.29.246]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id BBDFA3F614; Thu, 21 Mar 2019 16:06:04 -0700 (PDT) From: Jeremy Linton To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will.deacon@arm.com, marc.zyngier@arm.com, suzuki.poulose@arm.com, Dave.Martin@arm.com, shankerd@codeaurora.org, julien.thierry@arm.com, mlangsdo@redhat.com, stefan.wahren@i2e.com, Andre.Przywara@arm.com, linux-kernel@vger.kernel.org, Jeremy Linton Subject: [PATCH v6 00/10] arm64: add system vulnerability sysfs entries Date: Thu, 21 Mar 2019 18:05:47 -0500 Message-Id: <20190321230557.45107-1-jeremy.linton@arm.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Arm64 machines should be displaying a human readable vulnerability status to speculative execution attacks in /sys/devices/system/cpu/vulnerabilities This series enables that behavior by providing the expected functions. Those functions expose the cpu errata and feature states, as well as whether firmware is responding appropriately to display the overall machine status. This means that in a heterogeneous machine we will only claim the machine is mitigated or safe if we are confident all booted cores are safe or mitigated. v5->v6: Invert meltdown logic to display that a core is safe rather than mitigated if the mitigation has been enabled on machines that are safe. This can happen when the mitigation was forced on via command line or KASLR. This means that in order to detect if kpti is enabled other methods must be used (look at dmesg) when the machine isn't itself susceptible to meltdown. Trivial whitespace tweaks. v4->v5: Revert the changes to remove the CONFIG_EXPERT hidden options, but leave the detection paths building without #ifdef wrappers. Also remove the CONFIG_GENERIC_CPU_VULNERABILITIES #ifdefs as we are 'select'ing the option in the Kconfig. This allows us to keep all three variations of the CONFIG/enable/disable paths without a lot of (CONFIG_X || CONFIG_Y) checks. Various bits/pieces moved between the patches in an attempt to keep similar features/changes together. v3->v4: Drop the patch which selectivly exports sysfs entries Remove the CONFIG_EXPERT hidden options which allowed the kernel to be built without the vulnerability detection code. Pick Marc Z's patches which invert the white/black lists for spectrev2 and clean up the firmware detection logic. Document the existing kpti controls Add a nospectre_v2 option to boot time disable the mitigation v2->v3: Remove "Unknown" states, replace with further blacklists and default vulnerable/not affected states. Add the ability for an arch port to selectively export sysfs vulnerabilities. v1->v2: Add "Unknown" state to ABI/testing docs. Minor tweaks. Jeremy Linton (6): arm64: Provide a command line to disable spectre_v2 mitigation arm64: add sysfs vulnerability show for meltdown arm64: Always enable spectrev2 vulnerability detection arm64: add sysfs vulnerability show for spectre v2 arm64: Always enable ssb vulnerability detection arm64: add sysfs vulnerability show for speculative store bypass Marc Zyngier (2): arm64: Advertise mitigation of Spectre-v2, or lack thereof arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 Mian Yousaf Kaukab (2): arm64: add sysfs vulnerability show for spectre v1 arm64: enable generic CPU vulnerabilites support .../admin-guide/kernel-parameters.txt | 8 +- arch/arm64/Kconfig | 1 + arch/arm64/include/asm/cpufeature.h | 4 - arch/arm64/kernel/cpu_errata.c | 239 +++++++++++++----- arch/arm64/kernel/cpufeature.c | 58 ++++- 5 files changed, 223 insertions(+), 87 deletions(-) -- 2.20.1 Reviewed-by: Catalin Marinas