From patchwork Fri Jan 25 18:07:09 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Linton X-Patchwork-Id: 156625 Delivered-To: patch@linaro.org Received: by 2002:a02:48:0:0:0:0:0 with SMTP id 69csp652540jaa; Fri, 25 Jan 2019 10:07:41 -0800 (PST) X-Google-Smtp-Source: ALg8bN5/Zp+2JfYv3GkRRcR76h2N0fZcdjMX3hxUjW1SyukfoUI61iU7OmmfgncX+nF/c5XRuocc X-Received: by 2002:a62:1c0a:: with SMTP id c10mr11867674pfc.213.1548439661356; Fri, 25 Jan 2019 10:07:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548439661; cv=none; d=google.com; s=arc-20160816; b=aMDo+8lY7QNBEjnjitFutYESmN8RCUgZI9D1+Kqov1h/7AH3kM+w+ZjyGnZqTPUv0x KAY6vvTA3jEfuq3s4IE7cmTPqRR+/681Xh0ceGl4z22pyOCwrlCtIjjrWlU3ScUV/ZXK QpUE45HOYWbl2iVXkwGqt1+44+JM8TuOim06ZTcTeVGE3gSr3i2Jeu1/4C6g/1Yhcw/R /a+MedA0U+n8IjLBrkcz5S633UyUl8jfQIaev8vJ4Ar5nU2EVRMv4VnMUT7jWxIvCFr5 GNtG82Qc18NIHbnRNcBqUZCRMkWhlZ1RXyR0OB3euzuBrdAbt4y5JazLdDmP0N3g7PfU JX+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=eWWhQ3bicY9imQAW658XNmhEXzy+rstScrXNooZeQ7g=; b=CCV2FzngeDubjl9S2zuMgCtdzO0x/Oh/TfKv1Tf9pzL8lCz/q2x5i/frzMTT6YDRSK sGnmvnsy6IkjdkjXISav4iKlVqWP7QkJNqNqWpIl/Pv6w5rfS3HDVHb/hpPcFBxj4+DS VeQN2FQgajsr/kStL24OBSS6fxnmYcaY9wcg8qXOrx1Ytad1+YKS6FsQt8HFAL4xsivz plEPgMVrbcN/GneKxrgtnKTsgDkU2xGsk52w6aEPK+Ssh94HQTC5QzpLVKHwecMUjiN8 JwKrnkSX4p9S8yxZD9iDICf8tTz70164UlPUgVLlqwQqr7ZgjuLpPLEkyFUypFMFT9jO 9eag== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g124si24980949pgc.568.2019.01.25.10.07.41; Fri, 25 Jan 2019 10:07:41 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729438AbfAYSHj (ORCPT + 31 others); Fri, 25 Jan 2019 13:07:39 -0500 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:51880 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729392AbfAYSHc (ORCPT ); Fri, 25 Jan 2019 13:07:32 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 630BE1713; Fri, 25 Jan 2019 10:07:32 -0800 (PST) Received: from beelzebub.austin.arm.com (beelzebub.austin.arm.com [10.118.12.119]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id BBF513F5AF; Fri, 25 Jan 2019 10:07:31 -0800 (PST) From: Jeremy Linton To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will.deacon@arm.com, marc.zyngier@arm.com, suzuki.poulose@arm.com, dave.martin@arm.com, shankerd@codeaurora.org, linux-kernel@vger.kernel.org, ykaukab@suse.de, julien.thierry@arm.com, mlangsdo@redhat.com, steven.price@arm.com, stefan.wahren@i2se.com, Jeremy Linton Subject: [PATCH v4 10/12] arm64: add sysfs vulnerability show for spectre v2 Date: Fri, 25 Jan 2019 12:07:09 -0600 Message-Id: <20190125180711.1970973-11-jeremy.linton@arm.com> X-Mailer: git-send-email 2.17.2 In-Reply-To: <20190125180711.1970973-1-jeremy.linton@arm.com> References: <20190125180711.1970973-1-jeremy.linton@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add code to track whether all the cores in the machine are vulnerable, and whether all the vulnerable cores have been mitigated. Once we have that information we can add the sysfs stub and provide an accurate view of what is known about the machine. Signed-off-by: Jeremy Linton --- arch/arm64/kernel/cpu_errata.c | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) -- 2.17.2 Reviewed-by: Andre Przywara diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 024c83ffff99..caedf268c972 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -497,6 +497,10 @@ cpu_enable_cache_maint_trap(const struct arm64_cpu_capabilities *__unused) .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, \ CAP_MIDR_RANGE_LIST(midr_list) +/* Track overall mitigation state. We are only mitigated if all cores are ok */ +static bool __hardenbp_enab = true; +static bool __spectrev2_safe = true; + /* * List of CPUs that do not need any Spectre-v2 mitigation at all. */ @@ -507,6 +511,10 @@ static const struct midr_range spectre_v2_safe_list[] = { { /* sentinel */ } }; +/* + * Track overall bp hardening for all heterogeneous cores in the machine. + * We are only considered "safe" if all booted cores are known safe. + */ static bool __maybe_unused check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope) { @@ -528,12 +536,19 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope) if (!need_wa) return false; - if (need_wa < 0) + __spectrev2_safe = false; + + if (need_wa < 0) { pr_warn_once("ARM_SMCCC_ARCH_WORKAROUND_1 missing from firmware\n"); + __hardenbp_enab = false; + } /* forced off */ - if (__nospectre_v2) + if (__nospectre_v2) { + pr_info_once("spectrev2 mitigation disabled by command line option\n"); + __hardenbp_enab = false; return false; + } return (need_wa > 0); } @@ -757,4 +772,16 @@ ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, return sprintf(buf, "Mitigation: __user pointer sanitization\n"); } +ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, + char *buf) +{ + if (__spectrev2_safe) + return sprintf(buf, "Not affected\n"); + + if (__hardenbp_enab) + return sprintf(buf, "Mitigation: Branch predictor hardening\n"); + + return sprintf(buf, "Vulnerable\n"); +} + #endif