From patchwork Wed Feb 27 01:05:41 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Linton X-Patchwork-Id: 159254 Delivered-To: patch@linaro.org Received: by 2002:a02:5cc1:0:0:0:0:0 with SMTP id w62csp3852002jad; Tue, 26 Feb 2019 17:06:37 -0800 (PST) X-Google-Smtp-Source: AHgI3Ibte3b79gj1xjCBbki3LUiYuWe7bgvumEEi6Lpt8BQEj07meBY+qgskplIzMsus2Mi3DizG X-Received: by 2002:a63:d49:: with SMTP id 9mr306927pgn.27.1551229597414; Tue, 26 Feb 2019 17:06:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551229597; cv=none; d=google.com; s=arc-20160816; b=VfycA+TV6TF+/EeJ76gqAepDgEaz49Bxuwlb5qR9VUNbRdwsRsgMM950z3PyvjRHe9 4wKL/gv0jQrgH/dlMixst5vTi0OpJpHC3V4mzfSgOiOPyDzKBYgUqmF5DPmP3uhp8hkA DmCdjJ8JAUeffowTu25vJeYIDHt1J3EgLV6sNNYdcYLY+eCCzXa2af42gR97ZVJnOsS6 yvRdLHT8Er/IX8rSHm1Rv/NUZbgkAxJ4b/2Edq9OUyvtwOZOqHn9p2iG4qWtOTEqEwhQ QEOC+bca0Bwkq2d30H0r/l7Tibf3Kd6nW5pwhLaU8ulxcd8+Xb2mpGNd7o3gxkUF/WQo PzKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=Z4xGFeXPWqEvCribVErp1TtD/jZLGHSb5E5XsELMTiE=; b=iBzJGbsFPeL6Ki9GAp2Y5EUp/WtkgntSjR0FOmqfFHBPb+44G3B6nJ7clddpIzg1o0 0iGkDJ9gnbOBiIHEySYO6qwruc3od6ReIxrrbYiysW3N+eaaiJwSrqFyRI3bzSb08eNF zLreyW3TguGFHqB6aUupReRqJW6cw2mxe6hJGPN4hqIFZpZZ1KTvoxhNF5XKyS7oqHYA f8OLXRdfs87dmIM8hoNQMl/cKNhCGmHBj2fh6JJIFxCokyOX60D5KmKTV7Kw7hJ3x5e7 W7vI+qzkW0kRlcq9O/XP2EJ12SW/Gm/sh2oqmxigRxtJDoakekKUHqW5ayei8y8yp55i w9ng== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d186si14371572pfg.50.2019.02.26.17.06.37; Tue, 26 Feb 2019 17:06:37 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729660AbfB0BGb (ORCPT + 31 others); Tue, 26 Feb 2019 20:06:31 -0500 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:55672 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729564AbfB0BGJ (ORCPT ); Tue, 26 Feb 2019 20:06:09 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 18F9280D; Tue, 26 Feb 2019 17:06:09 -0800 (PST) Received: from beelzebub.austin.arm.com (beelzebub.austin.arm.com [10.118.12.119]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 7ABD03F5C1; Tue, 26 Feb 2019 17:06:08 -0800 (PST) From: Jeremy Linton To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will.deacon@arm.com, marc.zyngier@arm.com, suzuki.poulose@arm.com, Dave.Martin@arm.com, shankerd@codeaurora.org, julien.thierry@arm.com, mlangsdo@redhat.com, stefan.wahren@i2e.com, Andre.Przywara@arm.com, linux-kernel@vger.kernel.org, Jeremy Linton Subject: [PATCH v5 07/10] arm64: add sysfs vulnerability show for spectre v2 Date: Tue, 26 Feb 2019 19:05:41 -0600 Message-Id: <20190227010544.597579-8-jeremy.linton@arm.com> X-Mailer: git-send-email 2.17.2 In-Reply-To: <20190227010544.597579-1-jeremy.linton@arm.com> References: <20190227010544.597579-1-jeremy.linton@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add code to track whether all the cores in the machine are vulnerable, and whether all the vulnerable cores have been mitigated. Once we have that information we can add the sysfs stub and provide an accurate view of what is known about the machine. Signed-off-by: Jeremy Linton --- arch/arm64/kernel/cpu_errata.c | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) -- 2.20.1 Reviewed-by: Andre Przywara diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index a27e1ee750e1..0f6e8f5d67bc 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -513,6 +513,10 @@ cpu_enable_cache_maint_trap(const struct arm64_cpu_capabilities *__unused) .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, \ CAP_MIDR_RANGE_LIST(midr_list) +/* Track overall mitigation state. We are only mitigated if all cores are ok */ +static bool __hardenbp_enab = true; +static bool __spectrev2_safe = true; + /* * List of CPUs that do not need any Spectre-v2 mitigation at all. */ @@ -523,6 +527,10 @@ static const struct midr_range spectre_v2_safe_list[] = { { /* sentinel */ } }; +/* + * Track overall bp hardening for all heterogeneous cores in the machine. + * We are only considered "safe" if all booted cores are known safe. + */ static bool __maybe_unused check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope) { @@ -544,19 +552,25 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope) if (!need_wa) return false; + __spectrev2_safe = false; + if (!IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR)) { pr_warn_once("spectrev2 mitigation disabled by configuration\n"); + __hardenbp_enab = false; return false; } /* forced off */ if (__nospectre_v2) { pr_info_once("spectrev2 mitigation disabled by command line option\n"); + __hardenbp_enab = false; return false; } - if (need_wa < 0) + if (need_wa < 0) { pr_warn_once("ARM_SMCCC_ARCH_WORKAROUND_1 missing from firmware\n"); + __hardenbp_enab = false; + } return (need_wa > 0); } @@ -779,3 +793,15 @@ ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, { return sprintf(buf, "Mitigation: __user pointer sanitization\n"); } + +ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, + char *buf) +{ + if (__spectrev2_safe) + return sprintf(buf, "Not affected\n"); + + if (__hardenbp_enab) + return sprintf(buf, "Mitigation: Branch predictor hardening\n"); + + return sprintf(buf, "Vulnerable\n"); +}