Re: [PATCH v6 03/10] arm64: add sysfs vulnerability show for meltdown

From: Andre Przywara <andre.przywara@arm.com>
To: Jeremy Linton <jeremy.linton@arm.com>
Cc: <linux-arm-kernel@lists.infradead.org>, <catalin.marinas@arm.com>,
	<will.deacon@arm.com>, <marc.zyngier@arm.com>,
	<suzuki.poulose@arm.com>, <Dave.Martin@arm.com>,
	<shankerd@codeaurora.org>, <julien.thierry@arm.com>,
	<mlangsdo@redhat.com>, <stefan.wahren@i2e.com>,
	<linux-kernel@vger.kernel.org>,
	Stefan Wahren <stefan.wahren@i2se.com>
Subject: Re: [PATCH v6 03/10] arm64: add sysfs vulnerability show for meltdown
Date: Mon, 25 Mar 2019 10:32:14 +0000	[thread overview]
Message-ID: <20190325103214.33401868@donnerap.cambridge.arm.com> (raw)
In-Reply-To: <20190321230557.45107-4-jeremy.linton@arm.com>

On Thu, 21 Mar 2019 18:05:50 -0500
Jeremy Linton <jeremy.linton@arm.com> wrote:

Hi,

> Display the system vulnerability status. This means that
> while its possible to have the mitigation enabled, the
> sysfs entry won't indicate that status. This is because
> the core ABI doesn't express the concept of mitigation
> when the system isn't vulnerable.
> 
> Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
> Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
> Tested-by: Stefan Wahren <stefan.wahren@i2se.com>

Thanks for the changes, look good to me now for all the cases I tried on
the logic.

Reviewed-by: Andre Przywara <andre.przywara@arm.com>

Cheers,
Andre.

> ---
>  arch/arm64/kernel/cpufeature.c | 58 ++++++++++++++++++++++++++--------
>  1 file changed, 44 insertions(+), 14 deletions(-)
> 
> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
> index 4061de10cea6..6b7e1556460a 100644
> --- a/arch/arm64/kernel/cpufeature.c
> +++ b/arch/arm64/kernel/cpufeature.c
> @@ -947,7 +947,7 @@ has_useable_cnp(const struct arm64_cpu_capabilities *entry, int scope)
>  	return has_cpuid_feature(entry, scope);
>  }
>  
> -#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
> +static bool __meltdown_safe = true;
>  static int __kpti_forced; /* 0: not forced, >0: forced on, <0: forced off */
>  
>  static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
> @@ -967,6 +967,16 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
>  		{ /* sentinel */ }
>  	};
>  	char const *str = "command line option";
> +	bool meltdown_safe;
> +
> +	meltdown_safe = is_midr_in_range_list(read_cpuid_id(), kpti_safe_list);
> +
> +	/* Defer to CPU feature registers */
> +	if (has_cpuid_feature(entry, scope))
> +		meltdown_safe = true;
> +
> +	if (!meltdown_safe)
> +		__meltdown_safe = false;
>  
>  	/*
>  	 * For reasons that aren't entirely clear, enabling KPTI on Cavium
> @@ -978,6 +988,19 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
>  		__kpti_forced = -1;
>  	}
>  
> +	/* Useful for KASLR robustness */
> +	if (IS_ENABLED(CONFIG_RANDOMIZE_BASE) && kaslr_offset() > 0) {
> +		if (!__kpti_forced) {
> +			str = "KASLR";
> +			__kpti_forced = 1;
> +		}
> +	}
> +
> +	if (!IS_ENABLED(CONFIG_UNMAP_KERNEL_AT_EL0)) {
> +		pr_info_once("kernel page table isolation disabled by CONFIG\n");
> +		return false;
> +	}
> +
>  	/* Forced? */
>  	if (__kpti_forced) {
>  		pr_info_once("kernel page table isolation forced %s by %s\n",
> @@ -985,18 +1008,10 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
>  		return __kpti_forced > 0;
>  	}
>  
> -	/* Useful for KASLR robustness */
> -	if (IS_ENABLED(CONFIG_RANDOMIZE_BASE))
> -		return kaslr_offset() > 0;
> -
> -	/* Don't force KPTI for CPUs that are not vulnerable */
> -	if (is_midr_in_range_list(read_cpuid_id(), kpti_safe_list))
> -		return false;
> -
> -	/* Defer to CPU feature registers */
> -	return !has_cpuid_feature(entry, scope);
> +	return !meltdown_safe;
>  }
>  
> +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
>  static void
>  kpti_install_ng_mappings(const struct arm64_cpu_capabilities *__unused)
>  {
> @@ -1026,6 +1041,12 @@ kpti_install_ng_mappings(const struct arm64_cpu_capabilities *__unused)
>  
>  	return;
>  }
> +#else
> +static void
> +kpti_install_ng_mappings(const struct arm64_cpu_capabilities *__unused)
> +{
> +}
> +#endif	/* CONFIG_UNMAP_KERNEL_AT_EL0 */
>  
>  static int __init parse_kpti(char *str)
>  {
> @@ -1039,7 +1060,6 @@ static int __init parse_kpti(char *str)
>  	return 0;
>  }
>  early_param("kpti", parse_kpti);
> -#endif	/* CONFIG_UNMAP_KERNEL_AT_EL0 */
>  
>  #ifdef CONFIG_ARM64_HW_AFDBM
>  static inline void __cpu_enable_hw_dbm(void)
> @@ -1306,7 +1326,6 @@ static const struct arm64_cpu_capabilities arm64_features[] = {
>  		.field_pos = ID_AA64PFR0_EL0_SHIFT,
>  		.min_field_value = ID_AA64PFR0_EL0_32BIT_64BIT,
>  	},
> -#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
>  	{
>  		.desc = "Kernel page table isolation (KPTI)",
>  		.capability = ARM64_UNMAP_KERNEL_AT_EL0,
> @@ -1322,7 +1341,6 @@ static const struct arm64_cpu_capabilities arm64_features[] = {
>  		.matches = unmap_kernel_at_el0,
>  		.cpu_enable = kpti_install_ng_mappings,
>  	},
> -#endif
>  	{
>  		/* FP/SIMD is not implemented */
>  		.capability = ARM64_HAS_NO_FPSIMD,
> @@ -2101,3 +2119,15 @@ static int __init enable_mrs_emulation(void)
>  }
>  
>  core_initcall(enable_mrs_emulation);
> +
> +ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr,
> +			  char *buf)
> +{
> +	if (__meltdown_safe)
> +		return sprintf(buf, "Not affected\n");
> +
> +	if (arm64_kernel_unmapped_at_el0())
> +		return sprintf(buf, "Mitigation: KPTI\n");
> +
> +	return sprintf(buf, "Vulnerable\n");
> +}