From: Andre Przywara <andre.przywara@arm.com>
To: Jeremy Linton <jeremy.linton@arm.com>
Cc: <linux-arm-kernel@lists.infradead.org>, <catalin.marinas@arm.com>,
<will.deacon@arm.com>, <marc.zyngier@arm.com>,
<suzuki.poulose@arm.com>, <Dave.Martin@arm.com>,
<shankerd@codeaurora.org>, <julien.thierry@arm.com>,
<mlangsdo@redhat.com>, <stefan.wahren@i2e.com>,
<linux-kernel@vger.kernel.org>,
Stefan Wahren <stefan.wahren@i2se.com>
Subject: Re: [PATCH v6 03/10] arm64: add sysfs vulnerability show for meltdown
Date: Mon, 25 Mar 2019 10:32:14 +0000 [thread overview]
Message-ID: <20190325103214.33401868@donnerap.cambridge.arm.com> (raw)
In-Reply-To: <20190321230557.45107-4-jeremy.linton@arm.com>
On Thu, 21 Mar 2019 18:05:50 -0500
Jeremy Linton <jeremy.linton@arm.com> wrote:
Hi,
> Display the system vulnerability status. This means that
> while its possible to have the mitigation enabled, the
> sysfs entry won't indicate that status. This is because
> the core ABI doesn't express the concept of mitigation
> when the system isn't vulnerable.
>
> Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
> Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
> Tested-by: Stefan Wahren <stefan.wahren@i2se.com>
Thanks for the changes, look good to me now for all the cases I tried on
the logic.
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Cheers,
Andre.
> ---
> arch/arm64/kernel/cpufeature.c | 58 ++++++++++++++++++++++++++--------
> 1 file changed, 44 insertions(+), 14 deletions(-)
>
> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
> index 4061de10cea6..6b7e1556460a 100644
> --- a/arch/arm64/kernel/cpufeature.c
> +++ b/arch/arm64/kernel/cpufeature.c
> @@ -947,7 +947,7 @@ has_useable_cnp(const struct arm64_cpu_capabilities *entry, int scope)
> return has_cpuid_feature(entry, scope);
> }
>
> -#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
> +static bool __meltdown_safe = true;
> static int __kpti_forced; /* 0: not forced, >0: forced on, <0: forced off */
>
> static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
> @@ -967,6 +967,16 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
> { /* sentinel */ }
> };
> char const *str = "command line option";
> + bool meltdown_safe;
> +
> + meltdown_safe = is_midr_in_range_list(read_cpuid_id(), kpti_safe_list);
> +
> + /* Defer to CPU feature registers */
> + if (has_cpuid_feature(entry, scope))
> + meltdown_safe = true;
> +
> + if (!meltdown_safe)
> + __meltdown_safe = false;
>
> /*
> * For reasons that aren't entirely clear, enabling KPTI on Cavium
> @@ -978,6 +988,19 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
> __kpti_forced = -1;
> }
>
> + /* Useful for KASLR robustness */
> + if (IS_ENABLED(CONFIG_RANDOMIZE_BASE) && kaslr_offset() > 0) {
> + if (!__kpti_forced) {
> + str = "KASLR";
> + __kpti_forced = 1;
> + }
> + }
> +
> + if (!IS_ENABLED(CONFIG_UNMAP_KERNEL_AT_EL0)) {
> + pr_info_once("kernel page table isolation disabled by CONFIG\n");
> + return false;
> + }
> +
> /* Forced? */
> if (__kpti_forced) {
> pr_info_once("kernel page table isolation forced %s by %s\n",
> @@ -985,18 +1008,10 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
> return __kpti_forced > 0;
> }
>
> - /* Useful for KASLR robustness */
> - if (IS_ENABLED(CONFIG_RANDOMIZE_BASE))
> - return kaslr_offset() > 0;
> -
> - /* Don't force KPTI for CPUs that are not vulnerable */
> - if (is_midr_in_range_list(read_cpuid_id(), kpti_safe_list))
> - return false;
> -
> - /* Defer to CPU feature registers */
> - return !has_cpuid_feature(entry, scope);
> + return !meltdown_safe;
> }
>
> +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
> static void
> kpti_install_ng_mappings(const struct arm64_cpu_capabilities *__unused)
> {
> @@ -1026,6 +1041,12 @@ kpti_install_ng_mappings(const struct arm64_cpu_capabilities *__unused)
>
> return;
> }
> +#else
> +static void
> +kpti_install_ng_mappings(const struct arm64_cpu_capabilities *__unused)
> +{
> +}
> +#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */
>
> static int __init parse_kpti(char *str)
> {
> @@ -1039,7 +1060,6 @@ static int __init parse_kpti(char *str)
> return 0;
> }
> early_param("kpti", parse_kpti);
> -#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */
>
> #ifdef CONFIG_ARM64_HW_AFDBM
> static inline void __cpu_enable_hw_dbm(void)
> @@ -1306,7 +1326,6 @@ static const struct arm64_cpu_capabilities arm64_features[] = {
> .field_pos = ID_AA64PFR0_EL0_SHIFT,
> .min_field_value = ID_AA64PFR0_EL0_32BIT_64BIT,
> },
> -#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
> {
> .desc = "Kernel page table isolation (KPTI)",
> .capability = ARM64_UNMAP_KERNEL_AT_EL0,
> @@ -1322,7 +1341,6 @@ static const struct arm64_cpu_capabilities arm64_features[] = {
> .matches = unmap_kernel_at_el0,
> .cpu_enable = kpti_install_ng_mappings,
> },
> -#endif
> {
> /* FP/SIMD is not implemented */
> .capability = ARM64_HAS_NO_FPSIMD,
> @@ -2101,3 +2119,15 @@ static int __init enable_mrs_emulation(void)
> }
>
> core_initcall(enable_mrs_emulation);
> +
> +ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr,
> + char *buf)
> +{
> + if (__meltdown_safe)
> + return sprintf(buf, "Not affected\n");
> +
> + if (arm64_kernel_unmapped_at_el0())
> + return sprintf(buf, "Mitigation: KPTI\n");
> +
> + return sprintf(buf, "Vulnerable\n");
> +}
next prev parent reply other threads:[~2019-03-25 10:32 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-21 23:05 [PATCH v6 00/10] arm64: add system vulnerability sysfs entries Jeremy Linton
2019-03-21 23:05 ` [PATCH v6 01/10] arm64: Provide a command line to disable spectre_v2 mitigation Jeremy Linton
2019-03-21 23:05 ` [PATCH v6 02/10] arm64: add sysfs vulnerability show for spectre v1 Jeremy Linton
2019-03-21 23:05 ` [PATCH v6 03/10] arm64: add sysfs vulnerability show for meltdown Jeremy Linton
2019-03-25 10:32 ` Andre Przywara [this message]
2019-03-21 23:05 ` [PATCH v6 04/10] arm64: Advertise mitigation of Spectre-v2, or lack thereof Jeremy Linton
2019-03-25 10:59 ` Suzuki K Poulose
2019-03-21 23:05 ` [PATCH v6 05/10] arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 Jeremy Linton
2019-03-21 23:05 ` [PATCH v6 06/10] arm64: Always enable spectrev2 vulnerability detection Jeremy Linton
2019-03-21 23:05 ` [PATCH v6 07/10] arm64: add sysfs vulnerability show for spectre v2 Jeremy Linton
2019-03-21 23:05 ` [PATCH v6 08/10] arm64: Always enable ssb vulnerability detection Jeremy Linton
2019-03-21 23:05 ` [PATCH v6 09/10] arm64: add sysfs vulnerability show for speculative store bypass Jeremy Linton
2019-04-03 16:50 ` Will Deacon
2019-04-05 10:10 ` Andre Przywara
2019-04-05 14:43 ` Will Deacon
2019-04-05 15:18 ` Andre Przywara
2019-04-05 16:01 ` Jeremy Linton
2019-03-21 23:05 ` [PATCH v6 10/10] arm64: enable generic CPU vulnerabilites support Jeremy Linton
2019-03-22 17:49 ` Stefan Wahren
2019-03-25 10:33 ` [PATCH v6 00/10] arm64: add system vulnerability sysfs entries Andre Przywara
2019-03-25 12:22 ` Catalin Marinas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190325103214.33401868@donnerap.cambridge.arm.com \
--to=andre.przywara@arm.com \
--cc=Dave.Martin@arm.com \
--cc=catalin.marinas@arm.com \
--cc=jeremy.linton@arm.com \
--cc=julien.thierry@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marc.zyngier@arm.com \
--cc=mlangsdo@redhat.com \
--cc=shankerd@codeaurora.org \
--cc=stefan.wahren@i2e.com \
--cc=stefan.wahren@i2se.com \
--cc=suzuki.poulose@arm.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).