From: Jeremy Linton <jeremy.linton@arm.com>
To: Julien Thierry <julien.thierry@arm.com>,
linux-arm-kernel@lists.infradead.org
Cc: catalin.marinas@arm.com, will.deacon@arm.com,
marc.zyngier@arm.com, suzuki.poulose@arm.com,
dave.martin@arm.com, shankerd@codeaurora.org,
mark.rutland@arm.com, linux-kernel@vger.kernel.org,
ykaukab@suse.de
Subject: Re: [PATCH 4/6] arm64: add sysfs vulnerability show for spectre v2
Date: Wed, 2 Jan 2019 16:19:39 -0600 [thread overview]
Message-ID: <9c7f25d2-f34a-5b10-e3da-2f4346aa9b44@arm.com> (raw)
In-Reply-To: <6c572de0-da38-c273-82ed-bafb86bbfa7a@arm.com>
Hi,
On 12/13/2018 05:09 AM, Julien Thierry wrote:
>
>
> On 06/12/2018 23:44, Jeremy Linton wrote:
>> Add code to track whether all the cores in the machine are
>> vulnerable, and whether all the vulnerable cores have been
>> mitigated.
>>
>> Once we have that information we can add the sysfs stub and
>> provide an accurate view of what is known about the machine.
>>
>> Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
>> ---
>> arch/arm64/kernel/cpu_errata.c | 72 +++++++++++++++++++++++++++++++---
>> 1 file changed, 67 insertions(+), 5 deletions(-)
>>
>> diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
>> index 559ecdee6fd2..6505c93d507e 100644
>> --- a/arch/arm64/kernel/cpu_errata.c
>> +++ b/arch/arm64/kernel/cpu_errata.c
>
> [...]
>
>> @@ -766,4 +812,20 @@ ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr,
>> return sprintf(buf, "Mitigation: __user pointer sanitization\n");
>> }
>>
>> +ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr,
>> + char *buf)
>> +{
>> + switch (__spectrev2_safe) {
>> + case A64_SV2_SAFE:
>> + return sprintf(buf, "Not affected\n");
>> + case A64_SV2_UNSAFE:
>> + if (__hardenbp_enab == A64_HBP_MIT)
>> + return sprintf(buf,
>> + "Mitigation: Branch predictor hardening\n");
>> + return sprintf(buf, "Vulnerable\n");
>> + default:
>> + return sprintf(buf, "Unknown\n");
>> + }
>
> Again I see that we are going to display "Unknown" when the mitigation
> is not built in.
>
> Couldn't we make that CONFIG_GENERIC_CPU_,gation is not implemented? It's
> just checking the list of MIDRs.
Before I re-post, its probably worth pointing out that the
spectrev2_safe isn't set the same as the meltdown safe flag (which
reflects a whitelist or cpu_good flag) where the unknown/unsafe
condition is currently the same.
spectrev2_safe is a white/black list with a black list of known
vulnerable cores, plus cores with csv2 set indicating they are good.
This means the unset condition conceptually covers, the check being
disabled, as well as the core not being one of either known bad or known
good cores. Meaning you still need a dedicated "unknown" state because
the final state isn't unknown simply because the mitigation is not
compiled in.
next prev parent reply other threads:[~2019-01-02 22:19 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-06 23:44 [PATCH 0/6] add system vulnerability sysfs entries Jeremy Linton
2018-12-06 23:44 ` [PATCH 1/6] arm64: kpti: move check for non-vulnerable CPUs to a function Jeremy Linton
2018-12-13 9:13 ` Julien Thierry
2018-12-12 14:36 ` Jeremy Linton
2018-12-06 23:44 ` [PATCH 2/6] arm64: add sysfs vulnerability show for meltdown Jeremy Linton
2018-12-13 9:23 ` Julien Thierry
2018-12-13 10:46 ` Julien Thierry
2018-12-12 14:49 ` Jeremy Linton
2018-12-14 8:55 ` Julien Thierry
2018-12-06 23:44 ` [PATCH 3/6] arm64: add sysfs vulnerability show for spectre v1 Jeremy Linton
2018-12-06 23:44 ` [PATCH 4/6] arm64: add sysfs vulnerability show for spectre v2 Jeremy Linton
2018-12-13 11:09 ` Julien Thierry
2019-01-02 22:19 ` Jeremy Linton [this message]
2018-12-06 23:44 ` [PATCH 5/6] arm64: add sysfs vulnerability show for speculative store bypass Jeremy Linton
2018-12-14 10:34 ` Steven Price
2018-12-14 10:36 ` Will Deacon
2018-12-14 10:41 ` Steven Price
2018-12-14 11:28 ` Dave Martin
2018-12-14 11:33 ` Will Deacon
2018-12-06 23:44 ` [PATCH 6/6] arm64: enable generic CPU vulnerabilites support Jeremy Linton
2018-12-13 12:07 ` [PATCH 0/6] add system vulnerability sysfs entries Dave Martin
2018-12-12 15:48 ` Jeremy Linton
2018-12-13 19:26 ` Dave Martin
-- strict thread matches above, loose matches on Subject: below --
2018-08-07 18:14 [PATCH 0/6] arm64: add support for generic cpu vulnerabilities Mian Yousaf Kaukab
2018-08-07 18:14 ` [PATCH 4/6] arm64: add sysfs vulnerability show for spectre v2 Mian Yousaf Kaukab
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9c7f25d2-f34a-5b10-e3da-2f4346aa9b44@arm.com \
--to=jeremy.linton@arm.com \
--cc=catalin.marinas@arm.com \
--cc=dave.martin@arm.com \
--cc=julien.thierry@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marc.zyngier@arm.com \
--cc=mark.rutland@arm.com \
--cc=shankerd@codeaurora.org \
--cc=suzuki.poulose@arm.com \
--cc=will.deacon@arm.com \
--cc=ykaukab@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).