From: Jeremy Linton <jeremy.linton@arm.com> To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will.deacon@arm.com, marc.zyngier@arm.com, suzuki.poulose@arm.com, Dave.Martin@arm.com, shankerd@codeaurora.org, julien.thierry@arm.com, mlangsdo@redhat.com, stefan.wahren@i2e.com, Andre.Przywara@arm.com, linux-kernel@vger.kernel.org, Jeremy Linton <jeremy.linton@arm.com> Subject: [PATCH v6 00/10] arm64: add system vulnerability sysfs entries Date: Thu, 21 Mar 2019 18:05:47 -0500 [thread overview] Message-ID: <20190321230557.45107-1-jeremy.linton@arm.com> (raw) Arm64 machines should be displaying a human readable vulnerability status to speculative execution attacks in /sys/devices/system/cpu/vulnerabilities This series enables that behavior by providing the expected functions. Those functions expose the cpu errata and feature states, as well as whether firmware is responding appropriately to display the overall machine status. This means that in a heterogeneous machine we will only claim the machine is mitigated or safe if we are confident all booted cores are safe or mitigated. v5->v6: Invert meltdown logic to display that a core is safe rather than mitigated if the mitigation has been enabled on machines that are safe. This can happen when the mitigation was forced on via command line or KASLR. This means that in order to detect if kpti is enabled other methods must be used (look at dmesg) when the machine isn't itself susceptible to meltdown. Trivial whitespace tweaks. v4->v5: Revert the changes to remove the CONFIG_EXPERT hidden options, but leave the detection paths building without #ifdef wrappers. Also remove the CONFIG_GENERIC_CPU_VULNERABILITIES #ifdefs as we are 'select'ing the option in the Kconfig. This allows us to keep all three variations of the CONFIG/enable/disable paths without a lot of (CONFIG_X || CONFIG_Y) checks. Various bits/pieces moved between the patches in an attempt to keep similar features/changes together. v3->v4: Drop the patch which selectivly exports sysfs entries Remove the CONFIG_EXPERT hidden options which allowed the kernel to be built without the vulnerability detection code. Pick Marc Z's patches which invert the white/black lists for spectrev2 and clean up the firmware detection logic. Document the existing kpti controls Add a nospectre_v2 option to boot time disable the mitigation v2->v3: Remove "Unknown" states, replace with further blacklists and default vulnerable/not affected states. Add the ability for an arch port to selectively export sysfs vulnerabilities. v1->v2: Add "Unknown" state to ABI/testing docs. Minor tweaks. Jeremy Linton (6): arm64: Provide a command line to disable spectre_v2 mitigation arm64: add sysfs vulnerability show for meltdown arm64: Always enable spectrev2 vulnerability detection arm64: add sysfs vulnerability show for spectre v2 arm64: Always enable ssb vulnerability detection arm64: add sysfs vulnerability show for speculative store bypass Marc Zyngier (2): arm64: Advertise mitigation of Spectre-v2, or lack thereof arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 Mian Yousaf Kaukab (2): arm64: add sysfs vulnerability show for spectre v1 arm64: enable generic CPU vulnerabilites support .../admin-guide/kernel-parameters.txt | 8 +- arch/arm64/Kconfig | 1 + arch/arm64/include/asm/cpufeature.h | 4 - arch/arm64/kernel/cpu_errata.c | 239 +++++++++++++----- arch/arm64/kernel/cpufeature.c | 58 ++++- 5 files changed, 223 insertions(+), 87 deletions(-) -- 2.20.1
WARNING: multiple messages have this Message-ID (diff)
From: Jeremy Linton <jeremy.linton@arm.com> To: linux-arm-kernel@lists.infradead.org Cc: mlangsdo@redhat.com, suzuki.poulose@arm.com, marc.zyngier@arm.com, catalin.marinas@arm.com, julien.thierry@arm.com, will.deacon@arm.com, linux-kernel@vger.kernel.org, Jeremy Linton <jeremy.linton@arm.com>, stefan.wahren@i2e.com, Andre.Przywara@arm.com, Dave.Martin@arm.com, shankerd@codeaurora.org Subject: [PATCH v6 00/10] arm64: add system vulnerability sysfs entries Date: Thu, 21 Mar 2019 18:05:47 -0500 [thread overview] Message-ID: <20190321230557.45107-1-jeremy.linton@arm.com> (raw) Arm64 machines should be displaying a human readable vulnerability status to speculative execution attacks in /sys/devices/system/cpu/vulnerabilities This series enables that behavior by providing the expected functions. Those functions expose the cpu errata and feature states, as well as whether firmware is responding appropriately to display the overall machine status. This means that in a heterogeneous machine we will only claim the machine is mitigated or safe if we are confident all booted cores are safe or mitigated. v5->v6: Invert meltdown logic to display that a core is safe rather than mitigated if the mitigation has been enabled on machines that are safe. This can happen when the mitigation was forced on via command line or KASLR. This means that in order to detect if kpti is enabled other methods must be used (look at dmesg) when the machine isn't itself susceptible to meltdown. Trivial whitespace tweaks. v4->v5: Revert the changes to remove the CONFIG_EXPERT hidden options, but leave the detection paths building without #ifdef wrappers. Also remove the CONFIG_GENERIC_CPU_VULNERABILITIES #ifdefs as we are 'select'ing the option in the Kconfig. This allows us to keep all three variations of the CONFIG/enable/disable paths without a lot of (CONFIG_X || CONFIG_Y) checks. Various bits/pieces moved between the patches in an attempt to keep similar features/changes together. v3->v4: Drop the patch which selectivly exports sysfs entries Remove the CONFIG_EXPERT hidden options which allowed the kernel to be built without the vulnerability detection code. Pick Marc Z's patches which invert the white/black lists for spectrev2 and clean up the firmware detection logic. Document the existing kpti controls Add a nospectre_v2 option to boot time disable the mitigation v2->v3: Remove "Unknown" states, replace with further blacklists and default vulnerable/not affected states. Add the ability for an arch port to selectively export sysfs vulnerabilities. v1->v2: Add "Unknown" state to ABI/testing docs. Minor tweaks. Jeremy Linton (6): arm64: Provide a command line to disable spectre_v2 mitigation arm64: add sysfs vulnerability show for meltdown arm64: Always enable spectrev2 vulnerability detection arm64: add sysfs vulnerability show for spectre v2 arm64: Always enable ssb vulnerability detection arm64: add sysfs vulnerability show for speculative store bypass Marc Zyngier (2): arm64: Advertise mitigation of Spectre-v2, or lack thereof arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 Mian Yousaf Kaukab (2): arm64: add sysfs vulnerability show for spectre v1 arm64: enable generic CPU vulnerabilites support .../admin-guide/kernel-parameters.txt | 8 +- arch/arm64/Kconfig | 1 + arch/arm64/include/asm/cpufeature.h | 4 - arch/arm64/kernel/cpu_errata.c | 239 +++++++++++++----- arch/arm64/kernel/cpufeature.c | 58 ++++- 5 files changed, 223 insertions(+), 87 deletions(-) -- 2.20.1 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next reply other threads:[~2019-03-21 23:06 UTC|newest] Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-03-21 23:05 Jeremy Linton [this message] 2019-03-21 23:05 ` [PATCH v6 00/10] arm64: add system vulnerability sysfs entries Jeremy Linton 2019-03-21 23:05 ` [PATCH v6 01/10] arm64: Provide a command line to disable spectre_v2 mitigation Jeremy Linton 2019-03-21 23:05 ` Jeremy Linton 2019-03-21 23:05 ` [PATCH v6 02/10] arm64: add sysfs vulnerability show for spectre v1 Jeremy Linton 2019-03-21 23:05 ` Jeremy Linton 2019-03-21 23:05 ` [PATCH v6 03/10] arm64: add sysfs vulnerability show for meltdown Jeremy Linton 2019-03-21 23:05 ` Jeremy Linton 2019-03-25 10:32 ` Andre Przywara 2019-03-25 10:32 ` Andre Przywara 2019-03-21 23:05 ` [PATCH v6 04/10] arm64: Advertise mitigation of Spectre-v2, or lack thereof Jeremy Linton 2019-03-21 23:05 ` Jeremy Linton 2019-03-25 10:59 ` Suzuki K Poulose 2019-03-25 10:59 ` Suzuki K Poulose 2019-03-21 23:05 ` [PATCH v6 05/10] arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 Jeremy Linton 2019-03-21 23:05 ` Jeremy Linton 2019-03-21 23:05 ` [PATCH v6 06/10] arm64: Always enable spectrev2 vulnerability detection Jeremy Linton 2019-03-21 23:05 ` Jeremy Linton 2019-03-21 23:05 ` [PATCH v6 07/10] arm64: add sysfs vulnerability show for spectre v2 Jeremy Linton 2019-03-21 23:05 ` Jeremy Linton 2019-03-21 23:05 ` [PATCH v6 08/10] arm64: Always enable ssb vulnerability detection Jeremy Linton 2019-03-21 23:05 ` Jeremy Linton 2019-03-21 23:05 ` [PATCH v6 09/10] arm64: add sysfs vulnerability show for speculative store bypass Jeremy Linton 2019-03-21 23:05 ` Jeremy Linton 2019-04-03 16:50 ` Will Deacon 2019-04-03 16:50 ` Will Deacon 2019-04-05 10:10 ` Andre Przywara 2019-04-05 10:10 ` Andre Przywara 2019-04-05 14:43 ` Will Deacon 2019-04-05 14:43 ` Will Deacon 2019-04-05 15:18 ` Andre Przywara 2019-04-05 15:18 ` Andre Przywara 2019-04-05 16:01 ` Jeremy Linton 2019-04-05 16:01 ` Jeremy Linton 2019-03-21 23:05 ` [PATCH v6 10/10] arm64: enable generic CPU vulnerabilites support Jeremy Linton 2019-03-21 23:05 ` Jeremy Linton 2019-03-22 17:49 ` Stefan Wahren 2019-03-22 17:49 ` Stefan Wahren 2019-03-25 10:33 ` [PATCH v6 00/10] arm64: add system vulnerability sysfs entries Andre Przywara 2019-03-25 10:33 ` Andre Przywara 2019-03-25 12:22 ` Catalin Marinas 2019-03-25 12:22 ` Catalin Marinas
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20190321230557.45107-1-jeremy.linton@arm.com \ --to=jeremy.linton@arm.com \ --cc=Andre.Przywara@arm.com \ --cc=Dave.Martin@arm.com \ --cc=catalin.marinas@arm.com \ --cc=julien.thierry@arm.com \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=marc.zyngier@arm.com \ --cc=mlangsdo@redhat.com \ --cc=shankerd@codeaurora.org \ --cc=stefan.wahren@i2e.com \ --cc=suzuki.poulose@arm.com \ --cc=will.deacon@arm.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.