From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: linux-arm-kernel@lists.infradead.org
Cc: Mark Rutland <mark.rutland@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Marc Zyngier <marc.zyngier@arm.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Jeremy Linton <jeremy.linton@arm.com>,
Andre Przywara <andre.przywara@arm.com>,
Marc Zyngier <maz@kernel.org>, Will Deacon <will@kernel.org>
Subject: [RFC/RFT PATCH 16/16] arm64: Force SSBS on context switch
Date: Fri, 4 Oct 2019 14:04:30 +0200 [thread overview]
Message-ID: <20191004120430.11929-17-ard.biesheuvel@linaro.org> (raw)
In-Reply-To: <20191004120430.11929-1-ard.biesheuvel@linaro.org>
From: Marc Zyngier <marc.zyngier@arm.com>
On a CPU that doesn't support SSBS, PSTATE[12] is RES0. In a system
where only some of the CPUs implement SSBS, we end-up losing track of
the SSBS bit across task migration.
To address this issue, let's force the SSBS bit on context switch.
Fixes: 8f04e8e6e29c ("arm64: ssbd: Add support for PSTATE.SSBS rather than trapping to EL3")
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
[will: inverted logic and added comments]
Signed-off-by: Will Deacon <will@kernel.org>
(cherry picked from commit cbdf8a189a66001c36007bf0f5c975d0376c5c3a)
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
arch/arm64/include/asm/processor.h | 14 ++++++++--
arch/arm64/kernel/process.c | 29 +++++++++++++++++++-
2 files changed, 40 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h
index ad208bd402f7..773ea8e0e442 100644
--- a/arch/arm64/include/asm/processor.h
+++ b/arch/arm64/include/asm/processor.h
@@ -177,6 +177,16 @@ static inline void start_thread_common(struct pt_regs *regs, unsigned long pc)
regs->pc = pc;
}
+static inline void set_ssbs_bit(struct pt_regs *regs)
+{
+ regs->pstate |= PSR_SSBS_BIT;
+}
+
+static inline void set_compat_ssbs_bit(struct pt_regs *regs)
+{
+ regs->pstate |= PSR_AA32_SSBS_BIT;
+}
+
static inline void start_thread(struct pt_regs *regs, unsigned long pc,
unsigned long sp)
{
@@ -184,7 +194,7 @@ static inline void start_thread(struct pt_regs *regs, unsigned long pc,
regs->pstate = PSR_MODE_EL0t;
if (arm64_get_ssbd_state() != ARM64_SSBD_FORCE_ENABLE)
- regs->pstate |= PSR_SSBS_BIT;
+ set_ssbs_bit(regs);
regs->sp = sp;
}
@@ -203,7 +213,7 @@ static inline void compat_start_thread(struct pt_regs *regs, unsigned long pc,
#endif
if (arm64_get_ssbd_state() != ARM64_SSBD_FORCE_ENABLE)
- regs->pstate |= PSR_AA32_SSBS_BIT;
+ set_compat_ssbs_bit(regs);
regs->compat_sp = sp;
}
diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
index ce99c58cd1f1..bc2226608e13 100644
--- a/arch/arm64/kernel/process.c
+++ b/arch/arm64/kernel/process.c
@@ -360,7 +360,7 @@ int copy_thread(unsigned long clone_flags, unsigned long stack_start,
childregs->pstate |= PSR_UAO_BIT;
if (arm64_get_ssbd_state() == ARM64_SSBD_FORCE_DISABLE)
- childregs->pstate |= PSR_SSBS_BIT;
+ set_ssbs_bit(childregs);
p->thread.cpu_context.x19 = stack_start;
p->thread.cpu_context.x20 = stk_sz;
@@ -401,6 +401,32 @@ void uao_thread_switch(struct task_struct *next)
}
}
+/*
+ * Force SSBS state on context-switch, since it may be lost after migrating
+ * from a CPU which treats the bit as RES0 in a heterogeneous system.
+ */
+static void ssbs_thread_switch(struct task_struct *next)
+{
+ struct pt_regs *regs = task_pt_regs(next);
+
+ /*
+ * Nothing to do for kernel threads, but 'regs' may be junk
+ * (e.g. idle task) so check the flags and bail early.
+ */
+ if (unlikely(next->flags & PF_KTHREAD))
+ return;
+
+ /* If the mitigation is enabled, then we leave SSBS clear. */
+ if ((arm64_get_ssbd_state() == ARM64_SSBD_FORCE_ENABLE) ||
+ test_tsk_thread_flag(next, TIF_SSBD))
+ return;
+
+ if (compat_user_mode(regs))
+ set_compat_ssbs_bit(regs);
+ else if (user_mode(regs))
+ set_ssbs_bit(regs);
+}
+
/*
* We store our current task in sp_el0, which is clobbered by userspace. Keep a
* shadow copy so that we can restore this upon entry from userspace.
@@ -429,6 +455,7 @@ __notrace_funcgraph struct task_struct *__switch_to(struct task_struct *prev,
contextidr_thread_switch(next);
entry_task_switch(next);
uao_thread_switch(next);
+ ssbs_thread_switch(next);
/*
* Complete any pending TLB or cache maintenance on this CPU in case
--
2.20.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-10-04 12:13 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-04 12:04 [RFC/RFT PATCH 00/16] arm64: backport SSBS handling to v4.19-stable Ard Biesheuvel
2019-10-04 12:04 ` [RFC/RFT PATCH 01/16] arm64: cpufeature: Detect SSBS and advertise to userspace Ard Biesheuvel
2019-10-08 14:35 ` Mark Rutland
2019-10-08 14:39 ` Ard Biesheuvel
2019-10-04 12:04 ` [RFC/RFT PATCH 02/16] arm64: ssbd: Add support for PSTATE.SSBS rather than trapping to EL3 Ard Biesheuvel
2019-10-04 12:04 ` [RFC/RFT PATCH 03/16] KVM: arm64: Set SCTLR_EL2.DSSBS if SSBD is forcefully disabled and !vhe Ard Biesheuvel
2019-10-04 12:04 ` [RFC/RFT PATCH 04/16] arm64: docs: Document SSBS HWCAP Ard Biesheuvel
2019-10-04 12:04 ` [RFC/RFT PATCH 05/16] arm64: fix SSBS sanitization Ard Biesheuvel
2019-10-04 12:04 ` [RFC/RFT PATCH 06/16] arm64: Add sysfs vulnerability show for spectre-v1 Ard Biesheuvel
2019-10-04 12:04 ` [RFC/RFT PATCH 07/16] arm64: add sysfs vulnerability show for meltdown Ard Biesheuvel
2019-10-04 12:04 ` [RFC/RFT PATCH 08/16] arm64: enable generic CPU vulnerabilites support Ard Biesheuvel
2019-10-04 12:04 ` [RFC/RFT PATCH 09/16] arm64: Provide a command line to disable spectre_v2 mitigation Ard Biesheuvel
2019-10-04 12:04 ` Ard Biesheuvel
2019-10-04 12:04 ` [RFC/RFT PATCH 10/16] arm64: Advertise mitigation of Spectre-v2, or lack thereof Ard Biesheuvel
2019-10-04 12:04 ` [RFC/RFT PATCH 11/16] arm64: Always enable spectre-v2 vulnerability detection Ard Biesheuvel
2019-10-08 15:05 ` Mark Rutland
2019-10-04 12:04 ` [RFC/RFT PATCH 12/16] arm64: Always enable ssb " Ard Biesheuvel
2019-10-04 12:04 ` [RFC/RFT PATCH 13/16] arm64: add sysfs vulnerability show for spectre-v2 Ard Biesheuvel
2019-10-04 12:04 ` [RFC/RFT PATCH 14/16] arm64: add sysfs vulnerability show for speculative store bypass Ard Biesheuvel
2019-10-04 12:04 ` [RFC/RFT PATCH 15/16] arm64: ssbs: Don't treat CPUs with SSBS as unaffected by SSB Ard Biesheuvel
2019-10-04 12:04 ` Ard Biesheuvel [this message]
2019-10-08 8:12 ` [RFC/RFT PATCH 00/16] arm64: backport SSBS handling to v4.19-stable Ard Biesheuvel
2019-10-08 15:09 ` Mark Rutland
2019-10-08 15:10 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191004120430.11929-17-ard.biesheuvel@linaro.org \
--to=ard.biesheuvel@linaro.org \
--cc=andre.przywara@arm.com \
--cc=catalin.marinas@arm.com \
--cc=jeremy.linton@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=marc.zyngier@arm.com \
--cc=mark.rutland@arm.com \
--cc=maz@kernel.org \
--cc=suzuki.poulose@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.