Linux-ARM-Kernel Archive on lore.kernel.org
 help / color / Atom feed
From: Julien Thierry <julien.thierry@arm.com>
To: Jeremy Linton <jeremy.linton@arm.com>,
	linux-arm-kernel@lists.infradead.org
Cc: stefan.wahren@i2se.com, mlangsdo@redhat.com,
	suzuki.poulose@arm.com, marc.zyngier@arm.com,
	catalin.marinas@arm.com, will.deacon@arm.com,
	linux-kernel@vger.kernel.org, steven.price@arm.com,
	ykaukab@suse.de, dave.martin@arm.com, shankerd@codeaurora.org
Subject: Re: [PATCH v3 4/7] arm64: add sysfs vulnerability show for meltdown
Date: Thu, 10 Jan 2019 09:23:49 +0000
Message-ID: <8c8b564a-1d65-bc18-73fb-58b349a47800@arm.com> (raw)
In-Reply-To: <20190109235544.2992426-5-jeremy.linton@arm.com>

Hi Jeremy,

On 09/01/2019 23:55, Jeremy Linton wrote:
> Display the mitigation status if active, otherwise
> assume the cpu is safe unless it doesn't have CSV3
> and isn't in our whitelist.
> 
> Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
> ---
>  arch/arm64/kernel/cpufeature.c | 32 +++++++++++++++++++++++++++-----
>  1 file changed, 27 insertions(+), 5 deletions(-)
> 
> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
> index ab784d7a0083..ef7bbc49ef78 100644
> --- a/arch/arm64/kernel/cpufeature.c
> +++ b/arch/arm64/kernel/cpufeature.c
> @@ -944,8 +944,12 @@ has_useable_cnp(const struct arm64_cpu_capabilities *entry, int scope)
>  	return has_cpuid_feature(entry, scope);
>  }
>  
> +/* default value is invalid until unmap_kernel_at_el0() runs */
> +static bool __meltdown_safe = true;
> +
>  #ifdef CONFIG_UNMAP_KERNEL_AT_EL0
>  static int __kpti_forced; /* 0: not forced, >0: forced on, <0: forced off */
> +extern uint arm64_requested_vuln_attrs;
>  
>  static bool is_cpu_meltdown_safe(void)
>  {
> @@ -972,6 +976,14 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
>  {
>  	char const *str = "command line option";
>  
> +	bool meltdown_safe = is_cpu_meltdown_safe() ||
> +		has_cpuid_feature(entry, scope);
> +
> +	if (!meltdown_safe)
> +		__meltdown_safe = false;
> +
> +	arm64_requested_vuln_attrs |= VULN_MELTDOWN;
> +
>  	/*
>  	 * For reasons that aren't entirely clear, enabling KPTI on Cavium
>  	 * ThunderX leads to apparent I-cache corruption of kernel text, which
> @@ -993,11 +1005,7 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
>  	if (IS_ENABLED(CONFIG_RANDOMIZE_BASE))
>  		return true;
>  
> -	if (is_cpu_meltdown_safe())
> -		return false;
> -
> -	/* Defer to CPU feature registers */
> -	return !has_cpuid_feature(entry, scope);
> +	return !meltdown_safe;
>  }
>  
>  static void
> @@ -2065,3 +2073,17 @@ static int __init enable_mrs_emulation(void)
>  }
>  
>  core_initcall(enable_mrs_emulation);
> +
> +#ifdef CONFIG_GENERIC_CPU_VULNERABILITIES
> +ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr,
> +		char *buf)
> +{
> +	if (arm64_kernel_unmapped_at_el0())
> +		return sprintf(buf, "Mitigation: KPTI\n");
> +
> +	if (__meltdown_safe)
> +		return sprintf(buf, "Not affected\n");

An issue I see is that we don't even bother to check it that CPUs are
meltdown safe if CONFIG_UNMAP_KERNEL_AT_EL0 is not defined but here
we'll advertise that the system is meltdown safe.

I think that checking whether we know that CPUs are meltdown safe should
be separated from whether mitigation is applied.

Someone who knows thinks their CPUs are in the white list might want to
compile out code that does the kpti, but it would be good to give them a
proper diagnostic whether they were wrong or not.

Cheers,

-- 
Julien Thierry

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

  reply index

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-01-09 23:55 [PATCH v3 0/7] arm64: add system vulnerability sysfs entries Jeremy Linton
2019-01-09 23:55 ` [PATCH v3 1/7] sysfs/cpu: Allow individual architectures to select vulnerabilities Jeremy Linton
2019-01-14 10:02   ` Suzuki K Poulose
2019-01-18 15:46     ` Greg KH
2019-01-18 16:31       ` Jeremy Linton
2019-01-09 23:55 ` [PATCH v3 2/7] arm64: add sysfs vulnerability show for spectre v1 Jeremy Linton
2019-01-09 23:55 ` [PATCH v3 3/7] arm64: kpti: move check for non-vulnerable CPUs to a function Jeremy Linton
2019-01-12 10:41   ` Stefan Wahren
2019-01-14 11:32   ` Suzuki K Poulose
2019-01-18 16:35     ` Jeremy Linton
2019-01-09 23:55 ` [PATCH v3 4/7] arm64: add sysfs vulnerability show for meltdown Jeremy Linton
2019-01-10  9:23   ` Julien Thierry [this message]
2019-01-10 14:10     ` Jeremy Linton
2019-01-10 14:16       ` Julien Thierry
2019-01-09 23:55 ` [PATCH v3 5/7] arm64: add sysfs vulnerability show for spectre v2 Jeremy Linton
2019-01-09 23:55 ` [PATCH v3 6/7] arm64: add sysfs vulnerability show for speculative store bypass Jeremy Linton
2019-01-14 10:15   ` Marc Zyngier
2019-01-14 16:37     ` Jeremy Linton
2019-01-14 17:05       ` Marc Zyngier
2019-01-09 23:55 ` [PATCH v3 7/7] arm64: enable generic CPU vulnerabilites support Jeremy Linton
2019-01-15 19:50 ` [PATCH v3 0/7] arm64: add system vulnerability sysfs entries Stefan Wahren
2019-01-15 21:21   ` Jeremy Linton
2019-01-18 18:05     ` Stefan Wahren
2019-01-18 22:22       ` Jeremy Linton
2019-01-19 11:52         ` Stefan Wahren

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=8c8b564a-1d65-bc18-73fb-58b349a47800@arm.com \
    --to=julien.thierry@arm.com \
    --cc=catalin.marinas@arm.com \
    --cc=dave.martin@arm.com \
    --cc=jeremy.linton@arm.com \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=marc.zyngier@arm.com \
    --cc=mlangsdo@redhat.com \
    --cc=shankerd@codeaurora.org \
    --cc=stefan.wahren@i2se.com \
    --cc=steven.price@arm.com \
    --cc=suzuki.poulose@arm.com \
    --cc=will.deacon@arm.com \
    --cc=ykaukab@suse.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-ARM-Kernel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-arm-kernel/0 linux-arm-kernel/git/0.git
	git clone --mirror https://lore.kernel.org/linux-arm-kernel/1 linux-arm-kernel/git/1.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-arm-kernel linux-arm-kernel/ https://lore.kernel.org/linux-arm-kernel \
		linux-arm-kernel@lists.infradead.org infradead-linux-arm-kernel@archiver.kernel.org
	public-inbox-index linux-arm-kernel


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.infradead.lists.linux-arm-kernel


AGPL code for this site: git clone https://public-inbox.org/ public-inbox