[PATCH 1/3] MIPS: Add vulnerabilities infrastructure

[PATCH 1/3] MIPS: Add vulnerabilities infrastructure

[Jiaxun Yang]

Add infrastructure to display CPU vulnerabilities.
As most MIPS CPU vendors are dead today and we can't confirm
vulnerabilities states with them, we'll display vulnerabilities
as "Unknown" by default and override them in cpu-probe.c

Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
---
 arch/mips/Kconfig                |  1 +
 arch/mips/include/asm/cpu-info.h |  5 ++++
 arch/mips/include/asm/cpu.h      |  7 +++++
 arch/mips/kernel/Makefile        |  2 +-
 arch/mips/kernel/vulnbl.c        | 46 ++++++++++++++++++++++++++++++++
 5 files changed, 60 insertions(+), 1 deletion(-)
 create mode 100644 arch/mips/kernel/vulnbl.c

diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
index ef5b2a177b1b..524053b8f769 100644
--- a/arch/mips/Kconfig
+++ b/arch/mips/Kconfig
@@ -24,6 +24,7 @@ config MIPS
 	select GENERIC_CLOCKEVENTS
 	select GENERIC_CMOS_UPDATE
 	select GENERIC_CPU_AUTOPROBE
+	select GENERIC_CPU_VULNERABILITIES
 	select GENERIC_GETTIMEOFDAY
 	select GENERIC_IOMAP
 	select GENERIC_IRQ_PROBE
diff --git a/arch/mips/include/asm/cpu-info.h b/arch/mips/include/asm/cpu-info.h
index a600670d00e9..1a964dbfc0a8 100644
--- a/arch/mips/include/asm/cpu-info.h
+++ b/arch/mips/include/asm/cpu-info.h
@@ -106,6 +106,11 @@ struct cpuinfo_mips {
 	unsigned int		guestid_mask;
 	unsigned int		guestid_cache;
 
+	/* Vulnerabilities */
+	unsigned int		vulnerabilities; /* Vulnerabilities states that we known */
+	unsigned int		vulnerable; /* Vulnerabilities affated */
+	unsigned int		mitigations; /* Mitigations */
+
 #ifdef CONFIG_CPU_LOONGSON3_CPUCFG_EMULATION
 	/* CPUCFG data for this CPU, synthesized at probe time.
 	 *
diff --git a/arch/mips/include/asm/cpu.h b/arch/mips/include/asm/cpu.h
index f5b04e8f6061..3414c9f5464e 100644
--- a/arch/mips/include/asm/cpu.h
+++ b/arch/mips/include/asm/cpu.h
@@ -447,4 +447,11 @@ enum cpu_type_enum {
 #define MIPS_ASE_LOONGSON_EXT	0x00002000 /* Loongson EXTensions */
 #define MIPS_ASE_LOONGSON_EXT2	0x00004000 /* Loongson EXTensions R2 */
 
+/*
+ * CPU security vulnerabilities
+ */
+#define MIPS_VULNBL_MELTDOWN	BIT(0)
+#define MIPS_VULNBL_SPECTRE_V1	BIT(1)
+#define MIPS_VULNBL_SPECTRE_V2	BIT(2)
+
 #endif /* _ASM_CPU_H */
diff --git a/arch/mips/kernel/Makefile b/arch/mips/kernel/Makefile
index 13a26d254829..39abc8ead5e0 100644
--- a/arch/mips/kernel/Makefile
+++ b/arch/mips/kernel/Makefile
@@ -8,7 +8,7 @@ extra-y		:= head.o vmlinux.lds
 obj-y		+= cmpxchg.o cpu-probe.o branch.o elf.o entry.o genex.o idle.o irq.o \
 		   process.o prom.o ptrace.o reset.o setup.o signal.o \
 		   syscall.o time.o topology.o traps.o unaligned.o watch.o \
-		   vdso.o cacheinfo.o
+		   vdso.o cacheinfo.o vulnbl.o
 
 ifdef CONFIG_FUNCTION_TRACER
 CFLAGS_REMOVE_ftrace.o = -pg
diff --git a/arch/mips/kernel/vulnbl.c b/arch/mips/kernel/vulnbl.c
new file mode 100644
index 000000000000..fc73da6214fe
--- /dev/null
+++ b/arch/mips/kernel/vulnbl.c
@@ -0,0 +1,46 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ *  Copyright (C) 2020, Jiaxun Yang <jiaxun.yang@flygoat.com>
+ *  MIPS CPU vulnerabilities
+ */
+
+#include <linux/device.h>
+
+#include <asm/cpu-info.h>
+#include <asm/cpu.h>
+
+ssize_t cpu_show_meltdown(struct device *dev,
+			  struct device_attribute *attr, char *buf)
+{
+	if (!(boot_cpu_data.vulnerabilities & MIPS_VULNBL_MELTDOWN))
+		return sprintf(buf, "Unknown\n");
+
+	if (!(boot_cpu_data.vulnerable & MIPS_VULNBL_MELTDOWN))
+		return sprintf(buf, "Not affected\n");
+
+	return sprintf(buf, "Affected\n");
+}
+
+ssize_t cpu_show_spectre_v1(struct device *dev,
+			    struct device_attribute *attr, char *buf)
+{
+	if (!(boot_cpu_data.vulnerabilities & MIPS_VULNBL_SPECTRE_V1))
+		return sprintf(buf, "Unknown\n");
+
+	if (!(boot_cpu_data.vulnerable & MIPS_VULNBL_SPECTRE_V1))
+		return sprintf(buf, "Not affected\n");
+
+	return sprintf(buf, "Affected\n");
+}
+
+ssize_t cpu_show_spectre_v2(struct device *dev,
+				   struct device_attribute *attr, char *buf)
+{
+	if (!(boot_cpu_data.vulnerabilities & MIPS_VULNBL_SPECTRE_V2))
+		return sprintf(buf, "Unknown\n");
+
+	if (!(boot_cpu_data.vulnerable & MIPS_VULNBL_SPECTRE_V2))
+		return sprintf(buf, "Not affected\n");
+
+	return sprintf(buf, "Affected\n");
+}
-- 
2.30.0

[PATCH 2/3] MIPS: cpu-probe: Vulnerabilities for MIPS cores

[Jiaxun Yang]

Accorading to MIPS's announcement[1], only P5600 and P6600 is
affected by spectre v1 and v2, other cores are not affected.

So we mark vulnerabilities states for MIPS cores as known and
set P5600 and P6600 as vulnerable.

[1]: https://www.mips.com/blog/mips-response-on-speculative-execution-and-side-channel-vulnerabilities/

Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
---
 arch/mips/kernel/cpu-probe.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/arch/mips/kernel/cpu-probe.c b/arch/mips/kernel/cpu-probe.c
index 03adeed58efb..2460783dbdb1 100644
--- a/arch/mips/kernel/cpu-probe.c
+++ b/arch/mips/kernel/cpu-probe.c
@@ -1688,6 +1688,9 @@ static inline void cpu_probe_legacy(struct cpuinfo_mips *c, unsigned int cpu)
 static inline void cpu_probe_mips(struct cpuinfo_mips *c, unsigned int cpu)
 {
 	c->writecombine = _CACHE_UNCACHED_ACCELERATED;
+	c->vulnerabilities |= MIPS_VULNBL_MELTDOWN |
+			      MIPS_VULNBL_SPECTRE_V1 | MIPS_VULNBL_SPECTRE_V2;
+
 	switch (c->processor_id & PRID_IMP_MASK) {
 	case PRID_IMP_QEMU_GENERIC:
 		c->writecombine = _CACHE_UNCACHED;
@@ -1794,10 +1797,12 @@ static inline void cpu_probe_mips(struct cpuinfo_mips *c, unsigned int cpu)
 	case PRID_IMP_P5600:
 		c->cputype = CPU_P5600;
 		__cpu_name[cpu] = "MIPS P5600";
+		c->vulnerable |= MIPS_VULNBL_SPECTRE_V1 | MIPS_VULNBL_SPECTRE_V2;
 		break;
 	case PRID_IMP_P6600:
 		c->cputype = CPU_P6600;
 		__cpu_name[cpu] = "MIPS P6600";
+		c->vulnerable |= MIPS_VULNBL_SPECTRE_V1 | MIPS_VULNBL_SPECTRE_V2;
 		break;
 	case PRID_IMP_I6400:
 		c->cputype = CPU_I6400;
-- 
2.30.0

[PATCH 3/3] MIPS: cpu-probe: Vulnerabilities for Loongson cores

[Jiaxun Yang]

Loongson64C is known to be vulnerable to meltdown according to
PoC from Rui Wang <r@hev.cc>.

Loongson64G defended these side-channel attack by silicon.

Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
---
 arch/mips/kernel/cpu-probe.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/arch/mips/kernel/cpu-probe.c b/arch/mips/kernel/cpu-probe.c
index 2460783dbdb1..24b21f51353c 100644
--- a/arch/mips/kernel/cpu-probe.c
+++ b/arch/mips/kernel/cpu-probe.c
@@ -2092,6 +2092,8 @@ static inline void cpu_probe_loongson(struct cpuinfo_mips *c, unsigned int cpu)
 		c->ases |= (MIPS_ASE_LOONGSON_MMI | MIPS_ASE_LOONGSON_CAM |
 			MIPS_ASE_LOONGSON_EXT | MIPS_ASE_LOONGSON_EXT2);
 		c->ases &= ~MIPS_ASE_VZ; /* VZ of Loongson-3A2000/3000 is incomplete */
+		c->vulnerabilities |= MIPS_VULNBL_MELTDOWN;
+		c->vulnerable |= MIPS_VULNBL_MELTDOWN;
 		break;
 	case PRID_IMP_LOONGSON_64G:
 		c->cputype = CPU_LOONGSON64;
@@ -2100,6 +2102,8 @@ static inline void cpu_probe_loongson(struct cpuinfo_mips *c, unsigned int cpu)
 		set_isa(c, MIPS_CPU_ISA_M64R2);
 		decode_cpucfg(c);
 		c->writecombine = _CACHE_UNCACHED_ACCELERATED;
+		c->vulnerabilities |= MIPS_VULNBL_MELTDOWN |
+			      MIPS_VULNBL_SPECTRE_V1 | MIPS_VULNBL_SPECTRE_V2;
 		break;
 	default:
 		panic("Unknown Loongson Processor ID!");
-- 
2.30.0

Re: [PATCH 1/3] MIPS: Add vulnerabilities infrastructure

[Huacai Chen]

Hi, Jiaxun,

On Wed, Dec 30, 2020 at 11:25 AM Jiaxun Yang <jiaxun.yang@flygoat.com> wrote:
>
> Add infrastructure to display CPU vulnerabilities.
> As most MIPS CPU vendors are dead today and we can't confirm
> vulnerabilities states with them, we'll display vulnerabilities
> as "Unknown" by default and override them in cpu-probe.c
>
> Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
> ---
>  arch/mips/Kconfig                |  1 +
>  arch/mips/include/asm/cpu-info.h |  5 ++++
>  arch/mips/include/asm/cpu.h      |  7 +++++
>  arch/mips/kernel/Makefile        |  2 +-
>  arch/mips/kernel/vulnbl.c        | 46 ++++++++++++++++++++++++++++++++
>  5 files changed, 60 insertions(+), 1 deletion(-)
>  create mode 100644 arch/mips/kernel/vulnbl.c
>
> diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
> index ef5b2a177b1b..524053b8f769 100644
> --- a/arch/mips/Kconfig
> +++ b/arch/mips/Kconfig
> @@ -24,6 +24,7 @@ config MIPS
>         select GENERIC_CLOCKEVENTS
>         select GENERIC_CMOS_UPDATE
>         select GENERIC_CPU_AUTOPROBE
> +       select GENERIC_CPU_VULNERABILITIES
>         select GENERIC_GETTIMEOFDAY
>         select GENERIC_IOMAP
>         select GENERIC_IRQ_PROBE
> diff --git a/arch/mips/include/asm/cpu-info.h b/arch/mips/include/asm/cpu-info.h
> index a600670d00e9..1a964dbfc0a8 100644
> --- a/arch/mips/include/asm/cpu-info.h
> +++ b/arch/mips/include/asm/cpu-info.h
> @@ -106,6 +106,11 @@ struct cpuinfo_mips {
>         unsigned int            guestid_mask;
>         unsigned int            guestid_cache;
>
> +       /* Vulnerabilities */
> +       unsigned int            vulnerabilities; /* Vulnerabilities states that we known */
> +       unsigned int            vulnerable; /* Vulnerabilities affated */
What is "affated"? maybe "affected"?

Huacai

> +       unsigned int            mitigations; /* Mitigations */
> +
>  #ifdef CONFIG_CPU_LOONGSON3_CPUCFG_EMULATION
>         /* CPUCFG data for this CPU, synthesized at probe time.
>          *
> diff --git a/arch/mips/include/asm/cpu.h b/arch/mips/include/asm/cpu.h
> index f5b04e8f6061..3414c9f5464e 100644
> --- a/arch/mips/include/asm/cpu.h
> +++ b/arch/mips/include/asm/cpu.h
> @@ -447,4 +447,11 @@ enum cpu_type_enum {
>  #define MIPS_ASE_LOONGSON_EXT  0x00002000 /* Loongson EXTensions */
>  #define MIPS_ASE_LOONGSON_EXT2 0x00004000 /* Loongson EXTensions R2 */
>
> +/*
> + * CPU security vulnerabilities
> + */
> +#define MIPS_VULNBL_MELTDOWN   BIT(0)
> +#define MIPS_VULNBL_SPECTRE_V1 BIT(1)
> +#define MIPS_VULNBL_SPECTRE_V2 BIT(2)
> +
>  #endif /* _ASM_CPU_H */
> diff --git a/arch/mips/kernel/Makefile b/arch/mips/kernel/Makefile
> index 13a26d254829..39abc8ead5e0 100644
> --- a/arch/mips/kernel/Makefile
> +++ b/arch/mips/kernel/Makefile
> @@ -8,7 +8,7 @@ extra-y         := head.o vmlinux.lds
>  obj-y          += cmpxchg.o cpu-probe.o branch.o elf.o entry.o genex.o idle.o irq.o \
>                    process.o prom.o ptrace.o reset.o setup.o signal.o \
>                    syscall.o time.o topology.o traps.o unaligned.o watch.o \
> -                  vdso.o cacheinfo.o
> +                  vdso.o cacheinfo.o vulnbl.o
>
>  ifdef CONFIG_FUNCTION_TRACER
>  CFLAGS_REMOVE_ftrace.o = -pg
> diff --git a/arch/mips/kernel/vulnbl.c b/arch/mips/kernel/vulnbl.c
> new file mode 100644
> index 000000000000..fc73da6214fe
> --- /dev/null
> +++ b/arch/mips/kernel/vulnbl.c
> @@ -0,0 +1,46 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + *  Copyright (C) 2020, Jiaxun Yang <jiaxun.yang@flygoat.com>
> + *  MIPS CPU vulnerabilities
> + */
> +
> +#include <linux/device.h>
> +
> +#include <asm/cpu-info.h>
> +#include <asm/cpu.h>
> +
> +ssize_t cpu_show_meltdown(struct device *dev,
> +                         struct device_attribute *attr, char *buf)
> +{
> +       if (!(boot_cpu_data.vulnerabilities & MIPS_VULNBL_MELTDOWN))
> +               return sprintf(buf, "Unknown\n");
> +
> +       if (!(boot_cpu_data.vulnerable & MIPS_VULNBL_MELTDOWN))
> +               return sprintf(buf, "Not affected\n");
> +
> +       return sprintf(buf, "Affected\n");
> +}
> +
> +ssize_t cpu_show_spectre_v1(struct device *dev,
> +                           struct device_attribute *attr, char *buf)
> +{
> +       if (!(boot_cpu_data.vulnerabilities & MIPS_VULNBL_SPECTRE_V1))
> +               return sprintf(buf, "Unknown\n");
> +
> +       if (!(boot_cpu_data.vulnerable & MIPS_VULNBL_SPECTRE_V1))
> +               return sprintf(buf, "Not affected\n");
> +
> +       return sprintf(buf, "Affected\n");
> +}
> +
> +ssize_t cpu_show_spectre_v2(struct device *dev,
> +                                  struct device_attribute *attr, char *buf)
> +{
> +       if (!(boot_cpu_data.vulnerabilities & MIPS_VULNBL_SPECTRE_V2))
> +               return sprintf(buf, "Unknown\n");
> +
> +       if (!(boot_cpu_data.vulnerable & MIPS_VULNBL_SPECTRE_V2))
> +               return sprintf(buf, "Not affected\n");
> +
> +       return sprintf(buf, "Affected\n");
> +}
> --
> 2.30.0
>

Re: [PATCH 2/3] MIPS: cpu-probe: Vulnerabilities for MIPS cores

[Huacai Chen]

Reviewed-by: Huacai Chen <chenhuacai@kernel.org>

On Wed, Dec 30, 2020 at 11:25 AM Jiaxun Yang <jiaxun.yang@flygoat.com> wrote:
>
> Accorading to MIPS's announcement[1], only P5600 and P6600 is
> affected by spectre v1 and v2, other cores are not affected.
>
> So we mark vulnerabilities states for MIPS cores as known and
> set P5600 and P6600 as vulnerable.
>
> [1]: https://www.mips.com/blog/mips-response-on-speculative-execution-and-side-channel-vulnerabilities/
>
> Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
> ---
>  arch/mips/kernel/cpu-probe.c | 5 +++++
>  1 file changed, 5 insertions(+)
>
> diff --git a/arch/mips/kernel/cpu-probe.c b/arch/mips/kernel/cpu-probe.c
> index 03adeed58efb..2460783dbdb1 100644
> --- a/arch/mips/kernel/cpu-probe.c
> +++ b/arch/mips/kernel/cpu-probe.c
> @@ -1688,6 +1688,9 @@ static inline void cpu_probe_legacy(struct cpuinfo_mips *c, unsigned int cpu)
>  static inline void cpu_probe_mips(struct cpuinfo_mips *c, unsigned int cpu)
>  {
>         c->writecombine = _CACHE_UNCACHED_ACCELERATED;
> +       c->vulnerabilities |= MIPS_VULNBL_MELTDOWN |
> +                             MIPS_VULNBL_SPECTRE_V1 | MIPS_VULNBL_SPECTRE_V2;
> +
>         switch (c->processor_id & PRID_IMP_MASK) {
>         case PRID_IMP_QEMU_GENERIC:
>                 c->writecombine = _CACHE_UNCACHED;
> @@ -1794,10 +1797,12 @@ static inline void cpu_probe_mips(struct cpuinfo_mips *c, unsigned int cpu)
>         case PRID_IMP_P5600:
>                 c->cputype = CPU_P5600;
>                 __cpu_name[cpu] = "MIPS P5600";
> +               c->vulnerable |= MIPS_VULNBL_SPECTRE_V1 | MIPS_VULNBL_SPECTRE_V2;
>                 break;
>         case PRID_IMP_P6600:
>                 c->cputype = CPU_P6600;
>                 __cpu_name[cpu] = "MIPS P6600";
> +               c->vulnerable |= MIPS_VULNBL_SPECTRE_V1 | MIPS_VULNBL_SPECTRE_V2;
>                 break;
>         case PRID_IMP_I6400:
>                 c->cputype = CPU_I6400;
> --
> 2.30.0
>

Re: [PATCH 3/3] MIPS: cpu-probe: Vulnerabilities for Loongson cores

[Huacai Chen]

Hi, Jiaxun,

On Wed, Dec 30, 2020 at 11:26 AM Jiaxun Yang <jiaxun.yang@flygoat.com> wrote:
>
> Loongson64C is known to be vulnerable to meltdown according to
> PoC from Rui Wang <r@hev.cc>.
How about Loongson-3A1000/3B1500, and Loongson-2E/2F?

Huacai
>
> Loongson64G defended these side-channel attack by silicon.
>
> Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
> ---
>  arch/mips/kernel/cpu-probe.c | 4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/arch/mips/kernel/cpu-probe.c b/arch/mips/kernel/cpu-probe.c
> index 2460783dbdb1..24b21f51353c 100644
> --- a/arch/mips/kernel/cpu-probe.c
> +++ b/arch/mips/kernel/cpu-probe.c
> @@ -2092,6 +2092,8 @@ static inline void cpu_probe_loongson(struct cpuinfo_mips *c, unsigned int cpu)
>                 c->ases |= (MIPS_ASE_LOONGSON_MMI | MIPS_ASE_LOONGSON_CAM |
>                         MIPS_ASE_LOONGSON_EXT | MIPS_ASE_LOONGSON_EXT2);
>                 c->ases &= ~MIPS_ASE_VZ; /* VZ of Loongson-3A2000/3000 is incomplete */
> +               c->vulnerabilities |= MIPS_VULNBL_MELTDOWN;
> +               c->vulnerable |= MIPS_VULNBL_MELTDOWN;
>                 break;
>         case PRID_IMP_LOONGSON_64G:
>                 c->cputype = CPU_LOONGSON64;
> @@ -2100,6 +2102,8 @@ static inline void cpu_probe_loongson(struct cpuinfo_mips *c, unsigned int cpu)
>                 set_isa(c, MIPS_CPU_ISA_M64R2);
>                 decode_cpucfg(c);
>                 c->writecombine = _CACHE_UNCACHED_ACCELERATED;
> +               c->vulnerabilities |= MIPS_VULNBL_MELTDOWN |
> +                             MIPS_VULNBL_SPECTRE_V1 | MIPS_VULNBL_SPECTRE_V2;
>                 break;
>         default:
>                 panic("Unknown Loongson Processor ID!");
> --
> 2.30.0
>

Re: [PATCH 1/3] MIPS: Add vulnerabilities infrastructure

[WANG Xuerui]

Hi Jiaxun,

Overall a nice step towards a more conformant arch/mips! Some nits below 
though.


On 12/30/20 11:23 AM, Jiaxun Yang wrote:
> Add infrastructure to display CPU vulnerabilities.
> As most MIPS CPU vendors are dead today and we can't confirm
> vulnerabilities states with them, we'll display vulnerabilities
> as "Unknown" by default and override them in cpu-probe.c
Add trailing period.
>
> Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
> ---
>   arch/mips/Kconfig                |  1 +
>   arch/mips/include/asm/cpu-info.h |  5 ++++
>   arch/mips/include/asm/cpu.h      |  7 +++++
>   arch/mips/kernel/Makefile        |  2 +-
>   arch/mips/kernel/vulnbl.c        | 46 ++++++++++++++++++++++++++++++++
>   5 files changed, 60 insertions(+), 1 deletion(-)
>   create mode 100644 arch/mips/kernel/vulnbl.c
>
> diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
> index ef5b2a177b1b..524053b8f769 100644
> --- a/arch/mips/Kconfig
> +++ b/arch/mips/Kconfig
> @@ -24,6 +24,7 @@ config MIPS
>   	select GENERIC_CLOCKEVENTS
>   	select GENERIC_CMOS_UPDATE
>   	select GENERIC_CPU_AUTOPROBE
> +	select GENERIC_CPU_VULNERABILITIES
>   	select GENERIC_GETTIMEOFDAY
>   	select GENERIC_IOMAP
>   	select GENERIC_IRQ_PROBE
> diff --git a/arch/mips/include/asm/cpu-info.h b/arch/mips/include/asm/cpu-info.h
> index a600670d00e9..1a964dbfc0a8 100644
> --- a/arch/mips/include/asm/cpu-info.h
> +++ b/arch/mips/include/asm/cpu-info.h
> @@ -106,6 +106,11 @@ struct cpuinfo_mips {
>   	unsigned int		guestid_mask;
>   	unsigned int		guestid_cache;
>   
> +	/* Vulnerabilities */
> +	unsigned int		vulnerabilities; /* Vulnerabilities states that we known */
> +	unsigned int		vulnerable; /* Vulnerabilities affated */
> +	unsigned int		mitigations; /* Mitigations */

Could you make the field names a little clearer? Like "known_mask", 
"affected_mask" and "mitigated_mask"?

Also I wonder if removing the first mask is okay, since if a bit is 
neither "affected" nor "mitigated" then it must belong to the "unknown" 
case.

> +
>   #ifdef CONFIG_CPU_LOONGSON3_CPUCFG_EMULATION
>   	/* CPUCFG data for this CPU, synthesized at probe time.
>   	 *
> diff --git a/arch/mips/include/asm/cpu.h b/arch/mips/include/asm/cpu.h
> index f5b04e8f6061..3414c9f5464e 100644
> --- a/arch/mips/include/asm/cpu.h
> +++ b/arch/mips/include/asm/cpu.h
> @@ -447,4 +447,11 @@ enum cpu_type_enum {
>   #define MIPS_ASE_LOONGSON_EXT	0x00002000 /* Loongson EXTensions */
>   #define MIPS_ASE_LOONGSON_EXT2	0x00004000 /* Loongson EXTensions R2 */
>   
> +/*
> + * CPU security vulnerabilities
> + */
> +#define MIPS_VULNBL_MELTDOWN	BIT(0)
> +#define MIPS_VULNBL_SPECTRE_V1	BIT(1)
> +#define MIPS_VULNBL_SPECTRE_V2	BIT(2)
Looking at the arch/x86 vulnerabilities code, I tend to think that 
"VULNBL" is not (rather ugly) shorthand for "vulnerability", but 
"vulnerability blacklist" (!), because they have "VULNWL" for apparently 
"whitelist". So I suggest writing out "VULNERABILITY" fully for clarity.
> +
>   #endif /* _ASM_CPU_H */
> diff --git a/arch/mips/kernel/Makefile b/arch/mips/kernel/Makefile
> index 13a26d254829..39abc8ead5e0 100644
> --- a/arch/mips/kernel/Makefile
> +++ b/arch/mips/kernel/Makefile
> @@ -8,7 +8,7 @@ extra-y		:= head.o vmlinux.lds
>   obj-y		+= cmpxchg.o cpu-probe.o branch.o elf.o entry.o genex.o idle.o irq.o \
>   		   process.o prom.o ptrace.o reset.o setup.o signal.o \
>   		   syscall.o time.o topology.o traps.o unaligned.o watch.o \
> -		   vdso.o cacheinfo.o
> +		   vdso.o cacheinfo.o vulnbl.o
>   
>   ifdef CONFIG_FUNCTION_TRACER
>   CFLAGS_REMOVE_ftrace.o = -pg
> diff --git a/arch/mips/kernel/vulnbl.c b/arch/mips/kernel/vulnbl.c
> new file mode 100644
> index 000000000000..fc73da6214fe
> --- /dev/null
> +++ b/arch/mips/kernel/vulnbl.c
Same with this filename.
> @@ -0,0 +1,46 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + *  Copyright (C) 2020, Jiaxun Yang <jiaxun.yang@flygoat.com>
> + *  MIPS CPU vulnerabilities
> + */
> +
> +#include <linux/device.h>
> +
> +#include <asm/cpu-info.h>
> +#include <asm/cpu.h>
> +
> +ssize_t cpu_show_meltdown(struct device *dev,
> +			  struct device_attribute *attr, char *buf)
> +{
> +	if (!(boot_cpu_data.vulnerabilities & MIPS_VULNBL_MELTDOWN))
> +		return sprintf(buf, "Unknown\n");
> +
> +	if (!(boot_cpu_data.vulnerable & MIPS_VULNBL_MELTDOWN))
> +		return sprintf(buf, "Not affected\n");
> +
> +	return sprintf(buf, "Affected\n");
Be consistent with other arches and use "Vulnerable"?
> +}
> +
> +ssize_t cpu_show_spectre_v1(struct device *dev,
> +			    struct device_attribute *attr, char *buf)
> +{
> +	if (!(boot_cpu_data.vulnerabilities & MIPS_VULNBL_SPECTRE_V1))
> +		return sprintf(buf, "Unknown\n");
> +
> +	if (!(boot_cpu_data.vulnerable & MIPS_VULNBL_SPECTRE_V1))
> +		return sprintf(buf, "Not affected\n");
> +
> +	return sprintf(buf, "Affected\n");
Same as above.
> +}
> +
> +ssize_t cpu_show_spectre_v2(struct device *dev,
> +				   struct device_attribute *attr, char *buf)
> +{
> +	if (!(boot_cpu_data.vulnerabilities & MIPS_VULNBL_SPECTRE_V2))
> +		return sprintf(buf, "Unknown\n");
> +
> +	if (!(boot_cpu_data.vulnerable & MIPS_VULNBL_SPECTRE_V2))
> +		return sprintf(buf, "Not affected\n");
> +
> +	return sprintf(buf, "Affected\n");
Same as above.
> +}

Re: [PATCH 3/3] MIPS: cpu-probe: Vulnerabilities for Loongson cores

[WANG Xuerui]

Hi Jiaxun,

On 12/30/20 11:23 AM, Jiaxun Yang wrote:
> Loongson64C is known to be vulnerable to meltdown according to
> PoC from Rui Wang <r@hev.cc>.
>
> Loongson64G defended these side-channel attack by silicon.
"Loongson64G mitigated it in hardware"?
>
> Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
> ---
>   arch/mips/kernel/cpu-probe.c | 4 ++++
>   1 file changed, 4 insertions(+)
>
> diff --git a/arch/mips/kernel/cpu-probe.c b/arch/mips/kernel/cpu-probe.c
> index 2460783dbdb1..24b21f51353c 100644
> --- a/arch/mips/kernel/cpu-probe.c
> +++ b/arch/mips/kernel/cpu-probe.c
> @@ -2092,6 +2092,8 @@ static inline void cpu_probe_loongson(struct cpuinfo_mips *c, unsigned int cpu)
>   		c->ases |= (MIPS_ASE_LOONGSON_MMI | MIPS_ASE_LOONGSON_CAM |
>   			MIPS_ASE_LOONGSON_EXT | MIPS_ASE_LOONGSON_EXT2);
>   		c->ases &= ~MIPS_ASE_VZ; /* VZ of Loongson-3A2000/3000 is incomplete */
> +		c->vulnerabilities |= MIPS_VULNBL_MELTDOWN;
> +		c->vulnerable |= MIPS_VULNBL_MELTDOWN;
>   		break;
>   	case PRID_IMP_LOONGSON_64G:
>   		c->cputype = CPU_LOONGSON64;
> @@ -2100,6 +2102,8 @@ static inline void cpu_probe_loongson(struct cpuinfo_mips *c, unsigned int cpu)
>   		set_isa(c, MIPS_CPU_ISA_M64R2);
>   		decode_cpucfg(c);
>   		c->writecombine = _CACHE_UNCACHED_ACCELERATED;
> +		c->vulnerabilities |= MIPS_VULNBL_MELTDOWN |
> +			      MIPS_VULNBL_SPECTRE_V1 | MIPS_VULNBL_SPECTRE_V2;

Of course you forgot to set the "mitigated" mask... Oh wait.

It seems the "mitigated" mask in the 1st patch is never used, so either 
code there or here must be amended.

>   		break;
>   	default:
>   		panic("Unknown Loongson Processor ID!");

Re: [PATCH 3/3] MIPS: cpu-probe: Vulnerabilities for Loongson cores

[Jiaxun Yang]

在 2020/12/31 23:43, WANG Xuerui 写道:
> Hi Jiaxun,
>
> On 12/30/20 11:23 AM, Jiaxun Yang wrote:
>> Loongson64C is known to be vulnerable to meltdown according to
>> PoC from Rui Wang <r@hev.cc>.
>>
>> Loongson64G defended these side-channel attack by silicon.
> "Loongson64G mitigated it in hardware"?
>>
>> Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
>> ---
>>   arch/mips/kernel/cpu-probe.c | 4 ++++
>>   1 file changed, 4 insertions(+)
>>
>> diff --git a/arch/mips/kernel/cpu-probe.c b/arch/mips/kernel/cpu-probe.c
>> index 2460783dbdb1..24b21f51353c 100644
>> --- a/arch/mips/kernel/cpu-probe.c
>> +++ b/arch/mips/kernel/cpu-probe.c
>> @@ -2092,6 +2092,8 @@ static inline void cpu_probe_loongson(struct 
>> cpuinfo_mips *c, unsigned int cpu)
>>           c->ases |= (MIPS_ASE_LOONGSON_MMI | MIPS_ASE_LOONGSON_CAM |
>>               MIPS_ASE_LOONGSON_EXT | MIPS_ASE_LOONGSON_EXT2);
>>           c->ases &= ~MIPS_ASE_VZ; /* VZ of Loongson-3A2000/3000 is 
>> incomplete */
>> +        c->vulnerabilities |= MIPS_VULNBL_MELTDOWN;
>> +        c->vulnerable |= MIPS_VULNBL_MELTDOWN;
>>           break;
>>       case PRID_IMP_LOONGSON_64G:
>>           c->cputype = CPU_LOONGSON64;
>> @@ -2100,6 +2102,8 @@ static inline void cpu_probe_loongson(struct 
>> cpuinfo_mips *c, unsigned int cpu)
>>           set_isa(c, MIPS_CPU_ISA_M64R2);
>>           decode_cpucfg(c);
>>           c->writecombine = _CACHE_UNCACHED_ACCELERATED;
>> +        c->vulnerabilities |= MIPS_VULNBL_MELTDOWN |
>> +                  MIPS_VULNBL_SPECTRE_V1 | MIPS_VULNBL_SPECTRE_V2;
>
> Of course you forgot to set the "mitigated" mask... Oh wait.

Hi Xuerui,

Actually it belongs to not affected category as there is no action
to take in kernel.

>
> It seems the "mitigated" mask in the 1st patch is never used, so 
> either code there or here must be amended.

Yes, it's just a place holder for future kernel mitigations~
Or I should leave it until we find out these mitigations?

Thanks.

- Jiaxun

>
>>           break;
>>       default:
>>           panic("Unknown Loongson Processor ID!");

Re: [PATCH 1/3] MIPS: Add vulnerabilities infrastructure

[Jiaxun Yang]

在 2020/12/31 23:38, WANG Xuerui 写道:
> Hi Jiaxun,
>
> Overall a nice step towards a more conformant arch/mips! Some nits 
> below though.
>
>
> On 12/30/20 11:23 AM, Jiaxun Yang wrote:
>> Add infrastructure to display CPU vulnerabilities.
>> As most MIPS CPU vendors are dead today and we can't confirm
>> vulnerabilities states with them, we'll display vulnerabilities
>> as "Unknown" by default and override them in cpu-probe.c
> Add trailing period.
>>
>> Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
>> ---
>>   arch/mips/Kconfig                |  1 +
>>   arch/mips/include/asm/cpu-info.h |  5 ++++
>>   arch/mips/include/asm/cpu.h      |  7 +++++
>>   arch/mips/kernel/Makefile        |  2 +-
>>   arch/mips/kernel/vulnbl.c        | 46 ++++++++++++++++++++++++++++++++
>>   5 files changed, 60 insertions(+), 1 deletion(-)
>>   create mode 100644 arch/mips/kernel/vulnbl.c
>>
>> diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
>> index ef5b2a177b1b..524053b8f769 100644
>> --- a/arch/mips/Kconfig
>> +++ b/arch/mips/Kconfig
>> @@ -24,6 +24,7 @@ config MIPS
>>       select GENERIC_CLOCKEVENTS
>>       select GENERIC_CMOS_UPDATE
>>       select GENERIC_CPU_AUTOPROBE
>> +    select GENERIC_CPU_VULNERABILITIES
>>       select GENERIC_GETTIMEOFDAY
>>       select GENERIC_IOMAP
>>       select GENERIC_IRQ_PROBE
>> diff --git a/arch/mips/include/asm/cpu-info.h 
>> b/arch/mips/include/asm/cpu-info.h
>> index a600670d00e9..1a964dbfc0a8 100644
>> --- a/arch/mips/include/asm/cpu-info.h
>> +++ b/arch/mips/include/asm/cpu-info.h
>> @@ -106,6 +106,11 @@ struct cpuinfo_mips {
>>       unsigned int        guestid_mask;
>>       unsigned int        guestid_cache;
>>   +    /* Vulnerabilities */
>> +    unsigned int        vulnerabilities; /* Vulnerabilities states 
>> that we known */
>> +    unsigned int        vulnerable; /* Vulnerabilities affated */
>> +    unsigned int        mitigations; /* Mitigations */
>
> Could you make the field names a little clearer? Like "known_mask", 
> "affected_mask" and "mitigated_mask"?
>
> Also I wonder if removing the first mask is okay, since if a bit is 
> neither "affected" nor "mitigated" then it must belong to the 
> "unknown" case.

Actually we have no way to mitigate them in kernel for now :-(


>
>> +
>>   #ifdef CONFIG_CPU_LOONGSON3_CPUCFG_EMULATION
>>       /* CPUCFG data for this CPU, synthesized at probe time.
>>        *
>> diff --git a/arch/mips/include/asm/cpu.h b/arch/mips/include/asm/cpu.h
>> index f5b04e8f6061..3414c9f5464e 100644
>> --- a/arch/mips/include/asm/cpu.h
>> +++ b/arch/mips/include/asm/cpu.h
>> @@ -447,4 +447,11 @@ enum cpu_type_enum {
>>   #define MIPS_ASE_LOONGSON_EXT    0x00002000 /* Loongson EXTensions */
>>   #define MIPS_ASE_LOONGSON_EXT2    0x00004000 /* Loongson EXTensions 
>> R2 */
>>   +/*
>> + * CPU security vulnerabilities
>> + */
>> +#define MIPS_VULNBL_MELTDOWN    BIT(0)
>> +#define MIPS_VULNBL_SPECTRE_V1    BIT(1)
>> +#define MIPS_VULNBL_SPECTRE_V2    BIT(2)
> Looking at the arch/x86 vulnerabilities code, I tend to think that 
> "VULNBL" is not (rather ugly) shorthand for "vulnerability", but 
> "vulnerability blacklist" (!), because they have "VULNWL" for 
> apparently "whitelist". So I suggest writing out "VULNERABILITY" fully 
> for clarity.
>> +
>>   #endif /* _ASM_CPU_H */
>> diff --git a/arch/mips/kernel/Makefile b/arch/mips/kernel/Makefile
>> index 13a26d254829..39abc8ead5e0 100644
>> --- a/arch/mips/kernel/Makefile
>> +++ b/arch/mips/kernel/Makefile
>> @@ -8,7 +8,7 @@ extra-y        := head.o vmlinux.lds
>>   obj-y        += cmpxchg.o cpu-probe.o branch.o elf.o entry.o 
>> genex.o idle.o irq.o \
>>              process.o prom.o ptrace.o reset.o setup.o signal.o \
>>              syscall.o time.o topology.o traps.o unaligned.o watch.o \
>> -           vdso.o cacheinfo.o
>> +           vdso.o cacheinfo.o vulnbl.o
>>     ifdef CONFIG_FUNCTION_TRACER
>>   CFLAGS_REMOVE_ftrace.o = -pg
>> diff --git a/arch/mips/kernel/vulnbl.c b/arch/mips/kernel/vulnbl.c
>> new file mode 100644
>> index 000000000000..fc73da6214fe
>> --- /dev/null
>> +++ b/arch/mips/kernel/vulnbl.c
> Same with this filename.
>> @@ -0,0 +1,46 @@
>> +// SPDX-License-Identifier: GPL-2.0
>> +/*
>> + *  Copyright (C) 2020, Jiaxun Yang <jiaxun.yang@flygoat.com>
>> + *  MIPS CPU vulnerabilities
>> + */
>> +
>> +#include <linux/device.h>
>> +
>> +#include <asm/cpu-info.h>
>> +#include <asm/cpu.h>
>> +
>> +ssize_t cpu_show_meltdown(struct device *dev,
>> +              struct device_attribute *attr, char *buf)
>> +{
>> +    if (!(boot_cpu_data.vulnerabilities & MIPS_VULNBL_MELTDOWN))
>> +        return sprintf(buf, "Unknown\n");
>> +
>> +    if (!(boot_cpu_data.vulnerable & MIPS_VULNBL_MELTDOWN))
>> +        return sprintf(buf, "Not affected\n");
>> +
>> +    return sprintf(buf, "Affected\n");
> Be consistent with other arches and use "Vulnerable"?
>> +}
>> +
>> +ssize_t cpu_show_spectre_v1(struct device *dev,
>> +                struct device_attribute *attr, char *buf)
>> +{
>> +    if (!(boot_cpu_data.vulnerabilities & MIPS_VULNBL_SPECTRE_V1))
>> +        return sprintf(buf, "Unknown\n");
>> +
>> +    if (!(boot_cpu_data.vulnerable & MIPS_VULNBL_SPECTRE_V1))
>> +        return sprintf(buf, "Not affected\n");
>> +
>> +    return sprintf(buf, "Affected\n");
> Same as above.
>> +}
>> +
>> +ssize_t cpu_show_spectre_v2(struct device *dev,
>> +                   struct device_attribute *attr, char *buf)
>> +{
>> +    if (!(boot_cpu_data.vulnerabilities & MIPS_VULNBL_SPECTRE_V2))
>> +        return sprintf(buf, "Unknown\n");
>> +
>> +    if (!(boot_cpu_data.vulnerable & MIPS_VULNBL_SPECTRE_V2))
>> +        return sprintf(buf, "Not affected\n");
>> +
>> +    return sprintf(buf, "Affected\n");
> Same as above.
>> +}