From: Jeremy Linton <jeremy.linton@arm.com> To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will.deacon@arm.com, marc.zyngier@arm.com, suzuki.poulose@arm.com, dave.martin@arm.com, shankerd@codeaurora.org, mark.rutland@arm.com, linux-kernel@vger.kernel.org, ykaukab@suse.de, julien.thierry@arm.com, mlangsdo@redhat.com, steven.price@arm.com, Jeremy Linton <jeremy.linton@arm.com> Subject: [PATCH v2 2/7] arm64: kpti: move check for non-vulnerable CPUs to a function Date: Wed, 2 Jan 2019 18:49:16 -0600 [thread overview] Message-ID: <20190103004921.1928921-3-jeremy.linton@arm.com> (raw) In-Reply-To: <20190103004921.1928921-1-jeremy.linton@arm.com> From: Mian Yousaf Kaukab <ykaukab@suse.de> Add is_meltdown_safe() which is a whitelist of known safe cores. Signed-off-by: Mian Yousaf Kaukab <ykaukab@suse.de> [Moved location of function] Signed-off-by: Jeremy Linton <jeremy.linton@arm.com> --- arch/arm64/kernel/cpufeature.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 4f272399de89..ab784d7a0083 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -947,8 +947,7 @@ has_useable_cnp(const struct arm64_cpu_capabilities *entry, int scope) #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 static int __kpti_forced; /* 0: not forced, >0: forced on, <0: forced off */ -static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, - int scope) +static bool is_cpu_meltdown_safe(void) { /* List of CPUs that are not vulnerable and don't need KPTI */ static const struct midr_range kpti_safe_list[] = { @@ -962,6 +961,15 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), { /* sentinel */ } }; + if (is_midr_in_range_list(read_cpuid_id(), kpti_safe_list)) + return true; + + return false; +} + +static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, + int scope) +{ char const *str = "command line option"; /* @@ -985,8 +993,7 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) return true; - /* Don't force KPTI for CPUs that are not vulnerable */ - if (is_midr_in_range_list(read_cpuid_id(), kpti_safe_list)) + if (is_cpu_meltdown_safe()) return false; /* Defer to CPU feature registers */ -- 2.17.2
WARNING: multiple messages have this Message-ID (diff)
From: Jeremy Linton <jeremy.linton@arm.com> To: linux-arm-kernel@lists.infradead.org Cc: mark.rutland@arm.com, mlangsdo@redhat.com, suzuki.poulose@arm.com, marc.zyngier@arm.com, catalin.marinas@arm.com, julien.thierry@arm.com, will.deacon@arm.com, linux-kernel@vger.kernel.org, Jeremy Linton <jeremy.linton@arm.com>, steven.price@arm.com, ykaukab@suse.de, dave.martin@arm.com, shankerd@codeaurora.org Subject: [PATCH v2 2/7] arm64: kpti: move check for non-vulnerable CPUs to a function Date: Wed, 2 Jan 2019 18:49:16 -0600 [thread overview] Message-ID: <20190103004921.1928921-3-jeremy.linton@arm.com> (raw) In-Reply-To: <20190103004921.1928921-1-jeremy.linton@arm.com> From: Mian Yousaf Kaukab <ykaukab@suse.de> Add is_meltdown_safe() which is a whitelist of known safe cores. Signed-off-by: Mian Yousaf Kaukab <ykaukab@suse.de> [Moved location of function] Signed-off-by: Jeremy Linton <jeremy.linton@arm.com> --- arch/arm64/kernel/cpufeature.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 4f272399de89..ab784d7a0083 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -947,8 +947,7 @@ has_useable_cnp(const struct arm64_cpu_capabilities *entry, int scope) #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 static int __kpti_forced; /* 0: not forced, >0: forced on, <0: forced off */ -static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, - int scope) +static bool is_cpu_meltdown_safe(void) { /* List of CPUs that are not vulnerable and don't need KPTI */ static const struct midr_range kpti_safe_list[] = { @@ -962,6 +961,15 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), { /* sentinel */ } }; + if (is_midr_in_range_list(read_cpuid_id(), kpti_safe_list)) + return true; + + return false; +} + +static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, + int scope) +{ char const *str = "command line option"; /* @@ -985,8 +993,7 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) return true; - /* Don't force KPTI for CPUs that are not vulnerable */ - if (is_midr_in_range_list(read_cpuid_id(), kpti_safe_list)) + if (is_cpu_meltdown_safe()) return false; /* Defer to CPU feature registers */ -- 2.17.2 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-01-03 0:49 UTC|newest] Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-01-03 0:49 [PATCH v2 0/7] add system vulnerability sysfs entries Jeremy Linton 2019-01-03 0:49 ` Jeremy Linton 2019-01-03 0:49 ` [PATCH v2 1/7] sysfs/cpu: Add "Unknown" vulnerability state Jeremy Linton 2019-01-03 0:49 ` Jeremy Linton 2019-01-03 9:38 ` Greg Kroah-Hartman 2019-01-03 9:38 ` Greg Kroah-Hartman 2019-01-03 16:38 ` Jeremy Linton 2019-01-03 16:38 ` Jeremy Linton 2019-01-03 16:48 ` Greg Kroah-Hartman 2019-01-03 16:48 ` Greg Kroah-Hartman 2019-01-04 14:08 ` Dave Martin 2019-01-04 14:08 ` Dave Martin 2019-01-04 14:18 ` Greg Kroah-Hartman 2019-01-04 14:18 ` Greg Kroah-Hartman 2019-01-04 14:55 ` Will Deacon 2019-01-04 14:55 ` Will Deacon 2019-01-03 16:37 ` Dave Martin 2019-01-03 16:37 ` Dave Martin 2019-01-03 16:46 ` Jeremy Linton 2019-01-03 16:46 ` Jeremy Linton 2019-01-03 19:30 ` Stefan Wahren 2019-01-03 19:30 ` Stefan Wahren 2019-01-03 20:32 ` Jeremy Linton 2019-01-03 20:32 ` Jeremy Linton 2019-01-04 10:13 ` Will Deacon 2019-01-04 10:13 ` Will Deacon 2019-01-03 0:49 ` Jeremy Linton [this message] 2019-01-03 0:49 ` [PATCH v2 2/7] arm64: kpti: move check for non-vulnerable CPUs to a function Jeremy Linton 2019-01-03 0:49 ` [PATCH v2 3/7] arm64: add sysfs vulnerability show for meltdown Jeremy Linton 2019-01-03 0:49 ` Jeremy Linton 2019-01-03 0:49 ` [PATCH v2 4/7] arm64: add sysfs vulnerability show for spectre v1 Jeremy Linton 2019-01-03 0:49 ` Jeremy Linton 2019-01-03 0:49 ` [PATCH v2 5/7] arm64: add sysfs vulnerability show for spectre v2 Jeremy Linton 2019-01-03 0:49 ` Jeremy Linton 2019-01-03 0:49 ` [PATCH v2 6/7] arm64: add sysfs vulnerability show for speculative store bypass Jeremy Linton 2019-01-03 0:49 ` Jeremy Linton 2019-01-03 0:49 ` [PATCH v2 7/7] arm64: enable generic CPU vulnerabilites support Jeremy Linton 2019-01-03 0:49 ` Jeremy Linton
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20190103004921.1928921-3-jeremy.linton@arm.com \ --to=jeremy.linton@arm.com \ --cc=catalin.marinas@arm.com \ --cc=dave.martin@arm.com \ --cc=julien.thierry@arm.com \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=marc.zyngier@arm.com \ --cc=mark.rutland@arm.com \ --cc=mlangsdo@redhat.com \ --cc=shankerd@codeaurora.org \ --cc=steven.price@arm.com \ --cc=suzuki.poulose@arm.com \ --cc=will.deacon@arm.com \ --cc=ykaukab@suse.de \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.