From: Jeremy Linton <jeremy.linton@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: catalin.marinas@arm.com, will.deacon@arm.com,
marc.zyngier@arm.com, suzuki.poulose@arm.com,
dave.martin@arm.com, shankerd@codeaurora.org,
linux-kernel@vger.kernel.org, ykaukab@suse.de,
julien.thierry@arm.com, mlangsdo@redhat.com,
steven.price@arm.com, stefan.wahren@i2se.com,
Jeremy Linton <jeremy.linton@arm.com>
Subject: [PATCH v4 07/12] arm64: add sysfs vulnerability show for meltdown
Date: Fri, 25 Jan 2019 12:07:06 -0600 [thread overview]
Message-ID: <20190125180711.1970973-8-jeremy.linton@arm.com> (raw)
In-Reply-To: <20190125180711.1970973-1-jeremy.linton@arm.com>
Display the mitigation status if active, otherwise
assume the cpu is safe unless it doesn't have CSV3
and isn't in our whitelist.
Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
---
arch/arm64/kernel/cpufeature.c | 33 +++++++++++++++++++++++++++------
1 file changed, 27 insertions(+), 6 deletions(-)
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index a9e18b9cdc1e..624dfe0b5cdd 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -944,6 +944,8 @@ has_useable_cnp(const struct arm64_cpu_capabilities *entry, int scope)
return has_cpuid_feature(entry, scope);
}
+/* default value is invalid until unmap_kernel_at_el0() runs */
+static bool __meltdown_safe = true;
static int __kpti_forced; /* 0: not forced, >0: forced on, <0: forced off */
static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
@@ -962,6 +964,16 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
{ /* sentinel */ }
};
char const *str = "command line option";
+ bool meltdown_safe;
+
+ meltdown_safe = is_midr_in_range_list(read_cpuid_id(), kpti_safe_list);
+
+ /* Defer to CPU feature registers */
+ if (has_cpuid_feature(entry, scope))
+ meltdown_safe = true;
+
+ if (!meltdown_safe)
+ __meltdown_safe = false;
/*
* For reasons that aren't entirely clear, enabling KPTI on Cavium
@@ -984,12 +996,7 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
if (IS_ENABLED(CONFIG_RANDOMIZE_BASE))
return kaslr_offset() > 0;
- /* Don't force KPTI for CPUs that are not vulnerable */
- if (is_midr_in_range_list(read_cpuid_id(), kpti_safe_list))
- return false;
-
- /* Defer to CPU feature registers */
- return !has_cpuid_feature(entry, scope);
+ return !meltdown_safe;
}
static void
@@ -2055,3 +2062,17 @@ static int __init enable_mrs_emulation(void)
}
core_initcall(enable_mrs_emulation);
+
+#ifdef CONFIG_GENERIC_CPU_VULNERABILITIES
+ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr,
+ char *buf)
+{
+ if (arm64_kernel_unmapped_at_el0())
+ return sprintf(buf, "Mitigation: KPTI\n");
+
+ if (__meltdown_safe)
+ return sprintf(buf, "Not affected\n");
+
+ return sprintf(buf, "Vulnerable\n");
+}
+#endif
--
2.17.2
WARNING: multiple messages have this Message-ID (diff)
From: Jeremy Linton <jeremy.linton@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: stefan.wahren@i2se.com, mlangsdo@redhat.com,
suzuki.poulose@arm.com, marc.zyngier@arm.com,
catalin.marinas@arm.com, julien.thierry@arm.com,
will.deacon@arm.com, linux-kernel@vger.kernel.org,
Jeremy Linton <jeremy.linton@arm.com>,
steven.price@arm.com, ykaukab@suse.de, dave.martin@arm.com,
shankerd@codeaurora.org
Subject: [PATCH v4 07/12] arm64: add sysfs vulnerability show for meltdown
Date: Fri, 25 Jan 2019 12:07:06 -0600 [thread overview]
Message-ID: <20190125180711.1970973-8-jeremy.linton@arm.com> (raw)
In-Reply-To: <20190125180711.1970973-1-jeremy.linton@arm.com>
Display the mitigation status if active, otherwise
assume the cpu is safe unless it doesn't have CSV3
and isn't in our whitelist.
Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
---
arch/arm64/kernel/cpufeature.c | 33 +++++++++++++++++++++++++++------
1 file changed, 27 insertions(+), 6 deletions(-)
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index a9e18b9cdc1e..624dfe0b5cdd 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -944,6 +944,8 @@ has_useable_cnp(const struct arm64_cpu_capabilities *entry, int scope)
return has_cpuid_feature(entry, scope);
}
+/* default value is invalid until unmap_kernel_at_el0() runs */
+static bool __meltdown_safe = true;
static int __kpti_forced; /* 0: not forced, >0: forced on, <0: forced off */
static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
@@ -962,6 +964,16 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
{ /* sentinel */ }
};
char const *str = "command line option";
+ bool meltdown_safe;
+
+ meltdown_safe = is_midr_in_range_list(read_cpuid_id(), kpti_safe_list);
+
+ /* Defer to CPU feature registers */
+ if (has_cpuid_feature(entry, scope))
+ meltdown_safe = true;
+
+ if (!meltdown_safe)
+ __meltdown_safe = false;
/*
* For reasons that aren't entirely clear, enabling KPTI on Cavium
@@ -984,12 +996,7 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
if (IS_ENABLED(CONFIG_RANDOMIZE_BASE))
return kaslr_offset() > 0;
- /* Don't force KPTI for CPUs that are not vulnerable */
- if (is_midr_in_range_list(read_cpuid_id(), kpti_safe_list))
- return false;
-
- /* Defer to CPU feature registers */
- return !has_cpuid_feature(entry, scope);
+ return !meltdown_safe;
}
static void
@@ -2055,3 +2062,17 @@ static int __init enable_mrs_emulation(void)
}
core_initcall(enable_mrs_emulation);
+
+#ifdef CONFIG_GENERIC_CPU_VULNERABILITIES
+ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr,
+ char *buf)
+{
+ if (arm64_kernel_unmapped_at_el0())
+ return sprintf(buf, "Mitigation: KPTI\n");
+
+ if (__meltdown_safe)
+ return sprintf(buf, "Not affected\n");
+
+ return sprintf(buf, "Vulnerable\n");
+}
+#endif
--
2.17.2
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-01-25 18:07 UTC|newest]
Thread overview: 73+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-25 18:06 [PATCH v4 00/12] arm64: add system vulnerability sysfs entries Jeremy Linton
2019-01-25 18:06 ` Jeremy Linton
2019-01-25 18:07 ` [PATCH v4 01/12] Documentation: Document arm64 kpti control Jeremy Linton
2019-01-25 18:07 ` Jeremy Linton
2019-01-30 18:02 ` Andre Przywara
2019-01-30 18:02 ` Andre Przywara
2019-02-06 19:24 ` Jeremy Linton
2019-02-06 19:24 ` Jeremy Linton
2019-02-06 21:06 ` André Przywara
2019-02-06 21:06 ` André Przywara
2019-01-31 17:58 ` Andre Przywara
2019-01-31 17:58 ` Andre Przywara
2019-02-07 0:25 ` Jonathan Corbet
2019-02-07 0:25 ` Jonathan Corbet
2019-01-25 18:07 ` [PATCH v4 02/12] arm64: Provide a command line to disable spectre_v2 mitigation Jeremy Linton
2019-01-25 18:07 ` Jeremy Linton
2019-01-30 18:03 ` Andre Przywara
2019-01-30 18:03 ` Andre Przywara
2019-01-25 18:07 ` [PATCH v4 03/12] arm64: Remove the ability to build a kernel without ssbd Jeremy Linton
2019-01-25 18:07 ` Jeremy Linton
2019-01-25 18:07 ` Jeremy Linton
2019-01-30 18:04 ` Andre Przywara
2019-01-30 18:04 ` Andre Przywara
2019-02-15 18:20 ` Catalin Marinas
2019-02-15 18:20 ` Catalin Marinas
2019-02-15 18:20 ` Catalin Marinas
2019-02-15 18:54 ` Jeremy Linton
2019-02-15 18:54 ` Jeremy Linton
2019-01-25 18:07 ` [PATCH v4 04/12] arm64: remove the ability to build a kernel without hardened branch predictors Jeremy Linton
2019-01-25 18:07 ` Jeremy Linton
2019-01-30 18:04 ` Andre Przywara
2019-01-30 18:04 ` Andre Przywara
2019-01-30 18:04 ` Andre Przywara
2019-01-25 18:07 ` [PATCH v4 05/12] arm64: remove the ability to build a kernel without kpti Jeremy Linton
2019-01-25 18:07 ` Jeremy Linton
2019-01-30 18:05 ` Andre Przywara
2019-01-30 18:05 ` Andre Przywara
2019-01-25 18:07 ` [PATCH v4 06/12] arm64: add sysfs vulnerability show for spectre v1 Jeremy Linton
2019-01-25 18:07 ` Jeremy Linton
2019-01-31 17:52 ` Andre Przywara
2019-01-31 17:52 ` Andre Przywara
2019-01-25 18:07 ` Jeremy Linton [this message]
2019-01-25 18:07 ` [PATCH v4 07/12] arm64: add sysfs vulnerability show for meltdown Jeremy Linton
2019-01-31 9:28 ` Julien Thierry
2019-01-31 9:28 ` Julien Thierry
2019-01-31 21:48 ` Jeremy Linton
2019-01-31 21:48 ` Jeremy Linton
2019-01-31 17:54 ` Andre Przywara
2019-01-31 17:54 ` Andre Przywara
2019-01-31 21:53 ` Jeremy Linton
2019-01-31 21:53 ` Jeremy Linton
2019-01-25 18:07 ` [PATCH v4 08/12] arm64: Advertise mitigation of Spectre-v2, or lack thereof Jeremy Linton
2019-01-25 18:07 ` Jeremy Linton
2019-01-31 17:54 ` Andre Przywara
2019-01-31 17:54 ` Andre Przywara
2019-01-25 18:07 ` [PATCH v4 09/12] arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 Jeremy Linton
2019-01-25 18:07 ` Jeremy Linton
2019-01-31 17:55 ` Andre Przywara
2019-01-31 17:55 ` Andre Przywara
2019-01-25 18:07 ` [PATCH v4 10/12] arm64: add sysfs vulnerability show for spectre v2 Jeremy Linton
2019-01-25 18:07 ` Jeremy Linton
2019-01-31 17:55 ` Andre Przywara
2019-01-31 17:55 ` Andre Przywara
2019-01-25 18:07 ` [PATCH v4 11/12] arm64: add sysfs vulnerability show for speculative store bypass Jeremy Linton
2019-01-25 18:07 ` Jeremy Linton
2019-01-31 17:55 ` Andre Przywara
2019-01-31 17:55 ` Andre Przywara
2019-01-25 18:07 ` [PATCH v4 12/12] arm64: enable generic CPU vulnerabilites support Jeremy Linton
2019-01-25 18:07 ` Jeremy Linton
2019-01-31 17:56 ` Andre Przywara
2019-01-31 17:56 ` Andre Przywara
2019-02-08 20:05 ` [PATCH v4 00/12] arm64: add system vulnerability sysfs entries Stefan Wahren
2019-02-08 20:05 ` Stefan Wahren
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190125180711.1970973-8-jeremy.linton@arm.com \
--to=jeremy.linton@arm.com \
--cc=catalin.marinas@arm.com \
--cc=dave.martin@arm.com \
--cc=julien.thierry@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marc.zyngier@arm.com \
--cc=mlangsdo@redhat.com \
--cc=shankerd@codeaurora.org \
--cc=stefan.wahren@i2se.com \
--cc=steven.price@arm.com \
--cc=suzuki.poulose@arm.com \
--cc=will.deacon@arm.com \
--cc=ykaukab@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.