From: Jeremy Linton <jeremy.linton@arm.com> To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will.deacon@arm.com, marc.zyngier@arm.com, suzuki.poulose@arm.com, Dave.Martin@arm.com, shankerd@codeaurora.org, julien.thierry@arm.com, mlangsdo@redhat.com, stefan.wahren@i2e.com, Andre.Przywara@arm.com, linux-kernel@vger.kernel.org, Jeremy Linton <jeremy.linton@arm.com> Subject: [PATCH v5 06/10] arm64: Always enable spectrev2 vulnerability detection Date: Tue, 26 Feb 2019 19:05:40 -0600 [thread overview] Message-ID: <20190227010544.597579-7-jeremy.linton@arm.com> (raw) In-Reply-To: <20190227010544.597579-1-jeremy.linton@arm.com> The sysfs patches need to display machine vulnerability status regardless of kernel config. Prepare for that by breaking out the vulnerability/mitigation detection code from the logic which implements the mitigation. Signed-off-by: Jeremy Linton <jeremy.linton@arm.com> --- arch/arm64/kernel/cpu_errata.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 77f021e78a28..a27e1ee750e1 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -109,12 +109,12 @@ cpu_enable_trap_ctr_access(const struct arm64_cpu_capabilities *__unused) atomic_t arm64_el2_vector_last_slot = ATOMIC_INIT(-1); -#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR #include <asm/mmu_context.h> #include <asm/cacheflush.h> DEFINE_PER_CPU_READ_MOSTLY(struct bp_hardening_data, bp_hardening_data); + #ifdef CONFIG_KVM_INDIRECT_VECTORS extern char __smccc_workaround_1_smc_start[]; extern char __smccc_workaround_1_smc_end[]; @@ -270,11 +270,11 @@ static int detect_harden_bp_fw(void) ((midr & MIDR_CPU_MODEL_MASK) == MIDR_QCOM_FALKOR_V1)) cb = qcom_link_stack_sanitization; - install_bp_hardening_cb(cb, smccc_start, smccc_end); + if (IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR)) + install_bp_hardening_cb(cb, smccc_start, smccc_end); return 1; } -#endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */ #ifdef CONFIG_ARM64_SSBD DEFINE_PER_CPU_READ_MOSTLY(u64, arm64_ssbd_callback_required); @@ -513,7 +513,6 @@ cpu_enable_cache_maint_trap(const struct arm64_cpu_capabilities *__unused) .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, \ CAP_MIDR_RANGE_LIST(midr_list) -#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR /* * List of CPUs that do not need any Spectre-v2 mitigation at all. */ @@ -545,6 +544,11 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope) if (!need_wa) return false; + if (!IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR)) { + pr_warn_once("spectrev2 mitigation disabled by configuration\n"); + return false; + } + /* forced off */ if (__nospectre_v2) { pr_info_once("spectrev2 mitigation disabled by command line option\n"); @@ -557,8 +561,6 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope) return (need_wa > 0); } -#endif - #ifdef CONFIG_HARDEN_EL2_VECTORS static const struct midr_range arm64_harden_el2_vectors[] = { @@ -732,13 +734,11 @@ const struct arm64_cpu_capabilities arm64_errata[] = { ERRATA_MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), }, #endif -#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR { .capability = ARM64_HARDEN_BRANCH_PREDICTOR, .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, .matches = check_branch_predictor, }, -#endif #ifdef CONFIG_HARDEN_EL2_VECTORS { .desc = "EL2 vector hardening", -- 2.20.1
WARNING: multiple messages have this Message-ID (diff)
From: Jeremy Linton <jeremy.linton@arm.com> To: linux-arm-kernel@lists.infradead.org Cc: mlangsdo@redhat.com, suzuki.poulose@arm.com, marc.zyngier@arm.com, catalin.marinas@arm.com, julien.thierry@arm.com, will.deacon@arm.com, linux-kernel@vger.kernel.org, Jeremy Linton <jeremy.linton@arm.com>, stefan.wahren@i2e.com, Andre.Przywara@arm.com, Dave.Martin@arm.com, shankerd@codeaurora.org Subject: [PATCH v5 06/10] arm64: Always enable spectrev2 vulnerability detection Date: Tue, 26 Feb 2019 19:05:40 -0600 [thread overview] Message-ID: <20190227010544.597579-7-jeremy.linton@arm.com> (raw) In-Reply-To: <20190227010544.597579-1-jeremy.linton@arm.com> The sysfs patches need to display machine vulnerability status regardless of kernel config. Prepare for that by breaking out the vulnerability/mitigation detection code from the logic which implements the mitigation. Signed-off-by: Jeremy Linton <jeremy.linton@arm.com> --- arch/arm64/kernel/cpu_errata.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 77f021e78a28..a27e1ee750e1 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -109,12 +109,12 @@ cpu_enable_trap_ctr_access(const struct arm64_cpu_capabilities *__unused) atomic_t arm64_el2_vector_last_slot = ATOMIC_INIT(-1); -#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR #include <asm/mmu_context.h> #include <asm/cacheflush.h> DEFINE_PER_CPU_READ_MOSTLY(struct bp_hardening_data, bp_hardening_data); + #ifdef CONFIG_KVM_INDIRECT_VECTORS extern char __smccc_workaround_1_smc_start[]; extern char __smccc_workaround_1_smc_end[]; @@ -270,11 +270,11 @@ static int detect_harden_bp_fw(void) ((midr & MIDR_CPU_MODEL_MASK) == MIDR_QCOM_FALKOR_V1)) cb = qcom_link_stack_sanitization; - install_bp_hardening_cb(cb, smccc_start, smccc_end); + if (IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR)) + install_bp_hardening_cb(cb, smccc_start, smccc_end); return 1; } -#endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */ #ifdef CONFIG_ARM64_SSBD DEFINE_PER_CPU_READ_MOSTLY(u64, arm64_ssbd_callback_required); @@ -513,7 +513,6 @@ cpu_enable_cache_maint_trap(const struct arm64_cpu_capabilities *__unused) .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, \ CAP_MIDR_RANGE_LIST(midr_list) -#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR /* * List of CPUs that do not need any Spectre-v2 mitigation at all. */ @@ -545,6 +544,11 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope) if (!need_wa) return false; + if (!IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR)) { + pr_warn_once("spectrev2 mitigation disabled by configuration\n"); + return false; + } + /* forced off */ if (__nospectre_v2) { pr_info_once("spectrev2 mitigation disabled by command line option\n"); @@ -557,8 +561,6 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope) return (need_wa > 0); } -#endif - #ifdef CONFIG_HARDEN_EL2_VECTORS static const struct midr_range arm64_harden_el2_vectors[] = { @@ -732,13 +734,11 @@ const struct arm64_cpu_capabilities arm64_errata[] = { ERRATA_MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), }, #endif -#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR { .capability = ARM64_HARDEN_BRANCH_PREDICTOR, .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, .matches = check_branch_predictor, }, -#endif #ifdef CONFIG_HARDEN_EL2_VECTORS { .desc = "EL2 vector hardening", -- 2.20.1 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-02-27 1:06 UTC|newest] Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-02-27 1:05 [PATCH v5 00/10] arm64: add system vulnerability sysfs entries Jeremy Linton 2019-02-27 1:05 ` Jeremy Linton 2019-02-27 1:05 ` [PATCH v5 01/10] arm64: Provide a command line to disable spectre_v2 mitigation Jeremy Linton 2019-02-27 1:05 ` Jeremy Linton 2019-02-28 18:14 ` Suzuki K Poulose 2019-02-28 18:14 ` Suzuki K Poulose 2019-02-28 18:21 ` Catalin Marinas 2019-02-28 18:21 ` Catalin Marinas 2019-02-28 18:25 ` Suzuki K Poulose 2019-02-28 18:25 ` Suzuki K Poulose 2019-03-01 6:54 ` Andre Przywara 2019-03-01 6:54 ` Andre Przywara 2019-02-27 1:05 ` [PATCH v5 02/10] arm64: add sysfs vulnerability show for spectre v1 Jeremy Linton 2019-02-27 1:05 ` Jeremy Linton 2019-02-28 18:29 ` Suzuki K Poulose 2019-02-28 18:29 ` Suzuki K Poulose 2019-03-01 6:54 ` Andre Przywara 2019-03-01 6:54 ` Andre Przywara 2019-02-27 1:05 ` [PATCH v5 03/10] arm64: add sysfs vulnerability show for meltdown Jeremy Linton 2019-02-27 1:05 ` Jeremy Linton 2019-02-28 18:33 ` Suzuki K Poulose 2019-02-28 18:33 ` Suzuki K Poulose 2019-03-01 7:11 ` Andre Przywara 2019-03-01 7:11 ` Andre Przywara 2019-03-01 16:12 ` Jeremy Linton 2019-03-01 16:12 ` Jeremy Linton 2019-03-01 16:20 ` Catalin Marinas 2019-03-01 16:20 ` Catalin Marinas 2019-03-01 16:53 ` Jeremy Linton 2019-03-01 16:53 ` Jeremy Linton 2019-03-01 17:15 ` Catalin Marinas 2019-03-01 17:15 ` Catalin Marinas 2019-03-01 17:30 ` Andre Przywara 2019-03-01 17:30 ` Andre Przywara 2019-02-27 1:05 ` [PATCH v5 04/10] arm64: Advertise mitigation of Spectre-v2, or lack thereof Jeremy Linton 2019-02-27 1:05 ` Jeremy Linton 2019-03-01 6:57 ` Andre Przywara 2019-03-01 6:57 ` Andre Przywara 2019-02-27 1:05 ` [PATCH v5 05/10] arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 Jeremy Linton 2019-02-27 1:05 ` Jeremy Linton 2019-03-01 6:58 ` Andre Przywara 2019-03-01 6:58 ` Andre Przywara 2019-02-27 1:05 ` Jeremy Linton [this message] 2019-02-27 1:05 ` [PATCH v5 06/10] arm64: Always enable spectrev2 vulnerability detection Jeremy Linton 2019-03-01 6:58 ` Andre Przywara 2019-03-01 6:58 ` Andre Przywara 2019-02-27 1:05 ` [PATCH v5 07/10] arm64: add sysfs vulnerability show for spectre v2 Jeremy Linton 2019-02-27 1:05 ` Jeremy Linton 2019-03-01 6:59 ` Andre Przywara 2019-03-01 6:59 ` Andre Przywara 2019-02-27 1:05 ` [PATCH v5 08/10] arm64: Always enable ssb vulnerability detection Jeremy Linton 2019-02-27 1:05 ` Jeremy Linton 2019-03-01 7:02 ` Andre Przywara 2019-03-01 7:02 ` Andre Przywara 2019-03-01 16:16 ` Jeremy Linton 2019-03-01 16:16 ` Jeremy Linton 2019-02-27 1:05 ` [PATCH v5 09/10] arm64: add sysfs vulnerability show for speculative store bypass Jeremy Linton 2019-02-27 1:05 ` Jeremy Linton 2019-03-01 7:02 ` Andre Przywara 2019-03-01 7:02 ` Andre Przywara 2019-03-01 16:41 ` Jeremy Linton 2019-03-01 16:41 ` Jeremy Linton 2019-02-27 1:05 ` [PATCH v5 10/10] arm64: enable generic CPU vulnerabilites support Jeremy Linton 2019-02-27 1:05 ` Jeremy Linton 2019-03-01 7:03 ` Andre Przywara 2019-03-01 7:03 ` Andre Przywara 2019-02-28 12:01 ` [PATCH v5 00/10] arm64: add system vulnerability sysfs entries Catalin Marinas 2019-02-28 12:01 ` Catalin Marinas 2019-03-01 19:35 ` Stefan Wahren 2019-03-01 19:35 ` Stefan Wahren
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20190227010544.597579-7-jeremy.linton@arm.com \ --to=jeremy.linton@arm.com \ --cc=Andre.Przywara@arm.com \ --cc=Dave.Martin@arm.com \ --cc=catalin.marinas@arm.com \ --cc=julien.thierry@arm.com \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=marc.zyngier@arm.com \ --cc=mlangsdo@redhat.com \ --cc=shankerd@codeaurora.org \ --cc=stefan.wahren@i2e.com \ --cc=suzuki.poulose@arm.com \ --cc=will.deacon@arm.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.