From: Jeremy Linton <jeremy.linton@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: catalin.marinas@arm.com, will.deacon@arm.com,
marc.zyngier@arm.com, suzuki.poulose@arm.com,
Dave.Martin@arm.com, shankerd@codeaurora.org,
julien.thierry@arm.com, mlangsdo@redhat.com,
stefan.wahren@i2e.com, Andre.Przywara@arm.com,
linux-kernel@vger.kernel.org,
Jeremy Linton <jeremy.linton@arm.com>
Subject: [PATCH v5 06/10] arm64: Always enable spectrev2 vulnerability detection
Date: Tue, 26 Feb 2019 19:05:40 -0600 [thread overview]
Message-ID: <20190227010544.597579-7-jeremy.linton@arm.com> (raw)
In-Reply-To: <20190227010544.597579-1-jeremy.linton@arm.com>
The sysfs patches need to display machine vulnerability
status regardless of kernel config. Prepare for that
by breaking out the vulnerability/mitigation detection
code from the logic which implements the mitigation.
Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
---
arch/arm64/kernel/cpu_errata.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
index 77f021e78a28..a27e1ee750e1 100644
--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c
@@ -109,12 +109,12 @@ cpu_enable_trap_ctr_access(const struct arm64_cpu_capabilities *__unused)
atomic_t arm64_el2_vector_last_slot = ATOMIC_INIT(-1);
-#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR
#include <asm/mmu_context.h>
#include <asm/cacheflush.h>
DEFINE_PER_CPU_READ_MOSTLY(struct bp_hardening_data, bp_hardening_data);
+
#ifdef CONFIG_KVM_INDIRECT_VECTORS
extern char __smccc_workaround_1_smc_start[];
extern char __smccc_workaround_1_smc_end[];
@@ -270,11 +270,11 @@ static int detect_harden_bp_fw(void)
((midr & MIDR_CPU_MODEL_MASK) == MIDR_QCOM_FALKOR_V1))
cb = qcom_link_stack_sanitization;
- install_bp_hardening_cb(cb, smccc_start, smccc_end);
+ if (IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR))
+ install_bp_hardening_cb(cb, smccc_start, smccc_end);
return 1;
}
-#endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */
#ifdef CONFIG_ARM64_SSBD
DEFINE_PER_CPU_READ_MOSTLY(u64, arm64_ssbd_callback_required);
@@ -513,7 +513,6 @@ cpu_enable_cache_maint_trap(const struct arm64_cpu_capabilities *__unused)
.type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, \
CAP_MIDR_RANGE_LIST(midr_list)
-#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR
/*
* List of CPUs that do not need any Spectre-v2 mitigation at all.
*/
@@ -545,6 +544,11 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope)
if (!need_wa)
return false;
+ if (!IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR)) {
+ pr_warn_once("spectrev2 mitigation disabled by configuration\n");
+ return false;
+ }
+
/* forced off */
if (__nospectre_v2) {
pr_info_once("spectrev2 mitigation disabled by command line option\n");
@@ -557,8 +561,6 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope)
return (need_wa > 0);
}
-#endif
-
#ifdef CONFIG_HARDEN_EL2_VECTORS
static const struct midr_range arm64_harden_el2_vectors[] = {
@@ -732,13 +734,11 @@ const struct arm64_cpu_capabilities arm64_errata[] = {
ERRATA_MIDR_ALL_VERSIONS(MIDR_CORTEX_A73),
},
#endif
-#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR
{
.capability = ARM64_HARDEN_BRANCH_PREDICTOR,
.type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM,
.matches = check_branch_predictor,
},
-#endif
#ifdef CONFIG_HARDEN_EL2_VECTORS
{
.desc = "EL2 vector hardening",
--
2.20.1
WARNING: multiple messages have this Message-ID (diff)
From: Jeremy Linton <jeremy.linton@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: mlangsdo@redhat.com, suzuki.poulose@arm.com,
marc.zyngier@arm.com, catalin.marinas@arm.com,
julien.thierry@arm.com, will.deacon@arm.com,
linux-kernel@vger.kernel.org,
Jeremy Linton <jeremy.linton@arm.com>,
stefan.wahren@i2e.com, Andre.Przywara@arm.com,
Dave.Martin@arm.com, shankerd@codeaurora.org
Subject: [PATCH v5 06/10] arm64: Always enable spectrev2 vulnerability detection
Date: Tue, 26 Feb 2019 19:05:40 -0600 [thread overview]
Message-ID: <20190227010544.597579-7-jeremy.linton@arm.com> (raw)
In-Reply-To: <20190227010544.597579-1-jeremy.linton@arm.com>
The sysfs patches need to display machine vulnerability
status regardless of kernel config. Prepare for that
by breaking out the vulnerability/mitigation detection
code from the logic which implements the mitigation.
Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
---
arch/arm64/kernel/cpu_errata.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
index 77f021e78a28..a27e1ee750e1 100644
--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c
@@ -109,12 +109,12 @@ cpu_enable_trap_ctr_access(const struct arm64_cpu_capabilities *__unused)
atomic_t arm64_el2_vector_last_slot = ATOMIC_INIT(-1);
-#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR
#include <asm/mmu_context.h>
#include <asm/cacheflush.h>
DEFINE_PER_CPU_READ_MOSTLY(struct bp_hardening_data, bp_hardening_data);
+
#ifdef CONFIG_KVM_INDIRECT_VECTORS
extern char __smccc_workaround_1_smc_start[];
extern char __smccc_workaround_1_smc_end[];
@@ -270,11 +270,11 @@ static int detect_harden_bp_fw(void)
((midr & MIDR_CPU_MODEL_MASK) == MIDR_QCOM_FALKOR_V1))
cb = qcom_link_stack_sanitization;
- install_bp_hardening_cb(cb, smccc_start, smccc_end);
+ if (IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR))
+ install_bp_hardening_cb(cb, smccc_start, smccc_end);
return 1;
}
-#endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */
#ifdef CONFIG_ARM64_SSBD
DEFINE_PER_CPU_READ_MOSTLY(u64, arm64_ssbd_callback_required);
@@ -513,7 +513,6 @@ cpu_enable_cache_maint_trap(const struct arm64_cpu_capabilities *__unused)
.type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, \
CAP_MIDR_RANGE_LIST(midr_list)
-#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR
/*
* List of CPUs that do not need any Spectre-v2 mitigation at all.
*/
@@ -545,6 +544,11 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope)
if (!need_wa)
return false;
+ if (!IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR)) {
+ pr_warn_once("spectrev2 mitigation disabled by configuration\n");
+ return false;
+ }
+
/* forced off */
if (__nospectre_v2) {
pr_info_once("spectrev2 mitigation disabled by command line option\n");
@@ -557,8 +561,6 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope)
return (need_wa > 0);
}
-#endif
-
#ifdef CONFIG_HARDEN_EL2_VECTORS
static const struct midr_range arm64_harden_el2_vectors[] = {
@@ -732,13 +734,11 @@ const struct arm64_cpu_capabilities arm64_errata[] = {
ERRATA_MIDR_ALL_VERSIONS(MIDR_CORTEX_A73),
},
#endif
-#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR
{
.capability = ARM64_HARDEN_BRANCH_PREDICTOR,
.type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM,
.matches = check_branch_predictor,
},
-#endif
#ifdef CONFIG_HARDEN_EL2_VECTORS
{
.desc = "EL2 vector hardening",
--
2.20.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-02-27 1:06 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-27 1:05 [PATCH v5 00/10] arm64: add system vulnerability sysfs entries Jeremy Linton
2019-02-27 1:05 ` Jeremy Linton
2019-02-27 1:05 ` [PATCH v5 01/10] arm64: Provide a command line to disable spectre_v2 mitigation Jeremy Linton
2019-02-27 1:05 ` Jeremy Linton
2019-02-28 18:14 ` Suzuki K Poulose
2019-02-28 18:14 ` Suzuki K Poulose
2019-02-28 18:21 ` Catalin Marinas
2019-02-28 18:21 ` Catalin Marinas
2019-02-28 18:25 ` Suzuki K Poulose
2019-02-28 18:25 ` Suzuki K Poulose
2019-03-01 6:54 ` Andre Przywara
2019-03-01 6:54 ` Andre Przywara
2019-02-27 1:05 ` [PATCH v5 02/10] arm64: add sysfs vulnerability show for spectre v1 Jeremy Linton
2019-02-27 1:05 ` Jeremy Linton
2019-02-28 18:29 ` Suzuki K Poulose
2019-02-28 18:29 ` Suzuki K Poulose
2019-03-01 6:54 ` Andre Przywara
2019-03-01 6:54 ` Andre Przywara
2019-02-27 1:05 ` [PATCH v5 03/10] arm64: add sysfs vulnerability show for meltdown Jeremy Linton
2019-02-27 1:05 ` Jeremy Linton
2019-02-28 18:33 ` Suzuki K Poulose
2019-02-28 18:33 ` Suzuki K Poulose
2019-03-01 7:11 ` Andre Przywara
2019-03-01 7:11 ` Andre Przywara
2019-03-01 16:12 ` Jeremy Linton
2019-03-01 16:12 ` Jeremy Linton
2019-03-01 16:20 ` Catalin Marinas
2019-03-01 16:20 ` Catalin Marinas
2019-03-01 16:53 ` Jeremy Linton
2019-03-01 16:53 ` Jeremy Linton
2019-03-01 17:15 ` Catalin Marinas
2019-03-01 17:15 ` Catalin Marinas
2019-03-01 17:30 ` Andre Przywara
2019-03-01 17:30 ` Andre Przywara
2019-02-27 1:05 ` [PATCH v5 04/10] arm64: Advertise mitigation of Spectre-v2, or lack thereof Jeremy Linton
2019-02-27 1:05 ` Jeremy Linton
2019-03-01 6:57 ` Andre Przywara
2019-03-01 6:57 ` Andre Przywara
2019-02-27 1:05 ` [PATCH v5 05/10] arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 Jeremy Linton
2019-02-27 1:05 ` Jeremy Linton
2019-03-01 6:58 ` Andre Przywara
2019-03-01 6:58 ` Andre Przywara
2019-02-27 1:05 ` Jeremy Linton [this message]
2019-02-27 1:05 ` [PATCH v5 06/10] arm64: Always enable spectrev2 vulnerability detection Jeremy Linton
2019-03-01 6:58 ` Andre Przywara
2019-03-01 6:58 ` Andre Przywara
2019-02-27 1:05 ` [PATCH v5 07/10] arm64: add sysfs vulnerability show for spectre v2 Jeremy Linton
2019-02-27 1:05 ` Jeremy Linton
2019-03-01 6:59 ` Andre Przywara
2019-03-01 6:59 ` Andre Przywara
2019-02-27 1:05 ` [PATCH v5 08/10] arm64: Always enable ssb vulnerability detection Jeremy Linton
2019-02-27 1:05 ` Jeremy Linton
2019-03-01 7:02 ` Andre Przywara
2019-03-01 7:02 ` Andre Przywara
2019-03-01 16:16 ` Jeremy Linton
2019-03-01 16:16 ` Jeremy Linton
2019-02-27 1:05 ` [PATCH v5 09/10] arm64: add sysfs vulnerability show for speculative store bypass Jeremy Linton
2019-02-27 1:05 ` Jeremy Linton
2019-03-01 7:02 ` Andre Przywara
2019-03-01 7:02 ` Andre Przywara
2019-03-01 16:41 ` Jeremy Linton
2019-03-01 16:41 ` Jeremy Linton
2019-02-27 1:05 ` [PATCH v5 10/10] arm64: enable generic CPU vulnerabilites support Jeremy Linton
2019-02-27 1:05 ` Jeremy Linton
2019-03-01 7:03 ` Andre Przywara
2019-03-01 7:03 ` Andre Przywara
2019-02-28 12:01 ` [PATCH v5 00/10] arm64: add system vulnerability sysfs entries Catalin Marinas
2019-02-28 12:01 ` Catalin Marinas
2019-03-01 19:35 ` Stefan Wahren
2019-03-01 19:35 ` Stefan Wahren
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190227010544.597579-7-jeremy.linton@arm.com \
--to=jeremy.linton@arm.com \
--cc=Andre.Przywara@arm.com \
--cc=Dave.Martin@arm.com \
--cc=catalin.marinas@arm.com \
--cc=julien.thierry@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marc.zyngier@arm.com \
--cc=mlangsdo@redhat.com \
--cc=shankerd@codeaurora.org \
--cc=stefan.wahren@i2e.com \
--cc=suzuki.poulose@arm.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.