From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: linux-arm-kernel@lists.infradead.org
Cc: Mark Rutland <mark.rutland@arm.com>,
Stefan Wahren <stefan.wahren@i2se.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Will Deacon <will.deacon@arm.com>,
Jeremy Linton <jeremy.linton@arm.com>,
Andre Przywara <andre.przywara@arm.com>,
Marc Zyngier <maz@kernel.org>, Will Deacon <will@kernel.org>
Subject: [RFC/RFT PATCH 11/16] arm64: Always enable spectre-v2 vulnerability detection
Date: Fri, 4 Oct 2019 14:04:25 +0200 [thread overview]
Message-ID: <20191004120430.11929-12-ard.biesheuvel@linaro.org> (raw)
In-Reply-To: <20191004120430.11929-1-ard.biesheuvel@linaro.org>
From: Jeremy Linton <jeremy.linton@arm.com>
Ensure we are always able to detect whether or not the CPU is affected
by Spectre-v2, so that we can later advertise this to userspace.
Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Tested-by: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
(cherry picked from commit 8c1e3d2bb44cbb998cb28ff9a18f105fee7f1eb3)
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
arch/arm64/kernel/cpu_errata.c | 47 ++++----------------
1 file changed, 8 insertions(+), 39 deletions(-)
diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
index def847873d21..ae7d6761262f 100644
--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c
@@ -87,7 +87,6 @@ cpu_enable_trap_ctr_access(const struct arm64_cpu_capabilities *__unused)
atomic_t arm64_el2_vector_last_slot = ATOMIC_INIT(-1);
-#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR
#include <asm/mmu_context.h>
#include <asm/cacheflush.h>
@@ -225,11 +224,11 @@ static int detect_harden_bp_fw(void)
((midr & MIDR_CPU_MODEL_MASK) == MIDR_QCOM_FALKOR_V1))
cb = qcom_link_stack_sanitization;
- install_bp_hardening_cb(cb, smccc_start, smccc_end);
+ if (IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR))
+ install_bp_hardening_cb(cb, smccc_start, smccc_end);
return 1;
}
-#endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */
#ifdef CONFIG_ARM64_SSBD
DEFINE_PER_CPU_READ_MOSTLY(u64, arm64_ssbd_callback_required);
@@ -478,39 +477,6 @@ has_cortex_a76_erratum_1463225(const struct arm64_cpu_capabilities *entry,
.type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, \
CAP_MIDR_RANGE_LIST(midr_list)
-/*
- * Generic helper for handling capabilties with multiple (match,enable) pairs
- * of call backs, sharing the same capability bit.
- * Iterate over each entry to see if at least one matches.
- */
-static bool __maybe_unused
-multi_entry_cap_matches(const struct arm64_cpu_capabilities *entry, int scope)
-{
- const struct arm64_cpu_capabilities *caps;
-
- for (caps = entry->match_list; caps->matches; caps++)
- if (caps->matches(caps, scope))
- return true;
-
- return false;
-}
-
-/*
- * Take appropriate action for all matching entries in the shared capability
- * entry.
- */
-static void __maybe_unused
-multi_entry_cap_cpu_enable(const struct arm64_cpu_capabilities *entry)
-{
- const struct arm64_cpu_capabilities *caps;
-
- for (caps = entry->match_list; caps->matches; caps++)
- if (caps->matches(caps, SCOPE_LOCAL_CPU) &&
- caps->cpu_enable)
- caps->cpu_enable(caps);
-}
-
-#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR
/*
* List of CPUs that do not need any Spectre-v2 mitigation at all.
*/
@@ -542,6 +508,12 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope)
if (!need_wa)
return false;
+ if (!IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR)) {
+ pr_warn_once("spectrev2 mitigation disabled by kernel configuration\n");
+ __hardenbp_enab = false;
+ return false;
+ }
+
/* forced off */
if (__nospectre_v2) {
pr_info_once("spectrev2 mitigation disabled by command line option\n");
@@ -553,7 +525,6 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope)
return (need_wa > 0);
}
-#endif
#ifdef CONFIG_HARDEN_EL2_VECTORS
@@ -712,13 +683,11 @@ const struct arm64_cpu_capabilities arm64_errata[] = {
ERRATA_MIDR_ALL_VERSIONS(MIDR_CORTEX_A73),
},
#endif
-#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR
{
.capability = ARM64_HARDEN_BRANCH_PREDICTOR,
.type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM,
.matches = check_branch_predictor,
},
-#endif
#ifdef CONFIG_HARDEN_EL2_VECTORS
{
.desc = "EL2 vector hardening",
--
2.20.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-10-04 12:11 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-04 12:04 [RFC/RFT PATCH 00/16] arm64: backport SSBS handling to v4.19-stable Ard Biesheuvel
2019-10-04 12:04 ` [RFC/RFT PATCH 01/16] arm64: cpufeature: Detect SSBS and advertise to userspace Ard Biesheuvel
2019-10-08 14:35 ` Mark Rutland
2019-10-08 14:39 ` Ard Biesheuvel
2019-10-04 12:04 ` [RFC/RFT PATCH 02/16] arm64: ssbd: Add support for PSTATE.SSBS rather than trapping to EL3 Ard Biesheuvel
2019-10-04 12:04 ` [RFC/RFT PATCH 03/16] KVM: arm64: Set SCTLR_EL2.DSSBS if SSBD is forcefully disabled and !vhe Ard Biesheuvel
2019-10-04 12:04 ` [RFC/RFT PATCH 04/16] arm64: docs: Document SSBS HWCAP Ard Biesheuvel
2019-10-04 12:04 ` [RFC/RFT PATCH 05/16] arm64: fix SSBS sanitization Ard Biesheuvel
2019-10-04 12:04 ` [RFC/RFT PATCH 06/16] arm64: Add sysfs vulnerability show for spectre-v1 Ard Biesheuvel
2019-10-04 12:04 ` [RFC/RFT PATCH 07/16] arm64: add sysfs vulnerability show for meltdown Ard Biesheuvel
2019-10-04 12:04 ` [RFC/RFT PATCH 08/16] arm64: enable generic CPU vulnerabilites support Ard Biesheuvel
2019-10-04 12:04 ` [RFC/RFT PATCH 09/16] arm64: Provide a command line to disable spectre_v2 mitigation Ard Biesheuvel
2019-10-04 12:04 ` Ard Biesheuvel
2019-10-04 12:04 ` [RFC/RFT PATCH 10/16] arm64: Advertise mitigation of Spectre-v2, or lack thereof Ard Biesheuvel
2019-10-04 12:04 ` Ard Biesheuvel [this message]
2019-10-08 15:05 ` [RFC/RFT PATCH 11/16] arm64: Always enable spectre-v2 vulnerability detection Mark Rutland
2019-10-04 12:04 ` [RFC/RFT PATCH 12/16] arm64: Always enable ssb " Ard Biesheuvel
2019-10-04 12:04 ` [RFC/RFT PATCH 13/16] arm64: add sysfs vulnerability show for spectre-v2 Ard Biesheuvel
2019-10-04 12:04 ` [RFC/RFT PATCH 14/16] arm64: add sysfs vulnerability show for speculative store bypass Ard Biesheuvel
2019-10-04 12:04 ` [RFC/RFT PATCH 15/16] arm64: ssbs: Don't treat CPUs with SSBS as unaffected by SSB Ard Biesheuvel
2019-10-04 12:04 ` [RFC/RFT PATCH 16/16] arm64: Force SSBS on context switch Ard Biesheuvel
2019-10-08 8:12 ` [RFC/RFT PATCH 00/16] arm64: backport SSBS handling to v4.19-stable Ard Biesheuvel
2019-10-08 15:09 ` Mark Rutland
2019-10-08 15:10 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191004120430.11929-12-ard.biesheuvel@linaro.org \
--to=ard.biesheuvel@linaro.org \
--cc=andre.przywara@arm.com \
--cc=catalin.marinas@arm.com \
--cc=jeremy.linton@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=mark.rutland@arm.com \
--cc=maz@kernel.org \
--cc=stefan.wahren@i2se.com \
--cc=suzuki.poulose@arm.com \
--cc=will.deacon@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.