From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: linux-arm-kernel@lists.infradead.org
Cc: stable@vger.kernel.org, Jeremy Linton <jeremy.linton@arm.com>,
Andre Przywara <andre.przywara@arm.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Stefan Wahren <stefan.wahren@i2se.com>,
Will Deacon <will.deacon@arm.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>
Subject: [PATCH for-stable-v4.19 13/16] arm64: add sysfs vulnerability show for spectre-v2
Date: Tue, 8 Oct 2019 17:39:27 +0200 [thread overview]
Message-ID: <20191008153930.15386-14-ard.biesheuvel@linaro.org> (raw)
In-Reply-To: <20191008153930.15386-1-ard.biesheuvel@linaro.org>
From: Jeremy Linton <jeremy.linton@arm.com>
[ Upstream commit d2532e27b5638bb2e2dd52b80b7ea2ec65135377 ]
Track whether all the cores in the machine are vulnerable to Spectre-v2,
and whether all the vulnerable cores have been mitigated. We then expose
this information to userspace via sysfs.
Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Tested-by: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
arch/arm64/kernel/cpu_errata.c | 27 +++++++++++++++++++-
1 file changed, 26 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
index 96b0319dd0d6..b29d0b3b18b2 100644
--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c
@@ -480,6 +480,10 @@ has_cortex_a76_erratum_1463225(const struct arm64_cpu_capabilities *entry,
.type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, \
CAP_MIDR_RANGE_LIST(midr_list)
+/* Track overall mitigation state. We are only mitigated if all cores are ok */
+static bool __hardenbp_enab = true;
+static bool __spectrev2_safe = true;
+
/*
* Generic helper for handling capabilties with multiple (match,enable) pairs
* of call backs, sharing the same capability bit.
@@ -522,6 +526,10 @@ static const struct midr_range spectre_v2_safe_list[] = {
{ /* sentinel */ }
};
+/*
+ * Track overall bp hardening for all heterogeneous cores in the machine.
+ * We are only considered "safe" if all booted cores are known safe.
+ */
static bool __maybe_unused
check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope)
{
@@ -543,6 +551,8 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope)
if (!need_wa)
return false;
+ __spectrev2_safe = false;
+
if (!IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR)) {
pr_warn_once("spectrev2 mitigation disabled by kernel configuration\n");
__hardenbp_enab = false;
@@ -552,11 +562,14 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope)
/* forced off */
if (__nospectre_v2) {
pr_info_once("spectrev2 mitigation disabled by command line option\n");
+ __hardenbp_enab = false;
return false;
}
- if (need_wa < 0)
+ if (need_wa < 0) {
pr_warn_once("ARM_SMCCC_ARCH_WORKAROUND_1 missing from firmware\n");
+ __hardenbp_enab = false;
+ }
return (need_wa > 0);
}
@@ -753,3 +766,15 @@ ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr,
{
return sprintf(buf, "Mitigation: __user pointer sanitization\n");
}
+
+ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr,
+ char *buf)
+{
+ if (__spectrev2_safe)
+ return sprintf(buf, "Not affected\n");
+
+ if (__hardenbp_enab)
+ return sprintf(buf, "Mitigation: Branch predictor hardening\n");
+
+ return sprintf(buf, "Vulnerable\n");
+}
--
2.20.1
WARNING: multiple messages have this Message-ID (diff)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: linux-arm-kernel@lists.infradead.org
Cc: Stefan Wahren <stefan.wahren@i2se.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Andre Przywara <andre.przywara@arm.com>,
Will Deacon <will.deacon@arm.com>,
Jeremy Linton <jeremy.linton@arm.com>,
stable@vger.kernel.org, Catalin Marinas <catalin.marinas@arm.com>
Subject: [PATCH for-stable-v4.19 13/16] arm64: add sysfs vulnerability show for spectre-v2
Date: Tue, 8 Oct 2019 17:39:27 +0200 [thread overview]
Message-ID: <20191008153930.15386-14-ard.biesheuvel@linaro.org> (raw)
In-Reply-To: <20191008153930.15386-1-ard.biesheuvel@linaro.org>
From: Jeremy Linton <jeremy.linton@arm.com>
[ Upstream commit d2532e27b5638bb2e2dd52b80b7ea2ec65135377 ]
Track whether all the cores in the machine are vulnerable to Spectre-v2,
and whether all the vulnerable cores have been mitigated. We then expose
this information to userspace via sysfs.
Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Tested-by: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
arch/arm64/kernel/cpu_errata.c | 27 +++++++++++++++++++-
1 file changed, 26 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
index 96b0319dd0d6..b29d0b3b18b2 100644
--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c
@@ -480,6 +480,10 @@ has_cortex_a76_erratum_1463225(const struct arm64_cpu_capabilities *entry,
.type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, \
CAP_MIDR_RANGE_LIST(midr_list)
+/* Track overall mitigation state. We are only mitigated if all cores are ok */
+static bool __hardenbp_enab = true;
+static bool __spectrev2_safe = true;
+
/*
* Generic helper for handling capabilties with multiple (match,enable) pairs
* of call backs, sharing the same capability bit.
@@ -522,6 +526,10 @@ static const struct midr_range spectre_v2_safe_list[] = {
{ /* sentinel */ }
};
+/*
+ * Track overall bp hardening for all heterogeneous cores in the machine.
+ * We are only considered "safe" if all booted cores are known safe.
+ */
static bool __maybe_unused
check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope)
{
@@ -543,6 +551,8 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope)
if (!need_wa)
return false;
+ __spectrev2_safe = false;
+
if (!IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR)) {
pr_warn_once("spectrev2 mitigation disabled by kernel configuration\n");
__hardenbp_enab = false;
@@ -552,11 +562,14 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope)
/* forced off */
if (__nospectre_v2) {
pr_info_once("spectrev2 mitigation disabled by command line option\n");
+ __hardenbp_enab = false;
return false;
}
- if (need_wa < 0)
+ if (need_wa < 0) {
pr_warn_once("ARM_SMCCC_ARCH_WORKAROUND_1 missing from firmware\n");
+ __hardenbp_enab = false;
+ }
return (need_wa > 0);
}
@@ -753,3 +766,15 @@ ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr,
{
return sprintf(buf, "Mitigation: __user pointer sanitization\n");
}
+
+ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr,
+ char *buf)
+{
+ if (__spectrev2_safe)
+ return sprintf(buf, "Not affected\n");
+
+ if (__hardenbp_enab)
+ return sprintf(buf, "Mitigation: Branch predictor hardening\n");
+
+ return sprintf(buf, "Vulnerable\n");
+}
--
2.20.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-10-08 15:40 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-08 15:39 [PATCH for-stable-v4.19 00/16] arm64 spec mitigation backports Ard Biesheuvel
2019-10-08 15:39 ` Ard Biesheuvel
2019-10-08 15:39 ` [PATCH for-stable-v4.19 01/16] arm64: cpufeature: Detect SSBS and advertise to userspace Ard Biesheuvel
2019-10-08 15:39 ` Ard Biesheuvel
2019-10-08 15:39 ` [PATCH for-stable-v4.19 02/16] arm64: ssbd: Add support for PSTATE.SSBS rather than trapping to EL3 Ard Biesheuvel
2019-10-08 15:39 ` Ard Biesheuvel
2019-10-09 8:04 ` Patch "arm64: ssbd: Add support for PSTATE.SSBS rather than trapping to EL3" has been added to the 4.19-stable tree gregkh
2019-10-08 15:39 ` [PATCH for-stable-v4.19 03/16] KVM: arm64: Set SCTLR_EL2.DSSBS if SSBD is forcefully disabled and !vhe Ard Biesheuvel
2019-10-08 15:39 ` Ard Biesheuvel
2019-10-09 8:04 ` Patch "KVM: arm64: Set SCTLR_EL2.DSSBS if SSBD is forcefully disabled and !vhe" has been added to the 4.19-stable tree gregkh
2019-10-08 15:39 ` [PATCH for-stable-v4.19 04/16] arm64: docs: Document SSBS HWCAP Ard Biesheuvel
2019-10-08 15:39 ` Ard Biesheuvel
2019-10-09 8:04 ` Patch "arm64: docs: Document SSBS HWCAP" has been added to the 4.19-stable tree gregkh
2019-10-08 15:39 ` [PATCH for-stable-v4.19 05/16] arm64: fix SSBS sanitization Ard Biesheuvel
2019-10-08 15:39 ` Ard Biesheuvel
2019-10-09 8:04 ` Patch "arm64: fix SSBS sanitization" has been added to the 4.19-stable tree gregkh
2019-10-08 15:39 ` [PATCH for-stable-v4.19 06/16] arm64: Add sysfs vulnerability show for spectre-v1 Ard Biesheuvel
2019-10-08 15:39 ` Ard Biesheuvel
2019-10-09 8:04 ` Patch "arm64: Add sysfs vulnerability show for spectre-v1" has been added to the 4.19-stable tree gregkh
2019-10-08 15:39 ` [PATCH for-stable-v4.19 07/16] arm64: add sysfs vulnerability show for meltdown Ard Biesheuvel
2019-10-08 15:39 ` Ard Biesheuvel
2019-10-09 8:04 ` Patch "arm64: add sysfs vulnerability show for meltdown" has been added to the 4.19-stable tree gregkh
2019-10-08 15:39 ` [PATCH for-stable-v4.19 08/16] arm64: enable generic CPU vulnerabilites support Ard Biesheuvel
2019-10-08 15:39 ` Ard Biesheuvel
2019-10-09 8:04 ` Patch "arm64: enable generic CPU vulnerabilites support" has been added to the 4.19-stable tree gregkh
2019-10-08 15:39 ` [PATCH for-stable-v4.19 09/16] arm64: Always enable ssb vulnerability detection Ard Biesheuvel
2019-10-08 15:39 ` Ard Biesheuvel
2019-10-09 8:04 ` Patch "arm64: Always enable ssb vulnerability detection" has been added to the 4.19-stable tree gregkh
2019-10-08 15:39 ` [PATCH for-stable-v4.19 10/16] arm64: Provide a command line to disable spectre_v2 mitigation Ard Biesheuvel
2019-10-08 15:39 ` Ard Biesheuvel
2019-10-09 8:04 ` Patch "arm64: Provide a command line to disable spectre_v2 mitigation" has been added to the 4.19-stable tree gregkh
2019-10-08 15:39 ` [PATCH for-stable-v4.19 11/16] arm64: Advertise mitigation of Spectre-v2, or lack thereof Ard Biesheuvel
2019-10-08 15:39 ` Ard Biesheuvel
2019-10-09 8:04 ` Patch "arm64: Advertise mitigation of Spectre-v2, or lack thereof" has been added to the 4.19-stable tree gregkh
2019-10-08 15:39 ` [PATCH for-stable-v4.19 12/16] arm64: Always enable spectre-v2 vulnerability detection Ard Biesheuvel
2019-10-08 15:39 ` Ard Biesheuvel
2019-10-09 8:04 ` Patch "arm64: Always enable spectre-v2 vulnerability detection" has been added to the 4.19-stable tree gregkh
2019-10-08 15:39 ` Ard Biesheuvel [this message]
2019-10-08 15:39 ` [PATCH for-stable-v4.19 13/16] arm64: add sysfs vulnerability show for spectre-v2 Ard Biesheuvel
2019-10-09 8:04 ` Patch "arm64: add sysfs vulnerability show for spectre-v2" has been added to the 4.19-stable tree gregkh
2019-10-08 15:39 ` [PATCH for-stable-v4.19 14/16] arm64: add sysfs vulnerability show for speculative store bypass Ard Biesheuvel
2019-10-08 15:39 ` Ard Biesheuvel
2019-10-09 8:04 ` Patch "arm64: add sysfs vulnerability show for speculative store bypass" has been added to the 4.19-stable tree gregkh
2019-10-08 15:39 ` [PATCH for-stable-v4.19 15/16] arm64: ssbs: Don't treat CPUs with SSBS as unaffected by SSB Ard Biesheuvel
2019-10-08 15:39 ` Ard Biesheuvel
2019-10-09 8:04 ` Patch "arm64: ssbs: Don't treat CPUs with SSBS as unaffected by SSB" has been added to the 4.19-stable tree gregkh
2019-10-08 15:39 ` [PATCH for-stable-v4.19 16/16] arm64: Force SSBS on context switch Ard Biesheuvel
2019-10-08 15:39 ` Ard Biesheuvel
2019-10-09 8:04 ` Patch "arm64: Force SSBS on context switch" has been added to the 4.19-stable tree gregkh
2019-10-09 8:04 ` [PATCH for-stable-v4.19 00/16] arm64 spec mitigation backports Greg KH
2019-10-09 8:04 ` Greg KH
2019-10-09 8:17 ` Ard Biesheuvel
2019-10-09 8:17 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191008153930.15386-14-ard.biesheuvel@linaro.org \
--to=ard.biesheuvel@linaro.org \
--cc=andre.przywara@arm.com \
--cc=catalin.marinas@arm.com \
--cc=jeremy.linton@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=stable@vger.kernel.org \
--cc=stefan.wahren@i2se.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.