From: Will Deacon <will@kernel.org>
To: linux-arm-kernel@lists.infradead.org
Cc: Catalin Marinas <catalin.marinas@arm.com>,
David Brazdil <dbrazdil@google.com>,
Will Deacon <will@kernel.org>,
Suzuki K Poulose <suzuki.poulose@arm.com>
Subject: [PATCH 00/19] Fix and rewrite arm64 spectre mitigations
Date: Fri, 18 Sep 2020 17:47:10 +0100 [thread overview]
Message-ID: <20200918164729.31994-1-will@kernel.org> (raw)
Hi everyone,
If there's something strange in your CPU, who you gonna call?
Well, if you're trundling along on an arm64 processor, git blame will
suggest that Marc and I need to pick up the phone. Unfortunately, if the
ghost in question is Spectre v2 or Spectre v4, then we'll have to call
you back because our mitigations are in a pretty bad way. They used to
work, but due to changes with the cpufeature code, they haven't been
working properly for some time. And guess what? People haven't noticed
because this stuff is practically impossible to test, even if you have
a system where mitigations are available.
The temptation was to remove the code entirely, but after putting in
some effort to untangle it, we ended up knocking it into a much better
shape. Although that doesn't change the fact that we can't test it very
well, it certainly appears to behave better than the old code in situations
such as:
- Err... wanting mitigation on more than one CPU
- Not changing the mitigation state at runtime (i.e. after userspace
has started running)
- Gracefully handling failure to bring late CPUs online (previously
this would only happen _after_ updating the mitigation state!)
- Clear separation between mitigation state (am I vulnerable?) and
policy (the user wants to go fast)
- Removal of the hideously expensive "dynamic" Spectre-v2 mitigation
for KVM guests
- Being easier to read, including the addition of comments
As this is a complete rewrite, parts of the series are pretty grotty
to review; it's easier to apply the whole lot first and then look at the
new code, especially as the old implementation is pretty much unreadable
anyway.
The first three patches are fixes targetting stable. Given the current
state of this stuff, I think that the rest of the series is 5.10 material,
as we're hardly going to make anything worse here.
Cheers,
Will
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
Cc: David Brazdil <dbrazdil@google.com>
--->8
Marc Zyngier (8):
arm64: Make use of ARCH_WORKAROUND_1 even when KVM is not enabled
arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs
arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs
KVM: arm64: Set CSV2 for guests on hardware unaffected by Spectre-v2
KVM: arm64: Simplify handling of ARCH_WORKAROUND_2
KVM: arm64: Get rid of kvm_arm_have_ssbd()
KVM: arm64: Convert ARCH_WORKAROUND_2 to arm64_get_spectre_v4_state()
arm64: Get rid of arm64_ssbd_state
Will Deacon (11):
arm64: Remove Spectre-related CONFIG_* options
KVM: arm64: Replace CONFIG_KVM_INDIRECT_VECTORS with
CONFIG_RANDOMIZE_BASE
KVM: arm64: Simplify install_bp_hardening_cb()
arm64: Rename ARM64_HARDEN_BRANCH_PREDICTOR to ARM64_SPECTRE_V2
arm64: Introduce separate file for spectre mitigations and reporting
arm64: Rewrite Spectre-v2 mitigation code
arm64: Group start_thread() functions together
arm64: Treat SSBS as a non-strict system feature
arm64: Rename ARM64_SSBD to ARM64_SPECTRE_V4
arm64: Move SSBD prctl() handler alongside other spectre mitigation
code
arm64: Rewrite Spectre-v4 mitigation code
arch/arm64/Kconfig | 26 -
arch/arm64/include/asm/cpucaps.h | 4 +-
arch/arm64/include/asm/cpufeature.h | 24 -
arch/arm64/include/asm/kvm_asm.h | 5 +-
arch/arm64/include/asm/kvm_emulate.h | 14 -
arch/arm64/include/asm/kvm_host.h | 40 --
arch/arm64/include/asm/kvm_mmu.h | 53 +-
arch/arm64/include/asm/mmu.h | 11 +-
arch/arm64/include/asm/processor.h | 44 +-
arch/arm64/include/asm/spectre.h | 32 +
arch/arm64/include/uapi/asm/kvm.h | 9 +
arch/arm64/kernel/Makefile | 3 +-
arch/arm64/kernel/cpu_errata.c | 487 +--------------
arch/arm64/kernel/cpufeature.c | 51 +-
arch/arm64/kernel/entry.S | 10 +-
arch/arm64/kernel/hibernate.c | 6 +-
arch/arm64/kernel/image-vars.h | 2 -
arch/arm64/kernel/process.c | 17 +-
arch/arm64/kernel/proton-pack.c | 763 ++++++++++++++++++++++++
arch/arm64/kernel/ssbd.c | 129 ----
arch/arm64/kernel/suspend.c | 3 +-
arch/arm64/kvm/Kconfig | 3 -
arch/arm64/kvm/arm.c | 6 +-
arch/arm64/kvm/hyp/Makefile | 2 +-
arch/arm64/kvm/hyp/hyp-entry.S | 31 +-
arch/arm64/kvm/hyp/include/hyp/switch.h | 33 -
arch/arm64/kvm/hyp/nvhe/switch.c | 4 -
arch/arm64/kvm/hyp/vhe/switch.c | 4 -
arch/arm64/kvm/hypercalls.c | 33 +-
arch/arm64/kvm/psci.c | 74 ++-
arch/arm64/kvm/reset.c | 4 -
arch/arm64/kvm/sys_regs.c | 3 +
32 files changed, 920 insertions(+), 1010 deletions(-)
create mode 100644 arch/arm64/include/asm/spectre.h
create mode 100644 arch/arm64/kernel/proton-pack.c
delete mode 100644 arch/arm64/kernel/ssbd.c
--
2.28.0.681.g6f77f65b4e-goog
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next reply other threads:[~2020-09-18 16:49 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-18 16:47 Will Deacon [this message]
2020-09-18 16:47 ` [PATCH 01/19] arm64: Make use of ARCH_WORKAROUND_1 even when KVM is not enabled Will Deacon
2020-09-18 16:47 ` Will Deacon
2020-09-18 16:47 ` [PATCH 02/19] arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs Will Deacon
2020-09-18 16:47 ` Will Deacon
2020-09-21 12:54 ` Sasha Levin
2020-09-21 12:54 ` Sasha Levin
2020-09-18 16:47 ` [PATCH 03/19] arm64: Run ARCH_WORKAROUND_2 " Will Deacon
2020-09-18 16:47 ` Will Deacon
2020-09-18 17:13 ` Suzuki K Poulose
2020-09-18 17:13 ` Suzuki K Poulose
2020-09-18 16:47 ` [PATCH 04/19] arm64: Remove Spectre-related CONFIG_* options Will Deacon
2020-09-18 16:47 ` [PATCH 05/19] KVM: arm64: Replace CONFIG_KVM_INDIRECT_VECTORS with CONFIG_RANDOMIZE_BASE Will Deacon
2020-09-18 16:47 ` [PATCH 06/19] KVM: arm64: Simplify install_bp_hardening_cb() Will Deacon
2020-09-18 16:47 ` [PATCH 07/19] arm64: Rename ARM64_HARDEN_BRANCH_PREDICTOR to ARM64_SPECTRE_V2 Will Deacon
2020-09-18 16:47 ` [PATCH 08/19] arm64: Introduce separate file for spectre mitigations and reporting Will Deacon
2020-09-18 16:47 ` [PATCH 09/19] arm64: Rewrite Spectre-v2 mitigation code Will Deacon
2020-09-18 16:47 ` [PATCH 10/19] KVM: arm64: Set CSV2 for guests on hardware unaffected by Spectre-v2 Will Deacon
2020-09-18 16:47 ` [PATCH 11/19] arm64: Group start_thread() functions together Will Deacon
2020-09-18 16:47 ` [PATCH 12/19] arm64: Treat SSBS as a non-strict system feature Will Deacon
2020-09-18 16:47 ` [PATCH 13/19] arm64: Rename ARM64_SSBD to ARM64_SPECTRE_V4 Will Deacon
2020-09-18 16:47 ` [PATCH 14/19] arm64: Move SSBD prctl() handler alongside other spectre mitigation code Will Deacon
2020-09-18 16:47 ` [PATCH 15/19] arm64: Rewrite Spectre-v4 " Will Deacon
2020-09-18 16:47 ` [PATCH 16/19] KVM: arm64: Simplify handling of ARCH_WORKAROUND_2 Will Deacon
2020-09-18 16:47 ` [PATCH 17/19] KVM: arm64: Get rid of kvm_arm_have_ssbd() Will Deacon
2020-09-18 16:47 ` [PATCH 18/19] KVM: arm64: Convert ARCH_WORKAROUND_2 to arm64_get_spectre_v4_state() Will Deacon
2020-09-18 16:47 ` [PATCH 19/19] arm64: Get rid of arm64_ssbd_state Will Deacon
2020-09-18 16:59 ` [PATCH 00/19] Fix and rewrite arm64 spectre mitigations Will Deacon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200918164729.31994-1-will@kernel.org \
--to=will@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=dbrazdil@google.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=suzuki.poulose@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.