Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755829AbeAHHYU (ORCPT + 1 other); Mon, 8 Jan 2018 02:24:20 -0500 Received: from mail-sn1nam02on0044.outbound.protection.outlook.com ([104.47.36.44]:43506 "EHLO NAM02-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1755141AbeAHHYT (ORCPT ); Mon, 8 Jan 2018 02:24:19 -0500 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Jayachandran.Nair@cavium.com; Date: Sun, 7 Jan 2018 23:24:02 -0800 From: Jayachandran C To: Will Deacon Cc: linux-arm-kernel@lists.infradead.org, lorenzo.pieralisi@arm.com, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, catalin.marinas@arm.com, linux-kernel@vger.kernel.org, labbott@redhat.com, christoffer.dall@linaro.org Subject: Re: [v2,03/11] arm64: Take into account ID_AA64PFR0_EL1.CSV3 Message-ID: <20180108072253.GA178830@jc-sabre> References: <1515157961-20963-4-git-send-email-will.deacon@arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1515157961-20963-4-git-send-email-will.deacon@arm.com> User-Agent: Mutt/1.5.24 (2015-08-30) X-Originating-IP: [50.233.148.156] X-ClientProxiedBy: MWHPR1301CA0005.namprd13.prod.outlook.com (10.174.164.146) To CO2PR0701MB1061.namprd07.prod.outlook.com (10.160.8.140) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 208a44a7-c127-4f8b-42fd-08d55668d2fb X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020);SRVR:CO2PR0701MB1061; X-Microsoft-Exchange-Diagnostics: 1;CO2PR0701MB1061;3:tDlCCaVeD4gOdiBq3l6yp9q0+6b0nM+ha68B10NpP39mzkPn5wzQkxUVfsTJ71ZHwB0TPeCctuq+EKIkkH+tdrSPfuiiLEyJIpFGZi+OvwW5CDbiJpVeRkC8ASUFsjkdLCnqyAidi3YOqDEd8O0bK4NHsEiXQ5CKA7DeI1XQTmbnV3WMobOSZBWM8JQebeobR2ee3+Af2rth9jyDQlnTbMlGop3hu5dVOzkX1IAY6Vog3ya2sQq/0fiQ+zk4j5m9;25:kRnS3lwUzl9uRjsSUOSlVzJqo2t9XLn9zFRuG3YeSINQG6PX3ga8kum/OG4ReBz/eYnRqxnSiC04jdeiErsj5dEUGwacOZd/mvEhcPLUbvlNZrCYp+k96fNLp3ZtdSVHBWaVkFwOKSnA1oi6rTLRQLWOE9wSu4HzUFmaAIobJ0DAlvv819rrwSWOkbJccpGKpJ2MOX9GD/Ya/CYPUDF2J3Fq5GhEqG6svvaq9XAIeFBvqIECaMQo6y2ePRXyRAes79QDcglHN593yXBZg/p/6z/jbi1uKLfd+7ZoWOJ5/r3xXFcX+u2dG5LGPtDI0i5KvksNLLd4TQFdNcvS7WFKpw==;31:rgx/FXShaCKYDTmbfRHLOH/ceuEhsVdXmDsezJI7ypxelmyKwJW4sgRIphI6GJhHtZPjaNvqm+9NIeAKH0iXWakEeQ8fMiORKKMkQbjR2BK6tVmbEusST+9k/Tp/gpEAAJq8NOzZaFoPXnTZU99R8juu9VvQRR1ZIobJRu4cvPGVyzfNHpLP9FaN6HQHREQIao8PYRXvTseqqm1IQaXRMQgfZv/aqdqWlYSzBb2oq7w= X-MS-TrafficTypeDiagnostic: CO2PR0701MB1061: X-Microsoft-Exchange-Diagnostics: 1;CO2PR0701MB1061;20:OLvJHw6RIhYhn+NNcVL1+++HInTE/x0g/8hv1J5sEPktStkTv37xrfJ7pbYBfnUtUwThh9KsCW/FcLMCl7VPEGCEc/onmBPBOCDWsCVr0pOj8mZzrPOGb+CPajqxMmol0k4tq2kUB1b+BFa16n1otnvxaYy5FHPwDVWcD4igW0qzRzeeImMGcvXm/2CKMXqUWvC1vJ6Lv/RfVljI1CdhmIZ7m/1e3helaUcAmx9fIbr2MuJ7WwSXFyFC/z/vdTxJThbzijr2X6o89BkCL8x0Q//4jh5V38gT46/X2owctySoZUxNLA8NCcnrYIm218vyuvZ/iZG28w89TXWYh1MsTSYAk0baonhPC9Y0LWil/NNHLfOcNYptdB7vMecSpOoYE886lt9SQCCDuEjonoeooPMIHCj8fqIkVCg4+mB69NkIEikgBFGxcH621ujIdcyfZuQNUkXVQr/yXGWy3IKBd1hRB6kRjV/IJeKqfyJ+qV7p9Kx1cwp7dGH1JnNkpWdoyWsQPmBMOP6VET2f5qibiVpHu22ArLyVygm2u/qw97CMMpH9Ebc5RHA1ttMytNBzreXRYstcyXkqp0W2BEl6RmwlXu6ynluEQouRUculAiY=;4:g6B9DRWvPhz6Am42ME6O+nZrYGXJc4iPZipfu9HGPGEJRi6J55SAf23M06TQ20/LBG+RL2I5BHnkbbB3s6vwucr2zNr9Nwwmd1Bxg8GvXbZXHOFa4IcFeHeJVACqaCc/uPNkbKPAw4+blE26hJGcgEHD8SDqYLPqoiw8xMwGic7Y9llP+3Xd92ly5pAGQ8HZu+Hn2aCdo5Jy5ly2AqIXmNAFB6wu4kSzOIaOomIv1ZbP22CxTQI9DzzA741VU34G/aScu7vWH5RjQnoP9pUfvF5UyI8bINwmX/LaP9v+ETF/THdNK3tTgydfsyM7Hm1o X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(180628864354917); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040470)(2401047)(8121501046)(5005006)(3231023)(944501075)(3002001)(10201501046)(93006095)(6041268)(20161123560045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123558120)(6072148)(201708071742011);SRVR:CO2PR0701MB1061;BCL:0;PCL:0;RULEID:(100000803101)(100110400095);SRVR:CO2PR0701MB1061; X-Forefront-PRVS: 054642504A X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(366004)(39380400002)(396003)(376002)(346002)(39850400004)(199004)(189003)(24454002)(87496004)(55016002)(81166006)(8676002)(81156014)(6246003)(9686003)(25786009)(4326008)(7736002)(229853002)(305945005)(66066001)(47776003)(97736004)(16586007)(58126008)(478600001)(16526018)(53936002)(72206003)(316002)(6666003)(23726003)(83506002)(6916009)(33716001)(42882006)(2950100002)(68736007)(59450400001)(386003)(33656002)(76176011)(6496006)(52116002)(3846002)(6116002)(33896004)(1076002)(8936002)(50466002)(105586002)(2906002)(5660300001)(106356001)(18370500001)(107986001);DIR:OUT;SFP:1101;SCL:1;SRVR:CO2PR0701MB1061;H:jc-sabre;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;CO2PR0701MB1061;23:k/NHeco1P14hRKtyvD7ThB4KvNiqQAbARZ/EYrD?= =?us-ascii?Q?L7auYezAJRSqu9WtqHB88zsVWOhSwKKdtPsErLMmram5yU8fVAJkUj2d1EKe?= =?us-ascii?Q?SjV4jrEDq+l1LrdL2HLJ89F7gV7/Dt5iRvW/e1bF/ANf3f7DSlS/u9L3sfdY?= =?us-ascii?Q?lPrq/UeHgHFWI3ctBufQhlkuG/1TH3xJJ7Endqxl8bevGwrY13KnuJ5FoYa6?= =?us-ascii?Q?HXceXQzbQk9EYn56xtqm5vAglKNofOUo/mh9UngUY3zn5H5/ZsTByOnmnRSJ?= =?us-ascii?Q?q3MBu6lXwEuITdRXioC0hPucw2XGbxFvhhPNibJ4oY2QOdWORlq5SZi8loU2?= =?us-ascii?Q?7ROEEiT9ihXfkLk3+PtXSJrV2g4fAMxu1H8jYq+fd/dSEHDhRsfbjoL5bkc9?= =?us-ascii?Q?BG9HYJdVdbeUkKJq7JnEICWGCWqzY/YJQOFZsPbJMgF+LqVKd7k1949Rjyhh?= =?us-ascii?Q?NDAWbidhOGAHGr7cn/YHGZ1lbjrjfbBl+MD1cGzui8SJ4pH5KJ+m2PVDm/nU?= =?us-ascii?Q?CYOx6KsL1n8OoST9t3xYS+Zdwj0lG+b0tdjjgqwQ5VkbxEMeB1l1dbOUuoKu?= =?us-ascii?Q?R0gDwYuhc/CS7psNcVsOLlb4L6ZoinVhwlYUmlNLcJ0muOVISMPokiufwve9?= =?us-ascii?Q?3gaVrp373lHc8GQh7qBGkanwUr4Epxmv1uUuuOavPnGQqUc5lSmrJmN5nWXu?= =?us-ascii?Q?wQGCDTMigYP+G5RrMau5aNBUWa5JIyHQlX+OxXOAnQd82b+F903delh6l4vG?= =?us-ascii?Q?/+rEdHYH3QQNz5txLEmf9HXLCe6jg8Q+gJp2lX+L71VpV5FLa3uqHxO3zOCl?= =?us-ascii?Q?fCahzxLWAPBKEJpAXz7Ja454K46Nf1wD9vmPxIt5/AWwKHcCC1T14FRKQcv8?= =?us-ascii?Q?NunEitcgeQilFUAjvob+4cxd0hDrLyrTbyYg7/K44XqdVA92lXgcv3Uqm8eg?= =?us-ascii?Q?yfbLEhid9J4Y0E/2tq1PfkjARla2q0UYsqE0+/k86YYmcXrCwszEDMO68sOO?= =?us-ascii?Q?uS6KC3CIefH2/JNBWmb66pPL4mBr93zKyqf+oA90CbdaHstA8sQ8a/Tv6k3w?= =?us-ascii?Q?4xWxiZp9ZAaMoRXl9vPKzJtgnCUQkEpOhZekP6XuzfAi/IGmcnrQAvSM4msg?= =?us-ascii?Q?KupPGahX+nFzlF7rmbndxJV+X9mtHOkaKD1giAGgkPVZsicsHrsC68uSB8/V?= =?us-ascii?Q?a/0ZD0W+Cbp3JAKmTUs6OoO9guf+sERUKWhalSUuz+iAxxdwJSnG8zVbadUQ?= =?us-ascii?Q?HtOjQQ/sK1Ipz4mfhA0lFj6IeYeHATxZGfDfeSvIUZXXVoSlbfsKsAFPOT8a?= =?us-ascii?Q?enI9MIv3YWdRQQn/2BWQ8ZJk=3D?= X-Microsoft-Exchange-Diagnostics: 1;CO2PR0701MB1061;6:0mgvKCSLKeTmlEgJOcu1Ia+oVWGMNdv4r1W1ykX5xD0J3G5Hi0PDS73zvAGoeW5jvU6IHAfxu77ceW1gtTZLb0AYqpSbznBt/91Z+VXbkq/MEPOe4eHnf6cFXGkPmV5JE+ZJkxaaxoqKdLvcrejkqWSLkoROCIMfoYOqLphjtg3kSl0BCLHAc8dKRuaoRjpwmhLgTXRd/vbNJLCvWYIIX6qxvf4MbKohbn3FWKADjRgBxDhcT88xgfxoWkGy5UVWwmlcRrBKekxMUjcJ2o0gkfOVzSONICO15iW3ypUxOEd4KQQbnwMutmVzX3vW8a0gsw+X59TvU/882YlnK5p1Xwycjr1twGT6IRZxJruwYGI=;5:DX3laVpB3lGNiXCcLXkBWHRg5S1bmyySUBYnbUM4yApqs0jlxat/WkGV2Jk/luUyBuQ3J+mwaXmfS8EjsiZlS0vuemnqlcRSsS/oGWI61LkdHSHXlF+ivXUsQmS7M9kZM1Ma6JDPwiOptMQT9nYoq6H6qUNNdx2EkO0berHahD0=;24:khJMEze5tbdODPdc89Q/Pa8uKG6UrWEuhdmSBW2rbK1wJ/Y2Z3FEQ/wpDEYvzDIM3tX0540GQ1IML4FiHfzlScRl2F6DtR0tMuw7lr4VcUc=;7:HGgsz4ScNiNndHKcx2ev9e6SygrodI3yUEJhsBBLiOMhKIjVGWpmgBaCbX1FF2ExLZM8kOpwJPNIg3o3cUNyH5jHCjMuLoWADsSFLmkW1Hlpv3KgzGDEh/jTxgdiFngJt0IuOLpB1pJ72sjlpyuc8pN6uxP1XOYT9IBEZGIa+fzZXGmiNGC03KFlHL6e+Yq4TMl94A2pFjPtYcQB1iuQGCbxCx8UVGDwDl36nAGlRX3RWCqT5+2UJNcpavVDJAaQ SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: caviumnetworks.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2018 07:24:15.5910 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 208a44a7-c127-4f8b-42fd-08d55668d2fb X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 711e4ccf-2e9b-4bcf-a551-4094005b6194 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO2PR0701MB1061 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On Fri, Jan 05, 2018 at 01:12:33PM +0000, Will Deacon wrote: > For non-KASLR kernels where the KPTI behaviour has not been overridden > on the command line we can use ID_AA64PFR0_EL1.CSV3 to determine whether > or not we should unmap the kernel whilst running at EL0. > > Reviewed-by: Suzuki K Poulose > Signed-off-by: Will Deacon > --- > arch/arm64/include/asm/sysreg.h | 1 + > arch/arm64/kernel/cpufeature.c | 8 +++++++- > 2 files changed, 8 insertions(+), 1 deletion(-) > > diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h > index 08cc88574659..ae519bbd3f9e 100644 > --- a/arch/arm64/include/asm/sysreg.h > +++ b/arch/arm64/include/asm/sysreg.h > @@ -437,6 +437,7 @@ > #define ID_AA64ISAR1_DPB_SHIFT 0 > > /* id_aa64pfr0 */ > +#define ID_AA64PFR0_CSV3_SHIFT 60 > #define ID_AA64PFR0_SVE_SHIFT 32 > #define ID_AA64PFR0_GIC_SHIFT 24 > #define ID_AA64PFR0_ASIMD_SHIFT 20 > diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c > index 9f0545dfe497..d723fc071f39 100644 > --- a/arch/arm64/kernel/cpufeature.c > +++ b/arch/arm64/kernel/cpufeature.c > @@ -145,6 +145,7 @@ static const struct arm64_ftr_bits ftr_id_aa64isar1[] = { > }; > > static const struct arm64_ftr_bits ftr_id_aa64pfr0[] = { > + ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR0_CSV3_SHIFT, 4, 0), > ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_SVE_SHIFT, 4, 0), > ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_GIC_SHIFT, 4, 0), > S_ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_ASIMD_SHIFT, 4, ID_AA64PFR0_ASIMD_NI), > @@ -851,6 +852,8 @@ static int __kpti_forced; /* 0: not forced, >0: forced on, <0: forced off */ > static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, > int __unused) > { > + u64 pfr0 = read_sanitised_ftr_reg(SYS_ID_AA64PFR0_EL1); > + > /* Forced on command line? */ > if (__kpti_forced) { > pr_info_once("kernel page table isolation forced %s by command line option\n", > @@ -862,7 +865,9 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, > if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) > return true; > > - return false; > + /* Defer to CPU feature registers */ > + return !cpuid_feature_extract_unsigned_field(pfr0, > + ID_AA64PFR0_CSV3_SHIFT); If I read this correctly, this enables KPTI on all processors without the CSV3 set (which seems to be a future capability). Turning on KPTI has a small but significant overhead, so I think we should turn it off on processors that are not vulnerable to CVE-2017-5754. Can we add something like this: --->8 diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 19ed09b..202b037 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -862,6 +862,13 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, return __kpti_forced > 0; } + /* Don't force KPTI for CPUs that are not vulnerable */ + switch (read_cpuid_id() & MIDR_CPU_MODEL_MASK) { + case MIDR_CAVIUM_THUNDERX2: + case MIDR_BRCM_VULCAN: + return false; + } + /* Useful for KASLR robustness */ if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) return true; -- JC