Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp3316080imm; Tue, 29 May 2018 05:15:18 -0700 (PDT) X-Google-Smtp-Source: ADUXVKI1nkiSzdpywPrAjC+aLwLaDWZ9eNOwQYJPIRJZbEXzTwAFuSDsir9k7frBqG7vq2gwjxe3 X-Received: by 2002:a62:3994:: with SMTP id u20-v6mr12253141pfj.95.1527596118188; Tue, 29 May 2018 05:15:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527596118; cv=none; d=google.com; s=arc-20160816; b=CqIb16zI2CYUmbzTdRw8lA/UsuGhgwopUzlvYQZTvLPJy7xfX+MefVAvVmxstyAIUi 9Nc3RyVJJEbwu1G09ZVwP3IhUvd5Rg0FhxSL1h07p/jqaBAjzZAcm21UtnKRv2+bIxK2 cs8AN/G+ZPIQeDGEzXfNr20IrTJZUIM4oErgiEvQ1btW8C0weWgvhmlQIRf1taPHaIsR nxFPNN8MtbT3M8Oq+JCzXcrYMklIyt5DgOjFmgY1kHujs61f8mk022MlGEot6L7TYh2k h8+KWjzuQ/3zGVL5teLiAQKj+GokSbDTU9z8RhYwldAjoVwAs9vZZHWxkIdkFBqWt76M UyNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=zzpMSBwGrtIJRD2jI6k9QAP4s2APCNsIq1uDfEuadSk=; b=nVG5vrSHNnnq8tmn93KVULk+HL4dFvDHVCo79ZKhS50Am+gimKY8QF11oJJ8MvmlcY 6LHg0To2rtTvUQe2uRpMJcBLAv0Co+WvTOQQioaoRr1XPeTS/RY/MEBpHlXG9Blw/L/9 4dlB7gBSy0VI52BpqqAZ639kYjKBawk3goo8fwDiLZFhlURR7th9jVGpZVfNGGhGUnDj FL6szUveBzWJnv0Fue1FE1nnVuhRJnF1Etrzz7dxDsRO4yz5jx/lTH6EOZieztlILB8z dLW0YgRXiNsQd95d/tNJ+/zCclunp4pKDAcoEocc0sVuUIO2/29UPLoPUT+pJ/BRHjhP ZqRQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l13-v6si16225592pls.45.2018.05.29.05.15.04; Tue, 29 May 2018 05:15:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933812AbeE2MMC (ORCPT + 99 others); Tue, 29 May 2018 08:12:02 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:38506 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933738AbeE2MLv (ORCPT ); Tue, 29 May 2018 08:11:51 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 6462A15B2; Tue, 29 May 2018 05:11:51 -0700 (PDT) Received: from approximate.cambridge.arm.com (approximate.cambridge.arm.com [10.1.206.75]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 0D85A3F53D; Tue, 29 May 2018 05:11:48 -0700 (PDT) From: Marc Zyngier To: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, kvmarm@lists.cs.columbia.edu Cc: Will Deacon , Catalin Marinas , Thomas Gleixner , Andy Lutomirski , Kees Cook , Greg Kroah-Hartman , Christoffer Dall , Randy Dunlap , Dominik Brodowski , Julien Grall , Mark Rutland Subject: [PATCH v2 08/17] arm64: ssbd: Restore mitigation status on CPU resume Date: Tue, 29 May 2018 13:11:12 +0100 Message-Id: <20180529121121.24927-9-marc.zyngier@arm.com> X-Mailer: git-send-email 2.14.2 In-Reply-To: <20180529121121.24927-1-marc.zyngier@arm.com> References: <20180529121121.24927-1-marc.zyngier@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On a system where firmware can dynamically change the state of the mitigation, the CPU will always come up with the mitigation enabled, including when coming back from suspend. If the user has requested "no mitigation" via a command line option, let's enforce it by calling into the firmware again to disable it. Similarily, for a resume from hibernate, the mitigation could have been disabled by the boot kernel. Let's ensure that it is set back on in that case. Signed-off-by: Marc Zyngier --- arch/arm64/include/asm/cpufeature.h | 6 ++++++ arch/arm64/kernel/cpu_errata.c | 2 +- arch/arm64/kernel/hibernate.c | 11 +++++++++++ arch/arm64/kernel/suspend.c | 8 ++++++++ 4 files changed, 26 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h index b0fc3224ce8a..55bc1f073bfb 100644 --- a/arch/arm64/include/asm/cpufeature.h +++ b/arch/arm64/include/asm/cpufeature.h @@ -553,6 +553,12 @@ static inline int arm64_get_ssbd_state(void) #endif } +#ifdef CONFIG_ARM64_SSBD +void arm64_set_ssbd_mitigation(bool state); +#else +static inline void arm64_set_ssbd_mitigation(bool state) {} +#endif + #endif /* __ASSEMBLY__ */ #endif diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 2fef634e6953..2b9a31a6a16a 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -303,7 +303,7 @@ void __init arm64_enable_wa2_handling(struct alt_instr *alt, *updptr = cpu_to_le32(aarch64_insn_gen_nop()); } -static void arm64_set_ssbd_mitigation(bool state) +void arm64_set_ssbd_mitigation(bool state) { switch (psci_ops.conduit) { case PSCI_CONDUIT_HVC: diff --git a/arch/arm64/kernel/hibernate.c b/arch/arm64/kernel/hibernate.c index 1ec5f28c39fc..6b2686d54411 100644 --- a/arch/arm64/kernel/hibernate.c +++ b/arch/arm64/kernel/hibernate.c @@ -313,6 +313,17 @@ int swsusp_arch_suspend(void) sleep_cpu = -EINVAL; __cpu_suspend_exit(); + + /* + * Just in case the boot kernel did turn the SSBD + * mitigation off behind our back, let's set the state + * to what we expect it to be. + */ + switch (arm64_get_ssbd_state()) { + case ARM64_SSBD_FORCE_ENABLE: + case ARM64_SSBD_KERNEL: + arm64_set_ssbd_mitigation(true); + } } local_daif_restore(flags); diff --git a/arch/arm64/kernel/suspend.c b/arch/arm64/kernel/suspend.c index a307b9e13392..70c283368b64 100644 --- a/arch/arm64/kernel/suspend.c +++ b/arch/arm64/kernel/suspend.c @@ -62,6 +62,14 @@ void notrace __cpu_suspend_exit(void) */ if (hw_breakpoint_restore) hw_breakpoint_restore(cpu); + + /* + * On resume, firmware implementing dynamic mitigation will + * have turned the mitigation on. If the user has forcefully + * disabled it, make sure their wishes are obeyed. + */ + if (arm64_get_ssbd_state() == ARM64_SSBD_FORCE_DISABLE) + arm64_set_ssbd_mitigation(false); } /* -- 2.14.2