Received: by 2002:a25:d7c1:0:0:0:0:0 with SMTP id o184csp2487716ybg;
        Sun, 27 Oct 2019 19:49:13 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxK7NEeOEvsSb5+PNm67PXcQc3mdxj6kvfBnv5YP5nsdX1dU7YiWnlOCoeJp/bpJWkjXYG+
X-Received: by 2002:a17:906:37d2:: with SMTP id o18mr8754966ejc.247.1572230953635;
        Sun, 27 Oct 2019 19:49:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1572230953; cv=none;
        d=google.com; s=arc-20160816;
        b=ZYhfwsQ3n8byS5LU8+B+wNkstoW2MWsN5w0iTNSrEygRYAb4AZq/GeIxzz2Bbw6CTv
         kXlc0bYoHcrMtxDEna5DHj97cXkXCMtP3dHZ9C/vFSqVDci57fDyGXovY3AUt0zrlvvU
         +8t2p0A4F0G1ZncRaeHfatxPwB0FTI/jC8uy6o4/2wGyvoJTi5ZFE+lJgZIn59U4/r5F
         JDCYRydH69qiGIj4HoNhuyuXZyqFFV46ILgq69f2+2Y9NQLrZivZqu4ycao8hVtz/yWv
         qRwt/woGuFmfGzx09xyp0XROJ8MFFvn3tYBhZgfWpqLwoetBzQbBM2qGdedO2iZX937Q
         4tpg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=VJo1d0G4dhwmPh9WOcf28QdICu5NpyPi4HzPd5+4/70=;
        b=uvpqsppg4Djz0NtlZwF6jAQ5T+wpZgwi7ur75ZTqOLivElrO/MFDZc4DpsbKsOfabp
         oEVZyUEQLH601EAcXjVpz+gGvhrx1PTilvtVHAEHn9e06230UjLa2OzU3lYwpyaywo4t
         AczEYxAgFQci0VhAqeje+MNa3j2JkjWrxbJrjkqVBt5B2cOlA/a5NZYnGUfIY/HkQZ7m
         UyezrUBC7fuyTKvipqK7mTHZa9rVgh+fuKR6mjj+4Hv9itwDfEtkQfrR+ldSloHBqaFN
         fPngLIntwq0vhKv6Sg44fBltvd0CgjthfI7kLlELBGIa8lN6h/WE1leMKfICqGRxEAHd
         zz3g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=KyE3z98S;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id s2si6972515edi.413.2019.10.27.19.48.49;
        Sun, 27 Oct 2019 19:49:13 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=KyE3z98S;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729707AbfJ0VK1 (ORCPT <rfc822;hackukernel@gmail.com>
        + 99 others); Sun, 27 Oct 2019 17:10:27 -0400
Received: from mail.kernel.org ([198.145.29.99]:56848 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1729701AbfJ0VK0 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 27 Oct 2019 17:10:26 -0400
Received: from localhost (100.50.158.77.rev.sfr.net [77.158.50.100])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id A74702064A;
        Sun, 27 Oct 2019 21:10:24 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1572210625;
        bh=rM6KJb6cQvAyghTlAAUAHQOK4dd80lB0rRVdNlYI3iM=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=KyE3z98ShWV2xwQLyw9Di7PBDdz2eo+2uiP6YVG+kZDCC0F4yyN3JxboPUEDw6vuV
         LbZtEMMCfIbbm0KY1PzPW9YR8xofhBxis/qW/q8dcIJqRnflV1pr1P3YHQW4Ur9kRe
         uxENPVupRDgrKi0p5g2lF24WSH9enqFKoBeZ45qg=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Jeremy Linton <jeremy.linton@arm.com>,
        Andre Przywara <andre.przywara@arm.com>,
        Catalin Marinas <catalin.marinas@arm.com>,
        Stefan Wahren <stefan.wahren@i2se.com>,
        Will Deacon <will.deacon@arm.com>,
        Ard Biesheuvel <ard.biesheuvel@linaro.org>
Subject: [PATCH 4.14 079/119] arm64: add sysfs vulnerability show for spectre-v2
Date:   Sun, 27 Oct 2019 22:00:56 +0100
Message-Id: <20191027203344.735962234@linuxfoundation.org>
X-Mailer: git-send-email 2.23.0
In-Reply-To: <20191027203259.948006506@linuxfoundation.org>
References: <20191027203259.948006506@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Jeremy Linton <jeremy.linton@arm.com>

[ Upstream commit d2532e27b5638bb2e2dd52b80b7ea2ec65135377 ]

Track whether all the cores in the machine are vulnerable to Spectre-v2,
and whether all the vulnerable cores have been mitigated. We then expose
this information to userspace via sysfs.

Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Tested-by: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/arm64/kernel/cpu_errata.c |   27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c
@@ -456,6 +456,10 @@ out_printmsg:
 	.type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM,			\
 	CAP_MIDR_RANGE_LIST(midr_list)
 
+/* Track overall mitigation state. We are only mitigated if all cores are ok */
+static bool __hardenbp_enab = true;
+static bool __spectrev2_safe = true;
+
 /*
  * List of CPUs that do not need any Spectre-v2 mitigation at all.
  */
@@ -466,6 +470,10 @@ static const struct midr_range spectre_v
 	{ /* sentinel */ }
 };
 
+/*
+ * Track overall bp hardening for all heterogeneous cores in the machine.
+ * We are only considered "safe" if all booted cores are known safe.
+ */
 static bool __maybe_unused
 check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope)
 {
@@ -487,6 +495,8 @@ check_branch_predictor(const struct arm6
 	if (!need_wa)
 		return false;
 
+	__spectrev2_safe = false;
+
 	if (!IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR)) {
 		pr_warn_once("spectrev2 mitigation disabled by kernel configuration\n");
 		__hardenbp_enab = false;
@@ -496,11 +506,14 @@ check_branch_predictor(const struct arm6
 	/* forced off */
 	if (__nospectre_v2) {
 		pr_info_once("spectrev2 mitigation disabled by command line option\n");
+		__hardenbp_enab = false;
 		return false;
 	}
 
-	if (need_wa < 0)
+	if (need_wa < 0) {
 		pr_warn_once("ARM_SMCCC_ARCH_WORKAROUND_1 missing from firmware\n");
+		__hardenbp_enab = false;
+	}
 
 	return (need_wa > 0);
 }
@@ -663,3 +676,15 @@ ssize_t cpu_show_spectre_v1(struct devic
 {
 	return sprintf(buf, "Mitigation: __user pointer sanitization\n");
 }
+
+ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr,
+		char *buf)
+{
+	if (__spectrev2_safe)
+		return sprintf(buf, "Not affected\n");
+
+	if (__hardenbp_enab)
+		return sprintf(buf, "Mitigation: Branch predictor hardening\n");
+
+	return sprintf(buf, "Vulnerable\n");
+}