Received: by 2002:a25:d7c1:0:0:0:0:0 with SMTP id o184csp2487716ybg; Sun, 27 Oct 2019 19:49:13 -0700 (PDT) X-Google-Smtp-Source: APXvYqxK7NEeOEvsSb5+PNm67PXcQc3mdxj6kvfBnv5YP5nsdX1dU7YiWnlOCoeJp/bpJWkjXYG+ X-Received: by 2002:a17:906:37d2:: with SMTP id o18mr8754966ejc.247.1572230953635; Sun, 27 Oct 2019 19:49:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1572230953; cv=none; d=google.com; s=arc-20160816; b=ZYhfwsQ3n8byS5LU8+B+wNkstoW2MWsN5w0iTNSrEygRYAb4AZq/GeIxzz2Bbw6CTv kXlc0bYoHcrMtxDEna5DHj97cXkXCMtP3dHZ9C/vFSqVDci57fDyGXovY3AUt0zrlvvU +8t2p0A4F0G1ZncRaeHfatxPwB0FTI/jC8uy6o4/2wGyvoJTi5ZFE+lJgZIn59U4/r5F JDCYRydH69qiGIj4HoNhuyuXZyqFFV46ILgq69f2+2Y9NQLrZivZqu4ycao8hVtz/yWv qRwt/woGuFmfGzx09xyp0XROJ8MFFvn3tYBhZgfWpqLwoetBzQbBM2qGdedO2iZX937Q 4tpg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=VJo1d0G4dhwmPh9WOcf28QdICu5NpyPi4HzPd5+4/70=; b=uvpqsppg4Djz0NtlZwF6jAQ5T+wpZgwi7ur75ZTqOLivElrO/MFDZc4DpsbKsOfabp oEVZyUEQLH601EAcXjVpz+gGvhrx1PTilvtVHAEHn9e06230UjLa2OzU3lYwpyaywo4t AczEYxAgFQci0VhAqeje+MNa3j2JkjWrxbJrjkqVBt5B2cOlA/a5NZYnGUfIY/HkQZ7m UyezrUBC7fuyTKvipqK7mTHZa9rVgh+fuKR6mjj+4Hv9itwDfEtkQfrR+ldSloHBqaFN fPngLIntwq0vhKv6Sg44fBltvd0CgjthfI7kLlELBGIa8lN6h/WE1leMKfICqGRxEAHd zz3g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=KyE3z98S; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s2si6972515edi.413.2019.10.27.19.48.49; Sun, 27 Oct 2019 19:49:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=KyE3z98S; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729707AbfJ0VK1 (ORCPT + 99 others); Sun, 27 Oct 2019 17:10:27 -0400 Received: from mail.kernel.org ([198.145.29.99]:56848 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729701AbfJ0VK0 (ORCPT ); Sun, 27 Oct 2019 17:10:26 -0400 Received: from localhost (100.50.158.77.rev.sfr.net [77.158.50.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A74702064A; Sun, 27 Oct 2019 21:10:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1572210625; bh=rM6KJb6cQvAyghTlAAUAHQOK4dd80lB0rRVdNlYI3iM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=KyE3z98ShWV2xwQLyw9Di7PBDdz2eo+2uiP6YVG+kZDCC0F4yyN3JxboPUEDw6vuV LbZtEMMCfIbbm0KY1PzPW9YR8xofhBxis/qW/q8dcIJqRnflV1pr1P3YHQW4Ur9kRe uxENPVupRDgrKi0p5g2lF24WSH9enqFKoBeZ45qg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , Jeremy Linton , Andre Przywara , Catalin Marinas , Stefan Wahren , Will Deacon , Ard Biesheuvel Subject: [PATCH 4.14 079/119] arm64: add sysfs vulnerability show for spectre-v2 Date: Sun, 27 Oct 2019 22:00:56 +0100 Message-Id: <20191027203344.735962234@linuxfoundation.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191027203259.948006506@linuxfoundation.org> References: <20191027203259.948006506@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jeremy Linton [ Upstream commit d2532e27b5638bb2e2dd52b80b7ea2ec65135377 ] Track whether all the cores in the machine are vulnerable to Spectre-v2, and whether all the vulnerable cores have been mitigated. We then expose this information to userspace via sysfs. Signed-off-by: Jeremy Linton Reviewed-by: Andre Przywara Reviewed-by: Catalin Marinas Tested-by: Stefan Wahren Signed-off-by: Will Deacon Signed-off-by: Ard Biesheuvel Signed-off-by: Greg Kroah-Hartman --- arch/arm64/kernel/cpu_errata.c | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -456,6 +456,10 @@ out_printmsg: .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, \ CAP_MIDR_RANGE_LIST(midr_list) +/* Track overall mitigation state. We are only mitigated if all cores are ok */ +static bool __hardenbp_enab = true; +static bool __spectrev2_safe = true; + /* * List of CPUs that do not need any Spectre-v2 mitigation at all. */ @@ -466,6 +470,10 @@ static const struct midr_range spectre_v { /* sentinel */ } }; +/* + * Track overall bp hardening for all heterogeneous cores in the machine. + * We are only considered "safe" if all booted cores are known safe. + */ static bool __maybe_unused check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope) { @@ -487,6 +495,8 @@ check_branch_predictor(const struct arm6 if (!need_wa) return false; + __spectrev2_safe = false; + if (!IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR)) { pr_warn_once("spectrev2 mitigation disabled by kernel configuration\n"); __hardenbp_enab = false; @@ -496,11 +506,14 @@ check_branch_predictor(const struct arm6 /* forced off */ if (__nospectre_v2) { pr_info_once("spectrev2 mitigation disabled by command line option\n"); + __hardenbp_enab = false; return false; } - if (need_wa < 0) + if (need_wa < 0) { pr_warn_once("ARM_SMCCC_ARCH_WORKAROUND_1 missing from firmware\n"); + __hardenbp_enab = false; + } return (need_wa > 0); } @@ -663,3 +676,15 @@ ssize_t cpu_show_spectre_v1(struct devic { return sprintf(buf, "Mitigation: __user pointer sanitization\n"); } + +ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, + char *buf) +{ + if (__spectrev2_safe) + return sprintf(buf, "Not affected\n"); + + if (__hardenbp_enab) + return sprintf(buf, "Mitigation: Branch predictor hardening\n"); + + return sprintf(buf, "Vulnerable\n"); +}