Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp2046036pxp; Mon, 21 Mar 2022 10:07:27 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyxOBGftQ+JHbrlciYC/XFSDwfwl7Bt2HYcZui2VBtMZXQf6KcfxHzYWQFlAecK6+ONod0o X-Received: by 2002:a05:6402:458:b0:418:78a4:ac3f with SMTP id p24-20020a056402045800b0041878a4ac3fmr23906212edw.196.1647882446820; Mon, 21 Mar 2022 10:07:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1647882446; cv=none; d=google.com; s=arc-20160816; b=ntOIM/TYByDmsVJhNG0h6GznYihrV5z4D9aHeOP3AZMHrp9yw9UP7EXZwvbhnZAzk4 mbufFtu1J8L18NM1f70I4nx5xq9j6ePnb/U0iGvn77GsIGK9I/cobvCcLSsoN4JrJMGI Gvrp1Oi0nHHkpkF3ve/TryqFPjdYuhJUU5nyXS5Nypp45hJxGPmphFEieJrKOnPoYsSL D4r2ZbM7Edq4og8RdkdP22gfsLRDO4kmpubY+4OfCz0jNJt1K3thHYsZicGH14fAWGOQ Ou5dtjlJrnpxUxMgqH7kcNm+wa1A9LxMsE00pWvJp/LZvap52A/Qt2i+ptVx7WL68D90 Gqeg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=ifPCmxU0ho/oewpgWCwoogFJyqkSifz9TA63YAvtB58=; b=urr3jo6Wsukhhr1SlUn4pTB978AcMue3XhOyXQaspIG+ZIVreliZhbVy1EgxgXiIGo KCL+KEY/cxmfj/HDj1RBfhhl3Jac3qSMHzJ0xPyRGJGCh+p4Cf1pUgifzNuTiE8peIGx E53S71b17tVeC0hBWEs3lpJj+DE0LdzzIMAlFqXzl3oSvN1ldu0yN0TSwKs+H8lIta8k pUkjs8oTSTLow5BDb4ByBlWArof/4MslDRaKk3u0X5CTrslyw0QCT+Y1Zm8GpHmJpxUe R8qSk+ZfL79zTTX+cpWKr8Ux0f0BV0EcEsrEv6xcCGGaYLWDoVbjvhQokZuvX0MagDsW Lo4g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id fv8-20020a170907508800b006dfa0822296si4016803ejc.849.2022.03.21.10.07.00; Mon, 21 Mar 2022 10:07:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239817AbiCRRvp (ORCPT + 99 others); Fri, 18 Mar 2022 13:51:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38418 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239823AbiCRRvI (ORCPT ); Fri, 18 Mar 2022 13:51:08 -0400 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id B88B216E221; Fri, 18 Mar 2022 10:49:48 -0700 (PDT) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 862651570; Fri, 18 Mar 2022 10:49:48 -0700 (PDT) Received: from eglon.cambridge.arm.com (eglon.cambridge.arm.com [10.1.196.218]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id DA44C3F7B4; Fri, 18 Mar 2022 10:49:47 -0700 (PDT) From: James Morse To: stable@vger.kernel.org Cc: linux-kernel@vger.kernel.org, james.morse@arm.com, catalin.marinas@arm.com Subject: [stable:PATCH v4.19.235 17/22] arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 Date: Fri, 18 Mar 2022 17:48:37 +0000 Message-Id: <20220318174842.2321061-18-james.morse@arm.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220318174842.2321061-1-james.morse@arm.com> References: <20220318174842.2321061-1-james.morse@arm.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org commit dee435be76f4117410bbd90573a881fd33488f37 upstream. Speculation attacks against some high-performance processors can make use of branch history to influence future speculation as part of a spectre-v2 attack. This is not mitigated by CSV2, meaning CPUs that previously reported 'Not affected' are now moderately mitigated by CSV2. Update the value in /sys/devices/system/cpu/vulnerabilities/spectre_v2 to also show the state of the BHB mitigation. Reviewed-by: Catalin Marinas [ code move to cpu_errata.c for backport ] Signed-off-by: James Morse --- arch/arm64/include/asm/cpufeature.h | 8 ++++++ arch/arm64/kernel/cpu_errata.c | 38 ++++++++++++++++++++++++++--- 2 files changed, 43 insertions(+), 3 deletions(-) diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h index dda6e5056810..e59b9ee43e4a 100644 --- a/arch/arm64/include/asm/cpufeature.h +++ b/arch/arm64/include/asm/cpufeature.h @@ -527,6 +527,14 @@ static inline int arm64_get_ssbd_state(void) void arm64_set_ssbd_mitigation(bool state); +/* Watch out, ordering is important here. */ +enum mitigation_state { + SPECTRE_UNAFFECTED, + SPECTRE_MITIGATED, + SPECTRE_VULNERABLE, +}; + +enum mitigation_state arm64_get_spectre_bhb_state(void); #endif /* __ASSEMBLY__ */ #endif diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index d191ce8410db..d055ed21eeeb 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -875,14 +875,39 @@ ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, return sprintf(buf, "Mitigation: __user pointer sanitization\n"); } +static const char *get_bhb_affected_string(enum mitigation_state bhb_state) +{ + switch (bhb_state) { + case SPECTRE_UNAFFECTED: + return ""; + default: + case SPECTRE_VULNERABLE: + return ", but not BHB"; + case SPECTRE_MITIGATED: + return ", BHB"; + } +} + ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf) { - if (__spectrev2_safe) - return sprintf(buf, "Not affected\n"); + enum mitigation_state bhb_state = arm64_get_spectre_bhb_state(); + const char *bhb_str = get_bhb_affected_string(bhb_state); + const char *v2_str = "Branch predictor hardening"; + + if (__spectrev2_safe) { + if (bhb_state == SPECTRE_UNAFFECTED) + return sprintf(buf, "Not affected\n"); + + /* + * Platforms affected by Spectre-BHB can't report + * "Not affected" for Spectre-v2. + */ + v2_str = "CSV2"; + } if (__hardenbp_enab) - return sprintf(buf, "Mitigation: Branch predictor hardening\n"); + return sprintf(buf, "Mitigation: %s%s\n", v2_str, bhb_str); return sprintf(buf, "Vulnerable\n"); } @@ -903,3 +928,10 @@ ssize_t cpu_show_spec_store_bypass(struct device *dev, return sprintf(buf, "Vulnerable\n"); } + +static enum mitigation_state spectre_bhb_state; + +enum mitigation_state arm64_get_spectre_bhb_state(void) +{ + return spectre_bhb_state; +} -- 2.30.2