Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp1570884pxb; Fri, 1 Apr 2022 18:10:24 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxqlA5sWYBasqmOwy4tnaBxQzrjmoBRLMne1bf7FGkCF/NYQfP8FwcHLdyKC0JkXpiPHG2c X-Received: by 2002:a17:907:8d1a:b0:6df:e513:540a with SMTP id tc26-20020a1709078d1a00b006dfe513540amr2090322ejc.340.1648861824512; Fri, 01 Apr 2022 18:10:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648861824; cv=none; d=google.com; s=arc-20160816; b=QpYExdobzogwJckDIsQSKDWHqg+e4MrXk8hS+vCUKePPPDPIQVZ02woXl0LHiO7yQk lux6kOLbU31ptOqviJmogxDkJel8Xb3IAurYw/3C6/UnH8YF6na8fekJri83B1zZXyru EO/12domdSs/GBgDP8eShNZ8cuu+LnIINDTuW1Tdj3bBHsMWHziwVsuTXUL/JSaO2QIu lBWel5eTXgTBWLS/9yRz+xqZGTIeCA8fcEoN65yIfH2VTJHuDUJvoBhaj4roS1/aahSd T6R7yVghIyqd+62uw8yfPrz6YU4IH/mE+17yV8aoqSG0II6OnL3DcXI2SBTpjr4xVGuR 0VOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=VC22lQ3P+WeUqf77sYjI6xKQCHcEPp8y24uHkrP3ruw=; b=Q7mD3aoa50iv18pZVL8iJm/JKoW3/ZnTWL88BtshgGREhpkrAChR2lAppmUf/fzxrr TnQYEqOcRAl5tf/CpTqkcV1DyYm/S/0UE5Z0i3ZjJYgyUDxSgSRrZok+tkhMnZpIXx2o MogEQ8vj636uv8gT7okHAGml026JoX2FJNC9K1xOINRnEMMe9L6aRqRD3PWojiec8HIF 1WkEwt4lOnEnpGeGej8p049Ul8QwB06Jyl7+kHkrjd5er5H1rSQ5GOkPXeRRdcjrhkX3 col2ile9+cGZZ6TAD1he1JRSQ7ka06kGaCyB//17n7VPTOLr9NHPnclj211xOhh9EGVj fOaw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h18-20020a056402281200b00418c2b5befdsi2994561ede.479.2022.04.01.18.10.00; Fri, 01 Apr 2022 18:10:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236244AbiCaShi (ORCPT + 99 others); Thu, 31 Mar 2022 14:37:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53606 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235801AbiCaSgh (ORCPT ); Thu, 31 Mar 2022 14:36:37 -0400 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id E858D21DF2E; Thu, 31 Mar 2022 11:34:48 -0700 (PDT) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id A9641139F; Thu, 31 Mar 2022 11:34:48 -0700 (PDT) Received: from eglon.cambridge.arm.com (eglon.cambridge.arm.com [10.1.196.218]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 0BC193F718; Thu, 31 Mar 2022 11:34:47 -0700 (PDT) From: James Morse To: stable@vger.kernel.org, linux-kernel@vger.kernel.org Cc: james.morse@arm.com, catalin.marinas@arm.com Subject: [stable:PATCH v4.14.274 22/27] arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 Date: Thu, 31 Mar 2022 19:33:55 +0100 Message-Id: <20220331183400.73183-23-james.morse@arm.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220331183400.73183-1-james.morse@arm.com> References: <20220331183400.73183-1-james.morse@arm.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org commit dee435be76f4117410bbd90573a881fd33488f37 upstream. Speculation attacks against some high-performance processors can make use of branch history to influence future speculation as part of a spectre-v2 attack. This is not mitigated by CSV2, meaning CPUs that previously reported 'Not affected' are now moderately mitigated by CSV2. Update the value in /sys/devices/system/cpu/vulnerabilities/spectre_v2 to also show the state of the BHB mitigation. Reviewed-by: Catalin Marinas [ code move to cpu_errata.c for backport ] Signed-off-by: James Morse --- arch/arm64/include/asm/cpufeature.h | 8 ++++++ arch/arm64/kernel/cpu_errata.c | 38 ++++++++++++++++++++++++++--- 2 files changed, 43 insertions(+), 3 deletions(-) diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h index 166f81b7afee..5f9f40a02784 100644 --- a/arch/arm64/include/asm/cpufeature.h +++ b/arch/arm64/include/asm/cpufeature.h @@ -495,6 +495,14 @@ static inline int arm64_get_ssbd_state(void) void arm64_set_ssbd_mitigation(bool state); +/* Watch out, ordering is important here. */ +enum mitigation_state { + SPECTRE_UNAFFECTED, + SPECTRE_MITIGATED, + SPECTRE_VULNERABLE, +}; + +enum mitigation_state arm64_get_spectre_bhb_state(void); #endif /* __ASSEMBLY__ */ #endif diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index d75c4f4144f4..41caf2f01814 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -730,14 +730,39 @@ ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, return sprintf(buf, "Mitigation: __user pointer sanitization\n"); } +static const char *get_bhb_affected_string(enum mitigation_state bhb_state) +{ + switch (bhb_state) { + case SPECTRE_UNAFFECTED: + return ""; + default: + case SPECTRE_VULNERABLE: + return ", but not BHB"; + case SPECTRE_MITIGATED: + return ", BHB"; + } +} + ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf) { - if (__spectrev2_safe) - return sprintf(buf, "Not affected\n"); + enum mitigation_state bhb_state = arm64_get_spectre_bhb_state(); + const char *bhb_str = get_bhb_affected_string(bhb_state); + const char *v2_str = "Branch predictor hardening"; + + if (__spectrev2_safe) { + if (bhb_state == SPECTRE_UNAFFECTED) + return sprintf(buf, "Not affected\n"); + + /* + * Platforms affected by Spectre-BHB can't report + * "Not affected" for Spectre-v2. + */ + v2_str = "CSV2"; + } if (__hardenbp_enab) - return sprintf(buf, "Mitigation: Branch predictor hardening\n"); + return sprintf(buf, "Mitigation: %s%s\n", v2_str, bhb_str); return sprintf(buf, "Vulnerable\n"); } @@ -758,3 +783,10 @@ ssize_t cpu_show_spec_store_bypass(struct device *dev, return sprintf(buf, "Vulnerable\n"); } + +static enum mitigation_state spectre_bhb_state; + +enum mitigation_state arm64_get_spectre_bhb_state(void) +{ + return spectre_bhb_state; +} -- 2.30.2