From patchwork Thu Oct 10 08:36:36 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 175727 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp1984403ill; Thu, 10 Oct 2019 01:49:37 -0700 (PDT) X-Google-Smtp-Source: APXvYqyF7OKvFqPmqBD6Au6cM5ppV5E6RijOwDpooECPWaJGsbNB3k20rWyS2TbRAE+Mw6WqU/XG X-Received: by 2002:aa7:db43:: with SMTP id n3mr7035183edt.176.1570697377047; Thu, 10 Oct 2019 01:49:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570697377; cv=none; d=google.com; s=arc-20160816; b=qVLnAI61yPV1/QA/6VYvn7CW9htlvcNTqS9fQ2pLgIecrBof97O7ncOLo9nxqu6Oub xnJUib38gHBV+2X1BABNS5QJPTH5ouhRqgB8VcHeO2ey9kmNs47o1ym5zKBpUKZuAuW8 f8fCud9/G4OssCoi/m98k8nZwNnKpsqnjClddz5olof58dE5eay2O/aJZGi9U32T+CsS TNRn6xQ9mQwODPkcX8U+N6XqHRBWSCtIJRz2X3n1Ux8TuCChmZ2aGYXRbUYpd5CidTE4 IrWWu+CfOEf5ZRryouHtH7eBBr9zmULA2f5fnhae0W5ybnX/R2GbHqoa+Gxp/JQaz7XE D15g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=nHQyHxQpz8jSFf894o+vfyyEQVYXOxCLZ+hWt4mAJeQ=; b=WgL0DVNiAO3NqqdcLFGO2En+ovAZKgYarB5KHWPrvsTs2uhwI2A0t1Osko/IHtCnqq CnZmL7qeci5UE8ecLQKMUcnQpBLCzcw6DKQWUFbu1I9Og9KA7ROS6eGF6Z6WPm9q5jIF JMnN+s4/DDwOkSfT4gbsozm4SnViV4lPRLAHU9gtl7AZ3LC9e2tsyrbP1df/dX5KPtUJ tVNWZDB49+FF77KxHbjbtzHHweQwtoMCzwuW2Ncjc2CDHYg8/L+q01jvIingV93u67Zk D4M5299vl5kZLhlMEoF1ir+BpDA41WhLhITXzoaGOf8xC9CTlpSzkmlOJ6tE5ejANL4J V2Jw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=KHDUb3mY; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b26si2728299eju.87.2019.10.10.01.49.36; Thu, 10 Oct 2019 01:49:37 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=KHDUb3mY; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389832AbfJJIte (ORCPT + 13 others); Thu, 10 Oct 2019 04:49:34 -0400 Received: from mail.kernel.org ([198.145.29.99]:56160 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389816AbfJJIte (ORCPT ); Thu, 10 Oct 2019 04:49:34 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id ABED2222BE; Thu, 10 Oct 2019 08:49:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1570697373; bh=LPjKmcWr3OwbzXa3itXByiCd8ZirSBSTxybPQCZq4N8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=KHDUb3mYd4gyNbRgPmKIkiPRZx43hNVwYuEqJPjycf6l23NxBklI0CIgWlds7KUtr UsBF8wm0/ZtQlMsFqVA0PgjnbgndX6jyRhB9tTFsuVp79B/6fIjaTtL+qt4ZAVEAiZ u1xUPcMoJf3VxvCUe4PDpW4vECoEos5DN+oTi4/g= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Will Deacon , Catalin Marinas , Ard Biesheuvel Subject: [PATCH 4.19 089/114] arm64: ssbd: Add support for PSTATE.SSBS rather than trapping to EL3 Date: Thu, 10 Oct 2019 10:36:36 +0200 Message-Id: <20191010083612.775428928@linuxfoundation.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191010083544.711104709@linuxfoundation.org> References: <20191010083544.711104709@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon [ Upstream commit 8f04e8e6e29c93421a95b61cad62e3918425eac7 ] On CPUs with support for PSTATE.SSBS, the kernel can toggle the SSBD state without needing to call into firmware. This patch hooks into the existing SSBD infrastructure so that SSBS is used on CPUs that support it, but it's all made horribly complicated by the very real possibility of big/little systems that don't uniformly provide the new capability. Signed-off-by: Will Deacon Signed-off-by: Catalin Marinas Signed-off-by: Ard Biesheuvel Signed-off-by: Greg Kroah-Hartman --- arch/arm64/include/asm/processor.h | 7 +++++ arch/arm64/include/asm/ptrace.h | 1 arch/arm64/include/asm/sysreg.h | 3 ++ arch/arm64/include/uapi/asm/ptrace.h | 1 arch/arm64/kernel/cpu_errata.c | 26 ++++++++++++++++++-- arch/arm64/kernel/cpufeature.c | 45 +++++++++++++++++++++++++++++++++++ arch/arm64/kernel/process.c | 4 +++ arch/arm64/kernel/ssbd.c | 21 ++++++++++++++++ 8 files changed, 106 insertions(+), 2 deletions(-) --- a/arch/arm64/include/asm/processor.h +++ b/arch/arm64/include/asm/processor.h @@ -182,6 +182,10 @@ static inline void start_thread(struct p { start_thread_common(regs, pc); regs->pstate = PSR_MODE_EL0t; + + if (arm64_get_ssbd_state() != ARM64_SSBD_FORCE_ENABLE) + regs->pstate |= PSR_SSBS_BIT; + regs->sp = sp; } @@ -198,6 +202,9 @@ static inline void compat_start_thread(s regs->pstate |= PSR_AA32_E_BIT; #endif + if (arm64_get_ssbd_state() != ARM64_SSBD_FORCE_ENABLE) + regs->pstate |= PSR_AA32_SSBS_BIT; + regs->compat_sp = sp; } #endif --- a/arch/arm64/include/asm/ptrace.h +++ b/arch/arm64/include/asm/ptrace.h @@ -50,6 +50,7 @@ #define PSR_AA32_I_BIT 0x00000080 #define PSR_AA32_A_BIT 0x00000100 #define PSR_AA32_E_BIT 0x00000200 +#define PSR_AA32_SSBS_BIT 0x00800000 #define PSR_AA32_DIT_BIT 0x01000000 #define PSR_AA32_Q_BIT 0x08000000 #define PSR_AA32_V_BIT 0x10000000 --- a/arch/arm64/include/asm/sysreg.h +++ b/arch/arm64/include/asm/sysreg.h @@ -86,11 +86,14 @@ #define REG_PSTATE_PAN_IMM sys_reg(0, 0, 4, 0, 4) #define REG_PSTATE_UAO_IMM sys_reg(0, 0, 4, 0, 3) +#define REG_PSTATE_SSBS_IMM sys_reg(0, 3, 4, 0, 1) #define SET_PSTATE_PAN(x) __emit_inst(0xd5000000 | REG_PSTATE_PAN_IMM | \ (!!x)<<8 | 0x1f) #define SET_PSTATE_UAO(x) __emit_inst(0xd5000000 | REG_PSTATE_UAO_IMM | \ (!!x)<<8 | 0x1f) +#define SET_PSTATE_SSBS(x) __emit_inst(0xd5000000 | REG_PSTATE_SSBS_IMM | \ + (!!x)<<8 | 0x1f) #define SYS_DC_ISW sys_insn(1, 0, 7, 6, 2) #define SYS_DC_CSW sys_insn(1, 0, 7, 10, 2) --- a/arch/arm64/include/uapi/asm/ptrace.h +++ b/arch/arm64/include/uapi/asm/ptrace.h @@ -46,6 +46,7 @@ #define PSR_I_BIT 0x00000080 #define PSR_A_BIT 0x00000100 #define PSR_D_BIT 0x00000200 +#define PSR_SSBS_BIT 0x00001000 #define PSR_PAN_BIT 0x00400000 #define PSR_UAO_BIT 0x00800000 #define PSR_V_BIT 0x10000000 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -312,6 +312,14 @@ void __init arm64_enable_wa2_handling(st void arm64_set_ssbd_mitigation(bool state) { + if (this_cpu_has_cap(ARM64_SSBS)) { + if (state) + asm volatile(SET_PSTATE_SSBS(0)); + else + asm volatile(SET_PSTATE_SSBS(1)); + return; + } + switch (psci_ops.conduit) { case PSCI_CONDUIT_HVC: arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_WORKAROUND_2, state, NULL); @@ -336,6 +344,11 @@ static bool has_ssbd_mitigation(const st WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible()); + if (this_cpu_has_cap(ARM64_SSBS)) { + required = false; + goto out_printmsg; + } + if (psci_ops.smccc_version == SMCCC_VERSION_1_0) { ssbd_state = ARM64_SSBD_UNKNOWN; return false; @@ -384,7 +397,6 @@ static bool has_ssbd_mitigation(const st switch (ssbd_state) { case ARM64_SSBD_FORCE_DISABLE: - pr_info_once("%s disabled from command-line\n", entry->desc); arm64_set_ssbd_mitigation(false); required = false; break; @@ -397,7 +409,6 @@ static bool has_ssbd_mitigation(const st break; case ARM64_SSBD_FORCE_ENABLE: - pr_info_once("%s forced from command-line\n", entry->desc); arm64_set_ssbd_mitigation(true); required = true; break; @@ -407,6 +418,17 @@ static bool has_ssbd_mitigation(const st break; } +out_printmsg: + switch (ssbd_state) { + case ARM64_SSBD_FORCE_DISABLE: + pr_info_once("%s disabled from command-line\n", entry->desc); + break; + + case ARM64_SSBD_FORCE_ENABLE: + pr_info_once("%s forced from command-line\n", entry->desc); + break; + } + return required; } #endif /* CONFIG_ARM64_SSBD */ --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -1071,6 +1071,48 @@ static void cpu_has_fwb(const struct arm WARN_ON(val & (7 << 27 | 7 << 21)); } +#ifdef CONFIG_ARM64_SSBD +static int ssbs_emulation_handler(struct pt_regs *regs, u32 instr) +{ + if (user_mode(regs)) + return 1; + + if (instr & BIT(CRm_shift)) + regs->pstate |= PSR_SSBS_BIT; + else + regs->pstate &= ~PSR_SSBS_BIT; + + arm64_skip_faulting_instruction(regs, 4); + return 0; +} + +static struct undef_hook ssbs_emulation_hook = { + .instr_mask = ~(1U << CRm_shift), + .instr_val = 0xd500001f | REG_PSTATE_SSBS_IMM, + .fn = ssbs_emulation_handler, +}; + +static void cpu_enable_ssbs(const struct arm64_cpu_capabilities *__unused) +{ + static bool undef_hook_registered = false; + static DEFINE_SPINLOCK(hook_lock); + + spin_lock(&hook_lock); + if (!undef_hook_registered) { + register_undef_hook(&ssbs_emulation_hook); + undef_hook_registered = true; + } + spin_unlock(&hook_lock); + + if (arm64_get_ssbd_state() == ARM64_SSBD_FORCE_DISABLE) { + sysreg_clear_set(sctlr_el1, 0, SCTLR_ELx_DSSBS); + arm64_set_ssbd_mitigation(false); + } else { + arm64_set_ssbd_mitigation(true); + } +} +#endif /* CONFIG_ARM64_SSBD */ + static const struct arm64_cpu_capabilities arm64_features[] = { { .desc = "GIC system register CPU interface", @@ -1258,6 +1300,7 @@ static const struct arm64_cpu_capabiliti .cpu_enable = cpu_enable_hw_dbm, }, #endif +#ifdef CONFIG_ARM64_SSBD { .desc = "Speculative Store Bypassing Safe (SSBS)", .capability = ARM64_SSBS, @@ -1267,7 +1310,9 @@ static const struct arm64_cpu_capabiliti .field_pos = ID_AA64PFR1_SSBS_SHIFT, .sign = FTR_UNSIGNED, .min_field_value = ID_AA64PFR1_SSBS_PSTATE_ONLY, + .cpu_enable = cpu_enable_ssbs, }, +#endif {}, }; --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -358,6 +358,10 @@ int copy_thread(unsigned long clone_flag if (IS_ENABLED(CONFIG_ARM64_UAO) && cpus_have_const_cap(ARM64_HAS_UAO)) childregs->pstate |= PSR_UAO_BIT; + + if (arm64_get_ssbd_state() == ARM64_SSBD_FORCE_DISABLE) + childregs->pstate |= PSR_SSBS_BIT; + p->thread.cpu_context.x19 = stack_start; p->thread.cpu_context.x20 = stk_sz; } --- a/arch/arm64/kernel/ssbd.c +++ b/arch/arm64/kernel/ssbd.c @@ -3,13 +3,31 @@ * Copyright (C) 2018 ARM Ltd, All Rights Reserved. */ +#include #include #include #include +#include #include #include +static void ssbd_ssbs_enable(struct task_struct *task) +{ + u64 val = is_compat_thread(task_thread_info(task)) ? + PSR_AA32_SSBS_BIT : PSR_SSBS_BIT; + + task_pt_regs(task)->pstate |= val; +} + +static void ssbd_ssbs_disable(struct task_struct *task) +{ + u64 val = is_compat_thread(task_thread_info(task)) ? + PSR_AA32_SSBS_BIT : PSR_SSBS_BIT; + + task_pt_regs(task)->pstate &= ~val; +} + /* * prctl interface for SSBD * FIXME: Drop the below ifdefery once merged in 4.18. @@ -47,12 +65,14 @@ static int ssbd_prctl_set(struct task_st return -EPERM; task_clear_spec_ssb_disable(task); clear_tsk_thread_flag(task, TIF_SSBD); + ssbd_ssbs_enable(task); break; case PR_SPEC_DISABLE: if (state == ARM64_SSBD_FORCE_DISABLE) return -EPERM; task_set_spec_ssb_disable(task); set_tsk_thread_flag(task, TIF_SSBD); + ssbd_ssbs_disable(task); break; case PR_SPEC_FORCE_DISABLE: if (state == ARM64_SSBD_FORCE_DISABLE) @@ -60,6 +80,7 @@ static int ssbd_prctl_set(struct task_st task_set_spec_ssb_disable(task); task_set_spec_ssb_force_disable(task); set_tsk_thread_flag(task, TIF_SSBD); + ssbd_ssbs_disable(task); break; default: return -ERANGE; From patchwork Thu Oct 10 08:36:37 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 175728 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp1984470ill; Thu, 10 Oct 2019 01:49:40 -0700 (PDT) X-Google-Smtp-Source: APXvYqyl6ij8xC6Eseoaeae97HcLcWRcl6Y4qkgEByiwbBGZvmqumDgxMt5PTzUafpP9DL7vNuO6 X-Received: by 2002:a05:6402:64f:: with SMTP id u15mr6842897edx.231.1570697380732; Thu, 10 Oct 2019 01:49:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570697380; cv=none; d=google.com; s=arc-20160816; b=jUXNctirr/+lvAnBjKvJljR1AeEXke/jdA/aK1Q4QepQ6Fkb8I8vYScOU3kdfkjvQN DHudjDRTMZyj5flUaQnSPRZ8+/P8mhZGoRiwKHHw8uQr1gpi+a9jvbE69FoKGCAml1dH 4VoaGV50pOaf19ggOKUldg+B3pWmnp+svO2PtqjDGyshNGDro/OkOA5m1eAd/RQyJ3ZQ AaDLOwqOOty/SQ1n0C0yFP2Nikx705BT1HyANa8UFcdO8Xw+myWpfjy7UYI8Rw5E8Kmn 8EKMldMoBdvufHD3G+k49kLg0XCW6mwl7oGiUIeCBvbJDPoJxl4SScCuSFGi2E6lGJlw tMPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=N/wg6319JSnpZMmBK/fXEGOumuSZDlvq0+EFLxU/itA=; b=U1nm78ivvc/CUc7AxBI04P1Yn8DTves2/kvXSIxCQ3h9JsQVo7OICYH4l8MIZs8iUi by9KvrtXRFNOD6cNuWSHr8xuApbJ8H/1Xr9m0zS1VS79WME1npkHzi2Xw86dBv0JvaEp tBHjPKj3HQg+GkUQdep7sJlO9uvKagf7bG1VFQEZNXgzpZ1e7uDqje6M5lR93Njas03G HV6wkelV/GY7QYi4Cad961NbZ7BQ/vPToQdGS3KCNp2QsRY0XEmMST8dFYVMsRNDPOz2 kkkppBBtsNDMs2GDt6qqmsZOzCByt0h0E4kaXTWtyz7XaKf54oY2VQMY+vSK2lczOzTy c6BA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=OgV3+TdH; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b3si2730182eju.357.2019.10.10.01.49.40; Thu, 10 Oct 2019 01:49:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=OgV3+TdH; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389838AbfJJIth (ORCPT + 13 others); Thu, 10 Oct 2019 04:49:37 -0400 Received: from mail.kernel.org ([198.145.29.99]:56242 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388033AbfJJItg (ORCPT ); Thu, 10 Oct 2019 04:49:36 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 55BA321D71; Thu, 10 Oct 2019 08:49:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1570697375; bh=7DZ5PjMP7b5x4rM5b1G+HAZcSZk95Iof1H4TK11oOBA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=OgV3+TdHf56LRix19LdyEVUQk9q3aArPackt6x2bHqIVoJhOhSJeYSWyhQj2iJTQN SCaw56zS7QtSVjCE4IVzXFTsJmOd3yVcCxQ0WKSv+aSDvhu7gdSN+2c8tqGXKoRedg k/+E/RzXfxKAA15fRHZouuPN6MEBni7PiwVqVuPg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Christoffer Dall , Will Deacon , Catalin Marinas , Ard Biesheuvel Subject: [PATCH 4.19 090/114] KVM: arm64: Set SCTLR_EL2.DSSBS if SSBD is forcefully disabled and !vhe Date: Thu, 10 Oct 2019 10:36:37 +0200 Message-Id: <20191010083612.834026878@linuxfoundation.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191010083544.711104709@linuxfoundation.org> References: <20191010083544.711104709@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon [ Upstream commit 7c36447ae5a090729e7b129f24705bb231a07e0b ] When running without VHE, it is necessary to set SCTLR_EL2.DSSBS if SSBD has been forcefully disabled on the kernel command-line. Acked-by: Christoffer Dall Signed-off-by: Will Deacon Signed-off-by: Catalin Marinas Signed-off-by: Ard Biesheuvel Signed-off-by: Greg Kroah-Hartman --- arch/arm64/include/asm/kvm_host.h | 11 +++++++++++ arch/arm64/kvm/hyp/sysreg-sr.c | 11 +++++++++++ 2 files changed, 22 insertions(+) --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -398,6 +398,8 @@ struct kvm_vcpu *kvm_mpidr_to_vcpu(struc DECLARE_PER_CPU(kvm_cpu_context_t, kvm_host_cpu_state); +void __kvm_enable_ssbs(void); + static inline void __cpu_init_hyp_mode(phys_addr_t pgd_ptr, unsigned long hyp_stack_ptr, unsigned long vector_ptr) @@ -418,6 +420,15 @@ static inline void __cpu_init_hyp_mode(p */ BUG_ON(!static_branch_likely(&arm64_const_caps_ready)); __kvm_call_hyp((void *)pgd_ptr, hyp_stack_ptr, vector_ptr, tpidr_el2); + + /* + * Disabling SSBD on a non-VHE system requires us to enable SSBS + * at EL2. + */ + if (!has_vhe() && this_cpu_has_cap(ARM64_SSBS) && + arm64_get_ssbd_state() == ARM64_SSBD_FORCE_DISABLE) { + kvm_call_hyp(__kvm_enable_ssbs); + } } static inline bool kvm_arch_check_sve_has_vhe(void) --- a/arch/arm64/kvm/hyp/sysreg-sr.c +++ b/arch/arm64/kvm/hyp/sysreg-sr.c @@ -293,3 +293,14 @@ void kvm_vcpu_put_sysregs(struct kvm_vcp vcpu->arch.sysregs_loaded_on_cpu = false; } + +void __hyp_text __kvm_enable_ssbs(void) +{ + u64 tmp; + + asm volatile( + "mrs %0, sctlr_el2\n" + "orr %0, %0, %1\n" + "msr sctlr_el2, %0" + : "=&r" (tmp) : "L" (SCTLR_ELx_DSSBS)); +} From patchwork Thu Oct 10 08:36:39 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 175729 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp1984567ill; Thu, 10 Oct 2019 01:49:46 -0700 (PDT) X-Google-Smtp-Source: APXvYqyrhxjXjCMov/z3jTNw1YqNnxx0muT7LCptLFh1pAje94yaAqSvuWvgWSdxFSFg0o6/AJah X-Received: by 2002:a50:cbcd:: with SMTP id l13mr6979114edi.18.1570697386851; Thu, 10 Oct 2019 01:49:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570697386; cv=none; d=google.com; s=arc-20160816; b=G+syXxeTnUhAy9VxMKii4788mZf/CboVkACd0yd167JqVYaOvZzxKHR4cvIiOq1iq6 ocj8TjxeYZ3D21MU2jFb4++9Um4ed/0yzQCvdbkVelQsd0/moAimgm8y1dJRuJ66NpYh JNlTJ6Fme8SQVTNnTg8z40qUSjBmkU5zYV54sNWyOMFxcNiqreoPNsxAH40iF404arNQ TdIe+fmElGlzAQL+2gv2CH7obbBsdubyXc4GiueXlfKsx/uBQuVUO3hmbPVGmtrhNYR0 qae1wqewuMiHSHUgcWeXYqQqNp87BlY/5C6zzunfkwuuyqpojVIlpjt5OLmKTXZ7bjaX P7WA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=DPWjoIvMfPUdpBvyn3VyfSXEUJnbkiRamQ1oydr3Kg0=; b=JSSUUUXyjcUMJEoU5ZG/93NQmHZUw+FSQdKmOoQDcE8gYx1r87egnPRzq5gAq15mcx YAMNeM5ll7lGFGi19kxeow1iPb2Z3fp4bS51+N9JoqirCKPqOhgP23F+CKIdjxcOHz02 3fSDDdNrUu0lYeihWc0TaIkI9En8xQGQeCMSZaG2k1ltCTmGSHFAPhzZQokE27j6rGk0 f05dD8VcE5Hj4NNvjZ8vtSm0o8X9oSnCS/m5gsql+HbAyrpTsXyurdwyqQ/UqaCTmEEG wyEuAP4gLJmV2/2WwzRHTFbXD3Rkv4tyYjWaLh+5h73ZjzI1kueA3RHOaqC0bGHSFYCT Qa+A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="H5m/ljzz"; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m24si2573831ejx.286.2019.10.10.01.49.46; Thu, 10 Oct 2019 01:49:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="H5m/ljzz"; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389848AbfJJItm (ORCPT + 13 others); Thu, 10 Oct 2019 04:49:42 -0400 Received: from mail.kernel.org ([198.145.29.99]:56414 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389843AbfJJItm (ORCPT ); Thu, 10 Oct 2019 04:49:42 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id BEC562064A; Thu, 10 Oct 2019 08:49:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1570697381; bh=uJMfqKzJmIl0AHWLDzSnls3gFjyu1Z+VHOUsfZ8MtdI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=H5m/ljzzYCiUWnQBq+oJ4e+HRidQZ2EjXhhy/8Vqx5dciuQ0jZfzf1nmWC9cYolNq OSjasseeR9Oyyzfd0FUz+gQW8pCLBp+iCsCYvpLq2h46PjvmzRgjHjfy+IytkMS4BO it7N9ZOMNUzYSeX4vBFvtHLjrVSZtQh6CHOxu9e8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Mark Rutland , Catalin Marinas , Suzuki K Poulose , Will Deacon , Ard Biesheuvel Subject: [PATCH 4.19 092/114] arm64: fix SSBS sanitization Date: Thu, 10 Oct 2019 10:36:39 +0200 Message-Id: <20191010083612.970579789@linuxfoundation.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191010083544.711104709@linuxfoundation.org> References: <20191010083544.711104709@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Mark Rutland [ Upstream commit f54dada8274643e3ff4436df0ea124aeedc43cae ] In valid_user_regs() we treat SSBS as a RES0 bit, and consequently it is unexpectedly cleared when we restore a sigframe or fiddle with GPRs via ptrace. This patch fixes valid_user_regs() to account for this, updating the function to refer to the latest ARM ARM (ARM DDI 0487D.a). For AArch32 tasks, SSBS appears in bit 23 of SPSR_EL1, matching its position in the AArch32-native PSR format, and we don't need to translate it as we have to for DIT. There are no other bit assignments that we need to account for today. As the recent documentation describes the DIT bit, we can drop our comment regarding DIT. While removing SSBS from the RES0 masks, existing inconsistent whitespace is corrected. Fixes: d71be2b6c0e19180 ("arm64: cpufeature: Detect SSBS and advertise to userspace") Signed-off-by: Mark Rutland Cc: Catalin Marinas Cc: Suzuki K Poulose Cc: Will Deacon Signed-off-by: Will Deacon Signed-off-by: Ard Biesheuvel Signed-off-by: Greg Kroah-Hartman --- arch/arm64/kernel/ptrace.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -1666,19 +1666,20 @@ void syscall_trace_exit(struct pt_regs * } /* - * SPSR_ELx bits which are always architecturally RES0 per ARM DDI 0487C.a - * We also take into account DIT (bit 24), which is not yet documented, and - * treat PAN and UAO as RES0 bits, as they are meaningless at EL0, and may be - * allocated an EL0 meaning in future. + * SPSR_ELx bits which are always architecturally RES0 per ARM DDI 0487D.a. + * We permit userspace to set SSBS (AArch64 bit 12, AArch32 bit 23) which is + * not described in ARM DDI 0487D.a. + * We treat PAN and UAO as RES0 bits, as they are meaningless at EL0, and may + * be allocated an EL0 meaning in future. * Userspace cannot use these until they have an architectural meaning. * Note that this follows the SPSR_ELx format, not the AArch32 PSR format. * We also reserve IL for the kernel; SS is handled dynamically. */ #define SPSR_EL1_AARCH64_RES0_BITS \ - (GENMASK_ULL(63,32) | GENMASK_ULL(27, 25) | GENMASK_ULL(23, 22) | \ - GENMASK_ULL(20, 10) | GENMASK_ULL(5, 5)) + (GENMASK_ULL(63, 32) | GENMASK_ULL(27, 25) | GENMASK_ULL(23, 22) | \ + GENMASK_ULL(20, 13) | GENMASK_ULL(11, 10) | GENMASK_ULL(5, 5)) #define SPSR_EL1_AARCH32_RES0_BITS \ - (GENMASK_ULL(63,32) | GENMASK_ULL(23, 22) | GENMASK_ULL(20,20)) + (GENMASK_ULL(63, 32) | GENMASK_ULL(22, 22) | GENMASK_ULL(20, 20)) static int valid_compat_regs(struct user_pt_regs *regs) { From patchwork Thu Oct 10 08:36:44 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 175720 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp1983571ill; Thu, 10 Oct 2019 01:48:39 -0700 (PDT) X-Google-Smtp-Source: APXvYqz5q8lhl2z0SJmcCMfuSfDJoNeToIE6iPPc787Oeun1r52RZQAcPYo5F3yqV1C7yYvhAHLb X-Received: by 2002:a05:6402:650:: with SMTP id u16mr7020852edx.211.1570697319861; Thu, 10 Oct 2019 01:48:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570697319; cv=none; d=google.com; s=arc-20160816; b=vgLyS0x8yiiMdsjfvprOI/yh13wHZfAZuZQx3cEqYXD12hd7L2wYCyIQ5Xq18EzdUM Vn3k3930DCiWtgKcH6ditt9VpvkdBivrK91ifkaG7mUgepQCIJ3rhtcSCRYtLyz+HwoY Z2Rg3RItoBVIJP+927yxF9Ef7Po0oCfZcY9CdbLX/if93XzdJNsrahlsMZxNLTuZ5TMd AdgCpywiXZ441qO9d6e/MyCgV1HzeNLXH9QtAoXRZnp4LiotFa2lVQB6Q+9wXegRLuaT /AMd+UFqFLpmzssujvVd7YZUUyEzH3cH3PZwDIkn3q2gTtcrbObisKVPTe0pw8zafug9 nmmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=umZi/tPbkdK75xzt7P+xnhytk2AJE6QrZ9qsHwjTvug=; b=0K90FQKjf0RhJZ4wCh61fncs1QT0dpVZwFapKm6C4CvEBhD6ObXCZTbuUDVSycZ+F9 dJbraIINq9IZa/SQa34hRBnz70K3+Soyw3Xk1D96y4mnOoJvp6/+2qma9MUVGPTrtoQR UdkTkDswW8HAE7QNeFSYjy8JZI0XaWHtqGvtUIqpx76oPTnrvs5RMVGUMSe8EEhEnEOc HhY+Nfytt+9kHIdkur63MKQU4AHCVxdjRWcE/bsUpel0fXHRC/Eick0PvLl0eUKT41GX TEWEpk15uriEN2En4BbQlyh6cX+U5nF2l/AYqK69iSF35FFz5mtSlW+HPRg08VfG+vbt 3wcQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=iJkcT+Dg; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id si30si2807785ejb.92.2019.10.10.01.48.39; Thu, 10 Oct 2019 01:48:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=iJkcT+Dg; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387896AbfJJIsf (ORCPT + 13 others); Thu, 10 Oct 2019 04:48:35 -0400 Received: from mail.kernel.org ([198.145.29.99]:54788 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389658AbfJJIse (ORCPT ); Thu, 10 Oct 2019 04:48:34 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 7F784208C3; Thu, 10 Oct 2019 08:48:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1570697313; bh=4jbZCZ8oCBzOUrTMKx+74Dexkyj4kfRpRIGLN0rEjmc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=iJkcT+Dg1vW7lj80N7aFhcRb3sFQDen8O6inhgjBwytA1s5ANu6arEII9sjOY+DlM rLHkOiZwqRxnoHau3Gn3pnAolNLsk5Kkln1sfWjt+M1fQflhvtO3P+ngwHiTX1Jpoa 0yWso3NtVvFdBlQhCRHIwBVPCyVUl2uflzFlu+Pw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jeremy Linton , Suzuki K Poulose , Andre Przywara , Catalin Marinas , Stefan Wahren , Jonathan Corbet , linux-doc@vger.kernel.org, Will Deacon , Ard Biesheuvel Subject: [PATCH 4.19 097/114] arm64: Provide a command line to disable spectre_v2 mitigation Date: Thu, 10 Oct 2019 10:36:44 +0200 Message-Id: <20191010083613.292731617@linuxfoundation.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191010083544.711104709@linuxfoundation.org> References: <20191010083544.711104709@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jeremy Linton [ Upstream commit e5ce5e7267ddcbe13ab9ead2542524e1b7993e5a ] There are various reasons, such as benchmarking, to disable spectrev2 mitigation on a machine. Provide a command-line option to do so. Signed-off-by: Jeremy Linton Reviewed-by: Suzuki K Poulose Reviewed-by: Andre Przywara Reviewed-by: Catalin Marinas Tested-by: Stefan Wahren Cc: Jonathan Corbet Cc: linux-doc@vger.kernel.org Signed-off-by: Will Deacon Signed-off-by: Ard Biesheuvel Signed-off-by: Greg Kroah-Hartman --- Documentation/admin-guide/kernel-parameters.txt | 8 ++++---- arch/arm64/kernel/cpu_errata.c | 13 +++++++++++++ 2 files changed, 17 insertions(+), 4 deletions(-) --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -2866,10 +2866,10 @@ (bounds check bypass). With this option data leaks are possible in the system. - nospectre_v2 [X86,PPC_FSL_BOOK3E] Disable all mitigations for the Spectre variant 2 - (indirect branch prediction) vulnerability. System may - allow data leaks with this option, which is equivalent - to spectre_v2=off. + nospectre_v2 [X86,PPC_FSL_BOOK3E,ARM64] Disable all mitigations for + the Spectre variant 2 (indirect branch prediction) + vulnerability. System may allow data leaks with this + option. nospec_store_bypass_disable [HW] Disable all mitigations for the Speculative Store Bypass vulnerability --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -189,6 +189,14 @@ static void qcom_link_stack_sanitization : "=&r" (tmp)); } +static bool __nospectre_v2; +static int __init parse_nospectre_v2(char *str) +{ + __nospectre_v2 = true; + return 0; +} +early_param("nospectre_v2", parse_nospectre_v2); + static void enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) { @@ -200,6 +208,11 @@ enable_smccc_arch_workaround_1(const str if (!entry->matches(entry, SCOPE_LOCAL_CPU)) return; + if (__nospectre_v2) { + pr_info_once("spectrev2 mitigation disabled by command line option\n"); + return; + } + if (psci_ops.smccc_version == SMCCC_VERSION_1_0) return; From patchwork Thu Oct 10 08:36:45 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 175733 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp1990131ill; Thu, 10 Oct 2019 01:56:05 -0700 (PDT) X-Google-Smtp-Source: APXvYqxnkPbZCAi3R72ukMquEnxbFte/2645R5eBZhqgFekEXuS8zekvmBoGEjlKK8DGql1xXnkR X-Received: by 2002:aa7:d145:: with SMTP id r5mr6885402edo.275.1570697765702; Thu, 10 Oct 2019 01:56:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570697765; cv=none; d=google.com; s=arc-20160816; b=z8PiwJCHAJ87iLcdYTgy48pvNgyLKySKd5mwrDI3B8HBCeAurmaOMp4uqUKSioj7Um kQ6k0QzpZ4ntOh/UU0AcBK6LoXGCP5EZdtvgoMqspoZc8lG+fLnKc9+EQMthSk2QTSlP srNLueCVK3tqxylBLq8bD80AhFFhtDDPRbZUIXebU9r1GzwsVXRZZQT23CHFsxbMqL6T +ptbBRDSweRDcGQ65oahSatrVTB8sD7YENKcAJTFjbLhUDXQdsLeuvnp/fOUhIvLCi37 joaKaZbSSPz/oK1EmGTHnM0jt/8R49Aso5dZ1zZPkmvutzCLd0FyemE7z8bKkKS4EJSK lX2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=jC79M4RlfMevKUaSl4W5G60mlf70J6fEczkE12Zohq0=; b=hTSAbzFEjNqK0pPdFqa8d823zzgNcNxYuP/q6F4F/EatUZzQF7xdVSEZPcqj4HuK9B 7gtJvL0EBG6thA1IOiVZL93lLvFAJ2hNV9FodPQWgeZ2Hswd9hatrZOEf2ZtE7oWtiNy Iyiku47XvzYEqwUPaZw8QC+Hgzh5+ZoM/Uxhhp8AhJ3Tu0SPYz9UmjW54sYhV7+TRdWO mqXcETeKWMew6iYnLsa52IkribdnybUTDk9o8Bt/lcnW7eAZ3un2aj9UZ8UDlKtr1i6K h2gKx7P2hiDUMAwbC6tYHGnueF31Q/z8uQpapbnz6nIN0nwTgdrbQQ0VWxuwXJXfRlEk DMfg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=S77g7MFM; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q4si2767001ejb.136.2019.10.10.01.56.05; Thu, 10 Oct 2019 01:56:05 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=S77g7MFM; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388194AbfJJI4D (ORCPT + 13 others); Thu, 10 Oct 2019 04:56:03 -0400 Received: from mail.kernel.org ([198.145.29.99]:54868 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389674AbfJJIsh (ORCPT ); Thu, 10 Oct 2019 04:48:37 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 0C7EF218AC; Thu, 10 Oct 2019 08:48:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1570697315; bh=4+ddVrSlwKEXvHJR9TXUtVJv03PE9mTWulwBohgF+iE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=S77g7MFM0uw3xzeRJW4dgLxcF1HRSz6vVUtcMwhSt1GdxOMo7LAflk44Y97sR0Vxg /Sb6cK6NPvEk8z3cMRjNciAH7kmiJPQItwrrTfGQuT6PTWpvFllM9UVZU6h6iMDt55 jcDVRH3Zm06v+J6qLI/ar0fIYXKZBYiO4YQAeBNY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Marc Zyngier , Jeremy Linton , Andre Przywara , Suzuki K Poulose , Catalin Marinas , Stefan Wahren , Will Deacon , Ard Biesheuvel Subject: [PATCH 4.19 098/114] arm64: Advertise mitigation of Spectre-v2, or lack thereof Date: Thu, 10 Oct 2019 10:36:45 +0200 Message-Id: <20191010083613.354710166@linuxfoundation.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191010083544.711104709@linuxfoundation.org> References: <20191010083544.711104709@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Marc Zyngier [ Upstream commit 73f38166095947f3b86b02fbed6bd592223a7ac8 ] We currently have a list of CPUs affected by Spectre-v2, for which we check that the firmware implements ARCH_WORKAROUND_1. It turns out that not all firmwares do implement the required mitigation, and that we fail to let the user know about it. Instead, let's slightly revamp our checks, and rely on a whitelist of cores that are known to be non-vulnerable, and let the user know the status of the mitigation in the kernel log. Signed-off-by: Marc Zyngier Signed-off-by: Jeremy Linton Reviewed-by: Andre Przywara Reviewed-by: Suzuki K Poulose Reviewed-by: Catalin Marinas Tested-by: Stefan Wahren Signed-off-by: Will Deacon Signed-off-by: Ard Biesheuvel Signed-off-by: Greg Kroah-Hartman --- arch/arm64/kernel/cpu_errata.c | 109 +++++++++++++++++++++-------------------- 1 file changed, 56 insertions(+), 53 deletions(-) --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -109,9 +109,9 @@ static void __copy_hyp_vect_bpi(int slot __flush_icache_range((uintptr_t)dst, (uintptr_t)dst + SZ_2K); } -static void __install_bp_hardening_cb(bp_hardening_cb_t fn, - const char *hyp_vecs_start, - const char *hyp_vecs_end) +static void install_bp_hardening_cb(bp_hardening_cb_t fn, + const char *hyp_vecs_start, + const char *hyp_vecs_end) { static DEFINE_SPINLOCK(bp_lock); int cpu, slot = -1; @@ -138,7 +138,7 @@ static void __install_bp_hardening_cb(bp #define __smccc_workaround_1_smc_start NULL #define __smccc_workaround_1_smc_end NULL -static void __install_bp_hardening_cb(bp_hardening_cb_t fn, +static void install_bp_hardening_cb(bp_hardening_cb_t fn, const char *hyp_vecs_start, const char *hyp_vecs_end) { @@ -146,23 +146,6 @@ static void __install_bp_hardening_cb(bp } #endif /* CONFIG_KVM_INDIRECT_VECTORS */ -static void install_bp_hardening_cb(const struct arm64_cpu_capabilities *entry, - bp_hardening_cb_t fn, - const char *hyp_vecs_start, - const char *hyp_vecs_end) -{ - u64 pfr0; - - if (!entry->matches(entry, SCOPE_LOCAL_CPU)) - return; - - pfr0 = read_cpuid(ID_AA64PFR0_EL1); - if (cpuid_feature_extract_unsigned_field(pfr0, ID_AA64PFR0_CSV2_SHIFT)) - return; - - __install_bp_hardening_cb(fn, hyp_vecs_start, hyp_vecs_end); -} - #include #include #include @@ -197,31 +180,27 @@ static int __init parse_nospectre_v2(cha } early_param("nospectre_v2", parse_nospectre_v2); -static void -enable_smccc_arch_workaround_1(const struct arm64_cpu_capabilities *entry) +/* + * -1: No workaround + * 0: No workaround required + * 1: Workaround installed + */ +static int detect_harden_bp_fw(void) { bp_hardening_cb_t cb; void *smccc_start, *smccc_end; struct arm_smccc_res res; u32 midr = read_cpuid_id(); - if (!entry->matches(entry, SCOPE_LOCAL_CPU)) - return; - - if (__nospectre_v2) { - pr_info_once("spectrev2 mitigation disabled by command line option\n"); - return; - } - if (psci_ops.smccc_version == SMCCC_VERSION_1_0) - return; + return -1; switch (psci_ops.conduit) { case PSCI_CONDUIT_HVC: arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, ARM_SMCCC_ARCH_WORKAROUND_1, &res); if ((int)res.a0 < 0) - return; + return -1; cb = call_hvc_arch_workaround_1; /* This is a guest, no need to patch KVM vectors */ smccc_start = NULL; @@ -232,23 +211,23 @@ enable_smccc_arch_workaround_1(const str arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, ARM_SMCCC_ARCH_WORKAROUND_1, &res); if ((int)res.a0 < 0) - return; + return -1; cb = call_smc_arch_workaround_1; smccc_start = __smccc_workaround_1_smc_start; smccc_end = __smccc_workaround_1_smc_end; break; default: - return; + return -1; } if (((midr & MIDR_CPU_MODEL_MASK) == MIDR_QCOM_FALKOR) || ((midr & MIDR_CPU_MODEL_MASK) == MIDR_QCOM_FALKOR_V1)) cb = qcom_link_stack_sanitization; - install_bp_hardening_cb(entry, cb, smccc_start, smccc_end); + install_bp_hardening_cb(cb, smccc_start, smccc_end); - return; + return 1; } #endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */ @@ -535,24 +514,48 @@ multi_entry_cap_cpu_enable(const struct } #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR - /* - * List of CPUs where we need to issue a psci call to - * harden the branch predictor. + * List of CPUs that do not need any Spectre-v2 mitigation at all. */ -static const struct midr_range arm64_bp_harden_smccc_cpus[] = { - MIDR_ALL_VERSIONS(MIDR_CORTEX_A57), - MIDR_ALL_VERSIONS(MIDR_CORTEX_A72), - MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), - MIDR_ALL_VERSIONS(MIDR_CORTEX_A75), - MIDR_ALL_VERSIONS(MIDR_BRCM_VULCAN), - MIDR_ALL_VERSIONS(MIDR_CAVIUM_THUNDERX2), - MIDR_ALL_VERSIONS(MIDR_QCOM_FALKOR_V1), - MIDR_ALL_VERSIONS(MIDR_QCOM_FALKOR), - MIDR_ALL_VERSIONS(MIDR_NVIDIA_DENVER), - {}, +static const struct midr_range spectre_v2_safe_list[] = { + MIDR_ALL_VERSIONS(MIDR_CORTEX_A35), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A53), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A55), + { /* sentinel */ } }; +static bool __maybe_unused +check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope) +{ + int need_wa; + + WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible()); + + /* If the CPU has CSV2 set, we're safe */ + if (cpuid_feature_extract_unsigned_field(read_cpuid(ID_AA64PFR0_EL1), + ID_AA64PFR0_CSV2_SHIFT)) + return false; + + /* Alternatively, we have a list of unaffected CPUs */ + if (is_midr_in_range_list(read_cpuid_id(), spectre_v2_safe_list)) + return false; + + /* Fallback to firmware detection */ + need_wa = detect_harden_bp_fw(); + if (!need_wa) + return false; + + /* forced off */ + if (__nospectre_v2) { + pr_info_once("spectrev2 mitigation disabled by command line option\n"); + return false; + } + + if (need_wa < 0) + pr_warn_once("ARM_SMCCC_ARCH_WORKAROUND_1 missing from firmware\n"); + + return (need_wa > 0); +} #endif #ifdef CONFIG_HARDEN_EL2_VECTORS @@ -715,8 +718,8 @@ const struct arm64_cpu_capabilities arm6 #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR { .capability = ARM64_HARDEN_BRANCH_PREDICTOR, - .cpu_enable = enable_smccc_arch_workaround_1, - ERRATA_MIDR_RANGE_LIST(arm64_bp_harden_smccc_cpus), + .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, + .matches = check_branch_predictor, }, #endif #ifdef CONFIG_HARDEN_EL2_VECTORS From patchwork Thu Oct 10 08:36:46 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 175724 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp1983677ill; Thu, 10 Oct 2019 01:48:47 -0700 (PDT) X-Google-Smtp-Source: APXvYqzYovd3cXh7ND5q0r3JwuBcUmCFHtUGCJIXLmm/wMPBG9O03Q+TwU4xD4Y7WnJ0rc4R7OZ6 X-Received: by 2002:a17:906:688:: with SMTP id u8mr7150975ejb.208.1570697326983; Thu, 10 Oct 2019 01:48:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570697326; cv=none; d=google.com; s=arc-20160816; b=jfnrFemvt8OVG7EJk+w4JuR06NOvu0RRnpzmyfVYamDWB6LqEvSps+5P/sj4biXcON QkIINbxMdVwvtLIkX1dscdwuwSvJqGmSTm5L6WbxyNPI6u5z76f4zNiXBlWRGIJ+JDVx 46e+pApoqleXhJAYZhCnxzLMYTjTMF6kQg9uCAvv9MHNBAjwBhGrI11t25j86au3YRWE k1gY5PcQPcYBu934dWUPGbd4ROWQFRe733C7oKqpOZgUrKWmyUbRBRv9zMrf4xW+xwin TeMnrYtZXBBx0frShrEibb98RxcWo35+RoQ65GoayBcZOT+M05uzzQQBhxU1XuThXntd nGqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=cIHPNYi0Jk/gwDW5W5ck3Mz2tlCIgfm7mqI7RGEOd/o=; b=VMSDtRvDTAcpPacrbaqpaSXIjhk+5aDMhMuHvRb7zaH0BWxWHGjPgmK7A32ACry4gO slA0XwWE5w2Q85FROqEnKf66B6ed6SXWjWGrYisNqpydlslyq6AmgqfBD6rNRDaWR6cR 7AVhUlMY83QJSqUEyl+XT+DdRtuzgKICj6z8KYIXVAG5vuOqNOAed7cz2gpsGpC8yh9Q YBxMPxMun+BEDIGBL8eqUvtHT6R3vbrHZ0ZCkIZid8AV4/De1Zv56imT/qnExV5LedyB dSgUEja8JoP1vIZ/bg35sdnoQm71LnHqmMSSXZYrkEPbYRLqebAiySYhkBMEv4RwKoY/ qT2g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Qmy6nPyi; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z9si3135090edz.77.2019.10.10.01.48.46; Thu, 10 Oct 2019 01:48:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Qmy6nPyi; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389691AbfJJIso (ORCPT + 13 others); Thu, 10 Oct 2019 04:48:44 -0400 Received: from mail.kernel.org ([198.145.29.99]:54916 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389680AbfJJIsk (ORCPT ); Thu, 10 Oct 2019 04:48:40 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 1006D2064A; Thu, 10 Oct 2019 08:48:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1570697318; bh=FmzEMjZSelSMOSQZgp2rUdO+aFnsDCvFmd1Q5Ugd5d4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Qmy6nPyi3kVlrkk2x0+Jdm8yqPjfJeBHPyLwqoBNtjO4FT/wrtk+4nbPU9dLRyHeo ZrYgtCPDGh749AZN2tCAUNougzAlFC+t5j3ibFSS7dDKFSK15ZV7gkF+nPkuFUO99g ZBP/6MFO0OPYoVwUJL1cGi0nGO/fuHZ3xbmf7ul0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jeremy Linton , Andre Przywara , Catalin Marinas , Stefan Wahren , Will Deacon , Ard Biesheuvel Subject: [PATCH 4.19 099/114] arm64: Always enable spectre-v2 vulnerability detection Date: Thu, 10 Oct 2019 10:36:46 +0200 Message-Id: <20191010083613.410310738@linuxfoundation.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191010083544.711104709@linuxfoundation.org> References: <20191010083544.711104709@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jeremy Linton [ Upstream commit 8c1e3d2bb44cbb998cb28ff9a18f105fee7f1eb3 ] Ensure we are always able to detect whether or not the CPU is affected by Spectre-v2, so that we can later advertise this to userspace. Signed-off-by: Jeremy Linton Reviewed-by: Andre Przywara Reviewed-by: Catalin Marinas Tested-by: Stefan Wahren Signed-off-by: Will Deacon Signed-off-by: Ard Biesheuvel Signed-off-by: Greg Kroah-Hartman --- arch/arm64/kernel/cpu_errata.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -87,7 +87,6 @@ cpu_enable_trap_ctr_access(const struct atomic_t arm64_el2_vector_last_slot = ATOMIC_INIT(-1); -#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR #include #include @@ -225,11 +224,11 @@ static int detect_harden_bp_fw(void) ((midr & MIDR_CPU_MODEL_MASK) == MIDR_QCOM_FALKOR_V1)) cb = qcom_link_stack_sanitization; - install_bp_hardening_cb(cb, smccc_start, smccc_end); + if (IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR)) + install_bp_hardening_cb(cb, smccc_start, smccc_end); return 1; } -#endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */ DEFINE_PER_CPU_READ_MOSTLY(u64, arm64_ssbd_callback_required); @@ -513,7 +512,6 @@ multi_entry_cap_cpu_enable(const struct caps->cpu_enable(caps); } -#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR /* * List of CPUs that do not need any Spectre-v2 mitigation at all. */ @@ -545,6 +543,12 @@ check_branch_predictor(const struct arm6 if (!need_wa) return false; + if (!IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR)) { + pr_warn_once("spectrev2 mitigation disabled by kernel configuration\n"); + __hardenbp_enab = false; + return false; + } + /* forced off */ if (__nospectre_v2) { pr_info_once("spectrev2 mitigation disabled by command line option\n"); @@ -556,7 +560,6 @@ check_branch_predictor(const struct arm6 return (need_wa > 0); } -#endif #ifdef CONFIG_HARDEN_EL2_VECTORS @@ -715,13 +718,11 @@ const struct arm64_cpu_capabilities arm6 ERRATA_MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), }, #endif -#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR { .capability = ARM64_HARDEN_BRANCH_PREDICTOR, .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, .matches = check_branch_predictor, }, -#endif #ifdef CONFIG_HARDEN_EL2_VECTORS { .desc = "EL2 vector hardening", From patchwork Thu Oct 10 08:36:47 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 175722 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp1983672ill; Thu, 10 Oct 2019 01:48:46 -0700 (PDT) X-Google-Smtp-Source: APXvYqyWeVUDXh9GLe5SyL7QSSrn/y6XcbUj9SJ4blX8JMKvIeAsjMggo7MZTu0ypJ6Lq3DbBtuU X-Received: by 2002:a17:906:d29a:: with SMTP id ay26mr7001790ejb.21.1570697326623; Thu, 10 Oct 2019 01:48:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570697326; cv=none; d=google.com; s=arc-20160816; b=mu9SVHv+3/PK2wFQ2DExAFcjQbEl9TwvccPjlPVYSEGiAZlPCDwu7xqKV7dvSL03vz akumN/kY8nUfpveBDKFfQk639eSFZWmpFFpsCs/TZmmbX36Cwxk2z+0qZZUic0HvL/uY G5SwmvXPlc0AtYbyTHQ15Q/fn6w/j/elBpSNwHGwQVdV5UiFWFvmIElIVSTceV2O7nux rTL/EQ2el6O3jYJyVkBxDDRb/Imys5r+hw5LXWHDEFpjBlTgagdvUqESDxbeBnBazkpf RFAYT2wBHLoFtXFO0Pt+Z3OFfFO5nVVNz75t7BnJao6RRCp/T8Av+wuWDTD0mS0FLRWm s7jA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Ig55dqOQyI+1xR+g16mymG0mITKpRtWUSWiqYJnb3cM=; b=bIGyWCUZLeDWEDwzuroZqX48vKAIYpPsEqH9XffYBjTRwU7gkUwBiBrv2l2q4L7VGN Z92Ity9CXViCAOhN8bNtEW7moZIOnkmyEt/tGZrfxC/I0EXnGCSwsM2787OvJ6oX0stm Kj1ZLO1ladEs86zsOfnhtkh0RElj5CsOkR9YVI1kHJGiwmEXfTySg9FGMQAC/Gang3SM 10pN7Zl8wvL2rmT4tWTObZdHqeYrnTV2CVM0a/sLD/c2i2SGSdhNTzEGUb6VIFC5i5qx I3pdPAKTvqz+upp58d6uKwIfck3bQPRIkGAAXMBO+fp3SmLEv7n1N/9hXVyoBgYMBXNn QSDw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="siq/iEVa"; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z9si3135090edz.77.2019.10.10.01.48.46; Thu, 10 Oct 2019 01:48:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="siq/iEVa"; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389686AbfJJIsn (ORCPT + 13 others); Thu, 10 Oct 2019 04:48:43 -0400 Received: from mail.kernel.org ([198.145.29.99]:54970 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389157AbfJJIsm (ORCPT ); Thu, 10 Oct 2019 04:48:42 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B833121929; Thu, 10 Oct 2019 08:48:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1570697321; bh=IyVvloWswiwb0rHjj5ssPaCzfOBHQsDBo6CZ5n2dG7o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=siq/iEVaQlSVNtjn/p3JBKEpbkKzNDmrrbS7Dr4V1H7jjz8KRLH4VupRd166e8NFu Vwb73Y4t4AicllntYTo4FFd15md9UrqbGoHVjsb4/D99gUkNfK1Lf9rcs5a++o0PNI MqBk/LxYP9i3uN1NrsznUHgYLT6pOprpY7G/ahxs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jeremy Linton , Andre Przywara , Catalin Marinas , Stefan Wahren , Will Deacon , Ard Biesheuvel Subject: [PATCH 4.19 100/114] arm64: add sysfs vulnerability show for spectre-v2 Date: Thu, 10 Oct 2019 10:36:47 +0200 Message-Id: <20191010083613.477591447@linuxfoundation.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191010083544.711104709@linuxfoundation.org> References: <20191010083544.711104709@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jeremy Linton [ Upstream commit d2532e27b5638bb2e2dd52b80b7ea2ec65135377 ] Track whether all the cores in the machine are vulnerable to Spectre-v2, and whether all the vulnerable cores have been mitigated. We then expose this information to userspace via sysfs. Signed-off-by: Jeremy Linton Reviewed-by: Andre Przywara Reviewed-by: Catalin Marinas Tested-by: Stefan Wahren Signed-off-by: Will Deacon Signed-off-by: Ard Biesheuvel Signed-off-by: Greg Kroah-Hartman --- arch/arm64/kernel/cpu_errata.c | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -480,6 +480,10 @@ has_cortex_a76_erratum_1463225(const str .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, \ CAP_MIDR_RANGE_LIST(midr_list) +/* Track overall mitigation state. We are only mitigated if all cores are ok */ +static bool __hardenbp_enab = true; +static bool __spectrev2_safe = true; + /* * Generic helper for handling capabilties with multiple (match,enable) pairs * of call backs, sharing the same capability bit. @@ -522,6 +526,10 @@ static const struct midr_range spectre_v { /* sentinel */ } }; +/* + * Track overall bp hardening for all heterogeneous cores in the machine. + * We are only considered "safe" if all booted cores are known safe. + */ static bool __maybe_unused check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope) { @@ -543,6 +551,8 @@ check_branch_predictor(const struct arm6 if (!need_wa) return false; + __spectrev2_safe = false; + if (!IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR)) { pr_warn_once("spectrev2 mitigation disabled by kernel configuration\n"); __hardenbp_enab = false; @@ -552,11 +562,14 @@ check_branch_predictor(const struct arm6 /* forced off */ if (__nospectre_v2) { pr_info_once("spectrev2 mitigation disabled by command line option\n"); + __hardenbp_enab = false; return false; } - if (need_wa < 0) + if (need_wa < 0) { pr_warn_once("ARM_SMCCC_ARCH_WORKAROUND_1 missing from firmware\n"); + __hardenbp_enab = false; + } return (need_wa > 0); } @@ -753,3 +766,15 @@ ssize_t cpu_show_spectre_v1(struct devic { return sprintf(buf, "Mitigation: __user pointer sanitization\n"); } + +ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, + char *buf) +{ + if (__spectrev2_safe) + return sprintf(buf, "Not affected\n"); + + if (__hardenbp_enab) + return sprintf(buf, "Mitigation: Branch predictor hardening\n"); + + return sprintf(buf, "Vulnerable\n"); +} From patchwork Thu Oct 10 08:36:48 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 175723 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp1983684ill; Thu, 10 Oct 2019 01:48:47 -0700 (PDT) X-Google-Smtp-Source: APXvYqxzWH5xtlwaI/sk4Sd7CtG6iPR86el9j4fgdea8V/Ao9vqn6VV44k8CsqyOa/EO3EoxNhHq X-Received: by 2002:a17:906:d971:: with SMTP id rp17mr7140238ejb.42.1570697327342; Thu, 10 Oct 2019 01:48:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570697327; cv=none; d=google.com; s=arc-20160816; b=HGq/faeA38iNQHzK5fpSm2GIQR1kKWIpP7NEa9BucBjt45hfqAG79jOSGUxP6oe68K gRtDwOGak3flHuUAl3T6yRFL4d5jzqwIhYAkN9Jz1lxjmPGYLYptPGXE7SpVJlM8SUFf pVgg075GuZt5FwvAU4H9p5gL0q461vEcB0nQFTbKbPZJNqa+Gi3nkMNJ43dv3lIiAG1s dnMZrdNYcIrtdlKHaHqAF6zVjwduEHCaVBs3g2btIpcClEIngmN4/Dv+RpBX2vBYO6XE C7nVUUgwbS+n28DOtK96sg+FXNw4F1YFtsq6TjXNoY8UtikG6cfluGrK+QsaAhK1flDL 8M2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=6koY/mqbOnCnz7mdJEupioKIlVgbRaKC+u6kUI4ySc8=; b=LPMErM9jpUkzrJmTJ+XXFoWT+RSm78eQjRgItmOyW8L7iWoM+e9clRztVPBcrwqJZr JKI6E9fGiATW6c0zoTOZbjjKsubTtOtW/eb22aUFXN4hvujig7rH8owBRuYM2HBts25D w0IAV65Q1xAjauAhpClxugIbEfZsFVBP7PiIHiGvk5f2p7eviN8oXP29I9FKeX0DzVZs T2a0ZoH81Tch90e9VHfR1mtiociysqXRiTigH0mpNmCiAb2rQDfLt61Wcyr+D5c5jAkx cwdxHTAY39JrAPfq5nhweWNCBnm6jqiFfDHyAE96fNpwJjFsabhu9wF0IXBGoEtN8OhB +1jQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="QRYg/2yN"; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z9si3135090edz.77.2019.10.10.01.48.47; Thu, 10 Oct 2019 01:48:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="QRYg/2yN"; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389696AbfJJIsq (ORCPT + 13 others); Thu, 10 Oct 2019 04:48:46 -0400 Received: from mail.kernel.org ([198.145.29.99]:55038 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387657AbfJJIsp (ORCPT ); Thu, 10 Oct 2019 04:48:45 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 85A192064A; Thu, 10 Oct 2019 08:48:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1570697324; bh=JTeskSJEsytwnsbhj0g3kb2jBcSdMn7bs2/OemONbdE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=QRYg/2yNrBa1fcpxo1+U0m+F1ucdiKufH2wm27F+f8WV5h4iJ6637p2LrRNeTi3KE /7Mpfmj5u/KCDiw3uIklHH0akNiRIZN+5vnRkbRS1zUPTVnZTpV78GsYioTnNzS5uc OG/NZGGviUTYO1QpSQP/6LvG9Zdlda29GrG97c4U= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Stefan Wahren , Jeremy Linton , Will Deacon Subject: [PATCH 4.19 101/114] arm64: add sysfs vulnerability show for speculative store bypass Date: Thu, 10 Oct 2019 10:36:48 +0200 Message-Id: <20191010083613.546505028@linuxfoundation.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191010083544.711104709@linuxfoundation.org> References: <20191010083544.711104709@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jeremy Linton [ Upstream commit 526e065dbca6df0b5a130b84b836b8b3c9f54e21 ] Return status based on ssbd_state and __ssb_safe. If the mitigation is disabled, or the firmware isn't responding then return the expected machine state based on a whitelist of known good cores. Given a heterogeneous machine, the overall machine vulnerability defaults to safe but is reset to unsafe when we miss the whitelist and the firmware doesn't explicitly tell us the core is safe. In order to make that work we delay transitioning to vulnerable until we know the firmware isn't responding to avoid a case where we miss the whitelist, but the firmware goes ahead and reports the core is not vulnerable. If all the cores in the machine have SSBS, then __ssb_safe will remain true. Tested-by: Stefan Wahren Signed-off-by: Jeremy Linton Signed-off-by: Will Deacon Signed-off-by: Greg Kroah-Hartman --- arch/arm64/kernel/cpu_errata.c | 42 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -233,6 +233,7 @@ static int detect_harden_bp_fw(void) DEFINE_PER_CPU_READ_MOSTLY(u64, arm64_ssbd_callback_required); int ssbd_state __read_mostly = ARM64_SSBD_KERNEL; +static bool __ssb_safe = true; static const struct ssbd_options { const char *str; @@ -336,6 +337,7 @@ static bool has_ssbd_mitigation(const st struct arm_smccc_res res; bool required = true; s32 val; + bool this_cpu_safe = false; WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible()); @@ -344,8 +346,14 @@ static bool has_ssbd_mitigation(const st goto out_printmsg; } + /* delay setting __ssb_safe until we get a firmware response */ + if (is_midr_in_range_list(read_cpuid_id(), entry->midr_range_list)) + this_cpu_safe = true; + if (psci_ops.smccc_version == SMCCC_VERSION_1_0) { ssbd_state = ARM64_SSBD_UNKNOWN; + if (!this_cpu_safe) + __ssb_safe = false; return false; } @@ -362,6 +370,8 @@ static bool has_ssbd_mitigation(const st default: ssbd_state = ARM64_SSBD_UNKNOWN; + if (!this_cpu_safe) + __ssb_safe = false; return false; } @@ -370,14 +380,18 @@ static bool has_ssbd_mitigation(const st switch (val) { case SMCCC_RET_NOT_SUPPORTED: ssbd_state = ARM64_SSBD_UNKNOWN; + if (!this_cpu_safe) + __ssb_safe = false; return false; + /* machines with mixed mitigation requirements must not return this */ case SMCCC_RET_NOT_REQUIRED: pr_info_once("%s mitigation not required\n", entry->desc); ssbd_state = ARM64_SSBD_MITIGATED; return false; case SMCCC_RET_SUCCESS: + __ssb_safe = false; required = true; break; @@ -387,6 +401,8 @@ static bool has_ssbd_mitigation(const st default: WARN_ON(1); + if (!this_cpu_safe) + __ssb_safe = false; return false; } @@ -427,6 +443,14 @@ out_printmsg: return required; } +/* known invulnerable cores */ +static const struct midr_range arm64_ssb_cpus[] = { + MIDR_ALL_VERSIONS(MIDR_CORTEX_A35), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A53), + MIDR_ALL_VERSIONS(MIDR_CORTEX_A55), + {}, +}; + #ifdef CONFIG_ARM64_ERRATUM_1463225 DEFINE_PER_CPU(int, __in_cortex_a76_erratum_1463225_wa); @@ -748,6 +772,7 @@ const struct arm64_cpu_capabilities arm6 .capability = ARM64_SSBD, .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, .matches = has_ssbd_mitigation, + .midr_range_list = arm64_ssb_cpus, }, #ifdef CONFIG_ARM64_ERRATUM_1463225 { @@ -778,3 +803,20 @@ ssize_t cpu_show_spectre_v2(struct devic return sprintf(buf, "Vulnerable\n"); } + +ssize_t cpu_show_spec_store_bypass(struct device *dev, + struct device_attribute *attr, char *buf) +{ + if (__ssb_safe) + return sprintf(buf, "Not affected\n"); + + switch (ssbd_state) { + case ARM64_SSBD_KERNEL: + case ARM64_SSBD_FORCE_ENABLE: + if (IS_ENABLED(CONFIG_ARM64_SSBD)) + return sprintf(buf, + "Mitigation: Speculative Store Bypass disabled via prctl\n"); + } + + return sprintf(buf, "Vulnerable\n"); +} From patchwork Thu Oct 10 08:36:49 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 175725 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp1983744ill; Thu, 10 Oct 2019 01:48:51 -0700 (PDT) X-Google-Smtp-Source: APXvYqzbScvvT+Jj42Fsq5b8xHPYPWc8LRvhTIQIUaS4oBV/dShIbpyJqLV7pap4NmilW7Ae14f8 X-Received: by 2002:a17:906:3ec8:: with SMTP id d8mr7005579ejj.57.1570697331733; Thu, 10 Oct 2019 01:48:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570697331; cv=none; d=google.com; s=arc-20160816; b=qAPFQVAikFeTTSYdJsnAr0/8qfSd+FcwNNmmsdfzfAeftDYS9YNkE865ulsiLdGuJA oC3ZB8z77YbHGFibX63WyfL+4BLiYsh9zp//GuP2d0VL0XFfp6TCer1q2JxNgc8fsfVB J8ejVNb+7GK7ilorDvrniE02eUyeFptJOyK0B/FvHVEUDhdZnTn+KUVIjz1y+oAg5iN+ w+FxlKZRrUA8vjSaJGYLeK2zWjiRu8BJmCBx33PvPifVos3H900f3E63YSD1lVee+NSH AWuzgh3jg6kXsZ9KeHl7GqCoKOJuAmIgHVwXIldfgtENDGqvZEACnoB9e9QseO98p/0F qDyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=HC0e8NdoCB7tWyVa03bexezNwrfYw924soWcdMFMpw8=; b=nAB4EycO1JUR+lBZnVF3zGZtJt1CYjxQBqNJOP12FFqo3uc89XeIqbGbuVXzwwad3W 7ttrZSuQvkE2P1oYd9S3o3ERhzsddFT8j9FqiI5AR/WRowpvFfsAUk4F8v0Py7mAnKTt E9tRmE5xzf0C9TnFOgcenf+S+j//6t6b9gILlG6owCatknzXUi/C2RDdahJyNlDetLun Kl43k++0YMQn3DE4CXvH9tO9yi89vdfiCjyj7FQp38C1RfyKYcuX1yNZ1PdvDH19u1ys j/ElQ1rfhVobfgJmohPuoPHUiZhZ3Jsw9oRLEqTPQVRYbvg/oNyUrNFTaDtbobONRU+5 DX8g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=DvVzJZlH; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x19si2831512eju.15.2019.10.10.01.48.51; Thu, 10 Oct 2019 01:48:51 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=DvVzJZlH; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389157AbfJJIss (ORCPT + 13 others); Thu, 10 Oct 2019 04:48:48 -0400 Received: from mail.kernel.org ([198.145.29.99]:55118 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388745AbfJJIss (ORCPT ); Thu, 10 Oct 2019 04:48:48 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2FF84218AC; Thu, 10 Oct 2019 08:48:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1570697326; bh=T4FbpQKPhy3l01rC+LQL19O6vxjqjUvvNx+JZt0oe/w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=DvVzJZlH6/y+iqSowPXJUyKW6711tKRPd8A/IO2hKjo9IljHTvX6ypUPBYo9+0QAU qNpJl0h3ijLl6zJxeIM1sDL0KR2AWYa06ykcGhDPS2rVWkgVzWc1aLLJjScRrXkO3o pmZPJzJKw49tyrdXgI/L2eGsE897D52X1KxCeAAE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Will Deacon , Ard Biesheuvel Subject: [PATCH 4.19 102/114] arm64: ssbs: Dont treat CPUs with SSBS as unaffected by SSB Date: Thu, 10 Oct 2019 10:36:49 +0200 Message-Id: <20191010083613.611304454@linuxfoundation.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191010083544.711104709@linuxfoundation.org> References: <20191010083544.711104709@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon [ Upstream commit eb337cdfcd5dd3b10522c2f34140a73a4c285c30 ] SSBS provides a relatively cheap mitigation for SSB, but it is still a mitigation and its presence does not indicate that the CPU is unaffected by the vulnerability. Tweak the mitigation logic so that we report the correct string in sysfs. Signed-off-by: Will Deacon Signed-off-by: Ard Biesheuvel Signed-off-by: Greg Kroah-Hartman --- arch/arm64/kernel/cpu_errata.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -341,15 +341,17 @@ static bool has_ssbd_mitigation(const st WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible()); + /* delay setting __ssb_safe until we get a firmware response */ + if (is_midr_in_range_list(read_cpuid_id(), entry->midr_range_list)) + this_cpu_safe = true; + if (this_cpu_has_cap(ARM64_SSBS)) { + if (!this_cpu_safe) + __ssb_safe = false; required = false; goto out_printmsg; } - /* delay setting __ssb_safe until we get a firmware response */ - if (is_midr_in_range_list(read_cpuid_id(), entry->midr_range_list)) - this_cpu_safe = true; - if (psci_ops.smccc_version == SMCCC_VERSION_1_0) { ssbd_state = ARM64_SSBD_UNKNOWN; if (!this_cpu_safe) From patchwork Thu Oct 10 08:36:50 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 175732 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp1990000ill; Thu, 10 Oct 2019 01:55:58 -0700 (PDT) X-Google-Smtp-Source: APXvYqxobC8mbCUmh4S0dqwU3Ag89WqSDyzjUHpQvfZw4AZ7loBvLDuMVq9dSieMSUMJRb8avaTB X-Received: by 2002:a50:e40c:: with SMTP id d12mr6909268edm.256.1570697758657; Thu, 10 Oct 2019 01:55:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570697758; cv=none; d=google.com; s=arc-20160816; b=SG38On2/ctlCWOhtxovcAmbo+vDHjZ5GjVKsPOTtZvSUxILgGVE8it3Ai+IadPjAlY AQKNX0Xzctfl+ZxHiZrCErlyiBoe2HaUZ98R8CC05u1rO4R48h96FlTkaXDYoPiiQtS4 0F0j/u9dK+sAO9SKOrd6XxgtKmtDCe656vrPZFjLkyB4rA+I8681CSfc4lCzCDS3gfwi Vaclzmx2F/8z7vAgBwEWOATIEAaZYDumSMTlq1D2s6w/pdD9OyxAWq0cHCVwBkP0qD21 42euPVTNjHdHaXnns0Ycu1e8ZumcDurduvOUlvlEhLwkWn2U6j4A8QaoWEHQsbXHg2vd VG4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=u+OD1/g6qy8zWwAlxMKnp9vFC3JVaugZ//Q8Uv7zgKk=; b=LGgAYv1+QDEGhJx/I02V3+b6wSppl0iTvnq21jOCBz0XACj3oY7lRUGO6svj5gtWlU 6BYpNJVtdt9vUwT5JIeVyX55Z3bweqYY93lkm+tweXqdaMPdiykGY3cT7AbYQTYuDTvb h13FKvtl2tMjn8hhm1odjLtJJXnTkjTV2vr6yZBelrq9CIiKNsMg66Ea4jTfyiMkG9jT i0AViku+6pQPoKOcG8FHSW+sAjL48+Hd/+Cupn2nbSTOhHwwH1OWWvvGb+aBuU5Hx4F8 U0CRO55bjyigp30k/EsjrNTtbx5lF4ImgeUn/N0eVTHotrQTYwHJ/O1rou+Ir6QStIVU GvEA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=U0FkIhGs; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z2si3152505edd.390.2019.10.10.01.55.58; Thu, 10 Oct 2019 01:55:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=U0FkIhGs; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388327AbfJJIz5 (ORCPT + 13 others); Thu, 10 Oct 2019 04:55:57 -0400 Received: from mail.kernel.org ([198.145.29.99]:55236 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389178AbfJJIsw (ORCPT ); Thu, 10 Oct 2019 04:48:52 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A0871218AC; Thu, 10 Oct 2019 08:48:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1570697332; bh=xCPrH/diVEoglFjDTV/JzAWK6WNrbC+4JHj+gxzkQF0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=U0FkIhGs5R4JgpGlpZNFnGrFJ5jMaeS1a88CzrzKuUuZDcHAHpIhIXmkDm7d4V4iV daTcbwqCa2z4BdM2EYvGDcJL1t/uAzOcB05/SB1necZJVbxrI5Qu446HEQ+fDiUYYJ fXqfbBcJRx+kWCyMpA5NwNx15oYAUNb5d8V+tFH8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Marc Zyngier , Will Deacon , Ard Biesheuvel Subject: [PATCH 4.19 103/114] arm64: Force SSBS on context switch Date: Thu, 10 Oct 2019 10:36:50 +0200 Message-Id: <20191010083613.664531794@linuxfoundation.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191010083544.711104709@linuxfoundation.org> References: <20191010083544.711104709@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Marc Zyngier [ Upstream commit cbdf8a189a66001c36007bf0f5c975d0376c5c3a ] On a CPU that doesn't support SSBS, PSTATE[12] is RES0. In a system where only some of the CPUs implement SSBS, we end-up losing track of the SSBS bit across task migration. To address this issue, let's force the SSBS bit on context switch. Fixes: 8f04e8e6e29c ("arm64: ssbd: Add support for PSTATE.SSBS rather than trapping to EL3") Signed-off-by: Marc Zyngier [will: inverted logic and added comments] Signed-off-by: Will Deacon Signed-off-by: Ard Biesheuvel Signed-off-by: Greg Kroah-Hartman --- arch/arm64/include/asm/processor.h | 14 ++++++++++++-- arch/arm64/kernel/process.c | 29 ++++++++++++++++++++++++++++- 2 files changed, 40 insertions(+), 3 deletions(-) --- a/arch/arm64/include/asm/processor.h +++ b/arch/arm64/include/asm/processor.h @@ -177,6 +177,16 @@ static inline void start_thread_common(s regs->pc = pc; } +static inline void set_ssbs_bit(struct pt_regs *regs) +{ + regs->pstate |= PSR_SSBS_BIT; +} + +static inline void set_compat_ssbs_bit(struct pt_regs *regs) +{ + regs->pstate |= PSR_AA32_SSBS_BIT; +} + static inline void start_thread(struct pt_regs *regs, unsigned long pc, unsigned long sp) { @@ -184,7 +194,7 @@ static inline void start_thread(struct p regs->pstate = PSR_MODE_EL0t; if (arm64_get_ssbd_state() != ARM64_SSBD_FORCE_ENABLE) - regs->pstate |= PSR_SSBS_BIT; + set_ssbs_bit(regs); regs->sp = sp; } @@ -203,7 +213,7 @@ static inline void compat_start_thread(s #endif if (arm64_get_ssbd_state() != ARM64_SSBD_FORCE_ENABLE) - regs->pstate |= PSR_AA32_SSBS_BIT; + set_compat_ssbs_bit(regs); regs->compat_sp = sp; } --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -360,7 +360,7 @@ int copy_thread(unsigned long clone_flag childregs->pstate |= PSR_UAO_BIT; if (arm64_get_ssbd_state() == ARM64_SSBD_FORCE_DISABLE) - childregs->pstate |= PSR_SSBS_BIT; + set_ssbs_bit(childregs); p->thread.cpu_context.x19 = stack_start; p->thread.cpu_context.x20 = stk_sz; @@ -402,6 +402,32 @@ void uao_thread_switch(struct task_struc } /* + * Force SSBS state on context-switch, since it may be lost after migrating + * from a CPU which treats the bit as RES0 in a heterogeneous system. + */ +static void ssbs_thread_switch(struct task_struct *next) +{ + struct pt_regs *regs = task_pt_regs(next); + + /* + * Nothing to do for kernel threads, but 'regs' may be junk + * (e.g. idle task) so check the flags and bail early. + */ + if (unlikely(next->flags & PF_KTHREAD)) + return; + + /* If the mitigation is enabled, then we leave SSBS clear. */ + if ((arm64_get_ssbd_state() == ARM64_SSBD_FORCE_ENABLE) || + test_tsk_thread_flag(next, TIF_SSBD)) + return; + + if (compat_user_mode(regs)) + set_compat_ssbs_bit(regs); + else if (user_mode(regs)) + set_ssbs_bit(regs); +} + +/* * We store our current task in sp_el0, which is clobbered by userspace. Keep a * shadow copy so that we can restore this upon entry from userspace. * @@ -429,6 +455,7 @@ __notrace_funcgraph struct task_struct * contextidr_thread_switch(next); entry_task_switch(next); uao_thread_switch(next); + ssbs_thread_switch(next); /* * Complete any pending TLB or cache maintenance on this CPU in case From patchwork Thu Oct 10 08:36:51 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 175726 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp1983820ill; Thu, 10 Oct 2019 01:48:57 -0700 (PDT) X-Google-Smtp-Source: APXvYqw3V/XYF7dND+ri4hrczUPGr7E9ZDR6CwAP7TpssTJ2EJsioTuuBwhprWkBPlB6ZVicQWLp X-Received: by 2002:a17:907:2132:: with SMTP id qo18mr6845581ejb.247.1570697337307; Thu, 10 Oct 2019 01:48:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570697337; cv=none; d=google.com; s=arc-20160816; b=eXgTQyWaTjHnHJrVAc8mxOqzU/pPu4bilpd6FjJk7xJDR9NIsr7vOdtATol2dYdrSz mA5tkAsRxWfcHGa/NCI95Z5kzK8glkoat9+GNMhSSrBOPR3sbFY4mBivtAYRBYh8ncfC LBd9REM4aBeCvkc7G0/dJBJ/skz7WQc8BexfhYRk7e/UURdcsCrp0qp+VLVMYblwUswl KABElMZqinn6ZGxBixe4PSl5aJPa9VLTnDz975qahs+T7+3Y1vvpsIk3+2EMnTIhCCub 2LWz5+SIlxFw4LIYj1MAcWhWtwOs8Ho4pLwdkT7a6z1WzqncbzGnAAQPfa1R4wJreQ4/ UBUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=AeX1gPbsg5zXfEpXNnx0RWD3wMjrAiUPSzk1iBfLcFk=; b=ToG317XusoamSklAJA9YQSboawYlcw7EqTrZ4adaFal0iTdXfZ5oz0P3Pl276IkboL Y9VxBvINzkilCcAD+1Ou9RkCdgS8EMaGJZ/G0tOswEKOTy5XfZy2TndIaSZkL/5eOopP 0XU0B9nJ985ApU/2PDBDPUYmESq7+0RH1u+uF7735ltIR0G6mNSTVE5bxR5Y/oUgCgBy 3FZHFZOBymrt7/JB7UtpVt2A994SqY8DEQN5L1ilEcjE0FtYw23A0feLtLq4SinAHfb3 l/PAy/Xhu1PthAgrDNs+fQc1G/1++yNMGN0tIXhZMwA18BpduXean6gmR1v2146TbTnO Fg5w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Yq6Ck7RC; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x19si2831512eju.15.2019.10.10.01.48.57; Thu, 10 Oct 2019 01:48:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Yq6Ck7RC; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389715AbfJJIs4 (ORCPT + 13 others); Thu, 10 Oct 2019 04:48:56 -0400 Received: from mail.kernel.org ([198.145.29.99]:55308 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389713AbfJJIsz (ORCPT ); Thu, 10 Oct 2019 04:48:55 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 69DC22064A; Thu, 10 Oct 2019 08:48:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1570697334; bh=S+0Okuy49xg+IxUOb8mc1qP1Q2gPrQqsCjKimb1zDNI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Yq6Ck7RClMeZdbGEkk7oSbNVvgPsxu+weTGT1uba8Sd3X8N8N6H0OU2KfqOgczcPC KkxUiu5stn5Z1Wndsw7cgHKUliGHIyjqHA3mF7riZ3EI81SNLySUMWYlVGYic2kSrb FSekAmFkaoJ6n7rNEAQrhIpAaHxKAfgUjjHIQRhU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Marc Zyngier , Jeremy Linton , Andre Przywara , Catalin Marinas , Stefan Wahren , Will Deacon , Ard Biesheuvel Subject: [PATCH 4.19 104/114] arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 Date: Thu, 10 Oct 2019 10:36:51 +0200 Message-Id: <20191010083613.719382595@linuxfoundation.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191010083544.711104709@linuxfoundation.org> References: <20191010083544.711104709@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Marc Zyngier commit 517953c2c47f9c00a002f588ac856a5bc70cede3 upstream. The SMCCC ARCH_WORKAROUND_1 service can indicate that although the firmware knows about the Spectre-v2 mitigation, this particular CPU is not vulnerable, and it is thus not necessary to call the firmware on this CPU. Let's use this information to our benefit. Signed-off-by: Marc Zyngier Signed-off-by: Jeremy Linton Reviewed-by: Andre Przywara Reviewed-by: Catalin Marinas Tested-by: Stefan Wahren Signed-off-by: Will Deacon Signed-off-by: Ard Biesheuvel Signed-off-by: Greg Kroah-Hartman --- arch/arm64/kernel/cpu_errata.c | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -198,22 +198,36 @@ static int detect_harden_bp_fw(void) case PSCI_CONDUIT_HVC: arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, ARM_SMCCC_ARCH_WORKAROUND_1, &res); - if ((int)res.a0 < 0) + switch ((int)res.a0) { + case 1: + /* Firmware says we're just fine */ + return 0; + case 0: + cb = call_hvc_arch_workaround_1; + /* This is a guest, no need to patch KVM vectors */ + smccc_start = NULL; + smccc_end = NULL; + break; + default: return -1; - cb = call_hvc_arch_workaround_1; - /* This is a guest, no need to patch KVM vectors */ - smccc_start = NULL; - smccc_end = NULL; + } break; case PSCI_CONDUIT_SMC: arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID, ARM_SMCCC_ARCH_WORKAROUND_1, &res); - if ((int)res.a0 < 0) + switch ((int)res.a0) { + case 1: + /* Firmware says we're just fine */ + return 0; + case 0: + cb = call_smc_arch_workaround_1; + smccc_start = __smccc_workaround_1_smc_start; + smccc_end = __smccc_workaround_1_smc_end; + break; + default: return -1; - cb = call_smc_arch_workaround_1; - smccc_start = __smccc_workaround_1_smc_start; - smccc_end = __smccc_workaround_1_smc_end; + } break; default: