From: will.deacon@arm.com (Will Deacon)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH RESEND 4/6] arm64: add sysfs vulnerability show for spectre v2
Date: Mon, 17 Sep 2018 14:30:41 +0100 [thread overview]
Message-ID: <20180917133041.GC23040@arm.com> (raw)
In-Reply-To: <20180827143310.641-5-ykaukab@suse.de>
On Mon, Aug 27, 2018 at 04:33:08PM +0200, Mian Yousaf Kaukab wrote:
> Only report mitigation present if hardening callback has been
> successfully installed.
>
> Signed-off-by: Mian Yousaf Kaukab <ykaukab@suse.de>
> ---
> arch/arm64/kernel/cpu_errata.c | 34 +++++++++++++++++++++++++++++++++-
> 1 file changed, 33 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
> index 92616431ae4e..8469d3be7b15 100644
> --- a/arch/arm64/kernel/cpu_errata.c
> +++ b/arch/arm64/kernel/cpu_errata.c
> @@ -481,7 +481,8 @@ multi_entry_cap_cpu_enable(const struct arm64_cpu_capabilities *entry)
> caps->cpu_enable(caps);
> }
>
> -#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR
> +#if defined(CONFIG_HARDEN_BRANCH_PREDICTOR) || \
> + defined(CONFIG_GENERIC_CPU_VULNERABILITIES)
>
> /*
> * List of CPUs where we need to issue a psci call to
> @@ -712,4 +713,35 @@ ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr,
> return sprintf(buf, "Mitigation: __user pointer sanitization\n");
> }
>
> +ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr,
> + char *buf)
> +{
> + u64 pfr0;
> + struct bp_hardening_data *data;
> +
> + pfr0 = read_cpuid(ID_AA64PFR0_EL1);
> + if (cpuid_feature_extract_unsigned_field(pfr0, ID_AA64PFR0_CSV2_SHIFT))
> + return sprintf(buf, "Not affected\n");
This strikes me as a pretty terrible interface, as it means that the file
can return different contents depending on which CPU it was read from on a
big/little machine. I think we need to either expose this per-cpu, or expose
the value of the system (e.g. if one CPU is vulnerable, we always say
vulnerable).
> +
> + if (cpus_have_const_cap(ARM64_HARDEN_BRANCH_PREDICTOR)) {
> + /*
> + * Hardware is vulnerable. Lets check if bp hardening callback
> + * has been successfully installed
> + */
> + data = arm64_get_bp_hardening_data();
Related to the above, but this is accessing per-cpu stuff.
Will
WARNING: multiple messages have this Message-ID (diff)
From: Will Deacon <will.deacon@arm.com>
To: Mian Yousaf Kaukab <ykaukab@suse.de>
Cc: marc.zyngier@arm.com, linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, robert.richter@cavium.com,
cwu@amperecomputing.com
Subject: Re: [PATCH RESEND 4/6] arm64: add sysfs vulnerability show for spectre v2
Date: Mon, 17 Sep 2018 14:30:41 +0100 [thread overview]
Message-ID: <20180917133041.GC23040@arm.com> (raw)
In-Reply-To: <20180827143310.641-5-ykaukab@suse.de>
On Mon, Aug 27, 2018 at 04:33:08PM +0200, Mian Yousaf Kaukab wrote:
> Only report mitigation present if hardening callback has been
> successfully installed.
>
> Signed-off-by: Mian Yousaf Kaukab <ykaukab@suse.de>
> ---
> arch/arm64/kernel/cpu_errata.c | 34 +++++++++++++++++++++++++++++++++-
> 1 file changed, 33 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
> index 92616431ae4e..8469d3be7b15 100644
> --- a/arch/arm64/kernel/cpu_errata.c
> +++ b/arch/arm64/kernel/cpu_errata.c
> @@ -481,7 +481,8 @@ multi_entry_cap_cpu_enable(const struct arm64_cpu_capabilities *entry)
> caps->cpu_enable(caps);
> }
>
> -#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR
> +#if defined(CONFIG_HARDEN_BRANCH_PREDICTOR) || \
> + defined(CONFIG_GENERIC_CPU_VULNERABILITIES)
>
> /*
> * List of CPUs where we need to issue a psci call to
> @@ -712,4 +713,35 @@ ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr,
> return sprintf(buf, "Mitigation: __user pointer sanitization\n");
> }
>
> +ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr,
> + char *buf)
> +{
> + u64 pfr0;
> + struct bp_hardening_data *data;
> +
> + pfr0 = read_cpuid(ID_AA64PFR0_EL1);
> + if (cpuid_feature_extract_unsigned_field(pfr0, ID_AA64PFR0_CSV2_SHIFT))
> + return sprintf(buf, "Not affected\n");
This strikes me as a pretty terrible interface, as it means that the file
can return different contents depending on which CPU it was read from on a
big/little machine. I think we need to either expose this per-cpu, or expose
the value of the system (e.g. if one CPU is vulnerable, we always say
vulnerable).
> +
> + if (cpus_have_const_cap(ARM64_HARDEN_BRANCH_PREDICTOR)) {
> + /*
> + * Hardware is vulnerable. Lets check if bp hardening callback
> + * has been successfully installed
> + */
> + data = arm64_get_bp_hardening_data();
Related to the above, but this is accessing per-cpu stuff.
Will
next prev parent reply other threads:[~2018-09-17 13:30 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-27 14:33 [PATCH RESEND 0/6] arm64: add support for generic cpu vulnerabilities Mian Yousaf Kaukab
2018-08-27 14:33 ` Mian Yousaf Kaukab
2018-08-27 14:33 ` [PATCH RESEND 1/6] arm64: kpti: move check for non-vulnerable CPUs to a function Mian Yousaf Kaukab
2018-08-27 14:33 ` Mian Yousaf Kaukab
2018-08-27 14:33 ` [PATCH RESEND 2/6] arm64: add sysfs vulnerability show for meltdown Mian Yousaf Kaukab
2018-08-27 14:33 ` Mian Yousaf Kaukab
2018-09-17 13:30 ` Will Deacon
2018-09-17 13:30 ` Will Deacon
2018-08-27 14:33 ` [PATCH RESEND 3/6] arm64: add sysfs vulnerability show for spectre v1 Mian Yousaf Kaukab
2018-08-27 14:33 ` Mian Yousaf Kaukab
2018-09-17 17:22 ` Robert Richter
2018-09-17 17:22 ` Robert Richter
2018-09-18 8:38 ` Will Deacon
2018-09-18 8:38 ` Will Deacon
2018-09-18 9:52 ` Robert Richter
2018-09-18 9:52 ` Robert Richter
2018-09-18 17:15 ` Will Deacon
2018-09-18 17:15 ` Will Deacon
2018-09-19 6:57 ` Robert Richter
2018-09-19 6:57 ` Robert Richter
2018-08-27 14:33 ` [PATCH RESEND 4/6] arm64: add sysfs vulnerability show for spectre v2 Mian Yousaf Kaukab
2018-08-27 14:33 ` Mian Yousaf Kaukab
2018-09-17 13:30 ` Will Deacon [this message]
2018-09-17 13:30 ` Will Deacon
2018-08-27 14:33 ` [PATCH RESEND 5/6] arm64: add sysfs vulnerability show for speculative store bypass Mian Yousaf Kaukab
2018-08-27 14:33 ` Mian Yousaf Kaukab
2018-09-17 13:30 ` Will Deacon
2018-09-17 13:30 ` Will Deacon
2018-08-27 14:33 ` [PATCH RESEND 6/6] arm64: enable generic CPU vulnerabilites support Mian Yousaf Kaukab
2018-08-27 14:33 ` Mian Yousaf Kaukab
2018-09-05 9:25 ` [PATCH RESEND 0/6] arm64: add support for generic cpu vulnerabilities Mian Yousaf Kaukab
2018-09-05 9:25 ` Mian Yousaf Kaukab
2018-09-17 13:35 ` Will Deacon
2018-09-17 13:35 ` Will Deacon
2018-09-24 10:06 ` Mian Yousaf Kaukab
2018-09-24 10:06 ` Mian Yousaf Kaukab
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180917133041.GC23040@arm.com \
--to=will.deacon@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.