From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C5E81C43464 for ; Fri, 18 Sep 2020 16:49:32 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 4A9C4208DB for ; Fri, 18 Sep 2020 16:49:32 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="qp1g2nPW"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="KsBbaZgA" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4A9C4208DB Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To:From: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=FyzTLN/gah6GYeXEms7UR8gSJo83PtvKZTjFYaxqUSw=; b=qp1g2nPWD0nbCnJPDrtk9xQj2/ 4ohlWODrV4WRF4BIuf+sxpYpWzJCTxUeD034QjdpX0KiDkW82fr3qVzMF51qDVJTcQoWXKL8PjQX0 BgZxxu39KW0lWKq9rwCC+ci8NKA6EMh21wowNESz+HSmLB/CQcNux4jDPgAhjFKhAHTO2bSaduc2s Wge6dyFra2b7WqMioAJPCnVoJT/pDwBX1q6bzN+qkwbvvQzHIFG9c7gFK85eLSbQ1TAYPvuyLQrED zSTTX+Kz2IRj5YGr6DVBYAAR/EtgSLSkzg3Z0wOhn8GByZrxTpx5jDWWBhtICRs5oFSLOYURLpJsU En4hwQKQ==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kJJY0-0006w5-VX; Fri, 18 Sep 2020 16:47:45 +0000 Received: from mail.kernel.org ([198.145.29.99]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kJJXx-0006uM-6X for linux-arm-kernel@lists.infradead.org; Fri, 18 Sep 2020 16:47:42 +0000 Received: from localhost.localdomain (236.31.169.217.in-addr.arpa [217.169.31.236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3D8282078B; Fri, 18 Sep 2020 16:47:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1600447660; bh=yd6tX0RuGUfGhfRvr3isyviHTUrcxplQKsaD+HYKfWc=; h=From:To:Cc:Subject:Date:From; b=KsBbaZgAJGFS6is4iILyHfb82AtTzdqnBpeav9pMOfNi/xJwwGd9scKJ/6loW3Pfn aqnmkkFINKTLRlPqBXYS2ui/ItvzbnNjEqdRf/g1/gm0+6akmtLgQga4pcb4r1EF+K 6Wy4CTr1oHB+u8Du8o7B+QE574eOcWyTOPmPG+6w= From: Will Deacon To: linux-arm-kernel@lists.infradead.org Subject: [PATCH 00/19] Fix and rewrite arm64 spectre mitigations Date: Fri, 18 Sep 2020 17:47:10 +0100 Message-Id: <20200918164729.31994-1-will@kernel.org> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200918_124741_460276_FC2B8399 X-CRM114-Status: GOOD ( 19.68 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Catalin Marinas , David Brazdil , Will Deacon , Suzuki K Poulose Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Hi everyone, If there's something strange in your CPU, who you gonna call? Well, if you're trundling along on an arm64 processor, git blame will suggest that Marc and I need to pick up the phone. Unfortunately, if the ghost in question is Spectre v2 or Spectre v4, then we'll have to call you back because our mitigations are in a pretty bad way. They used to work, but due to changes with the cpufeature code, they haven't been working properly for some time. And guess what? People haven't noticed because this stuff is practically impossible to test, even if you have a system where mitigations are available. The temptation was to remove the code entirely, but after putting in some effort to untangle it, we ended up knocking it into a much better shape. Although that doesn't change the fact that we can't test it very well, it certainly appears to behave better than the old code in situations such as: - Err... wanting mitigation on more than one CPU - Not changing the mitigation state at runtime (i.e. after userspace has started running) - Gracefully handling failure to bring late CPUs online (previously this would only happen _after_ updating the mitigation state!) - Clear separation between mitigation state (am I vulnerable?) and policy (the user wants to go fast) - Removal of the hideously expensive "dynamic" Spectre-v2 mitigation for KVM guests - Being easier to read, including the addition of comments As this is a complete rewrite, parts of the series are pretty grotty to review; it's easier to apply the whole lot first and then look at the new code, especially as the old implementation is pretty much unreadable anyway. The first three patches are fixes targetting stable. Given the current state of this stuff, I think that the rest of the series is 5.10 material, as we're hardly going to make anything worse here. Cheers, Will Cc: Catalin Marinas Cc: Suzuki K Poulose Cc: David Brazdil --->8 Marc Zyngier (8): arm64: Make use of ARCH_WORKAROUND_1 even when KVM is not enabled arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs KVM: arm64: Set CSV2 for guests on hardware unaffected by Spectre-v2 KVM: arm64: Simplify handling of ARCH_WORKAROUND_2 KVM: arm64: Get rid of kvm_arm_have_ssbd() KVM: arm64: Convert ARCH_WORKAROUND_2 to arm64_get_spectre_v4_state() arm64: Get rid of arm64_ssbd_state Will Deacon (11): arm64: Remove Spectre-related CONFIG_* options KVM: arm64: Replace CONFIG_KVM_INDIRECT_VECTORS with CONFIG_RANDOMIZE_BASE KVM: arm64: Simplify install_bp_hardening_cb() arm64: Rename ARM64_HARDEN_BRANCH_PREDICTOR to ARM64_SPECTRE_V2 arm64: Introduce separate file for spectre mitigations and reporting arm64: Rewrite Spectre-v2 mitigation code arm64: Group start_thread() functions together arm64: Treat SSBS as a non-strict system feature arm64: Rename ARM64_SSBD to ARM64_SPECTRE_V4 arm64: Move SSBD prctl() handler alongside other spectre mitigation code arm64: Rewrite Spectre-v4 mitigation code arch/arm64/Kconfig | 26 - arch/arm64/include/asm/cpucaps.h | 4 +- arch/arm64/include/asm/cpufeature.h | 24 - arch/arm64/include/asm/kvm_asm.h | 5 +- arch/arm64/include/asm/kvm_emulate.h | 14 - arch/arm64/include/asm/kvm_host.h | 40 -- arch/arm64/include/asm/kvm_mmu.h | 53 +- arch/arm64/include/asm/mmu.h | 11 +- arch/arm64/include/asm/processor.h | 44 +- arch/arm64/include/asm/spectre.h | 32 + arch/arm64/include/uapi/asm/kvm.h | 9 + arch/arm64/kernel/Makefile | 3 +- arch/arm64/kernel/cpu_errata.c | 487 +-------------- arch/arm64/kernel/cpufeature.c | 51 +- arch/arm64/kernel/entry.S | 10 +- arch/arm64/kernel/hibernate.c | 6 +- arch/arm64/kernel/image-vars.h | 2 - arch/arm64/kernel/process.c | 17 +- arch/arm64/kernel/proton-pack.c | 763 ++++++++++++++++++++++++ arch/arm64/kernel/ssbd.c | 129 ---- arch/arm64/kernel/suspend.c | 3 +- arch/arm64/kvm/Kconfig | 3 - arch/arm64/kvm/arm.c | 6 +- arch/arm64/kvm/hyp/Makefile | 2 +- arch/arm64/kvm/hyp/hyp-entry.S | 31 +- arch/arm64/kvm/hyp/include/hyp/switch.h | 33 - arch/arm64/kvm/hyp/nvhe/switch.c | 4 - arch/arm64/kvm/hyp/vhe/switch.c | 4 - arch/arm64/kvm/hypercalls.c | 33 +- arch/arm64/kvm/psci.c | 74 ++- arch/arm64/kvm/reset.c | 4 - arch/arm64/kvm/sys_regs.c | 3 + 32 files changed, 920 insertions(+), 1010 deletions(-) create mode 100644 arch/arm64/include/asm/spectre.h create mode 100644 arch/arm64/kernel/proton-pack.c delete mode 100644 arch/arm64/kernel/ssbd.c -- 2.28.0.681.g6f77f65b4e-goog _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel