From: Will Deacon <will@kernel.org>
To: linux-arm-kernel@lists.infradead.org
Cc: Catalin Marinas <catalin.marinas@arm.com>,
David Brazdil <dbrazdil@google.com>,
Will Deacon <will@kernel.org>,
Suzuki K Poulose <suzuki.poulose@arm.com>
Subject: [PATCH 12/19] arm64: Treat SSBS as a non-strict system feature
Date: Fri, 18 Sep 2020 17:47:22 +0100 [thread overview]
Message-ID: <20200918164729.31994-13-will@kernel.org> (raw)
In-Reply-To: <20200918164729.31994-1-will@kernel.org>
If all CPUs discovered during boot have SSBS, then spectre-v4 will be
considered to be "mitigated". However, we still allow late CPUs without
SSBS to be onlined, albeit with a "SANITY CHECK" warning. This is
problematic for userspace because it means that the system can quietly
transition to "Vulnerable" at runtime.
Avoid this by treating SSBS as a non-strict system feature: if all of
the CPUs discovered during boot have SSBS, then late arriving secondaries
better have it as well.
Signed-off-by: Will Deacon <will@kernel.org>
---
arch/arm64/kernel/cpufeature.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 4bb45b1d4ae4..033e6c952705 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -227,7 +227,7 @@ static const struct arm64_ftr_bits ftr_id_aa64pfr0[] = {
static const struct arm64_ftr_bits ftr_id_aa64pfr1[] = {
ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_MPAMFRAC_SHIFT, 4, 0),
ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_RASFRAC_SHIFT, 4, 0),
- ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_SSBS_SHIFT, 4, ID_AA64PFR1_SSBS_PSTATE_NI),
+ ARM64_FTR_BITS(FTR_VISIBLE, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR1_SSBS_SHIFT, 4, ID_AA64PFR1_SSBS_PSTATE_NI),
ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_BTI),
FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_BT_SHIFT, 4, 0),
ARM64_FTR_END,
@@ -487,7 +487,7 @@ static const struct arm64_ftr_bits ftr_id_pfr1[] = {
};
static const struct arm64_ftr_bits ftr_id_pfr2[] = {
- ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_PFR2_SSBS_SHIFT, 4, 0),
+ ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_PFR2_SSBS_SHIFT, 4, 0),
ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_PFR2_CSV3_SHIFT, 4, 0),
ARM64_FTR_END,
};
@@ -1977,7 +1977,7 @@ static const struct arm64_cpu_capabilities arm64_features[] = {
{
.desc = "Speculative Store Bypassing Safe (SSBS)",
.capability = ARM64_SSBS,
- .type = ARM64_CPUCAP_WEAK_LOCAL_CPU_FEATURE,
+ .type = ARM64_CPUCAP_SYSTEM_FEATURE,
.matches = has_cpuid_feature,
.sys_reg = SYS_ID_AA64PFR1_EL1,
.field_pos = ID_AA64PFR1_SSBS_SHIFT,
--
2.28.0.681.g6f77f65b4e-goog
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-09-18 16:52 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-18 16:47 [PATCH 00/19] Fix and rewrite arm64 spectre mitigations Will Deacon
2020-09-18 16:47 ` [PATCH 01/19] arm64: Make use of ARCH_WORKAROUND_1 even when KVM is not enabled Will Deacon
2020-09-18 16:47 ` [PATCH 02/19] arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs Will Deacon
2020-09-21 12:54 ` Sasha Levin
2020-09-18 16:47 ` [PATCH 03/19] arm64: Run ARCH_WORKAROUND_2 " Will Deacon
2020-09-18 17:13 ` Suzuki K Poulose
2020-09-18 16:47 ` [PATCH 04/19] arm64: Remove Spectre-related CONFIG_* options Will Deacon
2020-09-18 16:47 ` [PATCH 05/19] KVM: arm64: Replace CONFIG_KVM_INDIRECT_VECTORS with CONFIG_RANDOMIZE_BASE Will Deacon
2020-09-18 16:47 ` [PATCH 06/19] KVM: arm64: Simplify install_bp_hardening_cb() Will Deacon
2020-09-18 16:47 ` [PATCH 07/19] arm64: Rename ARM64_HARDEN_BRANCH_PREDICTOR to ARM64_SPECTRE_V2 Will Deacon
2020-09-18 16:47 ` [PATCH 08/19] arm64: Introduce separate file for spectre mitigations and reporting Will Deacon
2020-09-18 16:47 ` [PATCH 09/19] arm64: Rewrite Spectre-v2 mitigation code Will Deacon
2020-09-18 16:47 ` [PATCH 10/19] KVM: arm64: Set CSV2 for guests on hardware unaffected by Spectre-v2 Will Deacon
2020-09-18 16:47 ` [PATCH 11/19] arm64: Group start_thread() functions together Will Deacon
2020-09-18 16:47 ` Will Deacon [this message]
2020-09-18 16:47 ` [PATCH 13/19] arm64: Rename ARM64_SSBD to ARM64_SPECTRE_V4 Will Deacon
2020-09-18 16:47 ` [PATCH 14/19] arm64: Move SSBD prctl() handler alongside other spectre mitigation code Will Deacon
2020-09-18 16:47 ` [PATCH 15/19] arm64: Rewrite Spectre-v4 " Will Deacon
2020-09-18 16:47 ` [PATCH 16/19] KVM: arm64: Simplify handling of ARCH_WORKAROUND_2 Will Deacon
2020-09-18 16:47 ` [PATCH 17/19] KVM: arm64: Get rid of kvm_arm_have_ssbd() Will Deacon
2020-09-18 16:47 ` [PATCH 18/19] KVM: arm64: Convert ARCH_WORKAROUND_2 to arm64_get_spectre_v4_state() Will Deacon
2020-09-18 16:47 ` [PATCH 19/19] arm64: Get rid of arm64_ssbd_state Will Deacon
2020-09-18 16:59 ` [PATCH 00/19] Fix and rewrite arm64 spectre mitigations Will Deacon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200918164729.31994-13-will@kernel.org \
--to=will@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=dbrazdil@google.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=suzuki.poulose@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).