From: Will Deacon <will.deacon@arm.com>
To: Suzuki K Poulose <Suzuki.Poulose@arm.com>
Cc: Marc Zyngier <marc.zyngier@arm.com>,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, kvmarm@lists.cs.columbia.edu,
Kees Cook <keescook@chromium.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Andy Lutomirski <luto@kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [PATCH 04/14] arm64: Add ARCH_WORKAROUND_2 probing
Date: Thu, 24 May 2018 12:39:35 +0100 [thread overview]
Message-ID: <20180524113933.GA8689@arm.com> (raw)
In-Reply-To: <6c3e7b31-0bb6-353b-1b82-7ebdf3be1323@arm.com>
On Thu, May 24, 2018 at 10:58:43AM +0100, Suzuki K Poulose wrote:
> On 22/05/18 16:06, Marc Zyngier wrote:
> >As for Spectre variant-2, we rely on SMCCC 1.1 to provide the
> >discovery mechanism for detecting the SSBD mitigation.
> >
> >A new capability is also allocated for that purpose, and a
> >config option.
> >
> >Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
>
>
> >+static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry,
> >+ int scope)
> >+{
> >+ struct arm_smccc_res res;
> >+ bool supported = true;
> >+
> >+ WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible());
> >+
> >+ if (psci_ops.smccc_version == SMCCC_VERSION_1_0)
> >+ return false;
> >+
> >+ /*
> >+ * The probe function return value is either negative
> >+ * (unsupported or mitigated), positive (unaffected), or zero
> >+ * (requires mitigation). We only need to do anything in the
> >+ * last case.
> >+ */
> >+ switch (psci_ops.conduit) {
> >+ case PSCI_CONDUIT_HVC:
> >+ arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID,
> >+ ARM_SMCCC_ARCH_WORKAROUND_2, &res);
> >+ if ((int)res.a0 != 0)
> >+ supported = false;
> >+ break;
> >+
> >+ case PSCI_CONDUIT_SMC:
> >+ arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID,
> >+ ARM_SMCCC_ARCH_WORKAROUND_2, &res);
> >+ if ((int)res.a0 != 0)
> >+ supported = false;
> >+ break;
> >+
> >+ default:
> >+ supported = false;
> >+ }
> >+
> >+ if (supported) {
> >+ __this_cpu_write(arm64_ssbd_callback_required, 1);
> >+ do_ssbd(true);
> >+ }
>
>
> Marc,
>
> As discussed, we have minor issue with the "corner case". If a CPU
> is hotplugged in which requires the mitigation, after the system has
> finalised the cap to "not available", the CPU could go ahead and
> do the "work around" as above, while not effectively doing anything
> about it at runtime for KVM guests (as thats the only place where
> we rely on the CAP being set).
>
> But, yes this is real corner case. There is no easy way to solve it
> other than
>
> 1) Allow late modifications to CPU hwcaps
>
> OR
>
> 2) Penalise the fastpath to always check per-cpu setting.
Shouldn't we just avoid bring up CPUs that require the mitigation after
we've finalised the capability to say that it's not required? Assuming this
is just another issue with maxcpus=, then I don't much care for it.
Will
next prev parent reply other threads:[~2018-05-24 11:39 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-22 15:06 [PATCH 00/14] arm64 SSBD (aka Spectre-v4) mitigation Marc Zyngier
2018-05-22 15:06 ` [PATCH 01/14] arm/arm64: smccc: Add SMCCC-specific return codes Marc Zyngier
2018-05-24 10:55 ` Mark Rutland
2018-05-22 15:06 ` [PATCH 02/14] arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1 Marc Zyngier
2018-05-23 9:23 ` Julien Grall
2018-05-24 10:52 ` Mark Rutland
2018-05-24 12:10 ` Robin Murphy
2018-05-24 11:00 ` Mark Rutland
2018-05-24 11:23 ` Mark Rutland
2018-05-24 11:28 ` Marc Zyngier
2018-05-22 15:06 ` [PATCH 03/14] arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2 Marc Zyngier
2018-05-23 10:03 ` Julien Grall
2018-05-24 11:14 ` Mark Rutland
2018-05-22 15:06 ` [PATCH 04/14] arm64: Add ARCH_WORKAROUND_2 probing Marc Zyngier
2018-05-23 10:06 ` Julien Grall
2018-05-24 9:58 ` Suzuki K Poulose
2018-05-24 11:39 ` Will Deacon [this message]
2018-05-24 13:34 ` Suzuki K Poulose
2018-05-24 11:27 ` Mark Rutland
2018-05-22 15:06 ` [PATCH 05/14] arm64: Add 'ssbd' command-line option Marc Zyngier
2018-05-22 15:29 ` Randy Dunlap
2018-05-23 10:08 ` Julien Grall
2018-05-24 11:40 ` Mark Rutland
2018-05-24 11:52 ` Marc Zyngier
2018-05-22 15:06 ` [PATCH 06/14] arm64: ssbd: Add global mitigation state accessor Marc Zyngier
2018-05-23 10:11 ` Julien Grall
2018-05-24 11:41 ` Mark Rutland
2018-05-22 15:06 ` [PATCH 07/14] arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation Marc Zyngier
2018-05-23 10:13 ` Julien Grall
2018-05-24 11:43 ` Mark Rutland
2018-05-22 15:06 ` [PATCH 08/14] arm64: ssbd: Disable mitigation on CPU resume if required by user Marc Zyngier
2018-05-23 10:52 ` Julien Grall
2018-05-24 11:55 ` Mark Rutland
2018-05-22 15:06 ` [PATCH 09/14] arm64: ssbd: Introduce thread flag to control userspace mitigation Marc Zyngier
2018-05-24 12:01 ` Mark Rutland
2018-05-24 12:16 ` Marc Zyngier
2018-05-24 12:19 ` Will Deacon
2018-05-24 12:36 ` Marc Zyngier
2018-05-22 15:06 ` [PATCH 10/14] arm64: ssbd: Add prctl interface for per-thread mitigation Marc Zyngier
2018-05-22 15:48 ` Dominik Brodowski
2018-05-22 16:30 ` Marc Zyngier
2018-05-24 12:10 ` Mark Rutland
2018-05-24 12:24 ` Will Deacon
2018-05-22 15:06 ` [PATCH 11/14] arm64: KVM: Add HYP per-cpu accessors Marc Zyngier
2018-05-24 12:11 ` Mark Rutland
2018-05-22 15:06 ` [PATCH 12/14] arm64: KVM: Add ARCH_WORKAROUND_2 support for guests Marc Zyngier
2018-05-24 12:15 ` Mark Rutland
2018-05-22 15:06 ` [PATCH 13/14] arm64: KVM: Handle guest's ARCH_WORKAROUND_2 requests Marc Zyngier
2018-05-24 12:22 ` Mark Rutland
2018-05-22 15:06 ` [PATCH 14/14] arm64: KVM: Add ARCH_WORKAROUND_2 discovery through ARCH_FEATURES_FUNC_ID Marc Zyngier
2018-05-24 12:25 ` Mark Rutland
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180524113933.GA8689@arm.com \
--to=will.deacon@arm.com \
--cc=Suzuki.Poulose@arm.com \
--cc=catalin.marinas@arm.com \
--cc=gregkh@linuxfoundation.org \
--cc=keescook@chromium.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=marc.zyngier@arm.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox