Re: [PATCH v3 0/7] arm64: add system vulnerability sysfs entries
From: Jeremy Linton <hidden>
Date: 2019-01-18 22:22:20
Also in:
lkml
Subsystem:
arm64 port (aarch64 architecture), the rest · Maintainers:
Catalin Marinas, Will Deacon, Linus Torvalds
On 01/18/2019 12:05 PM, Stefan Wahren wrote:
Hi,quoted
Jeremy Linton [off-list ref] hat am 15. Januar 2019 um 22:21 geschrieben: Hi, On 01/15/2019 01:50 PM, Stefan Wahren wrote:quoted
Hi Jeremy,quoted
Jeremy Linton [off-list ref] hat am 10. Januar 2019 um 00:55 geschrieben: Arm64 machines should be displaying a human readable vulnerability status to speculative execution attacks in /sys/devices/system/cpu/vulnerabilities This series enables that behavior by providing the expected functions. Those functions expose the cpu errata and feature states, as well as whether firmware is responding appropriately to display the overall machine status. This means that in a heterogeneous machine we will only claim the machine is mitigated or safe if we are confident all booted cores are safe or mitigated.i applied this v3 series and Marc's v2 series. Now i'm getting the following on a Raspberry Pi 3 B+ : meltdown:Not affected spec_store_bypass:Not affected spectre_v1:Mitigation: __user pointer sanitization So the entries l1tf and spectre_v2 disappeared.Yes, the l1tf entry should be gone. I believe there is a problem with the "1/2 advertise.." patch in that the 'arm64_requested_vuln_attrs |=' line needs to be hoisted to the top of check_branch_predictor() and the '__spectrev2_safe = false' line needs to be hoisted 6 lines immediately above "/* Fallback to firmware detection*/"a snippet or a new version would be nice
Sure, I've got another version, to be posted soon (probably Tue of next week). In the meantime, Marc's tree should work with the following fix:
diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
index b44f87e7360d..7cfd34b2c0e5 100644
--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c@@ -286,11 +286,15 @@ static int detect_harden_bp_fw(void) } #endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */ +#if defined(CONFIG_ARM64_SSBD) || \ + defined(CONFIG_GENERIC_CPU_VULNERABILITIES) +static bool __ssb_safe = true; +#endif + #ifdef CONFIG_ARM64_SSBD DEFINE_PER_CPU_READ_MOSTLY(u64, arm64_ssbd_callback_required); int ssbd_state __read_mostly = ARM64_SSBD_KERNEL; -static bool __ssb_safe = true; static const struct ssbd_options { const char *str;
@@ -569,6 +573,8 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope)
WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible());
+ arm64_requested_vuln_attrs |= VULN_SPECTREV2;
+
/* If the CPU has CSV2 set, we're safe */
if
(cpuid_feature_extract_unsigned_field(read_cpuid(ID_AA64PFR0_EL1),
ID_AA64PFR0_CSV2_SHIFT))@@ -578,17 +584,17 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope)
if (is_midr_in_range_list(read_cpuid_id(), spectre_v2_safe_list))
return false;
+ __spectrev2_safe = false;
+
/* Fallback to firmware detection */
need_wa = detect_harden_bp_fw();
if (!need_wa)
return false;
- __spectrev2_safe = false;
-
if (need_wa < 0)
pr_warn_once("ARM_SMCCC_ARCH_WORKAROUND_1 missing from
firmware\n");
- arm64_requested_vuln_attrs |= VULN_SPECTREV2;
+
return (need_wa > 0);
}
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel