arm64: add sysfs vulnerability show for spectre-v2

Track whether all the cores in the machine are vulnerable to Spectre-v2, and whether all the vulnerable cores have been mitigated. We then expose this information to userspace via sysfs. Signed-off-by: Jeremy Linton <jeremy.linton@arm.com> Reviewed-by: Andre Przywara <andre.przywara@arm.com> Reviewed-by: Catalin Marinas <catalin.marinas@arm.com> Tested-by: Stefan Wahren <stefan.wahren@i2se.com> Signed-off-by: Will Deacon <will.deacon@arm.com>
author: Jeremy Linton <jeremy.linton@arm.com> 2019-04-15 17:21:26 -0400
committer: Will Deacon <will.deacon@arm.com> 2019-04-26 11:31:36 -0400
commit: d2532e27b5638bb2e2dd52b80b7ea2ec65135377 (patch)
tree: 31f1be21c8df7abee8f3235afcad6fa411fb133c
parent: 8c1e3d2bb44cbb998cb28ff9a18f105fee7f1eb3 (diff)
1 files changed, 26 insertions, 1 deletions
diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
index a9c3ad4f7948..d2bbafa04b3c 100644
--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c
@@ -512,6 +512,10 @@ cpu_enable_cache_maint_trap(const struct arm64_cpu_capabilities *__unused)
        .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM,                 \
        CAP_MIDR_RANGE_LIST(midr_list)
+/* Track overall mitigation state. We are only mitigated if all cores are ok */
+static bool __hardenbp_enab = true;
+static bool __spectrev2_safe = true;
 /*
 * List of CPUs that do not need any Spectre-v2 mitigation at all.
 */
@@ -522,6 +526,10 @@ static const struct midr_range spectre_v2_safe_list[] = {
        { /* sentinel */ }
 };
+/*
+ * Track overall bp hardening for all heterogeneous cores in the machine.
+ * We are only considered "safe" if all booted cores are known safe.
+ */
 static bool __maybe_unused
 check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope)
 {
@@ -543,6 +551,8 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope)
        if (!need_wa)
                return false;
+        __spectrev2_safe = false;
        if (!IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR)) {
                pr_warn_once("spectrev2 mitigation disabled by kernel configuration\n");
                __hardenbp_enab = false;
@@ -552,11 +562,14 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope)
        /* forced off */
        if (__nospectre_v2) {
                pr_info_once("spectrev2 mitigation disabled by command line option\n");
+                __hardenbp_enab = false;
                return false;
        }
-        if (need_wa < 0)
+        if (need_wa < 0) {
                pr_warn_once("ARM_SMCCC_ARCH_WORKAROUND_1 missing from firmware\n");
+                __hardenbp_enab = false;
+        }
        return (need_wa > 0);
 }
@@ -779,3 +792,15 @@ ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr,
 {
        return sprintf(buf, "Mitigation: __user pointer sanitization\n");
 }
+ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr,
+                char *buf)
+{
+        if (__spectrev2_safe)
+                return sprintf(buf, "Not affected\n");
+        if (__hardenbp_enab)
+                return sprintf(buf, "Mitigation: Branch predictor hardening\n");
+        return sprintf(buf, "Vulnerable\n");
+}
author	Jeremy Linton <jeremy.linton@arm.com>	2019-04-15 17:21:26 -0400
committer	Will Deacon <will.deacon@arm.com>	2019-04-26 11:31:36 -0400
commit	d2532e27b5638bb2e2dd52b80b7ea2ec65135377 (patch)
tree	31f1be21c8df7abee8f3235afcad6fa411fb133c
parent	8c1e3d2bb44cbb998cb28ff9a18f105fee7f1eb3 (diff)