| 1 |
From foo@baz Tue Mar 8 08:47:19 PM CET 2022 |
| 2 |
From: James Morse <james.morse@arm.com> |
| 3 |
Date: Tue, 8 Feb 2022 16:08:13 +0000 |
| 4 |
Subject: arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 |
| 5 |
|
| 6 |
From: James Morse <james.morse@arm.com> |
| 7 |
|
| 8 |
commit dee435be76f4117410bbd90573a881fd33488f37 upstream. |
| 9 |
|
| 10 |
Speculation attacks against some high-performance processors can |
| 11 |
make use of branch history to influence future speculation as part of |
| 12 |
a spectre-v2 attack. This is not mitigated by CSV2, meaning CPUs that |
| 13 |
previously reported 'Not affected' are now moderately mitigated by CSV2. |
| 14 |
|
| 15 |
Update the value in /sys/devices/system/cpu/vulnerabilities/spectre_v2 |
| 16 |
to also show the state of the BHB mitigation. |
| 17 |
|
| 18 |
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com> |
| 19 |
Signed-off-by: James Morse <james.morse@arm.com> |
| 20 |
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| 21 |
--- |
| 22 |
arch/arm64/include/asm/spectre.h | 2 ++ |
| 23 |
arch/arm64/kernel/proton-pack.c | 36 ++++++++++++++++++++++++++++++++++-- |
| 24 |
2 files changed, 36 insertions(+), 2 deletions(-) |
| 25 |
|
| 26 |
--- a/arch/arm64/include/asm/spectre.h |
| 27 |
+++ b/arch/arm64/include/asm/spectre.h |
| 28 |
@@ -93,5 +93,7 @@ void spectre_v4_enable_task_mitigation(s |
| 29 |
|
| 30 |
enum mitigation_state arm64_get_meltdown_state(void); |
| 31 |
|
| 32 |
+enum mitigation_state arm64_get_spectre_bhb_state(void); |
| 33 |
+ |
| 34 |
#endif /* __ASSEMBLY__ */ |
| 35 |
#endif /* __ASM_SPECTRE_H */ |
| 36 |
--- a/arch/arm64/kernel/proton-pack.c |
| 37 |
+++ b/arch/arm64/kernel/proton-pack.c |
| 38 |
@@ -96,14 +96,39 @@ static bool spectre_v2_mitigations_off(v |
| 39 |
return ret; |
| 40 |
} |
| 41 |
|
| 42 |
+static const char *get_bhb_affected_string(enum mitigation_state bhb_state) |
| 43 |
+{ |
| 44 |
+ switch (bhb_state) { |
| 45 |
+ case SPECTRE_UNAFFECTED: |
| 46 |
+ return ""; |
| 47 |
+ default: |
| 48 |
+ case SPECTRE_VULNERABLE: |
| 49 |
+ return ", but not BHB"; |
| 50 |
+ case SPECTRE_MITIGATED: |
| 51 |
+ return ", BHB"; |
| 52 |
+ } |
| 53 |
+} |
| 54 |
+ |
| 55 |
ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, |
| 56 |
char *buf) |
| 57 |
{ |
| 58 |
+ enum mitigation_state bhb_state = arm64_get_spectre_bhb_state(); |
| 59 |
+ const char *bhb_str = get_bhb_affected_string(bhb_state); |
| 60 |
+ const char *v2_str = "Branch predictor hardening"; |
| 61 |
+ |
| 62 |
switch (spectre_v2_state) { |
| 63 |
case SPECTRE_UNAFFECTED: |
| 64 |
- return sprintf(buf, "Not affected\n"); |
| 65 |
+ if (bhb_state == SPECTRE_UNAFFECTED) |
| 66 |
+ return sprintf(buf, "Not affected\n"); |
| 67 |
+ |
| 68 |
+ /* |
| 69 |
+ * Platforms affected by Spectre-BHB can't report |
| 70 |
+ * "Not affected" for Spectre-v2. |
| 71 |
+ */ |
| 72 |
+ v2_str = "CSV2"; |
| 73 |
+ fallthrough; |
| 74 |
case SPECTRE_MITIGATED: |
| 75 |
- return sprintf(buf, "Mitigation: Branch predictor hardening\n"); |
| 76 |
+ return sprintf(buf, "Mitigation: %s%s\n", v2_str, bhb_str); |
| 77 |
case SPECTRE_VULNERABLE: |
| 78 |
fallthrough; |
| 79 |
default: |
| 80 |
@@ -771,6 +796,13 @@ int arch_prctl_spec_ctrl_get(struct task |
| 81 |
} |
| 82 |
} |
| 83 |
|
| 84 |
+static enum mitigation_state spectre_bhb_state; |
| 85 |
+ |
| 86 |
+enum mitigation_state arm64_get_spectre_bhb_state(void) |
| 87 |
+{ |
| 88 |
+ return spectre_bhb_state; |
| 89 |
+} |
| 90 |
+ |
| 91 |
/* Patched to NOP when enabled */ |
| 92 |
void noinstr spectre_bhb_patch_loop_mitigation_enable(struct alt_instr *alt, |
| 93 |
__le32 *origptr, |
Parent Directory
| 
Revision Log