1 |
From foo@baz Tue Mar 8 08:47:19 PM CET 2022 |
2 |
From: James Morse <james.morse@arm.com> |
3 |
Date: Tue, 8 Feb 2022 16:08:13 +0000 |
4 |
Subject: arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 |
5 |
|
6 |
From: James Morse <james.morse@arm.com> |
7 |
|
8 |
commit dee435be76f4117410bbd90573a881fd33488f37 upstream. |
9 |
|
10 |
Speculation attacks against some high-performance processors can |
11 |
make use of branch history to influence future speculation as part of |
12 |
a spectre-v2 attack. This is not mitigated by CSV2, meaning CPUs that |
13 |
previously reported 'Not affected' are now moderately mitigated by CSV2. |
14 |
|
15 |
Update the value in /sys/devices/system/cpu/vulnerabilities/spectre_v2 |
16 |
to also show the state of the BHB mitigation. |
17 |
|
18 |
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com> |
19 |
Signed-off-by: James Morse <james.morse@arm.com> |
20 |
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
21 |
--- |
22 |
arch/arm64/include/asm/spectre.h | 2 ++ |
23 |
arch/arm64/kernel/proton-pack.c | 36 ++++++++++++++++++++++++++++++++++-- |
24 |
2 files changed, 36 insertions(+), 2 deletions(-) |
25 |
|
26 |
--- a/arch/arm64/include/asm/spectre.h |
27 |
+++ b/arch/arm64/include/asm/spectre.h |
28 |
@@ -93,5 +93,7 @@ void spectre_v4_enable_task_mitigation(s |
29 |
|
30 |
enum mitigation_state arm64_get_meltdown_state(void); |
31 |
|
32 |
+enum mitigation_state arm64_get_spectre_bhb_state(void); |
33 |
+ |
34 |
#endif /* __ASSEMBLY__ */ |
35 |
#endif /* __ASM_SPECTRE_H */ |
36 |
--- a/arch/arm64/kernel/proton-pack.c |
37 |
+++ b/arch/arm64/kernel/proton-pack.c |
38 |
@@ -96,14 +96,39 @@ static bool spectre_v2_mitigations_off(v |
39 |
return ret; |
40 |
} |
41 |
|
42 |
+static const char *get_bhb_affected_string(enum mitigation_state bhb_state) |
43 |
+{ |
44 |
+ switch (bhb_state) { |
45 |
+ case SPECTRE_UNAFFECTED: |
46 |
+ return ""; |
47 |
+ default: |
48 |
+ case SPECTRE_VULNERABLE: |
49 |
+ return ", but not BHB"; |
50 |
+ case SPECTRE_MITIGATED: |
51 |
+ return ", BHB"; |
52 |
+ } |
53 |
+} |
54 |
+ |
55 |
ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, |
56 |
char *buf) |
57 |
{ |
58 |
+ enum mitigation_state bhb_state = arm64_get_spectre_bhb_state(); |
59 |
+ const char *bhb_str = get_bhb_affected_string(bhb_state); |
60 |
+ const char *v2_str = "Branch predictor hardening"; |
61 |
+ |
62 |
switch (spectre_v2_state) { |
63 |
case SPECTRE_UNAFFECTED: |
64 |
- return sprintf(buf, "Not affected\n"); |
65 |
+ if (bhb_state == SPECTRE_UNAFFECTED) |
66 |
+ return sprintf(buf, "Not affected\n"); |
67 |
+ |
68 |
+ /* |
69 |
+ * Platforms affected by Spectre-BHB can't report |
70 |
+ * "Not affected" for Spectre-v2. |
71 |
+ */ |
72 |
+ v2_str = "CSV2"; |
73 |
+ fallthrough; |
74 |
case SPECTRE_MITIGATED: |
75 |
- return sprintf(buf, "Mitigation: Branch predictor hardening\n"); |
76 |
+ return sprintf(buf, "Mitigation: %s%s\n", v2_str, bhb_str); |
77 |
case SPECTRE_VULNERABLE: |
78 |
fallthrough; |
79 |
default: |
80 |
@@ -771,6 +796,13 @@ int arch_prctl_spec_ctrl_get(struct task |
81 |
} |
82 |
} |
83 |
|
84 |
+static enum mitigation_state spectre_bhb_state; |
85 |
+ |
86 |
+enum mitigation_state arm64_get_spectre_bhb_state(void) |
87 |
+{ |
88 |
+ return spectre_bhb_state; |
89 |
+} |
90 |
+ |
91 |
/* Patched to NOP when enabled */ |
92 |
void noinstr spectre_bhb_patch_loop_mitigation_enable(struct alt_instr *alt, |
93 |
__le32 *origptr, |