[for-stable-v4.19,00/16] arm64 spec mitigation backports

Message ID	20191008153930.15386-1-ard.biesheuvel@linaro.org (mailing list archive)
Headers	show Return-Path: <SRS0=VkzL=YB=lists.infradead.org=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 928A221721 From: Ard Biesheuvel <ard.biesheuvel@linaro.org> To: linux-arm-kernel@lists.infradead.org Subject: [PATCH for-stable-v4.19 00/16] arm64 spec mitigation backports Date: Tue, 8 Oct 2019 17:39:14 +0200 Message-Id: <20191008153930.15386-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:343 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid Precedence: list Cc: Mark Rutland <mark.rutland@arm.com>, Ard Biesheuvel <ard.biesheuvel@linaro.org>, Marc Zyngier <maz@kernel.org>, Suzuki K Poulose <suzuki.poulose@arm.com>, stable@vger.kernel.org, Andre Przywara <andre.przywara@arm.com>, Jeremy Linton <jeremy.linton@arm.com>, Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will@kernel.org> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org> Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org
Series	arm64 spec mitigation backports \| expand [for-stable-v4.19,00/16] arm64 spec mitigation backports [for-stable-v4.19,01/16] arm64: cpufeature: Detect SSBS and advertise to userspace [for-stable-v4.19,02/16] arm64: ssbd: Add support for PSTATE.SSBS rather than trapping to EL3 [for-stable-v4.19,03/16] KVM: arm64: Set SCTLR_EL2.DSSBS if SSBD is forcefully disabled and !vhe [for-stable-v4.19,04/16] arm64: docs: Document SSBS HWCAP [for-stable-v4.19,05/16] arm64: fix SSBS sanitization [for-stable-v4.19,06/16] arm64: Add sysfs vulnerability show for spectre-v1 [for-stable-v4.19,07/16] arm64: add sysfs vulnerability show for meltdown [for-stable-v4.19,08/16] arm64: enable generic CPU vulnerabilites support [for-stable-v4.19,09/16] arm64: Always enable ssb vulnerability detection [for-stable-v4.19,10/16] arm64: Provide a command line to disable spectre_v2 mitigation [for-stable-v4.19,11/16] arm64: Advertise mitigation of Spectre-v2, or lack thereof [for-stable-v4.19,12/16] arm64: Always enable spectre-v2 vulnerability detection [for-stable-v4.19,13/16] arm64: add sysfs vulnerability show for spectre-v2 [for-stable-v4.19,14/16] arm64: add sysfs vulnerability show for speculative store bypass [for-stable-v4.19,15/16] arm64: ssbs: Don't treat CPUs with SSBS as unaffected by SSB [for-stable-v4.19,16/16] arm64: Force SSBS on context switch

Message ID

20191008153930.15386-1-ard.biesheuvel@linaro.org (mailing list archive)

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 928A221721
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH for-stable-v4.19 00/16] arm64 spec mitigation backports
Date: Tue,  8 Oct 2019 17:39:14 +0200
Message-Id: <20191008153930.15386-1-ard.biesheuvel@linaro.org>
MIME-Version: 1.0
Precedence: list
Cc: Mark Rutland <mark.rutland@arm.com>,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>, Marc Zyngier <maz@kernel.org>,
 Suzuki K Poulose <suzuki.poulose@arm.com>, stable@vger.kernel.org,
 Andre Przywara <andre.przywara@arm.com>,
 Jeremy Linton <jeremy.linton@arm.com>,
 Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will@kernel.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org

Series

arm64 spec mitigation backports | expand

Message

Ard Biesheuvel Oct. 8, 2019, 3:39 p.m. UTC

This is a backport to v4.19 of the arm64 patches that exists in mainline
to support CPUs that implement the SSBS capability, which gives the OS
and user space control over whether Speculative Store Bypass is
permitted in certain contexts. This gives a substantial performance
boost on hardware that implements it.

At the same time, this series backports arm64 support for reporting
of vulnerabilities via syfs. This is covered by the same series since
it produces a much cleaner backport, where none of the patches required
any changes beyond some manual mangling of the context to make them apply.

Build tested using a fair number of randconfig builds. Boot tested
under KVM and on ThunderX2.

Cc: Will Deacon <will@kernel.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Marc Zyngier <maz@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
Cc: Jeremy Linton <jeremy.linton@arm.com>
Cc: Andre Przywara <andre.przywara@arm.com>

Jeremy Linton (6):
  arm64: add sysfs vulnerability show for meltdown
  arm64: Always enable ssb vulnerability detection
  arm64: Provide a command line to disable spectre_v2 mitigation
  arm64: Always enable spectre-v2 vulnerability detection
  arm64: add sysfs vulnerability show for spectre-v2
  arm64: add sysfs vulnerability show for speculative store bypass

Marc Zyngier (2):
  arm64: Advertise mitigation of Spectre-v2, or lack thereof
  arm64: Force SSBS on context switch

Mark Rutland (1):
  arm64: fix SSBS sanitization

Mian Yousaf Kaukab (2):
  arm64: Add sysfs vulnerability show for spectre-v1
  arm64: enable generic CPU vulnerabilites support

Will Deacon (5):
  arm64: cpufeature: Detect SSBS and advertise to userspace
  arm64: ssbd: Add support for PSTATE.SSBS rather than trapping to EL3
  KVM: arm64: Set SCTLR_EL2.DSSBS if SSBD is forcefully disabled and
    !vhe
  arm64: docs: Document SSBS HWCAP
  arm64: ssbs: Don't treat CPUs with SSBS as unaffected by SSB

 Documentation/admin-guide/kernel-parameters.txt |   8 +-
 Documentation/arm64/elf_hwcaps.txt              |   4 +
 arch/arm64/Kconfig                              |   1 +
 arch/arm64/include/asm/cpucaps.h                |   3 +-
 arch/arm64/include/asm/cpufeature.h             |   4 -
 arch/arm64/include/asm/kvm_host.h               |  11 +
 arch/arm64/include/asm/processor.h              |  17 ++
 arch/arm64/include/asm/ptrace.h                 |   1 +
 arch/arm64/include/asm/sysreg.h                 |  19 +-
 arch/arm64/include/uapi/asm/hwcap.h             |   1 +
 arch/arm64/include/uapi/asm/ptrace.h            |   1 +
 arch/arm64/kernel/cpu_errata.c                  | 235 +++++++++++++++-----
 arch/arm64/kernel/cpufeature.c                  | 122 ++++++++--
 arch/arm64/kernel/cpuinfo.c                     |   1 +
 arch/arm64/kernel/process.c                     |  31 +++
 arch/arm64/kernel/ptrace.c                      |  15 +-
 arch/arm64/kernel/ssbd.c                        |  21 ++
 arch/arm64/kvm/hyp/sysreg-sr.c                  |  11 +
 18 files changed, 410 insertions(+), 96 deletions(-)

Comments

Greg KH Oct. 9, 2019, 8:04 a.m. UTC | #1

On Tue, Oct 08, 2019 at 05:39:14PM +0200, Ard Biesheuvel wrote:
> This is a backport to v4.19 of the arm64 patches that exists in mainline
> to support CPUs that implement the SSBS capability, which gives the OS
> and user space control over whether Speculative Store Bypass is
> permitted in certain contexts. This gives a substantial performance
> boost on hardware that implements it.
> 
> At the same time, this series backports arm64 support for reporting
> of vulnerabilities via syfs. This is covered by the same series since
> it produces a much cleaner backport, where none of the patches required
> any changes beyond some manual mangling of the context to make them apply.
> 
> Build tested using a fair number of randconfig builds. Boot tested
> under KVM and on ThunderX2.

All now queued up, thanks.

greg k-h

Ard Biesheuvel Oct. 9, 2019, 8:17 a.m. UTC | #2

On Wed, 9 Oct 2019 at 10:04, Greg KH <greg@kroah.com> wrote:
>
> On Tue, Oct 08, 2019 at 05:39:14PM +0200, Ard Biesheuvel wrote:
> > This is a backport to v4.19 of the arm64 patches that exists in mainline
> > to support CPUs that implement the SSBS capability, which gives the OS
> > and user space control over whether Speculative Store Bypass is
> > permitted in certain contexts. This gives a substantial performance
> > boost on hardware that implements it.
> >
> > At the same time, this series backports arm64 support for reporting
> > of vulnerabilities via syfs. This is covered by the same series since
> > it produces a much cleaner backport, where none of the patches required
> > any changes beyond some manual mangling of the context to make them apply.
> >
> > Build tested using a fair number of randconfig builds. Boot tested
> > under KVM and on ThunderX2.
>
> All now queued up, thanks.
>

Thanks Greg.