| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1b07e031-6b82-2a9e-9c0e-0617685b9ef3@arm.com>
Date: Fri, 1 Mar 2019 10:16:41 -0600
From: Jeremy Linton <jeremy.linton@....com>
To: Andre Przywara <andre.przywara@....com>,
linux-arm-kernel@...ts.infradead.org
Cc: catalin.marinas@....com, will.deacon@....com, marc.zyngier@....com,
suzuki.poulose@....com, Dave.Martin@....com,
shankerd@...eaurora.org, julien.thierry@....com,
mlangsdo@...hat.com, stefan.wahren@....com,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v5 08/10] arm64: Always enable ssb vulnerability detection
On 3/1/19 1:02 AM, Andre Przywara wrote:
> Hi,
>
> On 2/26/19 7:05 PM, Jeremy Linton wrote:
>> The ssb detection logic is necessary regardless of whether
>> the vulnerability mitigation code is built into the kernel.
>> Break it out so that the CONFIG option only controls the
>> mitigation logic and not the vulnerability detection.
>>
>> Signed-off-by: Jeremy Linton <jeremy.linton@....com>
>> ---
>> arch/arm64/include/asm/cpufeature.h | 4 ----
>> arch/arm64/kernel/cpu_errata.c | 11 +++++++----
>> 2 files changed, 7 insertions(+), 8 deletions(-)
>>
>> diff --git a/arch/arm64/include/asm/cpufeature.h
>> b/arch/arm64/include/asm/cpufeature.h
>> index dfcfba725d72..c2b60a021437 100644
>> --- a/arch/arm64/include/asm/cpufeature.h
>> +++ b/arch/arm64/include/asm/cpufeature.h
>> @@ -628,11 +628,7 @@ static inline int arm64_get_ssbd_state(void)
>> #endif
>> }
>> -#ifdef CONFIG_ARM64_SSBD
>> void arm64_set_ssbd_mitigation(bool state);
>> -#else
>> -static inline void arm64_set_ssbd_mitigation(bool state) {}
>> -#endif
>> extern int do_emulate_mrs(struct pt_regs *regs, u32 sys_reg, u32 rt);
>> diff --git a/arch/arm64/kernel/cpu_errata.c
>> b/arch/arm64/kernel/cpu_errata.c
>> index 0f6e8f5d67bc..5f5611d17dc1 100644
>> --- a/arch/arm64/kernel/cpu_errata.c
>> +++ b/arch/arm64/kernel/cpu_errata.c
>> @@ -276,7 +276,6 @@ static int detect_harden_bp_fw(void)
>> return 1;
>> }
>> -#ifdef CONFIG_ARM64_SSBD
>> DEFINE_PER_CPU_READ_MOSTLY(u64, arm64_ssbd_callback_required);
>> int ssbd_state __read_mostly = ARM64_SSBD_KERNEL;
>> @@ -347,6 +346,7 @@ void __init arm64_enable_wa2_handling(struct
>> alt_instr *alt,
>> *updptr = cpu_to_le32(aarch64_insn_gen_nop());
>> }
>> +#ifdef CONFIG_ARM64_SSBD
>> void arm64_set_ssbd_mitigation(bool state)
>> {
>> if (this_cpu_has_cap(ARM64_SSBS)) {
>> @@ -371,6 +371,12 @@ void arm64_set_ssbd_mitigation(bool state)
>> break;
>> }
>> }
>> +#else
>> +void arm64_set_ssbd_mitigation(bool state)
>> +{
>> + pr_info_once("SSBD, disabled by kernel configuration\n");
>
> Is there a stray comma or is the continuation of some previous printout?
This is on purpose because I didn't like the way it read if you expanded
the acronym. I still don't, maybe a ":" is more appropriate.
>
> Regardless of that it looks good and compiles with both
> CONFIG_ARM64_SSBD defined or not:
>
> Reviewed-by: Andre Przywara <andre.przywara@....com>
>
> Cheers,
> Andre.
>
>> +}
>> +#endif /* CONFIG_ARM64_SSBD */
>> static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities
>> *entry,
>> int scope)
>> @@ -468,7 +474,6 @@ static bool has_ssbd_mitigation(const struct
>> arm64_cpu_capabilities *entry,
>> return required;
>> }
>> -#endif /* CONFIG_ARM64_SSBD */
>> static void __maybe_unused
>> cpu_enable_cache_maint_trap(const struct arm64_cpu_capabilities
>> *__unused)
>> @@ -760,14 +765,12 @@ const struct arm64_cpu_capabilities
>> arm64_errata[] = {
>> ERRATA_MIDR_RANGE_LIST(arm64_harden_el2_vectors),
>> },
>> #endif
>> -#ifdef CONFIG_ARM64_SSBD
>> {
>> .desc = "Speculative Store Bypass Disable",
>> .capability = ARM64_SSBD,
>> .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM,
>> .matches = has_ssbd_mitigation,
>> },
>> -#endif
>> #ifdef CONFIG_ARM64_ERRATUM_1188873
>> {
>> /* Cortex-A76 r0p0 to r2p0 */
>>
Powered by blists - more mailing lists