diff options
| author | Christoph Muellner <christoph.muellner@theobroma-systems.com> | 2018-03-20 11:16:02 +0100 |
|---|---|---|
| committer | Christoph Muellner <christoph.muellner@theobroma-systems.com> | 2018-04-27 08:28:29 +0200 |
| commit | 685aaecf4e90f0c1148222e95629ca562e8093db (patch) | |
| tree | 0da2df49a7973f54a7cd0e1fb8fe48e725ce1621 /arch/arm64/kernel/cpu_errata.c | |
| parent | 5a0f312409eab96928a95598d440cf54b5cf7153 (diff) | |
arm64: Introduce retpoline for aarch64/arm64.linux-4.16.5-amp
This patch adds retpoline support for aarch64.
This includes:
* Kconfig flag CONFIG_RETPOLINE to enable it
* testing for required compiler support
* generation of external retpoline thunk functions
* patches for the arm64 specific assembly code
* Enable /sys/devices/system/cpu/vulnerabilities
* arm64: retpoline: Use kernel's EXPORT_SYMBOL macro.
* arm64: retpoline: Add thunks for x29 and x30.
* arm64: retpoline: Add function signature for symbol versioning.
Signed-off-by: Christoph Muellner <christoph.muellner@theobroma-systems.com>
Diffstat (limited to 'arch/arm64/kernel/cpu_errata.c')
| -rw-r--r-- | arch/arm64/kernel/cpu_errata.c | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index b5a28336c077..b6a20b767af6 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -462,3 +462,67 @@ void __init enable_errata_workarounds(void) { enable_cpu_capabilities(arm64_errata); } + +static inline bool retp_compiler(void) +{ + return __is_defined(RETPOLINE); +} + +/* The Spectre V2 mitigation variants */ +enum spectre_v2_mitigation { + SPECTRE_V2_NONE, + SPECTRE_V2_RETPOLINE_MINIMAL, + SPECTRE_V2_RETPOLINE_GENERIC, +}; + +static const char *spectre_v2_strings[] = { + [SPECTRE_V2_NONE] = "Vulnerable", + [SPECTRE_V2_RETPOLINE_MINIMAL] = "Vulnerable: Minimal generic ASM retpoline", + [SPECTRE_V2_RETPOLINE_GENERIC] = "Mitigation: Full generic retpoline", +}; + +enum spectre_v2_mitigation get_spectre_v2_mitigation(void) +{ + enum spectre_v2_mitigation mode; + +#ifndef RETPOLINE + return SPECTRE_V2_NONE; +#endif + + mode = retp_compiler() ? SPECTRE_V2_RETPOLINE_GENERIC : + SPECTRE_V2_RETPOLINE_MINIMAL; + + return mode; +} + +#ifdef RETPOLINE +static bool spectre_v2_bad_module; + +bool retpoline_module_ok(bool has_retpoline) +{ + if (has_retpoline) + return true; + + pr_err("System may be vulnerable to spectre v2\n"); + spectre_v2_bad_module = true; + return false; +} + +static inline const char *spectre_v2_module_string(void) +{ + return spectre_v2_bad_module ? " - vulnerable module loaded" : ""; +} +#else +static inline const char *spectre_v2_module_string(void) { return ""; } +#endif + +#ifdef CONFIG_SYSFS +ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf) +{ + enum spectre_v2_mitigation mode; + + mode = get_spectre_v2_mitigation(); + return sprintf(buf, "%s%s\n", spectre_v2_strings[mode], + spectre_v2_module_string()); +} +#endif |