[PATCH 00/19] Fix and rewrite arm64 spectre mitigations

Will Deacon will at kernel.org
Fri Sep 18 12:47:10 EDT 2020 

Hi everyone,

	If there's something strange in your CPU, who you gonna call?

Well, if you're trundling along on an arm64 processor, git blame will
suggest that Marc and I need to pick up the phone. Unfortunately, if the
ghost in question is Spectre v2 or Spectre v4, then we'll have to call
you back because our mitigations are in a pretty bad way. They used to
work, but due to changes with the cpufeature code, they haven't been
working properly for some time. And guess what? People haven't noticed
because this stuff is practically impossible to test, even if you have
a system where mitigations are available.

The temptation was to remove the code entirely, but after putting in
some effort to untangle it, we ended up knocking it into a much better
shape. Although that doesn't change the fact that we can't test it very
well, it certainly appears to behave better than the old code in situations
such as:

  - Err... wanting mitigation on more than one CPU

  - Not changing the mitigation state at runtime (i.e. after userspace
    has started running)

  - Gracefully handling failure to bring late CPUs online (previously
    this would only happen _after_ updating the mitigation state!)

  - Clear separation between mitigation state (am I vulnerable?) and
    policy (the user wants to go fast)

  - Removal of the hideously expensive "dynamic" Spectre-v2 mitigation
    for KVM guests

  - Being easier to read, including the addition of comments

As this is a complete rewrite, parts of the series are pretty grotty
to review; it's easier to apply the whole lot first and then look at the
new code, especially as the old implementation is pretty much unreadable
anyway.

The first three patches are fixes targetting stable. Given the current
state of this stuff, I think that the rest of the series is 5.10 material,
as we're hardly going to make anything worse here.

Cheers,

Will

Cc: Catalin Marinas <catalin.marinas at arm.com>
Cc: Suzuki K Poulose <suzuki.poulose at arm.com>
Cc: David Brazdil <dbrazdil at google.com>

--->8

Marc Zyngier (8):
  arm64: Make use of ARCH_WORKAROUND_1 even when KVM is not enabled
  arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs
  arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs
  KVM: arm64: Set CSV2 for guests on hardware unaffected by Spectre-v2
  KVM: arm64: Simplify handling of ARCH_WORKAROUND_2
  KVM: arm64: Get rid of kvm_arm_have_ssbd()
  KVM: arm64: Convert ARCH_WORKAROUND_2 to arm64_get_spectre_v4_state()
  arm64: Get rid of arm64_ssbd_state

Will Deacon (11):
  arm64: Remove Spectre-related CONFIG_* options
  KVM: arm64: Replace CONFIG_KVM_INDIRECT_VECTORS with
    CONFIG_RANDOMIZE_BASE
  KVM: arm64: Simplify install_bp_hardening_cb()
  arm64: Rename ARM64_HARDEN_BRANCH_PREDICTOR to ARM64_SPECTRE_V2
  arm64: Introduce separate file for spectre mitigations and reporting
  arm64: Rewrite Spectre-v2 mitigation code
  arm64: Group start_thread() functions together
  arm64: Treat SSBS as a non-strict system feature
  arm64: Rename ARM64_SSBD to ARM64_SPECTRE_V4
  arm64: Move SSBD prctl() handler alongside other spectre mitigation
    code
  arm64: Rewrite Spectre-v4 mitigation code

 arch/arm64/Kconfig                      |  26 -
 arch/arm64/include/asm/cpucaps.h        |   4 +-
 arch/arm64/include/asm/cpufeature.h     |  24 -
 arch/arm64/include/asm/kvm_asm.h        |   5 +-
 arch/arm64/include/asm/kvm_emulate.h    |  14 -
 arch/arm64/include/asm/kvm_host.h       |  40 --
 arch/arm64/include/asm/kvm_mmu.h        |  53 +-
 arch/arm64/include/asm/mmu.h            |  11 +-
 arch/arm64/include/asm/processor.h      |  44 +-
 arch/arm64/include/asm/spectre.h        |  32 +
 arch/arm64/include/uapi/asm/kvm.h       |   9 +
 arch/arm64/kernel/Makefile              |   3 +-
 arch/arm64/kernel/cpu_errata.c          | 487 +--------------
 arch/arm64/kernel/cpufeature.c          |  51 +-
 arch/arm64/kernel/entry.S               |  10 +-
 arch/arm64/kernel/hibernate.c           |   6 +-
 arch/arm64/kernel/image-vars.h          |   2 -
 arch/arm64/kernel/process.c             |  17 +-
 arch/arm64/kernel/proton-pack.c         | 763 ++++++++++++++++++++++++
 arch/arm64/kernel/ssbd.c                | 129 ----
 arch/arm64/kernel/suspend.c             |   3 +-
 arch/arm64/kvm/Kconfig                  |   3 -
 arch/arm64/kvm/arm.c                    |   6 +-
 arch/arm64/kvm/hyp/Makefile             |   2 +-
 arch/arm64/kvm/hyp/hyp-entry.S          |  31 +-
 arch/arm64/kvm/hyp/include/hyp/switch.h |  33 -
 arch/arm64/kvm/hyp/nvhe/switch.c        |   4 -
 arch/arm64/kvm/hyp/vhe/switch.c         |   4 -
 arch/arm64/kvm/hypercalls.c             |  33 +-
 arch/arm64/kvm/psci.c                   |  74 ++-
 arch/arm64/kvm/reset.c                  |   4 -
 arch/arm64/kvm/sys_regs.c               |   3 +
 32 files changed, 920 insertions(+), 1010 deletions(-)
 create mode 100644 arch/arm64/include/asm/spectre.h
 create mode 100644 arch/arm64/kernel/proton-pack.c
 delete mode 100644 arch/arm64/kernel/ssbd.c

-- 
2.28.0.681.g6f77f65b4e-goog

More information about the linux-arm-kernel mailing list