ARM: report Spectre v2 status through sysfs

/* SPDX-License-Identifier: GPL-2.0-only */

#ifndef __ASM_SPECTRE_H

#define __ASM_SPECTRE_H

enum {

	SPECTRE_UNAFFECTED,

	SPECTRE_MITIGATED,

	SPECTRE_VULNERABLE,

};

enum {

	__SPECTRE_V2_METHOD_BPIALL,

	__SPECTRE_V2_METHOD_ICIALLU,

	__SPECTRE_V2_METHOD_SMC,

	__SPECTRE_V2_METHOD_HVC,

};

enum {

	SPECTRE_V2_METHOD_BPIALL = BIT(__SPECTRE_V2_METHOD_BPIALL),

	SPECTRE_V2_METHOD_ICIALLU = BIT(__SPECTRE_V2_METHOD_ICIALLU),

	SPECTRE_V2_METHOD_SMC = BIT(__SPECTRE_V2_METHOD_SMC),

	SPECTRE_V2_METHOD_HVC = BIT(__SPECTRE_V2_METHOD_HVC),

};

void spectre_v2_update_state(unsigned int state, unsigned int methods);

#endif

obj-$(CONFIG_HAVE_ARM_SMCCC)	+= smccc-call.o

obj-$(CONFIG_GENERIC_CPU_VULNERABILITIES) += spectre.o

extra-y := $(head-y) vmlinux.lds

// SPDX-License-Identifier: GPL-2.0-only

#include <linux/cpu.h>

#include <linux/device.h>

#include <asm/spectre.h>

ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr,

			    char *buf)

{

	return sprintf(buf, "Mitigation: __user pointer sanitization\n");

}

static unsigned int spectre_v2_state;

static unsigned int spectre_v2_methods;

void spectre_v2_update_state(unsigned int state, unsigned int method)

{

	if (state > spectre_v2_state)

		spectre_v2_state = state;

	spectre_v2_methods |= method;

}

ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr,

			    char *buf)

{

	const char *method;

	if (spectre_v2_state == SPECTRE_UNAFFECTED)

		return sprintf(buf, "%s\n", "Not affected");

	if (spectre_v2_state != SPECTRE_MITIGATED)

		return sprintf(buf, "%s\n", "Vulnerable");

	switch (spectre_v2_methods) {

	case SPECTRE_V2_METHOD_BPIALL:

		method = "Branch predictor hardening";

		break;

	case SPECTRE_V2_METHOD_ICIALLU:

		method = "I-cache invalidation";

		break;

	case SPECTRE_V2_METHOD_SMC:

	case SPECTRE_V2_METHOD_HVC:

		method = "Firmware call";

		break;

	default:

		method = "Multiple mitigations";

		break;

	}

	return sprintf(buf, "Mitigation: %s\n", method);

}

config CPU_SPECTRE

	bool

	select GENERIC_CPU_VULNERABILITIES

config HARDEN_BRANCH_PREDICTOR

	bool "Harden the branch predictor against aliasing attacks" if EXPERT

#include <asm/cp15.h>

#include <asm/cputype.h>

#include <asm/proc-fns.h>

#include <asm/spectre.h>

#include <asm/system_misc.h>

#ifdef CONFIG_ARM_PSCI

#define SMCCC_ARCH_WORKAROUND_RET_UNAFFECTED	1

static int __maybe_unused spectre_v2_get_cpu_fw_mitigation_state(void)

{

	struct arm_smccc_res res;

	arm_smccc_1_1_invoke(ARM_SMCCC_ARCH_FEATURES_FUNC_ID,

			     ARM_SMCCC_ARCH_WORKAROUND_1, &res);

	switch ((int)res.a0) {

	case SMCCC_RET_SUCCESS:

		return SPECTRE_MITIGATED;

	case SMCCC_ARCH_WORKAROUND_RET_UNAFFECTED:

		return SPECTRE_UNAFFECTED;

	default:

		return SPECTRE_VULNERABLE;

	}

}

#else

static int __maybe_unused spectre_v2_get_cpu_fw_mitigation_state(void)

{

	return SPECTRE_VULNERABLE;

}

#endif

#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR

DEFINE_PER_CPU(harden_branch_predictor_fn_t, harden_branch_predictor_fn);

	arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_WORKAROUND_1, NULL);

}

static void cpu_v7_spectre_init(void)

static unsigned int spectre_v2_install_workaround(unsigned int method)

{

	const char *spectre_v2_method = NULL;

	int cpu = smp_processor_id();

	if (per_cpu(harden_branch_predictor_fn, cpu))

		return;

		return SPECTRE_MITIGATED;

	switch (method) {

	case SPECTRE_V2_METHOD_BPIALL:

		per_cpu(harden_branch_predictor_fn, cpu) =

			harden_branch_predictor_bpiall;

		spectre_v2_method = "BPIALL";

		break;

	case SPECTRE_V2_METHOD_ICIALLU:

		per_cpu(harden_branch_predictor_fn, cpu) =

			harden_branch_predictor_iciallu;

		spectre_v2_method = "ICIALLU";

		break;

	case SPECTRE_V2_METHOD_HVC:

		per_cpu(harden_branch_predictor_fn, cpu) =

			call_hvc_arch_workaround_1;

		cpu_do_switch_mm = cpu_v7_hvc_switch_mm;

		spectre_v2_method = "hypervisor";

		break;

	case SPECTRE_V2_METHOD_SMC:

		per_cpu(harden_branch_predictor_fn, cpu) =

			call_smc_arch_workaround_1;

		cpu_do_switch_mm = cpu_v7_smc_switch_mm;

		spectre_v2_method = "firmware";

		break;

	}

	if (spectre_v2_method)

		pr_info("CPU%u: Spectre v2: using %s workaround\n",

			smp_processor_id(), spectre_v2_method);

	return SPECTRE_MITIGATED;

}

#else

static unsigned int spectre_v2_install_workaround(unsigned int method)

{

	pr_info("CPU%u: Spectre V2: workarounds disabled by configuration\n");

	return SPECTRE_VULNERABLE;

}

#endif

static void cpu_v7_spectre_v2_init(void)

{

	unsigned int state, method = 0;

	switch (read_cpuid_part()) {

	case ARM_CPU_PART_CORTEX_A8:

	case ARM_CPU_PART_CORTEX_A17:

	case ARM_CPU_PART_CORTEX_A73:

	case ARM_CPU_PART_CORTEX_A75:

		per_cpu(harden_branch_predictor_fn, cpu) =

			harden_branch_predictor_bpiall;

		spectre_v2_method = "BPIALL";

		state = SPECTRE_MITIGATED;

		method = SPECTRE_V2_METHOD_BPIALL;

		break;

	case ARM_CPU_PART_CORTEX_A15:

	case ARM_CPU_PART_BRAHMA_B15:

		per_cpu(harden_branch_predictor_fn, cpu) =

			harden_branch_predictor_iciallu;

		spectre_v2_method = "ICIALLU";

		state = SPECTRE_MITIGATED;

		method = SPECTRE_V2_METHOD_ICIALLU;

		break;

#ifdef CONFIG_ARM_PSCI

	default:

		/* Other ARM CPUs require no workaround */

		if (read_cpuid_implementor() == ARM_CPU_IMP_ARM)

		if (read_cpuid_implementor() == ARM_CPU_IMP_ARM) {

			state = SPECTRE_UNAFFECTED;

			break;

		}

		/* fallthrough */

	/* Cortex A57/A72 require firmware workaround */

	case ARM_CPU_PART_CORTEX_A57:

	case ARM_CPU_PART_CORTEX_A72: {

		struct arm_smccc_res res;

		state = spectre_v2_get_cpu_fw_mitigation_state();

		if (state != SPECTRE_MITIGATED)

			break;

		if (psci_ops.smccc_version == SMCCC_VERSION_1_0)

			break;

					  ARM_SMCCC_ARCH_WORKAROUND_1, &res);

			if ((int)res.a0 != 0)

				break;

			per_cpu(harden_branch_predictor_fn, cpu) =

				call_hvc_arch_workaround_1;

			cpu_do_switch_mm = cpu_v7_hvc_switch_mm;

			spectre_v2_method = "hypervisor";

			method = SPECTRE_V2_METHOD_HVC;

			break;

		case PSCI_CONDUIT_SMC:

					  ARM_SMCCC_ARCH_WORKAROUND_1, &res);

			if ((int)res.a0 != 0)

				break;

			per_cpu(harden_branch_predictor_fn, cpu) =

				call_smc_arch_workaround_1;

			cpu_do_switch_mm = cpu_v7_smc_switch_mm;

			spectre_v2_method = "firmware";

			method = SPECTRE_V2_METHOD_SMC;

			break;

		default:

			state = SPECTRE_VULNERABLE;

			break;

		}

	}

#endif

	}

	if (spectre_v2_method)

		pr_info("CPU%u: Spectre v2: using %s workaround\n",

			smp_processor_id(), spectre_v2_method);

}

#else

static void cpu_v7_spectre_init(void)

{

	if (state == SPECTRE_MITIGATED)

		state = spectre_v2_install_workaround(method);

	spectre_v2_update_state(state, method);

}

#endif

static __maybe_unused bool cpu_v7_check_auxcr_set(bool *warned,

						  u32 mask, const char *msg)

void cpu_v7_ca8_ibe(void)

{

	if (check_spectre_auxcr(this_cpu_ptr(&spectre_warned), BIT(6)))

		cpu_v7_spectre_init();

		cpu_v7_spectre_v2_init();

}

void cpu_v7_ca15_ibe(void)

{

	if (check_spectre_auxcr(this_cpu_ptr(&spectre_warned), BIT(0)))

		cpu_v7_spectre_init();

		cpu_v7_spectre_v2_init();

}

void cpu_v7_bugs_init(void)

{

	cpu_v7_spectre_init();

	cpu_v7_spectre_v2_init();

}