Arm64 machines should be displaying a human readable
vulnerability status to speculative execution attacks in
/sys/devices/system/cpu/vulnerabilities
This series enables that behavior by providing the expected
functions. Those functions expose the cpu errata and feature
states, as well as whether firmware is responding appropriately
to display the overall machine status. This means that in a
heterogeneous machine we will only claim the machine is mitigated
or safe if we are confident all booted cores are safe or
mitigated.
v3->v4:
Drop the patch which selectivly exports sysfs entries
Remove the CONFIG_EXPERT hidden options which allowed
the kernel to be built without the vulnerability
detection code.
Pick Marc Z's patches which invert the white/black
lists for spectrev2 and clean up the firmware
detection logic.
Document the existing kpti controls
Add a nospectre_v2 option to boot time disable the
mitigation
v2->v3:
Remove "Unknown" states, replace with further blacklists
and default vulnerable/not affected states.
Add the ability for an arch port to selectively export
sysfs vulnerabilities.
v1->v2:
Add "Unknown" state to ABI/testing docs.
Minor tweaks.
Jeremy Linton (8):
Documentation: Document arm64 kpti control
arm64: Provide a command line to disable spectre_v2 mitigation
arm64: Remove the ability to build a kernel without ssbd
arm64: remove the ability to build a kernel without hardened branch
predictors
arm64: remove the ability to build a kernel without kpti
arm64: add sysfs vulnerability show for meltdown
arm64: add sysfs vulnerability show for spectre v2
arm64: add sysfs vulnerability show for speculative store bypass
Marc Zyngier (2):
arm64: Advertise mitigation of Spectre-v2, or lack thereof
arm64: Use firmware to detect CPUs that are not affected by Spectre-v2
Mian Yousaf Kaukab (2):
arm64: add sysfs vulnerability show for spectre v1
arm64: enable generic CPU vulnerabilites support
.../admin-guide/kernel-parameters.txt | 14 +-
arch/arm64/Kconfig | 39 +--
arch/arm64/include/asm/cpufeature.h | 8 -
arch/arm64/include/asm/fixmap.h | 2 -
arch/arm64/include/asm/kvm_mmu.h | 19 --
arch/arm64/include/asm/mmu.h | 19 +-
arch/arm64/include/asm/sdei.h | 2 +-
arch/arm64/kernel/Makefile | 3 +-
arch/arm64/kernel/asm-offsets.c | 2 -
arch/arm64/kernel/cpu_errata.c | 242 ++++++++++++------
arch/arm64/kernel/cpufeature.c | 41 ++-
arch/arm64/kernel/entry.S | 15 +-
arch/arm64/kernel/sdei.c | 2 -
arch/arm64/kernel/vmlinux.lds.S | 8 -
arch/arm64/kvm/Kconfig | 3 -
arch/arm64/kvm/hyp/hyp-entry.S | 4 -
arch/arm64/kvm/hyp/switch.c | 4 -
arch/arm64/mm/context.c | 6 -
arch/arm64/mm/mmu.c | 2 -
arch/arm64/mm/proc.S | 2 -
20 files changed, 207 insertions(+), 230 deletions(-)
--
2.17.2
