OSDN Git Service

arm64: ssbd: Add prctl interface for per-thread mitigation
authorMarc Zyngier <marc.zyngier@arm.com>
Tue, 29 May 2018 12:11:14 +0000 (13:11 +0100)
committerCatalin Marinas <catalin.marinas@arm.com>
Thu, 31 May 2018 17:00:52 +0000 (18:00 +0100)
If running on a system that performs dynamic SSBD mitigation, allow
userspace to request the mitigation for itself. This is implemented
as a prctl call, allowing the mitigation to be enabled or disabled at
will for this particular thread.

Acked-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
arch/arm64/kernel/Makefile
arch/arm64/kernel/ssbd.c [new file with mode: 0644]

index bf825f3..0025f86 100644 (file)
@@ -54,6 +54,7 @@ arm64-obj-$(CONFIG_ARM64_RELOC_TEST)  += arm64-reloc-test.o
 arm64-reloc-test-y := reloc_test_core.o reloc_test_syms.o
 arm64-obj-$(CONFIG_CRASH_DUMP)         += crash_dump.o
 arm64-obj-$(CONFIG_ARM_SDE_INTERFACE)  += sdei.o
+arm64-obj-$(CONFIG_ARM64_SSBD)         += ssbd.o
 
 obj-y                                  += $(arm64-obj-y) vdso/ probes/
 obj-m                                  += $(arm64-obj-m)
diff --git a/arch/arm64/kernel/ssbd.c b/arch/arm64/kernel/ssbd.c
new file mode 100644 (file)
index 0000000..3432e5e
--- /dev/null
@@ -0,0 +1,110 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Copyright (C) 2018 ARM Ltd, All Rights Reserved.
+ */
+
+#include <linux/errno.h>
+#include <linux/sched.h>
+#include <linux/thread_info.h>
+
+#include <asm/cpufeature.h>
+
+/*
+ * prctl interface for SSBD
+ * FIXME: Drop the below ifdefery once merged in 4.18.
+ */
+#ifdef PR_SPEC_STORE_BYPASS
+static int ssbd_prctl_set(struct task_struct *task, unsigned long ctrl)
+{
+       int state = arm64_get_ssbd_state();
+
+       /* Unsupported */
+       if (state == ARM64_SSBD_UNKNOWN)
+               return -EINVAL;
+
+       /* Treat the unaffected/mitigated state separately */
+       if (state == ARM64_SSBD_MITIGATED) {
+               switch (ctrl) {
+               case PR_SPEC_ENABLE:
+                       return -EPERM;
+               case PR_SPEC_DISABLE:
+               case PR_SPEC_FORCE_DISABLE:
+                       return 0;
+               }
+       }
+
+       /*
+        * Things are a bit backward here: the arm64 internal API
+        * *enables the mitigation* when the userspace API *disables
+        * speculation*. So much fun.
+        */
+       switch (ctrl) {
+       case PR_SPEC_ENABLE:
+               /* If speculation is force disabled, enable is not allowed */
+               if (state == ARM64_SSBD_FORCE_ENABLE ||
+                   task_spec_ssb_force_disable(task))
+                       return -EPERM;
+               task_clear_spec_ssb_disable(task);
+               clear_tsk_thread_flag(task, TIF_SSBD);
+               break;
+       case PR_SPEC_DISABLE:
+               if (state == ARM64_SSBD_FORCE_DISABLE)
+                       return -EPERM;
+               task_set_spec_ssb_disable(task);
+               set_tsk_thread_flag(task, TIF_SSBD);
+               break;
+       case PR_SPEC_FORCE_DISABLE:
+               if (state == ARM64_SSBD_FORCE_DISABLE)
+                       return -EPERM;
+               task_set_spec_ssb_disable(task);
+               task_set_spec_ssb_force_disable(task);
+               set_tsk_thread_flag(task, TIF_SSBD);
+               break;
+       default:
+               return -ERANGE;
+       }
+
+       return 0;
+}
+
+int arch_prctl_spec_ctrl_set(struct task_struct *task, unsigned long which,
+                            unsigned long ctrl)
+{
+       switch (which) {
+       case PR_SPEC_STORE_BYPASS:
+               return ssbd_prctl_set(task, ctrl);
+       default:
+               return -ENODEV;
+       }
+}
+
+static int ssbd_prctl_get(struct task_struct *task)
+{
+       switch (arm64_get_ssbd_state()) {
+       case ARM64_SSBD_UNKNOWN:
+               return -EINVAL;
+       case ARM64_SSBD_FORCE_ENABLE:
+               return PR_SPEC_DISABLE;
+       case ARM64_SSBD_KERNEL:
+               if (task_spec_ssb_force_disable(task))
+                       return PR_SPEC_PRCTL | PR_SPEC_FORCE_DISABLE;
+               if (task_spec_ssb_disable(task))
+                       return PR_SPEC_PRCTL | PR_SPEC_DISABLE;
+               return PR_SPEC_PRCTL | PR_SPEC_ENABLE;
+       case ARM64_SSBD_FORCE_DISABLE:
+               return PR_SPEC_ENABLE;
+       default:
+               return PR_SPEC_NOT_AFFECTED;
+       }
+}
+
+int arch_prctl_spec_ctrl_get(struct task_struct *task, unsigned long which)
+{
+       switch (which) {
+       case PR_SPEC_STORE_BYPASS:
+               return ssbd_prctl_get(task);
+       default:
+               return -ENODEV;
+       }
+}
+#endif /* PR_SPEC_STORE_BYPASS */