1 // SPDX-License-Identifier: GPL-2.0
2 #include <linux/arm-smccc.h>
3 #include <linux/kernel.h>
7 #include <asm/cputype.h>
8 #include <asm/proc-fns.h>
9 #include <asm/spectre.h>
10 #include <asm/system_misc.h>
12 #ifdef CONFIG_ARM_PSCI
13 static int __maybe_unused
spectre_v2_get_cpu_fw_mitigation_state(void)
15 struct arm_smccc_res res
;
17 arm_smccc_1_1_invoke(ARM_SMCCC_ARCH_FEATURES_FUNC_ID
,
18 ARM_SMCCC_ARCH_WORKAROUND_1
, &res
);
20 switch ((int)res
.a0
) {
21 case SMCCC_RET_SUCCESS
:
22 return SPECTRE_MITIGATED
;
24 case SMCCC_ARCH_WORKAROUND_RET_UNAFFECTED
:
25 return SPECTRE_UNAFFECTED
;
28 return SPECTRE_VULNERABLE
;
32 static int __maybe_unused
spectre_v2_get_cpu_fw_mitigation_state(void)
34 return SPECTRE_VULNERABLE
;
38 #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR
39 DEFINE_PER_CPU(harden_branch_predictor_fn_t
, harden_branch_predictor_fn
);
41 extern void cpu_v7_iciallu_switch_mm(phys_addr_t pgd_phys
, struct mm_struct
*mm
);
42 extern void cpu_v7_bpiall_switch_mm(phys_addr_t pgd_phys
, struct mm_struct
*mm
);
43 extern void cpu_v7_smc_switch_mm(phys_addr_t pgd_phys
, struct mm_struct
*mm
);
44 extern void cpu_v7_hvc_switch_mm(phys_addr_t pgd_phys
, struct mm_struct
*mm
);
46 static void harden_branch_predictor_bpiall(void)
48 write_sysreg(0, BPIALL
);
51 static void harden_branch_predictor_iciallu(void)
53 write_sysreg(0, ICIALLU
);
56 static void __maybe_unused
call_smc_arch_workaround_1(void)
58 arm_smccc_1_1_smc(ARM_SMCCC_ARCH_WORKAROUND_1
, NULL
);
61 static void __maybe_unused
call_hvc_arch_workaround_1(void)
63 arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_WORKAROUND_1
, NULL
);
66 static unsigned int spectre_v2_install_workaround(unsigned int method
)
68 const char *spectre_v2_method
= NULL
;
69 int cpu
= smp_processor_id();
71 if (per_cpu(harden_branch_predictor_fn
, cpu
))
72 return SPECTRE_MITIGATED
;
75 case SPECTRE_V2_METHOD_BPIALL
:
76 per_cpu(harden_branch_predictor_fn
, cpu
) =
77 harden_branch_predictor_bpiall
;
78 spectre_v2_method
= "BPIALL";
81 case SPECTRE_V2_METHOD_ICIALLU
:
82 per_cpu(harden_branch_predictor_fn
, cpu
) =
83 harden_branch_predictor_iciallu
;
84 spectre_v2_method
= "ICIALLU";
87 case SPECTRE_V2_METHOD_HVC
:
88 per_cpu(harden_branch_predictor_fn
, cpu
) =
89 call_hvc_arch_workaround_1
;
90 cpu_do_switch_mm
= cpu_v7_hvc_switch_mm
;
91 spectre_v2_method
= "hypervisor";
94 case SPECTRE_V2_METHOD_SMC
:
95 per_cpu(harden_branch_predictor_fn
, cpu
) =
96 call_smc_arch_workaround_1
;
97 cpu_do_switch_mm
= cpu_v7_smc_switch_mm
;
98 spectre_v2_method
= "firmware";
102 if (spectre_v2_method
)
103 pr_info("CPU%u: Spectre v2: using %s workaround\n",
104 smp_processor_id(), spectre_v2_method
);
106 return SPECTRE_MITIGATED
;
109 static unsigned int spectre_v2_install_workaround(unsigned int method
)
111 pr_info_once("Spectre V2: workarounds disabled by configuration\n");
113 return SPECTRE_VULNERABLE
;
117 static void cpu_v7_spectre_v2_init(void)
119 unsigned int state
, method
= 0;
121 switch (read_cpuid_part()) {
122 case ARM_CPU_PART_CORTEX_A8
:
123 case ARM_CPU_PART_CORTEX_A9
:
124 case ARM_CPU_PART_CORTEX_A12
:
125 case ARM_CPU_PART_CORTEX_A17
:
126 case ARM_CPU_PART_CORTEX_A73
:
127 case ARM_CPU_PART_CORTEX_A75
:
128 state
= SPECTRE_MITIGATED
;
129 method
= SPECTRE_V2_METHOD_BPIALL
;
132 case ARM_CPU_PART_CORTEX_A15
:
133 case ARM_CPU_PART_BRAHMA_B15
:
134 state
= SPECTRE_MITIGATED
;
135 method
= SPECTRE_V2_METHOD_ICIALLU
;
138 case ARM_CPU_PART_BRAHMA_B53
:
139 /* Requires no workaround */
140 state
= SPECTRE_UNAFFECTED
;
144 /* Other ARM CPUs require no workaround */
145 if (read_cpuid_implementor() == ARM_CPU_IMP_ARM
) {
146 state
= SPECTRE_UNAFFECTED
;
152 /* Cortex A57/A72 require firmware workaround */
153 case ARM_CPU_PART_CORTEX_A57
:
154 case ARM_CPU_PART_CORTEX_A72
:
155 state
= spectre_v2_get_cpu_fw_mitigation_state();
156 if (state
!= SPECTRE_MITIGATED
)
159 switch (arm_smccc_1_1_get_conduit()) {
160 case SMCCC_CONDUIT_HVC
:
161 method
= SPECTRE_V2_METHOD_HVC
;
164 case SMCCC_CONDUIT_SMC
:
165 method
= SPECTRE_V2_METHOD_SMC
;
169 state
= SPECTRE_VULNERABLE
;
174 if (state
== SPECTRE_MITIGATED
)
175 state
= spectre_v2_install_workaround(method
);
177 spectre_v2_update_state(state
, method
);
180 #ifdef CONFIG_HARDEN_BRANCH_HISTORY
181 static int spectre_bhb_method
;
183 static const char *spectre_bhb_method_name(int method
)
186 case SPECTRE_V2_METHOD_LOOP8
:
189 case SPECTRE_V2_METHOD_BPIALL
:
197 static int spectre_bhb_install_workaround(int method
)
199 if (spectre_bhb_method
!= method
) {
200 if (spectre_bhb_method
) {
201 pr_err("CPU%u: Spectre BHB: method disagreement, system vulnerable\n",
204 return SPECTRE_VULNERABLE
;
207 if (spectre_bhb_update_vectors(method
) == SPECTRE_VULNERABLE
)
208 return SPECTRE_VULNERABLE
;
210 spectre_bhb_method
= method
;
212 pr_info("CPU%u: Spectre BHB: enabling %s workaround for all CPUs\n",
213 smp_processor_id(), spectre_bhb_method_name(method
));
216 return SPECTRE_MITIGATED
;
219 static int spectre_bhb_install_workaround(int method
)
221 return SPECTRE_VULNERABLE
;
225 static void cpu_v7_spectre_bhb_init(void)
227 unsigned int state
, method
= 0;
229 switch (read_cpuid_part()) {
230 case ARM_CPU_PART_CORTEX_A15
:
231 case ARM_CPU_PART_BRAHMA_B15
:
232 case ARM_CPU_PART_CORTEX_A57
:
233 case ARM_CPU_PART_CORTEX_A72
:
234 state
= SPECTRE_MITIGATED
;
235 method
= SPECTRE_V2_METHOD_LOOP8
;
238 case ARM_CPU_PART_CORTEX_A73
:
239 case ARM_CPU_PART_CORTEX_A75
:
240 state
= SPECTRE_MITIGATED
;
241 method
= SPECTRE_V2_METHOD_BPIALL
;
245 state
= SPECTRE_UNAFFECTED
;
249 if (state
== SPECTRE_MITIGATED
)
250 state
= spectre_bhb_install_workaround(method
);
252 spectre_v2_update_state(state
, method
);
255 static __maybe_unused
bool cpu_v7_check_auxcr_set(bool *warned
,
256 u32 mask
, const char *msg
)
260 asm("mrc p15, 0, %0, c1, c0, 1" : "=r" (aux_cr
));
262 if ((aux_cr
& mask
) != mask
) {
264 pr_err("CPU%u: %s", smp_processor_id(), msg
);
271 static DEFINE_PER_CPU(bool, spectre_warned
);
273 static bool check_spectre_auxcr(bool *warned
, u32 bit
)
275 return IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR
) &&
276 cpu_v7_check_auxcr_set(warned
, bit
,
277 "Spectre v2: firmware did not set auxiliary control register IBE bit, system vulnerable\n");
280 void cpu_v7_ca8_ibe(void)
282 if (check_spectre_auxcr(this_cpu_ptr(&spectre_warned
), BIT(6)))
283 cpu_v7_spectre_v2_init();
286 void cpu_v7_ca15_ibe(void)
288 if (check_spectre_auxcr(this_cpu_ptr(&spectre_warned
), BIT(0)))
289 cpu_v7_spectre_v2_init();
290 cpu_v7_spectre_bhb_init();
293 void cpu_v7_bugs_init(void)
295 cpu_v7_spectre_v2_init();
296 cpu_v7_spectre_bhb_init();
