xref: /linux/arch/arm64/include/asm/spectre.h (revision 9fd2da71c301184d98fe37674ca8d017d1ce6600)
1 /* SPDX-License-Identifier: GPL-2.0-only */
2 /*
3  * Interface for managing mitigations for Spectre vulnerabilities.
4  *
5  * Copyright (C) 2020 Google LLC
6  * Author: Will Deacon <will@kernel.org>
7  */
8 
9 #ifndef __ASM_SPECTRE_H
10 #define __ASM_SPECTRE_H
11 
12 #define BP_HARDEN_EL2_SLOTS 4
13 #define __BP_HARDEN_HYP_VECS_SZ	((BP_HARDEN_EL2_SLOTS - 1) * SZ_2K)
14 
15 #ifndef __ASSEMBLY__
16 #include <linux/smp.h>
17 #include <asm/percpu.h>
18 
19 #include <asm/cpufeature.h>
20 #include <asm/virt.h>
21 
22 /* Watch out, ordering is important here. */
23 enum mitigation_state {
24 	SPECTRE_UNAFFECTED,
25 	SPECTRE_MITIGATED,
26 	SPECTRE_VULNERABLE,
27 };
28 
29 struct pt_regs;
30 struct task_struct;
31 
32 /*
33  * Note: the order of this enum corresponds to __bp_harden_hyp_vecs and
34  * we rely on having the direct vectors first.
35  */
36 enum arm64_hyp_spectre_vector {
37 	/*
38 	 * Take exceptions directly to __kvm_hyp_vector. This must be
39 	 * 0 so that it used by default when mitigations are not needed.
40 	 */
41 	HYP_VECTOR_DIRECT,
42 
43 	/*
44 	 * Bounce via a slot in the hypervisor text mapping of
45 	 * __bp_harden_hyp_vecs, which contains an SMC call.
46 	 */
47 	HYP_VECTOR_SPECTRE_DIRECT,
48 
49 	/*
50 	 * Bounce via a slot in a special mapping of __bp_harden_hyp_vecs
51 	 * next to the idmap page.
52 	 */
53 	HYP_VECTOR_INDIRECT,
54 
55 	/*
56 	 * Bounce via a slot in a special mapping of __bp_harden_hyp_vecs
57 	 * next to the idmap page, which contains an SMC call.
58 	 */
59 	HYP_VECTOR_SPECTRE_INDIRECT,
60 };
61 
62 typedef void (*bp_hardening_cb_t)(void);
63 
64 struct bp_hardening_data {
65 	enum arm64_hyp_spectre_vector	slot;
66 	bp_hardening_cb_t		fn;
67 };
68 
69 DECLARE_PER_CPU_READ_MOSTLY(struct bp_hardening_data, bp_hardening_data);
70 
71 /* Called during entry so must be __always_inline */
72 static __always_inline void arm64_apply_bp_hardening(void)
73 {
74 	struct bp_hardening_data *d;
75 
76 	if (!alternative_has_cap_unlikely(ARM64_SPECTRE_V2))
77 		return;
78 
79 	d = this_cpu_ptr(&bp_hardening_data);
80 	if (d->fn)
81 		d->fn();
82 }
83 
84 enum mitigation_state arm64_get_spectre_v2_state(void);
85 bool has_spectre_v2(const struct arm64_cpu_capabilities *cap, int scope);
86 void spectre_v2_enable_mitigation(const struct arm64_cpu_capabilities *__unused);
87 
88 bool has_spectre_v3a(const struct arm64_cpu_capabilities *cap, int scope);
89 void spectre_v3a_enable_mitigation(const struct arm64_cpu_capabilities *__unused);
90 
91 enum mitigation_state arm64_get_spectre_v4_state(void);
92 bool has_spectre_v4(const struct arm64_cpu_capabilities *cap, int scope);
93 void spectre_v4_enable_mitigation(const struct arm64_cpu_capabilities *__unused);
94 void spectre_v4_enable_task_mitigation(struct task_struct *tsk);
95 
96 enum mitigation_state arm64_get_meltdown_state(void);
97 
98 enum mitigation_state arm64_get_spectre_bhb_state(void);
99 bool is_spectre_bhb_affected(const struct arm64_cpu_capabilities *entry, int scope);
100 extern bool __nospectre_bhb;
101 u8 get_spectre_bhb_loop_value(void);
102 bool is_spectre_bhb_fw_mitigated(void);
103 void spectre_bhb_enable_mitigation(const struct arm64_cpu_capabilities *__unused);
104 bool try_emulate_el1_ssbs(struct pt_regs *regs, u32 instr);
105 
106 void spectre_v4_patch_fw_mitigation_enable(struct alt_instr *alt, __le32 *origptr,
107 					   __le32 *updptr, int nr_inst);
108 void smccc_patch_fw_mitigation_conduit(struct alt_instr *alt, __le32 *origptr,
109 				       __le32 *updptr, int nr_inst);
110 void spectre_bhb_patch_loop_mitigation_enable(struct alt_instr *alt, __le32 *origptr,
111 					      __le32 *updptr, int nr_inst);
112 void spectre_bhb_patch_fw_mitigation_enabled(struct alt_instr *alt, __le32 *origptr,
113 					     __le32 *updptr, int nr_inst);
114 void spectre_bhb_patch_loop_iter(struct alt_instr *alt,
115 				 __le32 *origptr, __le32 *updptr, int nr_inst);
116 void spectre_bhb_patch_wa3(struct alt_instr *alt,
117 			   __le32 *origptr, __le32 *updptr, int nr_inst);
118 void spectre_bhb_patch_clearbhb(struct alt_instr *alt,
119 				__le32 *origptr, __le32 *updptr, int nr_inst);
120 
121 #endif	/* __ASSEMBLY__ */
122 #endif	/* __ASM_SPECTRE_H */
123