Lines Matching +full:firmware +full:- +full:initialised
1 // SPDX-License-Identifier: GPL-2.0-only
6 * https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
20 #include <linux/arm-smccc.h>
69 * - Mitigated in hardware and advertised by ID_AA64PFR0_EL1.CSV2.
70 * - Mitigated in hardware and listed in our "safe list".
71 * - Mitigated in software by firmware.
72 * - Mitigated in software by a CPU-specific dance in the kernel and a
73 * firmware call at EL2.
74 * - Vulnerable.
94 pr_info_once("spectre-v2 mitigation disabled by command line option\n"); in spectre_v2_mitigations_off()
188 * the door when we're a guest. Skip the hyp-vectors work. in install_bp_hardening_cb()
254 * Prefer a CPU-specific workaround if it exists. Note that we in spectre_v2_enable_fw_mitigation()
255 * still rely on firmware for the mitigation at EL2. in spectre_v2_enable_fw_mitigation()
276 * Spectre-v3a.
299 data->slot += HYP_VECTOR_INDIRECT; in spectre_v3a_enable_mitigation()
308 * - Mitigated in hardware and listed in our "safe list".
309 * - Mitigated in hardware via PSTATE.SSBS.
310 * - Mitigated in software by firmware (sometimes referred to as SSBD).
315 * on a per-task basis, but can also be forced on for the kernel, necessitating
316 * both context-switch *and* entry/exit hooks. To make it even worse, some CPUs
318 * being stale when re-entering the kernel. The usual big.LITTLE caveats apply,
319 * so you can have systems that have both firmware and SSBS mitigations. This
322 * be opt-in for userspace. Yes, really, the cure is worse than the disease.
324 * The only good part is that if the firmware mitigation is present, then it is
326 * vulnerable CPU if one of the boot CPUs is using the firmware mitigation.
328 * Give me a VAX-11/780 any day of the week...
332 /* This is the per-cpu state tracking whether we need to talk to firmware */
347 { "force-on", SPECTRE_V4_POLICY_MITIGATION_ENABLED, },
348 { "force-off", SPECTRE_V4_POLICY_MITIGATION_DISABLED, },
356 return -EINVAL; in parse_spectre_v4_param()
361 if (strncmp(str, param->str, strlen(param->str))) in parse_spectre_v4_param()
364 __spectre_v4_policy = param->policy; in parse_spectre_v4_param()
368 return -EINVAL; in parse_spectre_v4_param()
385 pr_info_once("spectre-v4 mitigation disabled by command-line option\n"); in spectre_v4_mitigations_off()
487 regs->pstate |= PSR_SSBS_BIT; in ssbs_emulation_handler()
489 regs->pstate &= ~PSR_SSBS_BIT; in ssbs_emulation_handler()
528 /* SCTLR_EL1.DSSBS was initialised to 0 during boot */ in spectre_v4_enable_hw_mitigation()
534 * Patch a branch over the Spectre-v4 mitigation code with a NOP so that
535 * we fallthrough and check whether firmware needs to be called on this CPU.
541 BUG_ON(nr_inst != 1); /* Branch -> NOP */ in spectre_v4_patch_fw_mitigation_enable()
554 * Patch a NOP in the Spectre-v4 mitigation code with an SMC/HVC instruction
555 * to call into firmware to adjust the mitigation state.
563 BUG_ON(nr_inst != 1); /* NOP -> HVC/SMC */ in spectre_v4_patch_fw_mitigation_conduit()
618 regs->pstate |= bit; in __update_pstate_ssbs()
620 regs->pstate &= ~bit; in __update_pstate_ssbs()
626 bool ssbs = false, kthread = tsk->flags & PF_KTHREAD; in spectre_v4_enable_task_mitigation()
637 * The Spectre-v4 mitigation can be controlled via a prctl() from userspace.
664 * re-enabled. in ssbd_prctl_set()
667 return -EPERM; in ssbd_prctl_set()
671 * off and we again prevent it from being re-enabled. in ssbd_prctl_set()
674 return -EPERM; in ssbd_prctl_set()
685 return -EPERM; in ssbd_prctl_set()
693 return -EPERM; in ssbd_prctl_set()
706 return -EPERM; in ssbd_prctl_set()
713 return -ERANGE; in ssbd_prctl_set()
727 return -ENODEV; in arch_prctl_spec_ctrl_set()
770 return -ENODEV; in arch_prctl_spec_ctrl_get()