Arm64 machines should be displaying a human readable
vulnerability status to speculative execution attacks in
/sys/devices/system/cpu/vulnerabilities
This series enables that behavior by providing the expected
functions. Those functions expose the cpu errata and feature
states, as well as whether firmware is responding appropriately
to display the overall machine status. This means that in a
heterogeneous machine we will only claim the machine is mitigated
or safe if we are confident all booted cores are safe or
mitigated.
v2->v3:
Remove "Unknown" states, replace with further blacklists
and default vulnerable/no affected states.
Add the ability for an arch port to selectively export
sysfs vulnerabilities.
v1->v2:
Add "Unknown" state to ABI/testing docs.
Minor tweaks.
Jeremy Linton (4):
sysfs/cpu: Allow individual architectures to select vulnerabilities
arm64: add sysfs vulnerability show for meltdown
arm64: add sysfs vulnerability show for spectre v2
arm64: add sysfs vulnerability show for speculative store bypass
Mian Yousaf Kaukab (3):
arm64: add sysfs vulnerability show for spectre v1
arm64: kpti: move check for non-vulnerable CPUs to a function
arm64: enable generic CPU vulnerabilites support
arch/arm64/Kconfig | 1 +
arch/arm64/kernel/cpu_errata.c | 126 +++++++++++++++++++++++++++++++--
arch/arm64/kernel/cpufeature.c | 45 +++++++++---
drivers/base/cpu.c | 19 +++++
include/linux/cpu.h | 7 ++
5 files changed, 185 insertions(+), 13 deletions(-)
--
2.17.2
