arm64: ssbs: Don't treat CPUs with SSBS as unaffected by SSB

SSBS provides a relatively cheap mitigation for SSB, but it is still a
mitigation and its presence does not indicate that the CPU is unaffected
by the vulnerability.

Tweak the mitigation logic so that we report the correct string in sysfs.

Signed-off-by: Will Deacon <will.deacon@arm.com>

diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
index 4bb0f7cad4189858ec477264a5e1880e1210855d..44ef98be001e9f9997c24f3a37f603319c394d70 100644 (file)
--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c
@@ -386,15 +386,17 @@ static bool has_ssbd_mitigation(const struct arm64_cpu_capabilities *entry,
 
        WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible());
 
+       /* delay setting __ssb_safe until we get a firmware response */
+       if (is_midr_in_range_list(read_cpuid_id(), entry->midr_range_list))
+               this_cpu_safe = true;
+
        if (this_cpu_has_cap(ARM64_SSBS)) {
+               if (!this_cpu_safe)
+                       __ssb_safe = false;
                required = false;
                goto out_printmsg;
        }
 
-       /* delay setting __ssb_safe until we get a firmware response */
-       if (is_midr_in_range_list(read_cpuid_id(), entry->midr_range_list))
-               this_cpu_safe = true;
-
        if (psci_ops.smccc_version == SMCCC_VERSION_1_0) {
                ssbd_state = ARM64_SSBD_UNKNOWN;
                if (!this_cpu_safe)