[thirdparty/kernel/stable-queue.git] / queue-4.4 / powerpc-64s-wire-up-cpu_show_spectre_v2.patch

From foo@baz Mon 29 Apr 2019 11:38:37 AM CEST
From: Michael Ellerman <mpe@ellerman.id.au>
Date: Mon, 22 Apr 2019 00:20:04 +1000
Subject: powerpc/64s: Wire up cpu_show_spectre_v2()
To: stable@vger.kernel.org, gregkh@linuxfoundation.org
Cc: linuxppc-dev@ozlabs.org, diana.craciun@nxp.com, msuchanek@suse.de, npiggin@gmail.com, christophe.leroy@c-s.fr
Message-ID: <20190421142037.21881-20-mpe@ellerman.id.au>

From: Michael Ellerman <mpe@ellerman.id.au>

commit d6fbe1c55c55c6937cbea3531af7da84ab7473c3 upstream.

Add a definition for cpu_show_spectre_v2() to override the generic
version. This has several permuations, though in practice some may not
occur we cater for any combination.

The most verbose is:

  Mitigation: Indirect branch serialisation (kernel only), Indirect
  branch cache disabled, ori31 speculation barrier enabled

We don't treat the ori31 speculation barrier as a mitigation on its
own, because it has to be *used* by code in order to be a mitigation
and we don't know if userspace is doing that. So if that's all we see
we say:

  Vulnerable, ori31 speculation barrier enabled

Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/powerpc/kernel/security.c |   33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -58,3 +58,36 @@ ssize_t cpu_show_spectre_v1(struct devic
 
 	return sprintf(buf, "Vulnerable\n");
 }
+
+ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf)
+{
+	bool bcs, ccd, ori;
+	struct seq_buf s;
+
+	seq_buf_init(&s, buf, PAGE_SIZE - 1);
+
+	bcs = security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED);
+	ccd = security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED);
+	ori = security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31);
+
+	if (bcs || ccd) {
+		seq_buf_printf(&s, "Mitigation: ");
+
+		if (bcs)
+			seq_buf_printf(&s, "Indirect branch serialisation (kernel only)");
+
+		if (bcs && ccd)
+			seq_buf_printf(&s, ", ");
+
+		if (ccd)
+			seq_buf_printf(&s, "Indirect branch cache disabled");
+	} else
+		seq_buf_printf(&s, "Vulnerable");
+
+	if (ori)
+		seq_buf_printf(&s, ", ori31 speculation barrier enabled");
+
+	seq_buf_printf(&s, "\n");
+
+	return s.len;
+}
Commit	Line	Data
4fa5b95e GKH	1	From foo@baz Mon 29 Apr 2019 11:38:37 AM CEST
	2	From: Michael Ellerman <mpe@ellerman.id.au>
	3	Date: Mon, 22 Apr 2019 00:20:04 +1000
	4	Subject: powerpc/64s: Wire up cpu_show_spectre_v2()
	5	To: stable@vger.kernel.org, gregkh@linuxfoundation.org
	6	Cc: linuxppc-dev@ozlabs.org, diana.craciun@nxp.com, msuchanek@suse.de, npiggin@gmail.com, christophe.leroy@c-s.fr
	7	Message-ID: <20190421142037.21881-20-mpe@ellerman.id.au>
	8
	9	From: Michael Ellerman <mpe@ellerman.id.au>
	10
	11	commit d6fbe1c55c55c6937cbea3531af7da84ab7473c3 upstream.
	12
	13	Add a definition for cpu_show_spectre_v2() to override the generic
	14	version. This has several permuations, though in practice some may not
	15	occur we cater for any combination.
	16
	17	The most verbose is:
	18
	19	Mitigation: Indirect branch serialisation (kernel only), Indirect
	20	branch cache disabled, ori31 speculation barrier enabled
	21
	22	We don't treat the ori31 speculation barrier as a mitigation on its
	23	own, because it has to be used by code in order to be a mitigation
	24	and we don't know if userspace is doing that. So if that's all we see
	25	we say:
	26
	27	Vulnerable, ori31 speculation barrier enabled
	28
	29	Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
	30	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	31	---
	32	arch/powerpc/kernel/security.c \| 33 +++++++++++++++++++++++++++++++++
	33	1 file changed, 33 insertions(+)
	34
	35	--- a/arch/powerpc/kernel/security.c
	36	+++ b/arch/powerpc/kernel/security.c
	37	@@ -58,3 +58,36 @@ ssize_t cpu_show_spectre_v1(struct devic
	38
	39	return sprintf(buf, "Vulnerable\n");
	40	}
	41	+
	42	+ssize_t cpu_show_spectre_v2(struct device dev, struct device_attribute attr, char *buf)
	43	+{
	44	+ bool bcs, ccd, ori;
	45	+ struct seq_buf s;
	46	+
	47	+ seq_buf_init(&s, buf, PAGE_SIZE - 1);
	48	+
	49	+ bcs = security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED);
	50	+ ccd = security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED);
	51	+ ori = security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31);
	52	+
	53	+ if (bcs \|\| ccd) {
	54	+ seq_buf_printf(&s, "Mitigation: ");
	55	+
	56	+ if (bcs)
	57	+ seq_buf_printf(&s, "Indirect branch serialisation (kernel only)");
	58	+
	59	+ if (bcs && ccd)
	60	+ seq_buf_printf(&s, ", ");
	61	+
	62	+ if (ccd)
	63	+ seq_buf_printf(&s, "Indirect branch cache disabled");
	64	+ } else
65	+ seq_buf_printf(&s, "Vulnerable");
66	+
67	+ if (ori)
68	+ seq_buf_printf(&s, ", ori31 speculation barrier enabled");
69	+
70	+ seq_buf_printf(&s, "\n");
71	+
72	+ return s.len;
73	+}