]>
Commit | Line | Data |
---|---|---|
4fa5b95e GKH |
1 | From foo@baz Mon 29 Apr 2019 11:38:37 AM CEST |
2 | From: Michael Ellerman <mpe@ellerman.id.au> | |
3 | Date: Mon, 22 Apr 2019 00:20:04 +1000 | |
4 | Subject: powerpc/64s: Wire up cpu_show_spectre_v2() | |
5 | To: stable@vger.kernel.org, gregkh@linuxfoundation.org | |
6 | Cc: linuxppc-dev@ozlabs.org, diana.craciun@nxp.com, msuchanek@suse.de, npiggin@gmail.com, christophe.leroy@c-s.fr | |
7 | Message-ID: <20190421142037.21881-20-mpe@ellerman.id.au> | |
8 | ||
9 | From: Michael Ellerman <mpe@ellerman.id.au> | |
10 | ||
11 | commit d6fbe1c55c55c6937cbea3531af7da84ab7473c3 upstream. | |
12 | ||
13 | Add a definition for cpu_show_spectre_v2() to override the generic | |
14 | version. This has several permuations, though in practice some may not | |
15 | occur we cater for any combination. | |
16 | ||
17 | The most verbose is: | |
18 | ||
19 | Mitigation: Indirect branch serialisation (kernel only), Indirect | |
20 | branch cache disabled, ori31 speculation barrier enabled | |
21 | ||
22 | We don't treat the ori31 speculation barrier as a mitigation on its | |
23 | own, because it has to be *used* by code in order to be a mitigation | |
24 | and we don't know if userspace is doing that. So if that's all we see | |
25 | we say: | |
26 | ||
27 | Vulnerable, ori31 speculation barrier enabled | |
28 | ||
29 | Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> | |
30 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
31 | --- | |
32 | arch/powerpc/kernel/security.c | 33 +++++++++++++++++++++++++++++++++ | |
33 | 1 file changed, 33 insertions(+) | |
34 | ||
35 | --- a/arch/powerpc/kernel/security.c | |
36 | +++ b/arch/powerpc/kernel/security.c | |
37 | @@ -58,3 +58,36 @@ ssize_t cpu_show_spectre_v1(struct devic | |
38 | ||
39 | return sprintf(buf, "Vulnerable\n"); | |
40 | } | |
41 | + | |
42 | +ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf) | |
43 | +{ | |
44 | + bool bcs, ccd, ori; | |
45 | + struct seq_buf s; | |
46 | + | |
47 | + seq_buf_init(&s, buf, PAGE_SIZE - 1); | |
48 | + | |
49 | + bcs = security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED); | |
50 | + ccd = security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED); | |
51 | + ori = security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31); | |
52 | + | |
53 | + if (bcs || ccd) { | |
54 | + seq_buf_printf(&s, "Mitigation: "); | |
55 | + | |
56 | + if (bcs) | |
57 | + seq_buf_printf(&s, "Indirect branch serialisation (kernel only)"); | |
58 | + | |
59 | + if (bcs && ccd) | |
60 | + seq_buf_printf(&s, ", "); | |
61 | + | |
62 | + if (ccd) | |
63 | + seq_buf_printf(&s, "Indirect branch cache disabled"); | |
64 | + } else | |
65 | + seq_buf_printf(&s, "Vulnerable"); | |
66 | + | |
67 | + if (ori) | |
68 | + seq_buf_printf(&s, ", ori31 speculation barrier enabled"); | |
69 | + | |
70 | + seq_buf_printf(&s, "\n"); | |
71 | + | |
72 | + return s.len; | |
73 | +} |