]>
Commit | Line | Data |
---|---|---|
4fa5b95e GKH |
1 | From foo@baz Mon 29 Apr 2019 11:38:37 AM CEST |
2 | From: Michael Ellerman <mpe@ellerman.id.au> | |
3 | Date: Mon, 22 Apr 2019 00:20:36 +1000 | |
4 | Subject: powerpc/security: Fix spectre_v2 reporting | |
5 | To: stable@vger.kernel.org, gregkh@linuxfoundation.org | |
6 | Cc: linuxppc-dev@ozlabs.org, diana.craciun@nxp.com, msuchanek@suse.de, npiggin@gmail.com, christophe.leroy@c-s.fr | |
7 | Message-ID: <20190421142037.21881-52-mpe@ellerman.id.au> | |
8 | ||
9 | From: Michael Ellerman <mpe@ellerman.id.au> | |
10 | ||
11 | commit 92edf8df0ff2ae86cc632eeca0e651fd8431d40d upstream. | |
12 | ||
13 | When I updated the spectre_v2 reporting to handle software count cache | |
14 | flush I got the logic wrong when there's no software count cache | |
15 | enabled at all. | |
16 | ||
17 | The result is that on systems with the software count cache flush | |
18 | disabled we print: | |
19 | ||
20 | Mitigation: Indirect branch cache disabled, Software count cache flush | |
21 | ||
22 | Which correctly indicates that the count cache is disabled, but | |
23 | incorrectly says the software count cache flush is enabled. | |
24 | ||
25 | The root of the problem is that we are trying to handle all | |
26 | combinations of options. But we know now that we only expect to see | |
27 | the software count cache flush enabled if the other options are false. | |
28 | ||
29 | So split the two cases, which simplifies the logic and fixes the bug. | |
30 | We were also missing a space before "(hardware accelerated)". | |
31 | ||
32 | The result is we see one of: | |
33 | ||
34 | Mitigation: Indirect branch serialisation (kernel only) | |
35 | Mitigation: Indirect branch cache disabled | |
36 | Mitigation: Software count cache flush | |
37 | Mitigation: Software count cache flush (hardware accelerated) | |
38 | ||
39 | Fixes: ee13cb249fab ("powerpc/64s: Add support for software count cache flush") | |
40 | Cc: stable@vger.kernel.org # v4.19+ | |
41 | Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> | |
42 | Reviewed-by: Michael Neuling <mikey@neuling.org> | |
43 | Reviewed-by: Diana Craciun <diana.craciun@nxp.com> | |
44 | Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> | |
45 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
46 | --- | |
47 | arch/powerpc/kernel/security.c | 23 ++++++++--------------- | |
48 | 1 file changed, 8 insertions(+), 15 deletions(-) | |
49 | ||
50 | --- a/arch/powerpc/kernel/security.c | |
51 | +++ b/arch/powerpc/kernel/security.c | |
52 | @@ -190,29 +190,22 @@ ssize_t cpu_show_spectre_v2(struct devic | |
53 | bcs = security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED); | |
54 | ccd = security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED); | |
55 | ||
56 | - if (bcs || ccd || count_cache_flush_type != COUNT_CACHE_FLUSH_NONE) { | |
57 | - bool comma = false; | |
58 | + if (bcs || ccd) { | |
59 | seq_buf_printf(&s, "Mitigation: "); | |
60 | ||
61 | - if (bcs) { | |
62 | + if (bcs) | |
63 | seq_buf_printf(&s, "Indirect branch serialisation (kernel only)"); | |
64 | - comma = true; | |
65 | - } | |
66 | ||
67 | - if (ccd) { | |
68 | - if (comma) | |
69 | - seq_buf_printf(&s, ", "); | |
70 | - seq_buf_printf(&s, "Indirect branch cache disabled"); | |
71 | - comma = true; | |
72 | - } | |
73 | - | |
74 | - if (comma) | |
75 | + if (bcs && ccd) | |
76 | seq_buf_printf(&s, ", "); | |
77 | ||
78 | - seq_buf_printf(&s, "Software count cache flush"); | |
79 | + if (ccd) | |
80 | + seq_buf_printf(&s, "Indirect branch cache disabled"); | |
81 | + } else if (count_cache_flush_type != COUNT_CACHE_FLUSH_NONE) { | |
82 | + seq_buf_printf(&s, "Mitigation: Software count cache flush"); | |
83 | ||
84 | if (count_cache_flush_type == COUNT_CACHE_FLUSH_HW) | |
85 | - seq_buf_printf(&s, "(hardware accelerated)"); | |
86 | + seq_buf_printf(&s, " (hardware accelerated)"); | |
87 | } else if (btb_flush_enabled) { | |
88 | seq_buf_printf(&s, "Mitigation: Branch predictor state flush"); | |
89 | } else { |