]>
Commit | Line | Data |
---|---|---|
4fa5b95e GKH |
1 | From foo@baz Mon 29 Apr 2019 11:38:37 AM CEST |
2 | From: Michael Ellerman <mpe@ellerman.id.au> | |
3 | Date: Mon, 22 Apr 2019 00:20:05 +1000 | |
4 | Subject: powerpc/pseries: Fix clearing of security feature flags | |
5 | To: stable@vger.kernel.org, gregkh@linuxfoundation.org | |
6 | Cc: linuxppc-dev@ozlabs.org, diana.craciun@nxp.com, msuchanek@suse.de, npiggin@gmail.com, christophe.leroy@c-s.fr | |
7 | Message-ID: <20190421142037.21881-21-mpe@ellerman.id.au> | |
8 | ||
9 | From: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com> | |
10 | ||
11 | commit 0f9bdfe3c77091e8704d2e510eb7c2c2c6cde524 upstream. | |
12 | ||
13 | The H_CPU_BEHAV_* flags should be checked for in the 'behaviour' field | |
14 | of 'struct h_cpu_char_result' -- 'character' is for H_CPU_CHAR_* | |
15 | flags. | |
16 | ||
17 | Found by playing around with QEMU's implementation of the hypercall: | |
18 | ||
19 | H_CPU_CHAR=0xf000000000000000 | |
20 | H_CPU_BEHAV=0x0000000000000000 | |
21 | ||
22 | This clears H_CPU_BEHAV_FAVOUR_SECURITY and H_CPU_BEHAV_L1D_FLUSH_PR | |
23 | so pseries_setup_rfi_flush() disables 'rfi_flush'; and it also | |
24 | clears H_CPU_CHAR_L1D_THREAD_PRIV flag. So there is no RFI flush | |
25 | mitigation at all for cpu_show_meltdown() to report; but currently | |
26 | it does: | |
27 | ||
28 | Original kernel: | |
29 | ||
30 | # cat /sys/devices/system/cpu/vulnerabilities/meltdown | |
31 | Mitigation: RFI Flush | |
32 | ||
33 | Patched kernel: | |
34 | ||
35 | # cat /sys/devices/system/cpu/vulnerabilities/meltdown | |
36 | Not affected | |
37 | ||
38 | H_CPU_CHAR=0x0000000000000000 | |
39 | H_CPU_BEHAV=0xf000000000000000 | |
40 | ||
41 | This sets H_CPU_BEHAV_BNDS_CHK_SPEC_BAR so cpu_show_spectre_v1() should | |
42 | report vulnerable; but currently it doesn't: | |
43 | ||
44 | Original kernel: | |
45 | ||
46 | # cat /sys/devices/system/cpu/vulnerabilities/spectre_v1 | |
47 | Not affected | |
48 | ||
49 | Patched kernel: | |
50 | ||
51 | # cat /sys/devices/system/cpu/vulnerabilities/spectre_v1 | |
52 | Vulnerable | |
53 | ||
54 | Brown-paper-bag-by: Michael Ellerman <mpe@ellerman.id.au> | |
55 | Fixes: f636c14790ea ("powerpc/pseries: Set or clear security feature flags") | |
56 | Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com> | |
57 | Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> | |
58 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
59 | --- | |
60 | arch/powerpc/platforms/pseries/setup.c | 6 +++--- | |
61 | 1 file changed, 3 insertions(+), 3 deletions(-) | |
62 | ||
63 | --- a/arch/powerpc/platforms/pseries/setup.c | |
64 | +++ b/arch/powerpc/platforms/pseries/setup.c | |
65 | @@ -524,13 +524,13 @@ static void init_cpu_char_feature_flags( | |
66 | * The features below are enabled by default, so we instead look to see | |
67 | * if firmware has *disabled* them, and clear them if so. | |
68 | */ | |
69 | - if (!(result->character & H_CPU_BEHAV_FAVOUR_SECURITY)) | |
70 | + if (!(result->behaviour & H_CPU_BEHAV_FAVOUR_SECURITY)) | |
71 | security_ftr_clear(SEC_FTR_FAVOUR_SECURITY); | |
72 | ||
73 | - if (!(result->character & H_CPU_BEHAV_L1D_FLUSH_PR)) | |
74 | + if (!(result->behaviour & H_CPU_BEHAV_L1D_FLUSH_PR)) | |
75 | security_ftr_clear(SEC_FTR_L1D_FLUSH_PR); | |
76 | ||
77 | - if (!(result->character & H_CPU_BEHAV_BNDS_CHK_SPEC_BAR)) | |
78 | + if (!(result->behaviour & H_CPU_BEHAV_BNDS_CHK_SPEC_BAR)) | |
79 | security_ftr_clear(SEC_FTR_BNDS_CHK_SPEC_BAR); | |
80 | } | |
81 |