[thirdparty/kernel/stable-queue.git] / releases / 4.4.180 / powerpc-pseries-fix-clearing-of-security-feature-flags.patch

From foo@baz Mon 29 Apr 2019 11:38:37 AM CEST
From: Michael Ellerman <mpe@ellerman.id.au>
Date: Mon, 22 Apr 2019 00:20:05 +1000
Subject: powerpc/pseries: Fix clearing of security feature flags
To: stable@vger.kernel.org, gregkh@linuxfoundation.org
Cc: linuxppc-dev@ozlabs.org, diana.craciun@nxp.com, msuchanek@suse.de, npiggin@gmail.com, christophe.leroy@c-s.fr
Message-ID: <20190421142037.21881-21-mpe@ellerman.id.au>

From: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>

commit 0f9bdfe3c77091e8704d2e510eb7c2c2c6cde524 upstream.

The H_CPU_BEHAV_* flags should be checked for in the 'behaviour' field
of 'struct h_cpu_char_result' -- 'character' is for H_CPU_CHAR_*
flags.

Found by playing around with QEMU's implementation of the hypercall:

  H_CPU_CHAR=0xf000000000000000
  H_CPU_BEHAV=0x0000000000000000

  This clears H_CPU_BEHAV_FAVOUR_SECURITY and H_CPU_BEHAV_L1D_FLUSH_PR
  so pseries_setup_rfi_flush() disables 'rfi_flush'; and it also
  clears H_CPU_CHAR_L1D_THREAD_PRIV flag. So there is no RFI flush
  mitigation at all for cpu_show_meltdown() to report; but currently
  it does:

  Original kernel:

    # cat /sys/devices/system/cpu/vulnerabilities/meltdown
    Mitigation: RFI Flush

  Patched kernel:

    # cat /sys/devices/system/cpu/vulnerabilities/meltdown
    Not affected

  H_CPU_CHAR=0x0000000000000000
  H_CPU_BEHAV=0xf000000000000000

  This sets H_CPU_BEHAV_BNDS_CHK_SPEC_BAR so cpu_show_spectre_v1() should
  report vulnerable; but currently it doesn't:

  Original kernel:

    # cat /sys/devices/system/cpu/vulnerabilities/spectre_v1
    Not affected

  Patched kernel:

    # cat /sys/devices/system/cpu/vulnerabilities/spectre_v1
    Vulnerable

Brown-paper-bag-by: Michael Ellerman <mpe@ellerman.id.au>
Fixes: f636c14790ea ("powerpc/pseries: Set or clear security feature flags")
Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/powerpc/platforms/pseries/setup.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- a/arch/powerpc/platforms/pseries/setup.c
+++ b/arch/powerpc/platforms/pseries/setup.c
@@ -524,13 +524,13 @@ static void init_cpu_char_feature_flags(
 	 * The features below are enabled by default, so we instead look to see
 	 * if firmware has *disabled* them, and clear them if so.
 	 */
-	if (!(result->character & H_CPU_BEHAV_FAVOUR_SECURITY))
+	if (!(result->behaviour & H_CPU_BEHAV_FAVOUR_SECURITY))
 		security_ftr_clear(SEC_FTR_FAVOUR_SECURITY);
 
-	if (!(result->character & H_CPU_BEHAV_L1D_FLUSH_PR))
+	if (!(result->behaviour & H_CPU_BEHAV_L1D_FLUSH_PR))
 		security_ftr_clear(SEC_FTR_L1D_FLUSH_PR);
 
-	if (!(result->character & H_CPU_BEHAV_BNDS_CHK_SPEC_BAR))
+	if (!(result->behaviour & H_CPU_BEHAV_BNDS_CHK_SPEC_BAR))
 		security_ftr_clear(SEC_FTR_BNDS_CHK_SPEC_BAR);
 }
Commit	Line	Data
4fa5b95e GKH	1	From foo@baz Mon 29 Apr 2019 11:38:37 AM CEST
	2	From: Michael Ellerman <mpe@ellerman.id.au>
	3	Date: Mon, 22 Apr 2019 00:20:05 +1000
	4	Subject: powerpc/pseries: Fix clearing of security feature flags
	5	To: stable@vger.kernel.org, gregkh@linuxfoundation.org
	6	Cc: linuxppc-dev@ozlabs.org, diana.craciun@nxp.com, msuchanek@suse.de, npiggin@gmail.com, christophe.leroy@c-s.fr
	7	Message-ID: <20190421142037.21881-21-mpe@ellerman.id.au>
	8
	9	From: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
	10
	11	commit 0f9bdfe3c77091e8704d2e510eb7c2c2c6cde524 upstream.
	12
	13	The H_CPU_BEHAV_* flags should be checked for in the 'behaviour' field
	14	of 'struct h_cpu_char_result' -- 'character' is for H_CPU_CHAR_*
	15	flags.
	16
	17	Found by playing around with QEMU's implementation of the hypercall:
	18
	19	H_CPU_CHAR=0xf000000000000000
	20	H_CPU_BEHAV=0x0000000000000000
	21
	22	This clears H_CPU_BEHAV_FAVOUR_SECURITY and H_CPU_BEHAV_L1D_FLUSH_PR
	23	so pseries_setup_rfi_flush() disables 'rfi_flush'; and it also
	24	clears H_CPU_CHAR_L1D_THREAD_PRIV flag. So there is no RFI flush
	25	mitigation at all for cpu_show_meltdown() to report; but currently
	26	it does:
	27
	28	Original kernel:
	29
	30	# cat /sys/devices/system/cpu/vulnerabilities/meltdown
	31	Mitigation: RFI Flush
	32
	33	Patched kernel:
	34
	35	# cat /sys/devices/system/cpu/vulnerabilities/meltdown
	36	Not affected
	37
	38	H_CPU_CHAR=0x0000000000000000
	39	H_CPU_BEHAV=0xf000000000000000
	40
	41	This sets H_CPU_BEHAV_BNDS_CHK_SPEC_BAR so cpu_show_spectre_v1() should
	42	report vulnerable; but currently it doesn't:
	43
	44	Original kernel:
	45
	46	# cat /sys/devices/system/cpu/vulnerabilities/spectre_v1
	47	Not affected
	48
	49	Patched kernel:
	50
	51	# cat /sys/devices/system/cpu/vulnerabilities/spectre_v1
	52	Vulnerable
	53
	54	Brown-paper-bag-by: Michael Ellerman <mpe@ellerman.id.au>
	55	Fixes: f636c14790ea ("powerpc/pseries: Set or clear security feature flags")
	56	Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
	57	Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
	58	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	59	---
	60	arch/powerpc/platforms/pseries/setup.c \| 6 +++---
	61	1 file changed, 3 insertions(+), 3 deletions(-)
	62
	63	--- a/arch/powerpc/platforms/pseries/setup.c
	64	+++ b/arch/powerpc/platforms/pseries/setup.c
65	@@ -524,13 +524,13 @@ static void init_cpu_char_feature_flags(
66	* The features below are enabled by default, so we instead look to see
67	* if firmware has disabled them, and clear them if so.
68	*/
69	- if (!(result->character & H_CPU_BEHAV_FAVOUR_SECURITY))
70	+ if (!(result->behaviour & H_CPU_BEHAV_FAVOUR_SECURITY))
71	security_ftr_clear(SEC_FTR_FAVOUR_SECURITY);
72
73	- if (!(result->character & H_CPU_BEHAV_L1D_FLUSH_PR))
74	+ if (!(result->behaviour & H_CPU_BEHAV_L1D_FLUSH_PR))
75	security_ftr_clear(SEC_FTR_L1D_FLUSH_PR);
76
77	- if (!(result->character & H_CPU_BEHAV_BNDS_CHK_SPEC_BAR))
78	+ if (!(result->behaviour & H_CPU_BEHAV_BNDS_CHK_SPEC_BAR))
79	security_ftr_clear(SEC_FTR_BNDS_CHK_SPEC_BAR);
80	}
81