1 From foo@baz Mon 29 Apr 2019 11:38:37 AM CEST
2 From: Michael Ellerman <mpe@ellerman.id.au>
3 Date: Mon, 22 Apr 2019 00:20:04 +1000
4 Subject: powerpc/64s: Wire up cpu_show_spectre_v2()
5 To: stable@vger.kernel.org, gregkh@linuxfoundation.org
6 Cc: linuxppc-dev@ozlabs.org, diana.craciun@nxp.com, msuchanek@suse.de, npiggin@gmail.com, christophe.leroy@c-s.fr
7 Message-ID: <20190421142037.21881-20-mpe@ellerman.id.au>
9 From: Michael Ellerman <mpe@ellerman.id.au>
11 commit d6fbe1c55c55c6937cbea3531af7da84ab7473c3 upstream.
13 Add a definition for cpu_show_spectre_v2() to override the generic
14 version. This has several permuations, though in practice some may not
15 occur we cater for any combination.
19 Mitigation: Indirect branch serialisation (kernel only), Indirect
20 branch cache disabled, ori31 speculation barrier enabled
22 We don't treat the ori31 speculation barrier as a mitigation on its
23 own, because it has to be *used* by code in order to be a mitigation
24 and we don't know if userspace is doing that. So if that's all we see
27 Vulnerable, ori31 speculation barrier enabled
29 Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
30 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
32 arch/powerpc/kernel/security.c | 33 +++++++++++++++++++++++++++++++++
33 1 file changed, 33 insertions(+)
35 --- a/arch/powerpc/kernel/security.c
36 +++ b/arch/powerpc/kernel/security.c
37 @@ -58,3 +58,36 @@ ssize_t cpu_show_spectre_v1(struct devic
39 return sprintf(buf, "Vulnerable\n");
42 +ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf)
47 + seq_buf_init(&s, buf, PAGE_SIZE - 1);
49 + bcs = security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED);
50 + ccd = security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED);
51 + ori = security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31);
54 + seq_buf_printf(&s, "Mitigation: ");
57 + seq_buf_printf(&s, "Indirect branch serialisation (kernel only)");
60 + seq_buf_printf(&s, ", ");
63 + seq_buf_printf(&s, "Indirect branch cache disabled");
65 + seq_buf_printf(&s, "Vulnerable");
68 + seq_buf_printf(&s, ", ori31 speculation barrier enabled");
70 + seq_buf_printf(&s, "\n");