queue-4.4/powerpc-move-default-security-feature-flags.patch

   1 From foo@baz Mon 29 Apr 2019 11:38:37 AM CEST
   2 From: Michael Ellerman <mpe@ellerman.id.au>
   3 Date: Mon, 22 Apr 2019 00:20:06 +1000
   4 Subject: powerpc: Move default security feature flags
   5 To: stable@vger.kernel.org, gregkh@linuxfoundation.org
   6 Cc: linuxppc-dev@ozlabs.org, diana.craciun@nxp.com, msuchanek@suse.de, npiggin@gmail.com, christophe.leroy@c-s.fr
   7 Message-ID: <20190421142037.21881-22-mpe@ellerman.id.au>
   8
   9 From: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
  10
  11 commit e7347a86830f38dc3e40c8f7e28c04412b12a2e7 upstream.
  12
  13 This moves the definition of the default security feature flags
  14 (i.e., enabled by default) closer to the security feature flags.
  15
  16 This can be used to restore current flags to the default flags.
  17
  18 Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
  19 Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
  20 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  21 ---
  22  arch/powerpc/include/asm/security_features.h |    8 ++++++++
  23  arch/powerpc/kernel/security.c               |    7 +------
  24  2 files changed, 9 insertions(+), 6 deletions(-)
  25
  26 --- a/arch/powerpc/include/asm/security_features.h
  27 +++ b/arch/powerpc/include/asm/security_features.h
  28 @@ -63,4 +63,12 @@ static inline bool security_ftr_enabled(
  29  // Firmware configuration indicates user favours security over performance
  30  #define SEC_FTR_FAVOUR_SECURITY                0x0000000000000200ull
  31
  32 +
  33 +// Features enabled by default
  34 +#define SEC_FTR_DEFAULT \
  35 +       (SEC_FTR_L1D_FLUSH_HV | \
  36 +        SEC_FTR_L1D_FLUSH_PR | \
  37 +        SEC_FTR_BNDS_CHK_SPEC_BAR | \
  38 +        SEC_FTR_FAVOUR_SECURITY)
  39 +
  40  #endif /* _ASM_POWERPC_SECURITY_FEATURES_H */
  41 --- a/arch/powerpc/kernel/security.c
  42 +++ b/arch/powerpc/kernel/security.c
  43 @@ -11,12 +11,7 @@
  44  #include <asm/security_features.h>
  45
  46
  47 -unsigned long powerpc_security_features __read_mostly = \
  48 -       SEC_FTR_L1D_FLUSH_HV | \
  49 -       SEC_FTR_L1D_FLUSH_PR | \
  50 -       SEC_FTR_BNDS_CHK_SPEC_BAR | \
  51 -       SEC_FTR_FAVOUR_SECURITY;
  52 -
  53 +unsigned long powerpc_security_features __read_mostly = SEC_FTR_DEFAULT;
  54
  55  ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf)
  56  {