ACK/cmt: [Bionic] [PATCH] powerpc/pseries: Fix clearing of security feature flags

[Seth Forshee]

On Thu, Apr 19, 2018 at 10:16:03AM -0300, Breno Leitao wrote:
> From: Mauricio Faria de Oliveira <mauricfo at linux.vnet.ibm.com>
> 
> The H_CPU_BEHAV_* flags should be checked for in the 'behaviour' field
> of 'struct h_cpu_char_result' -- 'character' is for H_CPU_CHAR_*
> flags.
> 
> Found by playing around with QEMU's implementation of the hypercall:
> 
>   H_CPU_CHAR=0xf000000000000000
>   H_CPU_BEHAV=0x0000000000000000
> 
>   This clears H_CPU_BEHAV_FAVOUR_SECURITY and H_CPU_BEHAV_L1D_FLUSH_PR
>   so pseries_setup_rfi_flush() disables 'rfi_flush'; and it also
>   clears H_CPU_CHAR_L1D_THREAD_PRIV flag. So there is no RFI flush
>   mitigation at all for cpu_show_meltdown() to report; but currently
>   it does:
> 
>   Original kernel:
> 
>     # cat /sys/devices/system/cpu/vulnerabilities/meltdown
>     Mitigation: RFI Flush
> 
>   Patched kernel:
> 
>     # cat /sys/devices/system/cpu/vulnerabilities/meltdown
>     Not affected
> 
>   H_CPU_CHAR=0x0000000000000000
>   H_CPU_BEHAV=0xf000000000000000
> 
>   This sets H_CPU_BEHAV_BNDS_CHK_SPEC_BAR so cpu_show_spectre_v1() should
>   report vulnerable; but currently it doesn't:
> 
>   Original kernel:
> 
>     # cat /sys/devices/system/cpu/vulnerabilities/spectre_v1
>     Not affected
> 
>   Patched kernel:
> 
>     # cat /sys/devices/system/cpu/vulnerabilities/spectre_v1
>     Vulnerable
> 
> Brown-paper-bag-by: Michael Ellerman <mpe at ellerman.id.au>
> Fixes: f636c14790ea ("powerpc/pseries: Set or clear security feature flags")
> Signed-off-by: Mauricio Faria de Oliveira <mauricfo at linux.vnet.ibm.com>
> Signed-off-by: Michael Ellerman <mpe at ellerman.id.au>
> (cherry picked from commit 0f9bdfe3c77091e8704d2e510eb7c2c2c6cde524)
> Signed-off-by: Breno Leitao <leitao at debian.org>

The patch looks fine, however we do need a bug in launchpad for any
patches for bionic now. You can reply with a bug number and we can add
the bug link when applying.

Thanks,
Seth