ACK/APPLIED[B]: [Bionic] [PATCH] powerpc/pseries: Fix clearing of security feature flags
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Thu Apr 19 16:52:47 UTC 2018
On Thu, Apr 19, 2018 at 12:23:21PM -0300, Breno Leitao wrote:
> Hi Seth,
>
> On Thu, Apr 19, 2018 at 08:32:07AM -0500, Seth Forshee wrote:
> > On Thu, Apr 19, 2018 at 10:16:03AM -0300, Breno Leitao wrote:
> > > From: Mauricio Faria de Oliveira <mauricfo at linux.vnet.ibm.com>
> > >
> > > The H_CPU_BEHAV_* flags should be checked for in the 'behaviour' field
> > > of 'struct h_cpu_char_result' -- 'character' is for H_CPU_CHAR_*
> > > flags.
> > >
> > > Found by playing around with QEMU's implementation of the hypercall:
> > >
> > > H_CPU_CHAR=0xf000000000000000
> > > H_CPU_BEHAV=0x0000000000000000
> > >
> > > This clears H_CPU_BEHAV_FAVOUR_SECURITY and H_CPU_BEHAV_L1D_FLUSH_PR
> > > so pseries_setup_rfi_flush() disables 'rfi_flush'; and it also
> > > clears H_CPU_CHAR_L1D_THREAD_PRIV flag. So there is no RFI flush
> > > mitigation at all for cpu_show_meltdown() to report; but currently
> > > it does:
> > >
> > > Original kernel:
> > >
> > > # cat /sys/devices/system/cpu/vulnerabilities/meltdown
> > > Mitigation: RFI Flush
> > >
> > > Patched kernel:
> > >
> > > # cat /sys/devices/system/cpu/vulnerabilities/meltdown
> > > Not affected
> > >
> > > H_CPU_CHAR=0x0000000000000000
> > > H_CPU_BEHAV=0xf000000000000000
> > >
> > > This sets H_CPU_BEHAV_BNDS_CHK_SPEC_BAR so cpu_show_spectre_v1() should
> > > report vulnerable; but currently it doesn't:
> > >
> > > Original kernel:
> > >
> > > # cat /sys/devices/system/cpu/vulnerabilities/spectre_v1
> > > Not affected
> > >
> > > Patched kernel:
> > >
> > > # cat /sys/devices/system/cpu/vulnerabilities/spectre_v1
> > > Vulnerable
> > >
> > > Brown-paper-bag-by: Michael Ellerman <mpe at ellerman.id.au>
> > > Fixes: f636c14790ea ("powerpc/pseries: Set or clear security feature flags")
> > > Signed-off-by: Mauricio Faria de Oliveira <mauricfo at linux.vnet.ibm.com>
> > > Signed-off-by: Michael Ellerman <mpe at ellerman.id.au>
> > > (cherry picked from commit 0f9bdfe3c77091e8704d2e510eb7c2c2c6cde524)
> > > Signed-off-by: Breno Leitao <leitao at debian.org>
> >
> > The patch looks fine, however we do need a bug in launchpad for any
> > patches for bionic now. You can reply with a bug number and we can add
> > the bug link when applying.
>
> Right, this is the bug link:
>
> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1765429
>
> Thanks,
> Breno
Added the BugLink and applied to bionic master-next branch.
Thanks.
Cascardo.
Acked-by: Thadeu Lima de Souza Cascardo <cascardo at canonical.com>
Applied-to: bionic/master-next
More information about the kernel-team
mailing list