ACK/APPLIED[B]: [Bionic] [PATCH] powerpc/pseries: Fix clearing of security feature flags

Thadeu Lima de Souza Cascardo cascardo at canonical.com
Thu Apr 19 16:52:47 UTC 2018 

On Thu, Apr 19, 2018 at 12:23:21PM -0300, Breno Leitao wrote:
> Hi Seth,
> 
> On Thu, Apr 19, 2018 at 08:32:07AM -0500, Seth Forshee wrote:
> > On Thu, Apr 19, 2018 at 10:16:03AM -0300, Breno Leitao wrote:
> > > From: Mauricio Faria de Oliveira <mauricfo at linux.vnet.ibm.com>
> > > 
> > > The H_CPU_BEHAV_* flags should be checked for in the 'behaviour' field
> > > of 'struct h_cpu_char_result' -- 'character' is for H_CPU_CHAR_*
> > > flags.
> > > 
> > > Found by playing around with QEMU's implementation of the hypercall:
> > > 
> > >   H_CPU_CHAR=0xf000000000000000
> > >   H_CPU_BEHAV=0x0000000000000000
> > > 
> > >   This clears H_CPU_BEHAV_FAVOUR_SECURITY and H_CPU_BEHAV_L1D_FLUSH_PR
> > >   so pseries_setup_rfi_flush() disables 'rfi_flush'; and it also
> > >   clears H_CPU_CHAR_L1D_THREAD_PRIV flag. So there is no RFI flush
> > >   mitigation at all for cpu_show_meltdown() to report; but currently
> > >   it does:
> > > 
> > >   Original kernel:
> > > 
> > >     # cat /sys/devices/system/cpu/vulnerabilities/meltdown
> > >     Mitigation: RFI Flush
> > > 
> > >   Patched kernel:
> > > 
> > >     # cat /sys/devices/system/cpu/vulnerabilities/meltdown
> > >     Not affected
> > > 
> > >   H_CPU_CHAR=0x0000000000000000
> > >   H_CPU_BEHAV=0xf000000000000000
> > > 
> > >   This sets H_CPU_BEHAV_BNDS_CHK_SPEC_BAR so cpu_show_spectre_v1() should
> > >   report vulnerable; but currently it doesn't:
> > > 
> > >   Original kernel:
> > > 
> > >     # cat /sys/devices/system/cpu/vulnerabilities/spectre_v1
> > >     Not affected
> > > 
> > >   Patched kernel:
> > > 
> > >     # cat /sys/devices/system/cpu/vulnerabilities/spectre_v1
> > >     Vulnerable
> > > 
> > > Brown-paper-bag-by: Michael Ellerman <mpe at ellerman.id.au>
> > > Fixes: f636c14790ea ("powerpc/pseries: Set or clear security feature flags")
> > > Signed-off-by: Mauricio Faria de Oliveira <mauricfo at linux.vnet.ibm.com>
> > > Signed-off-by: Michael Ellerman <mpe at ellerman.id.au>
> > > (cherry picked from commit 0f9bdfe3c77091e8704d2e510eb7c2c2c6cde524)
> > > Signed-off-by: Breno Leitao <leitao at debian.org>
> > 
> > The patch looks fine, however we do need a bug in launchpad for any
> > patches for bionic now. You can reply with a bug number and we can add
> > the bug link when applying.
> 
> Right, this is the bug link:
> 
> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1765429
> 
> Thanks,
> Breno

Added the BugLink and applied to bionic master-next branch.

Thanks.
Cascardo.

Acked-by: Thadeu Lima de Souza Cascardo <cascardo at canonical.com>
Applied-to: bionic/master-next

More information about the kernel-team mailing list