[PULL][Bionic] Address Spectre V2 on Power9 DD2.3

Manoj Iyer manoj.iyer at canonical.com
Fri Apr 12 19:39:02 UTC 2019 

BugLink: https://bugs.launchpad.net/bugs/1822870

Please consider the following patches to address Spectre V2 Meltdown 
vulnerability in Power9 DD2.3. The patches were identified as IBM as being 
critical for addressing this issue on Bionic 4.15 kernel. Majority of the 
patches were clean cherry-picks and a few patches requiring minor 
backports.

A test kernel was made available in PPA: ppa:ubuntu-power-triage/lp1822870 
(built for Power and AMD64 archs) and test results based on this kernel on 
Power9 DD2.3 is available in the bug report. We do not have Power9 DD2.3 
hardware in-house, so all testing was done by IBM.

The patches are isolated to the ppc64el architecture, and IBM has not 
reported any regressions, and they have verified that the test kernel 
works as expected.

I have cced Michael Ranweiler at IBM on this pull request so that we can get 
help to address any concerns you might have after SRU review.

The following changes since commit 
c50532b9d7b623ff98aeaf0b848e58adae54ca75:

   UBUNTU: Ubuntu-4.15.0-48.51 (2019-04-02 18:31:55 +0200)

are available in the Git repository at:

   git+ssh://git.launchpad.net/~manjo/+git/bionic-lp1822870 spectre-1822870

for you to fetch changes up to a527672055a2477c4d93bb0cce7a2bdc9e8558b8:

   powerpc: Avoid code patching freed init sections (2019-04-12 13:36:07 
-0500)

----------------------------------------------------------------
Christophe Leroy (2):
       powerpc/lib/code-patching: refactor patch_instruction()
       powerpc/lib/feature-fixups: use raw_patch_instruction()

Diana Craciun (5):
       powerpc/64: Disable the speculation barrier from the command line
       powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
       powerpc/64: Make meltdown reporting Book3S 64 specific
       powerpc/fsl: Fix spectre_v2 mitigations reporting
       powerpc/fsl: Add nospectre_v2 command line argument

Michael Ellerman (11):
       powerpc: Use barrier_nospec in copy_from_user()
       powerpc/64: Use barrier_nospec in syscall entry
       powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2
       powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
       powerpc/64: Call setup_barrier_nospec() from setup_arch()
       powerpc/asm: Add a patch_site macro & helpers for patching 
instructions
       powerpc/64s: Add new security feature flags for count cache flush
       powerpc/64s: Add support for software count cache flush
       powerpc/pseries: Query hypervisor for count cache flush settings
       powerpc/powernv: Query firmware for count cache flush settings
       powerpc/security: Fix spectre_v2 reporting

Michael Neuling (1):
       powerpc: Avoid code patching freed init sections

Michal Suchanek (4):
       powerpc/64s: Add support for ori barrier_nospec patching
       powerpc/64s: Patch barrier_nospec in modules
       powerpc/64s: Enable barrier_nospec based on firmware settings
       powerpc/64s: Enhance the information in cpu_show_spectre_v1()

Suraj Jitindar Singh (1):
       KVM: PPC: Book3S: Add count cache flush parameters to 
kvmppc_get_cpu_char()

  arch/powerpc/Kconfig                         |   7 +-
  arch/powerpc/include/asm/asm-prototypes.h    |  15 ++
  arch/powerpc/include/asm/barrier.h           |   8 +-
  arch/powerpc/include/asm/code-patching-asm.h |  18 +++
  arch/powerpc/include/asm/code-patching.h     |   3 +
  arch/powerpc/include/asm/feature-fixups.h    |   9 ++
  arch/powerpc/include/asm/hvcall.h            |   2 +
  arch/powerpc/include/asm/security_features.h |   7 +
  arch/powerpc/include/asm/setup.h             |  21 +++
  arch/powerpc/include/asm/uaccess.h           |  11 +-
  arch/powerpc/include/uapi/asm/kvm.h          |   2 +
  arch/powerpc/kernel/Makefile                 |   3 +-
  arch/powerpc/kernel/entry_64.S               |  64 ++++++++
  arch/powerpc/kernel/module.c                 |  10 +-
  arch/powerpc/kernel/security.c               | 215 
+++++++++++++++++++++++++--
  arch/powerpc/kernel/setup-common.c           |   2 +
  arch/powerpc/kernel/vmlinux.lds.S            |  11 +-
  arch/powerpc/kvm/powerpc.c                   |  18 ++-
  arch/powerpc/lib/code-patching.c             |  55 +++++--
  arch/powerpc/lib/feature-fixups.c            |  47 +++++-
  arch/powerpc/mm/mem.c                        |   2 +
  arch/powerpc/platforms/powernv/setup.c       |   7 +
  arch/powerpc/platforms/pseries/setup.c       |   7 +
  23 files changed, 502 insertions(+), 42 deletions(-)
  create mode 100644 arch/powerpc/include/asm/code-patching-asm.h

--
============================
Manoj Iyer
Ubuntu/Canonical
============================

More information about the kernel-team mailing list