From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Cyrus-Session-Id: sloti22d1t05-1733193-1527156055-2-11088420372787854582 X-Sieve: CMU Sieve 3.0 X-Spam-known-sender: no X-Spam-score: 0.0 X-Spam-hits: BAYES_00 -1.9, HEADER_FROM_DIFFERENT_DOMAINS 0.25, RCVD_IN_DNSWL_HI -5, SPF_PASS -0.001, LANGUAGES en, BAYES_USED global, SA_VERSION 3.4.0 X-Spam-source: IP='198.145.29.99', Host='mail.kernel.org', Country='US', FromHeader='org', MailFrom='org' X-Spam-charsets: plain='UTF-8' X-Resolved-to: greg@kroah.com X-Delivered-to: greg@kroah.com X-Mail-from: SRS0=We5Z=IL=linuxfoundation.org=gregkh@kernel.org ARC-Seal: i=1; a=rsa-sha256; cv=none; d=messagingengine.com; s=fm2; t= 1527156055; b=iyiA90kx/L1cPYVFbCHiumqLzjd+F/Rq2bGwA7r7tpKhAosG/6 vrx3sYgEo0Kw/Oat0uKjaoXZRh1jyQ/8GNmyLUqdpaPUN27zc3xutG8T6FnWLhkJ qxzK4QjLd/UHd+SOGbg75ThHQLbgdTNWLKItzMAVJ/+lQJd60fROx//Q+44jViDH m7Wny+Tj1p2MFVgHy0THDlz6hz0jSomz6iB1KCLVh8RKH11l/YUQ/rFM5vmnetIJ 0JyesbK2G6SQYYVjfk78z1hm2+ilQgDow2Cv6cMPBYP8Sr3FoWzDQ+pFEGByO6FF EREEHq7ArIzbyQWzgM89tt5ix8yjoG1WswrQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-type; s=fm2; t= 1527156055; bh=LgWC/EUY+tAtYToAhkKKlIzupRkMHBvpsnmvIpTqKAs=; b=X AKUFxCPnmPO4d6KqN2KKItN0rwKbMkaXCSZO9u5+YTtQ1xDkU37/7Nxn/wSfR5l9 ZhbUMWDlT3OIiNbshG4E/oMn0DkG4OXx58bb6dZTv0RLHUT8NOZttp8ODBzGlp9T IZRu6XZHw1J9CxeCjNb804tzL/qABDludaxe0vdBxgBKUd/gAgD42qqeXhuqttnz 9GRoF6ZDduzotvRw2iaxLDBYEdYNyXH9EJ5prZ83xRqBMiwnLScGAS+6NfUWwgWZ JL4uaVEKPCcl/ctOCVMbyvZcZpyvxUq1Hl+AeIsiG1wUHJUp/kR9dd4jwCqn/Ub/ lvGDHJZBTwfyYXiKv5SVQ== ARC-Authentication-Results: i=1; mx1.messagingengine.com; arc=none (no signatures found); dkim=pass (1024-bit rsa key sha256) header.d=kernel.org header.i=@kernel.org header.b=uz9gzxe7 x-bits=1024 x-keytype=rsa x-algorithm=sha256 x-selector=default; dmarc=none (p=none,d=none) header.from=linuxfoundation.org; iprev=pass policy.iprev=198.145.29.99 (mail.kernel.org); spf=pass smtp.mailfrom="SRS0=We5Z=IL=linuxfoundation.org=gregkh@kernel.org" smtp.helo=mail.kernel.org; x-aligned-from=fail; x-cm=none score=0; x-ptr=pass x-ptr-helo=mail.kernel.org x-ptr-lookup=mail.kernel.org; x-return-mx=pass smtp.domain=kernel.org smtp.result=pass smtp_is_org_domain=yes header.domain=linuxfoundation.org header.result=pass header_is_org_domain=yes; x-tls=pass version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128; x-vs=clean score=-100 state=0 Authentication-Results: mx1.messagingengine.com; arc=none (no signatures found); dkim=pass (1024-bit rsa key sha256) header.d=kernel.org header.i=@kernel.org header.b=uz9gzxe7 x-bits=1024 x-keytype=rsa x-algorithm=sha256 x-selector=default; dmarc=none (p=none,d=none) header.from=linuxfoundation.org; iprev=pass policy.iprev=198.145.29.99 (mail.kernel.org); spf=pass smtp.mailfrom="SRS0=We5Z=IL=linuxfoundation.org=gregkh@kernel.org" smtp.helo=mail.kernel.org; x-aligned-from=fail; x-cm=none score=0; x-ptr=pass x-ptr-helo=mail.kernel.org x-ptr-lookup=mail.kernel.org; x-return-mx=pass smtp.domain=kernel.org smtp.result=pass smtp_is_org_domain=yes header.domain=linuxfoundation.org header.result=pass header_is_org_domain=yes; x-tls=pass version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128; x-vs=clean score=-100 state=0 X-ME-VSCategory: clean X-CM-Envelope: MS4wfG00oqskNboD5Cg9MKVBa5pa1QYADHFJ4pV4IBTcLnEIAEtwKJnY4fK0Oh+RBkDqU1ayG6fYAd6vutaArTJiMUYrv7n2sih8Zl+udB1sHS9U/h2R5v/G C5+M0SZLjUN+q9ad/WsiGkHzkGsQD5EAPyWZeZ9CsG7+aWAmDyX6rJGN/3/H3DL49kGp8j0VIoNio8afgbuyRk/f1lYV01TbGEsATkvhHzWFs1shscacvKu7 X-CM-Analysis: v=2.3 cv=WaUilXpX c=1 sm=1 tr=0 a=czNdAM+YcK12vDHDihaDnQ==:117 a=czNdAM+YcK12vDHDihaDnQ==:17 a=IkcTkHD0fZMA:10 a=VUJBJC2UJ8kA:10 a=VnNF1IyMAAAA:8 a=ag1SF4gXAAAA:8 a=J8Gn88GXWbtqjP03ZV8A:9 a=QEXdDO2ut3YA:10 a=Yupwre4RP9_Eg_Bd0iYG:22 X-ME-CMScore: 0 X-ME-CMCategory: none From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, greg@kroah.com Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Mauricio Faria de Oliveira , Michael Ellerman Subject: [PATCH 4.16 046/161] powerpc/pseries: Fix clearing of security feature flags Date: Thu, 24 May 2018 11:37:51 +0200 Message-Id: <20180524093023.906068189@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180524093018.331893860@linuxfoundation.org> References: <20180524093018.331893860@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-getmail-retrieved-from-mailbox: INBOX X-Mailing-List: linux-kernel@vger.kernel.org List-ID: 4.16-stable review patch. If anyone has any objections, please let me know. ------------------ From: Mauricio Faria de Oliveira commit 0f9bdfe3c77091e8704d2e510eb7c2c2c6cde524 upstream. The H_CPU_BEHAV_* flags should be checked for in the 'behaviour' field of 'struct h_cpu_char_result' -- 'character' is for H_CPU_CHAR_* flags. Found by playing around with QEMU's implementation of the hypercall: H_CPU_CHAR=0xf000000000000000 H_CPU_BEHAV=0x0000000000000000 This clears H_CPU_BEHAV_FAVOUR_SECURITY and H_CPU_BEHAV_L1D_FLUSH_PR so pseries_setup_rfi_flush() disables 'rfi_flush'; and it also clears H_CPU_CHAR_L1D_THREAD_PRIV flag. So there is no RFI flush mitigation at all for cpu_show_meltdown() to report; but currently it does: Original kernel: # cat /sys/devices/system/cpu/vulnerabilities/meltdown Mitigation: RFI Flush Patched kernel: # cat /sys/devices/system/cpu/vulnerabilities/meltdown Not affected H_CPU_CHAR=0x0000000000000000 H_CPU_BEHAV=0xf000000000000000 This sets H_CPU_BEHAV_BNDS_CHK_SPEC_BAR so cpu_show_spectre_v1() should report vulnerable; but currently it doesn't: Original kernel: # cat /sys/devices/system/cpu/vulnerabilities/spectre_v1 Not affected Patched kernel: # cat /sys/devices/system/cpu/vulnerabilities/spectre_v1 Vulnerable Brown-paper-bag-by: Michael Ellerman Fixes: f636c14790ea ("powerpc/pseries: Set or clear security feature flags") Signed-off-by: Mauricio Faria de Oliveira Signed-off-by: Michael Ellerman Signed-off-by: Greg Kroah-Hartman --- arch/powerpc/platforms/pseries/setup.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/arch/powerpc/platforms/pseries/setup.c +++ b/arch/powerpc/platforms/pseries/setup.c @@ -484,13 +484,13 @@ static void init_cpu_char_feature_flags( * The features below are enabled by default, so we instead look to see * if firmware has *disabled* them, and clear them if so. */ - if (!(result->character & H_CPU_BEHAV_FAVOUR_SECURITY)) + if (!(result->behaviour & H_CPU_BEHAV_FAVOUR_SECURITY)) security_ftr_clear(SEC_FTR_FAVOUR_SECURITY); - if (!(result->character & H_CPU_BEHAV_L1D_FLUSH_PR)) + if (!(result->behaviour & H_CPU_BEHAV_L1D_FLUSH_PR)) security_ftr_clear(SEC_FTR_L1D_FLUSH_PR); - if (!(result->character & H_CPU_BEHAV_BNDS_CHK_SPEC_BAR)) + if (!(result->behaviour & H_CPU_BEHAV_BNDS_CHK_SPEC_BAR)) security_ftr_clear(SEC_FTR_BNDS_CHK_SPEC_BAR); }