From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Michael Ellerman <mpe@ellerman.id.au>
Subject: [PATCH 4.18 07/22] powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2
Date: Thu, 23 Aug 2018 09:56:33 +0200 [thread overview]
Message-ID: <20180823074759.631403023@linuxfoundation.org> (raw)
In-Reply-To: <20180823074759.234685844@linuxfoundation.org>
4.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Ellerman <mpe@ellerman.id.au>
commit 6d44acae1937b81cf8115ada8958e04f601f3f2e upstream.
When I added the spectre_v2 information in sysfs, I included the
availability of the ori31 speculation barrier.
Although the ori31 barrier can be used to mitigate v2, it's primarily
intended as a spectre v1 mitigation. Spectre v2 is mitigated by
hardware changes.
So rework the sysfs files to show the ori31 information in the
spectre_v1 file, rather than v2.
Currently we display eg:
$ grep . spectre_v*
spectre_v1:Mitigation: __user pointer sanitization
spectre_v2:Mitigation: Indirect branch cache disabled, ori31 speculation barrier enabled
After:
$ grep . spectre_v*
spectre_v1:Mitigation: __user pointer sanitization, ori31 speculation barrier enabled
spectre_v2:Mitigation: Indirect branch cache disabled
Fixes: d6fbe1c55c55 ("powerpc/64s: Wire up cpu_show_spectre_v2()")
Cc: stable@vger.kernel.org # v4.17+
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/kernel/security.c | 27 +++++++++++++++++----------
1 file changed, 17 insertions(+), 10 deletions(-)
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -117,25 +117,35 @@ ssize_t cpu_show_meltdown(struct device
ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, char *buf)
{
- if (!security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR))
- return sprintf(buf, "Not affected\n");
+ struct seq_buf s;
+
+ seq_buf_init(&s, buf, PAGE_SIZE - 1);
+
+ if (security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR)) {
+ if (barrier_nospec_enabled)
+ seq_buf_printf(&s, "Mitigation: __user pointer sanitization");
+ else
+ seq_buf_printf(&s, "Vulnerable");
- if (barrier_nospec_enabled)
- return sprintf(buf, "Mitigation: __user pointer sanitization\n");
+ if (security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31))
+ seq_buf_printf(&s, ", ori31 speculation barrier enabled");
- return sprintf(buf, "Vulnerable\n");
+ seq_buf_printf(&s, "\n");
+ } else
+ seq_buf_printf(&s, "Not affected\n");
+
+ return s.len;
}
ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf)
{
- bool bcs, ccd, ori;
struct seq_buf s;
+ bool bcs, ccd;
seq_buf_init(&s, buf, PAGE_SIZE - 1);
bcs = security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED);
ccd = security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED);
- ori = security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31);
if (bcs || ccd) {
seq_buf_printf(&s, "Mitigation: ");
@@ -151,9 +161,6 @@ ssize_t cpu_show_spectre_v2(struct devic
} else
seq_buf_printf(&s, "Vulnerable");
- if (ori)
- seq_buf_printf(&s, ", ori31 speculation barrier enabled");
-
seq_buf_printf(&s, "\n");
return s.len;
next prev parent reply other threads:[~2018-08-23 9:11 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-23 7:56 [PATCH 4.18 00/22] 4.18.5-stable review Greg Kroah-Hartman
2018-08-23 7:56 ` [PATCH 4.18 02/22] pty: fix O_CLOEXEC for TIOCGPTPEER Greg Kroah-Hartman
2018-08-23 7:56 ` [PATCH 4.18 03/22] mm: Allow non-direct-map arguments to free_reserved_area() Greg Kroah-Hartman
2018-08-23 7:56 ` [PATCH 4.18 04/22] x86/mm/init: Pass unconverted symbol addresses to free_init_pages() Greg Kroah-Hartman
2018-08-23 7:56 ` [PATCH 4.18 05/22] x86/mm/init: Add helper for freeing kernel image pages Greg Kroah-Hartman
2018-08-23 7:56 ` [PATCH 4.18 06/22] x86/mm/init: Remove freed kernel image areas from alias mapping Greg Kroah-Hartman
2018-08-23 7:56 ` Greg Kroah-Hartman [this message]
2018-08-23 7:56 ` [PATCH 4.18 08/22] ext4: fix spectre gadget in ext4_mb_regular_allocator() Greg Kroah-Hartman
2018-08-23 7:56 ` [PATCH 4.18 09/22] drm/i915/kvmgt: Fix potential Spectre v1 Greg Kroah-Hartman
2018-08-23 7:56 ` [PATCH 4.18 10/22] drm/amdgpu/pm: " Greg Kroah-Hartman
2018-08-23 7:56 ` [PATCH 4.18 14/22] PCI / ACPI / PM: Resume all bridges on suspend-to-RAM Greg Kroah-Hartman
2018-08-23 7:56 ` [PATCH 4.18 15/22] PCI: hotplug: Dont leak pci_slot on registration failure Greg Kroah-Hartman
2018-08-23 7:56 ` [PATCH 4.18 16/22] PCI: aardvark: Size bridges before resources allocation Greg Kroah-Hartman
2018-08-23 7:56 ` [PATCH 4.18 17/22] PCI: Skip MPS logic for Virtual Functions (VFs) Greg Kroah-Hartman
2018-08-23 7:56 ` [PATCH 4.18 18/22] PCI: pciehp: Fix use-after-free on unplug Greg Kroah-Hartman
2018-08-23 7:56 ` [PATCH 4.18 19/22] PCI: pciehp: Fix unprotected list iteration in IRQ handler Greg Kroah-Hartman
2018-08-23 7:56 ` [PATCH 4.18 20/22] i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes Greg Kroah-Hartman
2018-08-23 7:56 ` [PATCH 4.18 22/22] reiserfs: fix broken xattr handling (heap corruption, bad retval) Greg Kroah-Hartman
2018-08-23 19:20 ` [PATCH 4.18 00/22] 4.18.5-stable review Shuah Khan
2018-08-23 20:34 ` Greg Kroah-Hartman
2018-08-23 20:12 ` Guenter Roeck
2018-08-23 20:52 ` Greg Kroah-Hartman
2018-08-24 5:07 ` Naresh Kamboju
2018-08-24 6:18 ` Greg Kroah-Hartman
-- strict thread matches above, loose matches on Subject: below --
2018-08-23 7:56 [4.18,01/22] EDAC: Add missing MEM_LRDDR4 entry in edac_mem_types[] Greg Kroah-Hartman
2018-08-23 7:56 ` [PATCH 4.18 01/22] " Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180823074759.631403023@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mpe@ellerman.id.au \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.