LinuxPPC-Dev Archive on lore.kernel.org
 help / color / mirror / Atom feed
From: T T <tath76@yahoo.com>
To: linuxppc-dev@ozlabs.org, Michael Ellerman <mpe@ellerman.id.au>
Cc: mauricfo@linux.vnet.ibm.com
Subject: Re: [PATCH v2 10/10] powerpc/64s: Wire up cpu_show_spectre_v2()
Date: Tue, 27 Mar 2018 12:36:28 +0000 (UTC)	[thread overview]
Message-ID: <1464025410.301444.1522154188153@mail.yahoo.com> (raw)
In-Reply-To: <20180327120153.31612-10-mpe@ellerman.id.au>

[-- Attachment #1: Type: text/plain, Size: 2332 bytes --]

 unscribed me 

    On ‎Tuesday‎, ‎March‎ ‎27‎, ‎2018‎ ‎05‎:‎31‎:‎31‎ ‎AM‎ ‎PDT, Michael Ellerman <mpe@ellerman.id.au> wrote:  
 
 Add a definition for cpu_show_spectre_v2() to override the generic
version. This has several permuations, though in practice some may not
occur we cater for any combination.

The most verbose is:

  Mitigation: Indirect branch serialisation (kernel only), Indirect
  branch cache disabled, ori31 speculation barrier enabled

We don't treat the ori31 speculation barrier as a mitigation on its
own, because it has to be *used* by code in order to be a mitigation
and we don't know if userspace is doing that. So if that's all we see
we say:

  Vulnerable, ori31 speculation barrier enabled

Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
---
 arch/powerpc/kernel/security.c | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
index 0eace3cac818..2cee3dcd231b 100644
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -58,3 +58,36 @@ ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, c
 
     return sprintf(buf, "Vulnerable\n");
 }
+
+ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf)
+{
+    bool bcs, ccd, ori;
+    struct seq_buf s;
+
+    seq_buf_init(&s, buf, PAGE_SIZE - 1);
+
+    bcs = security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED);
+    ccd = security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED);
+    ori = security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31);
+
+    if (bcs || ccd) {
+        seq_buf_printf(&s, "Mitigation: ");
+
+        if (bcs)
+            seq_buf_printf(&s, "Indirect branch serialisation (kernel only)");
+
+        if (bcs && ccd)
+            seq_buf_printf(&s, ", ");
+
+        if (ccd)
+            seq_buf_printf(&s, "Indirect branch cache disabled");
+    } else
+        seq_buf_printf(&s, "Vulnerable");
+
+    if (ori)
+        seq_buf_printf(&s, ", ori31 speculation barrier enabled");
+
+    seq_buf_printf(&s, "\n");
+
+    return s.len;
+}
-- 
2.14.1

  

[-- Attachment #2: Type: text/html, Size: 4554 bytes --]

  reply	other threads:[~2018-03-27 12:36 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-03-27 12:01 [PATCH v2 01/10] powerpc: Add security feature flags for Spectre/Meltdown Michael Ellerman
2018-03-27 12:01 ` [PATCH v2 02/10] powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags Michael Ellerman
2018-03-27 12:01 ` [PATCH v2 03/10] powerpc/pseries: Set or clear security feature flags Michael Ellerman
2018-03-29 18:35   ` Mauricio Faria de Oliveira
2018-03-27 12:01 ` [PATCH v2 04/10] powerpc/powernv: " Michael Ellerman
2018-03-27 12:01 ` [PATCH v2 05/10] powerpc/64s: Move cpu_show_meltdown() Michael Ellerman
2018-03-27 12:01 ` [PATCH v2 06/10] powerpc/64s: Enhance the information in cpu_show_meltdown() Michael Ellerman
2018-03-27 12:01 ` [PATCH v2 07/10] powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() Michael Ellerman
2018-03-27 12:01 ` [PATCH v2 08/10] powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() Michael Ellerman
2018-03-27 12:01 ` [PATCH v2 09/10] powerpc/64s: Wire up cpu_show_spectre_v1() Michael Ellerman
2018-03-27 12:01 ` [PATCH v2 10/10] powerpc/64s: Wire up cpu_show_spectre_v2() Michael Ellerman
2018-03-27 12:36   ` T T [this message]
2018-03-28  9:15   ` Diana Madalina Craciun
2018-03-27 13:42 ` [PATCH v2 01/10] powerpc: Add security feature flags for Spectre/Meltdown Gabriel Paubert
2018-03-28 14:13 ` [v2, " Michael Ellerman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1464025410.301444.1522154188153@mail.yahoo.com \
    --to=tath76@yahoo.com \
    --cc=linuxppc-dev@ozlabs.org \
    --cc=mauricfo@linux.vnet.ibm.com \
    --cc=mpe@ellerman.id.au \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox