From: Michael Ellerman <patch-notifications@ellerman.id.au>
To: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>,
linuxppc-dev@lists.ozlabs.org
Subject: Re: powerpc/pseries: Fix to clear security feature flags
Date: Sun, 1 Apr 2018 01:04:13 +1100 (AEDT) [thread overview]
Message-ID: <40D0bL4ntgz9s1r@ozlabs.org> (raw)
In-Reply-To: <1522348331-30753-1-git-send-email-mauricfo@linux.vnet.ibm.com>
On Thu, 2018-03-29 at 18:32:11 UTC, Mauricio Faria de Oliveira wrote:
> The H_CPU_BEHAV_* flags should be checked for in the 'behaviour' field
> of 'struct h_cpu_char_result' -- 'character' is for H_CPU_CHAR_* flags.
>
> Found it by playing around with QEMU's implementation of the hypercall:
>
> Example:
> H_CPU_CHAR=0xf000000000000000
> H_CPU_BEHAV=0x0000000000000000
>
> This clears H_CPU_BEHAV_FAVOUR_SECURITY and H_CPU_BEHAV_L1D_FLUSH_PR
> so pseries_setup_rfi_flush() disables 'rfi_flush'; and it also clears
> H_CPU_CHAR_L1D_THREAD_PRIV flag. So there is no RFI flush mitigation
> at all for cpu_show_meltdown() to report; but currently it does:
>
> Original kernel:
>
> # cat /sys/devices/system/cpu/vulnerabilities/meltdown
> Mitigation: RFI Flush
>
> Patched kernel:
>
> # cat /sys/devices/system/cpu/vulnerabilities/meltdown
> Not affected
>
> Example:
> H_CPU_CHAR=0x0000000000000000
> H_CPU_BEHAV=0xf000000000000000
>
> This sets H_CPU_BEHAV_BNDS_CHK_SPEC_BAR so cpu_show_spectre_v1() should
> report vulnerable; but currently it doesn't:
>
> Original kernel:
>
> # cat /sys/devices/system/cpu/vulnerabilities/spectre_v1
> Not affected
>
> Patched kernel:
>
> # cat /sys/devices/system/cpu/vulnerabilities/spectre_v1
> Vulnerable
>
> Fixes: f636c14790ea ("powerpc/pseries: Set or clear security feature flags")
> Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
Applied to powerpc next, thanks.
https://git.kernel.org/powerpc/c/0f9bdfe3c77091e8704d2e510eb7c2
cheers
prev parent reply other threads:[~2018-03-31 14:04 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-29 18:32 [PATCH] powerpc/pseries: Fix to clear security feature flags Mauricio Faria de Oliveira
2018-03-31 14:04 ` Michael Ellerman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=40D0bL4ntgz9s1r@ozlabs.org \
--to=patch-notifications@ellerman.id.au \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mauricfo@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).