From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>,
Michael Ellerman <mpe@ellerman.id.au>
Subject: [PATCH 4.9 43/61] powerpc: Move default security feature flags
Date: Tue, 5 Jun 2018 19:02:04 +0200 [thread overview]
Message-ID: <20180605170120.423856841@linuxfoundation.org> (raw)
In-Reply-To: <20180605170117.643936916@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
commit e7347a86830f38dc3e40c8f7e28c04412b12a2e7 upstream.
This moves the definition of the default security feature flags
(i.e., enabled by default) closer to the security feature flags.
This can be used to restore current flags to the default flags.
Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/include/asm/security_features.h | 8 ++++++++
arch/powerpc/kernel/security.c | 7 +------
2 files changed, 9 insertions(+), 6 deletions(-)
--- a/arch/powerpc/include/asm/security_features.h
+++ b/arch/powerpc/include/asm/security_features.h
@@ -63,4 +63,12 @@ static inline bool security_ftr_enabled(
// Firmware configuration indicates user favours security over performance
#define SEC_FTR_FAVOUR_SECURITY 0x0000000000000200ull
+
+// Features enabled by default
+#define SEC_FTR_DEFAULT \
+ (SEC_FTR_L1D_FLUSH_HV | \
+ SEC_FTR_L1D_FLUSH_PR | \
+ SEC_FTR_BNDS_CHK_SPEC_BAR | \
+ SEC_FTR_FAVOUR_SECURITY)
+
#endif /* _ASM_POWERPC_SECURITY_FEATURES_H */
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -11,12 +11,7 @@
#include <asm/security_features.h>
-unsigned long powerpc_security_features __read_mostly = \
- SEC_FTR_L1D_FLUSH_HV | \
- SEC_FTR_L1D_FLUSH_PR | \
- SEC_FTR_BNDS_CHK_SPEC_BAR | \
- SEC_FTR_FAVOUR_SECURITY;
-
+unsigned long powerpc_security_features __read_mostly = SEC_FTR_DEFAULT;
ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf)
{
next prev parent reply other threads:[~2018-06-05 17:06 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-05 17:01 [PATCH 4.9 00/61] 4.9.107-stable review Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 01/61] arm64: lse: Add early clobbers to some input/output asm operands Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 02/61] powerpc/64s: Clear PCR on boot Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 03/61] USB: serial: cp210x: use tcflag_t to fix incompatible pointer type Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 04/61] Revert "pinctrl: msm: Use dynamic GPIO numbering" Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 05/61] xfs: detect agfl count corruption and reset agfl Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 06/61] Revert "ima: limit file hash setting by user to fix and log modes" Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 07/61] Input: elan_i2c_smbus - fix corrupted stack Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 08/61] tracing: Fix crash when freeing instances with event triggers Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 09/61] selinux: KASAN: slab-out-of-bounds in xattr_getsecurity Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 10/61] cfg80211: further limit wiphy names to 64 bytes Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 11/61] dma-buf: remove redundant initialization of sg_table Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 12/61] rtlwifi: rtl8192cu: Remove variable self-assignment in rf.c Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 13/61] ASoC: Intel: sst: remove redundant variable dma_dev_name Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 14/61] platform/chrome: cros_ec_lpc: remove redundant pointer request Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 15/61] x86/amd: revert commit 944e0fc51a89c9827b9 Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 16/61] xen: set cpu capabilities from xen_start_kernel() Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 17/61] x86/amd: dont set X86_BUG_SYSRET_SS_ATTRS when running under Xen Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 18/61] tcp: avoid integer overflows in tcp_rcv_space_adjust() Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 19/61] scsi: ufs: fix failure to read the string descriptor Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 20/61] scsi: ufs: refactor device descriptor reading Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 21/61] scsi: ufs: Factor out ufshcd_read_desc_param Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 22/61] arm64: Add hypervisor safe helper for checking constant capabilities Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 23/61] arm64/cpufeature: dont use mutex in bringup path Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 24/61] powerpc/rfi-flush: Move out of HARDLOCKUP_DETECTOR #ifdef Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 25/61] powerpc/pseries: Support firmware disable of RFI flush Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 26/61] powerpc/powernv: " Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 27/61] powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 28/61] powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 29/61] powerpc/rfi-flush: Always enable fallback flush on pseries Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 30/61] powerpc/rfi-flush: Differentiate enabled and patched flush types Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 31/61] powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 32/61] powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 33/61] powerpc: Add security feature flags for Spectre/Meltdown Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 34/61] powerpc/pseries: Set or clear security feature flags Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 35/61] powerpc/powernv: " Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 36/61] powerpc/64s: Move cpu_show_meltdown() Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 37/61] powerpc/64s: Enhance the information in cpu_show_meltdown() Greg Kroah-Hartman
2018-06-05 17:01 ` [PATCH 4.9 38/61] powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() Greg Kroah-Hartman
2018-06-05 17:02 ` [PATCH 4.9 39/61] powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() Greg Kroah-Hartman
2018-06-05 17:02 ` [PATCH 4.9 40/61] powerpc/64s: Wire up cpu_show_spectre_v1() Greg Kroah-Hartman
2018-06-05 17:02 ` [PATCH 4.9 41/61] powerpc/64s: Wire up cpu_show_spectre_v2() Greg Kroah-Hartman
2018-06-05 17:02 ` [PATCH 4.9 42/61] powerpc/pseries: Fix clearing of security feature flags Greg Kroah-Hartman
2018-06-05 17:02 ` Greg Kroah-Hartman [this message]
2018-06-05 17:02 ` [PATCH 4.9 44/61] powerpc/pseries: Restore default security feature flags on setup Greg Kroah-Hartman
2018-06-05 17:02 ` [PATCH 4.9 45/61] powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() Greg Kroah-Hartman
2018-06-05 17:02 ` [PATCH 4.9 47/61] net/mlx4_en: fix potential use-after-free with dma_unmap_page Greg Kroah-Hartman
2018-06-05 17:02 ` [PATCH 4.9 48/61] iio:kfifo_buf: check for uint overflow Greg Kroah-Hartman
2018-06-05 17:02 ` [PATCH 4.9 49/61] MIPS: ptrace: Fix PTRACE_PEEKUSR requests for 64-bit FGRs Greg Kroah-Hartman
2018-06-05 17:02 ` [PATCH 4.9 50/61] MIPS: prctl: Disallow FRE without FR with PR_SET_FP_MODE requests Greg Kroah-Hartman
2018-06-05 17:02 ` [PATCH 4.9 51/61] scsi: scsi_transport_srp: Fix shost to rport translation Greg Kroah-Hartman
2018-06-05 17:02 ` [PATCH 4.9 52/61] stm class: Use vmalloc for the master map Greg Kroah-Hartman
2018-06-05 17:02 ` [PATCH 4.9 53/61] hwtracing: stm: fix build error on some arches Greg Kroah-Hartman
2018-06-05 17:02 ` [PATCH 4.9 54/61] IB/core: Fix error code for invalid GID entry Greg Kroah-Hartman
2018-06-05 17:02 ` [PATCH 4.9 58/61] fix io_destroy()/aio_complete() race Greg Kroah-Hartman
2018-06-05 17:02 ` [PATCH 4.9 59/61] mm: fix the NULL mapping case in __isolate_lru_page() Greg Kroah-Hartman
2018-06-05 17:02 ` [PATCH 4.9 60/61] sparc64: Dont clibber fixed registers in __multi4 Greg Kroah-Hartman
2018-06-05 17:02 ` [PATCH 4.9 61/61] serial: pl011: add console matching function Greg Kroah-Hartman
2018-06-05 22:01 ` [PATCH 4.9 00/61] 4.9.107-stable review Shuah Khan
2018-06-06 8:06 ` Greg Kroah-Hartman
2018-06-06 11:24 ` Naresh Kamboju
2018-06-06 13:29 ` Guenter Roeck
2018-06-06 13:32 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180605170120.423856841@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mauricfo@linux.vnet.ibm.com \
--cc=mpe@ellerman.id.au \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).