1. 17 5月, 2019 1 次提交
    • B
      powerpc/64s: Include cpu header · 0dc9ad4e
      Breno Leitao 提交于
      commit 42e2acde1237878462b028f5a27d9cc5bea7502c upstream.
      
      Current powerpc security.c file is defining functions, as
      cpu_show_meltdown(), cpu_show_spectre_v{1,2} and others, that are being
      declared at linux/cpu.h header without including the header file that
      contains these declarations.
      
      This is being reported by sparse, which thinks that these functions are
      static, due to the lack of declaration:
      
      	arch/powerpc/kernel/security.c:105:9: warning: symbol 'cpu_show_meltdown' was not declared. Should it be static?
      	arch/powerpc/kernel/security.c:139:9: warning: symbol 'cpu_show_spectre_v1' was not declared. Should it be static?
      	arch/powerpc/kernel/security.c:161:9: warning: symbol 'cpu_show_spectre_v2' was not declared. Should it be static?
      	arch/powerpc/kernel/security.c:209:6: warning: symbol 'stf_barrier' was not declared. Should it be static?
      	arch/powerpc/kernel/security.c:289:9: warning: symbol 'cpu_show_spec_store_bypass' was not declared. Should it be static?
      
      This patch simply includes the proper header (linux/cpu.h) to match
      function definition and declaration.
      Signed-off-by: NBreno Leitao <leitao@debian.org>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      Cc: Joel Stanley <joel@jms.id.au>
      Cc: Nathan Chancellor <natechancellor@gmail.com>
      Cc: Major Hayden <major@redhat.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      0dc9ad4e
  2. 15 5月, 2019 1 次提交
    • J
      powerpc/speculation: Support 'mitigations=' cmdline option · 74857f69
      Josh Poimboeuf 提交于
      commit 782e69efb3dfed6e8360bc612e8c7827a901a8f9 upstream
      
      Configure powerpc CPU runtime speculation bug mitigations in accordance
      with the 'mitigations=' cmdline option.  This affects Meltdown, Spectre
      v1, Spectre v2, and Speculative Store Bypass.
      
      The default behavior is unchanged.
      Signed-off-by: NJosh Poimboeuf <jpoimboe@redhat.com>
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      Tested-by: Jiri Kosina <jkosina@suse.cz> (on x86)
      Reviewed-by: NJiri Kosina <jkosina@suse.cz>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: "H . Peter Anvin" <hpa@zytor.com>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Jiri Kosina <jikos@kernel.org>
      Cc: Waiman Long <longman@redhat.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Cc: Jon Masters <jcm@redhat.com>
      Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      Cc: Paul Mackerras <paulus@samba.org>
      Cc: Michael Ellerman <mpe@ellerman.id.au>
      Cc: linuxppc-dev@lists.ozlabs.org
      Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
      Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
      Cc: linux-s390@vger.kernel.org
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Cc: linux-arm-kernel@lists.infradead.org
      Cc: linux-arch@vger.kernel.org
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: Tyler Hicks <tyhicks@canonical.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Randy Dunlap <rdunlap@infradead.org>
      Cc: Steven Price <steven.price@arm.com>
      Cc: Phil Auld <pauld@redhat.com>
      Link: https://lkml.kernel.org/r/245a606e1a42a558a310220312d9b6adb9159df6.1555085500.git.jpoimboe@redhat.comSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      74857f69
  3. 03 4月, 2019 3 次提交
  4. 10 1月, 2019 1 次提交
  5. 07 8月, 2018 4 次提交
  6. 24 7月, 2018 1 次提交
    • M
      powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 · 6d44acae
      Michael Ellerman 提交于
      When I added the spectre_v2 information in sysfs, I included the
      availability of the ori31 speculation barrier.
      
      Although the ori31 barrier can be used to mitigate v2, it's primarily
      intended as a spectre v1 mitigation. Spectre v2 is mitigated by
      hardware changes.
      
      So rework the sysfs files to show the ori31 information in the
      spectre_v1 file, rather than v2.
      
      Currently we display eg:
      
        $ grep . spectre_v*
        spectre_v1:Mitigation: __user pointer sanitization
        spectre_v2:Mitigation: Indirect branch cache disabled, ori31 speculation barrier enabled
      
      After:
      
        $ grep . spectre_v*
        spectre_v1:Mitigation: __user pointer sanitization, ori31 speculation barrier enabled
        spectre_v2:Mitigation: Indirect branch cache disabled
      
      Fixes: d6fbe1c5 ("powerpc/64s: Wire up cpu_show_spectre_v2()")
      Cc: stable@vger.kernel.org # v4.17+
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      6d44acae
  7. 03 6月, 2018 4 次提交
  8. 22 5月, 2018 1 次提交
  9. 03 4月, 2018 1 次提交
  10. 27 3月, 2018 5 次提交
    • M
      powerpc/64s: Wire up cpu_show_spectre_v2() · d6fbe1c5
      Michael Ellerman 提交于
      Add a definition for cpu_show_spectre_v2() to override the generic
      version. This has several permuations, though in practice some may not
      occur we cater for any combination.
      
      The most verbose is:
      
        Mitigation: Indirect branch serialisation (kernel only), Indirect
        branch cache disabled, ori31 speculation barrier enabled
      
      We don't treat the ori31 speculation barrier as a mitigation on its
      own, because it has to be *used* by code in order to be a mitigation
      and we don't know if userspace is doing that. So if that's all we see
      we say:
      
        Vulnerable, ori31 speculation barrier enabled
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      d6fbe1c5
    • M
      powerpc/64s: Wire up cpu_show_spectre_v1() · 56986016
      Michael Ellerman 提交于
      Add a definition for cpu_show_spectre_v1() to override the generic
      version. Currently this just prints "Not affected" or "Vulnerable"
      based on the firmware flag.
      
      Although the kernel does have array_index_nospec() in a few places, we
      haven't yet audited all the powerpc code to see where it's necessary,
      so for now we don't list that as a mitigation.
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      56986016
    • M
      powerpc/64s: Enhance the information in cpu_show_meltdown() · ff348355
      Michael Ellerman 提交于
      Now that we have the security feature flags we can make the
      information displayed in the "meltdown" file more informative.
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      ff348355
    • M
      powerpc/64s: Move cpu_show_meltdown() · 8ad33041
      Michael Ellerman 提交于
      This landed in setup_64.c for no good reason other than we had nowhere
      else to put it. Now that we have a security-related file, that is a
      better place for it so move it.
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      8ad33041
    • M
      powerpc: Add security feature flags for Spectre/Meltdown · 9a868f63
      Michael Ellerman 提交于
      This commit adds security feature flags to reflect the settings we
      receive from firmware regarding Spectre/Meltdown mitigations.
      
      The feature names reflect the names we are given by firmware on bare
      metal machines. See the hostboot source for details.
      
      Arguably these could be firmware features, but that then requires them
      to be read early in boot so they're available prior to asm feature
      patching, but we don't actually want to use them for patching. We may
      also want to dynamically update them in future, which would be
      incompatible with the way firmware features work (at the moment at
      least). So for now just make them separate flags.
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      9a868f63