| Message ID | 20190502210907.42375-1-gwalbon@linux.ibm.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 4e706af3cd8e1d0503c25332b30cad33c97ed442 |
| Headers | show |
| Series | Fix wrong message when RFI Flush is disable | expand |
On Thu, 2019-05-02 at 21:09:07 UTC, Gustavo Walbon wrote: > From: "Gustavo L. F. Walbon" <gwalbon@linux.ibm.com> > > The issue was showing "Mitigation" message via sysfs whatever the state of > "RFI Flush", but it should show "Vulnerable" when it is disabled. > > If you have "L1D private" feature enabled and not "RFI Flush" you are > vulnerable to meltdown attacks. > > "RFI Flush" is the key feature to mitigate the meltdown whatever the > "L1D private" state. > > SEC_FTR_L1D_THREAD_PRIV is a feature for Power9 only. > > So the message should be as the truth table shows. > CPU | L1D private | RFI Flush | sysfs | > ----| ----------- | --------- | ------------------------------------- | > P9 | False | False | Vulnerable > P9 | False | True | Mitigation: RFI Flush > P9 | True | False | Vulnerable: L1D private per thread > P9 | True | True | Mitigation: RFI Flush, L1D private per > | | | thread > P8 | False | False | Vulnerable > P8 | False | True | Mitigation: RFI Flush > > Output before this fix: > # cat /sys/devices/system/cpu/vulnerabilities/meltdown > Mitigation: RFI Flush, L1D private per thread > # echo 0 > /sys/kernel/debug/powerpc/rfi_flush > # cat /sys/devices/system/cpu/vulnerabilities/meltdown > Mitigation: L1D private per thread > > Output after fix: > # cat /sys/devices/system/cpu/vulnerabilities/meltdown > Mitigation: RFI Flush, L1D private per thread > # echo 0 > /sys/kernel/debug/powerpc/rfi_flush > # cat /sys/devices/system/cpu/vulnerabilities/meltdown > Vulnerable: L1D private per thread > > Link: https://github.com/linuxppc/issues/issues/243 > > Signed-off-by: Gustavo L. F. Walbon <gwalbon@linux.ibm.com> > Signed-off-by: Mauro S. M. Rodrigues <maurosr@linux.vnet.ibm.com> Applied to powerpc next, thanks. https://git.kernel.org/powerpc/c/4e706af3cd8e1d0503c25332b30cad33c97ed442 cheers
On Thu, Nov 14, 2019 at 08:07:35PM +1100, Michael Ellerman wrote: > On Thu, 2019-05-02 at 21:09:07 UTC, Gustavo Walbon wrote: > > From: "Gustavo L. F. Walbon" <gwalbon@linux.ibm.com> > > > > The issue was showing "Mitigation" message via sysfs whatever the state of > > "RFI Flush", but it should show "Vulnerable" when it is disabled. > > > > If you have "L1D private" feature enabled and not "RFI Flush" you are > > vulnerable to meltdown attacks. > > > > "RFI Flush" is the key feature to mitigate the meltdown whatever the > > "L1D private" state. > > > > SEC_FTR_L1D_THREAD_PRIV is a feature for Power9 only. > > > > So the message should be as the truth table shows. > > CPU | L1D private | RFI Flush | sysfs | > > ----| ----------- | --------- | ------------------------------------- | > > P9 | False | False | Vulnerable > > P9 | False | True | Mitigation: RFI Flush > > P9 | True | False | Vulnerable: L1D private per thread > > P9 | True | True | Mitigation: RFI Flush, L1D private per > > | | | thread > > P8 | False | False | Vulnerable > > P8 | False | True | Mitigation: RFI Flush > > > > Output before this fix: > > # cat /sys/devices/system/cpu/vulnerabilities/meltdown > > Mitigation: RFI Flush, L1D private per thread > > # echo 0 > /sys/kernel/debug/powerpc/rfi_flush > > # cat /sys/devices/system/cpu/vulnerabilities/meltdown > > Mitigation: L1D private per thread > > > > Output after fix: > > # cat /sys/devices/system/cpu/vulnerabilities/meltdown > > Mitigation: RFI Flush, L1D private per thread > > # echo 0 > /sys/kernel/debug/powerpc/rfi_flush > > # cat /sys/devices/system/cpu/vulnerabilities/meltdown > > Vulnerable: L1D private per thread > > > > Link: https://github.com/linuxppc/issues/issues/243 > > > > Signed-off-by: Gustavo L. F. Walbon <gwalbon@linux.ibm.com> > > Signed-off-by: Mauro S. M. Rodrigues <maurosr@linux.vnet.ibm.com> > > Applied to powerpc next, thanks. > > https://git.kernel.org/powerpc/c/4e706af3cd8e1d0503c25332b30cad33c97ed442 > > cheers Fixes: ff348355e9c7 ("powerpc/64s: Enhance the information in cpu_show_meltdown()") Thanks Michal
diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c index b33bafb8fcea..e08b81ef43b8 100644 --- a/arch/powerpc/kernel/security.c +++ b/arch/powerpc/kernel/security.c @@ -130,26 +130,22 @@ ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, cha thread_priv = security_ftr_enabled(SEC_FTR_L1D_THREAD_PRIV); - if (rfi_flush || thread_priv) { + if (rfi_flush) { struct seq_buf s; seq_buf_init(&s, buf, PAGE_SIZE - 1); - seq_buf_printf(&s, "Mitigation: "); - - if (rfi_flush) - seq_buf_printf(&s, "RFI Flush"); - - if (rfi_flush && thread_priv) - seq_buf_printf(&s, ", "); - + seq_buf_printf(&s, "Mitigation: RFI Flush"); if (thread_priv) - seq_buf_printf(&s, "L1D private per thread"); + seq_buf_printf(&s, ", L1D private per thread"); seq_buf_printf(&s, "\n"); return s.len; } + if (thread_priv) + return sprintf(buf, "Vulnerable: L1D private per thread\n"); + if (!security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV) && !security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR)) return sprintf(buf, "Not affected\n");