From patchwork Thu Nov 28 15:04:33 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Benjamin M Romer X-Patchwork-Id: 1202106 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 47P1C30Lzrz9sPc; Fri, 29 Nov 2019 02:04:47 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1iaLLX-0004ci-5L; Thu, 28 Nov 2019 15:04:43 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1iaLLT-0004bh-Sx for kernel-team@lists.ubuntu.com; Thu, 28 Nov 2019 15:04:39 +0000 Received: from mail-qk1-f200.google.com ([209.85.222.200]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1iaLLT-0003jv-LO for kernel-team@lists.ubuntu.com; Thu, 28 Nov 2019 15:04:39 +0000 Received: by mail-qk1-f200.google.com with SMTP id q125so16173105qka.1 for ; Thu, 28 Nov 2019 07:04:39 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=puHW/U9TboZeBeWVaDSsDrEELo5Q3+yRgspUaB72QH8=; b=X8avLZVvP6qCSCBrb7xc/16tR0hw3ZUBqlm08kZhKQWvdY+fnDFqCrwyD5//18NY0i KBD5CvsZEeLihW1yvvA1HkR3unTLHUhhMJPPpVWVCPNZs61CbhFdPzs/7q1BmZ+GdkqD 69ZZp5z6TZm9i0euS5arYtJPCEEIYDFYak7zukMR03x9AHY4ITKOK8FJ/alMRtvomtO3 JRIH7GRkfI0oFdo8GQ6pqTwylfuEayCAfy6bl109oN3iB41+sI7RP7Hn/Uq7iEp+JoG3 hvQCpQOfubMbuqXcvwpLjqwQT2XL5lFCHZv9dYhAVG8CaF7jq+y/iLQCL7WvBnyCnWg7 SPFw== X-Gm-Message-State: APjAAAUdUrQViMNcyBmv7aSaRSlZBw6fhokPOs6uy5fm3f6Bww+hxT1h yJ/1J79Z6t1gXJDR8kaQPP1x01AyLeVyPia5Wz7xKleLpDkxzAZGgbMz0sgSjU3y7RfvHWShnrZ hT1T7zabtVADUWbeh+X7dL+O64uP6bKIdIXJVIox5pQ== X-Received: by 2002:a37:582:: with SMTP id 124mr9582511qkf.257.1574953478420; Thu, 28 Nov 2019 07:04:38 -0800 (PST) X-Google-Smtp-Source: APXvYqydMUo3dSckpRIjPV+weBsK0cTQk/16CyokjpTkUJOgr2xBh3f2VU/YuLl8xAc8zd+fI8maHA== X-Received: by 2002:a37:582:: with SMTP id 124mr9582409qkf.257.1574953477532; Thu, 28 Nov 2019 07:04:37 -0800 (PST) Received: from beast (c-68-80-13-9.hsd1.pa.comcast.net. [68.80.13.9]) by smtp.gmail.com with ESMTPSA id f25sm8410315qkh.93.2019.11.28.07.04.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Nov 2019 07:04:36 -0800 (PST) Received: from ben by beast with local (Exim 4.92.1) (envelope-from ) id 1iaLLP-0008AF-LN for kernel-team@lists.ubuntu.com; Thu, 28 Nov 2019 10:04:35 -0500 From: Benjamin M Romer To: kernel-team@lists.ubuntu.com Subject: [xenial][PATCH 1/3] powerpc/64s: support nospectre_v2 cmdline option Date: Thu, 28 Nov 2019 10:04:33 -0500 Message-Id: <20191128150435.31340-2-benjamin.romer@canonical.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191128150435.31340-1-benjamin.romer@canonical.com> References: <20191128150435.31340-1-benjamin.romer@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: "Christopher M. Riedl" BugLink: https://bugs.launchpad.net/bugs/1853142 commit d8f0e0b073e1ec52a05f0c2a56318b47387d2f10 upstream. Add support for disabling the kernel implemented spectre v2 mitigation (count cache flush on context switch) via the nospectre_v2 and mitigations=off cmdline options. Suggested-by: Michael Ellerman Signed-off-by: Christopher M. Riedl Reviewed-by: Andrew Donnellan Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20190524024647.381-1-cmr@informatik.wtf Signed-off-by: Daniel Axtens CVE-2019-18660 Signed-off-by: Benjamin M Romer --- arch/powerpc/kernel/security.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c index 64efba4bd05d..37d96227e7cf 100644 --- a/arch/powerpc/kernel/security.c +++ b/arch/powerpc/kernel/security.c @@ -29,7 +29,7 @@ static enum count_cache_flush_type count_cache_flush_type = COUNT_CACHE_FLUSH_NO bool barrier_nospec_enabled; static bool no_nospec; static bool btb_flush_enabled; -#ifdef CONFIG_PPC_FSL_BOOK3E +#if defined(CONFIG_PPC_FSL_BOOK3E) || defined(CONFIG_PPC_BOOK3S_64) static bool no_spectrev2; #endif @@ -107,7 +107,7 @@ static __init int barrier_nospec_debugfs_init(void) device_initcall(barrier_nospec_debugfs_init); #endif /* CONFIG_DEBUG_FS */ -#ifdef CONFIG_PPC_FSL_BOOK3E +#if defined(CONFIG_PPC_FSL_BOOK3E) || defined(CONFIG_PPC_BOOK3S_64) static int __init handle_nospectre_v2(char *p) { no_spectrev2 = true; @@ -115,6 +115,9 @@ static int __init handle_nospectre_v2(char *p) return 0; } early_param("nospectre_v2", handle_nospectre_v2); +#endif /* CONFIG_PPC_FSL_BOOK3E || CONFIG_PPC_BOOK3S_64 */ + +#ifdef CONFIG_PPC_FSL_BOOK3E void setup_spectre_v2(void) { if (no_spectrev2 || cpu_mitigations_off()) @@ -390,7 +393,17 @@ static void toggle_count_cache_flush(bool enable) void setup_count_cache_flush(void) { - toggle_count_cache_flush(true); + bool enable = true; + + if (no_spectrev2 || cpu_mitigations_off()) { + if (security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED) || + security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED)) + pr_warn("Spectre v2 mitigations not under software control, can't disable\n"); + + enable = false; + } + + toggle_count_cache_flush(enable); } #ifdef CONFIG_DEBUG_FS