Message ID | 20180327120153.31612-10-mpe@ellerman.id.au (mailing list archive) |
---|---|
State | Accepted |
Commit | d6fbe1c55c55c6937cbea3531af7da84ab7473c3 |
Headers | show |
Series | [v2,01/10] powerpc: Add security feature flags for Spectre/Meltdown | expand |
unscribed me
On Tuesday, March 27, 2018 05:31:31 AM PDT, Michael Ellerman <mpe@ellerman.id.au> wrote:
Add a definition for cpu_show_spectre_v2() to override the generic
version. This has several permuations, though in practice some may not
occur we cater for any combination.
The most verbose is:
Mitigation: Indirect branch serialisation (kernel only), Indirect
branch cache disabled, ori31 speculation barrier enabled
We don't treat the ori31 speculation barrier as a mitigation on its
own, because it has to be *used* by code in order to be a mitigation
and we don't know if userspace is doing that. So if that's all we see
we say:
Vulnerable, ori31 speculation barrier enabled
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
---
arch/powerpc/kernel/security.c | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)
diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
index 0eace3cac818..2cee3dcd231b 100644
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -58,3 +58,36 @@ ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, c
return sprintf(buf, "Vulnerable\n");
}
+
+ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf)
+{
+ bool bcs, ccd, ori;
+ struct seq_buf s;
+
+ seq_buf_init(&s, buf, PAGE_SIZE - 1);
+
+ bcs = security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED);
+ ccd = security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED);
+ ori = security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31);
+
+ if (bcs || ccd) {
+ seq_buf_printf(&s, "Mitigation: ");
+
+ if (bcs)
+ seq_buf_printf(&s, "Indirect branch serialisation (kernel only)");
+
+ if (bcs && ccd)
+ seq_buf_printf(&s, ", ");
+
+ if (ccd)
+ seq_buf_printf(&s, "Indirect branch cache disabled");
+ } else
+ seq_buf_printf(&s, "Vulnerable");
+
+ if (ori)
+ seq_buf_printf(&s, ", ori31 speculation barrier enabled");
+
+ seq_buf_printf(&s, "\n");
+
+ return s.len;
+}
Why is the speculation barrier specific to Spectre v2? Can't the barrier be used as a mitigation for Spectre v1 as well? Regards, Diana On 3/27/2018 3:32 PM, Michael Ellerman wrote: > Add a definition for cpu_show_spectre_v2() to override the generic > version. This has several permuations, though in practice some may not > occur we cater for any combination. > > The most verbose is: > > Mitigation: Indirect branch serialisation (kernel only), Indirect > branch cache disabled, ori31 speculation barrier enabled > > We don't treat the ori31 speculation barrier as a mitigation on its > own, because it has to be *used* by code in order to be a mitigation > and we don't know if userspace is doing that. So if that's all we see > we say: > > Vulnerable, ori31 speculation barrier enabled > > Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> > --- > arch/powerpc/kernel/security.c | 33 +++++++++++++++++++++++++++++++++ > 1 file changed, 33 insertions(+) > > diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c > index 0eace3cac818..2cee3dcd231b 100644 > --- a/arch/powerpc/kernel/security.c > +++ b/arch/powerpc/kernel/security.c > @@ -58,3 +58,36 @@ ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, c > > return sprintf(buf, "Vulnerable\n"); > } > + > +ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf) > +{ > + bool bcs, ccd, ori; > + struct seq_buf s; > + > + seq_buf_init(&s, buf, PAGE_SIZE - 1); > + > + bcs = security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED); > + ccd = security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED); > + ori = security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31); > + > + if (bcs || ccd) { > + seq_buf_printf(&s, "Mitigation: "); > + > + if (bcs) > + seq_buf_printf(&s, "Indirect branch serialisation (kernel only)"); > + > + if (bcs && ccd) > + seq_buf_printf(&s, ", "); > + > + if (ccd) > + seq_buf_printf(&s, "Indirect branch cache disabled"); > + } else > + seq_buf_printf(&s, "Vulnerable"); > + > + if (ori) > + seq_buf_printf(&s, ", ori31 speculation barrier enabled"); > + > + seq_buf_printf(&s, "\n"); > + > + return s.len; > +}
diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c index 0eace3cac818..2cee3dcd231b 100644 --- a/arch/powerpc/kernel/security.c +++ b/arch/powerpc/kernel/security.c @@ -58,3 +58,36 @@ ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, c return sprintf(buf, "Vulnerable\n"); } + +ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf) +{ + bool bcs, ccd, ori; + struct seq_buf s; + + seq_buf_init(&s, buf, PAGE_SIZE - 1); + + bcs = security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED); + ccd = security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED); + ori = security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31); + + if (bcs || ccd) { + seq_buf_printf(&s, "Mitigation: "); + + if (bcs) + seq_buf_printf(&s, "Indirect branch serialisation (kernel only)"); + + if (bcs && ccd) + seq_buf_printf(&s, ", "); + + if (ccd) + seq_buf_printf(&s, "Indirect branch cache disabled"); + } else + seq_buf_printf(&s, "Vulnerable"); + + if (ori) + seq_buf_printf(&s, ", ori31 speculation barrier enabled"); + + seq_buf_printf(&s, "\n"); + + return s.len; +}
Add a definition for cpu_show_spectre_v2() to override the generic version. This has several permuations, though in practice some may not occur we cater for any combination. The most verbose is: Mitigation: Indirect branch serialisation (kernel only), Indirect branch cache disabled, ori31 speculation barrier enabled We don't treat the ori31 speculation barrier as a mitigation on its own, because it has to be *used* by code in order to be a mitigation and we don't know if userspace is doing that. So if that's all we see we say: Vulnerable, ori31 speculation barrier enabled Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> --- arch/powerpc/kernel/security.c | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+)