@@ -63,4 +63,12 @@ static inline bool security_ftr_enabled(
// Firmware configuration indicates user favours security over performance
#define SEC_FTR_FAVOUR_SECURITY 0x0000000000000200ull
+
+// Features enabled by default
+#define SEC_FTR_DEFAULT \
+ (SEC_FTR_L1D_FLUSH_HV | \
+ SEC_FTR_L1D_FLUSH_PR | \
+ SEC_FTR_BNDS_CHK_SPEC_BAR | \
+ SEC_FTR_FAVOUR_SECURITY)
+
#endif /* _ASM_POWERPC_SECURITY_FEATURES_H */
@@ -11,12 +11,7 @@
#include <asm/security_features.h>
-unsigned long powerpc_security_features __read_mostly = \
- SEC_FTR_L1D_FLUSH_HV | \
- SEC_FTR_L1D_FLUSH_PR | \
- SEC_FTR_BNDS_CHK_SPEC_BAR | \
- SEC_FTR_FAVOUR_SECURITY;
-
+unsigned long powerpc_security_features __read_mostly = SEC_FTR_DEFAULT;
ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf)
{
This is a note to let you know that I've just added the patch titled powerpc: Move default security feature flags to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: powerpc-move-default-security-feature-flags.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@vger.kernel.org> know about it. From foo@baz Sat Jun 2 15:29:05 CEST 2018 From: Michael Ellerman <mpe@ellerman.id.au> Date: Sat, 2 Jun 2018 21:09:05 +1000 Subject: powerpc: Move default security feature flags To: gregkh@linuxfoundation.org Cc: stable@vger.kernel.org, linuxppc-dev@ozlabs.org Message-ID: <20180602110908.29773-21-mpe@ellerman.id.au> From: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com> commit e7347a86830f38dc3e40c8f7e28c04412b12a2e7 upstream. This moves the definition of the default security feature flags (i.e., enabled by default) closer to the security feature flags. This can be used to restore current flags to the default flags. Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> --- arch/powerpc/include/asm/security_features.h | 8 ++++++++ arch/powerpc/kernel/security.c | 7 +------ 2 files changed, 9 insertions(+), 6 deletions(-) Patches currently in stable-queue which might be from mpe@ellerman.id.au are queue-4.9/powerpc-64s-clear-pcr-on-boot.patch queue-4.9/powerpc-rfi-flush-differentiate-enabled-and-patched-flush-types.patch queue-4.9/powerpc-64s-fix-section-mismatch-warnings-from-setup_rfi_flush.patch queue-4.9/powerpc-pseries-fix-clearing-of-security-feature-flags.patch queue-4.9/powerpc-powernv-set-or-clear-security-feature-flags.patch queue-4.9/powerpc-64s-move-cpu_show_meltdown.patch queue-4.9/powerpc-rfi-flush-call-setup_rfi_flush-after-lpm-migration.patch queue-4.9/powerpc-pseries-set-or-clear-security-feature-flags.patch queue-4.9/powerpc-rfi-flush-make-it-possible-to-call-setup_rfi_flush-again.patch queue-4.9/powerpc-move-default-security-feature-flags.patch queue-4.9/powerpc-powernv-use-the-security-flags-in-pnv_setup_rfi_flush.patch queue-4.9/powerpc-add-security-feature-flags-for-spectre-meltdown.patch queue-4.9/powerpc-pseries-use-the-security-flags-in-pseries_setup_rfi_flush.patch queue-4.9/powerpc-64s-enhance-the-information-in-cpu_show_meltdown.patch queue-4.9/powerpc-rfi-flush-move-out-of-hardlockup_detector-ifdef.patch queue-4.9/powerpc-rfi-flush-always-enable-fallback-flush-on-pseries.patch queue-4.9/powerpc-rfi-flush-move-the-logic-to-avoid-a-redo-into-the-debugfs-code.patch queue-4.9/powerpc-pseries-restore-default-security-feature-flags-on-setup.patch queue-4.9/powerpc-pseries-add-new-h_get_cpu_characteristics-flags.patch queue-4.9/powerpc-64s-add-support-for-a-store-forwarding-barrier-at-kernel-entry-exit.patch queue-4.9/powerpc-64s-wire-up-cpu_show_spectre_v1.patch queue-4.9/powerpc-powernv-support-firmware-disable-of-rfi-flush.patch queue-4.9/powerpc-pseries-support-firmware-disable-of-rfi-flush.patch queue-4.9/powerpc-64s-wire-up-cpu_show_spectre_v2.patch