| Message ID | alpine.DEB.2.21.1904121425540.7683@lazy |
|---|---|
| State | New |
| Headers | show |
| Series | [PULL,Bionic] Address Spectre V2 on Power9 DD2.3 | expand |
On 12.04.19 21:39, Manoj Iyer wrote: > > BugLink: https://bugs.launchpad.net/bugs/1822870 > > Please consider the following patches to address Spectre V2 Meltdown > vulnerability in Power9 DD2.3. The patches were identified as IBM as being > critical for addressing this issue on Bionic 4.15 kernel. Majority of the > patches were clean cherry-picks and a few patches requiring minor backports. > > A test kernel was made available in PPA: ppa:ubuntu-power-triage/lp1822870 > (built for Power and AMD64 archs) and test results based on this kernel on > Power9 DD2.3 is available in the bug report. We do not have Power9 DD2.3 > hardware in-house, so all testing was done by IBM. > > The patches are isolated to the ppc64el architecture, and IBM has not reported > any regressions, and they have verified that the test kernel works as expected. > > I have cced Michael Ranweiler@IBM on this pull request so that we can get help > to address any concerns you might have after SRU review. > > The following changes since commit c50532b9d7b623ff98aeaf0b848e58adae54ca75: > > UBUNTU: Ubuntu-4.15.0-48.51 (2019-04-02 18:31:55 +0200) > > are available in the Git repository at: > > git+ssh://git.launchpad.net/~manjo/+git/bionic-lp1822870 spectre-1822870 > > for you to fetch changes up to a527672055a2477c4d93bb0cce7a2bdc9e8558b8: > > powerpc: Avoid code patching freed init sections (2019-04-12 13:36:07 -0500) > > ---------------------------------------------------------------- > Christophe Leroy (2): > powerpc/lib/code-patching: refactor patch_instruction() > powerpc/lib/feature-fixups: use raw_patch_instruction() > > Diana Craciun (5): > powerpc/64: Disable the speculation barrier from the command line > powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. > powerpc/64: Make meltdown reporting Book3S 64 specific > powerpc/fsl: Fix spectre_v2 mitigations reporting > powerpc/fsl: Add nospectre_v2 command line argument > > Michael Ellerman (11): > powerpc: Use barrier_nospec in copy_from_user() > powerpc/64: Use barrier_nospec in syscall entry > powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 > powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC > powerpc/64: Call setup_barrier_nospec() from setup_arch() > powerpc/asm: Add a patch_site macro & helpers for patching instructions > powerpc/64s: Add new security feature flags for count cache flush > powerpc/64s: Add support for software count cache flush > powerpc/pseries: Query hypervisor for count cache flush settings > powerpc/powernv: Query firmware for count cache flush settings > powerpc/security: Fix spectre_v2 reporting > > Michael Neuling (1): > powerpc: Avoid code patching freed init sections > > Michal Suchanek (4): > powerpc/64s: Add support for ori barrier_nospec patching > powerpc/64s: Patch barrier_nospec in modules > powerpc/64s: Enable barrier_nospec based on firmware settings > powerpc/64s: Enhance the information in cpu_show_spectre_v1() > > Suraj Jitindar Singh (1): > KVM: PPC: Book3S: Add count cache flush parameters to kvmppc_get_cpu_char() > > arch/powerpc/Kconfig | 7 +- > arch/powerpc/include/asm/asm-prototypes.h | 15 ++ > arch/powerpc/include/asm/barrier.h | 8 +- > arch/powerpc/include/asm/code-patching-asm.h | 18 +++ > arch/powerpc/include/asm/code-patching.h | 3 + > arch/powerpc/include/asm/feature-fixups.h | 9 ++ > arch/powerpc/include/asm/hvcall.h | 2 + > arch/powerpc/include/asm/security_features.h | 7 + > arch/powerpc/include/asm/setup.h | 21 +++ > arch/powerpc/include/asm/uaccess.h | 11 +- > arch/powerpc/include/uapi/asm/kvm.h | 2 + > arch/powerpc/kernel/Makefile | 3 +- > arch/powerpc/kernel/entry_64.S | 64 ++++++++ > arch/powerpc/kernel/module.c | 10 +- > arch/powerpc/kernel/security.c | 215 +++++++++++++++++++++++++-- > arch/powerpc/kernel/setup-common.c | 2 + > arch/powerpc/kernel/vmlinux.lds.S | 11 +- > arch/powerpc/kvm/powerpc.c | 18 ++- > arch/powerpc/lib/code-patching.c | 55 +++++-- > arch/powerpc/lib/feature-fixups.c | 47 +++++- > arch/powerpc/mm/mem.c | 2 + > arch/powerpc/platforms/powernv/setup.c | 7 + > arch/powerpc/platforms/pseries/setup.c | 7 + > 23 files changed, 502 insertions(+), 42 deletions(-) > create mode 100644 arch/powerpc/include/asm/code-patching-asm.h > > -- > ============================ > Manoj Iyer > Ubuntu/Canonical > ============================ > Acked-by: Stefan Bader <stefan.bader@canonical.com>
On 4/12/19 9:39 PM, Manoj Iyer wrote: > > BugLink: https://bugs.launchpad.net/bugs/1822870 > > Please consider the following patches to address Spectre V2 Meltdown > vulnerability in Power9 DD2.3. The patches were identified as IBM as being > critical for addressing this issue on Bionic 4.15 kernel. Majority of the > patches were clean cherry-picks and a few patches requiring minor > backports. > > A test kernel was made available in PPA: ppa:ubuntu-power-triage/lp1822870 > (built for Power and AMD64 archs) and test results based on this kernel on > Power9 DD2.3 is available in the bug report. We do not have Power9 DD2.3 > hardware in-house, so all testing was done by IBM. > > The patches are isolated to the ppc64el architecture, and IBM has not > reported any regressions, and they have verified that the test kernel > works as expected. > > I have cced Michael Ranweiler@IBM on this pull request so that we can get > help to address any concerns you might have after SRU review. > > The following changes since commit > c50532b9d7b623ff98aeaf0b848e58adae54ca75: > > UBUNTU: Ubuntu-4.15.0-48.51 (2019-04-02 18:31:55 +0200) > > are available in the Git repository at: > > git+ssh://git.launchpad.net/~manjo/+git/bionic-lp1822870 spectre-1822870 > > for you to fetch changes up to a527672055a2477c4d93bb0cce7a2bdc9e8558b8: > > powerpc: Avoid code patching freed init sections (2019-04-12 13:36:07 > -0500) > > ---------------------------------------------------------------- > Christophe Leroy (2): > powerpc/lib/code-patching: refactor patch_instruction() > powerpc/lib/feature-fixups: use raw_patch_instruction() > > Diana Craciun (5): > powerpc/64: Disable the speculation barrier from the command line > powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. > powerpc/64: Make meltdown reporting Book3S 64 specific > powerpc/fsl: Fix spectre_v2 mitigations reporting > powerpc/fsl: Add nospectre_v2 command line argument > > Michael Ellerman (11): > powerpc: Use barrier_nospec in copy_from_user() > powerpc/64: Use barrier_nospec in syscall entry > powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 > powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC > powerpc/64: Call setup_barrier_nospec() from setup_arch() > powerpc/asm: Add a patch_site macro & helpers for patching > instructions > powerpc/64s: Add new security feature flags for count cache flush > powerpc/64s: Add support for software count cache flush > powerpc/pseries: Query hypervisor for count cache flush settings > powerpc/powernv: Query firmware for count cache flush settings > powerpc/security: Fix spectre_v2 reporting > > Michael Neuling (1): > powerpc: Avoid code patching freed init sections > > Michal Suchanek (4): > powerpc/64s: Add support for ori barrier_nospec patching > powerpc/64s: Patch barrier_nospec in modules > powerpc/64s: Enable barrier_nospec based on firmware settings > powerpc/64s: Enhance the information in cpu_show_spectre_v1() > > Suraj Jitindar Singh (1): > KVM: PPC: Book3S: Add count cache flush parameters to > kvmppc_get_cpu_char() > > arch/powerpc/Kconfig | 7 +- > arch/powerpc/include/asm/asm-prototypes.h | 15 ++ > arch/powerpc/include/asm/barrier.h | 8 +- > arch/powerpc/include/asm/code-patching-asm.h | 18 +++ > arch/powerpc/include/asm/code-patching.h | 3 + > arch/powerpc/include/asm/feature-fixups.h | 9 ++ > arch/powerpc/include/asm/hvcall.h | 2 + > arch/powerpc/include/asm/security_features.h | 7 + > arch/powerpc/include/asm/setup.h | 21 +++ > arch/powerpc/include/asm/uaccess.h | 11 +- > arch/powerpc/include/uapi/asm/kvm.h | 2 + > arch/powerpc/kernel/Makefile | 3 +- > arch/powerpc/kernel/entry_64.S | 64 ++++++++ > arch/powerpc/kernel/module.c | 10 +- > arch/powerpc/kernel/security.c | 215 > +++++++++++++++++++++++++-- > arch/powerpc/kernel/setup-common.c | 2 + > arch/powerpc/kernel/vmlinux.lds.S | 11 +- > arch/powerpc/kvm/powerpc.c | 18 ++- > arch/powerpc/lib/code-patching.c | 55 +++++-- > arch/powerpc/lib/feature-fixups.c | 47 +++++- > arch/powerpc/mm/mem.c | 2 + > arch/powerpc/platforms/powernv/setup.c | 7 + > arch/powerpc/platforms/pseries/setup.c | 7 + > 23 files changed, 502 insertions(+), 42 deletions(-) > create mode 100644 arch/powerpc/include/asm/code-patching-asm.h > > -- > ============================ > Manoj Iyer > Ubuntu/Canonical > ============================ > Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
On 4/12/19 9:39 PM, Manoj Iyer wrote: > > BugLink: https://bugs.launchpad.net/bugs/1822870 > > Please consider the following patches to address Spectre V2 Meltdown > vulnerability in Power9 DD2.3. The patches were identified as IBM as being > critical for addressing this issue on Bionic 4.15 kernel. Majority of the > patches were clean cherry-picks and a few patches requiring minor > backports. > > A test kernel was made available in PPA: ppa:ubuntu-power-triage/lp1822870 > (built for Power and AMD64 archs) and test results based on this kernel on > Power9 DD2.3 is available in the bug report. We do not have Power9 DD2.3 > hardware in-house, so all testing was done by IBM. > > The patches are isolated to the ppc64el architecture, and IBM has not > reported any regressions, and they have verified that the test kernel > works as expected. > > I have cced Michael Ranweiler@IBM on this pull request so that we can get > help to address any concerns you might have after SRU review. > > The following changes since commit > c50532b9d7b623ff98aeaf0b848e58adae54ca75: > > UBUNTU: Ubuntu-4.15.0-48.51 (2019-04-02 18:31:55 +0200) > > are available in the Git repository at: > > git+ssh://git.launchpad.net/~manjo/+git/bionic-lp1822870 spectre-1822870 > > for you to fetch changes up to a527672055a2477c4d93bb0cce7a2bdc9e8558b8: > > powerpc: Avoid code patching freed init sections (2019-04-12 13:36:07 > -0500) > > ---------------------------------------------------------------- > Christophe Leroy (2): > powerpc/lib/code-patching: refactor patch_instruction() > powerpc/lib/feature-fixups: use raw_patch_instruction() > > Diana Craciun (5): > powerpc/64: Disable the speculation barrier from the command line > powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. > powerpc/64: Make meltdown reporting Book3S 64 specific > powerpc/fsl: Fix spectre_v2 mitigations reporting > powerpc/fsl: Add nospectre_v2 command line argument > > Michael Ellerman (11): > powerpc: Use barrier_nospec in copy_from_user() > powerpc/64: Use barrier_nospec in syscall entry > powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 > powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC > powerpc/64: Call setup_barrier_nospec() from setup_arch() > powerpc/asm: Add a patch_site macro & helpers for patching > instructions > powerpc/64s: Add new security feature flags for count cache flush > powerpc/64s: Add support for software count cache flush > powerpc/pseries: Query hypervisor for count cache flush settings > powerpc/powernv: Query firmware for count cache flush settings > powerpc/security: Fix spectre_v2 reporting > > Michael Neuling (1): > powerpc: Avoid code patching freed init sections > > Michal Suchanek (4): > powerpc/64s: Add support for ori barrier_nospec patching > powerpc/64s: Patch barrier_nospec in modules > powerpc/64s: Enable barrier_nospec based on firmware settings > powerpc/64s: Enhance the information in cpu_show_spectre_v1() > > Suraj Jitindar Singh (1): > KVM: PPC: Book3S: Add count cache flush parameters to > kvmppc_get_cpu_char() > > arch/powerpc/Kconfig | 7 +- > arch/powerpc/include/asm/asm-prototypes.h | 15 ++ > arch/powerpc/include/asm/barrier.h | 8 +- > arch/powerpc/include/asm/code-patching-asm.h | 18 +++ > arch/powerpc/include/asm/code-patching.h | 3 + > arch/powerpc/include/asm/feature-fixups.h | 9 ++ > arch/powerpc/include/asm/hvcall.h | 2 + > arch/powerpc/include/asm/security_features.h | 7 + > arch/powerpc/include/asm/setup.h | 21 +++ > arch/powerpc/include/asm/uaccess.h | 11 +- > arch/powerpc/include/uapi/asm/kvm.h | 2 + > arch/powerpc/kernel/Makefile | 3 +- > arch/powerpc/kernel/entry_64.S | 64 ++++++++ > arch/powerpc/kernel/module.c | 10 +- > arch/powerpc/kernel/security.c | 215 > +++++++++++++++++++++++++-- > arch/powerpc/kernel/setup-common.c | 2 + > arch/powerpc/kernel/vmlinux.lds.S | 11 +- > arch/powerpc/kvm/powerpc.c | 18 ++- > arch/powerpc/lib/code-patching.c | 55 +++++-- > arch/powerpc/lib/feature-fixups.c | 47 +++++- > arch/powerpc/mm/mem.c | 2 + > arch/powerpc/platforms/powernv/setup.c | 7 + > arch/powerpc/platforms/pseries/setup.c | 7 + > 23 files changed, 502 insertions(+), 42 deletions(-) > create mode 100644 arch/powerpc/include/asm/code-patching-asm.h > > -- > ============================ > Manoj Iyer > Ubuntu/Canonical > ============================ > Applied to bionic/master-next branch. Thanks, Kleber
BugLink: https://bugs.launchpad.net/bugs/1822870 Please consider the following patches to address Spectre V2 Meltdown vulnerability in Power9 DD2.3. The patches were identified as IBM as being critical for addressing this issue on Bionic 4.15 kernel. Majority of the patches were clean cherry-picks and a few patches requiring minor backports. A test kernel was made available in PPA: ppa:ubuntu-power-triage/lp1822870 (built for Power and AMD64 archs) and test results based on this kernel on Power9 DD2.3 is available in the bug report. We do not have Power9 DD2.3 hardware in-house, so all testing was done by IBM. The patches are isolated to the ppc64el architecture, and IBM has not reported any regressions, and they have verified that the test kernel works as expected. I have cced Michael Ranweiler@IBM on this pull request so that we can get help to address any concerns you might have after SRU review. The following changes since commit c50532b9d7b623ff98aeaf0b848e58adae54ca75: UBUNTU: Ubuntu-4.15.0-48.51 (2019-04-02 18:31:55 +0200) are available in the Git repository at: git+ssh://git.launchpad.net/~manjo/+git/bionic-lp1822870 spectre-1822870 for you to fetch changes up to a527672055a2477c4d93bb0cce7a2bdc9e8558b8: powerpc: Avoid code patching freed init sections (2019-04-12 13:36:07 -0500) ---------------------------------------------------------------- Christophe Leroy (2): powerpc/lib/code-patching: refactor patch_instruction() powerpc/lib/feature-fixups: use raw_patch_instruction() Diana Craciun (5): powerpc/64: Disable the speculation barrier from the command line powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. powerpc/64: Make meltdown reporting Book3S 64 specific powerpc/fsl: Fix spectre_v2 mitigations reporting powerpc/fsl: Add nospectre_v2 command line argument Michael Ellerman (11): powerpc: Use barrier_nospec in copy_from_user() powerpc/64: Use barrier_nospec in syscall entry powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC powerpc/64: Call setup_barrier_nospec() from setup_arch() powerpc/asm: Add a patch_site macro & helpers for patching instructions powerpc/64s: Add new security feature flags for count cache flush powerpc/64s: Add support for software count cache flush powerpc/pseries: Query hypervisor for count cache flush settings powerpc/powernv: Query firmware for count cache flush settings powerpc/security: Fix spectre_v2 reporting Michael Neuling (1): powerpc: Avoid code patching freed init sections Michal Suchanek (4): powerpc/64s: Add support for ori barrier_nospec patching powerpc/64s: Patch barrier_nospec in modules powerpc/64s: Enable barrier_nospec based on firmware settings powerpc/64s: Enhance the information in cpu_show_spectre_v1() Suraj Jitindar Singh (1): KVM: PPC: Book3S: Add count cache flush parameters to kvmppc_get_cpu_char() arch/powerpc/Kconfig | 7 +- arch/powerpc/include/asm/asm-prototypes.h | 15 ++ arch/powerpc/include/asm/barrier.h | 8 +- arch/powerpc/include/asm/code-patching-asm.h | 18 +++ arch/powerpc/include/asm/code-patching.h | 3 + arch/powerpc/include/asm/feature-fixups.h | 9 ++ arch/powerpc/include/asm/hvcall.h | 2 + arch/powerpc/include/asm/security_features.h | 7 + arch/powerpc/include/asm/setup.h | 21 +++ arch/powerpc/include/asm/uaccess.h | 11 +- arch/powerpc/include/uapi/asm/kvm.h | 2 + arch/powerpc/kernel/Makefile | 3 +- arch/powerpc/kernel/entry_64.S | 64 ++++++++ arch/powerpc/kernel/module.c | 10 +- arch/powerpc/kernel/security.c | 215 +++++++++++++++++++++++++-- arch/powerpc/kernel/setup-common.c | 2 + arch/powerpc/kernel/vmlinux.lds.S | 11 +- arch/powerpc/kvm/powerpc.c | 18 ++- arch/powerpc/lib/code-patching.c | 55 +++++-- arch/powerpc/lib/feature-fixups.c | 47 +++++- arch/powerpc/mm/mem.c | 2 + arch/powerpc/platforms/powernv/setup.c | 7 + arch/powerpc/platforms/pseries/setup.c | 7 + 23 files changed, 502 insertions(+), 42 deletions(-) create mode 100644 arch/powerpc/include/asm/code-patching-asm.h -- ============================ Manoj Iyer Ubuntu/Canonical ============================