Message ID | alpine.DEB.2.21.1904121425540.7683@lazy |
---|---|
State | New |
Headers | show |
Series | [PULL,Bionic] Address Spectre V2 on Power9 DD2.3 | expand |
On 12.04.19 21:39, Manoj Iyer wrote: > > BugLink: https://bugs.launchpad.net/bugs/1822870 > > Please consider the following patches to address Spectre V2 Meltdown > vulnerability in Power9 DD2.3. The patches were identified as IBM as being > critical for addressing this issue on Bionic 4.15 kernel. Majority of the > patches were clean cherry-picks and a few patches requiring minor backports. > > A test kernel was made available in PPA: ppa:ubuntu-power-triage/lp1822870 > (built for Power and AMD64 archs) and test results based on this kernel on > Power9 DD2.3 is available in the bug report. We do not have Power9 DD2.3 > hardware in-house, so all testing was done by IBM. > > The patches are isolated to the ppc64el architecture, and IBM has not reported > any regressions, and they have verified that the test kernel works as expected. > > I have cced Michael Ranweiler@IBM on this pull request so that we can get help > to address any concerns you might have after SRU review. > > The following changes since commit c50532b9d7b623ff98aeaf0b848e58adae54ca75: > > UBUNTU: Ubuntu-4.15.0-48.51 (2019-04-02 18:31:55 +0200) > > are available in the Git repository at: > > git+ssh://git.launchpad.net/~manjo/+git/bionic-lp1822870 spectre-1822870 > > for you to fetch changes up to a527672055a2477c4d93bb0cce7a2bdc9e8558b8: > > powerpc: Avoid code patching freed init sections (2019-04-12 13:36:07 -0500) > > ---------------------------------------------------------------- > Christophe Leroy (2): > powerpc/lib/code-patching: refactor patch_instruction() > powerpc/lib/feature-fixups: use raw_patch_instruction() > > Diana Craciun (5): > powerpc/64: Disable the speculation barrier from the command line > powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. > powerpc/64: Make meltdown reporting Book3S 64 specific > powerpc/fsl: Fix spectre_v2 mitigations reporting > powerpc/fsl: Add nospectre_v2 command line argument > > Michael Ellerman (11): > powerpc: Use barrier_nospec in copy_from_user() > powerpc/64: Use barrier_nospec in syscall entry > powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 > powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC > powerpc/64: Call setup_barrier_nospec() from setup_arch() > powerpc/asm: Add a patch_site macro & helpers for patching instructions > powerpc/64s: Add new security feature flags for count cache flush > powerpc/64s: Add support for software count cache flush > powerpc/pseries: Query hypervisor for count cache flush settings > powerpc/powernv: Query firmware for count cache flush settings > powerpc/security: Fix spectre_v2 reporting > > Michael Neuling (1): > powerpc: Avoid code patching freed init sections > > Michal Suchanek (4): > powerpc/64s: Add support for ori barrier_nospec patching > powerpc/64s: Patch barrier_nospec in modules > powerpc/64s: Enable barrier_nospec based on firmware settings > powerpc/64s: Enhance the information in cpu_show_spectre_v1() > > Suraj Jitindar Singh (1): > KVM: PPC: Book3S: Add count cache flush parameters to kvmppc_get_cpu_char() > > arch/powerpc/Kconfig | 7 +- > arch/powerpc/include/asm/asm-prototypes.h | 15 ++ > arch/powerpc/include/asm/barrier.h | 8 +- > arch/powerpc/include/asm/code-patching-asm.h | 18 +++ > arch/powerpc/include/asm/code-patching.h | 3 + > arch/powerpc/include/asm/feature-fixups.h | 9 ++ > arch/powerpc/include/asm/hvcall.h | 2 + > arch/powerpc/include/asm/security_features.h | 7 + > arch/powerpc/include/asm/setup.h | 21 +++ > arch/powerpc/include/asm/uaccess.h | 11 +- > arch/powerpc/include/uapi/asm/kvm.h | 2 + > arch/powerpc/kernel/Makefile | 3 +- > arch/powerpc/kernel/entry_64.S | 64 ++++++++ > arch/powerpc/kernel/module.c | 10 +- > arch/powerpc/kernel/security.c | 215 +++++++++++++++++++++++++-- > arch/powerpc/kernel/setup-common.c | 2 + > arch/powerpc/kernel/vmlinux.lds.S | 11 +- > arch/powerpc/kvm/powerpc.c | 18 ++- > arch/powerpc/lib/code-patching.c | 55 +++++-- > arch/powerpc/lib/feature-fixups.c | 47 +++++- > arch/powerpc/mm/mem.c | 2 + > arch/powerpc/platforms/powernv/setup.c | 7 + > arch/powerpc/platforms/pseries/setup.c | 7 + > 23 files changed, 502 insertions(+), 42 deletions(-) > create mode 100644 arch/powerpc/include/asm/code-patching-asm.h > > -- > ============================ > Manoj Iyer > Ubuntu/Canonical > ============================ > Acked-by: Stefan Bader <stefan.bader@canonical.com>
On 4/12/19 9:39 PM, Manoj Iyer wrote: > > BugLink: https://bugs.launchpad.net/bugs/1822870 > > Please consider the following patches to address Spectre V2 Meltdown > vulnerability in Power9 DD2.3. The patches were identified as IBM as being > critical for addressing this issue on Bionic 4.15 kernel. Majority of the > patches were clean cherry-picks and a few patches requiring minor > backports. > > A test kernel was made available in PPA: ppa:ubuntu-power-triage/lp1822870 > (built for Power and AMD64 archs) and test results based on this kernel on > Power9 DD2.3 is available in the bug report. We do not have Power9 DD2.3 > hardware in-house, so all testing was done by IBM. > > The patches are isolated to the ppc64el architecture, and IBM has not > reported any regressions, and they have verified that the test kernel > works as expected. > > I have cced Michael Ranweiler@IBM on this pull request so that we can get > help to address any concerns you might have after SRU review. > > The following changes since commit > c50532b9d7b623ff98aeaf0b848e58adae54ca75: > > UBUNTU: Ubuntu-4.15.0-48.51 (2019-04-02 18:31:55 +0200) > > are available in the Git repository at: > > git+ssh://git.launchpad.net/~manjo/+git/bionic-lp1822870 spectre-1822870 > > for you to fetch changes up to a527672055a2477c4d93bb0cce7a2bdc9e8558b8: > > powerpc: Avoid code patching freed init sections (2019-04-12 13:36:07 > -0500) > > ---------------------------------------------------------------- > Christophe Leroy (2): > powerpc/lib/code-patching: refactor patch_instruction() > powerpc/lib/feature-fixups: use raw_patch_instruction() > > Diana Craciun (5): > powerpc/64: Disable the speculation barrier from the command line > powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. > powerpc/64: Make meltdown reporting Book3S 64 specific > powerpc/fsl: Fix spectre_v2 mitigations reporting > powerpc/fsl: Add nospectre_v2 command line argument > > Michael Ellerman (11): > powerpc: Use barrier_nospec in copy_from_user() > powerpc/64: Use barrier_nospec in syscall entry > powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 > powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC > powerpc/64: Call setup_barrier_nospec() from setup_arch() > powerpc/asm: Add a patch_site macro & helpers for patching > instructions > powerpc/64s: Add new security feature flags for count cache flush > powerpc/64s: Add support for software count cache flush > powerpc/pseries: Query hypervisor for count cache flush settings > powerpc/powernv: Query firmware for count cache flush settings > powerpc/security: Fix spectre_v2 reporting > > Michael Neuling (1): > powerpc: Avoid code patching freed init sections > > Michal Suchanek (4): > powerpc/64s: Add support for ori barrier_nospec patching > powerpc/64s: Patch barrier_nospec in modules > powerpc/64s: Enable barrier_nospec based on firmware settings > powerpc/64s: Enhance the information in cpu_show_spectre_v1() > > Suraj Jitindar Singh (1): > KVM: PPC: Book3S: Add count cache flush parameters to > kvmppc_get_cpu_char() > > arch/powerpc/Kconfig | 7 +- > arch/powerpc/include/asm/asm-prototypes.h | 15 ++ > arch/powerpc/include/asm/barrier.h | 8 +- > arch/powerpc/include/asm/code-patching-asm.h | 18 +++ > arch/powerpc/include/asm/code-patching.h | 3 + > arch/powerpc/include/asm/feature-fixups.h | 9 ++ > arch/powerpc/include/asm/hvcall.h | 2 + > arch/powerpc/include/asm/security_features.h | 7 + > arch/powerpc/include/asm/setup.h | 21 +++ > arch/powerpc/include/asm/uaccess.h | 11 +- > arch/powerpc/include/uapi/asm/kvm.h | 2 + > arch/powerpc/kernel/Makefile | 3 +- > arch/powerpc/kernel/entry_64.S | 64 ++++++++ > arch/powerpc/kernel/module.c | 10 +- > arch/powerpc/kernel/security.c | 215 > +++++++++++++++++++++++++-- > arch/powerpc/kernel/setup-common.c | 2 + > arch/powerpc/kernel/vmlinux.lds.S | 11 +- > arch/powerpc/kvm/powerpc.c | 18 ++- > arch/powerpc/lib/code-patching.c | 55 +++++-- > arch/powerpc/lib/feature-fixups.c | 47 +++++- > arch/powerpc/mm/mem.c | 2 + > arch/powerpc/platforms/powernv/setup.c | 7 + > arch/powerpc/platforms/pseries/setup.c | 7 + > 23 files changed, 502 insertions(+), 42 deletions(-) > create mode 100644 arch/powerpc/include/asm/code-patching-asm.h > > -- > ============================ > Manoj Iyer > Ubuntu/Canonical > ============================ > Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
On 4/12/19 9:39 PM, Manoj Iyer wrote: > > BugLink: https://bugs.launchpad.net/bugs/1822870 > > Please consider the following patches to address Spectre V2 Meltdown > vulnerability in Power9 DD2.3. The patches were identified as IBM as being > critical for addressing this issue on Bionic 4.15 kernel. Majority of the > patches were clean cherry-picks and a few patches requiring minor > backports. > > A test kernel was made available in PPA: ppa:ubuntu-power-triage/lp1822870 > (built for Power and AMD64 archs) and test results based on this kernel on > Power9 DD2.3 is available in the bug report. We do not have Power9 DD2.3 > hardware in-house, so all testing was done by IBM. > > The patches are isolated to the ppc64el architecture, and IBM has not > reported any regressions, and they have verified that the test kernel > works as expected. > > I have cced Michael Ranweiler@IBM on this pull request so that we can get > help to address any concerns you might have after SRU review. > > The following changes since commit > c50532b9d7b623ff98aeaf0b848e58adae54ca75: > > UBUNTU: Ubuntu-4.15.0-48.51 (2019-04-02 18:31:55 +0200) > > are available in the Git repository at: > > git+ssh://git.launchpad.net/~manjo/+git/bionic-lp1822870 spectre-1822870 > > for you to fetch changes up to a527672055a2477c4d93bb0cce7a2bdc9e8558b8: > > powerpc: Avoid code patching freed init sections (2019-04-12 13:36:07 > -0500) > > ---------------------------------------------------------------- > Christophe Leroy (2): > powerpc/lib/code-patching: refactor patch_instruction() > powerpc/lib/feature-fixups: use raw_patch_instruction() > > Diana Craciun (5): > powerpc/64: Disable the speculation barrier from the command line > powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. > powerpc/64: Make meltdown reporting Book3S 64 specific > powerpc/fsl: Fix spectre_v2 mitigations reporting > powerpc/fsl: Add nospectre_v2 command line argument > > Michael Ellerman (11): > powerpc: Use barrier_nospec in copy_from_user() > powerpc/64: Use barrier_nospec in syscall entry > powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 > powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC > powerpc/64: Call setup_barrier_nospec() from setup_arch() > powerpc/asm: Add a patch_site macro & helpers for patching > instructions > powerpc/64s: Add new security feature flags for count cache flush > powerpc/64s: Add support for software count cache flush > powerpc/pseries: Query hypervisor for count cache flush settings > powerpc/powernv: Query firmware for count cache flush settings > powerpc/security: Fix spectre_v2 reporting > > Michael Neuling (1): > powerpc: Avoid code patching freed init sections > > Michal Suchanek (4): > powerpc/64s: Add support for ori barrier_nospec patching > powerpc/64s: Patch barrier_nospec in modules > powerpc/64s: Enable barrier_nospec based on firmware settings > powerpc/64s: Enhance the information in cpu_show_spectre_v1() > > Suraj Jitindar Singh (1): > KVM: PPC: Book3S: Add count cache flush parameters to > kvmppc_get_cpu_char() > > arch/powerpc/Kconfig | 7 +- > arch/powerpc/include/asm/asm-prototypes.h | 15 ++ > arch/powerpc/include/asm/barrier.h | 8 +- > arch/powerpc/include/asm/code-patching-asm.h | 18 +++ > arch/powerpc/include/asm/code-patching.h | 3 + > arch/powerpc/include/asm/feature-fixups.h | 9 ++ > arch/powerpc/include/asm/hvcall.h | 2 + > arch/powerpc/include/asm/security_features.h | 7 + > arch/powerpc/include/asm/setup.h | 21 +++ > arch/powerpc/include/asm/uaccess.h | 11 +- > arch/powerpc/include/uapi/asm/kvm.h | 2 + > arch/powerpc/kernel/Makefile | 3 +- > arch/powerpc/kernel/entry_64.S | 64 ++++++++ > arch/powerpc/kernel/module.c | 10 +- > arch/powerpc/kernel/security.c | 215 > +++++++++++++++++++++++++-- > arch/powerpc/kernel/setup-common.c | 2 + > arch/powerpc/kernel/vmlinux.lds.S | 11 +- > arch/powerpc/kvm/powerpc.c | 18 ++- > arch/powerpc/lib/code-patching.c | 55 +++++-- > arch/powerpc/lib/feature-fixups.c | 47 +++++- > arch/powerpc/mm/mem.c | 2 + > arch/powerpc/platforms/powernv/setup.c | 7 + > arch/powerpc/platforms/pseries/setup.c | 7 + > 23 files changed, 502 insertions(+), 42 deletions(-) > create mode 100644 arch/powerpc/include/asm/code-patching-asm.h > > -- > ============================ > Manoj Iyer > Ubuntu/Canonical > ============================ > Applied to bionic/master-next branch. Thanks, Kleber