------- Comment From mranw...@us.ibm.com 2019-04-29 14:42 EDT-------
An initial test looks good, thank you!
mranweil@ltc-wspoon5:~$ dpkg --list |grep linux-image-4\.15\.0-49
ii linux-image-4.15.0-49-generic 4.15.0-49.53
ppc64el Signed kernel image generic
mranweil@ltc-wspoon5:~$ cat /proc/version
Linux version 4.15.0-49-generic (buildd@bos02-ppc64el-016) (gcc version 7.3.0
(Ubuntu 7.3.0-16ubuntu3)) #53-Ubuntu SMP Fri Apr 26 06:44:38 UTC 2019
mranweil@ltc-wspoon5:~$ dmesg |grep count-cache-flush
[ 0.000000] count-cache-flush: hardware assisted flush sequence enabled
mranweil@ltc-wspoon5:~$ grep -H .
/sys/devices/system/cpu/vulnerabilities/spectre_v2
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Software count
cache flush (hardware accelerated)
mranweil@ltc-wspoon5:~$ cat /proc/cpuinfo |head
processor : 0
cpu : POWER9, altivec supported
clock : 3683.000000MHz
revision : 2.3 (pvr 004e 1203)
processor : 1
cpu : POWER9, altivec supported
clock : 3683.000000MHz
revision : 2.3 (pvr 004e 1203)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1822870
Title:
Backport support for software count cache flush Spectre v2 mitigation.
(CVE) (required for POWER9 DD2.3)
Status in The Ubuntu-power-systems project:
Fix Committed
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Bionic:
Fix Committed
Status in linux source package in Cosmic:
Fix Released
Bug description:
[IMPACT]
Need to further address the Spectre v2 and Meltdown vulnerability in Power
with software count cache flush Spectre v2 mitigation support for Power9 DD2.3,
and additional Spectre/Meltdown related patches for Power9.
[Fix]
List of upstream patches identified by IBM in comment #4, #5, and #8.
[Test]
Pre-req: requires Power9 DD2.3 hardware.
A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the
kernel was tested by IBM. Please see comment #11 and #14 for details.
[REGRESSION POTENTIAL]
The patches are isolated to the ppc64el architecture and does not impact
generic code. ppc64el test kernel was tested by IBM and no regressions were
reported.
[OTHER INFO]
For the different kernels:
The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears
to have all patches.
Disco appears to be missing only this patch:
92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2
reporting
Cosmic (which is supported until July) is missing a number of patches:
cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation
barrier from the command line
6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier
PPC_BOOK3S_64 specific.
179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add
CONFIG_PPC_BARRIER_NOSPEC
af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call
setup_barrier_nospec() from setup_arch()
406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting
Book3S 64 specific
06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro
& helpers for patching instructions
dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security
feature flags for count cache flush
ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for
software count cache flush
ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor
for count cache flush settings
99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for
count cache flush settings
7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2
mitigations reporting
92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2
reporting
This appears to already be in -next.
For the bionic 18.04.1 (4.15) kernel only this patch is already part of
master-next:
a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec
The others are ported, there were only 3 that were not clean. Those are:
2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori
barrier_nospec patching
This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is
missing, but it does not look like that is required here.
cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec
based on firmware settings
This failed because debugfs was already included, I can see that previously
added, I didn't see where it was previously removed.
06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro
& helpers for patching instructions
This failed because 8183d99f4a22c is not included - but doesn't seem
necessary.
All other patches applied with, at most, some fuzz.
Has had a little testing - boots, check debugfs, etc.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
