Patch "powerpc: Add security feature flags for Spectre/Meltdown" has been added to the 4.4-stable tree
This is a note to let you know that I've just added the patch titled powerpc: Add security feature flags for Spectre/Meltdown to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: powerpc-add-security-feature-flags-for-spectre-meltdown.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >From foo@baz Mon 29 Apr 2019 11:38:37 AM CEST From: Michael Ellerman Date: Mon, 22 Apr 2019 00:19:56 +1000 Subject: powerpc: Add security feature flags for Spectre/Meltdown To: sta...@vger.kernel.org, gre...@linuxfoundation.org Cc: linuxppc-...@ozlabs.org, diana.crac...@nxp.com, msucha...@suse.de, npig...@gmail.com, christophe.le...@c-s.fr Message-ID: <20190421142037.21881-12-...@ellerman.id.au> From: Michael Ellerman commit 9a868f634349e62922c226834aa23e3d1329ae7f upstream. This commit adds security feature flags to reflect the settings we receive from firmware regarding Spectre/Meltdown mitigations. The feature names reflect the names we are given by firmware on bare metal machines. See the hostboot source for details. Arguably these could be firmware features, but that then requires them to be read early in boot so they're available prior to asm feature patching, but we don't actually want to use them for patching. We may also want to dynamically update them in future, which would be incompatible with the way firmware features work (at the moment at least). So for now just make them separate flags. Signed-off-by: Michael Ellerman Signed-off-by: Greg Kroah-Hartman --- arch/powerpc/include/asm/security_features.h | 65 +++ arch/powerpc/kernel/Makefile |2 arch/powerpc/kernel/security.c | 15 ++ 3 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 arch/powerpc/include/asm/security_features.h create mode 100644 arch/powerpc/kernel/security.c --- /dev/null +++ b/arch/powerpc/include/asm/security_features.h @@ -0,0 +1,65 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Security related feature bit definitions. + * + * Copyright 2018, Michael Ellerman, IBM Corporation. + */ + +#ifndef _ASM_POWERPC_SECURITY_FEATURES_H +#define _ASM_POWERPC_SECURITY_FEATURES_H + + +extern unsigned long powerpc_security_features; + +static inline void security_ftr_set(unsigned long feature) +{ + powerpc_security_features |= feature; +} + +static inline void security_ftr_clear(unsigned long feature) +{ + powerpc_security_features &= ~feature; +} + +static inline bool security_ftr_enabled(unsigned long feature) +{ + return !!(powerpc_security_features & feature); +} + + +// Features indicating support for Spectre/Meltdown mitigations + +// The L1-D cache can be flushed with ori r30,r30,0 +#define SEC_FTR_L1D_FLUSH_ORI300x0001ull + +// The L1-D cache can be flushed with mtspr 882,r0 (aka SPRN_TRIG2) +#define SEC_FTR_L1D_FLUSH_TRIG20x0002ull + +// ori r31,r31,0 acts as a speculation barrier +#define SEC_FTR_SPEC_BAR_ORI31 0x0004ull + +// Speculation past bctr is disabled +#define SEC_FTR_BCCTRL_SERIALISED 0x0008ull + +// Entries in L1-D are private to a SMT thread +#define SEC_FTR_L1D_THREAD_PRIV0x0010ull + +// Indirect branch prediction cache disabled +#define SEC_FTR_COUNT_CACHE_DISABLED 0x0020ull + + +// Features indicating need for Spectre/Meltdown mitigations + +// The L1-D cache should be flushed on MSR[HV] 1->0 transition (hypervisor to guest) +#define SEC_FTR_L1D_FLUSH_HV 0x0040ull + +// The L1-D cache should be flushed on MSR[PR] 0->1 transition (kernel to userspace) +#define SEC_FTR_L1D_FLUSH_PR 0x0080ull + +// A speculation barrier should be used for bounds checks (Spectre variant 1) +#define SEC_FTR_BNDS_CHK_SPEC_BAR 0x0100ull + +// Firmware configuration indicates user favours security over performance +#define SEC_FTR_FAVOUR_SECURITY0x0200ull + +#endif /* _ASM_POWERPC_SECURITY_FEATURES_H */ --- a/arch/powerpc/kernel/Makefile +++ b/arch/powerpc/kernel/Makefile @@ -40,7 +40,7 @@ obj-$(CONFIG_PPC64) += setup_64.o sys_p obj-$(CONFIG_VDSO32) += vdso32/ obj-$(CONFIG_HAVE_HW_BREAKPOINT) += hw_breakpoint.o obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_ppc970.o cpu_setup_pa6t.o -obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o +obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o security.o obj-$(CONFIG_PPC_BOOK3S_64)+= mce.o mce_power.o obj64-$(CONFIG_RELOCATABLE)+= reloc_64.o obj-$(CONFIG_PPC_BOOK3E_64)+= exceptions-64e.o idle_book3e.o --- /dev/null +++ b/arch/powerpc/kernel/security.c @@ -0,0 +1,
[PATCH stable v4.4 11/52] powerpc: Add security feature flags for Spectre/Meltdown
commit 9a868f634349e62922c226834aa23e3d1329ae7f upstream. This commit adds security feature flags to reflect the settings we receive from firmware regarding Spectre/Meltdown mitigations. The feature names reflect the names we are given by firmware on bare metal machines. See the hostboot source for details. Arguably these could be firmware features, but that then requires them to be read early in boot so they're available prior to asm feature patching, but we don't actually want to use them for patching. We may also want to dynamically update them in future, which would be incompatible with the way firmware features work (at the moment at least). So for now just make them separate flags. Signed-off-by: Michael Ellerman --- arch/powerpc/include/asm/security_features.h | 65 arch/powerpc/kernel/Makefile | 2 +- arch/powerpc/kernel/security.c | 15 + 3 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 arch/powerpc/include/asm/security_features.h create mode 100644 arch/powerpc/kernel/security.c diff --git a/arch/powerpc/include/asm/security_features.h b/arch/powerpc/include/asm/security_features.h new file mode 100644 index ..db00ad2c72c2 --- /dev/null +++ b/arch/powerpc/include/asm/security_features.h @@ -0,0 +1,65 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Security related feature bit definitions. + * + * Copyright 2018, Michael Ellerman, IBM Corporation. + */ + +#ifndef _ASM_POWERPC_SECURITY_FEATURES_H +#define _ASM_POWERPC_SECURITY_FEATURES_H + + +extern unsigned long powerpc_security_features; + +static inline void security_ftr_set(unsigned long feature) +{ + powerpc_security_features |= feature; +} + +static inline void security_ftr_clear(unsigned long feature) +{ + powerpc_security_features &= ~feature; +} + +static inline bool security_ftr_enabled(unsigned long feature) +{ + return !!(powerpc_security_features & feature); +} + + +// Features indicating support for Spectre/Meltdown mitigations + +// The L1-D cache can be flushed with ori r30,r30,0 +#define SEC_FTR_L1D_FLUSH_ORI300x0001ull + +// The L1-D cache can be flushed with mtspr 882,r0 (aka SPRN_TRIG2) +#define SEC_FTR_L1D_FLUSH_TRIG20x0002ull + +// ori r31,r31,0 acts as a speculation barrier +#define SEC_FTR_SPEC_BAR_ORI31 0x0004ull + +// Speculation past bctr is disabled +#define SEC_FTR_BCCTRL_SERIALISED 0x0008ull + +// Entries in L1-D are private to a SMT thread +#define SEC_FTR_L1D_THREAD_PRIV0x0010ull + +// Indirect branch prediction cache disabled +#define SEC_FTR_COUNT_CACHE_DISABLED 0x0020ull + + +// Features indicating need for Spectre/Meltdown mitigations + +// The L1-D cache should be flushed on MSR[HV] 1->0 transition (hypervisor to guest) +#define SEC_FTR_L1D_FLUSH_HV 0x0040ull + +// The L1-D cache should be flushed on MSR[PR] 0->1 transition (kernel to userspace) +#define SEC_FTR_L1D_FLUSH_PR 0x0080ull + +// A speculation barrier should be used for bounds checks (Spectre variant 1) +#define SEC_FTR_BNDS_CHK_SPEC_BAR 0x0100ull + +// Firmware configuration indicates user favours security over performance +#define SEC_FTR_FAVOUR_SECURITY0x0200ull + +#endif /* _ASM_POWERPC_SECURITY_FEATURES_H */ diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile index ba336930d448..e9b0962743b8 100644 --- a/arch/powerpc/kernel/Makefile +++ b/arch/powerpc/kernel/Makefile @@ -40,7 +40,7 @@ obj-$(CONFIG_PPC64) += setup_64.o sys_ppc32.o \ obj-$(CONFIG_VDSO32) += vdso32/ obj-$(CONFIG_HAVE_HW_BREAKPOINT) += hw_breakpoint.o obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_ppc970.o cpu_setup_pa6t.o -obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o +obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o security.o obj-$(CONFIG_PPC_BOOK3S_64)+= mce.o mce_power.o obj64-$(CONFIG_RELOCATABLE)+= reloc_64.o obj-$(CONFIG_PPC_BOOK3E_64)+= exceptions-64e.o idle_book3e.o diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c new file mode 100644 index ..4ccba00d224c --- /dev/null +++ b/arch/powerpc/kernel/security.c @@ -0,0 +1,15 @@ +// SPDX-License-Identifier: GPL-2.0+ +// +// Security related flags and so on. +// +// Copyright 2018, Michael Ellerman, IBM Corporation. + +#include +#include + + +unsigned long powerpc_security_features __read_mostly = \ + SEC_FTR_L1D_FLUSH_HV | \ + SEC_FTR_L1D_FLUSH_PR | \ + SEC_FTR_BNDS_CHK_SPEC_BAR | \ + SEC_FTR_FAVOUR_SECURITY; -- 2.20.1
Re: Spectre+Meltdown
On 23. Nov 2018, at 19:59, Michal Suchánek wrote: With this summary paper https://arxiv.org/abs/1811.05441 it should be possible to take the manual for your favourite CPU and see which exploitable optimizations it does have, and how are these exploits mitigated. Thanks Michal Hi Michal, Thanks for the hint. Here is the status of our machines: FYI: X1000, CPU: PWRficient PA6T-1682M, kernel 4.20-rc3: grep . /sys/devices/system/cpu/vulnerabilities/* /sys/devices/system/cpu/vulnerabilities/l1tf:Not affected /sys/devices/system/cpu/vulnerabilities/meltdown:Vulnerable /sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Vulnerable /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Software count cache flush X5000/020, CPU: P5020 (e5500), kernel 4.20-rc3: grep . /sys/devices/system/cpu/vulnerabilities/* /sys/devices/system/cpu/vulnerabilities/l1tf:Not affected /sys/devices/system/cpu/vulnerabilities/meltdown:Not affected /sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Not affected /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Software count cache flush The PA6T is still vulnerable. Cheers, Christian
Re: Spectre+Meltdown
On Wed, 10 Jan 2018 18:09:45 -0600 Li Yang wrote: Hello, > On Mon, Jan 8, 2018 at 2:17 AM, Christian Zigotzky > wrote: > > Hi All, > > > > Thanks a lot for your replies. > > > > @NXP developers: Could you please tell us some information? > > We have done some investigation but it is not ready to be published > yet. You can get more information from your support channel right > now. With this summary paper https://arxiv.org/abs/1811.05441 it should be possible to take the manual for your favourite CPU and see which exploitable optimizations it does have, and how are these exploits mitigated. Thanks Michal
Patch "powerpc: Add security feature flags for Spectre/Meltdown" has been added to the 4.9-stable tree
This is a note to let you know that I've just added the patch titled powerpc: Add security feature flags for Spectre/Meltdown to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: powerpc-add-security-feature-flags-for-spectre-meltdown.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >From foo@baz Sat Jun 2 15:29:05 CEST 2018 From: Michael Ellerman Date: Sat, 2 Jun 2018 21:08:55 +1000 Subject: powerpc: Add security feature flags for Spectre/Meltdown To: gre...@linuxfoundation.org Cc: sta...@vger.kernel.org, linuxppc-...@ozlabs.org Message-ID: <20180602110908.29773-11-...@ellerman.id.au> From: Michael Ellerman commit 9a868f634349e62922c226834aa23e3d1329ae7f upstream. This commit adds security feature flags to reflect the settings we receive from firmware regarding Spectre/Meltdown mitigations. The feature names reflect the names we are given by firmware on bare metal machines. See the hostboot source for details. Arguably these could be firmware features, but that then requires them to be read early in boot so they're available prior to asm feature patching, but we don't actually want to use them for patching. We may also want to dynamically update them in future, which would be incompatible with the way firmware features work (at the moment at least). So for now just make them separate flags. Signed-off-by: Michael Ellerman Signed-off-by: Greg Kroah-Hartman --- arch/powerpc/include/asm/security_features.h | 65 +++ arch/powerpc/kernel/Makefile |2 arch/powerpc/kernel/security.c | 15 ++ 3 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 arch/powerpc/include/asm/security_features.h create mode 100644 arch/powerpc/kernel/security.c --- /dev/null +++ b/arch/powerpc/include/asm/security_features.h @@ -0,0 +1,65 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Security related feature bit definitions. + * + * Copyright 2018, Michael Ellerman, IBM Corporation. + */ + +#ifndef _ASM_POWERPC_SECURITY_FEATURES_H +#define _ASM_POWERPC_SECURITY_FEATURES_H + + +extern unsigned long powerpc_security_features; + +static inline void security_ftr_set(unsigned long feature) +{ + powerpc_security_features |= feature; +} + +static inline void security_ftr_clear(unsigned long feature) +{ + powerpc_security_features &= ~feature; +} + +static inline bool security_ftr_enabled(unsigned long feature) +{ + return !!(powerpc_security_features & feature); +} + + +// Features indicating support for Spectre/Meltdown mitigations + +// The L1-D cache can be flushed with ori r30,r30,0 +#define SEC_FTR_L1D_FLUSH_ORI300x0001ull + +// The L1-D cache can be flushed with mtspr 882,r0 (aka SPRN_TRIG2) +#define SEC_FTR_L1D_FLUSH_TRIG20x0002ull + +// ori r31,r31,0 acts as a speculation barrier +#define SEC_FTR_SPEC_BAR_ORI31 0x0004ull + +// Speculation past bctr is disabled +#define SEC_FTR_BCCTRL_SERIALISED 0x0008ull + +// Entries in L1-D are private to a SMT thread +#define SEC_FTR_L1D_THREAD_PRIV0x0010ull + +// Indirect branch prediction cache disabled +#define SEC_FTR_COUNT_CACHE_DISABLED 0x0020ull + + +// Features indicating need for Spectre/Meltdown mitigations + +// The L1-D cache should be flushed on MSR[HV] 1->0 transition (hypervisor to guest) +#define SEC_FTR_L1D_FLUSH_HV 0x0040ull + +// The L1-D cache should be flushed on MSR[PR] 0->1 transition (kernel to userspace) +#define SEC_FTR_L1D_FLUSH_PR 0x0080ull + +// A speculation barrier should be used for bounds checks (Spectre variant 1) +#define SEC_FTR_BNDS_CHK_SPEC_BAR 0x0100ull + +// Firmware configuration indicates user favours security over performance +#define SEC_FTR_FAVOUR_SECURITY0x0200ull + +#endif /* _ASM_POWERPC_SECURITY_FEATURES_H */ --- a/arch/powerpc/kernel/Makefile +++ b/arch/powerpc/kernel/Makefile @@ -44,7 +44,7 @@ obj-$(CONFIG_PPC64) += setup_64.o sys_p obj-$(CONFIG_VDSO32) += vdso32/ obj-$(CONFIG_HAVE_HW_BREAKPOINT) += hw_breakpoint.o obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_ppc970.o cpu_setup_pa6t.o -obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o +obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o security.o obj-$(CONFIG_PPC_BOOK3S_64)+= mce.o mce_power.o obj-$(CONFIG_PPC_BOOK3E_64)+= exceptions-64e.o idle_book3e.o obj-$(CONFIG_PPC64)+= vdso64/ --- /dev/null +++ b/arch/powerpc/kernel/security.c @@ -0,0 +1,15 @@ +// SPDX-License-Identifier: GPL-2.0+ +// +// Security related flags and so on. +// +//
[PATCH stable 4.9 10/23] powerpc: Add security feature flags for Spectre/Meltdown
commit 9a868f634349e62922c226834aa23e3d1329ae7f upstream. This commit adds security feature flags to reflect the settings we receive from firmware regarding Spectre/Meltdown mitigations. The feature names reflect the names we are given by firmware on bare metal machines. See the hostboot source for details. Arguably these could be firmware features, but that then requires them to be read early in boot so they're available prior to asm feature patching, but we don't actually want to use them for patching. We may also want to dynamically update them in future, which would be incompatible with the way firmware features work (at the moment at least). So for now just make them separate flags. Signed-off-by: Michael Ellerman --- arch/powerpc/include/asm/security_features.h | 65 arch/powerpc/kernel/Makefile | 2 +- arch/powerpc/kernel/security.c | 15 +++ 3 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 arch/powerpc/include/asm/security_features.h create mode 100644 arch/powerpc/kernel/security.c diff --git a/arch/powerpc/include/asm/security_features.h b/arch/powerpc/include/asm/security_features.h new file mode 100644 index ..db00ad2c72c2 --- /dev/null +++ b/arch/powerpc/include/asm/security_features.h @@ -0,0 +1,65 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Security related feature bit definitions. + * + * Copyright 2018, Michael Ellerman, IBM Corporation. + */ + +#ifndef _ASM_POWERPC_SECURITY_FEATURES_H +#define _ASM_POWERPC_SECURITY_FEATURES_H + + +extern unsigned long powerpc_security_features; + +static inline void security_ftr_set(unsigned long feature) +{ + powerpc_security_features |= feature; +} + +static inline void security_ftr_clear(unsigned long feature) +{ + powerpc_security_features &= ~feature; +} + +static inline bool security_ftr_enabled(unsigned long feature) +{ + return !!(powerpc_security_features & feature); +} + + +// Features indicating support for Spectre/Meltdown mitigations + +// The L1-D cache can be flushed with ori r30,r30,0 +#define SEC_FTR_L1D_FLUSH_ORI300x0001ull + +// The L1-D cache can be flushed with mtspr 882,r0 (aka SPRN_TRIG2) +#define SEC_FTR_L1D_FLUSH_TRIG20x0002ull + +// ori r31,r31,0 acts as a speculation barrier +#define SEC_FTR_SPEC_BAR_ORI31 0x0004ull + +// Speculation past bctr is disabled +#define SEC_FTR_BCCTRL_SERIALISED 0x0008ull + +// Entries in L1-D are private to a SMT thread +#define SEC_FTR_L1D_THREAD_PRIV0x0010ull + +// Indirect branch prediction cache disabled +#define SEC_FTR_COUNT_CACHE_DISABLED 0x0020ull + + +// Features indicating need for Spectre/Meltdown mitigations + +// The L1-D cache should be flushed on MSR[HV] 1->0 transition (hypervisor to guest) +#define SEC_FTR_L1D_FLUSH_HV 0x0040ull + +// The L1-D cache should be flushed on MSR[PR] 0->1 transition (kernel to userspace) +#define SEC_FTR_L1D_FLUSH_PR 0x0080ull + +// A speculation barrier should be used for bounds checks (Spectre variant 1) +#define SEC_FTR_BNDS_CHK_SPEC_BAR 0x0100ull + +// Firmware configuration indicates user favours security over performance +#define SEC_FTR_FAVOUR_SECURITY0x0200ull + +#endif /* _ASM_POWERPC_SECURITY_FEATURES_H */ diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile index adb52d101133..13885786282b 100644 --- a/arch/powerpc/kernel/Makefile +++ b/arch/powerpc/kernel/Makefile @@ -44,7 +44,7 @@ obj-$(CONFIG_PPC64) += setup_64.o sys_ppc32.o \ obj-$(CONFIG_VDSO32) += vdso32/ obj-$(CONFIG_HAVE_HW_BREAKPOINT) += hw_breakpoint.o obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_ppc970.o cpu_setup_pa6t.o -obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o +obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o security.o obj-$(CONFIG_PPC_BOOK3S_64)+= mce.o mce_power.o obj-$(CONFIG_PPC_BOOK3E_64)+= exceptions-64e.o idle_book3e.o obj-$(CONFIG_PPC64)+= vdso64/ diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c new file mode 100644 index ..4ccba00d224c --- /dev/null +++ b/arch/powerpc/kernel/security.c @@ -0,0 +1,15 @@ +// SPDX-License-Identifier: GPL-2.0+ +// +// Security related flags and so on. +// +// Copyright 2018, Michael Ellerman, IBM Corporation. + +#include +#include + + +unsigned long powerpc_security_features __read_mostly = \ + SEC_FTR_L1D_FLUSH_HV | \ + SEC_FTR_L1D_FLUSH_PR | \ + SEC_FTR_BNDS_CHK_SPEC_BAR | \ + SEC_FTR_FAVOUR_SECURITY; -- 2.14.1
Patch "powerpc: Add security feature flags for Spectre/Meltdown" has been added to the 4.14-stable tree
This is a note to let you know that I've just added the patch titled powerpc: Add security feature flags for Spectre/Meltdown to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: powerpc-add-security-feature-flags-for-spectre-meltdown.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >From foo@baz Sun May 27 15:47:18 CEST 2018 From: Michael Ellerman Date: Sat, 26 May 2018 14:27:36 +1000 Subject: powerpc: Add security feature flags for Spectre/Meltdown To: g...@kroah.com Cc: sta...@vger.kernel.org, t...@linutronix.de, linuxppc-...@ozlabs.org Message-ID: <20180526042749.5324-11-...@ellerman.id.au> From: Michael Ellerman commit 9a868f634349e62922c226834aa23e3d1329ae7f upstream. This commit adds security feature flags to reflect the settings we receive from firmware regarding Spectre/Meltdown mitigations. The feature names reflect the names we are given by firmware on bare metal machines. See the hostboot source for details. Arguably these could be firmware features, but that then requires them to be read early in boot so they're available prior to asm feature patching, but we don't actually want to use them for patching. We may also want to dynamically update them in future, which would be incompatible with the way firmware features work (at the moment at least). So for now just make them separate flags. Signed-off-by: Michael Ellerman Signed-off-by: Greg Kroah-Hartman --- arch/powerpc/include/asm/security_features.h | 65 +++ arch/powerpc/kernel/Makefile |2 arch/powerpc/kernel/security.c | 15 ++ 3 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 arch/powerpc/include/asm/security_features.h create mode 100644 arch/powerpc/kernel/security.c --- /dev/null +++ b/arch/powerpc/include/asm/security_features.h @@ -0,0 +1,65 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Security related feature bit definitions. + * + * Copyright 2018, Michael Ellerman, IBM Corporation. + */ + +#ifndef _ASM_POWERPC_SECURITY_FEATURES_H +#define _ASM_POWERPC_SECURITY_FEATURES_H + + +extern unsigned long powerpc_security_features; + +static inline void security_ftr_set(unsigned long feature) +{ + powerpc_security_features |= feature; +} + +static inline void security_ftr_clear(unsigned long feature) +{ + powerpc_security_features &= ~feature; +} + +static inline bool security_ftr_enabled(unsigned long feature) +{ + return !!(powerpc_security_features & feature); +} + + +// Features indicating support for Spectre/Meltdown mitigations + +// The L1-D cache can be flushed with ori r30,r30,0 +#define SEC_FTR_L1D_FLUSH_ORI300x0001ull + +// The L1-D cache can be flushed with mtspr 882,r0 (aka SPRN_TRIG2) +#define SEC_FTR_L1D_FLUSH_TRIG20x0002ull + +// ori r31,r31,0 acts as a speculation barrier +#define SEC_FTR_SPEC_BAR_ORI31 0x0004ull + +// Speculation past bctr is disabled +#define SEC_FTR_BCCTRL_SERIALISED 0x0008ull + +// Entries in L1-D are private to a SMT thread +#define SEC_FTR_L1D_THREAD_PRIV0x0010ull + +// Indirect branch prediction cache disabled +#define SEC_FTR_COUNT_CACHE_DISABLED 0x0020ull + + +// Features indicating need for Spectre/Meltdown mitigations + +// The L1-D cache should be flushed on MSR[HV] 1->0 transition (hypervisor to guest) +#define SEC_FTR_L1D_FLUSH_HV 0x0040ull + +// The L1-D cache should be flushed on MSR[PR] 0->1 transition (kernel to userspace) +#define SEC_FTR_L1D_FLUSH_PR 0x0080ull + +// A speculation barrier should be used for bounds checks (Spectre variant 1) +#define SEC_FTR_BNDS_CHK_SPEC_BAR 0x0100ull + +// Firmware configuration indicates user favours security over performance +#define SEC_FTR_FAVOUR_SECURITY0x0200ull + +#endif /* _ASM_POWERPC_SECURITY_FEATURES_H */ --- a/arch/powerpc/kernel/Makefile +++ b/arch/powerpc/kernel/Makefile @@ -42,7 +42,7 @@ obj-$(CONFIG_VDSO32) += vdso32/ obj-$(CONFIG_PPC_WATCHDOG) += watchdog.o obj-$(CONFIG_HAVE_HW_BREAKPOINT) += hw_breakpoint.o obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_ppc970.o cpu_setup_pa6t.o -obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o +obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o security.o obj-$(CONFIG_PPC_BOOK3S_64)+= mce.o mce_power.o obj-$(CONFIG_PPC_BOOK3E_64)+= exceptions-64e.o idle_book3e.o obj-$(CONFIG_PPC64)+= vdso64/ --- /dev/null +++ b/arch/powerpc/kernel/security.c @@ -0,0 +1,15 @@ +// SPDX-License-Identifier: GPL-2.0+ +// +// Security related flags and so on. +// +//
[PATCH stable 4.14 v2 10/23] powerpc: Add security feature flags for Spectre/Meltdown
commit 9a868f634349e62922c226834aa23e3d1329ae7f upstream. This commit adds security feature flags to reflect the settings we receive from firmware regarding Spectre/Meltdown mitigations. The feature names reflect the names we are given by firmware on bare metal machines. See the hostboot source for details. Arguably these could be firmware features, but that then requires them to be read early in boot so they're available prior to asm feature patching, but we don't actually want to use them for patching. We may also want to dynamically update them in future, which would be incompatible with the way firmware features work (at the moment at least). So for now just make them separate flags. Signed-off-by: Michael Ellerman --- arch/powerpc/include/asm/security_features.h | 65 arch/powerpc/kernel/Makefile | 2 +- arch/powerpc/kernel/security.c | 15 +++ 3 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 arch/powerpc/include/asm/security_features.h create mode 100644 arch/powerpc/kernel/security.c diff --git a/arch/powerpc/include/asm/security_features.h b/arch/powerpc/include/asm/security_features.h new file mode 100644 index ..db00ad2c72c2 --- /dev/null +++ b/arch/powerpc/include/asm/security_features.h @@ -0,0 +1,65 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Security related feature bit definitions. + * + * Copyright 2018, Michael Ellerman, IBM Corporation. + */ + +#ifndef _ASM_POWERPC_SECURITY_FEATURES_H +#define _ASM_POWERPC_SECURITY_FEATURES_H + + +extern unsigned long powerpc_security_features; + +static inline void security_ftr_set(unsigned long feature) +{ + powerpc_security_features |= feature; +} + +static inline void security_ftr_clear(unsigned long feature) +{ + powerpc_security_features &= ~feature; +} + +static inline bool security_ftr_enabled(unsigned long feature) +{ + return !!(powerpc_security_features & feature); +} + + +// Features indicating support for Spectre/Meltdown mitigations + +// The L1-D cache can be flushed with ori r30,r30,0 +#define SEC_FTR_L1D_FLUSH_ORI300x0001ull + +// The L1-D cache can be flushed with mtspr 882,r0 (aka SPRN_TRIG2) +#define SEC_FTR_L1D_FLUSH_TRIG20x0002ull + +// ori r31,r31,0 acts as a speculation barrier +#define SEC_FTR_SPEC_BAR_ORI31 0x0004ull + +// Speculation past bctr is disabled +#define SEC_FTR_BCCTRL_SERIALISED 0x0008ull + +// Entries in L1-D are private to a SMT thread +#define SEC_FTR_L1D_THREAD_PRIV0x0010ull + +// Indirect branch prediction cache disabled +#define SEC_FTR_COUNT_CACHE_DISABLED 0x0020ull + + +// Features indicating need for Spectre/Meltdown mitigations + +// The L1-D cache should be flushed on MSR[HV] 1->0 transition (hypervisor to guest) +#define SEC_FTR_L1D_FLUSH_HV 0x0040ull + +// The L1-D cache should be flushed on MSR[PR] 0->1 transition (kernel to userspace) +#define SEC_FTR_L1D_FLUSH_PR 0x0080ull + +// A speculation barrier should be used for bounds checks (Spectre variant 1) +#define SEC_FTR_BNDS_CHK_SPEC_BAR 0x0100ull + +// Firmware configuration indicates user favours security over performance +#define SEC_FTR_FAVOUR_SECURITY0x0200ull + +#endif /* _ASM_POWERPC_SECURITY_FEATURES_H */ diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile index 6c6cce937dd8..1479c61e29c5 100644 --- a/arch/powerpc/kernel/Makefile +++ b/arch/powerpc/kernel/Makefile @@ -42,7 +42,7 @@ obj-$(CONFIG_VDSO32) += vdso32/ obj-$(CONFIG_PPC_WATCHDOG) += watchdog.o obj-$(CONFIG_HAVE_HW_BREAKPOINT) += hw_breakpoint.o obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_ppc970.o cpu_setup_pa6t.o -obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o +obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o security.o obj-$(CONFIG_PPC_BOOK3S_64)+= mce.o mce_power.o obj-$(CONFIG_PPC_BOOK3E_64)+= exceptions-64e.o idle_book3e.o obj-$(CONFIG_PPC64)+= vdso64/ diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c new file mode 100644 index ..4ccba00d224c --- /dev/null +++ b/arch/powerpc/kernel/security.c @@ -0,0 +1,15 @@ +// SPDX-License-Identifier: GPL-2.0+ +// +// Security related flags and so on. +// +// Copyright 2018, Michael Ellerman, IBM Corporation. + +#include +#include + + +unsigned long powerpc_security_features __read_mostly = \ + SEC_FTR_L1D_FLUSH_HV | \ + SEC_FTR_L1D_FLUSH_PR | \ + SEC_FTR_BNDS_CHK_SPEC_BAR | \ + SEC_FTR_FAVOUR_SECURITY; -- 2.14.1
[PATCH stable 4.14 10/23] powerpc: Add security feature flags for Spectre/Meltdown
This commit adds security feature flags to reflect the settings we receive from firmware regarding Spectre/Meltdown mitigations. The feature names reflect the names we are given by firmware on bare metal machines. See the hostboot source for details. Arguably these could be firmware features, but that then requires them to be read early in boot so they're available prior to asm feature patching, but we don't actually want to use them for patching. We may also want to dynamically update them in future, which would be incompatible with the way firmware features work (at the moment at least). So for now just make them separate flags. Signed-off-by: Michael Ellerman (cherry picked from commit 9a868f634349e62922c226834aa23e3d1329ae7f) --- arch/powerpc/include/asm/security_features.h | 65 arch/powerpc/kernel/Makefile | 2 +- arch/powerpc/kernel/security.c | 15 +++ 3 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 arch/powerpc/include/asm/security_features.h create mode 100644 arch/powerpc/kernel/security.c diff --git a/arch/powerpc/include/asm/security_features.h b/arch/powerpc/include/asm/security_features.h new file mode 100644 index ..db00ad2c72c2 --- /dev/null +++ b/arch/powerpc/include/asm/security_features.h @@ -0,0 +1,65 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Security related feature bit definitions. + * + * Copyright 2018, Michael Ellerman, IBM Corporation. + */ + +#ifndef _ASM_POWERPC_SECURITY_FEATURES_H +#define _ASM_POWERPC_SECURITY_FEATURES_H + + +extern unsigned long powerpc_security_features; + +static inline void security_ftr_set(unsigned long feature) +{ + powerpc_security_features |= feature; +} + +static inline void security_ftr_clear(unsigned long feature) +{ + powerpc_security_features &= ~feature; +} + +static inline bool security_ftr_enabled(unsigned long feature) +{ + return !!(powerpc_security_features & feature); +} + + +// Features indicating support for Spectre/Meltdown mitigations + +// The L1-D cache can be flushed with ori r30,r30,0 +#define SEC_FTR_L1D_FLUSH_ORI300x0001ull + +// The L1-D cache can be flushed with mtspr 882,r0 (aka SPRN_TRIG2) +#define SEC_FTR_L1D_FLUSH_TRIG20x0002ull + +// ori r31,r31,0 acts as a speculation barrier +#define SEC_FTR_SPEC_BAR_ORI31 0x0004ull + +// Speculation past bctr is disabled +#define SEC_FTR_BCCTRL_SERIALISED 0x0008ull + +// Entries in L1-D are private to a SMT thread +#define SEC_FTR_L1D_THREAD_PRIV0x0010ull + +// Indirect branch prediction cache disabled +#define SEC_FTR_COUNT_CACHE_DISABLED 0x0020ull + + +// Features indicating need for Spectre/Meltdown mitigations + +// The L1-D cache should be flushed on MSR[HV] 1->0 transition (hypervisor to guest) +#define SEC_FTR_L1D_FLUSH_HV 0x0040ull + +// The L1-D cache should be flushed on MSR[PR] 0->1 transition (kernel to userspace) +#define SEC_FTR_L1D_FLUSH_PR 0x0080ull + +// A speculation barrier should be used for bounds checks (Spectre variant 1) +#define SEC_FTR_BNDS_CHK_SPEC_BAR 0x0100ull + +// Firmware configuration indicates user favours security over performance +#define SEC_FTR_FAVOUR_SECURITY0x0200ull + +#endif /* _ASM_POWERPC_SECURITY_FEATURES_H */ diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile index 6c6cce937dd8..1479c61e29c5 100644 --- a/arch/powerpc/kernel/Makefile +++ b/arch/powerpc/kernel/Makefile @@ -42,7 +42,7 @@ obj-$(CONFIG_VDSO32) += vdso32/ obj-$(CONFIG_PPC_WATCHDOG) += watchdog.o obj-$(CONFIG_HAVE_HW_BREAKPOINT) += hw_breakpoint.o obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_ppc970.o cpu_setup_pa6t.o -obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o +obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o security.o obj-$(CONFIG_PPC_BOOK3S_64)+= mce.o mce_power.o obj-$(CONFIG_PPC_BOOK3E_64)+= exceptions-64e.o idle_book3e.o obj-$(CONFIG_PPC64)+= vdso64/ diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c new file mode 100644 index ..4ccba00d224c --- /dev/null +++ b/arch/powerpc/kernel/security.c @@ -0,0 +1,15 @@ +// SPDX-License-Identifier: GPL-2.0+ +// +// Security related flags and so on. +// +// Copyright 2018, Michael Ellerman, IBM Corporation. + +#include +#include + + +unsigned long powerpc_security_features __read_mostly = \ + SEC_FTR_L1D_FLUSH_HV | \ + SEC_FTR_L1D_FLUSH_PR | \ + SEC_FTR_BNDS_CHK_SPEC_BAR | \ + SEC_FTR_FAVOUR_SECURITY; -- 2.14.1
Patch "powerpc: Add security feature flags for Spectre/Meltdown" has been added to the 4.16-stable tree
This is a note to let you know that I've just added the patch titled powerpc: Add security feature flags for Spectre/Meltdown to the 4.16-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: powerpc-add-security-feature-flags-for-spectre-meltdown.patch and it can be found in the queue-4.16 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >From foo@baz Wed May 23 19:18:22 CEST 2018 From: Michael Ellerman Date: Wed, 23 May 2018 00:41:13 +1000 Subject: powerpc: Add security feature flags for Spectre/Meltdown To: g...@kroah.com Cc: sta...@vger.kernel.org, t...@linutronix.de, linuxppc-...@ozlabs.org Message-ID: <20180522144125.10345-3-...@ellerman.id.au> From: Michael Ellerman commit 9a868f634349e62922c226834aa23e3d1329ae7f upstream. This commit adds security feature flags to reflect the settings we receive from firmware regarding Spectre/Meltdown mitigations. The feature names reflect the names we are given by firmware on bare metal machines. See the hostboot source for details. Arguably these could be firmware features, but that then requires them to be read early in boot so they're available prior to asm feature patching, but we don't actually want to use them for patching. We may also want to dynamically update them in future, which would be incompatible with the way firmware features work (at the moment at least). So for now just make them separate flags. Signed-off-by: Michael Ellerman Signed-off-by: Greg Kroah-Hartman --- arch/powerpc/include/asm/security_features.h | 65 +++ arch/powerpc/kernel/Makefile |2 arch/powerpc/kernel/security.c | 15 ++ 3 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 arch/powerpc/include/asm/security_features.h create mode 100644 arch/powerpc/kernel/security.c --- /dev/null +++ b/arch/powerpc/include/asm/security_features.h @@ -0,0 +1,65 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Security related feature bit definitions. + * + * Copyright 2018, Michael Ellerman, IBM Corporation. + */ + +#ifndef _ASM_POWERPC_SECURITY_FEATURES_H +#define _ASM_POWERPC_SECURITY_FEATURES_H + + +extern unsigned long powerpc_security_features; + +static inline void security_ftr_set(unsigned long feature) +{ + powerpc_security_features |= feature; +} + +static inline void security_ftr_clear(unsigned long feature) +{ + powerpc_security_features &= ~feature; +} + +static inline bool security_ftr_enabled(unsigned long feature) +{ + return !!(powerpc_security_features & feature); +} + + +// Features indicating support for Spectre/Meltdown mitigations + +// The L1-D cache can be flushed with ori r30,r30,0 +#define SEC_FTR_L1D_FLUSH_ORI300x0001ull + +// The L1-D cache can be flushed with mtspr 882,r0 (aka SPRN_TRIG2) +#define SEC_FTR_L1D_FLUSH_TRIG20x0002ull + +// ori r31,r31,0 acts as a speculation barrier +#define SEC_FTR_SPEC_BAR_ORI31 0x0004ull + +// Speculation past bctr is disabled +#define SEC_FTR_BCCTRL_SERIALISED 0x0008ull + +// Entries in L1-D are private to a SMT thread +#define SEC_FTR_L1D_THREAD_PRIV0x0010ull + +// Indirect branch prediction cache disabled +#define SEC_FTR_COUNT_CACHE_DISABLED 0x0020ull + + +// Features indicating need for Spectre/Meltdown mitigations + +// The L1-D cache should be flushed on MSR[HV] 1->0 transition (hypervisor to guest) +#define SEC_FTR_L1D_FLUSH_HV 0x0040ull + +// The L1-D cache should be flushed on MSR[PR] 0->1 transition (kernel to userspace) +#define SEC_FTR_L1D_FLUSH_PR 0x0080ull + +// A speculation barrier should be used for bounds checks (Spectre variant 1) +#define SEC_FTR_BNDS_CHK_SPEC_BAR 0x0100ull + +// Firmware configuration indicates user favours security over performance +#define SEC_FTR_FAVOUR_SECURITY0x0200ull + +#endif /* _ASM_POWERPC_SECURITY_FEATURES_H */ --- a/arch/powerpc/kernel/Makefile +++ b/arch/powerpc/kernel/Makefile @@ -42,7 +42,7 @@ obj-$(CONFIG_VDSO32) += vdso32/ obj-$(CONFIG_PPC_WATCHDOG) += watchdog.o obj-$(CONFIG_HAVE_HW_BREAKPOINT) += hw_breakpoint.o obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_ppc970.o cpu_setup_pa6t.o -obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o +obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o security.o obj-$(CONFIG_PPC_BOOK3S_64)+= mce.o mce_power.o obj-$(CONFIG_PPC_BOOK3E_64)+= exceptions-64e.o idle_book3e.o obj-$(CONFIG_PPC64)+= vdso64/ --- /dev/null +++ b/arch/powerpc/kernel/security.c @@ -0,0 +1,15 @@ +// SPDX-License-Identifier: GPL-2.0+ +// +// Security related flags and so on. +// +//
[PATCH stable 4.16 02/14] powerpc: Add security feature flags for Spectre/Meltdown
commit 9a868f634349e62922c226834aa23e3d1329ae7f upstream. This commit adds security feature flags to reflect the settings we receive from firmware regarding Spectre/Meltdown mitigations. The feature names reflect the names we are given by firmware on bare metal machines. See the hostboot source for details. Arguably these could be firmware features, but that then requires them to be read early in boot so they're available prior to asm feature patching, but we don't actually want to use them for patching. We may also want to dynamically update them in future, which would be incompatible with the way firmware features work (at the moment at least). So for now just make them separate flags. Signed-off-by: Michael Ellerman --- arch/powerpc/include/asm/security_features.h | 65 arch/powerpc/kernel/Makefile | 2 +- arch/powerpc/kernel/security.c | 15 +++ 3 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 arch/powerpc/include/asm/security_features.h create mode 100644 arch/powerpc/kernel/security.c diff --git a/arch/powerpc/include/asm/security_features.h b/arch/powerpc/include/asm/security_features.h new file mode 100644 index ..db00ad2c72c2 --- /dev/null +++ b/arch/powerpc/include/asm/security_features.h @@ -0,0 +1,65 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Security related feature bit definitions. + * + * Copyright 2018, Michael Ellerman, IBM Corporation. + */ + +#ifndef _ASM_POWERPC_SECURITY_FEATURES_H +#define _ASM_POWERPC_SECURITY_FEATURES_H + + +extern unsigned long powerpc_security_features; + +static inline void security_ftr_set(unsigned long feature) +{ + powerpc_security_features |= feature; +} + +static inline void security_ftr_clear(unsigned long feature) +{ + powerpc_security_features &= ~feature; +} + +static inline bool security_ftr_enabled(unsigned long feature) +{ + return !!(powerpc_security_features & feature); +} + + +// Features indicating support for Spectre/Meltdown mitigations + +// The L1-D cache can be flushed with ori r30,r30,0 +#define SEC_FTR_L1D_FLUSH_ORI300x0001ull + +// The L1-D cache can be flushed with mtspr 882,r0 (aka SPRN_TRIG2) +#define SEC_FTR_L1D_FLUSH_TRIG20x0002ull + +// ori r31,r31,0 acts as a speculation barrier +#define SEC_FTR_SPEC_BAR_ORI31 0x0004ull + +// Speculation past bctr is disabled +#define SEC_FTR_BCCTRL_SERIALISED 0x0008ull + +// Entries in L1-D are private to a SMT thread +#define SEC_FTR_L1D_THREAD_PRIV0x0010ull + +// Indirect branch prediction cache disabled +#define SEC_FTR_COUNT_CACHE_DISABLED 0x0020ull + + +// Features indicating need for Spectre/Meltdown mitigations + +// The L1-D cache should be flushed on MSR[HV] 1->0 transition (hypervisor to guest) +#define SEC_FTR_L1D_FLUSH_HV 0x0040ull + +// The L1-D cache should be flushed on MSR[PR] 0->1 transition (kernel to userspace) +#define SEC_FTR_L1D_FLUSH_PR 0x0080ull + +// A speculation barrier should be used for bounds checks (Spectre variant 1) +#define SEC_FTR_BNDS_CHK_SPEC_BAR 0x0100ull + +// Firmware configuration indicates user favours security over performance +#define SEC_FTR_FAVOUR_SECURITY0x0200ull + +#endif /* _ASM_POWERPC_SECURITY_FEATURES_H */ diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile index 1b6bc7fba996..d458c45e5004 100644 --- a/arch/powerpc/kernel/Makefile +++ b/arch/powerpc/kernel/Makefile @@ -42,7 +42,7 @@ obj-$(CONFIG_VDSO32) += vdso32/ obj-$(CONFIG_PPC_WATCHDOG) += watchdog.o obj-$(CONFIG_HAVE_HW_BREAKPOINT) += hw_breakpoint.o obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_ppc970.o cpu_setup_pa6t.o -obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o +obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o security.o obj-$(CONFIG_PPC_BOOK3S_64)+= mce.o mce_power.o obj-$(CONFIG_PPC_BOOK3E_64)+= exceptions-64e.o idle_book3e.o obj-$(CONFIG_PPC64)+= vdso64/ diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c new file mode 100644 index ..4ccba00d224c --- /dev/null +++ b/arch/powerpc/kernel/security.c @@ -0,0 +1,15 @@ +// SPDX-License-Identifier: GPL-2.0+ +// +// Security related flags and so on. +// +// Copyright 2018, Michael Ellerman, IBM Corporation. + +#include +#include + + +unsigned long powerpc_security_features __read_mostly = \ + SEC_FTR_L1D_FLUSH_HV | \ + SEC_FTR_L1D_FLUSH_PR | \ + SEC_FTR_BNDS_CHK_SPEC_BAR | \ + SEC_FTR_FAVOUR_SECURITY; -- 2.14.1
Re: [v2, 01/10] powerpc: Add security feature flags for Spectre/Meltdown
On Tue, 2018-03-27 at 12:01:44 UTC, Michael Ellerman wrote: > This commit adds security feature flags to reflect the settings we > receive from firmware regarding Spectre/Meltdown mitigations. > > The feature names reflect the names we are given by firmware on bare > metal machines. See the hostboot source for details. > > Arguably these could be firmware features, but that then requires them > to be read early in boot so they're available prior to asm feature > patching, but we don't actually want to use them for patching. We may > also want to dynamically update them in future, which would be > incompatible with the way firmware features work (at the moment at > least). So for now just make them separate flags. > > Signed-off-by: Michael Ellerman Series applied to powerpc next. https://git.kernel.org/powerpc/c/9a868f634349e62922c226834aa23e cheers
Re: [PATCH v2 01/10] powerpc: Add security feature flags for Spectre/Meltdown
On Tue, Mar 27, 2018 at 11:01:44PM +1100, Michael Ellerman wrote: > This commit adds security feature flags to reflect the settings we > receive from firmware regarding Spectre/Meltdown mitigations. > > The feature names reflect the names we are given by firmware on bare > metal machines. See the hostboot source for details. > > Arguably these could be firmware features, but that then requires them > to be read early in boot so they're available prior to asm feature > patching, but we don't actually want to use them for patching. We may > also want to dynamically update them in future, which would be > incompatible with the way firmware features work (at the moment at > least). So for now just make them separate flags. > > Signed-off-by: Michael Ellerman > --- > arch/powerpc/include/asm/security_features.h | 65 > > arch/powerpc/kernel/Makefile | 2 +- > arch/powerpc/kernel/security.c | 15 +++ > 3 files changed, 81 insertions(+), 1 deletion(-) > create mode 100644 arch/powerpc/include/asm/security_features.h > create mode 100644 arch/powerpc/kernel/security.c > > > v2: Rebased on top of LPM changes. > > diff --git a/arch/powerpc/include/asm/security_features.h > b/arch/powerpc/include/asm/security_features.h > new file mode 100644 > index ..db00ad2c72c2 > --- /dev/null > +++ b/arch/powerpc/include/asm/security_features.h > @@ -0,0 +1,65 @@ > +/* SPDX-License-Identifier: GPL-2.0+ */ > +/* > + * Security related feature bit definitions. > + * > + * Copyright 2018, Michael Ellerman, IBM Corporation. > + */ > + > +#ifndef _ASM_POWERPC_SECURITY_FEATURES_H > +#define _ASM_POWERPC_SECURITY_FEATURES_H > + > + > +extern unsigned long powerpc_security_features; > + > +static inline void security_ftr_set(unsigned long feature) > +{ > + powerpc_security_features |= feature; > +} > + > +static inline void security_ftr_clear(unsigned long feature) > +{ > + powerpc_security_features &= ~feature; > +} > + > +static inline bool security_ftr_enabled(unsigned long feature) > +{ > + return !!(powerpc_security_features & feature); > +} > + > + > +// Features indicating support for Spectre/Meltdown mitigations > + > +// The L1-D cache can be flushed with ori r30,r30,0 > +#define SEC_FTR_L1D_FLUSH_ORI30 0x0001ull > + > +// The L1-D cache can be flushed with mtspr 882,r0 (aka SPRN_TRIG2) > +#define SEC_FTR_L1D_FLUSH_TRIG2 0x0002ull > + > +// ori r31,r31,0 acts as a speculation barrier > +#define SEC_FTR_SPEC_BAR_ORI31 0x0004ull > + > +// Speculation past bctr is disabled > +#define SEC_FTR_BCCTRL_SERIALISED0x0008ull Nitpicks: 1) bcctr or bcctrL ? 2) seraliaZe seems to be more popular than serialiSe in the kernel (1769 hits from "grep -ir serializ", 264 with the "s") Still needs to grep for both in any case, bummer! Gabriel > + > +// Entries in L1-D are private to a SMT thread > +#define SEC_FTR_L1D_THREAD_PRIV 0x0010ull > + > +// Indirect branch prediction cache disabled > +#define SEC_FTR_COUNT_CACHE_DISABLED 0x0020ull > + > + > +// Features indicating need for Spectre/Meltdown mitigations > + > +// The L1-D cache should be flushed on MSR[HV] 1->0 transition (hypervisor > to guest) > +#define SEC_FTR_L1D_FLUSH_HV 0x0040ull > + > +// The L1-D cache should be flushed on MSR[PR] 0->1 transition (kernel to > userspace) > +#define SEC_FTR_L1D_FLUSH_PR 0x0080ull > + > +// A speculation barrier should be used for bounds checks (Spectre variant 1) > +#define SEC_FTR_BNDS_CHK_SPEC_BAR0x0100ull > + > +// Firmware configuration indicates user favours security over performance > +#define SEC_FTR_FAVOUR_SECURITY 0x0200ull > + > +#endif /* _ASM_POWERPC_SECURITY_FEATURES_H */ > diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile > index 1b6bc7fba996..d458c45e5004 100644 > --- a/arch/powerpc/kernel/Makefile > +++ b/arch/powerpc/kernel/Makefile > @@ -42,7 +42,7 @@ obj-$(CONFIG_VDSO32)+= vdso32/ > obj-$(CONFIG_PPC_WATCHDOG) += watchdog.o > obj-$(CONFIG_HAVE_HW_BREAKPOINT) += hw_breakpoint.o > obj-$(CONFIG_PPC_BOOK3S_64) += cpu_setup_ppc970.o cpu_setup_pa6t.o > -obj-$(CONFIG_PPC_BOOK3S_64) += cpu_setup_power.o > +obj-$(CONFIG_PPC_BOOK3S_64) += cpu_setup_power.o security.o > obj-$(CONFIG_PPC_BOOK3S_64) += mce.o mce_power.o > obj-$(CONFIG_PPC_BOOK3E_64) += exceptions-64e.o idle_book3e.o > obj
[PATCH v2 01/10] powerpc: Add security feature flags for Spectre/Meltdown
This commit adds security feature flags to reflect the settings we receive from firmware regarding Spectre/Meltdown mitigations. The feature names reflect the names we are given by firmware on bare metal machines. See the hostboot source for details. Arguably these could be firmware features, but that then requires them to be read early in boot so they're available prior to asm feature patching, but we don't actually want to use them for patching. We may also want to dynamically update them in future, which would be incompatible with the way firmware features work (at the moment at least). So for now just make them separate flags. Signed-off-by: Michael Ellerman --- arch/powerpc/include/asm/security_features.h | 65 arch/powerpc/kernel/Makefile | 2 +- arch/powerpc/kernel/security.c | 15 +++ 3 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 arch/powerpc/include/asm/security_features.h create mode 100644 arch/powerpc/kernel/security.c v2: Rebased on top of LPM changes. diff --git a/arch/powerpc/include/asm/security_features.h b/arch/powerpc/include/asm/security_features.h new file mode 100644 index ..db00ad2c72c2 --- /dev/null +++ b/arch/powerpc/include/asm/security_features.h @@ -0,0 +1,65 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Security related feature bit definitions. + * + * Copyright 2018, Michael Ellerman, IBM Corporation. + */ + +#ifndef _ASM_POWERPC_SECURITY_FEATURES_H +#define _ASM_POWERPC_SECURITY_FEATURES_H + + +extern unsigned long powerpc_security_features; + +static inline void security_ftr_set(unsigned long feature) +{ + powerpc_security_features |= feature; +} + +static inline void security_ftr_clear(unsigned long feature) +{ + powerpc_security_features &= ~feature; +} + +static inline bool security_ftr_enabled(unsigned long feature) +{ + return !!(powerpc_security_features & feature); +} + + +// Features indicating support for Spectre/Meltdown mitigations + +// The L1-D cache can be flushed with ori r30,r30,0 +#define SEC_FTR_L1D_FLUSH_ORI300x0001ull + +// The L1-D cache can be flushed with mtspr 882,r0 (aka SPRN_TRIG2) +#define SEC_FTR_L1D_FLUSH_TRIG20x0002ull + +// ori r31,r31,0 acts as a speculation barrier +#define SEC_FTR_SPEC_BAR_ORI31 0x0004ull + +// Speculation past bctr is disabled +#define SEC_FTR_BCCTRL_SERIALISED 0x0008ull + +// Entries in L1-D are private to a SMT thread +#define SEC_FTR_L1D_THREAD_PRIV0x0010ull + +// Indirect branch prediction cache disabled +#define SEC_FTR_COUNT_CACHE_DISABLED 0x0020ull + + +// Features indicating need for Spectre/Meltdown mitigations + +// The L1-D cache should be flushed on MSR[HV] 1->0 transition (hypervisor to guest) +#define SEC_FTR_L1D_FLUSH_HV 0x0040ull + +// The L1-D cache should be flushed on MSR[PR] 0->1 transition (kernel to userspace) +#define SEC_FTR_L1D_FLUSH_PR 0x0080ull + +// A speculation barrier should be used for bounds checks (Spectre variant 1) +#define SEC_FTR_BNDS_CHK_SPEC_BAR 0x0100ull + +// Firmware configuration indicates user favours security over performance +#define SEC_FTR_FAVOUR_SECURITY0x0200ull + +#endif /* _ASM_POWERPC_SECURITY_FEATURES_H */ diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile index 1b6bc7fba996..d458c45e5004 100644 --- a/arch/powerpc/kernel/Makefile +++ b/arch/powerpc/kernel/Makefile @@ -42,7 +42,7 @@ obj-$(CONFIG_VDSO32) += vdso32/ obj-$(CONFIG_PPC_WATCHDOG) += watchdog.o obj-$(CONFIG_HAVE_HW_BREAKPOINT) += hw_breakpoint.o obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_ppc970.o cpu_setup_pa6t.o -obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o +obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o security.o obj-$(CONFIG_PPC_BOOK3S_64)+= mce.o mce_power.o obj-$(CONFIG_PPC_BOOK3E_64)+= exceptions-64e.o idle_book3e.o obj-$(CONFIG_PPC64)+= vdso64/ diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c new file mode 100644 index ..4ccba00d224c --- /dev/null +++ b/arch/powerpc/kernel/security.c @@ -0,0 +1,15 @@ +// SPDX-License-Identifier: GPL-2.0+ +// +// Security related flags and so on. +// +// Copyright 2018, Michael Ellerman, IBM Corporation. + +#include +#include + + +unsigned long powerpc_security_features __read_mostly = \ + SEC_FTR_L1D_FLUSH_HV | \ + SEC_FTR_L1D_FLUSH_PR | \ + SEC_FTR_BNDS_CHK_SPEC_BAR | \ + SEC_FTR_FAVOUR_SECURITY; -- 2.14.1
Re: [PATCH 01/10] powerpc: Add security feature flags for Spectre/Meltdown
Hi Michael, I love your patch! Yet something to improve: [auto build test ERROR on powerpc/next] [also build test ERROR on v4.16-rc7 next-20180326] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Michael-Ellerman/powerpc-Add-security-feature-flags-for-Spectre-Meltdown/20180327-041008 base: https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git next config: powerpc-g5_defconfig (attached as .config) compiler: powerpc64-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # save the attached .config to linux build tree make.cross ARCH=powerpc Note: the linux-review/Michael-Ellerman/powerpc-Add-security-feature-flags-for-Spectre-Meltdown/20180327-041008 HEAD 95772a19ac473c1aa27b1e5e038791da104b6a06 builds fine. It only hurts bisectibility. All errors (new ones prefixed by >>): In file included from arch/powerpc/kernel/security.c:7:0: >> arch/powerpc/include/asm/security_features.h:24:15: error: unknown type name >> 'bool' static inline bool security_ftr_enabled(unsigned long feature) ^~~~ >> arch/powerpc/kernel/security.c:10:41: error: expected '=', ',', ';', 'asm' >> or '__attribute__' before '__read_mostly' unsigned long powerpc_security_features __read_mostly = \ ^ vim +/bool +24 arch/powerpc/include/asm/security_features.h 23 > 24 static inline bool security_ftr_enabled(unsigned long feature) 25 { 26 return !!(powerpc_security_features & feature); 27 } 28 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
[PATCH 01/10] powerpc: Add security feature flags for Spectre/Meltdown
This commit adds security feature flags to reflect the settings we receive from firmware regarding Spectre/Meltdown mitigations. The feature names reflect the names we are given by firmware on bare metal machines. See the hostboot source for details. Arguably these could be firmware features, but that then requires them to be read early in boot so they're available prior to asm feature patching, but we don't actually want to use them for patching. We may also want to dynamically update them in future, which would be incompatible with the way firmware features work (at the moment at least). So for now just make them separate flags. Signed-off-by: Michael Ellerman --- arch/powerpc/include/asm/security_features.h | 65 arch/powerpc/kernel/Makefile | 2 +- arch/powerpc/kernel/security.c | 14 ++ 3 files changed, 80 insertions(+), 1 deletion(-) create mode 100644 arch/powerpc/include/asm/security_features.h create mode 100644 arch/powerpc/kernel/security.c diff --git a/arch/powerpc/include/asm/security_features.h b/arch/powerpc/include/asm/security_features.h new file mode 100644 index ..db00ad2c72c2 --- /dev/null +++ b/arch/powerpc/include/asm/security_features.h @@ -0,0 +1,65 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Security related feature bit definitions. + * + * Copyright 2018, Michael Ellerman, IBM Corporation. + */ + +#ifndef _ASM_POWERPC_SECURITY_FEATURES_H +#define _ASM_POWERPC_SECURITY_FEATURES_H + + +extern unsigned long powerpc_security_features; + +static inline void security_ftr_set(unsigned long feature) +{ + powerpc_security_features |= feature; +} + +static inline void security_ftr_clear(unsigned long feature) +{ + powerpc_security_features &= ~feature; +} + +static inline bool security_ftr_enabled(unsigned long feature) +{ + return !!(powerpc_security_features & feature); +} + + +// Features indicating support for Spectre/Meltdown mitigations + +// The L1-D cache can be flushed with ori r30,r30,0 +#define SEC_FTR_L1D_FLUSH_ORI300x0001ull + +// The L1-D cache can be flushed with mtspr 882,r0 (aka SPRN_TRIG2) +#define SEC_FTR_L1D_FLUSH_TRIG20x0002ull + +// ori r31,r31,0 acts as a speculation barrier +#define SEC_FTR_SPEC_BAR_ORI31 0x0004ull + +// Speculation past bctr is disabled +#define SEC_FTR_BCCTRL_SERIALISED 0x0008ull + +// Entries in L1-D are private to a SMT thread +#define SEC_FTR_L1D_THREAD_PRIV0x0010ull + +// Indirect branch prediction cache disabled +#define SEC_FTR_COUNT_CACHE_DISABLED 0x0020ull + + +// Features indicating need for Spectre/Meltdown mitigations + +// The L1-D cache should be flushed on MSR[HV] 1->0 transition (hypervisor to guest) +#define SEC_FTR_L1D_FLUSH_HV 0x0040ull + +// The L1-D cache should be flushed on MSR[PR] 0->1 transition (kernel to userspace) +#define SEC_FTR_L1D_FLUSH_PR 0x0080ull + +// A speculation barrier should be used for bounds checks (Spectre variant 1) +#define SEC_FTR_BNDS_CHK_SPEC_BAR 0x0100ull + +// Firmware configuration indicates user favours security over performance +#define SEC_FTR_FAVOUR_SECURITY0x0200ull + +#endif /* _ASM_POWERPC_SECURITY_FEATURES_H */ diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile index 1b6bc7fba996..d458c45e5004 100644 --- a/arch/powerpc/kernel/Makefile +++ b/arch/powerpc/kernel/Makefile @@ -42,7 +42,7 @@ obj-$(CONFIG_VDSO32) += vdso32/ obj-$(CONFIG_PPC_WATCHDOG) += watchdog.o obj-$(CONFIG_HAVE_HW_BREAKPOINT) += hw_breakpoint.o obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_ppc970.o cpu_setup_pa6t.o -obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o +obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o security.o obj-$(CONFIG_PPC_BOOK3S_64)+= mce.o mce_power.o obj-$(CONFIG_PPC_BOOK3E_64)+= exceptions-64e.o idle_book3e.o obj-$(CONFIG_PPC64)+= vdso64/ diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c new file mode 100644 index ..c62a5d7196e3 --- /dev/null +++ b/arch/powerpc/kernel/security.c @@ -0,0 +1,14 @@ +// SPDX-License-Identifier: GPL-2.0+ +// +// Security related flags and so on. +// +// Copyright 2018, Michael Ellerman, IBM Corporation. + +#include + + +unsigned long powerpc_security_features __read_mostly = \ + SEC_FTR_L1D_FLUSH_HV | \ + SEC_FTR_L1D_FLUSH_PR | \ + SEC_FTR_BNDS_CHK_SPEC_BAR | \ + SEC_FTR_FAVOUR_SECURITY; -- 2.14.1
Re: [RFC PATCH 1/6] powerpc: Add security feature flags for Spectre/Meltdown
Daniel Axtens writes: > Michael Ellerman writes: >> diff --git a/arch/powerpc/include/asm/security_features.h >> b/arch/powerpc/include/asm/security_features.h >> new file mode 100644 >> index ..3b690de8b0e8 >> --- /dev/null >> +++ b/arch/powerpc/include/asm/security_features.h >> @@ -0,0 +1,65 @@ ... >> +// Features indicating support for Spectre/Meltdown mitigations >> + >> +// The L1-D cache can be flushed with ori r30,r30,0 >> +#define SEC_FTR_L1D_FLUSH_ORI30 0x0001ull >> + >> +// The L1-D cache can be flushed with mtspr 882,r0 (aka SPRN_TRIG2ull > This looks like some sort of search-replace gone wrong? Sure is! Oops. Thanks for reviewing. cheers
Re: [RFC PATCH 1/6] powerpc: Add security feature flags for Spectre/Meltdown
Segher Boessenkool writes: > Hi! > > On Thu, Mar 01, 2018 at 01:53:11AM +1100, Michael Ellerman wrote: >> +// A speculation barrier should be used for bounds checks (Spectre variant >> 1ull > > s/1ull/1)/ ? Haha, oops. Thanks for spotting it. Result of replacing ASM_CONST(x) with xull. cheers
Re: [RFC PATCH 1/6] powerpc: Add security feature flags for Spectre/Meltdown
Michael Ellerman writes: > This commit adds security feature flags to reflect the settings we > receive from firmware regarding Spectre/Meltdown mitigations. > > The feature names reflect the names we are given by firmware on bare > metal machines. See the hostboot source for details. > > Arguably these could be firmware features, but that then requires them > to be read early in boot so they're available prior to asm feature > patching, but we don't actually want to use them for patching. We may > also want to dynamically update them in future, which would be > incompatible with the way firmware features work (at the moment at > least). So for now just make them separate flags. > > Signed-off-by: Michael Ellerman > --- > arch/powerpc/include/asm/security_features.h | 65 > > arch/powerpc/kernel/Makefile | 2 +- > arch/powerpc/kernel/security.c | 14 ++ > 3 files changed, 80 insertions(+), 1 deletion(-) > create mode 100644 arch/powerpc/include/asm/security_features.h > create mode 100644 arch/powerpc/kernel/security.c > > diff --git a/arch/powerpc/include/asm/security_features.h > b/arch/powerpc/include/asm/security_features.h > new file mode 100644 > index ..3b690de8b0e8 > --- /dev/null > +++ b/arch/powerpc/include/asm/security_features.h > @@ -0,0 +1,65 @@ > +/* SPDX-License-Identifier: GPL-2.0+ */ > +/* > + * Security related feature bit definitions. > + * > + * Copyright 2018, Michael Ellerman, IBM Corporation. > + */ > + > +#ifndef _ASM_POWERPC_SECURITY_FEATURES_H > +#define _ASM_POWERPC_SECURITY_FEATURES_H > + > + > +extern unsigned long powerpc_security_features; > + > +static inline void security_ftr_set(unsigned long feature) > +{ > + powerpc_security_features |= feature; > +} > + > +static inline void security_ftr_clear(unsigned long feature) > +{ > + powerpc_security_features &= ~feature; > +} > + > +static inline bool security_ftr_enabled(unsigned long feature) > +{ > + return !!(powerpc_security_features & feature); > +} > + > + > +// Features indicating support for Spectre/Meltdown mitigations > + > +// The L1-D cache can be flushed with ori r30,r30,0 > +#define SEC_FTR_L1D_FLUSH_ORI30 0x0001ull > + > +// The L1-D cache can be flushed with mtspr 882,r0 (aka SPRN_TRIG2ull This looks like some sort of search-replace gone wrong? > +#define SEC_FTR_L1D_FLUSH_TRIG2 0x0002ull > + > +// ori r31,r31,0 acts as a speculation barrier > +#define SEC_FTR_SPEC_BAR_ORI31 0x0004ull > + > +// Speculation past bctr is disabled > +#define SEC_FTR_BCCTRL_SERIALISED0x0008ull > + > +// Entries in L1-D are private to a SMT thread > +#define SEC_FTR_L1D_THREAD_PRIV 0x0010ull > + > +// Indirect branch prediction cache disabled > +#define SEC_FTR_COUNT_CACHE_DISABLED 0x0020ull > + > + > +// Features indicating need for Spectre/Meltdown mitigations > + > +// The L1-D cache should be flushed on MSR[HV] 1->0 transition (hypervisor > to guest) > +#define SEC_FTR_L1D_FLUSH_HV 0x0040ull > + > +// The L1-D cache should be flushed on MSR[PR] 0->1 transition (kernel to > userspace) > +#define SEC_FTR_L1D_FLUSH_PR 0x0080ull > + > +// A speculation barrier should be used for bounds checks (Spectre variant > 1ull Likewise here? --- Regards, Daniel > +#define SEC_FTR_BNDS_CHK_SPEC_BAR0x0100ull > + > +// Firmware configuration indicates user favours security over performance > +#define SEC_FTR_FAVOUR_SECURITY 0x0200ull > + > +#endif /* _ASM_POWERPC_SECURITY_FEATURES_H */ > diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile > index 1b6bc7fba996..d458c45e5004 100644 > --- a/arch/powerpc/kernel/Makefile > +++ b/arch/powerpc/kernel/Makefile > @@ -42,7 +42,7 @@ obj-$(CONFIG_VDSO32)+= vdso32/ > obj-$(CONFIG_PPC_WATCHDOG) += watchdog.o > obj-$(CONFIG_HAVE_HW_BREAKPOINT) += hw_breakpoint.o > obj-$(CONFIG_PPC_BOOK3S_64) += cpu_setup_ppc970.o cpu_setup_pa6t.o > -obj-$(CONFIG_PPC_BOOK3S_64) += cpu_setup_power.o > +obj-$(CONFIG_PPC_BOOK3S_64) += cpu_setup_power.o security.o > obj-$(CONFIG_PPC_BOOK3S_64) += mce.o mce_power.o > obj-$(CONFIG_PPC_BOOK3E_64) += exceptions-64e.o idle_book3e.o > obj-$(CONFIG_PPC64) += vdso64/ > diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c > new file mode 100644 > inde
Re: [RFC PATCH 1/6] powerpc: Add security feature flags for Spectre/Meltdown
Hi! On Thu, Mar 01, 2018 at 01:53:11AM +1100, Michael Ellerman wrote: > +// A speculation barrier should be used for bounds checks (Spectre variant > 1ull s/1ull/1)/ ? Segher
[RFC PATCH 1/6] powerpc: Add security feature flags for Spectre/Meltdown
This commit adds security feature flags to reflect the settings we receive from firmware regarding Spectre/Meltdown mitigations. The feature names reflect the names we are given by firmware on bare metal machines. See the hostboot source for details. Arguably these could be firmware features, but that then requires them to be read early in boot so they're available prior to asm feature patching, but we don't actually want to use them for patching. We may also want to dynamically update them in future, which would be incompatible with the way firmware features work (at the moment at least). So for now just make them separate flags. Signed-off-by: Michael Ellerman --- arch/powerpc/include/asm/security_features.h | 65 arch/powerpc/kernel/Makefile | 2 +- arch/powerpc/kernel/security.c | 14 ++ 3 files changed, 80 insertions(+), 1 deletion(-) create mode 100644 arch/powerpc/include/asm/security_features.h create mode 100644 arch/powerpc/kernel/security.c diff --git a/arch/powerpc/include/asm/security_features.h b/arch/powerpc/include/asm/security_features.h new file mode 100644 index ..3b690de8b0e8 --- /dev/null +++ b/arch/powerpc/include/asm/security_features.h @@ -0,0 +1,65 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Security related feature bit definitions. + * + * Copyright 2018, Michael Ellerman, IBM Corporation. + */ + +#ifndef _ASM_POWERPC_SECURITY_FEATURES_H +#define _ASM_POWERPC_SECURITY_FEATURES_H + + +extern unsigned long powerpc_security_features; + +static inline void security_ftr_set(unsigned long feature) +{ + powerpc_security_features |= feature; +} + +static inline void security_ftr_clear(unsigned long feature) +{ + powerpc_security_features &= ~feature; +} + +static inline bool security_ftr_enabled(unsigned long feature) +{ + return !!(powerpc_security_features & feature); +} + + +// Features indicating support for Spectre/Meltdown mitigations + +// The L1-D cache can be flushed with ori r30,r30,0 +#define SEC_FTR_L1D_FLUSH_ORI300x0001ull + +// The L1-D cache can be flushed with mtspr 882,r0 (aka SPRN_TRIG2ull +#define SEC_FTR_L1D_FLUSH_TRIG20x0002ull + +// ori r31,r31,0 acts as a speculation barrier +#define SEC_FTR_SPEC_BAR_ORI31 0x0004ull + +// Speculation past bctr is disabled +#define SEC_FTR_BCCTRL_SERIALISED 0x0008ull + +// Entries in L1-D are private to a SMT thread +#define SEC_FTR_L1D_THREAD_PRIV0x0010ull + +// Indirect branch prediction cache disabled +#define SEC_FTR_COUNT_CACHE_DISABLED 0x0020ull + + +// Features indicating need for Spectre/Meltdown mitigations + +// The L1-D cache should be flushed on MSR[HV] 1->0 transition (hypervisor to guest) +#define SEC_FTR_L1D_FLUSH_HV 0x0040ull + +// The L1-D cache should be flushed on MSR[PR] 0->1 transition (kernel to userspace) +#define SEC_FTR_L1D_FLUSH_PR 0x0080ull + +// A speculation barrier should be used for bounds checks (Spectre variant 1ull +#define SEC_FTR_BNDS_CHK_SPEC_BAR 0x0100ull + +// Firmware configuration indicates user favours security over performance +#define SEC_FTR_FAVOUR_SECURITY0x0200ull + +#endif /* _ASM_POWERPC_SECURITY_FEATURES_H */ diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile index 1b6bc7fba996..d458c45e5004 100644 --- a/arch/powerpc/kernel/Makefile +++ b/arch/powerpc/kernel/Makefile @@ -42,7 +42,7 @@ obj-$(CONFIG_VDSO32) += vdso32/ obj-$(CONFIG_PPC_WATCHDOG) += watchdog.o obj-$(CONFIG_HAVE_HW_BREAKPOINT) += hw_breakpoint.o obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_ppc970.o cpu_setup_pa6t.o -obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o +obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o security.o obj-$(CONFIG_PPC_BOOK3S_64)+= mce.o mce_power.o obj-$(CONFIG_PPC_BOOK3E_64)+= exceptions-64e.o idle_book3e.o obj-$(CONFIG_PPC64)+= vdso64/ diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c new file mode 100644 index ..c62a5d7196e3 --- /dev/null +++ b/arch/powerpc/kernel/security.c @@ -0,0 +1,14 @@ +// SPDX-License-Identifier: GPL-2.0+ +// +// Security related flags and so on. +// +// Copyright 2018, Michael Ellerman, IBM Corporation. + +#include + + +unsigned long powerpc_security_features __read_mostly = \ + SEC_FTR_L1D_FLUSH_HV | \ + SEC_FTR_L1D_FLUSH_PR | \ + SEC_FTR_BNDS_CHK_SPEC_BAR | \ + SEC_FTR_FAVOUR_SECURITY; -- 2.14.1
Re: Spectre+Meltdown
On Mon, Jan 8, 2018 at 2:17 AM, Christian Zigotzky wrote: > Hi All, > > Thanks a lot for your replies. > > @NXP developers: Could you please tell us some information? We have done some investigation but it is not ready to be published yet. You can get more information from your support channel right now. > > Thanks, > Christian > > > > On 08 January 2018 at 02:14AM, Michal Suchanek wrote: >> >> On 7 January 2018 at 19:54, Olof Johansson wrote: >>> >>> On Sun, Jan 7, 2018 at 5:04 AM, Christian Zigotzky >>> wrote: Hello Michael, Thanks for your reply. We are using P.A. Semi and Freescale CPUs. @Olof Do you have some infos for us? >>> >>> I'm low on spare time to experiment and explore what might be exposed >>> or not, and I no longer have any proprietary microarchitecture >>> documentation of the core. >>> >>> I suggest reaching out to your supplier of the silicon for commercial >>> support and information, or just going with what I'm sure will be >>> architecturally generic solutions to the problem when IBM has them >>> ready. >> >> The solution for IBM POWER involves patching the firmware as well as >> Linux. Without knowledge of the architecture specifics it is not >> possible to tell if other cores are affected and if the measures >> implemented by IBM can be used. In fact they probably rely on >> 64s-specific instructions and are in part implemented in 64s-specific >> assembly files. >> >> So this will not work without support for the specific core either by >> the vendor or somebody who has knowledge of the architecture details. >> >> Thanks >> >> Michal >> >
Spectre+Meltdown
Hi All, Thanks a lot for your replies. @NXP developers: Could you please tell us some information? Thanks, Christian On 08 January 2018 at 02:14AM, Michal Suchanek wrote: On 7 January 2018 at 19:54, Olof Johansson wrote: On Sun, Jan 7, 2018 at 5:04 AM, Christian Zigotzky wrote: Hello Michael, Thanks for your reply. We are using P.A. Semi and Freescale CPUs. @Olof Do you have some infos for us? I'm low on spare time to experiment and explore what might be exposed or not, and I no longer have any proprietary microarchitecture documentation of the core. I suggest reaching out to your supplier of the silicon for commercial support and information, or just going with what I'm sure will be architecturally generic solutions to the problem when IBM has them ready. The solution for IBM POWER involves patching the firmware as well as Linux. Without knowledge of the architecture specifics it is not possible to tell if other cores are affected and if the measures implemented by IBM can be used. In fact they probably rely on 64s-specific instructions and are in part implemented in 64s-specific assembly files. So this will not work without support for the specific core either by the vendor or somebody who has knowledge of the architecture details. Thanks Michal
Re: Spectre+Meltdown
On 7 January 2018 at 19:54, Olof Johansson wrote: > On Sun, Jan 7, 2018 at 5:04 AM, Christian Zigotzky > wrote: >> Hello Michael, >> >> Thanks for your reply. We are using P.A. Semi and Freescale CPUs. >> >> @Olof >> Do you have some infos for us? > > I'm low on spare time to experiment and explore what might be exposed > or not, and I no longer have any proprietary microarchitecture > documentation of the core. > > I suggest reaching out to your supplier of the silicon for commercial > support and information, or just going with what I'm sure will be > architecturally generic solutions to the problem when IBM has them > ready. The solution for IBM POWER involves patching the firmware as well as Linux. Without knowledge of the architecture specifics it is not possible to tell if other cores are affected and if the measures implemented by IBM can be used. In fact they probably rely on 64s-specific instructions and are in part implemented in 64s-specific assembly files. So this will not work without support for the specific core either by the vendor or somebody who has knowledge of the architecture details. Thanks Michal
Re: Spectre+Meltdown
On Sun, Jan 7, 2018 at 5:04 AM, Christian Zigotzky wrote: > Hello Michael, > > Thanks for your reply. We are using P.A. Semi and Freescale CPUs. > > @Olof > Do you have some infos for us? I'm low on spare time to experiment and explore what might be exposed or not, and I no longer have any proprietary microarchitecture documentation of the core. I suggest reaching out to your supplier of the silicon for commercial support and information, or just going with what I'm sure will be architecturally generic solutions to the problem when IBM has them ready. -Olof
Spectre+Meltdown
Hello Michael, Thanks for your reply. We are using P.A. Semi and Freescale CPUs. @Olof Do you have some infos for us? Thanks, Christian On 06/01/18 10:34, Michael Ellerman wrote: Christian Zigotzky writes: Hi All, Do we have some information regarding Spectre+Meltdown for our users? It could be that we have some security issues in our PowerPC CPUs. There's a statement from IBM here: https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/ I think you're mostly using pasemi CPUs right? I don't have any information on them, and obviously it's going to be hard to find anyone who might know. You might be best finding a proof of concept somewhere and actually testing it. cheers
Re: Spectre+Meltdown
Christian Zigotzky writes: > Hi All, > > Do we have some information regarding Spectre+Meltdown for our users? > > It could be that we have some security issues in our PowerPC CPUs. There's a statement from IBM here: https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/ I think you're mostly using pasemi CPUs right? I don't have any information on them, and obviously it's going to be hard to find anyone who might know. You might be best finding a proof of concept somewhere and actually testing it. cheers
Re: Spectre+Meltdown
Hello, On Thu, 4 Jan 2018 16:09:34 +0100 Christian Zigotzky wrote: > Hi All, > > Do we have some information regarding Spectre+Meltdown for our users? > > It could be that we have some security issues in our PowerPC CPUs. > > Links: > > https://www.phoronix.com/scan.php?page=news_item&px=Linux-Kernel-Retpoline-Patches > > https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-EPYC-Linux-4.15-Test > Since the vulnerability details were disclosed already you should see patches addressing it in your local kernel git repository. AFAICT some patches for preventing speculative execution in some random parts of the kernel as well as adding an extra flush when returning from kernel to userspace are applicable to powerpc. I am not familiar with all the details so you are free to investigate the code for yourself or fish some article from someone who really knows what the thing is all about and how it affects powerpc in particular. Thanks Michal
Spectre+Meltdown
Hi All, Do we have some information regarding Spectre+Meltdown for our users? It could be that we have some security issues in our PowerPC CPUs. Links: https://www.phoronix.com/scan.php?page=news_item&px=Linux-Kernel-Retpoline-Patches https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-EPYC-Linux-4.15-Test Thanks, Christian Sent from my iPhone