* [PATCH][v2] powerpc: Set right value of Speculation_Store_Bypass in /proc/<pid>/status
@ 2019-11-23 23:02 ` Gustavo Walbon
0 siblings, 0 replies; 4+ messages in thread
From: Gustavo Walbon @ 2019-11-23 23:02 UTC (permalink / raw)
To: linuxppc-dev
Cc: benh, paulus, mpe, diana.craciun, gwalbon, jkosina, jpoimboe,
geert+renesas, cmr, yuehaibing, linux-kernel, maurosr
The issue has showed the value of status of Speculation_Store_Bypass in the
/proc/<pid>/status as `unknown` for PowerPC systems.
The patch fix the checking of the mitigation status of Speculation, and
can be reported as "not vulnerable", "globally mitigated" or "vulnerable".
Link: https://github.com/linuxppc/issues/issues/255
Changelog:
Rebase on v5.4-rc8
Signed-off-by: Gustavo Walbon <gwalbon@linux.ibm.com>
---
arch/powerpc/kernel/security.c | 25 ++++++++++++++++++++++++-
1 file changed, 24 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
index 7d4b2080a658..04e566026bbc 100644
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -14,7 +14,7 @@
#include <asm/debugfs.h>
#include <asm/security_features.h>
#include <asm/setup.h>
-
+#include <linux/prctl.h>
u64 powerpc_security_features __read_mostly = SEC_FTR_DEFAULT;
@@ -344,6 +344,29 @@ ssize_t cpu_show_spec_store_bypass(struct device *dev, struct device_attribute *
return sprintf(buf, "Vulnerable\n");
}
+static int ssb_prctl_get(struct task_struct *task)
+{
+ if (stf_barrier) {
+ if (stf_enabled_flush_types == STF_BARRIER_NONE)
+ return PR_SPEC_NOT_AFFECTED;
+ else
+ return PR_SPEC_DISABLE;
+ } else
+ return PR_SPEC_DISABLE_NOEXEC;
+
+ return -EINVAL;
+}
+
+int arch_prctl_spec_ctrl_get(struct task_struct *task, unsigned long which)
+{
+ switch (which) {
+ case PR_SPEC_STORE_BYPASS:
+ return ssb_prctl_get(task);
+ default:
+ return -ENODEV;
+ }
+}
+
#ifdef CONFIG_DEBUG_FS
static int stf_barrier_set(void *data, u64 val)
{
--
2.19.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH][v2] powerpc: Set right value of Speculation_Store_Bypass in /proc/<pid>/status
@ 2019-11-23 23:02 ` Gustavo Walbon
0 siblings, 0 replies; 4+ messages in thread
From: Gustavo Walbon @ 2019-11-23 23:02 UTC (permalink / raw)
To: linuxppc-dev
Cc: cmr, geert+renesas, gwalbon, jpoimboe, yuehaibing, linux-kernel,
diana.craciun, paulus, jkosina, maurosr
The issue has showed the value of status of Speculation_Store_Bypass in the
/proc/<pid>/status as `unknown` for PowerPC systems.
The patch fix the checking of the mitigation status of Speculation, and
can be reported as "not vulnerable", "globally mitigated" or "vulnerable".
Link: https://github.com/linuxppc/issues/issues/255
Changelog:
Rebase on v5.4-rc8
Signed-off-by: Gustavo Walbon <gwalbon@linux.ibm.com>
---
arch/powerpc/kernel/security.c | 25 ++++++++++++++++++++++++-
1 file changed, 24 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
index 7d4b2080a658..04e566026bbc 100644
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -14,7 +14,7 @@
#include <asm/debugfs.h>
#include <asm/security_features.h>
#include <asm/setup.h>
-
+#include <linux/prctl.h>
u64 powerpc_security_features __read_mostly = SEC_FTR_DEFAULT;
@@ -344,6 +344,29 @@ ssize_t cpu_show_spec_store_bypass(struct device *dev, struct device_attribute *
return sprintf(buf, "Vulnerable\n");
}
+static int ssb_prctl_get(struct task_struct *task)
+{
+ if (stf_barrier) {
+ if (stf_enabled_flush_types == STF_BARRIER_NONE)
+ return PR_SPEC_NOT_AFFECTED;
+ else
+ return PR_SPEC_DISABLE;
+ } else
+ return PR_SPEC_DISABLE_NOEXEC;
+
+ return -EINVAL;
+}
+
+int arch_prctl_spec_ctrl_get(struct task_struct *task, unsigned long which)
+{
+ switch (which) {
+ case PR_SPEC_STORE_BYPASS:
+ return ssb_prctl_get(task);
+ default:
+ return -ENODEV;
+ }
+}
+
#ifdef CONFIG_DEBUG_FS
static int stf_barrier_set(void *data, u64 val)
{
--
2.19.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH][v2] powerpc: Set right value of Speculation_Store_Bypass in /proc/<pid>/status
2019-11-23 23:02 ` Gustavo Walbon
@ 2019-11-26 2:28 ` Michael Ellerman
-1 siblings, 0 replies; 4+ messages in thread
From: Michael Ellerman @ 2019-11-26 2:28 UTC (permalink / raw)
To: Gustavo Walbon, linuxppc-dev
Cc: benh, paulus, diana.craciun, gwalbon, jkosina, jpoimboe,
geert+renesas, cmr, yuehaibing, linux-kernel, maurosr
Gustavo Walbon <gwalbon@linux.ibm.com> writes:
> The issue has showed the value of status of Speculation_Store_Bypass in the
> /proc/<pid>/status as `unknown` for PowerPC systems.
>
> The patch fix the checking of the mitigation status of Speculation, and
> can be reported as "not vulnerable", "globally mitigated" or "vulnerable".
>
> Link: https://github.com/linuxppc/issues/issues/255
>
> Changelog:
> Rebase on v5.4-rc8
>
> Signed-off-by: Gustavo Walbon <gwalbon@linux.ibm.com>
> ---
> arch/powerpc/kernel/security.c | 25 ++++++++++++++++++++++++-
> 1 file changed, 24 insertions(+), 1 deletion(-)
On further thoughts I don't think this logic (which I suggested) is
right >:(
I commented on the issue:
I think my original suggestion on this was wrong.
Our mitigation is not global, ie. it's a barrier that must be used in
the right location. We have kernel code to insert the barrier on
kernel entry/exit, but that doesn't protect userspace against itself
(ie. sandboxes).
There's no way to express that with the current values as far as I can
see.
I think all we can do for now is:
if stf_enabled_flush_types == STF_BARRIER_NONE:
return PR_SPEC_NOT_AFFECTED // "not vulnerable"
else
return PR_SPEC_ENABLE // "vulnerable"
To express the situation properly we'd need another value, something
like PR_SPEC_MITIGATION_AVAILABLE (??) which says that there is a
mitigation available but it must be used. That still has the problem
that it doesn't tell userspace what the mitigation is, userspace would
have to know.
cheers
> diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
> index 7d4b2080a658..04e566026bbc 100644
> --- a/arch/powerpc/kernel/security.c
> +++ b/arch/powerpc/kernel/security.c
> @@ -14,7 +14,7 @@
> #include <asm/debugfs.h>
> #include <asm/security_features.h>
> #include <asm/setup.h>
> -
> +#include <linux/prctl.h>
>
> u64 powerpc_security_features __read_mostly = SEC_FTR_DEFAULT;
>
> @@ -344,6 +344,29 @@ ssize_t cpu_show_spec_store_bypass(struct device *dev, struct device_attribute *
> return sprintf(buf, "Vulnerable\n");
> }
>
> +static int ssb_prctl_get(struct task_struct *task)
> +{
> + if (stf_barrier) {
> + if (stf_enabled_flush_types == STF_BARRIER_NONE)
> + return PR_SPEC_NOT_AFFECTED;
> + else
> + return PR_SPEC_DISABLE;
> + } else
> + return PR_SPEC_DISABLE_NOEXEC;
> +
> + return -EINVAL;
> +}
> +
> +int arch_prctl_spec_ctrl_get(struct task_struct *task, unsigned long which)
> +{
> + switch (which) {
> + case PR_SPEC_STORE_BYPASS:
> + return ssb_prctl_get(task);
> + default:
> + return -ENODEV;
> + }
> +}
> +
> #ifdef CONFIG_DEBUG_FS
> static int stf_barrier_set(void *data, u64 val)
> {
> --
> 2.19.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH][v2] powerpc: Set right value of Speculation_Store_Bypass in /proc/<pid>/status
@ 2019-11-26 2:28 ` Michael Ellerman
0 siblings, 0 replies; 4+ messages in thread
From: Michael Ellerman @ 2019-11-26 2:28 UTC (permalink / raw)
To: Gustavo Walbon, linuxppc-dev
Cc: geert+renesas, jkosina, gwalbon, cmr, yuehaibing, linux-kernel,
diana.craciun, paulus, jpoimboe, maurosr
Gustavo Walbon <gwalbon@linux.ibm.com> writes:
> The issue has showed the value of status of Speculation_Store_Bypass in the
> /proc/<pid>/status as `unknown` for PowerPC systems.
>
> The patch fix the checking of the mitigation status of Speculation, and
> can be reported as "not vulnerable", "globally mitigated" or "vulnerable".
>
> Link: https://github.com/linuxppc/issues/issues/255
>
> Changelog:
> Rebase on v5.4-rc8
>
> Signed-off-by: Gustavo Walbon <gwalbon@linux.ibm.com>
> ---
> arch/powerpc/kernel/security.c | 25 ++++++++++++++++++++++++-
> 1 file changed, 24 insertions(+), 1 deletion(-)
On further thoughts I don't think this logic (which I suggested) is
right >:(
I commented on the issue:
I think my original suggestion on this was wrong.
Our mitigation is not global, ie. it's a barrier that must be used in
the right location. We have kernel code to insert the barrier on
kernel entry/exit, but that doesn't protect userspace against itself
(ie. sandboxes).
There's no way to express that with the current values as far as I can
see.
I think all we can do for now is:
if stf_enabled_flush_types == STF_BARRIER_NONE:
return PR_SPEC_NOT_AFFECTED // "not vulnerable"
else
return PR_SPEC_ENABLE // "vulnerable"
To express the situation properly we'd need another value, something
like PR_SPEC_MITIGATION_AVAILABLE (??) which says that there is a
mitigation available but it must be used. That still has the problem
that it doesn't tell userspace what the mitigation is, userspace would
have to know.
cheers
> diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
> index 7d4b2080a658..04e566026bbc 100644
> --- a/arch/powerpc/kernel/security.c
> +++ b/arch/powerpc/kernel/security.c
> @@ -14,7 +14,7 @@
> #include <asm/debugfs.h>
> #include <asm/security_features.h>
> #include <asm/setup.h>
> -
> +#include <linux/prctl.h>
>
> u64 powerpc_security_features __read_mostly = SEC_FTR_DEFAULT;
>
> @@ -344,6 +344,29 @@ ssize_t cpu_show_spec_store_bypass(struct device *dev, struct device_attribute *
> return sprintf(buf, "Vulnerable\n");
> }
>
> +static int ssb_prctl_get(struct task_struct *task)
> +{
> + if (stf_barrier) {
> + if (stf_enabled_flush_types == STF_BARRIER_NONE)
> + return PR_SPEC_NOT_AFFECTED;
> + else
> + return PR_SPEC_DISABLE;
> + } else
> + return PR_SPEC_DISABLE_NOEXEC;
> +
> + return -EINVAL;
> +}
> +
> +int arch_prctl_spec_ctrl_get(struct task_struct *task, unsigned long which)
> +{
> + switch (which) {
> + case PR_SPEC_STORE_BYPASS:
> + return ssb_prctl_get(task);
> + default:
> + return -ENODEV;
> + }
> +}
> +
> #ifdef CONFIG_DEBUG_FS
> static int stf_barrier_set(void *data, u64 val)
> {
> --
> 2.19.1
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-11-26 2:30 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-23 23:02 [PATCH][v2] powerpc: Set right value of Speculation_Store_Bypass in /proc/<pid>/status Gustavo Walbon
2019-11-23 23:02 ` Gustavo Walbon
2019-11-26 2:28 ` Michael Ellerman
2019-11-26 2:28 ` Michael Ellerman
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.