From: Michael Ellerman <mpe@ellerman.id.au>
To: greg@kroah.com
Cc: stable@vger.kernel.org, tglx@linutronix.de, linuxppc-dev@ozlabs.org
Subject: [PATCH stable 4.14 20/23] powerpc: Move default security feature flags
Date: Fri, 25 May 2018 20:09:51 +1000 [thread overview]
Message-ID: <20180525100954.31599-21-mpe@ellerman.id.au> (raw)
In-Reply-To: <20180525100954.31599-1-mpe@ellerman.id.au>
From: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
This moves the definition of the default security feature flags
(i.e., enabled by default) closer to the security feature flags.
This can be used to restore current flags to the default flags.
Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
(cherry picked from commit e7347a86830f38dc3e40c8f7e28c04412b12a2e7)
---
arch/powerpc/include/asm/security_features.h | 8 ++++++++
arch/powerpc/kernel/security.c | 7 +------
2 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/arch/powerpc/include/asm/security_features.h b/arch/powerpc/include/asm/security_features.h
index 400a9050e035..fa4d2e1cf772 100644
--- a/arch/powerpc/include/asm/security_features.h
+++ b/arch/powerpc/include/asm/security_features.h
@@ -63,4 +63,12 @@ static inline bool security_ftr_enabled(unsigned long feature)
// Firmware configuration indicates user favours security over performance
#define SEC_FTR_FAVOUR_SECURITY 0x0000000000000200ull
+
+// Features enabled by default
+#define SEC_FTR_DEFAULT \
+ (SEC_FTR_L1D_FLUSH_HV | \
+ SEC_FTR_L1D_FLUSH_PR | \
+ SEC_FTR_BNDS_CHK_SPEC_BAR | \
+ SEC_FTR_FAVOUR_SECURITY)
+
#endif /* _ASM_POWERPC_SECURITY_FEATURES_H */
diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
index 2cee3dcd231b..bab5a27ea805 100644
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -11,12 +11,7 @@
#include <asm/security_features.h>
-unsigned long powerpc_security_features __read_mostly = \
- SEC_FTR_L1D_FLUSH_HV | \
- SEC_FTR_L1D_FLUSH_PR | \
- SEC_FTR_BNDS_CHK_SPEC_BAR | \
- SEC_FTR_FAVOUR_SECURITY;
-
+unsigned long powerpc_security_features __read_mostly = SEC_FTR_DEFAULT;
ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf)
{
--
2.14.1
next prev parent reply other threads:[~2018-05-25 10:10 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-25 10:09 [PATCH stable 4.14 00/23] powerpc backports for 4.14 Michael Ellerman
2018-05-25 10:09 ` [PATCH stable 4.14 01/23] powerpc/64s: Improve RFI L1-D cache flush fallback Michael Ellerman
2018-05-25 10:09 ` [PATCH stable 4.14 02/23] powerpc/pseries: Support firmware disable of RFI flush Michael Ellerman
2018-05-25 10:09 ` [PATCH stable 4.14 03/23] powerpc/powernv: " Michael Ellerman
2018-05-25 10:09 ` [PATCH stable 4.14 04/23] powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code Michael Ellerman
2018-05-25 10:09 ` [PATCH stable 4.14 05/23] powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again Michael Ellerman
2018-05-25 10:09 ` [PATCH stable 4.14 06/23] powerpc/rfi-flush: Always enable fallback flush on pseries Michael Ellerman
2018-05-25 10:09 ` [PATCH stable 4.14 07/23] powerpc/rfi-flush: Differentiate enabled and patched flush types Michael Ellerman
2018-05-25 10:09 ` [PATCH stable 4.14 08/23] powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration Michael Ellerman
2018-05-25 10:09 ` [PATCH stable 4.14 09/23] powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags Michael Ellerman
2018-05-25 10:09 ` [PATCH stable 4.14 10/23] powerpc: Add security feature flags for Spectre/Meltdown Michael Ellerman
2018-05-25 10:09 ` [PATCH stable 4.14 11/23] powerpc/pseries: Set or clear security feature flags Michael Ellerman
2018-05-25 10:09 ` [PATCH stable 4.14 12/23] powerpc/powernv: " Michael Ellerman
2018-05-25 10:09 ` [PATCH stable 4.14 13/23] powerpc/64s: Move cpu_show_meltdown() Michael Ellerman
2018-05-25 10:09 ` [PATCH stable 4.14 14/23] powerpc/64s: Enhance the information in cpu_show_meltdown() Michael Ellerman
2018-05-25 10:09 ` [PATCH stable 4.14 15/23] powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() Michael Ellerman
2018-05-25 10:09 ` [PATCH stable 4.14 16/23] powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() Michael Ellerman
2018-05-25 10:09 ` [PATCH stable 4.14 17/23] powerpc/64s: Wire up cpu_show_spectre_v1() Michael Ellerman
2018-05-25 10:09 ` [PATCH stable 4.14 18/23] powerpc/64s: Wire up cpu_show_spectre_v2() Michael Ellerman
2018-05-25 10:09 ` [PATCH stable 4.14 19/23] powerpc/pseries: Fix clearing of security feature flags Michael Ellerman
2018-05-25 10:09 ` Michael Ellerman [this message]
2018-05-25 10:09 ` [PATCH stable 4.14 21/23] powerpc/pseries: Restore default security feature flags on setup Michael Ellerman
2018-05-25 10:09 ` [PATCH stable 4.14 22/23] powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() Michael Ellerman
2018-05-25 10:09 ` [PATCH stable 4.14 23/23] powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit Michael Ellerman
2018-05-25 11:03 ` [PATCH stable 4.14 00/23] powerpc backports for 4.14 Michael Ellerman
2018-05-25 11:26 ` Greg KH
2018-05-26 4:41 ` Michael Ellerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180525100954.31599-21-mpe@ellerman.id.au \
--to=mpe@ellerman.id.au \
--cc=greg@kroah.com \
--cc=linuxppc-dev@ozlabs.org \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).