* [PATCH] Fix wrong message when RFI Flush is disable
@ 2019-05-02 21:09 Gustavo Walbon
2019-11-14 9:07 ` Michael Ellerman
0 siblings, 1 reply; 3+ messages in thread
From: Gustavo Walbon @ 2019-05-02 21:09 UTC (permalink / raw)
To: linuxppc-dev
Cc: gwalbon, maurosr, benh, paulus, mpe, diana.craciun, msuchanek,
mikey, npiggin, leitao, linux-kernel
From: "Gustavo L. F. Walbon" <gwalbon@linux.ibm.com>
The issue was showing "Mitigation" message via sysfs whatever the state of
"RFI Flush", but it should show "Vulnerable" when it is disabled.
If you have "L1D private" feature enabled and not "RFI Flush" you are
vulnerable to meltdown attacks.
"RFI Flush" is the key feature to mitigate the meltdown whatever the
"L1D private" state.
SEC_FTR_L1D_THREAD_PRIV is a feature for Power9 only.
So the message should be as the truth table shows.
CPU | L1D private | RFI Flush | sysfs |
----| ----------- | --------- | ------------------------------------- |
P9 | False | False | Vulnerable
P9 | False | True | Mitigation: RFI Flush
P9 | True | False | Vulnerable: L1D private per thread
P9 | True | True | Mitigation: RFI Flush, L1D private per
| | | thread
P8 | False | False | Vulnerable
P8 | False | True | Mitigation: RFI Flush
Output before this fix:
# cat /sys/devices/system/cpu/vulnerabilities/meltdown
Mitigation: RFI Flush, L1D private per thread
# echo 0 > /sys/kernel/debug/powerpc/rfi_flush
# cat /sys/devices/system/cpu/vulnerabilities/meltdown
Mitigation: L1D private per thread
Output after fix:
# cat /sys/devices/system/cpu/vulnerabilities/meltdown
Mitigation: RFI Flush, L1D private per thread
# echo 0 > /sys/kernel/debug/powerpc/rfi_flush
# cat /sys/devices/system/cpu/vulnerabilities/meltdown
Vulnerable: L1D private per thread
Link: https://github.com/linuxppc/issues/issues/243
Signed-off-by: Gustavo L. F. Walbon <gwalbon@linux.ibm.com>
Signed-off-by: Mauro S. M. Rodrigues <maurosr@linux.vnet.ibm.com>
---
arch/powerpc/kernel/security.c | 16 ++++++----------
1 file changed, 6 insertions(+), 10 deletions(-)
diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
index b33bafb8fcea..e08b81ef43b8 100644
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -130,26 +130,22 @@ ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, cha
thread_priv = security_ftr_enabled(SEC_FTR_L1D_THREAD_PRIV);
- if (rfi_flush || thread_priv) {
+ if (rfi_flush) {
struct seq_buf s;
seq_buf_init(&s, buf, PAGE_SIZE - 1);
- seq_buf_printf(&s, "Mitigation: ");
-
- if (rfi_flush)
- seq_buf_printf(&s, "RFI Flush");
-
- if (rfi_flush && thread_priv)
- seq_buf_printf(&s, ", ");
-
+ seq_buf_printf(&s, "Mitigation: RFI Flush");
if (thread_priv)
- seq_buf_printf(&s, "L1D private per thread");
+ seq_buf_printf(&s, ", L1D private per thread");
seq_buf_printf(&s, "\n");
return s.len;
}
+ if (thread_priv)
+ return sprintf(buf, "Vulnerable: L1D private per thread\n");
+
if (!security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV) &&
!security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR))
return sprintf(buf, "Not affected\n");
--
2.19.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] Fix wrong message when RFI Flush is disable
2019-05-02 21:09 [PATCH] Fix wrong message when RFI Flush is disable Gustavo Walbon
@ 2019-11-14 9:07 ` Michael Ellerman
2019-11-14 9:31 ` Michal Suchánek
0 siblings, 1 reply; 3+ messages in thread
From: Michael Ellerman @ 2019-11-14 9:07 UTC (permalink / raw)
To: Gustavo Walbon, linuxppc-dev
Cc: mikey, maurosr, linux-kernel, npiggin, diana.craciun, paulus,
leitao, msuchanek, gwalbon
On Thu, 2019-05-02 at 21:09:07 UTC, Gustavo Walbon wrote:
> From: "Gustavo L. F. Walbon" <gwalbon@linux.ibm.com>
>
> The issue was showing "Mitigation" message via sysfs whatever the state of
> "RFI Flush", but it should show "Vulnerable" when it is disabled.
>
> If you have "L1D private" feature enabled and not "RFI Flush" you are
> vulnerable to meltdown attacks.
>
> "RFI Flush" is the key feature to mitigate the meltdown whatever the
> "L1D private" state.
>
> SEC_FTR_L1D_THREAD_PRIV is a feature for Power9 only.
>
> So the message should be as the truth table shows.
> CPU | L1D private | RFI Flush | sysfs |
> ----| ----------- | --------- | ------------------------------------- |
> P9 | False | False | Vulnerable
> P9 | False | True | Mitigation: RFI Flush
> P9 | True | False | Vulnerable: L1D private per thread
> P9 | True | True | Mitigation: RFI Flush, L1D private per
> | | | thread
> P8 | False | False | Vulnerable
> P8 | False | True | Mitigation: RFI Flush
>
> Output before this fix:
> # cat /sys/devices/system/cpu/vulnerabilities/meltdown
> Mitigation: RFI Flush, L1D private per thread
> # echo 0 > /sys/kernel/debug/powerpc/rfi_flush
> # cat /sys/devices/system/cpu/vulnerabilities/meltdown
> Mitigation: L1D private per thread
>
> Output after fix:
> # cat /sys/devices/system/cpu/vulnerabilities/meltdown
> Mitigation: RFI Flush, L1D private per thread
> # echo 0 > /sys/kernel/debug/powerpc/rfi_flush
> # cat /sys/devices/system/cpu/vulnerabilities/meltdown
> Vulnerable: L1D private per thread
>
> Link: https://github.com/linuxppc/issues/issues/243
>
> Signed-off-by: Gustavo L. F. Walbon <gwalbon@linux.ibm.com>
> Signed-off-by: Mauro S. M. Rodrigues <maurosr@linux.vnet.ibm.com>
Applied to powerpc next, thanks.
https://git.kernel.org/powerpc/c/4e706af3cd8e1d0503c25332b30cad33c97ed442
cheers
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] Fix wrong message when RFI Flush is disable
2019-11-14 9:07 ` Michael Ellerman
@ 2019-11-14 9:31 ` Michal Suchánek
0 siblings, 0 replies; 3+ messages in thread
From: Michal Suchánek @ 2019-11-14 9:31 UTC (permalink / raw)
To: Michael Ellerman
Cc: Gustavo Walbon, linuxppc-dev, mikey, maurosr, linux-kernel,
npiggin, diana.craciun, paulus, leitao, gwalbon, stable
On Thu, Nov 14, 2019 at 08:07:35PM +1100, Michael Ellerman wrote:
> On Thu, 2019-05-02 at 21:09:07 UTC, Gustavo Walbon wrote:
> > From: "Gustavo L. F. Walbon" <gwalbon@linux.ibm.com>
> >
> > The issue was showing "Mitigation" message via sysfs whatever the state of
> > "RFI Flush", but it should show "Vulnerable" when it is disabled.
> >
> > If you have "L1D private" feature enabled and not "RFI Flush" you are
> > vulnerable to meltdown attacks.
> >
> > "RFI Flush" is the key feature to mitigate the meltdown whatever the
> > "L1D private" state.
> >
> > SEC_FTR_L1D_THREAD_PRIV is a feature for Power9 only.
> >
> > So the message should be as the truth table shows.
> > CPU | L1D private | RFI Flush | sysfs |
> > ----| ----------- | --------- | ------------------------------------- |
> > P9 | False | False | Vulnerable
> > P9 | False | True | Mitigation: RFI Flush
> > P9 | True | False | Vulnerable: L1D private per thread
> > P9 | True | True | Mitigation: RFI Flush, L1D private per
> > | | | thread
> > P8 | False | False | Vulnerable
> > P8 | False | True | Mitigation: RFI Flush
> >
> > Output before this fix:
> > # cat /sys/devices/system/cpu/vulnerabilities/meltdown
> > Mitigation: RFI Flush, L1D private per thread
> > # echo 0 > /sys/kernel/debug/powerpc/rfi_flush
> > # cat /sys/devices/system/cpu/vulnerabilities/meltdown
> > Mitigation: L1D private per thread
> >
> > Output after fix:
> > # cat /sys/devices/system/cpu/vulnerabilities/meltdown
> > Mitigation: RFI Flush, L1D private per thread
> > # echo 0 > /sys/kernel/debug/powerpc/rfi_flush
> > # cat /sys/devices/system/cpu/vulnerabilities/meltdown
> > Vulnerable: L1D private per thread
> >
> > Link: https://github.com/linuxppc/issues/issues/243
> >
> > Signed-off-by: Gustavo L. F. Walbon <gwalbon@linux.ibm.com>
> > Signed-off-by: Mauro S. M. Rodrigues <maurosr@linux.vnet.ibm.com>
>
> Applied to powerpc next, thanks.
>
> https://git.kernel.org/powerpc/c/4e706af3cd8e1d0503c25332b30cad33c97ed442
>
> cheers
Fixes: ff348355e9c7 ("powerpc/64s: Enhance the information in
cpu_show_meltdown()")
Thanks
Michal
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-11-14 9:31 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-02 21:09 [PATCH] Fix wrong message when RFI Flush is disable Gustavo Walbon
2019-11-14 9:07 ` Michael Ellerman
2019-11-14 9:31 ` Michal Suchánek
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).