lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20190502210907.42375-1-gwalbon@linux.ibm.com>
Date:   Thu,  2 May 2019 18:09:07 -0300
From:   Gustavo Walbon <gwalbon@...ux.ibm.com>
To:     linuxppc-dev@...ts.ozlabs.org
Cc:     gwalbon@...ux.vnet.ibm.com, maurosr@...ux.vnet.ibm.com,
        benh@...nel.crashing.org, paulus@...ba.org, mpe@...erman.id.au,
        diana.craciun@....com, msuchanek@...e.de, mikey@...ling.org,
        npiggin@...il.com, leitao@...ian.org, linux-kernel@...r.kernel.org
Subject: [PATCH] Fix wrong message when RFI Flush is disable

From: "Gustavo L. F. Walbon" <gwalbon@...ux.ibm.com>

The issue was showing "Mitigation" message via sysfs whatever the state of
"RFI Flush", but it should show "Vulnerable" when it is disabled.

If you have "L1D private" feature enabled and not "RFI Flush" you are
vulnerable to meltdown attacks.

"RFI Flush" is the key feature to mitigate the meltdown whatever the
"L1D private" state.

SEC_FTR_L1D_THREAD_PRIV is a feature for Power9 only.

So the message should be as the truth table shows.
CPU | L1D private | RFI Flush |                   sysfs               |
----| ----------- | --------- | ------------------------------------- |
 P9 |    False    |   False   | Vulnerable
 P9 |    False    |   True    | Mitigation: RFI Flush
 P9 |    True     |   False   | Vulnerable: L1D private per thread
 P9 |    True     |   True    | Mitigation: RFI Flush, L1D private per
    |             |           | thread
 P8 |    False    |   False   | Vulnerable
 P8 |    False    |   True    | Mitigation: RFI Flush

Output before this fix:
 # cat /sys/devices/system/cpu/vulnerabilities/meltdown
 Mitigation: RFI Flush, L1D private per thread
 # echo 0 > /sys/kernel/debug/powerpc/rfi_flush
 # cat /sys/devices/system/cpu/vulnerabilities/meltdown
 Mitigation: L1D private per thread

Output after fix:
 # cat /sys/devices/system/cpu/vulnerabilities/meltdown
 Mitigation: RFI Flush, L1D private per thread
 # echo 0 > /sys/kernel/debug/powerpc/rfi_flush
 # cat /sys/devices/system/cpu/vulnerabilities/meltdown
 Vulnerable: L1D private per thread

Link: https://github.com/linuxppc/issues/issues/243

Signed-off-by: Gustavo L. F. Walbon <gwalbon@...ux.ibm.com>
Signed-off-by: Mauro S. M. Rodrigues <maurosr@...ux.vnet.ibm.com>
---
 arch/powerpc/kernel/security.c | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
index b33bafb8fcea..e08b81ef43b8 100644
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -130,26 +130,22 @@ ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, cha
 
 	thread_priv = security_ftr_enabled(SEC_FTR_L1D_THREAD_PRIV);
 
-	if (rfi_flush || thread_priv) {
+	if (rfi_flush) {
 		struct seq_buf s;
 		seq_buf_init(&s, buf, PAGE_SIZE - 1);
 
-		seq_buf_printf(&s, "Mitigation: ");
-
-		if (rfi_flush)
-			seq_buf_printf(&s, "RFI Flush");
-
-		if (rfi_flush && thread_priv)
-			seq_buf_printf(&s, ", ");
-
+		seq_buf_printf(&s, "Mitigation: RFI Flush");
 		if (thread_priv)
-			seq_buf_printf(&s, "L1D private per thread");
+			seq_buf_printf(&s, ", L1D private per thread");
 
 		seq_buf_printf(&s, "\n");
 
 		return s.len;
 	}
 
+	if (thread_priv)
+		return sprintf(buf, "Vulnerable: L1D private per thread\n");
+
 	if (!security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV) &&
 	    !security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR))
 		return sprintf(buf, "Not affected\n");
-- 
2.19.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ