| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190816143048.11458-1-gwalbon@linux.ibm.com>
Date: Fri, 16 Aug 2019 11:30:48 -0300
From: Gustavo Walbon <gwalbon@...ux.ibm.com>
To: benh@...nel.crashing.org, paulus@...ba.org, mpe@...erman.id.au
Cc: diana.craciun@....com, tglx@...utronix.de, jkosina@...e.cz,
mikey@...ling.org, jpoimboe@...hat.com, leitao@...ian.org,
linuxppc-dev@...ts.ozlabs.org, linux-kernel@...r.kernel.org,
gustavowalbon@...il.com
Subject: [PATCH] powerpc: Set right value of Speculation_Store_Bypass in /proc/<pid>/status
The issue has showed the value of status of Speculation_Store_Bypass in the
/proc/<pid>/status as `unknown` for PowerPC systems.
The patch fix the checking of the mitigation status of Speculation, and
can be reported as "not vulnerable", "globally mitigated" or "vulnerable".
Link: https://github.com/linuxppc/issues/issues/255
Signed-off-by: Gustavo Walbon <gwalbon@...ux.ibm.com>
---
arch/powerpc/kernel/security.c | 25 ++++++++++++++++++++++++-
1 file changed, 24 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
index e1c9cf079503..754ae4238d4e 100644
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -14,7 +14,7 @@
#include <asm/debugfs.h>
#include <asm/security_features.h>
#include <asm/setup.h>
-
+#include <linux/prctl.h>
unsigned long powerpc_security_features __read_mostly = SEC_FTR_DEFAULT;
@@ -339,6 +339,29 @@ ssize_t cpu_show_spec_store_bypass(struct device *dev, struct device_attribute *
return sprintf(buf, "Vulnerable\n");
}
+static int ssb_prctl_get(struct task_struct *task)
+{
+ if (stf_barrier) {
+ if (stf_enabled_flush_types == STF_BARRIER_NONE)
+ return PR_SPEC_NOT_AFFECTED;
+ else
+ return PR_SPEC_DISABLE;
+ } else
+ return PR_SPEC_DISABLE_NOEXEC;
+
+ return -EINVAL;
+}
+
+int arch_prctl_spec_ctrl_get(struct task_struct *task, unsigned long which)
+{
+ switch (which) {
+ case PR_SPEC_STORE_BYPASS:
+ return ssb_prctl_get(task);
+ default:
+ return -ENODEV;
+ }
+}
+
#ifdef CONFIG_DEBUG_FS
static int stf_barrier_set(void *data, u64 val)
{
--
2.19.1
Powered by blists - more mailing lists