powerpc/64s: Wire up cpu_show_spectre_v1()

CVE-2018-3639 (powerpc) Add a definition for cpu_show_spectre_v1() to override the generic version. Currently this just prints "Not affected" or "Vulnerable" based on the firmware flag. Although the kernel does have array_index_nospec() in a few places, we haven't yet audited all the powerpc code to see where it's necessary, so for now we don't list that as a mitigation. (cherry picked from commit 56986016) Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Signed-off-by: Juerg Haefliger <juergh@canonical.com>

powerpc/64s: Wire up cpu_show_spectre_v1()
CVE-2018-3639 (powerpc) Add a definition for cpu_show_spectre_v1() to override the generic version. Currently this just prints "Not affected" or "Vulnerable" based on the firmware flag. Although the kernel does have array_index_nospec() in a few places, we haven't yet audited all the powerpc code to see where it's necessary, so for now we don't list that as a mitigation. (cherry picked from commit 56986016) Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Signed-off-by: Juerg Haefliger <juergh@canonical.com>
2841560b · Michael Ellerman · Juerg Haefliger · 7ee53c8d · 2841560b
Commit 2841560b authored Mar 27, 2018 by Michael Ellerman Committed by Juerg Haefliger May 16, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 0 deletions

arch/powerpc/kernel/security.c arch/powerpc/kernel/security.c +8 -0

No files found.
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -50,3 +50,11 @@ ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, cha

 	return sprintf(buf, "Vulnerable\n");
 }
+
+ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, char *buf)
+{
+	if (!security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR))
+		return sprintf(buf, "Not affected\n");
+
+	return sprintf(buf, "Vulnerable\n");
+}