Test Environment: - Witherspoon DD2.3 - Ubu 18.04.2 Test Result: Ubuntu 18.04.2 LTS ltc-wcwsp3 hvc0
ltc-wcwsp3 login: Ubuntu 18.04.2 LTS ltc-wcwsp3 hvc0 ltc-wcwsp3 login: root Password: Welcome to Ubuntu 18.04.2 LTS (GNU/Linux 4.15.0-50-generic ppc64le) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage root@ltc-wcwsp3:~# uname -a Linux ltc-wcwsp3 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:55:18 UTC 2019 ppc64le ppc64le ppc64le GNU/Linux root@ltc-wcwsp3:~# tail /proc/cpuinfo cpu : POWER9, altivec supported clock : 3800.000000MHz revision : 2.3 (pvr 004e 1203) timebase : 512000000 platform : PowerNV model : 8335-GTW machine : PowerNV 8335-GTW firmware : OPAL MMU : Radix root@ltc-wcwsp3:~# grep -H . /sys/devices/system/cpu/vulnerabilities/spectre_v2 /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Software count cache flush (hardware accelerated) root@ltc-wcwsp3:~# dmesg | grep count-cache-flush [ 0.000000] count-cache-flush: hardware assisted flush sequence enabled root@ltc-wcwsp3:~# echo x > /proc/sysrq-trigger [ 337.227090] sysrq: SysRq : Entering xmon cpu 0x50: Vector: 0 at [c000201bebeefae0] pc: c0000000000e59f8: sysrq_handle_xmon+0xc8/0xd0 lr: c0000000000e59f8: sysrq_handle_xmon+0xc8/0xd0 sp: c000201bebeefc40 msr: 9000000000009033 current = 0xc000201bebe67600 paca = 0xc00000000fab7000 softe: 0 irq_happened: 0x01 pid = 5129, comm = bash Linux version 4.15.0-50-generic (buildd@bos02-ppc64el-006) (gcc version 7.3.0 (Ubuntu 7.3.0-16ubuntu3)) #54-Ubuntu SMP Mon May 6 18:55:18 UTC 2019 (Ubuntu 4.15.0-50.54-generic 4.15.18) enter ? for help [c000201bebeefc70] c0000000007fbe28 __handle_sysrq+0xf8/0x2c0 [c000201bebeefd10] c0000000007fc638 write_sysrq_trigger+0x68/0x90 [c000201bebeefd40] c000000000487bc8 proc_reg_write+0x88/0xd0 [c000201bebeefd70] c0000000003da9fc __vfs_write+0x3c/0x70 [c000201bebeefd90] c0000000003dac58 vfs_write+0xd8/0x220 [c000201bebeefde0] c0000000003daf78 SyS_write+0x68/0x110 [c000201bebeefe30] c00000000000b288 system_call+0x5c/0x70 --- Exception: c01 (System Call) at 000070566a24e420 SP (7ffff6712c70) is in userspace 50:mon> 50:mon> di $_switch 20 c00000000000db00 7c0802a6 mflr r0 c00000000000db04 f8010010 std r0,16(r1) c00000000000db08 f821fe31 stdu r1,-464(r1) c00000000000db0c f9c100e0 std r14,224(r1) c00000000000db10 f9e100e8 std r15,232(r1) c00000000000db14 fa0100f0 std r16,240(r1) c00000000000db18 fa2100f8 std r17,248(r1) c00000000000db1c fa410100 std r18,256(r1) c00000000000db20 fa610108 std r19,264(r1) c00000000000db24 fa810110 std r20,272(r1) c00000000000db28 faa10118 std r21,280(r1) c00000000000db2c fac10120 std r22,288(r1) c00000000000db30 fae10128 std r23,296(r1) c00000000000db34 fb010130 std r24,304(r1) c00000000000db38 fb210138 std r25,312(r1) c00000000000db3c fb410140 std r26,320(r1) c00000000000db40 fb610148 std r27,328(r1) c00000000000db44 fb810150 std r28,336(r1) c00000000000db48 fba10158 std r29,344(r1) c00000000000db4c fbc10160 std r30,352(r1) c00000000000db50 fbe10168 std r31,360(r1) c00000000000db54 f8010170 std r0,368(r1) c00000000000db58 7ee00026 mfcr r23 c00000000000db5c fae101a0 std r23,416(r1) c00000000000db60 f8230000 std r1,0(r3) c00000000000db64 4bffdb1d bl c00000000000b680 # flush_count_cache+0x0/0x2480 c00000000000db68 3cc06000 lis r6,24576 c00000000000db6c 7d40322c dcbt 0,r6,10 c00000000000db70 38c4f4d0 addi r6,r4,-2864 c00000000000db74 f8cd0260 std r6,608(r13) c00000000000db78 e9040000 ld r8,0(r4) c00000000000db7c 48000064 b c00000000000dbe0 # _switch+0xe0/0x180 50:mon> di $flush_count_cache 4d c00000000000b680 7d2802a6 mflr r9 c00000000000b684 48000005 bl c00000000000b688 # flush_count_cache+0x8/0x2480 ... c00000000000b784 4800001c b c00000000000b7a0 # flush_count_cache+0x120/0x2480 c00000000000b788 60000000 nop ... c00000000000b7a0 7d2803a6 mtlr r9 c00000000000b7a4 39207fff li r9,32767 c00000000000b7a8 7d2903a6 mtctr r9 c00000000000b7ac 4c400420 bcctr- 2,lt c00000000000b7b0 4e800020 blr 50:mon> Summary: Mitigation fix validation passed. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1822870 Title: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) Status in The Ubuntu-power-systems project: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Cosmic: Fix Released Bug description: [IMPACT] Need to further address the Spectre v2 and Meltdown vulnerability in Power with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, and additional Spectre/Meltdown related patches for Power9. [Fix] List of upstream patches identified by IBM in comment #4, #5, and #8. [Test] Pre-req: requires Power9 DD2.3 hardware. A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the kernel was tested by IBM. Please see comment #11 and #14 for details. [REGRESSION POTENTIAL] The patches are isolated to the ppc64el architecture and does not impact generic code. ppc64el test kernel was tested by IBM and no regressions were reported. [OTHER INFO] For the different kernels: The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches. Disco appears to be missing only this patch: 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting Cosmic (which is supported until July) is missing a number of patches: cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation barrier from the command line 6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. 179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call setup_barrier_nospec() from setup_arch() 406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting Book3S 64 specific 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security feature flags for count cache flush ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for software count cache flush ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor for count cache flush settings 99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for count cache flush settings 7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 mitigations reporting 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting This appears to already be in -next. For the bionic 18.04.1 (4.15) kernel only this patch is already part of master-next: a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec The others are ported, there were only 3 that were not clean. Those are: 2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori barrier_nospec patching This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is missing, but it does not look like that is required here. cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec based on firmware settings This failed because debugfs was already included, I can see that previously added, I didn't see where it was previously removed. 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions This failed because 8183d99f4a22c is not included - but doesn't seem necessary. All other patches applied with, at most, some fuzz. Has had a little testing - boots, check debugfs, etc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
