Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

Bug #1822870 reported by bugproxy on 2019-04-02
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
The Ubuntu-power-systems project
Critical
Canonical Kernel Security Team
linux (Ubuntu)
Critical
Canonical Kernel Security Team
Bionic
Critical
Canonical Kernel Security Team
Cosmic
Undecided
Unassigned

Bug Description

[IMPACT]
Need to further address the Spectre v2 and Meltdown vulnerability in Power with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, and additional Spectre/Meltdown related patches for Power9.

[Fix]
List of upstream patches identified by IBM in comment #4, #5, and #8.

[Test]
Pre-req: requires Power9 DD2.3 hardware.
A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the kernel was tested by IBM. Please see comment #11 and #14 for details.

[REGRESSION POTENTIAL]
The patches are isolated to the ppc64el architecture and does not impact generic code. ppc64el test kernel was tested by IBM and no regressions were reported.

[OTHER INFO]
For the different kernels:

The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches.

Disco appears to be missing only this patch:
92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting

Cosmic (which is supported until July) is missing a number of patches:
cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation barrier from the command line
6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call setup_barrier_nospec() from setup_arch()
406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting Book3S 64 specific
06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions
dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security feature flags for count cache flush
ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for software count cache flush
ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor for count cache flush settings
99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for count cache flush settings
7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 mitigations reporting
92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting
This appears to already be in -next.

For the bionic 18.04.1 (4.15) kernel only this patch is already part of master-next:
a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec

The others are ported, there were only 3 that were not clean. Those are:
2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori barrier_nospec patching
This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is missing, but it does not look like that is required here.

cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec based on firmware settings
This failed because debugfs was already included, I can see that previously added, I didn't see where it was previously removed.

06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions
This failed because 8183d99f4a22c is not included - but doesn't seem necessary.

All other patches applied with, at most, some fuzz.

Has had a little testing - boots, check debugfs, etc.

Default Comment by Bridge

tags: added: architecture-ppc64le bugnameltc-176424 severity-critical targetmilestone-inin18042
Changed in ubuntu:
assignee: nobody → Ubuntu on IBM Power Systems Bug Triage (ubuntu-power-triage)
affects: ubuntu → linux (Ubuntu)

------- Comment From <email address hidden> 2019-04-02 15:26 EDT-------
Disco appears to be missing only this patch on master, but it's included on master-next:
92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting

The HWE and Cosmic are missing these patches:
cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation barrier from the command line
6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call setup_barrier_nospec() from setup_arch()
406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting Book3S 64 specific
06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions
dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security feature flags for count cache flush
ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for software count cache flush
ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor for count cache flush settings
99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for count cache flush settings
7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 mitigations reporting
92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting

HWE-edge is missing the last patch still at this moment.

Changed in ubuntu-power-systems:
importance: Undecided → Critical
information type: Public → Public Security
Changed in ubuntu-power-systems:
assignee: nobody → Canonical Kernel Security Team (canonical-kernel-security-team)
Manoj Iyer (manjo) on 2019-04-04
Changed in linux (Ubuntu):
assignee: Ubuntu on IBM Power Systems Bug Triage (ubuntu-power-triage) → Canonical Kernel Security Team (canonical-kernel-security-team)
importance: Undecided → Critical
Daniel Axtens (daxtens) wrote :

Hi Michael R,

I tried to apply your patches to test them and support the effort to get them included in the Bionic kernel, but I'm having some trouble applying them:

ubuntu@dja-bionic:~/bionic$ git am ../patches/01-powerpc-64s-add-support-for-ori-barrier_nospec.patch
Patch format detection failed.
ubuntu@dja-bionic:~/bionic$ git am ../patches/01-powerpc-64s-add-support-for-ori-barrier_nospec.patch --patch-format mbox
Applying: commit 2eea7f067f495e33b8b116b35b5988ab2b8aec55
fatal: empty ident name (for <>) not allowed

How are you generating them? They don't look like they've been generated with git format-patch...?

Regards,
Daniel

Manoj Iyer (manjo) on 2019-04-08
Changed in linux (Ubuntu):
status: New → In Progress
Changed in ubuntu-power-systems:
status: New → In Progress
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2019-04-09 10:04 EDT-------
There's a couple extra patches we need to add to have all the mitigations (some that are from earlier than these DD 2.3 changes) from here:
https://github.com/linuxppc/wiki/wiki/Spectre-and-Meltdown-Related-Commits

I'll attach that later today.

------- Comment on attachment From <email address hidden> 2019-04-10 06:26 EDT-------

This is the set of patches listed above plus:
2b57ecd0208f KVM: PPC: Book3S: Add count cache flush parameters to kvmppc_get_cpu_char()

That one is needed for qemu. There aren't any earlier patches that are needed.

I tested this out:
mranweil@ltc-wspoon5:~$ dmesg |grep count-cache-flush
[ 0.000000] count-cache-flush: hardware assisted flush sequence enabled
mranweil@ltc-wspoon5:~$ grep -H . /sys/devices/system/cpu/vulnerabilities/spectre_v2
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Software count cache flush (hardware acceleratd)
mranweil@ltc-wspoon5:~$

6:mon> di $_switch 20
c00000000000db00 7c0802a6 mflr r0
c00000000000db04 f8010010 std r0,16(r1)
c00000000000db08 f821fe31 stdu r1,-464(r1)
c00000000000db0c f9c100e0 std r14,224(r1)
c00000000000db10 f9e100e8 std r15,232(r1)
c00000000000db14 fa0100f0 std r16,240(r1)
c00000000000db18 fa2100f8 std r17,248(r1)
c00000000000db1c fa410100 std r18,256(r1)
c00000000000db20 fa610108 std r19,264(r1)
c00000000000db24 fa810110 std r20,272(r1)
c00000000000db28 faa10118 std r21,280(r1)
c00000000000db2c fac10120 std r22,288(r1)
c00000000000db30 fae10128 std r23,296(r1)
c00000000000db34 fb010130 std r24,304(r1)
c00000000000db38 fb210138 std r25,312(r1)
c00000000000db3c fb410140 std r26,320(r1)
c00000000000db40 fb610148 std r27,328(r1)
c00000000000db44 fb810150 std r28,336(r1)
c00000000000db48 fba10158 std r29,344(r1)
c00000000000db4c fbc10160 std r30,352(r1)
c00000000000db50 fbe10168 std r31,360(r1)
c00000000000db54 f8010170 std r0,368(r1)
c00000000000db58 7ee00026 mfcr r23
c00000000000db5c fae101a0 std r23,416(r1)
c00000000000db60 f8230000 std r1,0(r3)
c00000000000db64 4bffdb1d bl c00000000000b680 # flush_count_cache+0x0/0x2480
c00000000000db68 3cc06000 lis r6,24576
c00000000000db6c 7d40322c dcbt 0,r6,10
c00000000000db70 38c4f4d0 addi r6,r4,-2864
c00000000000db74 f8cd0260 std r6,608(r13)
c00000000000db78 e9040000 ld r8,0(r4)
c00000000000db7c 48000064 b c00000000000dbe0 # _switch+0xe0/0x180
6:mon> di $flush_count_cache 4d
c00000000000b680 7d2802a6 mflr r9
c00000000000b684 48000005 bl c00000000000b688 # flush_count_cache+0x8/0x2480
 ...
c00000000000b784 4800001c b c00000000000b7a0 # flush_count_cache+0x120/0x2480
c00000000000b788 60000000 nop
 ...
c00000000000b7a0 7d2803a6 mtlr r9
c00000000000b7a4 39207fff li r9,32767
c00000000000b7a8 7d2903a6 mtctr r9
c00000000000b7ac 4c400420 bcctr- 2,lt
c00000000000b7b0 4e800020 blr
6:mon>

Michael,

I have test kernel with the patches cherry-picked/backported to 4.15
bionic. We do not have a dd2.3 hw in-house, could you please validate that
this kernel works for you and report back in the bug report?

https://launchpad.net/~ubuntu-power-triage/+archive/ubuntu/lp1822870/

Once I get the validation results I can send a pull request to the kernel
team.

Thanks
--
============================
Manoj Iyer
Ubuntu/Canonical
============================

------- Comment From <email address hidden> 2019-04-10 23:12 EDT-------
Hi Manoj,

Looks good, I think, here's some output:
mranweil@ltc-wspoon5:~$ cat /proc/version
Linux version 4.15.0-48-generic (buildd@bos02-ppc64el-015) (gcc version 7.3.0 (Ubuntu 7.3.0-27ubuntu1~18.04)) #51~lp1822870+build.2-Ubuntu SMP Wed Apr 10 21:12:08 UTC 2019
mranweil@ltc-wspoon5:~$ dmesg |grep count-cache-flush
[ 0.000000] count-cache-flush: hardware assisted flush sequence enabled
mranweil@ltc-wspoon5:~$ grep -H . /sys/devices/system/cpu/vulnerabilities/spectre_v2
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Software count cache flush (hardware acceleratd)

29:mon> di $_switch 20
<snip>
c00000000000db54 f8010170 std r0,368(r1)
c00000000000db58 7ee00026 mfcr r23
c00000000000db5c fae101a0 std r23,416(r1)
c00000000000db60 f8230000 std r1,0(r3)
c00000000000db64 4bffdb1d bl c00000000000b680 # flush_count_cache+0x0/0x2480
c00000000000db68 3cc06000 lis r6,24576
29:mon> di $flush_count_cache 4d
c00000000000b680 7d2802a6 mflr r9
c00000000000b684 48000005 bl c00000000000b688 # flush_count_cache+0x8/0x2480
...
c00000000000b784 4800001c b c00000000000b7a0 # flush_count_cache+0x120/0x2480
c00000000000b788 60000000 nop
...
c00000000000b7a0 7d2803a6 mtlr r9
c00000000000b7a4 39207fff li r9,32767
c00000000000b7a8 7d2903a6 mtctr r9
c00000000000b7ac 4c400420 bcctr- 2,lt
c00000000000b7b0 4e800020 blr
29:mon>

bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2019-04-11 03:16 EDT-------
We're missing one more patch - we need 51c3c62b58b3 powerpc: Avoid code patching freed init sections added in. I will attach a new patch tarball including that after I try that out.

Manoj Iyer (manjo) wrote :

Michael,

I can patch that on top of the patches I already have and build a PPA kernel out for you for testing.

Manoj Iyer (manjo) wrote :

Michael,

I backported that patch and built a new kernel for you to test in this PPA:

https://launchpad.net/~ubuntu-power-triage/+archive/ubuntu/lp1822870

bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2019-04-12 02:19 EDT-------
This passed my tests in simulator.

------- Comment on attachment From <email address hidden> 2019-04-12 05:43 EDT-------

Hi Manoj, thank you. I attached a tarball with patches - in addition to that one it looked best to add these in:
8cf4c05712f0 powerpc/lib/code-patching: refactor patch_instruction()
8183d99f4a22 powerpc/lib/feature-fixups: use raw_patch_instruction()
51c3c62b58b3 powerpc: Avoid code patching freed init sections
b45ba4a51cde powerpc/lib: fix book3s/32 boot failure due to code patching

The first two are just pre-reqs to keep it cleaner, but since 37bc3e5fd764 is in that seems the right thing to do. The last mostly fixes an error on 32 bit ppc kernels, which aren't supported, but this keeps it closer to upstream in the event of needing some further changes and cleans it up.

I tested this with:
root@ltc-wspoon5:/home/mranweil# echo 0 > /sys/kernel/debug/powerpc/barrier_nospec
root@ltc-wspoon5:/home/mranweil# dmesg |grep -i skip
[ 345.961730] Skipping init section patching addr: 0xc0000000010e2b1c
root@ltc-wspoon5:/home/mranweil#

In addition to the previous tests.

Download full text (4.3 KiB)

On Fri, 12 Apr 2019, Michael Ranweiler wrote:

> Hi Manoj - were you going to spin a new test kernel with the extra patches
> or did you want to stick where we are?  It's getting late, so I wanted to
> make sure that one of those versions could go in.  The extra 3 aren't, I
> think, critical, or could be added later, though it'd be good to have them.
> Also wanted to get them posted - should I go ahead and do that?

The latest test kernel that is available in the PPA
https://launchpad.net/~ubuntu-power-triage/+archive/ubuntu/lp1822870
includes all that patches in the tarball and the patch "51c3c62b58b3
powerpc: Avoid code patching freed init sections."' In comment #11
Ellerman@ibm verified that this kernel passes his tests in the simulator.

We would like to keep the patchset to the min number of required critical
patches. The patches to clean up code etc could trigger the kernel team to
reject the SRU because these are not critical fixes.

If you are satisfied with the set of patches that are currently
in the PPA kernel I can submit these for SRU review.

Here is the list of patches in the PPA kernel, please note the shaids wont
match with yours (upstream) because this is from the Ubuntu 4.15 kernel
source.

8db52d2ad2ce (HEAD -> spectre-1822870) powerpc: Avoid code patching freed
init sections
9358c01bc816 KVM: PPC: Book3S: Add count cache flush parameters to
kvmppc_get_cpu_char()
4c3a23aaf32f powerpc/security: Fix spectre_v2 reporting
9e74ec03431a powerpc/fsl: Add nospectre_v2 command line argument
60ec56d8b314 powerpc/fsl: Fix spectre_v2 mitigations reporting
5c2a9f5f9d9e powerpc/powernv: Query firmware for count cache flush
settings
ce74f68a8bfd powerpc/pseries: Query hypervisor for count cache flush
settings
e4ebd9989cdc powerpc/64s: Add support for software count cache flush
1d49623704bf powerpc/64s: Add new security feature flags for count cache
flush
7aa198fb1644 powerpc/asm: Add a patch_site macro & helpers for patching
instructions
4b97b64ac5cd powerpc/lib/feature-fixups: use raw_patch_instruction()
6508ea530cb7 powerpc/lib/code-patching: refactor patch_instruction()
f06866d8777e powerpc/64: Make meltdown reporting Book3S 64 specific
a40b1c85cc50 powerpc/64: Call setup_barrier_nospec() from setup_arch()
c9c86099ae24 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
82cf510fab3f powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
b4d6e3d336c3 powerpc/64: Disable the speculation barrier from the command
line
4b94b84138dd powerpc64s: Show ori31 availability in spectre_v1 sysfs file
not v2
6d63c784648f powerpc/64s: Enhance the information in cpu_show_spectre_v1()
e556e8721b0f powerpc/64: Use barrier_nospec in syscall entry
b09734c0aef5 powerpc: Use barrier_nospec in copy_from_user()
59abe6f37d98 powerpc/64s: Enable barrier_nospec based on firmware settings
f9c9cbba5139 powerpc/64s: Patch barrier_nospec in modules
b7860091936e powerpc/64s: Add support for ori barrier_nospec patching

>
> Thanks!
>
> Mike
>
> Mike Ranweiler
> <email address hidden>
>
>
> -----Michael Ranweiler/Rochester/IBM wrote: -----To: Manoj Iyer
> <email address hidden>
> From: Michael Ranweiler/Rochester/IBM
> Date: 04/11/2019 12:21AM
> Cc: 1822870...

Read more...

------- Comment From <email address hidden> 2019-04-12 14:02 EDT-------
I tried out the PPA kernel you posted, Manoj, and it looks good here, too, from my testing:
mranweil@ltc-wspoon5:~$ cat /proc/version
Linux version 4.15.0-48-generic (buildd@bos02-ppc64el-002) (gcc version 7.3.0 (Ubuntu 7.3.0-27ubuntu1~18.04)) #51~lp1822870+build.4-Ubuntu SMP Thu Apr 11 21:21:18 UTC 2019
mranweil@ltc-wspoon5:~$ dmesg |grep count-cache-flush
[ 0.000000] count-cache-flush: hardware assisted flush sequence enabled
mranweil@ltc-wspoon5:~$ grep -H . /sys/devices/system/cpu/vulnerabilities/spectre_v2
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Software count cache flush (hardware acceleratd)

Manoj Iyer (manjo) on 2019-04-12
description: updated
Manoj Iyer (manjo) on 2019-04-12
description: updated
description: updated
Changed in linux (Ubuntu Bionic):
status: New → In Progress
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Manoj Iyer (manjo) on 2019-04-26
Changed in ubuntu-power-systems:
status: In Progress → Fix Committed
Andrew Cloke (andrew-cloke) wrote :

Marking Cosmic series as "Fix Released" following the Description comment:

"The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches."

Changed in linux (Ubuntu Cosmic):
status: New → Fix Released
Changed in linux (Ubuntu):
status: In Progress → Fix Released
Manoj Iyer (manjo) on 2019-04-29
Changed in linux (Ubuntu Bionic):
assignee: nobody → Canonical Kernel Security Team (canonical-kernel-security-team)
importance: Undecided → Critical
Andrew Cloke (andrew-cloke) wrote :

Next steps:
1) Kernel (security) team to add verification-bionic tags
2) IBM to verify bionic -proposed pocket, and update the bug tags

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-bionic
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2019-04-29 14:42 EDT-------
An initial test looks good, thank you!

mranweil@ltc-wspoon5:~$ dpkg --list |grep linux-image-4\.15\.0-49
ii linux-image-4.15.0-49-generic 4.15.0-49.53 ppc64el Signed kernel image generic
mranweil@ltc-wspoon5:~$ cat /proc/version
Linux version 4.15.0-49-generic (buildd@bos02-ppc64el-016) (gcc version 7.3.0 (Ubuntu 7.3.0-16ubuntu3)) #53-Ubuntu SMP Fri Apr 26 06:44:38 UTC 2019
mranweil@ltc-wspoon5:~$ dmesg |grep count-cache-flush
[ 0.000000] count-cache-flush: hardware assisted flush sequence enabled
mranweil@ltc-wspoon5:~$ grep -H . /sys/devices/system/cpu/vulnerabilities/spectre_v2
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Software count cache flush (hardware accelerated)
mranweil@ltc-wspoon5:~$ cat /proc/cpuinfo |head
processor : 0
cpu : POWER9, altivec supported
clock : 3683.000000MHz
revision : 2.3 (pvr 004e 1203)

processor : 1
cpu : POWER9, altivec supported
clock : 3683.000000MHz
revision : 2.3 (pvr 004e 1203)

Frank Heimes (frank-heimes) wrote :

Adjusting tag according to IBM's test result in comment #19

tags: added: verification-done-bionic
removed: verification-needed-bionic
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2019-04-29 17:43 EDT-------
I did some more testing, including toggling /sys/kernel/debug/powerpc/count_cache_flush and checking the code in xmon before:
c00000000000db58 7ee00026 mfcr r23
c00000000000db5c fae101a0 std r23,416(r1)
c00000000000db60 f8230000 std r1,0(r3)
c00000000000db64 4bffdb1d bl c00000000000b680 # flush_count_cache+0x0/0x2480

and after:
c00000000000db58 7ee00026 mfcr r23
c00000000000db5c fae101a0 std r23,416(r1)
c00000000000db60 f8230000 std r1,0(r3)
c00000000000db64 60000000 nop

All looks correct. Thanks for flipping the tag, I think it looks good. I'll run some regression on it now, too.

Launchpad Janitor (janitor) wrote :
Download full text (12.6 KiB)

This bug was fixed in the package linux - 4.15.0-50.54

---------------
linux (4.15.0-50.54) bionic; urgency=medium

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - Documentation/l1tf: Fix small spelling typo
    - x86/cpu: Sanitize FAM6_ATOM naming
    - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
    - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
      new <linux/bits.h> file
    - tools include: Adopt linux/bits.h
    - x86/msr-index: Cleanup bit defines
    - x86/speculation: Consolidate CPU whitelists
    - x86/speculation/mds: Add basic bug infrastructure for MDS
    - x86/speculation/mds: Add BUG_MSBDS_ONLY
    - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
    - x86/speculation/mds: Add mds_clear_cpu_buffers()
    - x86/speculation/mds: Clear CPU buffers on exit to user
    - x86/kvm/vmx: Add MDS protection when L1D Flush is not active
    - x86/speculation/mds: Conditionally clear CPU buffers on idle entry
    - x86/speculation/mds: Add mitigation control for MDS
    - x86/speculation/mds: Add sysfs reporting for MDS
    - x86/speculation/mds: Add mitigation mode VMWERV
    - Documentation: Move L1TF to separate directory
    - Documentation: Add MDS vulnerability documentation
    - x86/speculation/mds: Add mds=full,nosmt cmdline option
    - x86/speculation: Move arch_smt_update() call to after mitigation decisions
    - x86/speculation/mds: Add SMT warning message
    - x86/speculation/mds: Fix comment
    - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
    - x86/speculation/mds: Add 'mitigations=' support for MDS

  * CVE-2017-5715 // CVE-2017-5753
    - s390/speculation: Support 'mitigations=' cmdline option

  * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
    - powerpc/speculation: Support 'mitigations=' cmdline option

  * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
    CVE-2018-3646
    - cpu/speculation: Add 'mitigations=' cmdline option
    - x86/speculation: Support 'mitigations=' cmdline option

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

linux (4.15.0-49.53) bionic; urgency=medium

  * linux: 4.15.0-49.53 -proposed tracker (LP: #1826358)

  * Backport support for software count cache flush Spectre v2 mitigation. (CVE)
    (required for POWER9 DD2.3) (LP: #1822870)
    - powerpc/64s: Add support for ori barrier_nospec patching
    - powerpc/64s: Patch barrier_nospec in modules
    - powerpc/64s: Enable barrier_nospec based on firmware settings
    - powerpc: Use barrier_nospec in copy_from_user()
    - powerpc/64: Use barrier_nospec in syscall entry
    - powerpc/64s: Enhance the information in cpu_show_spectre_v1()
    - powerpc/64: Disable the speculation barrier from the command line
    - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
    - powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
    - powerpc/64: Call setup_barrier_nospec() from setup_arch()
    - powerpc/64: Make meltdown reporting Book3S 64 specific
    - powerpc/lib/code-patching: refactor patch_instruction()
    - powerpc/lib/feature-fixups: use raw_patch_instruction()
    - powerpc/asm: Add a patch_site mac...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for linux-aws has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Changed in ubuntu-power-systems:
status: Fix Committed → Fix Released
Kalpana S Shetty (kalshett) wrote :
Download full text (4.2 KiB)

Test Environment:
- Witherspoon DD2.3
- Ubu 18.04.2

Test Result:
Ubuntu 18.04.2 LTS ltc-wcwsp3 hvc0

ltc-wcwsp3 login:
Ubuntu 18.04.2 LTS ltc-wcwsp3 hvc0

ltc-wcwsp3 login: root
Password:
Welcome to Ubuntu 18.04.2 LTS (GNU/Linux 4.15.0-50-generic ppc64le)

 * Documentation: https://help.ubuntu.com
 * Management: https://landscape.canonical.com
 * Support: https://ubuntu.com/advantage
root@ltc-wcwsp3:~# uname -a
Linux ltc-wcwsp3 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:55:18 UTC 2019 ppc64le ppc64le ppc64le GNU/Linux
root@ltc-wcwsp3:~# tail /proc/cpuinfo
cpu : POWER9, altivec supported
clock : 3800.000000MHz
revision : 2.3 (pvr 004e 1203)

timebase : 512000000
platform : PowerNV
model : 8335-GTW
machine : PowerNV 8335-GTW
firmware : OPAL
MMU : Radix

root@ltc-wcwsp3:~# grep -H . /sys/devices/system/cpu/vulnerabilities/spectre_v2
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Software count cache flush (hardware accelerated)

root@ltc-wcwsp3:~# dmesg | grep count-cache-flush
[ 0.000000] count-cache-flush: hardware assisted flush sequence enabled

root@ltc-wcwsp3:~# echo x > /proc/sysrq-trigger
[ 337.227090] sysrq: SysRq : Entering xmon
cpu 0x50: Vector: 0 at [c000201bebeefae0]
    pc: c0000000000e59f8: sysrq_handle_xmon+0xc8/0xd0
    lr: c0000000000e59f8: sysrq_handle_xmon+0xc8/0xd0
    sp: c000201bebeefc40
   msr: 9000000000009033
  current = 0xc000201bebe67600
  paca = 0xc00000000fab7000 softe: 0 irq_happened: 0x01
    pid = 5129, comm = bash
Linux version 4.15.0-50-generic (buildd@bos02-ppc64el-006) (gcc version 7.3.0 (Ubuntu 7.3.0-16ubuntu3)) #54-Ubuntu SMP Mon May 6 18:55:18 UTC 2019 (Ubuntu 4.15.0-50.54-generic 4.15.18)
enter ? for help
[c000201bebeefc70] c0000000007fbe28 __handle_sysrq+0xf8/0x2c0
[c000201bebeefd10] c0000000007fc638 write_sysrq_trigger+0x68/0x90
[c000201bebeefd40] c000000000487bc8 proc_reg_write+0x88/0xd0
[c000201bebeefd70] c0000000003da9fc __vfs_write+0x3c/0x70
[c000201bebeefd90] c0000000003dac58 vfs_write+0xd8/0x220
[c000201bebeefde0] c0000000003daf78 SyS_write+0x68/0x110
[c000201bebeefe30] c00000000000b288 system_call+0x5c/0x70
--- Exception: c01 (System Call) at 000070566a24e420
SP (7ffff6712c70) is in userspace
50:mon>
50:mon> di $_switch 20
c00000000000db00 7c0802a6 mflr r0
c00000000000db04 f8010010 std r0,16(r1)
c00000000000db08 f821fe31 stdu r1,-464(r1)
c00000000000db0c f9c100e0 std r14,224(r1)
c00000000000db10 f9e100e8 std r15,232(r1)
c00000000000db14 fa0100f0 std r16,240(r1)
c00000000000db18 fa2100f8 std r17,248(r1)
c00000000000db1c fa410100 std r18,256(r1)
c00000000000db20 fa610108 std r19,264(r1)
c00000000000db24 fa810110 std r20,272(r1)
c00000000000db28 faa10118 std r21,280(r1)
c00000000000db2c fac10120 std r22,288(r1)
c00000000000db30 fae10128 std r23,296(r1)
c00000000000db34 fb010130 std r24,304(r1)
c00000000000db38 fb210138 std r25,312(r1)
c00000000000db3c fb410140 std r26,320(r1)
c00000000000db40 fb610148 std r27,328(r1)
c00000000000db44 fb810150 std r28,336(r1)
c00000000000db48 fba10158 std r29,344(r1)
c00000000000db4c fbc10160 std r30,352(r1)
c000000000...

Read more...

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers