Additional spectre and meltdown patches

@Breno the changes in this patch set touch some of the same areas of code:

  http://patchwork.ozlabs.org/project/linuxppc-dev/list/?series=33861&state=*

  [v3,5/5] rfi-flush: Call setup_rfi_flush() after LPM migration
  [v3,4/5] rfi-flush: Differentiate enabled and patched flush types
  [v3,3/5] rfi-flush: Always enable fallback flush on pseries
  [v3,2/5] rfi-flush: Make it possible to call setup_rfi_flush() again
  [v3,1/5] rfi-flush: Move the logic to avoid a redo into the debugfs code

Should we backport around those changes or are they also required?

Hey Tyler,

I thought these patches were in already, so, let's bring them also.

Backporting without these fixes might not be easy to accomplish, and nothing something we want to keep for the whole 18.04 life. Let's try to be as near as possible to upstream and bring the required patches in.

Thanks for asking,
Breno

@Breno ack, I'll look at bringing them in, as well.

Do you want these changes (both patch sets) in 18.04 only or are you asking for them to be in 17.10, 16.04, and 14.04, as well?

@Breno in addition to the question above about which releases you're requesting, I have a new question about section mismatch warnings that the first patchset introduces:

WARNING: vmlinux.o(.text+0x22228): Section mismatch in reference from the function setup_rfi_flush() to the function .init.text:safe_stack_limit()
The function setup_rfi_flush() references
the function __init safe_stack_limit().
This is often because setup_rfi_flush lacks a __init
annotation or the annotation of safe_stack_limit is wrong.

WARNING: vmlinux.o(.text+0x22250): Section mismatch in reference from the function setup_rfi_flush() to the function .init.text:memblock_alloc_base()
The function setup_rfi_flush() references
the function __init memblock_alloc_base().
This is often because setup_rfi_flush lacks a __init
annotation or the annotation of memblock_alloc_base is wrong.

The "rfi-flush: Make it possible to call setup_rfi_flush() again" patch removes the __init__ annotation from setup_rfi_flush() and then the "rfi-flush: Call setup_rfi_flush() after LPM migration" patch makes it so that setup_rfi_flush() can be called outside of the initialization phase. If it is called outside of the initialization phase, it could call the two __init__ functions mentioned in the warnings above. So, from what I can tell, these are legitimate warnings. Are you all aware of these warnings and, if so, have you determined that they're not a problem?

Hi Tyler,

Yes, we need to backport this patchset to all the current supported kernel. Since most of the supported kernel contains the whole RFI infra structure, I do not expect it to be hard. If you need help, I can find someone to help on the backport.

Regarding the problem you are facing, I talked to the powerpc maintainer (Michael Ellerman) and he suggested squashing the warning using something as the code below. He will be also sending the patch upstream.

```
diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c
index 66f2b6299c40..44c30dd38067 100644
--- a/arch/powerpc/kernel/setup_64.c
+++ b/arch/powerpc/kernel/setup_64.c
@@ -880,7 +880,7 @@ void rfi_flush_enable(bool enable)
     rfi_flush = enable;
 }

-static void init_fallback_flush(void)
+static void __ref init_fallback_flush(void)
 {
     u64 l1d_size, limit;
     int cpu;

```

Patch sent to the mailing list: https://lists.ozlabs.org/pipermail/linuxppc-dev/2018-April/171510.html

Thanks! I just submitted the pull request for bionic. We're too late for the current SRU cycle for the stable releases (17.10, 16.04 LTS, and 14.04 LTS) so we'll have to pick them up in the next SRU cycle.

Note that I didn't include the section mismatch warning since it hadn't been reviewed or merged into linux-next but the patch was sufficient in showing me that the warning isn't an issue. Thanks for following up on that.

This bug was fixed in the package linux - 4.15.0-19.20

---------------
linux (4.15.0-19.20) bionic; urgency=medium

  * linux: 4.15.0-19.20 -proposed tracker (LP: #1766021)

  * Kernel 4.15.0-15 breaks Dell PowerEdge 12th Gen servers (LP: #1765232)
    - Revert "blk-mq: simplify queue mapping & schedule with each possisble CPU"
    - Revert "genirq/affinity: assign vectors to all possible CPUs"

linux (4.15.0-18.19) bionic; urgency=medium

  * linux: 4.15.0-18.19 -proposed tracker (LP: #1765490)

  * [regression] Ubuntu 18.04:[4.15.0-17-generic #18] KVM Guest Kernel:
    meltdown: rfi/fallback displacement flush not enabled bydefault (kvm)
    (LP: #1765429)
    - powerpc/pseries: Fix clearing of security feature flags

  * signing: only install a signed kernel (LP: #1764794)
    - [Packaging] update to Debian like control scripts
    - [Packaging] switch to triggers for postinst.d postrm.d handling
    - [Packaging] signing -- switch to raw-signing tarballs
    - [Packaging] signing -- switch to linux-image as signed when available
    - [Config] signing -- enable Opal signing for ppc64el
    - [Packaging] printenv -- add signing options

  * [18.04 FEAT] Sign POWER host/NV kernels (LP: #1696154)
    - [Packaging] signing -- add support for signing Opal kernel binaries

  * Please cherrypick s390 unwind fix (LP: #1765083)
    - s390/compat: fix setup_frame32

  * Ubuntu 18.04 installer does not detect any IPR based HDD/RAID array [S822L]
    [ipr] (LP: #1751813)
    - d-i: move ipr to storage-core-modules on ppc64el

  * drivers/gpu/drm/bridge/adv7511/adv7511.ko missing (LP: #1764816)
    - SAUCE: (no-up) rename the adv7511 drm driver to adv7511_drm

  * Miscellaneous Ubuntu changes
    - [Packaging] Add linux-oem to rebuild test blacklist.

linux (4.15.0-17.18) bionic; urgency=medium

  * linux: 4.15.0-17.18 -proposed tracker (LP: #1764498)

  * Eventual OOM with profile reloads (LP: #1750594)
    - SAUCE: apparmor: fix memory leak when duplicate profile load

linux (4.15.0-16.17) bionic; urgency=medium

  * linux: 4.15.0-16.17 -proposed tracker (LP: #1763785)

  * [18.04] [bug] CFL-S(CNP)/CNL GPIO testing failed (LP: #1757346)
    - [Config]: Set CONFIG_PINCTRL_CANNONLAKE=y

  * [Ubuntu 18.04] USB Type-C test failed on GLK (LP: #1758797)
    - SAUCE: usb: typec: ucsi: Increase command completion timeout value

  * Fix trying to "push" an already active pool VP (LP: #1763386)
    - SAUCE: powerpc/xive: Fix trying to "push" an already active pool VP

  * hisi_sas: Revert and replace SAUCE patches w/ upstream (LP: #1762824)
    - Revert "UBUNTU: SAUCE: scsi: hisi_sas: export device table of v3 hw to
      userspace"
    - Revert "UBUNTU: SAUCE: scsi: hisi_sas: config for hip08 ES"
    - scsi: hisi_sas: modify some register config for hip08
    - scsi: hisi_sas: add v3 hw MODULE_DEVICE_TABLE()

  * Realtek card reader - RTS5243 [VEN_10EC&DEV_5260] (LP: #1737673)
    - misc: rtsx: Move Realtek Card Reader Driver to misc
    - updateconfigs for Realtek Card Reader Driver
    - misc: rtsx: Add support for RTS5260
    - misc: rtsx: Fix symbol clashes

  * Mellanox [mlx5] [bionic] UBSAN: Undefined behaviour in
    ./include/linux/net_dim.h (LP: #1...

The Xenial 4.4 kernel was fixed in 4.4.0-127.153:

  https://launchpad.net/ubuntu/+source/linux/4.4.0-127.153

The Artful 4.13 kernel has already received some of these fixes in 4.13.0-43.48 and the same is true for the Trusty 3.13 kernel in 3.13.0-151.201.

They contain these patches:

    - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
    - powerpc: Add security feature flags for Spectre/Meltdown
    - powerpc/pseries: Set or clear security feature flags
    - powerpc/powernv: Set or clear security feature flags
    - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
    - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()

The missing commits in both kernels are:

  [v2,10/10] powerpc/64s: Wire up cpu_show_spectre_v2()
  [v2,09/10] powerpc/64s: Wire up cpu_show_spectre_v1()
  [v2,06/10] powerpc/64s: Enhance the information in cpu_show_meltdown()
  [v2,05/10] powerpc/64s: Move cpu_show_meltdown()

@Breno since the missing commits are only for improved reporting of vulnerability status, does IBM consider them to be needed for Ubuntu 14.04's 3.13 kernel? (Ubuntu 17.10's 4.13 kernel will go EoL soon so it probably won't receive the changes)

This bug was nominated against a series that is no longer supported, ie artful. The bug task representing the artful nomination is being closed as Won't Fix.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Marking as Incomplete while awaiting answer to the question in comment #11.

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

This bug was erroneously marked for verification in bionic; verification is not required and verification-needed-bionic is being removed.