The issue has showed the value of status of Speculation_Store_Bypass in the /proc/<pid>/status as `unknown` for PowerPC systems.
The patch fix the checking of the mitigation status of Speculation, and can be reported as "not vulnerable", "globally mitigated" or "vulnerable". Link: https://github.com/linuxppc/issues/issues/255 Signed-off-by: Gustavo Walbon <[email protected]> --- arch/powerpc/kernel/security.c | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c index e1c9cf079503..754ae4238d4e 100644 --- a/arch/powerpc/kernel/security.c +++ b/arch/powerpc/kernel/security.c @@ -14,7 +14,7 @@ #include <asm/debugfs.h> #include <asm/security_features.h> #include <asm/setup.h> - +#include <linux/prctl.h> unsigned long powerpc_security_features __read_mostly = SEC_FTR_DEFAULT; @@ -339,6 +339,29 @@ ssize_t cpu_show_spec_store_bypass(struct device *dev, struct device_attribute * return sprintf(buf, "Vulnerable\n"); } +static int ssb_prctl_get(struct task_struct *task) +{ + if (stf_barrier) { + if (stf_enabled_flush_types == STF_BARRIER_NONE) + return PR_SPEC_NOT_AFFECTED; + else + return PR_SPEC_DISABLE; + } else + return PR_SPEC_DISABLE_NOEXEC; + + return -EINVAL; +} + +int arch_prctl_spec_ctrl_get(struct task_struct *task, unsigned long which) +{ + switch (which) { + case PR_SPEC_STORE_BYPASS: + return ssb_prctl_get(task); + default: + return -ENODEV; + } +} + #ifdef CONFIG_DEBUG_FS static int stf_barrier_set(void *data, u64 val) { -- 2.19.1
