<html><head></head><body><div style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:13px;"><div></div>
            <div>unscribed me <br></div><div><br></div>
            
            <div class="yahoo_quoted" id="yahoo_quoted_2185832396">
                <div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
                    
                    <div>
                        On ‎Tuesday‎, ‎March‎ ‎27‎, ‎2018‎ ‎05‎:‎31‎:‎31‎ ‎AM‎ ‎PDT, Michael Ellerman <mpe@ellerman.id.au> wrote:
                    </div>
                    <div><br></div>
                    <div><br></div>
                    <div><div dir="ltr">Add a definition for cpu_show_spectre_v2() to override the generic<br clear="none">version. This has several permuations, though in practice some may not<br clear="none">occur we cater for any combination.<br clear="none"><br clear="none">The most verbose is:<br clear="none"><br clear="none">  Mitigation: Indirect branch serialisation (kernel only), Indirect<br clear="none">  branch cache disabled, ori31 speculation barrier enabled<br clear="none"><br clear="none">We don't treat the ori31 speculation barrier as a mitigation on its<br clear="none">own, because it has to be *used* by code in order to be a mitigation<br clear="none">and we don't know if userspace is doing that. So if that's all we see<br clear="none">we say:<br clear="none"><br clear="none">  Vulnerable, ori31 speculation barrier enabled<br clear="none"><br clear="none">Signed-off-by: Michael Ellerman <<a href="mailto:mpe@ellerman.id.au" shape="rect" ymailto="mailto:mpe@ellerman.id.au">mpe@ellerman.id.au</a>><br clear="none">---<br clear="none"> arch/powerpc/kernel/security.c | 33 +++++++++++++++++++++++++++++++++<br clear="none"> 1 file changed, 33 insertions(+)<br clear="none"><br clear="none">diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c<br clear="none">index 0eace3cac818..2cee3dcd231b 100644<br clear="none">--- a/arch/powerpc/kernel/security.c<br clear="none">+++ b/arch/powerpc/kernel/security.c<br clear="none">@@ -58,3 +58,36 @@ ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, c<br clear="none"> <br clear="none">     return sprintf(buf, "Vulnerable\n");<br clear="none"> }<br clear="none">+<br clear="none">+ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf)<br clear="none">+{<br clear="none">+    bool bcs, ccd, ori;<br clear="none">+    struct seq_buf s;<br clear="none">+<br clear="none">+    seq_buf_init(&s, buf, PAGE_SIZE - 1);<br clear="none">+<br clear="none">+    bcs = security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED);<br clear="none">+    ccd = security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED);<br clear="none">+    ori = security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31);<br clear="none">+<br clear="none">+    if (bcs || ccd) {<br clear="none">+        seq_buf_printf(&s, "Mitigation: ");<br clear="none">+<br clear="none">+        if (bcs)<br clear="none">+            seq_buf_printf(&s, "Indirect branch serialisation (kernel only)");<br clear="none">+<br clear="none">+        if (bcs && ccd)<br clear="none">+            seq_buf_printf(&s, ", ");<br clear="none">+<br clear="none">+        if (ccd)<br clear="none">+            seq_buf_printf(&s, "Indirect branch cache disabled");<br clear="none">+    } else<br clear="none">+        seq_buf_printf(&s, "Vulnerable");<br clear="none">+<br clear="none">+    if (ori)<br clear="none">+        seq_buf_printf(&s, ", ori31 speculation barrier enabled");<br clear="none">+<br clear="none">+    seq_buf_printf(&s, "\n");<br clear="none">+<br clear="none">+    return s.len;<div class="yqt8803334646" id="yqtfd04053"><br clear="none">+}<br clear="none">-- <br clear="none">2.14.1<br clear="none"><br clear="none"></div></div></div>
                </div>
            </div></div></body></html>