[OpenPower-Firmware] security fixes for meltdown/spectre on P8
Michael Ellerman
michael at ellerman.id.au
Wed Mar 7 21:35:00 AEDT 2018
Nathan Whitehorn <nwhitehorn at freebsd.org> writes:
> On 03/04/18 18:48, Michael Ellerman wrote:
>> On 5 March 2018 10:27:37 am ACDT, Stewart Smith <stewart at linux.vnet.ibm.com> wrote:
>>> Nathan Whitehorn <nwhitehorn at freebsd.org> writes:
>>>> To hijack the thread slightly, is there an overview somewhere of what
>>>> needs to be done at the OS level to support these fixes? We would
>>>> obviously like to implement the OS-level changes for FreeBSD, but the
>>>> only reference for even what the exposure of P8/9 to Spectre is seems
>>> to
>>>> be some moderately cryptic Linux commits.
>>>> -Nathan
>>> (bringing in the powerpc linux kernel maintainer)
>>>
>>> Umm... is there?
>> Nothing public that I'm aware of. We are hoping to change that, but I can't promise anything.
>>
>> I thought the Linux commit messages were pretty descriptive, is there
>> anything specific that's not clear? I might be able to fill in the
>> blanks.
>
> I think I understand what is going on from the commit messages, but
> there is not *quite* enough information to extrapolate from Linux to
> other systems.
Yep fair enough.
> Since this is a security issue, I feel particularly
> uncomfortable trying to guess what our exposure might be and whether we
> are doing the right things and would appreciate some more direct
> documentation.
I agree.
> This is especially true since our kernel works a bit
> differently from Linux. For example, (at least until the Radix tree MMU
> code lands) FreeBSD uses a fully split address space in which there are
> no SLB entries pointed at the kernel when in any user-space program,
> which I think should make us immune to Meltdown in any sane universe --
> but, without some details on how L1D cache entries are tagged using
> segmented addressing, it is hard to know for sure.
Yes I believe that means you're immune to Meltdown.
I don't have a solid write-up of the exact details of why that's true,
I'll try and get you one.
cheers
More information about the OpenPower-Firmware
mailing list