Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1946849pxb; Fri, 5 Mar 2021 03:48:09 -0800 (PST) X-Google-Smtp-Source: ABdhPJxAxRBhKb1oSpCakNTtZiL7fCz9NM3yQZ2FVBixOBWv3wp+7fhbOv9ic6boOUIloYRuTSIr X-Received: by 2002:a17:906:cc89:: with SMTP id oq9mr1882265ejb.258.1614944888788; Fri, 05 Mar 2021 03:48:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614944888; cv=none; d=google.com; s=arc-20160816; b=Ie/iWjW2Mc0qEot3B/Hv+xnAzRvakQ3jZvB2MKvAvBj/wuEGl8/TRvu47VRjbfwBcB y9P691+Xs9+G5y4k+ySDyVQUAizu6dWOMqBDuMMULXeuMZkryo69f8d3WDdy10IJOzIp CPtngZO0X8QoU9WGD+WkfZTG/BRhJB/BMBL2ExHSNZsKbJ5uggHYGbQFjuI/QqwiSDPG jT+9EOlDmAzaZG6MnaB39GcWqpCHzZj02+uNbZ5ZwNJ9xlMOBJoaVdBJCluX0GbFrEWD E5d9biDuHygTwhoCfBp1j7aPjpHlzMS1uZFhrttZzRfbocExH/8GeBGJipoIErRIjmfB ha/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:references:in-reply-to:subject:cc:to:from :dkim-signature; bh=srAR1fFgw9VRWgEk5zA1JxTlnazCAoUMZl+s4+jiaJ8=; b=EeOMWuZMeCaM0E302hh8C5vYcpBjcaxmagagq6f0xC4Shx2GhzgYxAHWOcpNNeT7/F vrBmis40Fzrm2LnwMTZdegpxpbfdLvHLn/a2+Gle0N2YRGy2TLSjnHlDadAGvfYztGO1 zdO0FIarEGtY5glNFLwkNgOUW/LQQaUJyQt9idOOgQidgeypXVqgGEtrGPBltL5xgd+W c78RA33fbqC7PcnzgMuoKixV3ooHSEIQJTu8ClrOTLrIr7T3C8MfYM1fDQGzduBeFWXz ICXXo7hMSec8zb6nV0sDmpHidrtEaZ1OLbe3y8jEQT6WvfPvK7wGCAGNq00LaQjEV/F5 vN4A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ellerman.id.au header.s=201909 header.b=YCW3yOV5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bv13si1174179ejb.524.2021.03.05.03.47.45; Fri, 05 Mar 2021 03:48:08 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@ellerman.id.au header.s=201909 header.b=YCW3yOV5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229582AbhCELo1 (ORCPT + 99 others); Fri, 5 Mar 2021 06:44:27 -0500 Received: from bilbo.ozlabs.org ([203.11.71.1]:53017 "EHLO ozlabs.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229464AbhCELoE (ORCPT ); Fri, 5 Mar 2021 06:44:04 -0500 Received: from authenticated.ozlabs.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail.ozlabs.org (Postfix) with ESMTPSA id 4DsQqj0TBXz9sWL; Fri, 5 Mar 2021 22:44:00 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ellerman.id.au; s=201909; t=1614944641; bh=SFTN3pvD7WygrPK8345qUzj/Yiy79Aui/vKNcyYo1LU=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=YCW3yOV5cOUSmUMmyms3tOismZLI9sjylaqzifzV7Obbez3s6noEcH1EItlJ2FtO7 59C5rksyJB2tF5TxHrCeVwR8sDItttmQ+vwXfUo2EBjMAJNqa2D3Dr1ObN0CX3OaVX R7fZ0V8FR3GxSu/Z3ANBcrAqYCB20hRGyz/4U2Fm4QsYjOqg0ET5d1JUHnKHYSaNqX bvOaCyI1He1BYYs77/73rQC0lGKR8zYVbO2i13A3523xx7JIDPT67CfVjmeoThqijf p9Kv0JPRNTY5M2mFPqTeyffX9ycAsHZv8vFr2loJywXoMbrtnUoX05eCh/zNHwp7su IloIeuJoxDwLQ== From: Michael Ellerman To: Laurent Dufour , benh@kernel.crashing.org, paulus@samba.org, linuxppc-dev@lists.ozlabs.org Cc: nathanl@linux.ibm.com, cheloha@linux.ibm.com, linux-kernel@vger.kernel.org Subject: Re: [PATCH] powerpc/pseries: export LPAR security flavor in lparcfg In-Reply-To: <2c67c119-c1ec-b079-da54-0bf2f316c734@linux.ibm.com> References: <20210304114240.54112-1-ldufour@linux.ibm.com> <871rcuruee.fsf@mpe.ellerman.id.au> <2c67c119-c1ec-b079-da54-0bf2f316c734@linux.ibm.com> Date: Fri, 05 Mar 2021 22:43:55 +1100 Message-ID: <87wnulrfk4.fsf@mpe.ellerman.id.au> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Laurent Dufour writes: > Le 05/03/2021 =C3=A0 07:23, Michael Ellerman a =C3=A9crit=C2=A0: >> Laurent Dufour writes: >>> This is helpful to read the security flavor from inside the LPAR. >>=20 >> We already have /sys/kernel/debug/powerpc/security_features. >>=20 >> Is that not sufficient? > > Not really, it only reports that security mitigation are on or off but no= t the=20 > level set through the ASMI menu. Furthermore, reporting it through > /proc/powerpc/lparcfg allows an easy processing by the lparstat command (= see below). > >>=20 >>> Export it like this in /proc/powerpc/lparcfg: >>> >>> $ grep security_flavor /proc/powerpc/lparcfg >>> security_flavor=3D1 >>> >>> Value means: >>> 0 Speculative execution fully enabled >>> 1 Speculative execution controls to mitigate user-to-kernel attacks >>> 2 Speculative execution controls to mitigate user-to-kernel and >>> user-to-user side-channel attacks >>=20 >> Those strings come from the FSP help, but we have no guarantee it won't >> mean something different in future. > > I think this is nailed down, those strings came from: > https://www.ibm.com/support/pages/node/715841 > > Where it is written (regarding AIX): > > On an LPAR, one can use lparstat -x to display the current mitigation mod= e: > 0 =3D Speculative execution fully enabled > 1 =3D Speculative execution controls to mitigate user-to-kernel side-chan= nel attacks > 2 =3D Speculative execution controls to mitigate user-to-kernel and user-= to-user=20 > side-channel attacks > > We have been requested to provide almost the same, which I proposed in=20 > powerpc-utils: > https://groups.google.com/g/powerpc-utils-devel/c/NaKXvdyl_UI/m/wa2stpIDA= QAJ OK. Do you mind sending a v2 with all those details incorporated into the change log? cheers