tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

selftests/powerpc: Better reporting in spectre_v2

In commit f3054ffd71b5 ("selftests/powerpc: Return skip code for
spectre_v2"), the spectre_v2 selftest is updated to be aware of cases
where the vulnerability status reported in sysfs is incorrect, skipping
the test instead.

This happens because qemu can misrepresent the mitigation status of the
host to the guest. If the count cache is disabled in the host, and this
is correctly reported to the guest, then the guest won't apply
mitigations. If the guest is then migrated to a new host where
mitigations are necessary, it is now vulnerable because it has not
applied mitigations.

Update the selftest to report when we see excessive misses, indicative of
the count cache being disabled. If software flushing is enabled, also
warn that these flushes are just wasting performance.

Signed-off-by: Russell Currey <ruscur@russell.cc>
[mpe: Rebase and update change log appropriately]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210608064809.199116-1-ruscur@russell.cc

authored by

Russell Currey and committed by
Michael Ellerman 48482f4d d2a3c131

+15 -9
+15 -9
tools/testing/selftests/powerpc/security/spectre_v2.c
··· 182 182 case COUNT_CACHE_FLUSH_HW: 183 183 // These should all not affect userspace branch prediction 184 184 if (miss_percent > 15) { 185 + if (miss_percent > 95) { 186 + /* 187 + * Such a mismatch may be caused by a system being unaware 188 + * the count cache is disabled. This may be to enable 189 + * guest migration between hosts with different settings. 190 + * Return skip code to avoid detecting this as an error. 191 + * We are not vulnerable and reporting otherwise, so 192 + * missing such a mismatch is safe. 193 + */ 194 + printf("Branch misses > 95%% unexpected in this configuration.\n"); 195 + printf("Count cache likely disabled without Linux knowing.\n"); 196 + if (state == COUNT_CACHE_FLUSH_SW) 197 + printf("WARNING: Kernel performing unnecessary flushes.\n"); 198 + return 4; 199 + } 185 200 printf("Branch misses > 15%% unexpected in this configuration!\n"); 186 201 printf("Possible mis-match between reported & actual mitigation\n"); 187 - /* 188 - * Such a mismatch may be caused by a guest system 189 - * reporting as vulnerable when the host is mitigated. 190 - * Return skip code to avoid detecting this as an error. 191 - * We are not vulnerable and reporting otherwise, so 192 - * missing such a mismatch is safe. 193 - */ 194 - if (miss_percent > 95) 195 - return 4; 196 202 197 203 return 1; 198 204 }