Re: [PATCH] powerpc/pseries: export LPAR security flavor in lparcfg

From: Michael Ellerman
Date: Fri Mar 05 2021 - 01:25:01 EST

Next message: Tianyu Lan: "Re: [RFC PATCH 2/12] x86/Hyper-V: Add new hvcall guest address host visibility support"
Previous message: Huang Jianan: "[PATCH 2/2] erofs: decompress in endio if possible"
In reply to: Laurent Dufour: "[PATCH] powerpc/pseries: export LPAR security flavor in lparcfg"
Next in thread: Laurent Dufour: "Re: [PATCH] powerpc/pseries: export LPAR security flavor in lparcfg"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Laurent Dufour <ldufour@xxxxxxxxxxxxx> writes:
> This is helpful to read the security flavor from inside the LPAR.

We already have /sys/kernel/debug/powerpc/security_features.

Is that not sufficient?

> Export it like this in /proc/powerpc/lparcfg:
>
> $ grep security_flavor /proc/powerpc/lparcfg
> security_flavor=1
>
> Value means:
> 0 Speculative execution fully enabled
> 1 Speculative execution controls to mitigate user-to-kernel attacks
> 2 Speculative execution controls to mitigate user-to-kernel and
> user-to-user side-channel attacks

Those strings come from the FSP help, but we have no guarantee it won't
mean something different in future.

cheers

Next message: Tianyu Lan: "Re: [RFC PATCH 2/12] x86/Hyper-V: Add new hvcall guest address host visibility support"
Previous message: Huang Jianan: "[PATCH 2/2] erofs: decompress in endio if possible"
In reply to: Laurent Dufour: "[PATCH] powerpc/pseries: export LPAR security flavor in lparcfg"
Next in thread: Laurent Dufour: "Re: [PATCH] powerpc/pseries: export LPAR security flavor in lparcfg"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]