Commit 34f7f798 authored by Michael Ellerman's avatar Michael Ellerman
Browse files

selftests/powerpc: Add test of mitigation patching 



We recently discovered some of our mitigation patching was not safe
against other CPUs running concurrently.

Add a test which enable/disables all mitigations in a tight loop while
also running some stress load. On an unpatched system this almost always
leads to an oops and panic/reboot, but we also check if the kernel
becomes tainted in case we have a non-fatal oops.

Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210507064225.1556312-1-mpe@ellerman.id.au
parent ca8cc369

tools/testing/selftests/powerpc/security/Makefile

+2 −0
Original line number Diff line number Diff line 
# SPDX-License-Identifier: GPL-2.0+



TEST_GEN_PROGS := rfi_flush entry_flush uaccess_flush spectre_v2

TEST_PROGS := mitigation-patching.sh



top_srcdir = ../../../../..



CFLAGS += -I../../../../../usr/include

tools/testing/selftests/powerpc/security/mitigation-patching.sh

0 → 100755
+75 −0
Original line number Diff line number Diff line 
#!/usr/bin/env bash



set -euo pipefail



TIMEOUT=10



function do_one

{

    local mitigation="$1"

    local orig

    local start

    local now



    orig=$(cat "$mitigation")



    start=$EPOCHSECONDS

    now=$start



    while [[ $((now-start)) -lt "$TIMEOUT" ]]

    do

        echo 0 > "$mitigation"

        echo 1 > "$mitigation"



        now=$EPOCHSECONDS

    done



    echo "$orig" > "$mitigation"

}



rc=0

cd /sys/kernel/debug/powerpc || rc=1

if [[ "$rc" -ne 0 ]]; then

    echo "Error: couldn't cd to /sys/kernel/debug/powerpc" >&2

    exit 1

fi



tainted=$(cat /proc/sys/kernel/tainted)

if [[ "$tainted" -ne 0 ]]; then

    echo "Error: kernel already tainted!" >&2

    exit 1

fi



mitigations="barrier_nospec stf_barrier count_cache_flush rfi_flush entry_flush uaccess_flush"



for m in $mitigations

do

    do_one "$m" &

done



echo "Spawned threads enabling/disabling mitigations ..."



if stress-ng > /dev/null 2>&1; then

    stress="stress-ng"

elif stress > /dev/null 2>&1; then

    stress="stress"

else

    stress=""

fi



if [[ -n "$stress" ]]; then

    "$stress" -m "$(nproc)" -t "$TIMEOUT" &

    echo "Spawned VM stressors ..."

fi



echo "Waiting for timeout ..."

wait



tainted=$(cat /proc/sys/kernel/tainted)

if [[ "$tainted" -ne 0 ]]; then

    echo "Error: kernel became tainted!" >&2

    exit 1

fi



echo "OK"

exit 0