powerpc: Move default security feature flags

This moves the definition of the default security feature flags
(i.e., enabled by default) closer to the security feature flags.

This can be used to restore current flags to the default flags.

Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
[mauricio: backport: security.c: remove trailing context lines]
Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
CVE-2018-3639 (powerpc)

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

diff --git a/arch/powerpc/include/asm/security_features.h b/arch/powerpc/include/asm/security_features.h
index db00ad2c72c2965bfcbd7917a3a0d44761c48fdd..6fe88355128e0ce4036ff8b67120807af576d6c0 100644 (file)
--- a/arch/powerpc/include/asm/security_features.h
+++ b/arch/powerpc/include/asm/security_features.h
@@ -62,4 +62,12 @@ static inline bool security_ftr_enabled(unsigned long feature)
 // Firmware configuration indicates user favours security over performance
 #define SEC_FTR_FAVOUR_SECURITY                0x0000000000000200ull
 
+
+// Features enabled by default
+#define SEC_FTR_DEFAULT \
+       (SEC_FTR_L1D_FLUSH_HV | \
+        SEC_FTR_L1D_FLUSH_PR | \
+        SEC_FTR_BNDS_CHK_SPEC_BAR | \
+        SEC_FTR_FAVOUR_SECURITY)
+
 #endif /* _ASM_POWERPC_SECURITY_FEATURES_H */

diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
index 4ccba00d224cbcacebfe3266c3202efecc2151fc..fe61fec09cdf47103f7722ab63071d0a278b4aa0 100644 (file)
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -8,8 +8,4 @@
 #include <asm/security_features.h>
 
 
-unsigned long powerpc_security_features __read_mostly = \
-       SEC_FTR_L1D_FLUSH_HV | \
-       SEC_FTR_L1D_FLUSH_PR | \
-       SEC_FTR_BNDS_CHK_SPEC_BAR | \
-       SEC_FTR_FAVOUR_SECURITY;
+unsigned long powerpc_security_features __read_mostly = SEC_FTR_DEFAULT;