[PATCH 0/2] Introduce lparstat -x

[Laurent Dufour]

Custormers would like an easy way to read the spectre/metldown mitigation
mode.

This information seems to be accessible [1] but its not easily consumable.

AIX already delivers this in lparstat -x to read the settings done through
the ASMI [2].

To report the security flavor value, the kernel patch [3] exposing that
value in /proc/powerpc/lparcfg is required . In the case that patch is not
in the running kernel, the value '-' is reported.

The first patch of this series is cleaning the lparstat manpage. That was
need to allow changes in that page introduced in the second patch.

The second patch is really introducing the new feature and document it in
the lparstat's man page.

[1] https://github.com/linuxppc/wiki/wiki/Security-Mitigations
[2] https://www.ibm.com/support/pages/node/715841
[3] https://lore.kernel.org/lkml/20210304114240....@linux.ibm.com

Laurent Dufour (2):
man lparstat: fix nroff warnings and errors
lpartstat: add -x option for the security flavor

man/lparstat.8 | 122 +++++++++++++++++++++++++------------------------
src/lparstat.c | 18 +++++++-
src/lparstat.h | 4 ++
3 files changed, 83 insertions(+), 61 deletions(-)

--
2.30.1

[Laurent Dufour]

This allows user to get the security flavor settings fer the LPAR.

The output is :

$ lparstat -x
Speculative Execution Mode : 1

Where the output number means
0 = Speculative execution fully enabled
1 = Speculative execution controls to mitigate user-to-kernel side-channel
attacks
2 = Speculative execution controls to mitigate user-to-kernel and
user-to-user side-channel attacks

In the case the running kernel is not exposing the security flavor in
/proc/powerpc/lparcfg, the output is:

$ lparstat -x
Speculative Execution Mode : -

Signed-off-by: Laurent Dufour <ldu...@linux.ibm.com>
---
man/lparstat.8 | 14 ++++++++++++++
src/lparstat.c | 18 +++++++++++++++++-
src/lparstat.h | 4 ++++
3 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/man/lparstat.8 b/man/lparstat.8
index 547502ef5538..76c46d2e9d2a 100644
--- a/man/lparstat.8
+++ b/man/lparstat.8
@@ -208,6 +208,20 @@ Desired Variable Capacity Weight
The variable memory capacity weight of the LPAR.
.RE
.TP
+\fB\-x\fR
+Display the LPAR security flavor mode
+.RS
+.TP
+.B 0
+Speculative execution fully enabled
+.TP
+.B 1
+Speculative execution controls to mitigate user-to-kernel side-channel attacks
+.TP
+.B 2
+Speculative execution controls to mitigate user-to-kernel and user-to-user side-channel attacks
+.RE
+.TP
\fB\-E\fR
Display Scaled Processor Utilization Resource Register(SPURR) based CPU utilization.
.RS
diff --git a/src/lparstat.c b/src/lparstat.c
index 23e4b8572443..00922c4d5d89 100644
--- a/src/lparstat.c
+++ b/src/lparstat.c
@@ -42,6 +42,7 @@

static bool o_legacy = false;
static bool o_scaled = false;
+static bool o_security = false;

static int threads_per_cpu;
static int cpus_in_system;
@@ -1152,6 +1153,15 @@ void print_scaled_output(int interval, int count)
} while (--count > 0);
}

+static void print_security_flavor(void)
+{
+ char value[64];
+ char *descr;
+
+ get_sysdata("security_flavor", &descr, value);
+ fprintf(stdout, "%-45s: %s\n", descr, value);
+}
+
static void usage(void)
{
printf("Usage: lparstat [ options ]\n\tlparstat <interval> [ count ]\n\n"
@@ -1159,6 +1169,7 @@ static void usage(void)
"\t-h, --help Show this message and exit.\n"
"\t-V, --version \tDisplay lparstat version information.\n"
"\t-i Lists details on the LPAR configuration.\n"
+ "\t-x Print the security mode settings for the LPAR.\n"
"\t-E Print SPURR metrics.\n"
"\t-l, --legacy Print the report in legacy format.\n"
"interval The interval parameter specifies the amount of time between each report.\n"
@@ -1184,7 +1195,7 @@ int main(int argc, char *argv[])
exit(1);
}

- while ((c = getopt_long(argc, argv, "iEVhl",
+ while ((c = getopt_long(argc, argv, "iEVhlx",
long_opts, &opt_index)) != -1) {
switch(c) {
case 'i':
@@ -1199,6 +1210,9 @@ int main(int argc, char *argv[])
case 'V':
printf("lparstat - %s\n", VERSION);
return 0;
+ case 'x':
+ o_security = true;
+ break;
case 'h':
usage();
return 0;
@@ -1223,6 +1237,8 @@ int main(int argc, char *argv[])

if (i_option)
print_iflag_data();
+ else if (o_security)
+ print_security_flavor();
else if (o_scaled) {
print_scaled_output(interval, count);
close_cpu_sysfs_fds(threads_in_system);
diff --git a/src/lparstat.h b/src/lparstat.h
index 9b7117f79dbe..26ed4baaf494 100644
--- a/src/lparstat.h
+++ b/src/lparstat.h
@@ -302,6 +302,10 @@ struct sysentry system_data[] = {
.descr = "Idle CPU value - SPURR",
.get = &get_cpu_idle_spurr},

+ /* Security flavor */
+ {.name = "security_flavor",
+ .descr = "Speculative Execution Mode"},
+
{.name[0] = '\0'},
};

--
2.30.1

[Laurent Dufour]

Fix errors and warning reported by mandoc for the lparstat.8 file

$ mandoc -W base man/lparstat.8 1>/dev/null
mandoc: man/lparstat.8:7:4: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:20:72: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:26:168: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:32:37: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:35:24: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:38:50: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:46:117: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:73:50: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:76:94: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:81:243: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:84:117: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:90:104: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:94:106: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:101:47: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:104:34: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:107:171: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:119:173: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:122:69: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:125:46: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:131:51: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:134:51: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:137:71: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:140:35: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:143:55: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:152:156: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:155:132: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:158:132: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:161:122: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:164:83: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:167:79: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:170:91: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:173:98: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:176:351: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:179:317: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:182:100: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:188:40: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:193:57: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:199:60: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:202:52: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:205:76: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:208:49: STYLE: whitespace at end of input line
mandoc: man/lparstat.8:209:2: WARNING: line scope broken: SH breaks TP
mandoc: man/lparstat.8:210:2: WARNING: line scope broken: TP breaks SH
mandoc: man/lparstat.8:220:2: WARNING: line scope broken: SH breaks TP
mandoc: man/lparstat.8:221:2: WARNING: line scope broken: TP breaks SH
mandoc: man/lparstat.8:239:2: WARNING: line scope broken: RS breaks TP
mandoc: man/lparstat.8:241:2: WARNING: line scope broken: TP breaks SH
mandoc: man/lparstat.8:246:2: WARNING: line scope broken: TP breaks SH
mandoc: man/lparstat.8:251:2: WARNING: line scope broken: TP breaks SH
mandoc: man/lparstat.8:257:2: WARNING: line scope broken: SH breaks TP
mandoc: man/lparstat.8:263:2: WARNING: line scope broken: EOF breaks TP
mandoc: man/lparstat.8:8:16: WARNING: cannot parse date, using it verbatim: May 2011
mandoc: man/lparstat.8:217:2: WARNING: empty block: RS
mandoc: man/lparstat.8:228:2: WARNING: empty block: RS
mandoc: man/lparstat.8:234:2: WARNING: empty block: RS
mandoc: man/lparstat.8:240:2: WARNING: empty block: RS
mandoc: man/lparstat.8:245:2: WARNING: empty block: RS
mandoc: man/lparstat.8:250:2: WARNING: empty block: RS

Signed-off-by: Laurent Dufour <ldu...@linux.ibm.com>
---

man/lparstat.8 | 110 ++++++++++++++++++++++---------------------------
1 file changed, 49 insertions(+), 61 deletions(-)

diff --git a/man/lparstat.8 b/man/lparstat.8
index d00e42600165..547502ef5538 100644
--- a/man/lparstat.8
+++ b/man/lparstat.8
@@ -4,8 +4,8 @@
.\" Santiago Leon <santil@santil@linux.vnet.ibm.com>
.\" Text extracted from AIX 6.1 Information Document.
.\" Copyright International Business Machines Corporation 1997, 2010.
-.\"
-.TH LPARSTAT 8 "May 2011" Linux "Linux on Power Service Tools"
+.\"
+.TH LPARSTAT 8 2011-05-01 Linux "Linux on Power Service Tools"
.SH NAME
lparstat \- Reports logical partition ( LPAR ) related information and statistics.
.SH SYNOPSIS
@@ -17,25 +17,25 @@ The \fIlparstat\fR command provides a report of LPAR related information and uti

The \fIlparstat\fR command with no options will generate a single report containing utilization statistics related to the LPAR since boot time.

-The following information is displayed in the system configuration row:
+The following information is displayed in the system configuration row:
.TP
type
Partition Type. Can be either dedicated or shared.
.TP
mode
-Indicates whether the partition processor capacity is capped or uncapped allowing it to consume idle cycles from the shared pool. Dedicated LPAR is capped or donating.
+Indicates whether the partition processor capacity is capped or uncapped allowing it to consume idle cycles from the shared pool. Dedicated LPAR is capped or donating.
.TP
smt
Indicates whether simultaneous multi-threading is enabled or disabled in the partition. If SMT is enabled, the number of SMT threads is displayed.
.TP
lcpu
-Number of online logical processors.
+Number of online logical processors.
.TP
mem
-Online Memory Capacity.
+Online Memory Capacity.
.TP
cpus
-Number of online physical processors in the pool.
+Number of online physical processors in the pool.
.RS
This attribute is referred as
.B psize
@@ -43,7 +43,7 @@ in legacy mode and only available in shared LPAR environment.
.RE
.TP
ent
-Entitled processing capacity in processor units. This information is displayed only if the partition type is shared.
+Entitled processing capacity in processor units. This information is displayed only if the partition type is shared.
.P
The following information is displayed in the utilization row:
.TP
@@ -70,41 +70,41 @@ For uncapped partitions with a current physical processor consumption above thei
The following statistics are displayed when the partition type is shared or dedicated-donating:
.TP
physc
-Shows the number of physical processors consumed.
+Shows the number of physical processors consumed.
.TP
vcsw
-Shows the number of virtual context switches that are virtual processor hardware preemptions.
+Shows the number of virtual context switches that are virtual processor hardware preemptions.
.P
The following statistics are displayed only when the partition type is shared:
.TP
%entc
-Shows the percentage of the entitled capacity consumed. Because the time base over which this data is computed can vary, the entitled capacity percentage can sometimes exceed 100%. This excess is noticeable only with small sampling intervals.
+Shows the percentage of the entitled capacity consumed. Because the time base over which this data is computed can vary, the entitled capacity percentage can sometimes exceed 100%. This excess is noticeable only with small sampling intervals.
.TP
lbusy
-Shows the percentage of logical processor(s) utilization that occurred while executing at the user and system level.
+Shows the percentage of logical processor(s) utilization that occurred while executing at the user and system level.
.TP
app
Shows the available physical processors in the shared pool.
.TP
phint
-Shows the number of phantom (targeted to another shared partition in this pool) interruptions received.
+Shows the number of phantom (targeted to another shared partition in this pool) interruptions received.
.SH OPTIONS
.TP
\fB\-i\fR
-Lists details on the LPAR configuration. The various details displayed by the -i option are listed below:
+Lists details on the LPAR configuration. The various details displayed by the -i option are listed below:
.RS
.TP
Node Name
Description
.TP
Partition Name
-Logical partition name as assigned at the HMC.
+Logical partition name as assigned at the HMC.
.TP
Partition Number
-Number of this Logical Partition.
+Number of this Logical Partition.
.TP
Type
-Indicates whether the LPAR is using dedicated or shared CPU resource and if the SMT is turned ON. The Type is displayed in the format [Shared | Dedicated] [ -SMT ] [ -# ]
+Indicates whether the LPAR is using dedicated or shared CPU resource and if the SMT is turned ON. The Type is displayed in the format [Shared | Dedicated] [ -SMT ] [ -# ]
The following list explains the different Type formats:
.RS
.TP
@@ -116,31 +116,31 @@ SMT[-#] - Indicates that the LPAR has SMT mode turned ON and the number of SMT t
.RE
.TP
Mode
-Indicates whether the LPAR processor capacity is capped, or if it is uncapped and allowed to consume idle cycles from the shared pool. Dedicated LPAR is capped or donating.
+Indicates whether the LPAR processor capacity is capped, or if it is uncapped and allowed to consume idle cycles from the shared pool. Dedicated LPAR is capped or donating.
.TP
Entitled Capacity
- The number of processing units this LPAR is entitled to receive.
+ The number of processing units this LPAR is entitled to receive.
.TP
Partition Group-ID
- LPAR group that this LPAR is a member of.
+ LPAR group that this LPAR is a member of.
.TP
Shared Pool ID
Identifier of Shared Pool of Physical processors that this LPAR is a member.
.TP
Online Virtual CPUs
-Number of CPUs (virtual engines) currently online.
+Number of CPUs (virtual engines) currently online.
.TP
Maximum Virtual CPUs
-Maximum possible number of CPUs (virtual engines).
+Maximum possible number of CPUs (virtual engines).
.TP
Minimum Virtual CPUs
- Minimum number of virtual CPUs this LPAR was defined to ever have.
+ Minimum number of virtual CPUs this LPAR was defined to ever have.
.TP
Online Memory
-Amount of memory currently online.
+Amount of memory currently online.
.TP
Minimum Memory
- Minimum memory this LPAR was defined to ever have.
+ Minimum memory this LPAR was defined to ever have.
.TP
Desired Memory
Indicates the desired amount of memory.
@@ -149,115 +149,103 @@ Maximum Memory
Maximum possible amount of memory.
.TP
Variable Capacity Weight
- The priority weight assigned to this LPAR which controls how extra (idle) capacity is allocated to it. A weight of -1 indicates a soft cap is in place.
+ The priority weight assigned to this LPAR which controls how extra (idle) capacity is allocated to it. A weight of -1 indicates a soft cap is in place.
.TP
Minimum Capacity
- The minimum number of processing units this LPAR was defined to ever have. Entitled capacity can be reduced down to this value.
+ The minimum number of processing units this LPAR was defined to ever have. Entitled capacity can be reduced down to this value.
.TP
Maximum Capacity
- The maximum number of processing units this LPAR was defined to ever have. Entitled capacity can be increased up to this value.
+ The maximum number of processing units this LPAR was defined to ever have. Entitled capacity can be increased up to this value.
.TP
Capacity Increment
- The granule at which changes to Entitled Capacity can be made. A value in whole multiples indicates a Dedicated LPAR.
+ The granule at which changes to Entitled Capacity can be made. A value in whole multiples indicates a Dedicated LPAR.
.TP
Active Physical CPUs in System
- The current number of active physical CPUs in the system containing this LPAR.
+ The current number of active physical CPUs in the system containing this LPAR.
.TP
Active CPUs in Pool
- The maximum number of CPUs available to this LPAR's shared processor pool.
+ The maximum number of CPUs available to this LPAR's shared processor pool.
.TP
Maximum Capacity of Pool
- The maximum number of processing units available to this LPAR's shared processor pool.
+ The maximum number of processing units available to this LPAR's shared processor pool.
.TP
Entitled Capacity of Pool
- The number of processing units that this LPAR's shared processor pool is entitled to receive.
+ The number of processing units that this LPAR's shared processor pool is entitled to receive.
.TP
Unallocated Capacity
- The sum of the number of processor units unallocated from shared LPARs in an LPAR group. This sum does not include the processor units unallocated from a dedicated LPAR, which can also belong to the group. The unallocated processor units can be allocated to any dedicated LPAR (if it is greater than or equal to 1.0 ) or shared LPAR of the group.
+ The sum of the number of processor units unallocated from shared LPARs in an LPAR group. This sum does not include the processor units unallocated from a dedicated LPAR, which can also belong to the group. The unallocated processor units can be allocated to any dedicated LPAR (if it is greater than or equal to 1.0 ) or shared LPAR of the group.
.TP
Physical CPU Percentage
- Fractional representation relative to whole physical CPUs that these LPARs virtual CPUs equate to. This is a function of Entitled Capacity / Online CPUs. Dedicated LPARs would have 100% Physical CPU Percentage. A 4-way virtual with Entitled Capacity of 2 processor units would have a 50% physical CPU Percentage.
+ Fractional representation relative to whole physical CPUs that these LPARs virtual CPUs equate to. This is a function of Entitled Capacity / Online CPUs. Dedicated LPARs would have 100% Physical CPU Percentage. A 4-way virtual with Entitled Capacity of 2 processor units would have a 50% physical CPU Percentage.
.TP
Unallocated Weight
- Number of variable processor capacity weight units currently unallocated within the LPAR group.
+ Number of variable processor capacity weight units currently unallocated within the LPAR group.
.TP
Memory Mode
Indicates whether the memory mode is shared or dedicated. If Active Memory Expansion is enabled, the memory mode also includes a new mode called Expanded.
.TP
Total I/O Memory Entitlement
-The I/O memory entitlement of the LPAR.
+The I/O memory entitlement of the LPAR.
.TP
Variable Memory Capacity Weight
.TP
Memory Pool ID
-The memory pool ID of the pool that the LPAR belongs to.
+The memory pool ID of the pool that the LPAR belongs to.
.TP
Physical Memory in the Pool
The physical memory present in the pool that the LPAR belongs to.
.TP
Unallocated Variable Memory Capacity Weight
-he unallocated variable memory-capacity weight of the LPAR.
+he unallocated variable memory-capacity weight of the LPAR.
.TP
Unallocated I/O Memory Entitlement
-The unallocated I/O memory entitlement of the LPAR.
+The unallocated I/O memory entitlement of the LPAR.
.TP
Memory Group ID of LPAR
-The memory group ID of the Workload Manager group that the LPAR belongs to.
+The memory group ID of the Workload Manager group that the LPAR belongs to.
.TP
Desired Variable Capacity Weight
-The variable memory capacity weight of the LPAR.
-.TP
-.SH
+The variable memory capacity weight of the LPAR.
+.RE

.TP
\fB\-E\fR
Display Scaled Processor Utilization Resource Register(SPURR) based CPU utilization.
.RS

.RS
Actual CPU utilization is based on Processor Utilization Resource Register(PURR).
-.RS
-.RE
+.br
Normalized CPU utilization is based on Scaled Processor Utilization Resource Register(SPURR).
-.TP
-.SH
+.RE
+.RE
.TP
\fB\-l, --legacy\fR
Display the report in legacy format.
.RS
.RS
Memory attribute in MB instead of KB.
-.RS
-.RE
+.br
.B cpus
attribute is referred as
.B psize
and only available for shared LPAR.
-.RS
-.RE
+.br
.B lcpu
attribute calculation: lcpu = smt * number of online processors.
.RE
-.TP
-.RS
-.SH
+.RE
.TP
\fB\-h, --help\fR
Display the usage of lparstat.
-.RS
-.SH
.TP
\fB\-V, --version\fR
Display the lparstat version information.
-.RS
-.SH
.TP
interval
The
.B interval

parameter specifies the amount of time between each report.

.TP
-.SH
count
The
.B count
parameter specifies how many reports will be displayed.
-.TP
--
2.30.1

[Laurent Dufour]

Hi Tyrel,

Any chance to get this upstream ?

Thanks,
Laurent.

[Tyrel Datwyler]

Series applied to powerpc-utils/next.

[1/2]
https://github.com/ibm-power-utilities/powerpc-utils/commit/70c15669607885aa358a566006224d0acd345f90

[2/2]
https://github.com/ibm-power-utilities/powerpc-utils/commit/97269d301797e23b75d0c7a5cb63ce280783f615

Thanks,
Tyrel

[Laurent Dufour]

Le 30/03/2021 à 00:00, Tyrel Datwyler a écrit :
>
> Series applied to powerpc-utils/next.
>

Thanks Tyrel !