From: Michael Ellerman <mpe@ellerman.id.au>
To: stable@vger.kernel.org, gregkh@linuxfoundation.org
Cc: linuxppc-dev@ozlabs.org, diana.craciun@nxp.com,
msuchanek@suse.de, christophe.leroy@c-s.fr
Subject: [PATCH stable v4.9 06/35] powerpc/64s: Enable barrier_nospec based on firmware settings
Date: Thu, 11 Apr 2019 21:46:01 +1000 [thread overview]
Message-ID: <20190411114630.4042-7-mpe@ellerman.id.au> (raw)
In-Reply-To: <20190411114630.4042-1-mpe@ellerman.id.au>
From: Michal Suchanek <msuchanek@suse.de>
commit cb3d6759a93c6d0aea1c10deb6d00e111c29c19c upstream.
Check what firmware told us and enable/disable the barrier_nospec as
appropriate.
We err on the side of enabling the barrier, as it's no-op on older
systems, see the comment for more detail.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
---
arch/powerpc/include/asm/setup.h | 1 +
arch/powerpc/kernel/security.c | 60 ++++++++++++++++++++++++++
arch/powerpc/platforms/powernv/setup.c | 1 +
arch/powerpc/platforms/pseries/setup.c | 1 +
4 files changed, 63 insertions(+)
diff --git a/arch/powerpc/include/asm/setup.h b/arch/powerpc/include/asm/setup.h
index a225b5c42e76..84ae150ce6a6 100644
--- a/arch/powerpc/include/asm/setup.h
+++ b/arch/powerpc/include/asm/setup.h
@@ -51,6 +51,7 @@ enum l1d_flush_type {
void setup_rfi_flush(enum l1d_flush_type, bool enable);
void do_rfi_flush_fixups(enum l1d_flush_type types);
+void setup_barrier_nospec(void);
void do_barrier_nospec_fixups(bool enable);
extern bool barrier_nospec_enabled;
diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
index 34d436fe2498..d0e974da4918 100644
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -9,6 +9,7 @@
#include <linux/device.h>
#include <linux/seq_buf.h>
+#include <asm/debug.h>
#include <asm/security_features.h>
#include <asm/setup.h>
@@ -23,6 +24,65 @@ static void enable_barrier_nospec(bool enable)
do_barrier_nospec_fixups(enable);
}
+void setup_barrier_nospec(void)
+{
+ bool enable;
+
+ /*
+ * It would make sense to check SEC_FTR_SPEC_BAR_ORI31 below as well.
+ * But there's a good reason not to. The two flags we check below are
+ * both are enabled by default in the kernel, so if the hcall is not
+ * functional they will be enabled.
+ * On a system where the host firmware has been updated (so the ori
+ * functions as a barrier), but on which the hypervisor (KVM/Qemu) has
+ * not been updated, we would like to enable the barrier. Dropping the
+ * check for SEC_FTR_SPEC_BAR_ORI31 achieves that. The only downside is
+ * we potentially enable the barrier on systems where the host firmware
+ * is not updated, but that's harmless as it's a no-op.
+ */
+ enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) &&
+ security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR);
+
+ enable_barrier_nospec(enable);
+}
+
+#ifdef CONFIG_DEBUG_FS
+static int barrier_nospec_set(void *data, u64 val)
+{
+ switch (val) {
+ case 0:
+ case 1:
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ if (!!val == !!barrier_nospec_enabled)
+ return 0;
+
+ enable_barrier_nospec(!!val);
+
+ return 0;
+}
+
+static int barrier_nospec_get(void *data, u64 *val)
+{
+ *val = barrier_nospec_enabled ? 1 : 0;
+ return 0;
+}
+
+DEFINE_SIMPLE_ATTRIBUTE(fops_barrier_nospec,
+ barrier_nospec_get, barrier_nospec_set, "%llu\n");
+
+static __init int barrier_nospec_debugfs_init(void)
+{
+ debugfs_create_file("barrier_nospec", 0600, powerpc_debugfs_root, NULL,
+ &fops_barrier_nospec);
+ return 0;
+}
+device_initcall(barrier_nospec_debugfs_init);
+#endif /* CONFIG_DEBUG_FS */
+
ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf)
{
bool thread_priv;
diff --git a/arch/powerpc/platforms/powernv/setup.c b/arch/powerpc/platforms/powernv/setup.c
index 17203abf38e8..eb5464648810 100644
--- a/arch/powerpc/platforms/powernv/setup.c
+++ b/arch/powerpc/platforms/powernv/setup.c
@@ -123,6 +123,7 @@ static void pnv_setup_rfi_flush(void)
security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV));
setup_rfi_flush(type, enable);
+ setup_barrier_nospec();
}
static void __init pnv_setup_arch(void)
diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c
index 91ade7755823..2b2759c98c7e 100644
--- a/arch/powerpc/platforms/pseries/setup.c
+++ b/arch/powerpc/platforms/pseries/setup.c
@@ -525,6 +525,7 @@ void pseries_setup_rfi_flush(void)
security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR);
setup_rfi_flush(types, enable);
+ setup_barrier_nospec();
}
static void __init pSeries_setup_arch(void)
--
2.20.1
next prev parent reply other threads:[~2019-04-11 11:46 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-11 11:45 [PATCH stable v4.9 00/35] powerpc spectre backports for 4.9 Michael Ellerman
2019-04-11 11:45 ` [PATCH stable v4.9 01/35] powerpc: Fix invalid use of register expressions Michael Ellerman
2019-04-11 11:45 ` [PATCH stable v4.9 02/35] powerpc/64s: Add barrier_nospec Michael Ellerman
2019-04-11 11:45 ` [PATCH stable v4.9 03/35] powerpc/64s: Add support for ori barrier_nospec patching Michael Ellerman
2019-04-11 11:45 ` [PATCH stable v4.9 04/35] powerpc: Avoid code patching freed init sections Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 05/35] powerpc/64s: Patch barrier_nospec in modules Michael Ellerman
2019-04-11 11:46 ` Michael Ellerman [this message]
2019-04-11 11:46 ` [PATCH stable v4.9 07/35] powerpc: Use barrier_nospec in copy_from_user() Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 08/35] powerpc/64: Use barrier_nospec in syscall entry Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 09/35] powerpc/64s: Enhance the information in cpu_show_spectre_v1() Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 10/35] powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 11/35] powerpc/64: Disable the speculation barrier from the command line Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 12/35] powerpc/64: Make stf barrier PPC_BOOK3S_64 specific Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 13/35] powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 14/35] powerpc/64: Call setup_barrier_nospec() from setup_arch() Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 15/35] powerpc/64: Make meltdown reporting Book3S 64 specific Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 16/35] powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 17/35] powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 18/35] powerpc/asm: Add a patch_site macro & helpers for patching instructions Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 19/35] powerpc/64s: Add new security feature flags for count cache flush Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 20/35] powerpc/64s: Add support for software " Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 21/35] powerpc/pseries: Query hypervisor for count cache flush settings Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 22/35] powerpc/powernv: Query firmware " Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 23/35] powerpc/fsl: Add infrastructure to fixup branch predictor flush Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 24/35] powerpc/fsl: Add macro to flush the branch predictor Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 25/35] powerpc/fsl: Fix spectre_v2 mitigations reporting Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 26/35] powerpc/fsl: Emulate SPRN_BUCSR register Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 27/35] powerpc/fsl: Add nospectre_v2 command line argument Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 28/35] powerpc/fsl: Flush the branch predictor at each kernel entry (64bit) Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 29/35] powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit) Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 30/35] powerpc/fsl: Flush branch predictor when entering KVM Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 31/35] powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 32/35] powerpc/fsl: Update Spectre v2 reporting Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 33/35] powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup' Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 34/35] powerpc/fsl: Fix the flush of branch predictor Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 35/35] powerpc/security: Fix spectre_v2 reporting Michael Ellerman
2019-04-11 15:25 ` [PATCH stable v4.9 00/35] powerpc spectre backports for 4.9 Sasha Levin
2019-04-12 2:28 ` Michael Ellerman
2019-04-12 14:04 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190411114630.4042-7-mpe@ellerman.id.au \
--to=mpe@ellerman.id.au \
--cc=christophe.leroy@c-s.fr \
--cc=diana.craciun@nxp.com \
--cc=gregkh@linuxfoundation.org \
--cc=linuxppc-dev@ozlabs.org \
--cc=msuchanek@suse.de \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox