Michael Ellerman | 62dfddf | 2018-06-02 21:08:55 +1000 | [diff] [blame] | 1 | // SPDX-License-Identifier: GPL-2.0+ |
| 2 | // |
| 3 | // Security related flags and so on. |
| 4 | // |
| 5 | // Copyright 2018, Michael Ellerman, IBM Corporation. |
| 6 | |
Breno Leitao | ca92979 | 2018-10-22 11:54:12 -0300 | [diff] [blame] | 7 | #include <linux/cpu.h> |
Michael Ellerman | 62dfddf | 2018-06-02 21:08:55 +1000 | [diff] [blame] | 8 | #include <linux/kernel.h> |
Nicholas Piggin | e9b911a | 2018-06-02 21:09:08 +1000 | [diff] [blame] | 9 | #include <linux/debugfs.h> |
Michael Ellerman | 6f81254 | 2018-06-02 21:08:58 +1000 | [diff] [blame] | 10 | #include <linux/device.h> |
Michael Ellerman | a8f6001 | 2018-06-02 21:08:59 +1000 | [diff] [blame] | 11 | #include <linux/seq_buf.h> |
Michael Ellerman | 6f81254 | 2018-06-02 21:08:58 +1000 | [diff] [blame] | 12 | |
Michael Ellerman | 98f6ded | 2019-04-11 21:46:15 +1000 | [diff] [blame] | 13 | #include <asm/asm-prototypes.h> |
| 14 | #include <asm/code-patching.h> |
Michal Suchanek | e1217b4 | 2019-04-11 21:46:01 +1000 | [diff] [blame] | 15 | #include <asm/debug.h> |
Michael Ellerman | 62dfddf | 2018-06-02 21:08:55 +1000 | [diff] [blame] | 16 | #include <asm/security_features.h> |
Michal Suchanek | f3286f1 | 2019-04-11 21:45:58 +1000 | [diff] [blame] | 17 | #include <asm/setup.h> |
Michael Ellerman | 62dfddf | 2018-06-02 21:08:55 +1000 | [diff] [blame] | 18 | |
| 19 | |
Mauricio Faria de Oliveira | 4ec7e5e | 2018-06-02 21:09:05 +1000 | [diff] [blame] | 20 | unsigned long powerpc_security_features __read_mostly = SEC_FTR_DEFAULT; |
Michael Ellerman | 6f81254 | 2018-06-02 21:08:58 +1000 | [diff] [blame] | 21 | |
Michael Ellerman | 98f6ded | 2019-04-11 21:46:15 +1000 | [diff] [blame] | 22 | enum count_cache_flush_type { |
| 23 | COUNT_CACHE_FLUSH_NONE = 0x1, |
| 24 | COUNT_CACHE_FLUSH_SW = 0x2, |
| 25 | COUNT_CACHE_FLUSH_HW = 0x4, |
| 26 | }; |
Diana Craciun | 1eb1ddb | 2019-04-11 21:46:20 +1000 | [diff] [blame] | 27 | static enum count_cache_flush_type count_cache_flush_type = COUNT_CACHE_FLUSH_NONE; |
Michael Ellerman | 113408c | 2019-11-13 21:05:41 +1100 | [diff] [blame] | 28 | static bool link_stack_flush_enabled; |
Michael Ellerman | 98f6ded | 2019-04-11 21:46:15 +1000 | [diff] [blame] | 29 | |
Michal Suchanek | 73b0f62 | 2019-04-11 21:46:00 +1000 | [diff] [blame] | 30 | bool barrier_nospec_enabled; |
Diana Craciun | 78749d1 | 2019-04-11 21:46:06 +1000 | [diff] [blame] | 31 | static bool no_nospec; |
Diana Craciun | 7133df4 | 2019-04-11 21:46:22 +1000 | [diff] [blame] | 32 | static bool btb_flush_enabled; |
Christopher M. Riedl | e59fed3 | 2019-05-23 21:46:48 -0500 | [diff] [blame] | 33 | #if defined(CONFIG_PPC_FSL_BOOK3E) || defined(CONFIG_PPC_BOOK3S_64) |
Diana Craciun | 7133df4 | 2019-04-11 21:46:22 +1000 | [diff] [blame] | 34 | static bool no_spectrev2; |
| 35 | #endif |
Michal Suchanek | f3286f1 | 2019-04-11 21:45:58 +1000 | [diff] [blame] | 36 | |
| 37 | static void enable_barrier_nospec(bool enable) |
| 38 | { |
| 39 | barrier_nospec_enabled = enable; |
| 40 | do_barrier_nospec_fixups(enable); |
| 41 | } |
| 42 | |
Michal Suchanek | e1217b4 | 2019-04-11 21:46:01 +1000 | [diff] [blame] | 43 | void setup_barrier_nospec(void) |
| 44 | { |
| 45 | bool enable; |
| 46 | |
| 47 | /* |
| 48 | * It would make sense to check SEC_FTR_SPEC_BAR_ORI31 below as well. |
| 49 | * But there's a good reason not to. The two flags we check below are |
| 50 | * both are enabled by default in the kernel, so if the hcall is not |
| 51 | * functional they will be enabled. |
| 52 | * On a system where the host firmware has been updated (so the ori |
| 53 | * functions as a barrier), but on which the hypervisor (KVM/Qemu) has |
| 54 | * not been updated, we would like to enable the barrier. Dropping the |
| 55 | * check for SEC_FTR_SPEC_BAR_ORI31 achieves that. The only downside is |
| 56 | * we potentially enable the barrier on systems where the host firmware |
| 57 | * is not updated, but that's harmless as it's a no-op. |
| 58 | */ |
| 59 | enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) && |
| 60 | security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR); |
| 61 | |
Diana Craciun | 78749d1 | 2019-04-11 21:46:06 +1000 | [diff] [blame] | 62 | if (!no_nospec) |
| 63 | enable_barrier_nospec(enable); |
Michal Suchanek | e1217b4 | 2019-04-11 21:46:01 +1000 | [diff] [blame] | 64 | } |
| 65 | |
Diana Craciun | 78749d1 | 2019-04-11 21:46:06 +1000 | [diff] [blame] | 66 | static int __init handle_nospectre_v1(char *p) |
| 67 | { |
| 68 | no_nospec = true; |
| 69 | |
| 70 | return 0; |
| 71 | } |
| 72 | early_param("nospectre_v1", handle_nospectre_v1); |
| 73 | |
Michal Suchanek | e1217b4 | 2019-04-11 21:46:01 +1000 | [diff] [blame] | 74 | #ifdef CONFIG_DEBUG_FS |
| 75 | static int barrier_nospec_set(void *data, u64 val) |
| 76 | { |
| 77 | switch (val) { |
| 78 | case 0: |
| 79 | case 1: |
| 80 | break; |
| 81 | default: |
| 82 | return -EINVAL; |
| 83 | } |
| 84 | |
| 85 | if (!!val == !!barrier_nospec_enabled) |
| 86 | return 0; |
| 87 | |
| 88 | enable_barrier_nospec(!!val); |
| 89 | |
| 90 | return 0; |
| 91 | } |
| 92 | |
| 93 | static int barrier_nospec_get(void *data, u64 *val) |
| 94 | { |
| 95 | *val = barrier_nospec_enabled ? 1 : 0; |
| 96 | return 0; |
| 97 | } |
| 98 | |
| 99 | DEFINE_SIMPLE_ATTRIBUTE(fops_barrier_nospec, |
| 100 | barrier_nospec_get, barrier_nospec_set, "%llu\n"); |
| 101 | |
| 102 | static __init int barrier_nospec_debugfs_init(void) |
| 103 | { |
| 104 | debugfs_create_file("barrier_nospec", 0600, powerpc_debugfs_root, NULL, |
| 105 | &fops_barrier_nospec); |
| 106 | return 0; |
| 107 | } |
| 108 | device_initcall(barrier_nospec_debugfs_init); |
| 109 | #endif /* CONFIG_DEBUG_FS */ |
| 110 | |
Christopher M. Riedl | e59fed3 | 2019-05-23 21:46:48 -0500 | [diff] [blame] | 111 | #if defined(CONFIG_PPC_FSL_BOOK3E) || defined(CONFIG_PPC_BOOK3S_64) |
Diana Craciun | 7133df4 | 2019-04-11 21:46:22 +1000 | [diff] [blame] | 112 | static int __init handle_nospectre_v2(char *p) |
| 113 | { |
| 114 | no_spectrev2 = true; |
| 115 | |
| 116 | return 0; |
| 117 | } |
| 118 | early_param("nospectre_v2", handle_nospectre_v2); |
Christopher M. Riedl | e59fed3 | 2019-05-23 21:46:48 -0500 | [diff] [blame] | 119 | #endif /* CONFIG_PPC_FSL_BOOK3E || CONFIG_PPC_BOOK3S_64 */ |
| 120 | |
| 121 | #ifdef CONFIG_PPC_FSL_BOOK3E |
Diana Craciun | 7133df4 | 2019-04-11 21:46:22 +1000 | [diff] [blame] | 122 | void setup_spectre_v2(void) |
| 123 | { |
| 124 | if (no_spectrev2) |
| 125 | do_btb_flush_fixups(); |
| 126 | else |
| 127 | btb_flush_enabled = true; |
| 128 | } |
| 129 | #endif /* CONFIG_PPC_FSL_BOOK3E */ |
| 130 | |
Diana Craciun | a96e47d | 2019-04-11 21:46:10 +1000 | [diff] [blame] | 131 | #ifdef CONFIG_PPC_BOOK3S_64 |
Michael Ellerman | 6f81254 | 2018-06-02 21:08:58 +1000 | [diff] [blame] | 132 | ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf) |
| 133 | { |
Michael Ellerman | a8f6001 | 2018-06-02 21:08:59 +1000 | [diff] [blame] | 134 | bool thread_priv; |
| 135 | |
| 136 | thread_priv = security_ftr_enabled(SEC_FTR_L1D_THREAD_PRIV); |
| 137 | |
Gustavo L. F. Walbon | 9da4be3 | 2019-05-02 18:09:07 -0300 | [diff] [blame] | 138 | if (rfi_flush) { |
Michael Ellerman | a8f6001 | 2018-06-02 21:08:59 +1000 | [diff] [blame] | 139 | struct seq_buf s; |
| 140 | seq_buf_init(&s, buf, PAGE_SIZE - 1); |
| 141 | |
Gustavo L. F. Walbon | 9da4be3 | 2019-05-02 18:09:07 -0300 | [diff] [blame] | 142 | seq_buf_printf(&s, "Mitigation: RFI Flush"); |
Michael Ellerman | a8f6001 | 2018-06-02 21:08:59 +1000 | [diff] [blame] | 143 | if (thread_priv) |
Gustavo L. F. Walbon | 9da4be3 | 2019-05-02 18:09:07 -0300 | [diff] [blame] | 144 | seq_buf_printf(&s, ", L1D private per thread"); |
Michael Ellerman | a8f6001 | 2018-06-02 21:08:59 +1000 | [diff] [blame] | 145 | |
| 146 | seq_buf_printf(&s, "\n"); |
| 147 | |
| 148 | return s.len; |
| 149 | } |
| 150 | |
Gustavo L. F. Walbon | 9da4be3 | 2019-05-02 18:09:07 -0300 | [diff] [blame] | 151 | if (thread_priv) |
| 152 | return sprintf(buf, "Vulnerable: L1D private per thread\n"); |
| 153 | |
Michael Ellerman | a8f6001 | 2018-06-02 21:08:59 +1000 | [diff] [blame] | 154 | if (!security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV) && |
| 155 | !security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR)) |
| 156 | return sprintf(buf, "Not affected\n"); |
Michael Ellerman | 6f81254 | 2018-06-02 21:08:58 +1000 | [diff] [blame] | 157 | |
| 158 | return sprintf(buf, "Vulnerable\n"); |
| 159 | } |
Anthony Steinhauser | cb4bbe2 | 2019-10-29 12:07:59 -0700 | [diff] [blame] | 160 | |
| 161 | ssize_t cpu_show_l1tf(struct device *dev, struct device_attribute *attr, char *buf) |
| 162 | { |
| 163 | return cpu_show_meltdown(dev, attr, buf); |
| 164 | } |
Diana Craciun | a96e47d | 2019-04-11 21:46:10 +1000 | [diff] [blame] | 165 | #endif |
Michael Ellerman | ed50e03 | 2018-06-02 21:09:02 +1000 | [diff] [blame] | 166 | |
| 167 | ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, char *buf) |
| 168 | { |
Michael Ellerman | ee617f5 | 2019-04-11 21:46:05 +1000 | [diff] [blame] | 169 | struct seq_buf s; |
Michael Ellerman | ed50e03 | 2018-06-02 21:09:02 +1000 | [diff] [blame] | 170 | |
Michael Ellerman | ee617f5 | 2019-04-11 21:46:05 +1000 | [diff] [blame] | 171 | seq_buf_init(&s, buf, PAGE_SIZE - 1); |
Michal Suchanek | f7493c9 | 2019-04-11 21:46:04 +1000 | [diff] [blame] | 172 | |
Michael Ellerman | ee617f5 | 2019-04-11 21:46:05 +1000 | [diff] [blame] | 173 | if (security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR)) { |
| 174 | if (barrier_nospec_enabled) |
| 175 | seq_buf_printf(&s, "Mitigation: __user pointer sanitization"); |
| 176 | else |
| 177 | seq_buf_printf(&s, "Vulnerable"); |
| 178 | |
| 179 | if (security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31)) |
| 180 | seq_buf_printf(&s, ", ori31 speculation barrier enabled"); |
| 181 | |
| 182 | seq_buf_printf(&s, "\n"); |
| 183 | } else |
| 184 | seq_buf_printf(&s, "Not affected\n"); |
| 185 | |
| 186 | return s.len; |
Michael Ellerman | ed50e03 | 2018-06-02 21:09:02 +1000 | [diff] [blame] | 187 | } |
Michael Ellerman | 1dc0f1f | 2018-06-02 21:09:03 +1000 | [diff] [blame] | 188 | |
| 189 | ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf) |
| 190 | { |
Michael Ellerman | 1dc0f1f | 2018-06-02 21:09:03 +1000 | [diff] [blame] | 191 | struct seq_buf s; |
Michael Ellerman | ee617f5 | 2019-04-11 21:46:05 +1000 | [diff] [blame] | 192 | bool bcs, ccd; |
Michael Ellerman | 1dc0f1f | 2018-06-02 21:09:03 +1000 | [diff] [blame] | 193 | |
| 194 | seq_buf_init(&s, buf, PAGE_SIZE - 1); |
| 195 | |
| 196 | bcs = security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED); |
| 197 | ccd = security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED); |
Michael Ellerman | 1dc0f1f | 2018-06-02 21:09:03 +1000 | [diff] [blame] | 198 | |
Michael Ellerman | 91f69a3c | 2019-04-11 21:46:30 +1000 | [diff] [blame] | 199 | if (bcs || ccd) { |
Michael Ellerman | 1dc0f1f | 2018-06-02 21:09:03 +1000 | [diff] [blame] | 200 | seq_buf_printf(&s, "Mitigation: "); |
| 201 | |
Michael Ellerman | 91f69a3c | 2019-04-11 21:46:30 +1000 | [diff] [blame] | 202 | if (bcs) |
Michael Ellerman | 1dc0f1f | 2018-06-02 21:09:03 +1000 | [diff] [blame] | 203 | seq_buf_printf(&s, "Indirect branch serialisation (kernel only)"); |
| 204 | |
Michael Ellerman | 91f69a3c | 2019-04-11 21:46:30 +1000 | [diff] [blame] | 205 | if (bcs && ccd) |
Michael Ellerman | 1dc0f1f | 2018-06-02 21:09:03 +1000 | [diff] [blame] | 206 | seq_buf_printf(&s, ", "); |
| 207 | |
Michael Ellerman | 91f69a3c | 2019-04-11 21:46:30 +1000 | [diff] [blame] | 208 | if (ccd) |
| 209 | seq_buf_printf(&s, "Indirect branch cache disabled"); |
Michael Ellerman | 113408c | 2019-11-13 21:05:41 +1100 | [diff] [blame] | 210 | |
| 211 | if (link_stack_flush_enabled) |
| 212 | seq_buf_printf(&s, ", Software link stack flush"); |
| 213 | |
Michael Ellerman | 91f69a3c | 2019-04-11 21:46:30 +1000 | [diff] [blame] | 214 | } else if (count_cache_flush_type != COUNT_CACHE_FLUSH_NONE) { |
| 215 | seq_buf_printf(&s, "Mitigation: Software count cache flush"); |
Michael Ellerman | 98f6ded | 2019-04-11 21:46:15 +1000 | [diff] [blame] | 216 | |
| 217 | if (count_cache_flush_type == COUNT_CACHE_FLUSH_HW) |
Michael Ellerman | 91f69a3c | 2019-04-11 21:46:30 +1000 | [diff] [blame] | 218 | seq_buf_printf(&s, " (hardware accelerated)"); |
Michael Ellerman | 113408c | 2019-11-13 21:05:41 +1100 | [diff] [blame] | 219 | |
| 220 | if (link_stack_flush_enabled) |
| 221 | seq_buf_printf(&s, ", Software link stack flush"); |
| 222 | |
Diana Craciun | 0ac0d2b | 2019-04-11 21:46:27 +1000 | [diff] [blame] | 223 | } else if (btb_flush_enabled) { |
| 224 | seq_buf_printf(&s, "Mitigation: Branch predictor state flush"); |
| 225 | } else { |
Michael Ellerman | 1dc0f1f | 2018-06-02 21:09:03 +1000 | [diff] [blame] | 226 | seq_buf_printf(&s, "Vulnerable"); |
Diana Craciun | 0ac0d2b | 2019-04-11 21:46:27 +1000 | [diff] [blame] | 227 | } |
Michael Ellerman | 1dc0f1f | 2018-06-02 21:09:03 +1000 | [diff] [blame] | 228 | |
Michael Ellerman | 1dc0f1f | 2018-06-02 21:09:03 +1000 | [diff] [blame] | 229 | seq_buf_printf(&s, "\n"); |
| 230 | |
| 231 | return s.len; |
| 232 | } |
Nicholas Piggin | e9b911a | 2018-06-02 21:09:08 +1000 | [diff] [blame] | 233 | |
Diana Craciun | 1ec00d2 | 2019-04-11 21:46:07 +1000 | [diff] [blame] | 234 | #ifdef CONFIG_PPC_BOOK3S_64 |
Nicholas Piggin | e9b911a | 2018-06-02 21:09:08 +1000 | [diff] [blame] | 235 | /* |
| 236 | * Store-forwarding barrier support. |
| 237 | */ |
| 238 | |
| 239 | static enum stf_barrier_type stf_enabled_flush_types; |
| 240 | static bool no_stf_barrier; |
| 241 | bool stf_barrier; |
| 242 | |
| 243 | static int __init handle_no_stf_barrier(char *p) |
| 244 | { |
| 245 | pr_info("stf-barrier: disabled on command line."); |
| 246 | no_stf_barrier = true; |
| 247 | return 0; |
| 248 | } |
| 249 | |
| 250 | early_param("no_stf_barrier", handle_no_stf_barrier); |
| 251 | |
| 252 | /* This is the generic flag used by other architectures */ |
| 253 | static int __init handle_ssbd(char *p) |
| 254 | { |
| 255 | if (!p || strncmp(p, "auto", 5) == 0 || strncmp(p, "on", 2) == 0 ) { |
| 256 | /* Until firmware tells us, we have the barrier with auto */ |
| 257 | return 0; |
| 258 | } else if (strncmp(p, "off", 3) == 0) { |
| 259 | handle_no_stf_barrier(NULL); |
| 260 | return 0; |
| 261 | } else |
| 262 | return 1; |
| 263 | |
| 264 | return 0; |
| 265 | } |
| 266 | early_param("spec_store_bypass_disable", handle_ssbd); |
| 267 | |
| 268 | /* This is the generic flag used by other architectures */ |
| 269 | static int __init handle_no_ssbd(char *p) |
| 270 | { |
| 271 | handle_no_stf_barrier(NULL); |
| 272 | return 0; |
| 273 | } |
| 274 | early_param("nospec_store_bypass_disable", handle_no_ssbd); |
| 275 | |
| 276 | static void stf_barrier_enable(bool enable) |
| 277 | { |
| 278 | if (enable) |
| 279 | do_stf_barrier_fixups(stf_enabled_flush_types); |
| 280 | else |
| 281 | do_stf_barrier_fixups(STF_BARRIER_NONE); |
| 282 | |
| 283 | stf_barrier = enable; |
| 284 | } |
| 285 | |
| 286 | void setup_stf_barrier(void) |
| 287 | { |
| 288 | enum stf_barrier_type type; |
| 289 | bool enable, hv; |
| 290 | |
| 291 | hv = cpu_has_feature(CPU_FTR_HVMODE); |
| 292 | |
| 293 | /* Default to fallback in case fw-features are not available */ |
| 294 | if (cpu_has_feature(CPU_FTR_ARCH_300)) |
| 295 | type = STF_BARRIER_EIEIO; |
| 296 | else if (cpu_has_feature(CPU_FTR_ARCH_207S)) |
| 297 | type = STF_BARRIER_SYNC_ORI; |
| 298 | else if (cpu_has_feature(CPU_FTR_ARCH_206)) |
| 299 | type = STF_BARRIER_FALLBACK; |
| 300 | else |
| 301 | type = STF_BARRIER_NONE; |
| 302 | |
| 303 | enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) && |
| 304 | (security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR) || |
| 305 | (security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV) && hv)); |
| 306 | |
| 307 | if (type == STF_BARRIER_FALLBACK) { |
| 308 | pr_info("stf-barrier: fallback barrier available\n"); |
| 309 | } else if (type == STF_BARRIER_SYNC_ORI) { |
| 310 | pr_info("stf-barrier: hwsync barrier available\n"); |
| 311 | } else if (type == STF_BARRIER_EIEIO) { |
| 312 | pr_info("stf-barrier: eieio barrier available\n"); |
| 313 | } |
| 314 | |
| 315 | stf_enabled_flush_types = type; |
| 316 | |
| 317 | if (!no_stf_barrier) |
| 318 | stf_barrier_enable(enable); |
| 319 | } |
| 320 | |
| 321 | ssize_t cpu_show_spec_store_bypass(struct device *dev, struct device_attribute *attr, char *buf) |
| 322 | { |
| 323 | if (stf_barrier && stf_enabled_flush_types != STF_BARRIER_NONE) { |
| 324 | const char *type; |
| 325 | switch (stf_enabled_flush_types) { |
| 326 | case STF_BARRIER_EIEIO: |
| 327 | type = "eieio"; |
| 328 | break; |
| 329 | case STF_BARRIER_SYNC_ORI: |
| 330 | type = "hwsync"; |
| 331 | break; |
| 332 | case STF_BARRIER_FALLBACK: |
| 333 | type = "fallback"; |
| 334 | break; |
| 335 | default: |
| 336 | type = "unknown"; |
| 337 | } |
| 338 | return sprintf(buf, "Mitigation: Kernel entry/exit barrier (%s)\n", type); |
| 339 | } |
| 340 | |
| 341 | if (!security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV) && |
| 342 | !security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR)) |
| 343 | return sprintf(buf, "Not affected\n"); |
| 344 | |
| 345 | return sprintf(buf, "Vulnerable\n"); |
| 346 | } |
| 347 | |
| 348 | #ifdef CONFIG_DEBUG_FS |
| 349 | static int stf_barrier_set(void *data, u64 val) |
| 350 | { |
| 351 | bool enable; |
| 352 | |
| 353 | if (val == 1) |
| 354 | enable = true; |
| 355 | else if (val == 0) |
| 356 | enable = false; |
| 357 | else |
| 358 | return -EINVAL; |
| 359 | |
| 360 | /* Only do anything if we're changing state */ |
| 361 | if (enable != stf_barrier) |
| 362 | stf_barrier_enable(enable); |
| 363 | |
| 364 | return 0; |
| 365 | } |
| 366 | |
| 367 | static int stf_barrier_get(void *data, u64 *val) |
| 368 | { |
| 369 | *val = stf_barrier ? 1 : 0; |
| 370 | return 0; |
| 371 | } |
| 372 | |
| 373 | DEFINE_SIMPLE_ATTRIBUTE(fops_stf_barrier, stf_barrier_get, stf_barrier_set, "%llu\n"); |
| 374 | |
| 375 | static __init int stf_barrier_debugfs_init(void) |
| 376 | { |
| 377 | debugfs_create_file("stf_barrier", 0600, powerpc_debugfs_root, NULL, &fops_stf_barrier); |
| 378 | return 0; |
| 379 | } |
| 380 | device_initcall(stf_barrier_debugfs_init); |
| 381 | #endif /* CONFIG_DEBUG_FS */ |
Michael Ellerman | 98f6ded | 2019-04-11 21:46:15 +1000 | [diff] [blame] | 382 | |
Michael Ellerman | 113408c | 2019-11-13 21:05:41 +1100 | [diff] [blame] | 383 | static void no_count_cache_flush(void) |
| 384 | { |
| 385 | count_cache_flush_type = COUNT_CACHE_FLUSH_NONE; |
| 386 | pr_info("count-cache-flush: software flush disabled.\n"); |
| 387 | } |
| 388 | |
Michael Ellerman | 98f6ded | 2019-04-11 21:46:15 +1000 | [diff] [blame] | 389 | static void toggle_count_cache_flush(bool enable) |
| 390 | { |
Michael Ellerman | 113408c | 2019-11-13 21:05:41 +1100 | [diff] [blame] | 391 | if (!security_ftr_enabled(SEC_FTR_FLUSH_COUNT_CACHE) && |
| 392 | !security_ftr_enabled(SEC_FTR_FLUSH_LINK_STACK)) |
| 393 | enable = false; |
| 394 | |
| 395 | if (!enable) { |
Michael Ellerman | 98f6ded | 2019-04-11 21:46:15 +1000 | [diff] [blame] | 396 | patch_instruction_site(&patch__call_flush_count_cache, PPC_INST_NOP); |
Michael Ellerman | e2c87b1 | 2019-11-13 21:05:44 +1100 | [diff] [blame] | 397 | #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE |
| 398 | patch_instruction_site(&patch__call_kvm_flush_link_stack, PPC_INST_NOP); |
| 399 | #endif |
Michael Ellerman | 113408c | 2019-11-13 21:05:41 +1100 | [diff] [blame] | 400 | pr_info("link-stack-flush: software flush disabled.\n"); |
| 401 | link_stack_flush_enabled = false; |
| 402 | no_count_cache_flush(); |
Michael Ellerman | 98f6ded | 2019-04-11 21:46:15 +1000 | [diff] [blame] | 403 | return; |
| 404 | } |
| 405 | |
Michael Ellerman | 113408c | 2019-11-13 21:05:41 +1100 | [diff] [blame] | 406 | // This enables the branch from _switch to flush_count_cache |
Michael Ellerman | 98f6ded | 2019-04-11 21:46:15 +1000 | [diff] [blame] | 407 | patch_branch_site(&patch__call_flush_count_cache, |
| 408 | (u64)&flush_count_cache, BRANCH_SET_LINK); |
| 409 | |
Michael Ellerman | e2c87b1 | 2019-11-13 21:05:44 +1100 | [diff] [blame] | 410 | #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE |
| 411 | // This enables the branch from guest_exit_cont to kvm_flush_link_stack |
| 412 | patch_branch_site(&patch__call_kvm_flush_link_stack, |
| 413 | (u64)&kvm_flush_link_stack, BRANCH_SET_LINK); |
| 414 | #endif |
| 415 | |
Michael Ellerman | 113408c | 2019-11-13 21:05:41 +1100 | [diff] [blame] | 416 | pr_info("link-stack-flush: software flush enabled.\n"); |
| 417 | link_stack_flush_enabled = true; |
| 418 | |
| 419 | // If we just need to flush the link stack, patch an early return |
| 420 | if (!security_ftr_enabled(SEC_FTR_FLUSH_COUNT_CACHE)) { |
| 421 | patch_instruction_site(&patch__flush_link_stack_return, PPC_INST_BLR); |
| 422 | no_count_cache_flush(); |
| 423 | return; |
| 424 | } |
| 425 | |
Michael Ellerman | 98f6ded | 2019-04-11 21:46:15 +1000 | [diff] [blame] | 426 | if (!security_ftr_enabled(SEC_FTR_BCCTR_FLUSH_ASSIST)) { |
| 427 | count_cache_flush_type = COUNT_CACHE_FLUSH_SW; |
| 428 | pr_info("count-cache-flush: full software flush sequence enabled.\n"); |
| 429 | return; |
| 430 | } |
| 431 | |
| 432 | patch_instruction_site(&patch__flush_count_cache_return, PPC_INST_BLR); |
| 433 | count_cache_flush_type = COUNT_CACHE_FLUSH_HW; |
| 434 | pr_info("count-cache-flush: hardware assisted flush sequence enabled\n"); |
| 435 | } |
| 436 | |
| 437 | void setup_count_cache_flush(void) |
| 438 | { |
Christopher M. Riedl | e59fed3 | 2019-05-23 21:46:48 -0500 | [diff] [blame] | 439 | bool enable = true; |
| 440 | |
| 441 | if (no_spectrev2 || cpu_mitigations_off()) { |
| 442 | if (security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED) || |
| 443 | security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED)) |
Michael Ellerman | 113408c | 2019-11-13 21:05:41 +1100 | [diff] [blame] | 444 | pr_warn("Spectre v2 mitigations not fully under software control, can't disable\n"); |
Christopher M. Riedl | e59fed3 | 2019-05-23 21:46:48 -0500 | [diff] [blame] | 445 | |
| 446 | enable = false; |
| 447 | } |
| 448 | |
Michael Ellerman | 113408c | 2019-11-13 21:05:41 +1100 | [diff] [blame] | 449 | /* |
| 450 | * There's no firmware feature flag/hypervisor bit to tell us we need to |
| 451 | * flush the link stack on context switch. So we set it here if we see |
| 452 | * either of the Spectre v2 mitigations that aim to protect userspace. |
| 453 | */ |
| 454 | if (security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED) || |
| 455 | security_ftr_enabled(SEC_FTR_FLUSH_COUNT_CACHE)) |
| 456 | security_ftr_set(SEC_FTR_FLUSH_LINK_STACK); |
| 457 | |
Christopher M. Riedl | e59fed3 | 2019-05-23 21:46:48 -0500 | [diff] [blame] | 458 | toggle_count_cache_flush(enable); |
Michael Ellerman | 98f6ded | 2019-04-11 21:46:15 +1000 | [diff] [blame] | 459 | } |
| 460 | |
| 461 | #ifdef CONFIG_DEBUG_FS |
| 462 | static int count_cache_flush_set(void *data, u64 val) |
| 463 | { |
| 464 | bool enable; |
| 465 | |
| 466 | if (val == 1) |
| 467 | enable = true; |
| 468 | else if (val == 0) |
| 469 | enable = false; |
| 470 | else |
| 471 | return -EINVAL; |
| 472 | |
| 473 | toggle_count_cache_flush(enable); |
| 474 | |
| 475 | return 0; |
| 476 | } |
| 477 | |
| 478 | static int count_cache_flush_get(void *data, u64 *val) |
| 479 | { |
| 480 | if (count_cache_flush_type == COUNT_CACHE_FLUSH_NONE) |
| 481 | *val = 0; |
| 482 | else |
| 483 | *val = 1; |
| 484 | |
| 485 | return 0; |
| 486 | } |
| 487 | |
| 488 | DEFINE_SIMPLE_ATTRIBUTE(fops_count_cache_flush, count_cache_flush_get, |
| 489 | count_cache_flush_set, "%llu\n"); |
| 490 | |
| 491 | static __init int count_cache_flush_debugfs_init(void) |
| 492 | { |
| 493 | debugfs_create_file("count_cache_flush", 0600, powerpc_debugfs_root, |
| 494 | NULL, &fops_count_cache_flush); |
| 495 | return 0; |
| 496 | } |
| 497 | device_initcall(count_cache_flush_debugfs_init); |
| 498 | #endif /* CONFIG_DEBUG_FS */ |
Diana Craciun | 1ec00d2 | 2019-04-11 21:46:07 +1000 | [diff] [blame] | 499 | #endif /* CONFIG_PPC_BOOK3S_64 */ |