From patchwork Tue Jun 9 06:16:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicholas Piggin X-Patchwork-Id: 1305605 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49h1Wf5HNvz9sRK for ; Tue, 9 Jun 2020 17:11:42 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=bzAa2cd8; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 49h1Wf47KfzDqsl for ; Tue, 9 Jun 2020 17:11:42 +1000 (AEST) X-Original-To: linuxppc-dev@lists.ozlabs.org Delivered-To: linuxppc-dev@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gmail.com (client-ip=2607:f8b0:4864:20::642; helo=mail-pl1-x642.google.com; envelope-from=npiggin@gmail.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=bzAa2cd8; dkim-atps=neutral Received: from mail-pl1-x642.google.com (mail-pl1-x642.google.com [IPv6:2607:f8b0:4864:20::642]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 49h0JJ0ZYgzDqXX for ; Tue, 9 Jun 2020 16:16:47 +1000 (AEST) Received: by mail-pl1-x642.google.com with SMTP id q16so7629128plr.2 for ; Mon, 08 Jun 2020 23:16:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=SPEE5RsHPWskoMu8dlYKuC8rhEX7lbur90bLHAdYeu4=; b=bzAa2cd8jvNW7OHChzodPZnORmDPXNnQB4tj8evEPUjXnlvuhaGclihkLGJaTrOvtb rm2axOokIZbYp2WJCo7IXkhIRcNHC8DbPfrzM+31fv1Jr/9sTCwX9RCLsEf85DmenPwc 693xMUHMBkMFU8qbFQN0ooZSWLsS/3Em9kEVC1t5xRCKe82La4IgnATIcBV+OFLcRaKT LtaU/bXgvEStIPqQL6D0VOWflEROP5hI0IXtfWQiyu3zOqS23Zcw+1N0w4VbYdhmdOWe dyjjJdVMWvNTYheSS4H0V+KLOLF/70jnIOnMvmHTDaKHhQAjHTC5rOMFS9TUQM3A6fKq vRBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=SPEE5RsHPWskoMu8dlYKuC8rhEX7lbur90bLHAdYeu4=; b=OZjNw9heYVd5pxLpI4OQ3INUxhhsMMcYIx8H6hCnLETMH5tdU+ESmZn/PhP827o+xB jsRs1oLFgM8ZXHzzCK16LvtQ09satguYu5kkke0YG/tDvhJ22IaLfigo5JH7fDfVH60g zjw/VdBn9Mq9LL1xesaP5umIJIZtmfLGUVU8Ql8H90/NgJ/t8tnIDmV1U+QIvUmkMiRj fd9ODimj6M3rzbUcHRxw8MOnwgRQE7r5e58Bue2wi2jBs282FGwWNh9KZf6QSrYRc7zw CAWcVu/M61WvLAuWugEip8lwnCxQQidBGVjGOc0zxlF3btUPTLxX1aoEXhwIEnnDl0zh Z6QQ== X-Gm-Message-State: AOAM532rafGFL2oFJFPlQ6/vhD61Eu6PSzKJsGZUEzD9oA9Sl+Iwqbj3 NzjCeaAS61HDDjCWAMGzCog= X-Google-Smtp-Source: ABdhPJyl/qfTeRKjhEItWZIehUcZ+csau4AZZ1rcB6OXD9wBLCyGa8acD8lmnMAg22MIXiUFKPYlBw== X-Received: by 2002:a17:90b:4911:: with SMTP id kr17mr3037435pjb.40.1591683405260; Mon, 08 Jun 2020 23:16:45 -0700 (PDT) Received: from bobo.ozlabs.ibm.com ([61.68.71.10]) by smtp.gmail.com with ESMTPSA id k12sm7567981pgm.11.2020.06.08.23.16.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jun 2020 23:16:44 -0700 (PDT) From: Nicholas Piggin To: Subject: [PATCH 1/7] powerpc/security: re-name count cache flush to branch cache flush Date: Tue, 9 Jun 2020 16:16:25 +1000 Message-Id: <20200609061631.844390-2-npiggin@gmail.com> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20200609061631.844390-1-npiggin@gmail.com> References: <20200609061631.844390-1-npiggin@gmail.com> MIME-Version: 1.0 X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linuxppc-dev@lists.ozlabs.org, Nicholas Piggin Errors-To: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" The count cache flush mostly refers to both count cache and link stack flushing. As a first step to untangling these a bit, re-name the bits that apply to both. Signed-off-by: Nicholas Piggin --- arch/powerpc/include/asm/asm-prototypes.h | 4 +-- arch/powerpc/kernel/entry_64.S | 7 ++--- arch/powerpc/kernel/security.c | 36 +++++++++++------------ 3 files changed, 23 insertions(+), 24 deletions(-) diff --git a/arch/powerpc/include/asm/asm-prototypes.h b/arch/powerpc/include/asm/asm-prototypes.h index 7d81e86a1e5d..fa9057360e88 100644 --- a/arch/powerpc/include/asm/asm-prototypes.h +++ b/arch/powerpc/include/asm/asm-prototypes.h @@ -144,13 +144,13 @@ void _kvmppc_restore_tm_pr(struct kvm_vcpu *vcpu, u64 guest_msr); void _kvmppc_save_tm_pr(struct kvm_vcpu *vcpu, u64 guest_msr); /* Patch sites */ -extern s32 patch__call_flush_count_cache; +extern s32 patch__call_flush_branch_caches; extern s32 patch__flush_count_cache_return; extern s32 patch__flush_link_stack_return; extern s32 patch__call_kvm_flush_link_stack; extern s32 patch__memset_nocache, patch__memcpy_nocache; -extern long flush_count_cache; +extern long flush_branch_caches; extern long kvm_flush_link_stack; #ifdef CONFIG_PPC_TRANSACTIONAL_MEM diff --git a/arch/powerpc/kernel/entry_64.S b/arch/powerpc/kernel/entry_64.S index 9d49338e0c85..2ba25b3b701e 100644 --- a/arch/powerpc/kernel/entry_64.S +++ b/arch/powerpc/kernel/entry_64.S @@ -259,8 +259,7 @@ _ASM_NOKPROBE_SYMBOL(save_nvgprs); #define FLUSH_COUNT_CACHE \ 1: nop; \ - patch_site 1b, patch__call_flush_count_cache - + patch_site 1b, patch__call_flush_branch_caches #define BCCTR_FLUSH .long 0x4c400420 @@ -271,8 +270,8 @@ _ASM_NOKPROBE_SYMBOL(save_nvgprs); .endm .balign 32 -.global flush_count_cache -flush_count_cache: +.global flush_branch_caches +flush_branch_caches: /* Save LR into r9 */ mflr r9 diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c index d86701ce116b..df2a3eff950b 100644 --- a/arch/powerpc/kernel/security.c +++ b/arch/powerpc/kernel/security.c @@ -21,12 +21,12 @@ u64 powerpc_security_features __read_mostly = SEC_FTR_DEFAULT; -enum count_cache_flush_type { - COUNT_CACHE_FLUSH_NONE = 0x1, - COUNT_CACHE_FLUSH_SW = 0x2, - COUNT_CACHE_FLUSH_HW = 0x4, +enum branch_cache_flush_type { + BRANCH_CACHE_FLUSH_NONE = 0x1, + BRANCH_CACHE_FLUSH_SW = 0x2, + BRANCH_CACHE_FLUSH_HW = 0x4, }; -static enum count_cache_flush_type count_cache_flush_type = COUNT_CACHE_FLUSH_NONE; +static enum branch_cache_flush_type count_cache_flush_type = BRANCH_CACHE_FLUSH_NONE; static bool link_stack_flush_enabled; bool barrier_nospec_enabled; @@ -222,10 +222,10 @@ ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, c if (link_stack_flush_enabled) seq_buf_printf(&s, ", Software link stack flush"); - } else if (count_cache_flush_type != COUNT_CACHE_FLUSH_NONE) { + } else if (count_cache_flush_type != BRANCH_CACHE_FLUSH_NONE) { seq_buf_printf(&s, "Mitigation: Software count cache flush"); - if (count_cache_flush_type == COUNT_CACHE_FLUSH_HW) + if (count_cache_flush_type == BRANCH_CACHE_FLUSH_HW) seq_buf_printf(&s, " (hardware accelerated)"); if (link_stack_flush_enabled) @@ -429,18 +429,18 @@ device_initcall(stf_barrier_debugfs_init); static void no_count_cache_flush(void) { - count_cache_flush_type = COUNT_CACHE_FLUSH_NONE; + count_cache_flush_type = BRANCH_CACHE_FLUSH_NONE; pr_info("count-cache-flush: software flush disabled.\n"); } -static void toggle_count_cache_flush(bool enable) +static void toggle_branch_cache_flush(bool enable) { if (!security_ftr_enabled(SEC_FTR_FLUSH_COUNT_CACHE) && !security_ftr_enabled(SEC_FTR_FLUSH_LINK_STACK)) enable = false; if (!enable) { - patch_instruction_site(&patch__call_flush_count_cache, + patch_instruction_site(&patch__call_flush_branch_caches, ppc_inst(PPC_INST_NOP)); #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE patch_instruction_site(&patch__call_kvm_flush_link_stack, @@ -452,9 +452,9 @@ static void toggle_count_cache_flush(bool enable) return; } - // This enables the branch from _switch to flush_count_cache - patch_branch_site(&patch__call_flush_count_cache, - (u64)&flush_count_cache, BRANCH_SET_LINK); + // This enables the branch from _switch to flush_branch_caches + patch_branch_site(&patch__call_flush_branch_caches, + (u64)&flush_branch_caches, BRANCH_SET_LINK); #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE // This enables the branch from guest_exit_cont to kvm_flush_link_stack @@ -474,13 +474,13 @@ static void toggle_count_cache_flush(bool enable) } if (!security_ftr_enabled(SEC_FTR_BCCTR_FLUSH_ASSIST)) { - count_cache_flush_type = COUNT_CACHE_FLUSH_SW; + count_cache_flush_type = BRANCH_CACHE_FLUSH_SW; pr_info("count-cache-flush: full software flush sequence enabled.\n"); return; } patch_instruction_site(&patch__flush_count_cache_return, ppc_inst(PPC_INST_BLR)); - count_cache_flush_type = COUNT_CACHE_FLUSH_HW; + count_cache_flush_type = BRANCH_CACHE_FLUSH_HW; pr_info("count-cache-flush: hardware assisted flush sequence enabled\n"); } @@ -505,7 +505,7 @@ void setup_count_cache_flush(void) security_ftr_enabled(SEC_FTR_FLUSH_COUNT_CACHE)) security_ftr_set(SEC_FTR_FLUSH_LINK_STACK); - toggle_count_cache_flush(enable); + toggle_branch_cache_flush(enable); } #ifdef CONFIG_DEBUG_FS @@ -520,14 +520,14 @@ static int count_cache_flush_set(void *data, u64 val) else return -EINVAL; - toggle_count_cache_flush(enable); + toggle_branch_cache_flush(enable); return 0; } static int count_cache_flush_get(void *data, u64 *val) { - if (count_cache_flush_type == COUNT_CACHE_FLUSH_NONE) + if (count_cache_flush_type == BRANCH_CACHE_FLUSH_NONE) *val = 0; else *val = 1; From patchwork Tue Jun 9 06:16:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicholas Piggin X-Patchwork-Id: 1305606 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49h1YZ1CvTz9sRK for ; Tue, 9 Jun 2020 17:13:22 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=n2ft2lV6; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 49h1YZ0HSWzDr3N for ; Tue, 9 Jun 2020 17:13:22 +1000 (AEST) X-Original-To: linuxppc-dev@lists.ozlabs.org Delivered-To: linuxppc-dev@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gmail.com (client-ip=2607:f8b0:4864:20::644; helo=mail-pl1-x644.google.com; envelope-from=npiggin@gmail.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=n2ft2lV6; dkim-atps=neutral Received: from mail-pl1-x644.google.com (mail-pl1-x644.google.com [IPv6:2607:f8b0:4864:20::644]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 49h0JL6wHpzDqTd for ; Tue, 9 Jun 2020 16:16:50 +1000 (AEST) Received: by mail-pl1-x644.google.com with SMTP id bh7so7613534plb.11 for ; Mon, 08 Jun 2020 23:16:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=k4IXEINXdNzTPGUhU9F4Y8RAOkt5tBRqM+udEagmeaI=; b=n2ft2lV6wXksFoOndSUnerJ45T0g9Txl2fxdMsZn0f4m1t5WLuG83PKAQnVgHxLRn1 AioEJlDvT5QzppdQ8paPkg0cR9oFwqB1/UPAZ66NAR8JyLNz5l/yzkbQ9trFJ8o71q9I j/f+qqEd8SZPaojtwLYuj2xO+EtSR4vsCiq7jcA/pjnXJp+ccLzFVQSqj2Ng1OLZLuDo xAov/GzCai3sWRsCQ1iNg6wNfD9n8PZt+Q6QqpJgLbds+qsRePVklXDAHfv5VewDbmGe SxdRJXhfB62wQGI5/8z6n6YRerq4TSAGySCFLXNNIUa2LzS4PebdNVVSapk9wYNoFY2S +upg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=k4IXEINXdNzTPGUhU9F4Y8RAOkt5tBRqM+udEagmeaI=; b=RQ9Sdayuk7z6kuOgB2rRvirFvxj544oGWE88WPSHViRB/0cPsIVJyud8iqvHUpYd0c cLxXUX5Lop/6z58cSx/99RxaH+W+TXw7wvQ6mqTqxKTcbcGmBQVmdlDD7oTrsYRnDuz5 mgPzFF3zd5dwY631SxQ8Z4IS3S6ER+wqsCiRL5rkV6yP4PEm2LRVd5FhTZkXOaNZSlB9 8KkkyTHHLKj965uwSTlMw/wJLoXSV1rzDQJunvhNmbr9dZ2h/9V/AcOD8aJGPERfsiM1 xCdzTQnElJqGfHSjoFv3vDzvhsRIoY7oFb7KDZ8EuBi6QmrM/WarjsYEvsWbuE5kwbq3 jEAA== X-Gm-Message-State: AOAM5332fcoB5rvGZUOLbWbsh6D/2TH7I70N+R0v8sTILPQpRiVFE8AL X0LFM97GCTc2LLX6yW1uzZM= X-Google-Smtp-Source: ABdhPJwxxvbqx7vcIBmjLZDq4XmC1MtyrrGO9dh6sNz/yGz79dPpvPPnjbQy7hco2NNIkaInLjw4kQ== X-Received: by 2002:a17:90b:915:: with SMTP id bo21mr3101498pjb.52.1591683407733; Mon, 08 Jun 2020 23:16:47 -0700 (PDT) Received: from bobo.ozlabs.ibm.com ([61.68.71.10]) by smtp.gmail.com with ESMTPSA id k12sm7567981pgm.11.2020.06.08.23.16.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jun 2020 23:16:47 -0700 (PDT) From: Nicholas Piggin To: Subject: [PATCH 2/7] powerpc/security: change link stack flush state to the flush type enum Date: Tue, 9 Jun 2020 16:16:26 +1000 Message-Id: <20200609061631.844390-3-npiggin@gmail.com> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20200609061631.844390-1-npiggin@gmail.com> References: <20200609061631.844390-1-npiggin@gmail.com> MIME-Version: 1.0 X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linuxppc-dev@lists.ozlabs.org, Nicholas Piggin Errors-To: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" Prepare to allow for hardware link stack flushing by using the none/sw/hw type, same as the count cache state. Signed-off-by: Nicholas Piggin --- arch/powerpc/kernel/security.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c index df2a3eff950b..28f4cb062f69 100644 --- a/arch/powerpc/kernel/security.c +++ b/arch/powerpc/kernel/security.c @@ -27,7 +27,7 @@ enum branch_cache_flush_type { BRANCH_CACHE_FLUSH_HW = 0x4, }; static enum branch_cache_flush_type count_cache_flush_type = BRANCH_CACHE_FLUSH_NONE; -static bool link_stack_flush_enabled; +static enum branch_cache_flush_type link_stack_flush_type = BRANCH_CACHE_FLUSH_NONE; bool barrier_nospec_enabled; static bool no_nospec; @@ -219,7 +219,7 @@ ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, c if (ccd) seq_buf_printf(&s, "Indirect branch cache disabled"); - if (link_stack_flush_enabled) + if (link_stack_flush_type == BRANCH_CACHE_FLUSH_SW) seq_buf_printf(&s, ", Software link stack flush"); } else if (count_cache_flush_type != BRANCH_CACHE_FLUSH_NONE) { @@ -228,7 +228,7 @@ ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, c if (count_cache_flush_type == BRANCH_CACHE_FLUSH_HW) seq_buf_printf(&s, " (hardware accelerated)"); - if (link_stack_flush_enabled) + if (link_stack_flush_type == BRANCH_CACHE_FLUSH_SW) seq_buf_printf(&s, ", Software link stack flush"); } else if (btb_flush_enabled) { @@ -447,7 +447,7 @@ static void toggle_branch_cache_flush(bool enable) ppc_inst(PPC_INST_NOP)); #endif pr_info("link-stack-flush: software flush disabled.\n"); - link_stack_flush_enabled = false; + link_stack_flush_type = BRANCH_CACHE_FLUSH_NONE; no_count_cache_flush(); return; } @@ -463,7 +463,7 @@ static void toggle_branch_cache_flush(bool enable) #endif pr_info("link-stack-flush: software flush enabled.\n"); - link_stack_flush_enabled = true; + link_stack_flush_type = BRANCH_CACHE_FLUSH_SW; // If we just need to flush the link stack, patch an early return if (!security_ftr_enabled(SEC_FTR_FLUSH_COUNT_CACHE)) { From patchwork Tue Jun 9 06:16:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicholas Piggin X-Patchwork-Id: 1305607 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49h1bQ1bYjz9sRK for ; Tue, 9 Jun 2020 17:14:58 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=dLt+OcvG; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 49h1bQ0SHYzDqjc for ; Tue, 9 Jun 2020 17:14:58 +1000 (AEST) X-Original-To: linuxppc-dev@lists.ozlabs.org Delivered-To: linuxppc-dev@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gmail.com (client-ip=2607:f8b0:4864:20::541; helo=mail-pg1-x541.google.com; envelope-from=npiggin@gmail.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=dLt+OcvG; dkim-atps=neutral Received: from mail-pg1-x541.google.com (mail-pg1-x541.google.com [IPv6:2607:f8b0:4864:20::541]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 49h0JN0cPNzDqQv for ; Tue, 9 Jun 2020 16:16:52 +1000 (AEST) Received: by mail-pg1-x541.google.com with SMTP id p21so9819791pgm.13 for ; Mon, 08 Jun 2020 23:16:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=8Oa+WR6zHDc4KFducblu1u/8O5kXvk2yTl9b+EY3rFY=; b=dLt+OcvG0BsesaJEI9fkNJW8KCYq46o4MtUkeTGOQQDV80LiV/w+K0cJpy4KSD/pmM n7kozvB0kFLhPymFTQruXAzX/t79MMIfBKz2fkFW4p1+C/jQTwoKxZG5EPs2+zbnlB9K 25DmVawhfKEzYhHBk8CFF48oUqTuerDJFAYCp43+9pull805H0UWYF6X+t/oXvSDV/k2 v/D+7FO4Uco8YW7Oes0jOCqUjnkZShcDGhHSyi9tUkWXzP3S21mxbLl4TL93niCEAnIS YVvrVRFQGCmUoIYdgsTIdfCmEcesGXtM5BsNDNRxJNm9iLKe++iFzsHULxdl0oIZ6g0K 7Wcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=8Oa+WR6zHDc4KFducblu1u/8O5kXvk2yTl9b+EY3rFY=; b=t3YDfn+OpS7of2CZm1a0z+/unRM1K3N59uFB0puCuxKpadQuxRvYUREbDkR3HONSdY J0iC1DZ5+u0wtuzp+8kKayy0PeHzJGY8ctB5pUE84D9ityWGV5Nyj4+YBeYFbJNFOiXE eWl8o3H/uKE2nxkQZGilRaNjqiwD3anuEKie5OkwIlFyq0mWvjFbFVaP5VBAxE1U0MqH /Qe2nkrOPiqLE8MRDymP1MpdxogHTigGM49kqoC2KibW380IDTAn7Hp0OL3X10vbR0mX pEdSKuil347sIbVkN64HLX3cJ5CGMj+8a23bq8bWLRqW13PSUzmO802l7ektcp3FHFvm 4+uw== X-Gm-Message-State: AOAM531AtaiMV4zpu3A+MvckQnU4YRfCg7dVrVW0Zh4pgqhLCCZSjXFA 2CJOVcTWnV7+sueVjgj0WKk= X-Google-Smtp-Source: ABdhPJweoG11SKkF27ifmX9RRnl9Hy38TVjKFzQ1+X0+VV7SAA0CAzWbhK3u+0fsI97+ebnT3/Pp0g== X-Received: by 2002:a63:e550:: with SMTP id z16mr22299297pgj.92.1591683410082; Mon, 08 Jun 2020 23:16:50 -0700 (PDT) Received: from bobo.ozlabs.ibm.com ([61.68.71.10]) by smtp.gmail.com with ESMTPSA id k12sm7567981pgm.11.2020.06.08.23.16.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jun 2020 23:16:49 -0700 (PDT) From: Nicholas Piggin To: Subject: [PATCH 3/7] powerpc/security: make display of branch cache flush more consistent Date: Tue, 9 Jun 2020 16:16:27 +1000 Message-Id: <20200609061631.844390-4-npiggin@gmail.com> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20200609061631.844390-1-npiggin@gmail.com> References: <20200609061631.844390-1-npiggin@gmail.com> MIME-Version: 1.0 X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linuxppc-dev@lists.ozlabs.org, Nicholas Piggin Errors-To: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" Make the count-cache and link-stack messages look the same Signed-off-by: Nicholas Piggin --- arch/powerpc/kernel/security.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c index 28f4cb062f69..659ef6a92bb9 100644 --- a/arch/powerpc/kernel/security.c +++ b/arch/powerpc/kernel/security.c @@ -430,7 +430,7 @@ device_initcall(stf_barrier_debugfs_init); static void no_count_cache_flush(void) { count_cache_flush_type = BRANCH_CACHE_FLUSH_NONE; - pr_info("count-cache-flush: software flush disabled.\n"); + pr_info("count-cache-flush: flush disabled.\n"); } static void toggle_branch_cache_flush(bool enable) @@ -446,7 +446,7 @@ static void toggle_branch_cache_flush(bool enable) patch_instruction_site(&patch__call_kvm_flush_link_stack, ppc_inst(PPC_INST_NOP)); #endif - pr_info("link-stack-flush: software flush disabled.\n"); + pr_info("link-stack-flush: flush disabled.\n"); link_stack_flush_type = BRANCH_CACHE_FLUSH_NONE; no_count_cache_flush(); return; @@ -475,13 +475,13 @@ static void toggle_branch_cache_flush(bool enable) if (!security_ftr_enabled(SEC_FTR_BCCTR_FLUSH_ASSIST)) { count_cache_flush_type = BRANCH_CACHE_FLUSH_SW; - pr_info("count-cache-flush: full software flush sequence enabled.\n"); + pr_info("count-cache-flush: software flush enabled.\n"); return; } patch_instruction_site(&patch__flush_count_cache_return, ppc_inst(PPC_INST_BLR)); count_cache_flush_type = BRANCH_CACHE_FLUSH_HW; - pr_info("count-cache-flush: hardware assisted flush sequence enabled\n"); + pr_info("count-cache-flush: hardware flush enabled.\n"); } void setup_count_cache_flush(void) From patchwork Tue Jun 9 06:16:28 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicholas Piggin X-Patchwork-Id: 1305609 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49h1dY50x6z9sRK for ; Tue, 9 Jun 2020 17:16:49 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=ubqsvgxa; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 49h1dX73yWzDqdh for ; Tue, 9 Jun 2020 17:16:48 +1000 (AEST) X-Original-To: linuxppc-dev@lists.ozlabs.org Delivered-To: linuxppc-dev@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gmail.com (client-ip=2607:f8b0:4864:20::42f; helo=mail-pf1-x42f.google.com; envelope-from=npiggin@gmail.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=ubqsvgxa; dkim-atps=neutral Received: from mail-pf1-x42f.google.com (mail-pf1-x42f.google.com [IPv6:2607:f8b0:4864:20::42f]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 49h0JR0GjtzDqgZ for ; Tue, 9 Jun 2020 16:16:54 +1000 (AEST) Received: by mail-pf1-x42f.google.com with SMTP id j1so9453647pfe.4 for ; Mon, 08 Jun 2020 23:16:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Nv1xnXQ09Sk5xdYZkDphhnbaxAVbk33kYYkkc6jvMSs=; b=ubqsvgxalaftDUQb8TQkZvUIY92VTlRJ8XiACMRcJ8Pqih9J9RDjUkvmpbk85A+Eiz rMZRYJ/0gHlwMzX9qZZF73r3GUrW1K8Ef+0INuQs+9AkTyqEH+7k75wVsU4bYlAGxQtI sMNisCJqBV5MUlrgfJ+9tIGj35BBlbf9hklHHpJr9SLLqY2bxpVLeQfw0RdrWttRPJXV iqGukkClkANqYN0CU0EsORvqcRqldjFgM/EGyUxS6WBxlnjGbMiuZ9+9T29I+zg7Q708 4r5KTfQaTbDCpd7N6wX7UP9HB3tuaBzrQ/H+VNcNx3YCIZZLCW5NMQUcvwoeMz6SymcM GT7g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Nv1xnXQ09Sk5xdYZkDphhnbaxAVbk33kYYkkc6jvMSs=; b=s3wGTf3BemjED7j3DsZEpJBitZc7oLK8N2EWDeIcVhI7PMA/h3OiN81ioduguh9zf9 rcNw2RRoxVRpXhp7OrPZcSO6QT5qLyt/U15mVZC2vNxX5Idt/7pGtkAh9bykAxlPeyn+ 6cTzCcQU34AXhQMc95Z1yG3oSGNXQVDhqdZ725w4g7j2faLJKoeR/F6cbgrkTAWCSaRi rZbEqDlUdrBUY7CnKsMupGyi5rEzaowcno11vJXsksg8S03Er2Una5MDdyZq4j60EuRu BDzcHwytsnA6s0e8v460JWn06ST6Kb5SMgKUoXFhoDj+Q7vnFQJ3IqlERw9NW3HIeWjB vRxg== X-Gm-Message-State: AOAM533nRX/RhGMMO6pCx58hYt1TMnSq5WKOoMEY0yPV+ocJ4U2eh2pX hhnCKW23/FUMve1y8TYqu61NJBEZruY= X-Google-Smtp-Source: ABdhPJxR9dUNW7K7oz8+Lwq84m8ajwuzD/J3j/RvN8qru2hiStozqWYTkkfvLTICqpqkehVIHhXwfg== X-Received: by 2002:a65:41c8:: with SMTP id b8mr22296358pgq.265.1591683412413; Mon, 08 Jun 2020 23:16:52 -0700 (PDT) Received: from bobo.ozlabs.ibm.com ([61.68.71.10]) by smtp.gmail.com with ESMTPSA id k12sm7567981pgm.11.2020.06.08.23.16.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jun 2020 23:16:52 -0700 (PDT) From: Nicholas Piggin To: Subject: [PATCH 4/7] powerpc/security: split branch cache flush toggle from code patching Date: Tue, 9 Jun 2020 16:16:28 +1000 Message-Id: <20200609061631.844390-5-npiggin@gmail.com> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20200609061631.844390-1-npiggin@gmail.com> References: <20200609061631.844390-1-npiggin@gmail.com> MIME-Version: 1.0 X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linuxppc-dev@lists.ozlabs.org, Nicholas Piggin Errors-To: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" Branch cache flushing code patching has inter-dependencies on both the link stack and the count cache flushing state. To make the code clearer and to separate the link stack and count cache handling, split the "toggle" (setting up variables and printing enable/disable) from the code patching. Signed-off-by: Nicholas Piggin --- arch/powerpc/kernel/security.c | 94 ++++++++++++++++++---------------- 1 file changed, 51 insertions(+), 43 deletions(-) diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c index 659ef6a92bb9..2a413af21124 100644 --- a/arch/powerpc/kernel/security.c +++ b/arch/powerpc/kernel/security.c @@ -427,61 +427,69 @@ static __init int stf_barrier_debugfs_init(void) device_initcall(stf_barrier_debugfs_init); #endif /* CONFIG_DEBUG_FS */ -static void no_count_cache_flush(void) +static void update_branch_cache_flush(void) { - count_cache_flush_type = BRANCH_CACHE_FLUSH_NONE; - pr_info("count-cache-flush: flush disabled.\n"); -} - -static void toggle_branch_cache_flush(bool enable) -{ - if (!security_ftr_enabled(SEC_FTR_FLUSH_COUNT_CACHE) && - !security_ftr_enabled(SEC_FTR_FLUSH_LINK_STACK)) - enable = false; - - if (!enable) { - patch_instruction_site(&patch__call_flush_branch_caches, - ppc_inst(PPC_INST_NOP)); #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE + // This controls the branch from guest_exit_cont to kvm_flush_link_stack + if (link_stack_flush_type == BRANCH_CACHE_FLUSH_NONE) { patch_instruction_site(&patch__call_kvm_flush_link_stack, ppc_inst(PPC_INST_NOP)); -#endif - pr_info("link-stack-flush: flush disabled.\n"); - link_stack_flush_type = BRANCH_CACHE_FLUSH_NONE; - no_count_cache_flush(); - return; + } else { + patch_branch_site(&patch__call_kvm_flush_link_stack, + (u64)&kvm_flush_link_stack, BRANCH_SET_LINK); } - - // This enables the branch from _switch to flush_branch_caches - patch_branch_site(&patch__call_flush_branch_caches, - (u64)&flush_branch_caches, BRANCH_SET_LINK); - -#ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE - // This enables the branch from guest_exit_cont to kvm_flush_link_stack - patch_branch_site(&patch__call_kvm_flush_link_stack, - (u64)&kvm_flush_link_stack, BRANCH_SET_LINK); #endif - pr_info("link-stack-flush: software flush enabled.\n"); - link_stack_flush_type = BRANCH_CACHE_FLUSH_SW; + // This controls the branch from _switch to flush_branch_caches + if (count_cache_flush_type == BRANCH_CACHE_FLUSH_NONE && + link_stack_flush_type == BRANCH_CACHE_FLUSH_NONE) { + patch_instruction_site(&patch__call_flush_branch_caches, + ppc_inst(PPC_INST_NOP)); + } else { + patch_branch_site(&patch__call_flush_branch_caches, + (u64)&flush_branch_caches, BRANCH_SET_LINK); + + // If we just need to flush the link stack, early return + if (count_cache_flush_type == BRANCH_CACHE_FLUSH_NONE) { + patch_instruction_site(&patch__flush_link_stack_return, + ppc_inst(PPC_INST_BLR)); + + // If we have flush instruction, early return + } else if (count_cache_flush_type == BRANCH_CACHE_FLUSH_HW) { + patch_instruction_site(&patch__flush_count_cache_return, + ppc_inst(PPC_INST_BLR)); + } + } +} - // If we just need to flush the link stack, patch an early return - if (!security_ftr_enabled(SEC_FTR_FLUSH_COUNT_CACHE)) { - patch_instruction_site(&patch__flush_link_stack_return, - ppc_inst(PPC_INST_BLR)); - no_count_cache_flush(); - return; +static void toggle_branch_cache_flush(bool enable) +{ + if (!enable || !security_ftr_enabled(SEC_FTR_FLUSH_COUNT_CACHE)) { + if (count_cache_flush_type != BRANCH_CACHE_FLUSH_NONE) { + count_cache_flush_type = BRANCH_CACHE_FLUSH_NONE; + pr_info("count-cache-flush: flush disabled.\n"); + } + } else { + if (security_ftr_enabled(SEC_FTR_BCCTR_FLUSH_ASSIST)) { + count_cache_flush_type = BRANCH_CACHE_FLUSH_HW; + pr_info("count-cache-flush: hardware flush enabled.\n"); + } else { + count_cache_flush_type = BRANCH_CACHE_FLUSH_SW; + pr_info("count-cache-flush: software flush enabled.\n"); + } } - if (!security_ftr_enabled(SEC_FTR_BCCTR_FLUSH_ASSIST)) { - count_cache_flush_type = BRANCH_CACHE_FLUSH_SW; - pr_info("count-cache-flush: software flush enabled.\n"); - return; + if (!enable || !security_ftr_enabled(SEC_FTR_FLUSH_LINK_STACK)) { + if (link_stack_flush_type != BRANCH_CACHE_FLUSH_NONE) { + link_stack_flush_type = BRANCH_CACHE_FLUSH_NONE; + pr_info("link-stack-flush: flush disabled.\n"); + } + } else { + link_stack_flush_type = BRANCH_CACHE_FLUSH_SW; + pr_info("link-stack-flush: software flush enabled.\n"); } - patch_instruction_site(&patch__flush_count_cache_return, ppc_inst(PPC_INST_BLR)); - count_cache_flush_type = BRANCH_CACHE_FLUSH_HW; - pr_info("count-cache-flush: hardware flush enabled.\n"); + update_branch_cache_flush(); } void setup_count_cache_flush(void) From patchwork Tue Jun 9 06:16:29 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicholas Piggin X-Patchwork-Id: 1305611 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49h1gX6WbDz9sRK for ; Tue, 9 Jun 2020 17:18:32 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=JIQmEdvf; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 49h1gX5hHnzDr3V for ; Tue, 9 Jun 2020 17:18:32 +1000 (AEST) X-Original-To: linuxppc-dev@lists.ozlabs.org Delivered-To: linuxppc-dev@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gmail.com (client-ip=2607:f8b0:4864:20::102e; helo=mail-pj1-x102e.google.com; envelope-from=npiggin@gmail.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=JIQmEdvf; dkim-atps=neutral Received: from mail-pj1-x102e.google.com (mail-pj1-x102e.google.com [IPv6:2607:f8b0:4864:20::102e]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 49h0JT2HcfzDqlc for ; Tue, 9 Jun 2020 16:16:57 +1000 (AEST) Received: by mail-pj1-x102e.google.com with SMTP id m2so940154pjv.2 for ; Mon, 08 Jun 2020 23:16:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=rKfUjglDOVyzflc8oiqPOKNNxsCBrisCi40ZVFiBBhE=; b=JIQmEdvfO7+wPWPd3Mf7736B0od+V2keZbehrnUdkfwjE6dWf+ppQRq7RzEDNyXc/L NaCBKw2NBd9khNOBUHHX/5MHQ6XQq8SxRGFOYD5vqxSFMpAjUPhKYyGti7Tx5QFQQqk7 4uXuAX46xT+GIwLJxFcjZgepWA69rOxZOy4N5SddZbRxqAOK0n3ZyEL/kbZ4lQE0iUGt EXYzl3ykA/2Efvdce8aofSqnbmYb18bI4mzQU0SA6WtI7ut7wqBYEKgRl3waOizb7QEa wSy2CgwEJ8U+vxso6xvH51RmwqbRf0rBf/bkrQNW79xeuYgl8oa0m32zodUx/4Y08r/7 5aFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=rKfUjglDOVyzflc8oiqPOKNNxsCBrisCi40ZVFiBBhE=; b=Y9WYQB9zGT/bW2pDotazCKDHnS/qG08WXhVCc/ACCUXVPyCTfVCP0RKIFtO9jv9d3r sYTBBrReqDGxEN4uEItS9XGpUjESfTjvSFwj1C7aLiGk/SEgvYliyfPdE+OpwCzcuK8E yDCIAG5YzK70NG4wuAewHZ8oNBelCBV7YJlJBDas4V8KJkmMUoNgwBj01KJeXNdeScAS osvVAorV5E9fSfnbgQoNtVjKdRvqKaN2WHCpiukVER1kODVShyaOpJ8TQxSFPO/5IMrX vca1d7R72Se8xyRZbljbRAS6nPSNRmPwpx0ecAftznpM2L98dDmp7ZVI6HADEFoHtIS7 160g== X-Gm-Message-State: AOAM531TF2ZVf/NQADuYgyPDCIxmryfyZpnJMoJjsgzuTc9j/t7fRivv 2u0oM9E2l8NSR4nlg005IaRdwrgyEXI= X-Google-Smtp-Source: ABdhPJypDI0aw+cAgVjUIDlfofsCFM7F/Ym8NqPjwbo2ZGs3r74yvBw60DXXxDI0NKyZ67OaurkVAg== X-Received: by 2002:a17:90a:b30d:: with SMTP id d13mr3001078pjr.181.1591683414750; Mon, 08 Jun 2020 23:16:54 -0700 (PDT) Received: from bobo.ozlabs.ibm.com ([61.68.71.10]) by smtp.gmail.com with ESMTPSA id k12sm7567981pgm.11.2020.06.08.23.16.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jun 2020 23:16:54 -0700 (PDT) From: Nicholas Piggin To: Subject: [PATCH 5/7] powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h Date: Tue, 9 Jun 2020 16:16:29 +1000 Message-Id: <20200609061631.844390-6-npiggin@gmail.com> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20200609061631.844390-1-npiggin@gmail.com> References: <20200609061631.844390-1-npiggin@gmail.com> MIME-Version: 1.0 X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linuxppc-dev@lists.ozlabs.org, Nicholas Piggin Errors-To: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" Signed-off-by: Nicholas Piggin --- arch/powerpc/include/asm/ppc-opcode.h | 2 ++ arch/powerpc/kernel/entry_64.S | 6 ++---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/powerpc/include/asm/ppc-opcode.h b/arch/powerpc/include/asm/ppc-opcode.h index 2a39c716c343..79d511a38bbb 100644 --- a/arch/powerpc/include/asm/ppc-opcode.h +++ b/arch/powerpc/include/asm/ppc-opcode.h @@ -195,6 +195,7 @@ #define OP_LQ 56 /* sorted alphabetically */ +#define PPC_INST_BCCTR_FLUSH 0x4c400420 #define PPC_INST_BHRBE 0x7c00025c #define PPC_INST_CLRBHRB 0x7c00035c #define PPC_INST_COPY 0x7c20060c @@ -432,6 +433,7 @@ #endif /* Deal with instructions that older assemblers aren't aware of */ +#define PPC_BCCTR_FLUSH stringify_in_c(.long PPC_INST_BCCTR_FLUSH) #define PPC_CP_ABORT stringify_in_c(.long PPC_INST_CP_ABORT) #define PPC_COPY(a, b) stringify_in_c(.long PPC_INST_COPY | \ ___PPC_RA(a) | ___PPC_RB(b)) diff --git a/arch/powerpc/kernel/entry_64.S b/arch/powerpc/kernel/entry_64.S index 2ba25b3b701e..a115aeb2983a 100644 --- a/arch/powerpc/kernel/entry_64.S +++ b/arch/powerpc/kernel/entry_64.S @@ -261,8 +261,6 @@ _ASM_NOKPROBE_SYMBOL(save_nvgprs); 1: nop; \ patch_site 1b, patch__call_flush_branch_caches -#define BCCTR_FLUSH .long 0x4c400420 - .macro nops number .rept \number nop @@ -293,7 +291,7 @@ flush_branch_caches: li r9,0x7fff mtctr r9 - BCCTR_FLUSH + PPC_BCCTR_FLUSH 2: nop patch_site 2b patch__flush_count_cache_return @@ -302,7 +300,7 @@ flush_branch_caches: .rept 278 .balign 32 - BCCTR_FLUSH + PPC_BCCTR_FLUSH nops 7 .endr From patchwork Tue Jun 9 06:16:30 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicholas Piggin X-Patchwork-Id: 1305612 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49h1jx55K9z9sRK for ; Tue, 9 Jun 2020 17:20:37 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=WvhbQ90o; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 49h1jx4PHhzDqT9 for ; Tue, 9 Jun 2020 17:20:37 +1000 (AEST) X-Original-To: linuxppc-dev@lists.ozlabs.org Delivered-To: linuxppc-dev@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gmail.com (client-ip=2607:f8b0:4864:20::1043; helo=mail-pj1-x1043.google.com; envelope-from=npiggin@gmail.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=WvhbQ90o; dkim-atps=neutral Received: from mail-pj1-x1043.google.com (mail-pj1-x1043.google.com [IPv6:2607:f8b0:4864:20::1043]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 49h0JW5RGhzDqXJ for ; Tue, 9 Jun 2020 16:16:59 +1000 (AEST) Received: by mail-pj1-x1043.google.com with SMTP id ga6so943214pjb.1 for ; Mon, 08 Jun 2020 23:16:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ZGbSgTT6emfk+yKkoSS1OONFZ6zUUnEJvZ4/CyZkamM=; b=WvhbQ90oyTk8OGCmC6Rtk8qZiA6GP2qCBCYxibFHaM83fC06Ej6MioAM0dgCTkCIjo ZY73TclqIguBla6PJYUrQV7ryUHCB/jbfbOYnXDjvPOx7hOS5CN5wvnI71w2FC/Z1dNX fv2FRpqlKr1FtFiT0jHahZFfyu6w93+UoSPHAQcrp34cw3nKqxanEINGJV1+Q8DYKZNl 2FbkA4aHr92PZtQrbIGqJnzSSmmIaFhKT1FH74aPglUTHVtlWhPwjK2uqUp0CtcV7zgD uZcfL8Ixia4za4zkRY59xtR/YN/hjBFOnQMWD7Fz1ZQ+a3SI/5T+9EQawE8nsGGgXZ5V PVxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ZGbSgTT6emfk+yKkoSS1OONFZ6zUUnEJvZ4/CyZkamM=; b=VsR3EEndSWGCyVjx/bwvDfDHK48/R6b5CgPcdSTE9CI1iVodvjufFeVHYcGwsKHS9A qNTy1ZD7nM/DDLmObYlPAMZg2Brm6y+bUnWa/KGcOBtJ/8QJxT6DU7/NnGNzJ3Io9AEX Uh7TMyp0ydOZlJkqm9iYPq6g4vhBqFcRQWCnnh+fj3tmdNKJTiBZiwNEYTwra3K8nP/F E7YwTLKh9ZKhDAUOgDIlWEHxyJLwkjJAVtxPddxsdwMmxTFChpukf3ITKIzt4FSZBUeT GFi/f2q2BZ648ZZc95n+O3iKyV0Jej2qeY1aVUUoOa2Ixo8Iah6QCpNWoGdRZq14KIc+ HlbQ== X-Gm-Message-State: AOAM533V2b8uHolx8CL5Pc4cgu6meI1vYskdR+qJaLjGm7reONtPAL2/ dNdvzxtaNmHNhwxWhKrX9bA= X-Google-Smtp-Source: ABdhPJyCfPIUSAxuWDPOgyons4apGfNx8qvRbvpeS4nGoVhuQRWnp/TNGUKawloJOaD/e65oc3KO8A== X-Received: by 2002:a17:902:b7c9:: with SMTP id v9mr1986498plz.34.1591683417159; Mon, 08 Jun 2020 23:16:57 -0700 (PDT) Received: from bobo.ozlabs.ibm.com ([61.68.71.10]) by smtp.gmail.com with ESMTPSA id k12sm7567981pgm.11.2020.06.08.23.16.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jun 2020 23:16:56 -0700 (PDT) From: Nicholas Piggin To: Subject: [PATCH 6/7] powerpc/security: Allow for processors that flush the link stack using the special bcctr Date: Tue, 9 Jun 2020 16:16:30 +1000 Message-Id: <20200609061631.844390-7-npiggin@gmail.com> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20200609061631.844390-1-npiggin@gmail.com> References: <20200609061631.844390-1-npiggin@gmail.com> MIME-Version: 1.0 X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linuxppc-dev@lists.ozlabs.org, Nicholas Piggin Errors-To: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" If both count cache and link stack are to be flushed, and can be flushed with the special bcctr, patch that in directly to the flush/branch nop site. Signed-off-by: Nicholas Piggin --- arch/powerpc/include/asm/security_features.h | 2 ++ arch/powerpc/kernel/security.c | 27 ++++++++++++++------ 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/arch/powerpc/include/asm/security_features.h b/arch/powerpc/include/asm/security_features.h index 7c05e95a5c44..fbb8fa32150f 100644 --- a/arch/powerpc/include/asm/security_features.h +++ b/arch/powerpc/include/asm/security_features.h @@ -63,6 +63,8 @@ static inline bool security_ftr_enabled(u64 feature) // bcctr 2,0,0 triggers a hardware assisted count cache flush #define SEC_FTR_BCCTR_FLUSH_ASSIST 0x0000000000000800ull +// bcctr 2,0,0 triggers a hardware assisted link stack flush +#define SEC_FTR_BCCTR_LINK_FLUSH_ASSIST 0x0000000000002000ull // Features indicating need for Spectre/Meltdown mitigations diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c index 2a413af21124..6ad5c753d47c 100644 --- a/arch/powerpc/kernel/security.c +++ b/arch/powerpc/kernel/security.c @@ -219,24 +219,25 @@ ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, c if (ccd) seq_buf_printf(&s, "Indirect branch cache disabled"); - if (link_stack_flush_type == BRANCH_CACHE_FLUSH_SW) - seq_buf_printf(&s, ", Software link stack flush"); - } else if (count_cache_flush_type != BRANCH_CACHE_FLUSH_NONE) { seq_buf_printf(&s, "Mitigation: Software count cache flush"); if (count_cache_flush_type == BRANCH_CACHE_FLUSH_HW) seq_buf_printf(&s, " (hardware accelerated)"); - if (link_stack_flush_type == BRANCH_CACHE_FLUSH_SW) - seq_buf_printf(&s, ", Software link stack flush"); - } else if (btb_flush_enabled) { seq_buf_printf(&s, "Mitigation: Branch predictor state flush"); } else { seq_buf_printf(&s, "Vulnerable"); } + if (bcs || ccd || count_cache_flush_type != BRANCH_CACHE_FLUSH_NONE) { + if (link_stack_flush_type != BRANCH_CACHE_FLUSH_NONE) + seq_buf_printf(&s, ", Software link stack flush"); + if (link_stack_flush_type == BRANCH_CACHE_FLUSH_HW) + seq_buf_printf(&s, " (hardware accelerated)"); + } + seq_buf_printf(&s, "\n"); return s.len; @@ -435,6 +436,7 @@ static void update_branch_cache_flush(void) patch_instruction_site(&patch__call_kvm_flush_link_stack, ppc_inst(PPC_INST_NOP)); } else { + // Could use HW flush, but that could also flush count cache patch_branch_site(&patch__call_kvm_flush_link_stack, (u64)&kvm_flush_link_stack, BRANCH_SET_LINK); } @@ -445,6 +447,10 @@ static void update_branch_cache_flush(void) link_stack_flush_type == BRANCH_CACHE_FLUSH_NONE) { patch_instruction_site(&patch__call_flush_branch_caches, ppc_inst(PPC_INST_NOP)); + } else if (count_cache_flush_type == BRANCH_CACHE_FLUSH_HW && + link_stack_flush_type == BRANCH_CACHE_FLUSH_HW) { + patch_instruction_site(&patch__call_flush_branch_caches, + ppc_inst(PPC_INST_BCCTR_FLUSH)); } else { patch_branch_site(&patch__call_flush_branch_caches, (u64)&flush_branch_caches, BRANCH_SET_LINK); @@ -485,8 +491,13 @@ static void toggle_branch_cache_flush(bool enable) pr_info("link-stack-flush: flush disabled.\n"); } } else { - link_stack_flush_type = BRANCH_CACHE_FLUSH_SW; - pr_info("link-stack-flush: software flush enabled.\n"); + if (security_ftr_enabled(SEC_FTR_BCCTR_LINK_FLUSH_ASSIST)) { + link_stack_flush_type = BRANCH_CACHE_FLUSH_HW; + pr_info("link-stack-flush: hardware flush enabled.\n"); + } else { + link_stack_flush_type = BRANCH_CACHE_FLUSH_SW; + pr_info("link-stack-flush: software flush enabled.\n"); + } } update_branch_cache_flush(); From patchwork Tue Jun 9 06:16:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicholas Piggin X-Patchwork-Id: 1305613 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49h1ly60MPz9sRN for ; Tue, 9 Jun 2020 17:22:22 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=UDhG4zfg; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 49h1ly5B94zDqS3 for ; Tue, 9 Jun 2020 17:22:22 +1000 (AEST) X-Original-To: linuxppc-dev@lists.ozlabs.org Delivered-To: linuxppc-dev@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gmail.com (client-ip=2607:f8b0:4864:20::542; helo=mail-pg1-x542.google.com; envelope-from=npiggin@gmail.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=UDhG4zfg; dkim-atps=neutral Received: from mail-pg1-x542.google.com (mail-pg1-x542.google.com [IPv6:2607:f8b0:4864:20::542]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 49h0JZ6dXGzDqT5 for ; Tue, 9 Jun 2020 16:17:02 +1000 (AEST) Received: by mail-pg1-x542.google.com with SMTP id o6so9871881pgh.2 for ; Mon, 08 Jun 2020 23:17:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ZVmVfRv4SeF9KjNUms3Y/5XoNk5MENEiNrLyURzVlKg=; b=UDhG4zfgtG4nYn82dlLgu2ZwvkqewC9fdX235597oKOB2ywrkJobhpmLZU3GIiH72K 4sV4zf8WrGzCGq/W+tWQDMsNTnDZAQBCPXVQ0xaalGwEWG4FFUNawn20A3FZtueg/TYt 4/QM9vDTxQ6w5vOwFIPGD9GUl0X0nR45W0AqbpNh61cQAvEg9/5UPh+aDDxRixIBv64+ Tx9UmZ7Dv/9ASZV3lK/tmkk30dWJyCL/eHQnw00n2fue/LM4BwVI39xHjIArhfX+FElr WRnnzkgFROFqGwW2lMXomaKQXrech2Tdog7yraS/cDHnPdbfli+aJDhqeHmUt6hcsqm/ dUCQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ZVmVfRv4SeF9KjNUms3Y/5XoNk5MENEiNrLyURzVlKg=; b=ttw1wG9S5GS0bcRAO0s8vVL16wAA4NE70XSM+QdeVuG3zomI7y/at2vSMJ1+2rcXk2 uBDy1l+Umifeg3HUJcrYVbCLBhtfzjhIxI6669c8xAmg9gHoM9eVWN0KbHamemqxpsPj xLDkvaRgOYe+tG3vlLbmDtC/FT3/Kedv7W0POAI3lOFvFX6UvOFrsYQTAYR727J/gX4d JuXdxYs+E/kB1wUGuQK13YfA9f3nN/rpcE0Kym6gRx4XCjm2E29AW1CQ54ps1WwXBskZ 0IXqP4EJEAiYK+LdkA0EJK7r5ge5pG2FJFwi7gmt280kImazlfHW5PuKqK9UZPr9bbY4 I0Yg== X-Gm-Message-State: AOAM532/mNsV28u/wFUxpZYkcz+vG2+YZ9lfqgksI6hRcl7fJDYFFMwT GVL3nVpqqAXV53Wv4lyJvuXVnMt33jQ= X-Google-Smtp-Source: ABdhPJzdTkbeR3wtAO6Q/iw8L/xGoRDXSCOjYQR0ZdXh+oy/99FQB8NaYCHMzNNyoHt5AojsGvdD/g== X-Received: by 2002:a63:6b04:: with SMTP id g4mr22863096pgc.111.1591683419577; Mon, 08 Jun 2020 23:16:59 -0700 (PDT) Received: from bobo.ozlabs.ibm.com ([61.68.71.10]) by smtp.gmail.com with ESMTPSA id k12sm7567981pgm.11.2020.06.08.23.16.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jun 2020 23:16:59 -0700 (PDT) From: Nicholas Piggin To: Subject: [PATCH 7/7] powerpc/64s: advertise hardware link stack flush Date: Tue, 9 Jun 2020 16:16:31 +1000 Message-Id: <20200609061631.844390-8-npiggin@gmail.com> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20200609061631.844390-1-npiggin@gmail.com> References: <20200609061631.844390-1-npiggin@gmail.com> MIME-Version: 1.0 X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linuxppc-dev@lists.ozlabs.org, Nicholas Piggin Errors-To: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" For testing only at the moment, firmware does not define these bits. --- arch/powerpc/include/asm/hvcall.h | 1 + arch/powerpc/include/uapi/asm/kvm.h | 1 + arch/powerpc/kvm/powerpc.c | 9 +++++++-- arch/powerpc/platforms/powernv/setup.c | 3 +++ arch/powerpc/platforms/pseries/setup.c | 3 +++ tools/arch/powerpc/include/uapi/asm/kvm.h | 1 + 6 files changed, 16 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/include/asm/hvcall.h b/arch/powerpc/include/asm/hvcall.h index e90c073e437e..a92a07c89b6f 100644 --- a/arch/powerpc/include/asm/hvcall.h +++ b/arch/powerpc/include/asm/hvcall.h @@ -373,6 +373,7 @@ #define H_CPU_CHAR_THREAD_RECONFIG_CTRL (1ull << 57) // IBM bit 6 #define H_CPU_CHAR_COUNT_CACHE_DISABLED (1ull << 56) // IBM bit 7 #define H_CPU_CHAR_BCCTR_FLUSH_ASSIST (1ull << 54) // IBM bit 9 +#define H_CPU_CHAR_BCCTR_LINK_FLUSH_ASSIST (1ull << 53) // IBM bit 10 #define H_CPU_BEHAV_FAVOUR_SECURITY (1ull << 63) // IBM bit 0 #define H_CPU_BEHAV_L1D_FLUSH_PR (1ull << 62) // IBM bit 1 diff --git a/arch/powerpc/include/uapi/asm/kvm.h b/arch/powerpc/include/uapi/asm/kvm.h index 264e266a85bf..dd229d5f46ee 100644 --- a/arch/powerpc/include/uapi/asm/kvm.h +++ b/arch/powerpc/include/uapi/asm/kvm.h @@ -464,6 +464,7 @@ struct kvm_ppc_cpu_char { #define KVM_PPC_CPU_CHAR_MTTRIG_THR_RECONF (1ULL << 57) #define KVM_PPC_CPU_CHAR_COUNT_CACHE_DIS (1ULL << 56) #define KVM_PPC_CPU_CHAR_BCCTR_FLUSH_ASSIST (1ull << 54) +#define KVM_PPC_CPU_CHAR_BCCTR_LINK_FLUSH_ASSIST (1ull << 53) #define KVM_PPC_CPU_BEHAV_FAVOUR_SECURITY (1ULL << 63) #define KVM_PPC_CPU_BEHAV_L1D_FLUSH_PR (1ULL << 62) diff --git a/arch/powerpc/kvm/powerpc.c b/arch/powerpc/kvm/powerpc.c index 27ccff612903..fa981ee09dec 100644 --- a/arch/powerpc/kvm/powerpc.c +++ b/arch/powerpc/kvm/powerpc.c @@ -2221,7 +2221,8 @@ static int pseries_get_cpu_char(struct kvm_ppc_cpu_char *cp) KVM_PPC_CPU_CHAR_BR_HINT_HONOURED | KVM_PPC_CPU_CHAR_MTTRIG_THR_RECONF | KVM_PPC_CPU_CHAR_COUNT_CACHE_DIS | - KVM_PPC_CPU_CHAR_BCCTR_FLUSH_ASSIST; + KVM_PPC_CPU_CHAR_BCCTR_FLUSH_ASSIST | + KVM_PPC_CPU_CHAR_BCCTR_LINK_FLUSH_ASSIST; cp->behaviour_mask = KVM_PPC_CPU_BEHAV_FAVOUR_SECURITY | KVM_PPC_CPU_BEHAV_L1D_FLUSH_PR | KVM_PPC_CPU_BEHAV_BNDS_CHK_SPEC_BAR | @@ -2287,13 +2288,17 @@ static int kvmppc_get_cpu_char(struct kvm_ppc_cpu_char *cp) if (have_fw_feat(fw_features, "enabled", "fw-count-cache-flush-bcctr2,0,0")) cp->character |= KVM_PPC_CPU_CHAR_BCCTR_FLUSH_ASSIST; + if (have_fw_feat(fw_features, "enabled", + "fw-link-stack-flush-bcctr2,0,0")) + cp->character |= KVM_PPC_CPU_CHAR_BCCTR_LINK_FLUSH_ASSIST; cp->character_mask = KVM_PPC_CPU_CHAR_SPEC_BAR_ORI31 | KVM_PPC_CPU_CHAR_BCCTRL_SERIALISED | KVM_PPC_CPU_CHAR_L1D_FLUSH_ORI30 | KVM_PPC_CPU_CHAR_L1D_FLUSH_TRIG2 | KVM_PPC_CPU_CHAR_L1D_THREAD_PRIV | KVM_PPC_CPU_CHAR_COUNT_CACHE_DIS | - KVM_PPC_CPU_CHAR_BCCTR_FLUSH_ASSIST; + KVM_PPC_CPU_CHAR_BCCTR_FLUSH_ASSIST | + KVM_PPC_CPU_CHAR_BCCTR_LINK_FLUSH_ASSIST; if (have_fw_feat(fw_features, "enabled", "speculation-policy-favor-security")) diff --git a/arch/powerpc/platforms/powernv/setup.c b/arch/powerpc/platforms/powernv/setup.c index 3bc188da82ba..1a06d3b4c0a9 100644 --- a/arch/powerpc/platforms/powernv/setup.c +++ b/arch/powerpc/platforms/powernv/setup.c @@ -78,6 +78,9 @@ static void init_fw_feat_flags(struct device_node *np) if (fw_feature_is("enabled", "fw-count-cache-flush-bcctr2,0,0", np)) security_ftr_set(SEC_FTR_BCCTR_FLUSH_ASSIST); + if (fw_feature_is("enabled", "fw-link-stack-flush-bcctr2,0,0", np)) + security_ftr_set(SEC_FTR_BCCTR_LINK_FLUSH_ASSIST); + if (fw_feature_is("enabled", "needs-count-cache-flush-on-context-switch", np)) security_ftr_set(SEC_FTR_FLUSH_COUNT_CACHE); diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c index 64d18f4bf093..70c9264f23c5 100644 --- a/arch/powerpc/platforms/pseries/setup.c +++ b/arch/powerpc/platforms/pseries/setup.c @@ -517,6 +517,9 @@ static void init_cpu_char_feature_flags(struct h_cpu_char_result *result) if (result->character & H_CPU_CHAR_BCCTR_FLUSH_ASSIST) security_ftr_set(SEC_FTR_BCCTR_FLUSH_ASSIST); + if (result->character & H_CPU_CHAR_BCCTR_LINK_FLUSH_ASSIST) + security_ftr_set(SEC_FTR_BCCTR_LINK_FLUSH_ASSIST); + if (result->behaviour & H_CPU_BEHAV_FLUSH_COUNT_CACHE) security_ftr_set(SEC_FTR_FLUSH_COUNT_CACHE); diff --git a/tools/arch/powerpc/include/uapi/asm/kvm.h b/tools/arch/powerpc/include/uapi/asm/kvm.h index 264e266a85bf..dd229d5f46ee 100644 --- a/tools/arch/powerpc/include/uapi/asm/kvm.h +++ b/tools/arch/powerpc/include/uapi/asm/kvm.h @@ -464,6 +464,7 @@ struct kvm_ppc_cpu_char { #define KVM_PPC_CPU_CHAR_MTTRIG_THR_RECONF (1ULL << 57) #define KVM_PPC_CPU_CHAR_COUNT_CACHE_DIS (1ULL << 56) #define KVM_PPC_CPU_CHAR_BCCTR_FLUSH_ASSIST (1ull << 54) +#define KVM_PPC_CPU_CHAR_BCCTR_LINK_FLUSH_ASSIST (1ull << 53) #define KVM_PPC_CPU_BEHAV_FAVOUR_SECURITY (1ULL << 63) #define KVM_PPC_CPU_BEHAV_L1D_FLUSH_PR (1ULL << 62)