Re: [PATCH stable 4.14 00/23] powerpc backports for 4.14
Greg KHwrites: > On Fri, May 25, 2018 at 09:03:11PM +1000, Michael Ellerman wrote: >> Michael Ellerman writes: >> > Hi Greg, >> > >> > Please queue up this series of patches for 4.14 if you have no objections. >> >> I just realised I didn't fix up the cherry-pick markings on these, so >> they still say eg: >> >> (cherry picked from commit bdcb1aefc5b3f7d0f1dc8b02673602bca2ff7a4b) >> >> Not the proper "commit bdcb1... upstream" style. >> >> I'll hold off resending in case you have some sed magic to fix that, but >> let me know if you'd like me to do it and resend the series. > > I don't have any sed magic for that, sorry. Can you fix up and resend? No worries. I just resent them. Below is a script that does it automatically, if you stick it in .git/hooks/prepare-commit-msg. cheers #!/usr/bin/env python2 # # prepare-commit-msg hook to rewrite git-cherry-pick style commit markers into # the preferred form for Linux stable. # # ie. (cherry pick from commit abc..) -> commit abc.. upstream import sys, re patt = re.compile('(?:cherry picked from commit ([a-fA-F0-9]+))') lines = open(sys.argv[1], 'r').readlines() for line in lines: match = patt.search(line) if match: lines.remove(line) lines.insert(1, '\ncommit %s upstream.\n' % match.group(1)) open(sys.argv[1], 'w').writelines(lines) break sys.exit(0)
[PATCH stable 4.14 v2 23/23] powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
From: Nicholas Piggincommit a048a07d7f4535baa4cbad6bc024f175317ab938 upstream. On some CPUs we can prevent a vulnerability related to store-to-load forwarding by preventing store forwarding between privilege domains, by inserting a barrier in kernel entry and exit paths. This is known to be the case on at least Power7, Power8 and Power9 powerpc CPUs. Barriers must be inserted generally before the first load after moving to a higher privilege, and after the last store before moving to a lower privilege, HV and PR privilege transitions must be protected. Barriers are added as patch sections, with all kernel/hypervisor entry points patched, and the exit points to lower privilge levels patched similarly to the RFI flush patching. Firmware advertisement is not implemented yet, so CPU flush types are hard coded. Thanks to Michal Suchánek for bug fixes and review. Signed-off-by: Nicholas Piggin Signed-off-by: Mauricio Faria de Oliveira Signed-off-by: Michael Neuling Signed-off-by: Michal Suchánek Signed-off-by: Michael Ellerman Signed-off-by: Linus Torvalds --- arch/powerpc/include/asm/exception-64s.h | 29 ++ arch/powerpc/include/asm/feature-fixups.h| 19 arch/powerpc/include/asm/security_features.h | 11 ++ arch/powerpc/kernel/exceptions-64s.S | 19 +++- arch/powerpc/kernel/security.c | 149 +++ arch/powerpc/kernel/vmlinux.lds.S| 14 +++ arch/powerpc/lib/feature-fixups.c| 115 + arch/powerpc/platforms/powernv/setup.c | 1 + arch/powerpc/platforms/pseries/setup.c | 1 + 9 files changed, 356 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/include/asm/exception-64s.h b/arch/powerpc/include/asm/exception-64s.h index ccf10c2f8899..c3bdd2d8ec90 100644 --- a/arch/powerpc/include/asm/exception-64s.h +++ b/arch/powerpc/include/asm/exception-64s.h @@ -69,6 +69,27 @@ */ #define EX_R3 EX_DAR +#define STF_ENTRY_BARRIER_SLOT \ + STF_ENTRY_BARRIER_FIXUP_SECTION;\ + nop;\ + nop;\ + nop + +#define STF_EXIT_BARRIER_SLOT \ + STF_EXIT_BARRIER_FIXUP_SECTION; \ + nop;\ + nop;\ + nop;\ + nop;\ + nop;\ + nop + +/* + * r10 must be free to use, r13 must be paca + */ +#define INTERRUPT_TO_KERNEL\ + STF_ENTRY_BARRIER_SLOT + /* * Macros for annotating the expected destination of (h)rfid * @@ -85,16 +106,19 @@ rfid #define RFI_TO_USER\ + STF_EXIT_BARRIER_SLOT; \ RFI_FLUSH_SLOT; \ rfid; \ b rfi_flush_fallback #define RFI_TO_USER_OR_KERNEL \ + STF_EXIT_BARRIER_SLOT; \ RFI_FLUSH_SLOT; \ rfid; \ b rfi_flush_fallback #define RFI_TO_GUEST \ + STF_EXIT_BARRIER_SLOT; \ RFI_FLUSH_SLOT; \ rfid; \ b rfi_flush_fallback @@ -103,21 +127,25 @@ hrfid #define HRFI_TO_USER \ + STF_EXIT_BARRIER_SLOT; \ RFI_FLUSH_SLOT; \ hrfid; \ b hrfi_flush_fallback #define HRFI_TO_USER_OR_KERNEL \ + STF_EXIT_BARRIER_SLOT; \ RFI_FLUSH_SLOT; \ hrfid; \ b hrfi_flush_fallback #define HRFI_TO_GUEST
[PATCH stable 4.14 v2 22/23] powerpc/64s: Fix section mismatch warnings from setup_rfi_flush()
commit 501a78cbc17c329fabf8e9750a1e9ab810c88a0e upstream. The recent LPM changes to setup_rfi_flush() are causing some section mismatch warnings because we removed the __init annotation on setup_rfi_flush(): The function setup_rfi_flush() references the function __init ppc64_bolted_size(). the function __init memblock_alloc_base(). The references are actually in init_fallback_flush(), but that is inlined into setup_rfi_flush(). These references are safe because: - only pseries calls setup_rfi_flush() at runtime - pseries always passes L1D_FLUSH_FALLBACK at boot - so the fallback flush area will always be allocated - so the check in init_fallback_flush() will always return early: /* Only allocate the fallback flush area once (at boot time). */ if (l1d_flush_fallback_area) return; - and therefore we won't actually call the freed init routines. We should rework the code to make it safer by default rather than relying on the above, but for now as a quick-fix just add a __ref annotation to squash the warning. Fixes: abf110f3e1ce ("powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again") Signed-off-by: Michael Ellerman--- arch/powerpc/kernel/setup_64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c index 1146174f45c5..0618aa61b26a 100644 --- a/arch/powerpc/kernel/setup_64.c +++ b/arch/powerpc/kernel/setup_64.c @@ -831,7 +831,7 @@ void rfi_flush_enable(bool enable) rfi_flush = enable; } -static void init_fallback_flush(void) +static void __ref init_fallback_flush(void) { u64 l1d_size, limit; int cpu; -- 2.14.1
[PATCH stable 4.14 v2 21/23] powerpc/pseries: Restore default security feature flags on setup
From: Mauricio Faria de Oliveiracommit 6232774f1599028a15418179d17f7df47ede770a upstream. After migration the security feature flags might have changed (e.g., destination system with unpatched firmware), but some flags are not set/clear again in init_cpu_char_feature_flags() because it assumes the security flags to be the defaults. Additionally, if the H_GET_CPU_CHARACTERISTICS hypercall fails then init_cpu_char_feature_flags() does not run again, which potentially might leave the system in an insecure or sub-optimal configuration. So, just restore the security feature flags to the defaults assumed by init_cpu_char_feature_flags() so it can set/clear them correctly, and to ensure safe settings are in place in case the hypercall fail. Fixes: f636c14790ea ("powerpc/pseries: Set or clear security feature flags") Depends-on: 19887d6a28e2 ("powerpc: Move default security feature flags") Signed-off-by: Mauricio Faria de Oliveira Signed-off-by: Michael Ellerman --- arch/powerpc/platforms/pseries/setup.c | 11 +++ 1 file changed, 11 insertions(+) diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c index 3cb12d27f168..1973de3cf355 100644 --- a/arch/powerpc/platforms/pseries/setup.c +++ b/arch/powerpc/platforms/pseries/setup.c @@ -462,6 +462,10 @@ static void __init find_and_init_phbs(void) static void init_cpu_char_feature_flags(struct h_cpu_char_result *result) { + /* +* The features below are disabled by default, so we instead look to see +* if firmware has *enabled* them, and set them if so. +*/ if (result->character & H_CPU_CHAR_SPEC_BAR_ORI31) security_ftr_set(SEC_FTR_SPEC_BAR_ORI31); @@ -501,6 +505,13 @@ void pseries_setup_rfi_flush(void) bool enable; long rc; + /* +* Set features to the defaults assumed by init_cpu_char_feature_flags() +* so it can set/clear again any features that might have changed after +* migration, and in case the hypercall fails and it is not even called. +*/ + powerpc_security_features = SEC_FTR_DEFAULT; + rc = plpar_get_cpu_characteristics(); if (rc == H_SUCCESS) init_cpu_char_feature_flags(); -- 2.14.1
[PATCH stable 4.14 v2 20/23] powerpc: Move default security feature flags
From: Mauricio Faria de Oliveiracommit e7347a86830f38dc3e40c8f7e28c04412b12a2e7 upstream. This moves the definition of the default security feature flags (i.e., enabled by default) closer to the security feature flags. This can be used to restore current flags to the default flags. Signed-off-by: Mauricio Faria de Oliveira Signed-off-by: Michael Ellerman --- arch/powerpc/include/asm/security_features.h | 8 arch/powerpc/kernel/security.c | 7 +-- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/arch/powerpc/include/asm/security_features.h b/arch/powerpc/include/asm/security_features.h index 400a9050e035..fa4d2e1cf772 100644 --- a/arch/powerpc/include/asm/security_features.h +++ b/arch/powerpc/include/asm/security_features.h @@ -63,4 +63,12 @@ static inline bool security_ftr_enabled(unsigned long feature) // Firmware configuration indicates user favours security over performance #define SEC_FTR_FAVOUR_SECURITY0x0200ull + +// Features enabled by default +#define SEC_FTR_DEFAULT \ + (SEC_FTR_L1D_FLUSH_HV | \ +SEC_FTR_L1D_FLUSH_PR | \ +SEC_FTR_BNDS_CHK_SPEC_BAR | \ +SEC_FTR_FAVOUR_SECURITY) + #endif /* _ASM_POWERPC_SECURITY_FEATURES_H */ diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c index 2cee3dcd231b..bab5a27ea805 100644 --- a/arch/powerpc/kernel/security.c +++ b/arch/powerpc/kernel/security.c @@ -11,12 +11,7 @@ #include -unsigned long powerpc_security_features __read_mostly = \ - SEC_FTR_L1D_FLUSH_HV | \ - SEC_FTR_L1D_FLUSH_PR | \ - SEC_FTR_BNDS_CHK_SPEC_BAR | \ - SEC_FTR_FAVOUR_SECURITY; - +unsigned long powerpc_security_features __read_mostly = SEC_FTR_DEFAULT; ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf) { -- 2.14.1
[PATCH stable 4.14 v2 19/23] powerpc/pseries: Fix clearing of security feature flags
From: Mauricio Faria de Oliveiracommit 0f9bdfe3c77091e8704d2e510eb7c2c2c6cde524 upstream. The H_CPU_BEHAV_* flags should be checked for in the 'behaviour' field of 'struct h_cpu_char_result' -- 'character' is for H_CPU_CHAR_* flags. Found by playing around with QEMU's implementation of the hypercall: H_CPU_CHAR=0xf000 H_CPU_BEHAV=0x This clears H_CPU_BEHAV_FAVOUR_SECURITY and H_CPU_BEHAV_L1D_FLUSH_PR so pseries_setup_rfi_flush() disables 'rfi_flush'; and it also clears H_CPU_CHAR_L1D_THREAD_PRIV flag. So there is no RFI flush mitigation at all for cpu_show_meltdown() to report; but currently it does: Original kernel: # cat /sys/devices/system/cpu/vulnerabilities/meltdown Mitigation: RFI Flush Patched kernel: # cat /sys/devices/system/cpu/vulnerabilities/meltdown Not affected H_CPU_CHAR=0x H_CPU_BEHAV=0xf000 This sets H_CPU_BEHAV_BNDS_CHK_SPEC_BAR so cpu_show_spectre_v1() should report vulnerable; but currently it doesn't: Original kernel: # cat /sys/devices/system/cpu/vulnerabilities/spectre_v1 Not affected Patched kernel: # cat /sys/devices/system/cpu/vulnerabilities/spectre_v1 Vulnerable Brown-paper-bag-by: Michael Ellerman Fixes: f636c14790ea ("powerpc/pseries: Set or clear security feature flags") Signed-off-by: Mauricio Faria de Oliveira Signed-off-by: Michael Ellerman --- arch/powerpc/platforms/pseries/setup.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c index ba0a36c577ca..3cb12d27f168 100644 --- a/arch/powerpc/platforms/pseries/setup.c +++ b/arch/powerpc/platforms/pseries/setup.c @@ -484,13 +484,13 @@ static void init_cpu_char_feature_flags(struct h_cpu_char_result *result) * The features below are enabled by default, so we instead look to see * if firmware has *disabled* them, and clear them if so. */ - if (!(result->character & H_CPU_BEHAV_FAVOUR_SECURITY)) + if (!(result->behaviour & H_CPU_BEHAV_FAVOUR_SECURITY)) security_ftr_clear(SEC_FTR_FAVOUR_SECURITY); - if (!(result->character & H_CPU_BEHAV_L1D_FLUSH_PR)) + if (!(result->behaviour & H_CPU_BEHAV_L1D_FLUSH_PR)) security_ftr_clear(SEC_FTR_L1D_FLUSH_PR); - if (!(result->character & H_CPU_BEHAV_BNDS_CHK_SPEC_BAR)) + if (!(result->behaviour & H_CPU_BEHAV_BNDS_CHK_SPEC_BAR)) security_ftr_clear(SEC_FTR_BNDS_CHK_SPEC_BAR); } -- 2.14.1
[PATCH stable 4.14 v2 18/23] powerpc/64s: Wire up cpu_show_spectre_v2()
commit d6fbe1c55c55c6937cbea3531af7da84ab7473c3 upstream. Add a definition for cpu_show_spectre_v2() to override the generic version. This has several permuations, though in practice some may not occur we cater for any combination. The most verbose is: Mitigation: Indirect branch serialisation (kernel only), Indirect branch cache disabled, ori31 speculation barrier enabled We don't treat the ori31 speculation barrier as a mitigation on its own, because it has to be *used* by code in order to be a mitigation and we don't know if userspace is doing that. So if that's all we see we say: Vulnerable, ori31 speculation barrier enabled Signed-off-by: Michael Ellerman--- arch/powerpc/kernel/security.c | 33 + 1 file changed, 33 insertions(+) diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c index 0eace3cac818..2cee3dcd231b 100644 --- a/arch/powerpc/kernel/security.c +++ b/arch/powerpc/kernel/security.c @@ -58,3 +58,36 @@ ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, c return sprintf(buf, "Vulnerable\n"); } + +ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf) +{ + bool bcs, ccd, ori; + struct seq_buf s; + + seq_buf_init(, buf, PAGE_SIZE - 1); + + bcs = security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED); + ccd = security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED); + ori = security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31); + + if (bcs || ccd) { + seq_buf_printf(, "Mitigation: "); + + if (bcs) + seq_buf_printf(, "Indirect branch serialisation (kernel only)"); + + if (bcs && ccd) + seq_buf_printf(, ", "); + + if (ccd) + seq_buf_printf(, "Indirect branch cache disabled"); + } else + seq_buf_printf(, "Vulnerable"); + + if (ori) + seq_buf_printf(, ", ori31 speculation barrier enabled"); + + seq_buf_printf(, "\n"); + + return s.len; +} -- 2.14.1
[PATCH stable 4.14 v2 17/23] powerpc/64s: Wire up cpu_show_spectre_v1()
commit 56986016cb8cd9050e601831fe89f332b4e3c46e upstream. Add a definition for cpu_show_spectre_v1() to override the generic version. Currently this just prints "Not affected" or "Vulnerable" based on the firmware flag. Although the kernel does have array_index_nospec() in a few places, we haven't yet audited all the powerpc code to see where it's necessary, so for now we don't list that as a mitigation. Signed-off-by: Michael Ellerman--- arch/powerpc/kernel/security.c | 8 1 file changed, 8 insertions(+) diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c index 865db6f8bcca..0eace3cac818 100644 --- a/arch/powerpc/kernel/security.c +++ b/arch/powerpc/kernel/security.c @@ -50,3 +50,11 @@ ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, cha return sprintf(buf, "Vulnerable\n"); } + +ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, char *buf) +{ + if (!security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR)) + return sprintf(buf, "Not affected\n"); + + return sprintf(buf, "Vulnerable\n"); +} -- 2.14.1
[PATCH stable 4.14 v2 16/23] powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
commit 2e4a16161fcd324b1f9bf6cb6856529f7eaf0689 upstream. Now that we have the security flags we can simplify the code in pseries_setup_rfi_flush() because the security flags have pessimistic defaults. Signed-off-by: Michael Ellerman--- arch/powerpc/platforms/pseries/setup.c | 27 --- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c index 65b157a35161..ba0a36c577ca 100644 --- a/arch/powerpc/platforms/pseries/setup.c +++ b/arch/powerpc/platforms/pseries/setup.c @@ -501,30 +501,27 @@ void pseries_setup_rfi_flush(void) bool enable; long rc; - /* Enable by default */ - enable = true; - types = L1D_FLUSH_FALLBACK; - rc = plpar_get_cpu_characteristics(); - if (rc == H_SUCCESS) { + if (rc == H_SUCCESS) init_cpu_char_feature_flags(); - if (result.character & H_CPU_CHAR_L1D_FLUSH_TRIG2) - types |= L1D_FLUSH_MTTRIG; - if (result.character & H_CPU_CHAR_L1D_FLUSH_ORI30) - types |= L1D_FLUSH_ORI; - - if ((!(result.behaviour & H_CPU_BEHAV_L1D_FLUSH_PR)) || - (!(result.behaviour & H_CPU_BEHAV_FAVOUR_SECURITY))) - enable = false; - } - /* * We're the guest so this doesn't apply to us, clear it to simplify * handling of it elsewhere. */ security_ftr_clear(SEC_FTR_L1D_FLUSH_HV); + types = L1D_FLUSH_FALLBACK; + + if (security_ftr_enabled(SEC_FTR_L1D_FLUSH_TRIG2)) + types |= L1D_FLUSH_MTTRIG; + + if (security_ftr_enabled(SEC_FTR_L1D_FLUSH_ORI30)) + types |= L1D_FLUSH_ORI; + + enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) && \ +security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR); + setup_rfi_flush(types, enable); } -- 2.14.1
[PATCH stable 4.14 v2 15/23] powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
commit 37c0bdd00d3ae83369ab60a6712c28e11e6458d5 upstream. Now that we have the security flags we can significantly simplify the code in pnv_setup_rfi_flush(), because we can use the flags instead of checking device tree properties and because the security flags have pessimistic defaults. Signed-off-by: Michael Ellerman--- arch/powerpc/platforms/powernv/setup.c | 41 +- 1 file changed, 10 insertions(+), 31 deletions(-) diff --git a/arch/powerpc/platforms/powernv/setup.c b/arch/powerpc/platforms/powernv/setup.c index 4b7f2c00f870..14a24c63e6b0 100644 --- a/arch/powerpc/platforms/powernv/setup.c +++ b/arch/powerpc/platforms/powernv/setup.c @@ -65,7 +65,7 @@ static void init_fw_feat_flags(struct device_node *np) if (fw_feature_is("enabled", "fw-bcctrl-serialized", np)) security_ftr_set(SEC_FTR_BCCTRL_SERIALISED); - if (fw_feature_is("enabled", "inst-spec-barrier-ori31,31,0", np)) + if (fw_feature_is("enabled", "inst-l1d-flush-ori30,30,0", np)) security_ftr_set(SEC_FTR_L1D_FLUSH_ORI30); if (fw_feature_is("enabled", "inst-l1d-flush-trig2", np)) @@ -98,11 +98,10 @@ static void pnv_setup_rfi_flush(void) { struct device_node *np, *fw_features; enum l1d_flush_type type; - int enable; + bool enable; /* Default to fallback in case fw-features are not available */ type = L1D_FLUSH_FALLBACK; - enable = 1; np = of_find_node_by_name(NULL, "ibm,opal"); fw_features = of_get_child_by_name(np, "fw-features"); @@ -110,40 +109,20 @@ static void pnv_setup_rfi_flush(void) if (fw_features) { init_fw_feat_flags(fw_features); + of_node_put(fw_features); - np = of_get_child_by_name(fw_features, "inst-l1d-flush-trig2"); - if (np && of_property_read_bool(np, "enabled")) + if (security_ftr_enabled(SEC_FTR_L1D_FLUSH_TRIG2)) type = L1D_FLUSH_MTTRIG; - of_node_put(np); - - np = of_get_child_by_name(fw_features, "inst-l1d-flush-ori30,30,0"); - if (np && of_property_read_bool(np, "enabled")) + if (security_ftr_enabled(SEC_FTR_L1D_FLUSH_ORI30)) type = L1D_FLUSH_ORI; - - of_node_put(np); - - /* Enable unless firmware says NOT to */ - enable = 2; - np = of_get_child_by_name(fw_features, "needs-l1d-flush-msr-hv-1-to-0"); - if (np && of_property_read_bool(np, "disabled")) - enable--; - - of_node_put(np); - - np = of_get_child_by_name(fw_features, "needs-l1d-flush-msr-pr-0-to-1"); - if (np && of_property_read_bool(np, "disabled")) - enable--; - - np = of_get_child_by_name(fw_features, "speculation-policy-favor-security"); - if (np && of_property_read_bool(np, "disabled")) - enable = 0; - - of_node_put(np); - of_node_put(fw_features); } - setup_rfi_flush(type, enable > 0); + enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) && \ +(security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR) || \ + security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV)); + + setup_rfi_flush(type, enable); } static void __init pnv_setup_arch(void) -- 2.14.1
[PATCH stable 4.14 v2 14/23] powerpc/64s: Enhance the information in cpu_show_meltdown()
commit ff348355e9c72493947be337bb4fae4fc1a41eba upstream. Now that we have the security feature flags we can make the information displayed in the "meltdown" file more informative. Signed-off-by: Michael Ellerman--- arch/powerpc/include/asm/security_features.h | 1 + arch/powerpc/kernel/security.c | 30 ++-- 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/include/asm/security_features.h b/arch/powerpc/include/asm/security_features.h index db00ad2c72c2..400a9050e035 100644 --- a/arch/powerpc/include/asm/security_features.h +++ b/arch/powerpc/include/asm/security_features.h @@ -10,6 +10,7 @@ extern unsigned long powerpc_security_features; +extern bool rfi_flush; static inline void security_ftr_set(unsigned long feature) { diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c index 564e7f182a16..865db6f8bcca 100644 --- a/arch/powerpc/kernel/security.c +++ b/arch/powerpc/kernel/security.c @@ -6,6 +6,7 @@ #include #include +#include #include @@ -19,8 +20,33 @@ unsigned long powerpc_security_features __read_mostly = \ ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf) { - if (rfi_flush) - return sprintf(buf, "Mitigation: RFI Flush\n"); + bool thread_priv; + + thread_priv = security_ftr_enabled(SEC_FTR_L1D_THREAD_PRIV); + + if (rfi_flush || thread_priv) { + struct seq_buf s; + seq_buf_init(, buf, PAGE_SIZE - 1); + + seq_buf_printf(, "Mitigation: "); + + if (rfi_flush) + seq_buf_printf(, "RFI Flush"); + + if (rfi_flush && thread_priv) + seq_buf_printf(, ", "); + + if (thread_priv) + seq_buf_printf(, "L1D private per thread"); + + seq_buf_printf(, "\n"); + + return s.len; + } + + if (!security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV) && + !security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR)) + return sprintf(buf, "Not affected\n"); return sprintf(buf, "Vulnerable\n"); } -- 2.14.1
[PATCH stable 4.14 v2 13/23] powerpc/64s: Move cpu_show_meltdown()
commit 8ad33041563a10b34988800c682ada14b2612533 upstream. This landed in setup_64.c for no good reason other than we had nowhere else to put it. Now that we have a security-related file, that is a better place for it so move it. Signed-off-by: Michael Ellerman--- arch/powerpc/kernel/security.c | 11 +++ arch/powerpc/kernel/setup_64.c | 8 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c index 4ccba00d224c..564e7f182a16 100644 --- a/arch/powerpc/kernel/security.c +++ b/arch/powerpc/kernel/security.c @@ -5,6 +5,8 @@ // Copyright 2018, Michael Ellerman, IBM Corporation. #include +#include + #include @@ -13,3 +15,12 @@ unsigned long powerpc_security_features __read_mostly = \ SEC_FTR_L1D_FLUSH_PR | \ SEC_FTR_BNDS_CHK_SPEC_BAR | \ SEC_FTR_FAVOUR_SECURITY; + + +ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf) +{ + if (rfi_flush) + return sprintf(buf, "Mitigation: RFI Flush\n"); + + return sprintf(buf, "Vulnerable\n"); +} diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c index da12b54cbe5c..1146174f45c5 100644 --- a/arch/powerpc/kernel/setup_64.c +++ b/arch/powerpc/kernel/setup_64.c @@ -910,12 +910,4 @@ static __init int rfi_flush_debugfs_init(void) } device_initcall(rfi_flush_debugfs_init); #endif - -ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf) -{ - if (rfi_flush) - return sprintf(buf, "Mitigation: RFI Flush\n"); - - return sprintf(buf, "Vulnerable\n"); -} #endif /* CONFIG_PPC_BOOK3S_64 */ -- 2.14.1
[PATCH stable 4.14 v2 12/23] powerpc/powernv: Set or clear security feature flags
commit 77addf6e95c8689e478d607176b399a6242a777e upstream. Now that we have feature flags for security related things, set or clear them based on what we see in the device tree provided by firmware. Signed-off-by: Michael Ellerman--- arch/powerpc/platforms/powernv/setup.c | 56 ++ 1 file changed, 56 insertions(+) diff --git a/arch/powerpc/platforms/powernv/setup.c b/arch/powerpc/platforms/powernv/setup.c index 37a7f5ef00b7..4b7f2c00f870 100644 --- a/arch/powerpc/platforms/powernv/setup.c +++ b/arch/powerpc/platforms/powernv/setup.c @@ -37,9 +37,63 @@ #include #include #include +#include #include "powernv.h" + +static bool fw_feature_is(const char *state, const char *name, + struct device_node *fw_features) +{ + struct device_node *np; + bool rc = false; + + np = of_get_child_by_name(fw_features, name); + if (np) { + rc = of_property_read_bool(np, state); + of_node_put(np); + } + + return rc; +} + +static void init_fw_feat_flags(struct device_node *np) +{ + if (fw_feature_is("enabled", "inst-spec-barrier-ori31,31,0", np)) + security_ftr_set(SEC_FTR_SPEC_BAR_ORI31); + + if (fw_feature_is("enabled", "fw-bcctrl-serialized", np)) + security_ftr_set(SEC_FTR_BCCTRL_SERIALISED); + + if (fw_feature_is("enabled", "inst-spec-barrier-ori31,31,0", np)) + security_ftr_set(SEC_FTR_L1D_FLUSH_ORI30); + + if (fw_feature_is("enabled", "inst-l1d-flush-trig2", np)) + security_ftr_set(SEC_FTR_L1D_FLUSH_TRIG2); + + if (fw_feature_is("enabled", "fw-l1d-thread-split", np)) + security_ftr_set(SEC_FTR_L1D_THREAD_PRIV); + + if (fw_feature_is("enabled", "fw-count-cache-disabled", np)) + security_ftr_set(SEC_FTR_COUNT_CACHE_DISABLED); + + /* +* The features below are enabled by default, so we instead look to see +* if firmware has *disabled* them, and clear them if so. +*/ + if (fw_feature_is("disabled", "speculation-policy-favor-security", np)) + security_ftr_clear(SEC_FTR_FAVOUR_SECURITY); + + if (fw_feature_is("disabled", "needs-l1d-flush-msr-pr-0-to-1", np)) + security_ftr_clear(SEC_FTR_L1D_FLUSH_PR); + + if (fw_feature_is("disabled", "needs-l1d-flush-msr-hv-1-to-0", np)) + security_ftr_clear(SEC_FTR_L1D_FLUSH_HV); + + if (fw_feature_is("disabled", "needs-spec-barrier-for-bound-checks", np)) + security_ftr_clear(SEC_FTR_BNDS_CHK_SPEC_BAR); +} + static void pnv_setup_rfi_flush(void) { struct device_node *np, *fw_features; @@ -55,6 +109,8 @@ static void pnv_setup_rfi_flush(void) of_node_put(np); if (fw_features) { + init_fw_feat_flags(fw_features); + np = of_get_child_by_name(fw_features, "inst-l1d-flush-trig2"); if (np && of_property_read_bool(np, "enabled")) type = L1D_FLUSH_MTTRIG; -- 2.14.1
[PATCH stable 4.14 v2 11/23] powerpc/pseries: Set or clear security feature flags
commit f636c14790ead6cc22cf62279b1f8d7e11a67116 upstream. Now that we have feature flags for security related things, set or clear them based on what we receive from the hypercall. Signed-off-by: Michael Ellerman--- arch/powerpc/platforms/pseries/setup.c | 43 ++ 1 file changed, 43 insertions(+) diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c index b2d99b384089..65b157a35161 100644 --- a/arch/powerpc/platforms/pseries/setup.c +++ b/arch/powerpc/platforms/pseries/setup.c @@ -68,6 +68,7 @@ #include #include #include +#include #include "pseries.h" @@ -459,6 +460,40 @@ static void __init find_and_init_phbs(void) of_pci_check_probe_only(); } +static void init_cpu_char_feature_flags(struct h_cpu_char_result *result) +{ + if (result->character & H_CPU_CHAR_SPEC_BAR_ORI31) + security_ftr_set(SEC_FTR_SPEC_BAR_ORI31); + + if (result->character & H_CPU_CHAR_BCCTRL_SERIALISED) + security_ftr_set(SEC_FTR_BCCTRL_SERIALISED); + + if (result->character & H_CPU_CHAR_L1D_FLUSH_ORI30) + security_ftr_set(SEC_FTR_L1D_FLUSH_ORI30); + + if (result->character & H_CPU_CHAR_L1D_FLUSH_TRIG2) + security_ftr_set(SEC_FTR_L1D_FLUSH_TRIG2); + + if (result->character & H_CPU_CHAR_L1D_THREAD_PRIV) + security_ftr_set(SEC_FTR_L1D_THREAD_PRIV); + + if (result->character & H_CPU_CHAR_COUNT_CACHE_DISABLED) + security_ftr_set(SEC_FTR_COUNT_CACHE_DISABLED); + + /* +* The features below are enabled by default, so we instead look to see +* if firmware has *disabled* them, and clear them if so. +*/ + if (!(result->character & H_CPU_BEHAV_FAVOUR_SECURITY)) + security_ftr_clear(SEC_FTR_FAVOUR_SECURITY); + + if (!(result->character & H_CPU_BEHAV_L1D_FLUSH_PR)) + security_ftr_clear(SEC_FTR_L1D_FLUSH_PR); + + if (!(result->character & H_CPU_BEHAV_BNDS_CHK_SPEC_BAR)) + security_ftr_clear(SEC_FTR_BNDS_CHK_SPEC_BAR); +} + void pseries_setup_rfi_flush(void) { struct h_cpu_char_result result; @@ -472,6 +507,8 @@ void pseries_setup_rfi_flush(void) rc = plpar_get_cpu_characteristics(); if (rc == H_SUCCESS) { + init_cpu_char_feature_flags(); + if (result.character & H_CPU_CHAR_L1D_FLUSH_TRIG2) types |= L1D_FLUSH_MTTRIG; if (result.character & H_CPU_CHAR_L1D_FLUSH_ORI30) @@ -482,6 +519,12 @@ void pseries_setup_rfi_flush(void) enable = false; } + /* +* We're the guest so this doesn't apply to us, clear it to simplify +* handling of it elsewhere. +*/ + security_ftr_clear(SEC_FTR_L1D_FLUSH_HV); + setup_rfi_flush(types, enable); } -- 2.14.1
[PATCH stable 4.14 v2 10/23] powerpc: Add security feature flags for Spectre/Meltdown
commit 9a868f634349e62922c226834aa23e3d1329ae7f upstream. This commit adds security feature flags to reflect the settings we receive from firmware regarding Spectre/Meltdown mitigations. The feature names reflect the names we are given by firmware on bare metal machines. See the hostboot source for details. Arguably these could be firmware features, but that then requires them to be read early in boot so they're available prior to asm feature patching, but we don't actually want to use them for patching. We may also want to dynamically update them in future, which would be incompatible with the way firmware features work (at the moment at least). So for now just make them separate flags. Signed-off-by: Michael Ellerman--- arch/powerpc/include/asm/security_features.h | 65 arch/powerpc/kernel/Makefile | 2 +- arch/powerpc/kernel/security.c | 15 +++ 3 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 arch/powerpc/include/asm/security_features.h create mode 100644 arch/powerpc/kernel/security.c diff --git a/arch/powerpc/include/asm/security_features.h b/arch/powerpc/include/asm/security_features.h new file mode 100644 index ..db00ad2c72c2 --- /dev/null +++ b/arch/powerpc/include/asm/security_features.h @@ -0,0 +1,65 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Security related feature bit definitions. + * + * Copyright 2018, Michael Ellerman, IBM Corporation. + */ + +#ifndef _ASM_POWERPC_SECURITY_FEATURES_H +#define _ASM_POWERPC_SECURITY_FEATURES_H + + +extern unsigned long powerpc_security_features; + +static inline void security_ftr_set(unsigned long feature) +{ + powerpc_security_features |= feature; +} + +static inline void security_ftr_clear(unsigned long feature) +{ + powerpc_security_features &= ~feature; +} + +static inline bool security_ftr_enabled(unsigned long feature) +{ + return !!(powerpc_security_features & feature); +} + + +// Features indicating support for Spectre/Meltdown mitigations + +// The L1-D cache can be flushed with ori r30,r30,0 +#define SEC_FTR_L1D_FLUSH_ORI300x0001ull + +// The L1-D cache can be flushed with mtspr 882,r0 (aka SPRN_TRIG2) +#define SEC_FTR_L1D_FLUSH_TRIG20x0002ull + +// ori r31,r31,0 acts as a speculation barrier +#define SEC_FTR_SPEC_BAR_ORI31 0x0004ull + +// Speculation past bctr is disabled +#define SEC_FTR_BCCTRL_SERIALISED 0x0008ull + +// Entries in L1-D are private to a SMT thread +#define SEC_FTR_L1D_THREAD_PRIV0x0010ull + +// Indirect branch prediction cache disabled +#define SEC_FTR_COUNT_CACHE_DISABLED 0x0020ull + + +// Features indicating need for Spectre/Meltdown mitigations + +// The L1-D cache should be flushed on MSR[HV] 1->0 transition (hypervisor to guest) +#define SEC_FTR_L1D_FLUSH_HV 0x0040ull + +// The L1-D cache should be flushed on MSR[PR] 0->1 transition (kernel to userspace) +#define SEC_FTR_L1D_FLUSH_PR 0x0080ull + +// A speculation barrier should be used for bounds checks (Spectre variant 1) +#define SEC_FTR_BNDS_CHK_SPEC_BAR 0x0100ull + +// Firmware configuration indicates user favours security over performance +#define SEC_FTR_FAVOUR_SECURITY0x0200ull + +#endif /* _ASM_POWERPC_SECURITY_FEATURES_H */ diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile index 6c6cce937dd8..1479c61e29c5 100644 --- a/arch/powerpc/kernel/Makefile +++ b/arch/powerpc/kernel/Makefile @@ -42,7 +42,7 @@ obj-$(CONFIG_VDSO32) += vdso32/ obj-$(CONFIG_PPC_WATCHDOG) += watchdog.o obj-$(CONFIG_HAVE_HW_BREAKPOINT) += hw_breakpoint.o obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_ppc970.o cpu_setup_pa6t.o -obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o +obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o security.o obj-$(CONFIG_PPC_BOOK3S_64)+= mce.o mce_power.o obj-$(CONFIG_PPC_BOOK3E_64)+= exceptions-64e.o idle_book3e.o obj-$(CONFIG_PPC64)+= vdso64/ diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c new file mode 100644 index ..4ccba00d224c --- /dev/null +++ b/arch/powerpc/kernel/security.c @@ -0,0 +1,15 @@ +// SPDX-License-Identifier: GPL-2.0+ +// +// Security related flags and so on. +// +// Copyright 2018, Michael Ellerman, IBM Corporation. + +#include +#include + + +unsigned long powerpc_security_features __read_mostly = \ + SEC_FTR_L1D_FLUSH_HV | \ + SEC_FTR_L1D_FLUSH_PR | \ + SEC_FTR_BNDS_CHK_SPEC_BAR | \ + SEC_FTR_FAVOUR_SECURITY; -- 2.14.1
[PATCH stable 4.14 v2 09/23] powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
commit c4bc36628d7f8b664657d8bd6ad1c44c177880b7 upstream. Add some additional values which have been defined for the H_GET_CPU_CHARACTERISTICS hypercall. Signed-off-by: Michael Ellerman--- arch/powerpc/include/asm/hvcall.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/powerpc/include/asm/hvcall.h b/arch/powerpc/include/asm/hvcall.h index eca3f9c68907..5a740feb7bd7 100644 --- a/arch/powerpc/include/asm/hvcall.h +++ b/arch/powerpc/include/asm/hvcall.h @@ -337,6 +337,9 @@ #define H_CPU_CHAR_L1D_FLUSH_ORI30 (1ull << 61) // IBM bit 2 #define H_CPU_CHAR_L1D_FLUSH_TRIG2 (1ull << 60) // IBM bit 3 #define H_CPU_CHAR_L1D_THREAD_PRIV (1ull << 59) // IBM bit 4 +#define H_CPU_CHAR_BRANCH_HINTS_HONORED(1ull << 58) // IBM bit 5 +#define H_CPU_CHAR_THREAD_RECONFIG_CTRL(1ull << 57) // IBM bit 6 +#define H_CPU_CHAR_COUNT_CACHE_DISABLED(1ull << 56) // IBM bit 7 #define H_CPU_BEHAV_FAVOUR_SECURITY(1ull << 63) // IBM bit 0 #define H_CPU_BEHAV_L1D_FLUSH_PR (1ull << 62) // IBM bit 1 -- 2.14.1
[PATCH stable 4.14 v2 08/23] powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
commit 921bc6cf807ceb2ab8005319cf39f33494d6b100 upstream. We might have migrated to a machine that uses a different flush type, or doesn't need flushing at all. Signed-off-by: Michael EllermanSigned-off-by: Mauricio Faria de Oliveira Signed-off-by: Michael Ellerman --- arch/powerpc/platforms/pseries/mobility.c | 3 +++ arch/powerpc/platforms/pseries/pseries.h | 2 ++ arch/powerpc/platforms/pseries/setup.c| 2 +- 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/powerpc/platforms/pseries/mobility.c b/arch/powerpc/platforms/pseries/mobility.c index f7042ad492ba..fbea7db043fa 100644 --- a/arch/powerpc/platforms/pseries/mobility.c +++ b/arch/powerpc/platforms/pseries/mobility.c @@ -348,6 +348,9 @@ void post_mobility_fixup(void) printk(KERN_ERR "Post-mobility device tree update " "failed: %d\n", rc); + /* Possibly switch to a new RFI flush type */ + pseries_setup_rfi_flush(); + return; } diff --git a/arch/powerpc/platforms/pseries/pseries.h b/arch/powerpc/platforms/pseries/pseries.h index 1ae1d9f4dbe9..27cdcb69fd18 100644 --- a/arch/powerpc/platforms/pseries/pseries.h +++ b/arch/powerpc/platforms/pseries/pseries.h @@ -100,4 +100,6 @@ static inline unsigned long cmo_get_page_size(void) int dlpar_workqueue_init(void); +void pseries_setup_rfi_flush(void); + #endif /* _PSERIES_PSERIES_H */ diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c index 2708ddab209b..b2d99b384089 100644 --- a/arch/powerpc/platforms/pseries/setup.c +++ b/arch/powerpc/platforms/pseries/setup.c @@ -459,7 +459,7 @@ static void __init find_and_init_phbs(void) of_pci_check_probe_only(); } -static void pseries_setup_rfi_flush(void) +void pseries_setup_rfi_flush(void) { struct h_cpu_char_result result; enum l1d_flush_type types; -- 2.14.1
[PATCH stable 4.14 v2 07/23] powerpc/rfi-flush: Differentiate enabled and patched flush types
From: Mauricio Faria de Oliveiracommit 0063d61ccfc011f379a31acaeba6de7c926fed2c upstream. Currently the rfi-flush messages print 'Using flush' for all enabled_flush_types, but that is not necessarily true -- as now the fallback flush is always enabled on pseries, but the fixup function overwrites its nop/branch slot with other flush types, if available. So, replace the 'Using flush' messages with ' flush is available'. Also, print the patched flush types in the fixup function, so users can know what is (not) being used (e.g., the slower, fallback flush, or no flush type at all if flush is disabled via the debugfs switch). Suggested-by: Michael Ellerman Signed-off-by: Mauricio Faria de Oliveira Signed-off-by: Michael Ellerman --- arch/powerpc/kernel/setup_64.c| 6 +++--- arch/powerpc/lib/feature-fixups.c | 9 - 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c index ace6a10a242f..da12b54cbe5c 100644 --- a/arch/powerpc/kernel/setup_64.c +++ b/arch/powerpc/kernel/setup_64.c @@ -860,15 +860,15 @@ static void init_fallback_flush(void) void setup_rfi_flush(enum l1d_flush_type types, bool enable) { if (types & L1D_FLUSH_FALLBACK) { - pr_info("rfi-flush: Using fallback displacement flush\n"); + pr_info("rfi-flush: fallback displacement flush available\n"); init_fallback_flush(); } if (types & L1D_FLUSH_ORI) - pr_info("rfi-flush: Using ori type flush\n"); + pr_info("rfi-flush: ori type flush available\n"); if (types & L1D_FLUSH_MTTRIG) - pr_info("rfi-flush: Using mttrig type flush\n"); + pr_info("rfi-flush: mttrig type flush available\n"); enabled_flush_types = types; diff --git a/arch/powerpc/lib/feature-fixups.c b/arch/powerpc/lib/feature-fixups.c index d0c0b8443dcf..8ac72f7d638f 100644 --- a/arch/powerpc/lib/feature-fixups.c +++ b/arch/powerpc/lib/feature-fixups.c @@ -153,7 +153,14 @@ void do_rfi_flush_fixups(enum l1d_flush_type types) patch_instruction(dest + 2, instrs[2]); } - printk(KERN_DEBUG "rfi-flush: patched %d locations\n", i); + printk(KERN_DEBUG "rfi-flush: patched %d locations (%s flush)\n", i, + (types == L1D_FLUSH_NONE) ? "no" : + (types == L1D_FLUSH_FALLBACK) ? "fallback displacement" : + (types & L1D_FLUSH_ORI)? (types & L1D_FLUSH_MTTRIG) + ? "ori+mttrig type" + : "ori type" : + (types & L1D_FLUSH_MTTRIG) ? "mttrig type" + : "unknown"); } #endif /* CONFIG_PPC_BOOK3S_64 */ -- 2.14.1
[PATCH stable 4.14 v2 06/23] powerpc/rfi-flush: Always enable fallback flush on pseries
commit 84749a58b6e382f109abf1e734bc4dd43c2c25bb upstream. This ensures the fallback flush area is always allocated on pseries, so in case a LPAR is migrated from a patched to an unpatched system, it is possible to enable the fallback flush in the target system. Signed-off-by: Michael EllermanSigned-off-by: Mauricio Faria de Oliveira Signed-off-by: Michael Ellerman --- arch/powerpc/platforms/pseries/setup.c | 10 +- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c index 84e753b5..2708ddab209b 100644 --- a/arch/powerpc/platforms/pseries/setup.c +++ b/arch/powerpc/platforms/pseries/setup.c @@ -468,26 +468,18 @@ static void pseries_setup_rfi_flush(void) /* Enable by default */ enable = true; + types = L1D_FLUSH_FALLBACK; rc = plpar_get_cpu_characteristics(); if (rc == H_SUCCESS) { - types = L1D_FLUSH_NONE; - if (result.character & H_CPU_CHAR_L1D_FLUSH_TRIG2) types |= L1D_FLUSH_MTTRIG; if (result.character & H_CPU_CHAR_L1D_FLUSH_ORI30) types |= L1D_FLUSH_ORI; - /* Use fallback if nothing set in hcall */ - if (types == L1D_FLUSH_NONE) - types = L1D_FLUSH_FALLBACK; - if ((!(result.behaviour & H_CPU_BEHAV_L1D_FLUSH_PR)) || (!(result.behaviour & H_CPU_BEHAV_FAVOUR_SECURITY))) enable = false; - } else { - /* Default to fallback if case hcall is not available */ - types = L1D_FLUSH_FALLBACK; } setup_rfi_flush(types, enable); -- 2.14.1
[PATCH stable 4.14 v2 05/23] powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
commit abf110f3e1cea40f5ea15e85f5d67c39c14568a7 upstream. For PowerVM migration we want to be able to call setup_rfi_flush() again after we've migrated the partition. To support that we need to check that we're not trying to allocate the fallback flush area after memblock has gone away (i.e., boot-time only). Signed-off-by: Michael EllermanSigned-off-by: Mauricio Faria de Oliveira Signed-off-by: Michael Ellerman --- arch/powerpc/include/asm/setup.h | 2 +- arch/powerpc/kernel/setup_64.c | 6 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/include/asm/setup.h b/arch/powerpc/include/asm/setup.h index 469b7fdc9be4..bbcdf929be54 100644 --- a/arch/powerpc/include/asm/setup.h +++ b/arch/powerpc/include/asm/setup.h @@ -49,7 +49,7 @@ enum l1d_flush_type { L1D_FLUSH_MTTRIG= 0x8, }; -void __init setup_rfi_flush(enum l1d_flush_type, bool enable); +void setup_rfi_flush(enum l1d_flush_type, bool enable); void do_rfi_flush_fixups(enum l1d_flush_type types); #endif /* !__ASSEMBLY__ */ diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c index cbb3fb1820ce..ace6a10a242f 100644 --- a/arch/powerpc/kernel/setup_64.c +++ b/arch/powerpc/kernel/setup_64.c @@ -836,6 +836,10 @@ static void init_fallback_flush(void) u64 l1d_size, limit; int cpu; + /* Only allocate the fallback flush area once (at boot time). */ + if (l1d_flush_fallback_area) + return; + l1d_size = ppc64_caches.l1d.size; limit = min(safe_stack_limit(), ppc64_rma_size); @@ -853,7 +857,7 @@ static void init_fallback_flush(void) } } -void __init setup_rfi_flush(enum l1d_flush_type types, bool enable) +void setup_rfi_flush(enum l1d_flush_type types, bool enable) { if (types & L1D_FLUSH_FALLBACK) { pr_info("rfi-flush: Using fallback displacement flush\n"); -- 2.14.1
[PATCH stable 4.14 v2 04/23] powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
commit 1e2a9fc7496955faacbbed49461d611b704a7505 upstream. rfi_flush_enable() includes a check to see if we're already enabled (or disabled), and in that case does nothing. But that means calling setup_rfi_flush() a 2nd time doesn't actually work, which is a bit confusing. Move that check into the debugfs code, where it really belongs. Signed-off-by: Michael EllermanSigned-off-by: Mauricio Faria de Oliveira Signed-off-by: Michael Ellerman --- arch/powerpc/kernel/setup_64.c | 13 - 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c index 333c64a794eb..cbb3fb1820ce 100644 --- a/arch/powerpc/kernel/setup_64.c +++ b/arch/powerpc/kernel/setup_64.c @@ -822,9 +822,6 @@ static void do_nothing(void *unused) void rfi_flush_enable(bool enable) { - if (rfi_flush == enable) - return; - if (enable) { do_rfi_flush_fixups(enabled_flush_types); on_each_cpu(do_nothing, NULL, 1); @@ -878,13 +875,19 @@ void __init setup_rfi_flush(enum l1d_flush_type types, bool enable) #ifdef CONFIG_DEBUG_FS static int rfi_flush_set(void *data, u64 val) { + bool enable; + if (val == 1) - rfi_flush_enable(true); + enable = true; else if (val == 0) - rfi_flush_enable(false); + enable = false; else return -EINVAL; + /* Only do anything if we're changing state */ + if (enable != rfi_flush) + rfi_flush_enable(enable); + return 0; } -- 2.14.1
[PATCH stable 4.14 v2 03/23] powerpc/powernv: Support firmware disable of RFI flush
commit eb0a2d2620ae431c543963c8c7f08f597366fc60 upstream. Some versions of firmware will have a setting that can be configured to disable the RFI flush, add support for it. Fixes: 6e032b350cd1 ("powerpc/powernv: Check device-tree for RFI flush settings") Signed-off-by: Michael Ellerman--- arch/powerpc/platforms/powernv/setup.c | 4 1 file changed, 4 insertions(+) diff --git a/arch/powerpc/platforms/powernv/setup.c b/arch/powerpc/platforms/powernv/setup.c index 7966a314d93a..37a7f5ef00b7 100644 --- a/arch/powerpc/platforms/powernv/setup.c +++ b/arch/powerpc/platforms/powernv/setup.c @@ -79,6 +79,10 @@ static void pnv_setup_rfi_flush(void) if (np && of_property_read_bool(np, "disabled")) enable--; + np = of_get_child_by_name(fw_features, "speculation-policy-favor-security"); + if (np && of_property_read_bool(np, "disabled")) + enable = 0; + of_node_put(np); of_node_put(fw_features); } -- 2.14.1
[PATCH stable 4.14 v2 02/23] powerpc/pseries: Support firmware disable of RFI flush
commit 582605a429e20ae68fd0b041b2e840af296edd08 upstream. Some versions of firmware will have a setting that can be configured to disable the RFI flush, add support for it. Fixes: 8989d56878a7 ("powerpc/pseries: Query hypervisor for RFI flush settings") Signed-off-by: Michael Ellerman--- arch/powerpc/platforms/pseries/setup.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c index ae4f596273b5..84e753b5 100644 --- a/arch/powerpc/platforms/pseries/setup.c +++ b/arch/powerpc/platforms/pseries/setup.c @@ -482,7 +482,8 @@ static void pseries_setup_rfi_flush(void) if (types == L1D_FLUSH_NONE) types = L1D_FLUSH_FALLBACK; - if (!(result.behaviour & H_CPU_BEHAV_L1D_FLUSH_PR)) + if ((!(result.behaviour & H_CPU_BEHAV_L1D_FLUSH_PR)) || + (!(result.behaviour & H_CPU_BEHAV_FAVOUR_SECURITY))) enable = false; } else { /* Default to fallback if case hcall is not available */ -- 2.14.1
[PATCH stable 4.14 v2 01/23] powerpc/64s: Improve RFI L1-D cache flush fallback
From: Nicholas Piggincommit bdcb1aefc5b3f7d0f1dc8b02673602bca2ff7a4b upstream. The fallback RFI flush is used when firmware does not provide a way to flush the cache. It's a "displacement flush" that evicts useful data by displacing it with an uninteresting buffer. The flush has to take care to work with implementation specific cache replacment policies, so the recipe has been in flux. The initial slow but conservative approach is to touch all lines of a congruence class, with dependencies between each load. It has since been determined that a linear pattern of loads without dependencies is sufficient, and is significantly faster. Measuring the speed of a null syscall with RFI fallback flush enabled gives the relative improvement: P8 - 1.83x P9 - 1.75x The flush also becomes simpler and more adaptable to different cache geometries. Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman --- arch/powerpc/include/asm/paca.h | 3 +- arch/powerpc/kernel/asm-offsets.c| 3 +- arch/powerpc/kernel/exceptions-64s.S | 76 +--- arch/powerpc/kernel/setup_64.c | 13 +- arch/powerpc/xmon/xmon.c | 2 + 5 files changed, 41 insertions(+), 56 deletions(-) diff --git a/arch/powerpc/include/asm/paca.h b/arch/powerpc/include/asm/paca.h index b8366df50d19..e6bd59353e40 100644 --- a/arch/powerpc/include/asm/paca.h +++ b/arch/powerpc/include/asm/paca.h @@ -238,8 +238,7 @@ struct paca_struct { */ u64 exrfi[EX_SIZE] __aligned(0x80); void *rfi_flush_fallback_area; - u64 l1d_flush_congruence; - u64 l1d_flush_sets; + u64 l1d_flush_size; #endif }; diff --git a/arch/powerpc/kernel/asm-offsets.c b/arch/powerpc/kernel/asm-offsets.c index 748cdc4bb89a..2e5ea300258a 100644 --- a/arch/powerpc/kernel/asm-offsets.c +++ b/arch/powerpc/kernel/asm-offsets.c @@ -239,8 +239,7 @@ int main(void) OFFSET(PACA_IN_NMI, paca_struct, in_nmi); OFFSET(PACA_RFI_FLUSH_FALLBACK_AREA, paca_struct, rfi_flush_fallback_area); OFFSET(PACA_EXRFI, paca_struct, exrfi); - OFFSET(PACA_L1D_FLUSH_CONGRUENCE, paca_struct, l1d_flush_congruence); - OFFSET(PACA_L1D_FLUSH_SETS, paca_struct, l1d_flush_sets); + OFFSET(PACA_L1D_FLUSH_SIZE, paca_struct, l1d_flush_size); #endif OFFSET(PACAHWCPUID, paca_struct, hw_cpu_id); diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S index f9ca4bb3d48e..feba0a8d040e 100644 --- a/arch/powerpc/kernel/exceptions-64s.S +++ b/arch/powerpc/kernel/exceptions-64s.S @@ -1440,39 +1440,37 @@ TRAMP_REAL_BEGIN(rfi_flush_fallback) std r9,PACA_EXRFI+EX_R9(r13) std r10,PACA_EXRFI+EX_R10(r13) std r11,PACA_EXRFI+EX_R11(r13) - std r12,PACA_EXRFI+EX_R12(r13) - std r8,PACA_EXRFI+EX_R13(r13) mfctr r9 ld r10,PACA_RFI_FLUSH_FALLBACK_AREA(r13) - ld r11,PACA_L1D_FLUSH_SETS(r13) - ld r12,PACA_L1D_FLUSH_CONGRUENCE(r13) - /* -* The load adresses are at staggered offsets within cachelines, -* which suits some pipelines better (on others it should not -* hurt). -*/ - addir12,r12,8 + ld r11,PACA_L1D_FLUSH_SIZE(r13) + srdir11,r11,(7 + 3) /* 128 byte lines, unrolled 8x */ mtctr r11 DCBT_STOP_ALL_STREAM_IDS(r11) /* Stop prefetch streams */ /* order ld/st prior to dcbt stop all streams with flushing */ sync -1: li r8,0 - .rept 8 /* 8-way set associative */ - ldx r11,r10,r8 - add r8,r8,r12 - xor r11,r11,r11 // Ensure r11 is 0 even if fallback area is not - add r8,r8,r11 // Add 0, this creates a dependency on the ldx - .endr - addir10,r10,128 /* 128 byte cache line */ + + /* +* The load adresses are at staggered offsets within cachelines, +* which suits some pipelines better (on others it should not +* hurt). +*/ +1: + ld r11,(0x80 + 8)*0(r10) + ld r11,(0x80 + 8)*1(r10) + ld r11,(0x80 + 8)*2(r10) + ld r11,(0x80 + 8)*3(r10) + ld r11,(0x80 + 8)*4(r10) + ld r11,(0x80 + 8)*5(r10) + ld r11,(0x80 + 8)*6(r10) + ld r11,(0x80 + 8)*7(r10) + addir10,r10,0x80*8 bdnz1b mtctr r9 ld r9,PACA_EXRFI+EX_R9(r13) ld r10,PACA_EXRFI+EX_R10(r13) ld r11,PACA_EXRFI+EX_R11(r13) - ld r12,PACA_EXRFI+EX_R12(r13) - ld r8,PACA_EXRFI+EX_R13(r13) GET_SCRATCH0(r13); rfid @@ -1482,39 +1480,37 @@ TRAMP_REAL_BEGIN(hrfi_flush_fallback) std r9,PACA_EXRFI+EX_R9(r13) std r10,PACA_EXRFI+EX_R10(r13) std r11,PACA_EXRFI+EX_R11(r13) - std r12,PACA_EXRFI+EX_R12(r13) - std
[PATCH stable 4.14 v2 00/23] powerpc backports for 4.14
Hi Greg, Please queue up this series of patches for 4.14 if you have no objections. cheers v2: Fixed up upstream commit markings. Mauricio Faria de Oliveira (4): powerpc/rfi-flush: Differentiate enabled and patched flush types powerpc/pseries: Fix clearing of security feature flags powerpc: Move default security feature flags powerpc/pseries: Restore default security feature flags on setup Michael Ellerman (17): powerpc/pseries: Support firmware disable of RFI flush powerpc/powernv: Support firmware disable of RFI flush powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again powerpc/rfi-flush: Always enable fallback flush on pseries powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags powerpc: Add security feature flags for Spectre/Meltdown powerpc/pseries: Set or clear security feature flags powerpc/powernv: Set or clear security feature flags powerpc/64s: Move cpu_show_meltdown() powerpc/64s: Enhance the information in cpu_show_meltdown() powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() powerpc/64s: Wire up cpu_show_spectre_v1() powerpc/64s: Wire up cpu_show_spectre_v2() powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() Nicholas Piggin (2): powerpc/64s: Improve RFI L1-D cache flush fallback powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit arch/powerpc/include/asm/exception-64s.h | 29 arch/powerpc/include/asm/feature-fixups.h| 19 +++ arch/powerpc/include/asm/hvcall.h| 3 + arch/powerpc/include/asm/paca.h | 3 +- arch/powerpc/include/asm/security_features.h | 85 ++ arch/powerpc/include/asm/setup.h | 2 +- arch/powerpc/kernel/Makefile | 2 +- arch/powerpc/kernel/asm-offsets.c| 3 +- arch/powerpc/kernel/exceptions-64s.S | 95 ++- arch/powerpc/kernel/security.c | 237 +++ arch/powerpc/kernel/setup_64.c | 48 ++ arch/powerpc/kernel/vmlinux.lds.S| 14 ++ arch/powerpc/lib/feature-fixups.c| 124 +- arch/powerpc/platforms/powernv/setup.c | 92 --- arch/powerpc/platforms/pseries/mobility.c| 3 + arch/powerpc/platforms/pseries/pseries.h | 2 + arch/powerpc/platforms/pseries/setup.c | 81 +++-- arch/powerpc/xmon/xmon.c | 2 + 18 files changed, 721 insertions(+), 123 deletions(-) create mode 100644 arch/powerpc/include/asm/security_features.h create mode 100644 arch/powerpc/kernel/security.c -- 2.14.1
Re: [RFC V2] virtio: Add platform specific DMA API translation for virito devices
On Thu, May 24, 2018 at 08:27:04AM +1000, Benjamin Herrenschmidt wrote: > On Wed, 2018-05-23 at 21:50 +0300, Michael S. Tsirkin wrote: > > > I re-read that discussion and I'm still unclear on the > > original question, since I got several apparently > > conflicting answers. > > > > I asked: > > > > Why isn't setting VIRTIO_F_IOMMU_PLATFORM on the > > hypervisor side sufficient? > > I thought I had replied to this... > > There are a couple of reasons: > > - First qemu doesn't know that the guest will switch to "secure mode" > in advance. There is no difference between a normal and a secure > partition until the partition does the magic UV call to "enter secure > mode" and qemu doesn't see any of it. So who can set the flag here ? Not sure I understand. Just set the flag e.g. on qemu command line. I might be wrong, but these secure mode things usually a. require hypervisor side tricks anyway > - Second, when using VIRTIO_F_IOMMU_PLATFORM, we also make qemu (or > vhost) go through the emulated MMIO for every access to the guest, > which adds additional overhead. > > Cheers, > Ben. Well it's not supposed to be much slower for the static case. vhost has a cache so should be fine. A while ago Paolo implemented a translation cache which should be perfect for this case - most of the code got merged but never enabled because of stability issues. If all else fails, we could teach QEMU to handle the no-iommu case as if VIRTIO_F_IOMMU_PLATFORM was off. > > > > > > > arch/powerpc/include/asm/dma-mapping.h | 6 ++ > > > arch/powerpc/platforms/pseries/iommu.c | 11 +++ > > > drivers/virtio/virtio_ring.c | 10 ++ > > > 3 files changed, 27 insertions(+) > > > > > > diff --git a/arch/powerpc/include/asm/dma-mapping.h > > > b/arch/powerpc/include/asm/dma-mapping.h > > > index 8fa3945..056e578 100644 > > > --- a/arch/powerpc/include/asm/dma-mapping.h > > > +++ b/arch/powerpc/include/asm/dma-mapping.h > > > @@ -115,4 +115,10 @@ extern u64 __dma_get_required_mask(struct device > > > *dev); > > > #define ARCH_HAS_DMA_MMAP_COHERENT > > > > > > #endif /* __KERNEL__ */ > > > + > > > +#define platform_forces_virtio_dma platform_forces_virtio_dma > > > + > > > +struct virtio_device; > > > + > > > +extern bool platform_forces_virtio_dma(struct virtio_device *vdev); > > > #endif /* _ASM_DMA_MAPPING_H */ > > > diff --git a/arch/powerpc/platforms/pseries/iommu.c > > > b/arch/powerpc/platforms/pseries/iommu.c > > > index 06f0296..a2ec15a 100644 > > > --- a/arch/powerpc/platforms/pseries/iommu.c > > > +++ b/arch/powerpc/platforms/pseries/iommu.c > > > @@ -38,6 +38,7 @@ > > > #include > > > #include > > > #include > > > +#include > > > #include > > > #include > > > #include > > > @@ -1396,3 +1397,13 @@ static int __init disable_multitce(char *str) > > > __setup("multitce=", disable_multitce); > > > > > > machine_subsys_initcall_sync(pseries, tce_iommu_bus_notifier_init); > > > + > > > +bool platform_forces_virtio_dma(struct virtio_device *vdev) > > > +{ > > > + /* > > > + * On protected guest platforms, force virtio core to use DMA > > > + * MAP API for all virtio devices. But there can also be some > > > + * exceptions for individual devices like virtio balloon. > > > + */ > > > + return (of_find_compatible_node(NULL, NULL, "ibm,ultravisor") != NULL); > > > +} > > > > Isn't this kind of slow? vring_use_dma_api is on > > data path and supposed to be very fast. > > > > > diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c > > > index 21d464a..47ea6c3 100644 > > > --- a/drivers/virtio/virtio_ring.c > > > +++ b/drivers/virtio/virtio_ring.c > > > @@ -141,8 +141,18 @@ struct vring_virtqueue { > > > * unconditionally on data path. > > > */ > > > > > > +#ifndef platform_forces_virtio_dma > > > +static inline bool platform_forces_virtio_dma(struct virtio_device *vdev) > > > +{ > > > + return false; > > > +} > > > +#endif > > > + > > > static bool vring_use_dma_api(struct virtio_device *vdev) > > > { > > > + if (platform_forces_virtio_dma(vdev)) > > > + return true; > > > + > > > if (!virtio_has_iommu_quirk(vdev)) > > > return true; > > > > > > -- > > > 2.9.3
[PATCH 2/2] powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang
When relaxing access (read -> read_write update), pte need to be marked invalid to handle a nest MMU bug. We also need to do a tlb flush after the pte is marked invalid before updating the pte with new access bits. We also move tlb flush to platform specific __ptep_set_access_flags. This will help us to gerid of unnecessary tlb flush on BOOK3S 64 later. We don't do that in this patch. This also helps in avoiding multiple tlbies with coprocessor attached. Signed-off-by: Aneesh Kumar K.V--- arch/powerpc/include/asm/book3s/32/pgtable.h | 8 ++-- arch/powerpc/include/asm/book3s/64/pgtable.h | 8 +--- arch/powerpc/include/asm/book3s/64/radix.h | 5 +++-- arch/powerpc/include/asm/nohash/32/pgtable.h | 7 +-- arch/powerpc/include/asm/nohash/64/pgtable.h | 7 +-- arch/powerpc/mm/pgtable-book3s64.c | 9 ++--- arch/powerpc/mm/pgtable-radix.c | 20 +--- arch/powerpc/mm/pgtable.c| 11 ++- 8 files changed, 49 insertions(+), 26 deletions(-) diff --git a/arch/powerpc/include/asm/book3s/32/pgtable.h b/arch/powerpc/include/asm/book3s/32/pgtable.h index c615abdce119..9b4e95f3070b 100644 --- a/arch/powerpc/include/asm/book3s/32/pgtable.h +++ b/arch/powerpc/include/asm/book3s/32/pgtable.h @@ -235,15 +235,19 @@ static inline void huge_ptep_set_wrprotect(struct mm_struct *mm, } -static inline void __ptep_set_access_flags(struct mm_struct *mm, +static inline void __ptep_set_access_flags(struct vm_area_struct *vma, pte_t *ptep, pte_t entry, - unsigned long address) + unsigned long address, + int psize) { unsigned long set = pte_val(entry) & (_PAGE_DIRTY | _PAGE_ACCESSED | _PAGE_RW | _PAGE_EXEC); unsigned long clr = ~pte_val(entry) & _PAGE_RO; pte_update(ptep, clr, set); + + flush_tlb_page(vma, address); + } #define __HAVE_ARCH_PTE_SAME diff --git a/arch/powerpc/include/asm/book3s/64/pgtable.h b/arch/powerpc/include/asm/book3s/64/pgtable.h index c233915abb68..42fe7c2ff2df 100644 --- a/arch/powerpc/include/asm/book3s/64/pgtable.h +++ b/arch/powerpc/include/asm/book3s/64/pgtable.h @@ -767,12 +767,14 @@ static inline bool check_pte_access(unsigned long access, unsigned long ptev) * Generic functions with hash/radix callbacks */ -static inline void __ptep_set_access_flags(struct mm_struct *mm, +static inline void __ptep_set_access_flags(struct vm_area_struct *vma, pte_t *ptep, pte_t entry, - unsigned long address) + unsigned long address, + int psize) { if (radix_enabled()) - return radix__ptep_set_access_flags(mm, ptep, entry, address); + return radix__ptep_set_access_flags(vma, ptep, entry, + address, psize); return hash__ptep_set_access_flags(ptep, entry); } diff --git a/arch/powerpc/include/asm/book3s/64/radix.h b/arch/powerpc/include/asm/book3s/64/radix.h index ff642441aaf6..9fec7724751d 100644 --- a/arch/powerpc/include/asm/book3s/64/radix.h +++ b/arch/powerpc/include/asm/book3s/64/radix.h @@ -127,8 +127,9 @@ extern void radix__mark_initmem_nx(void); extern unsigned long radix__pte_update(struct mm_struct *mm, unsigned long addr, pte_t *ptep, unsigned long clr, unsigned long set, int huge); -extern void radix__ptep_set_access_flags(struct mm_struct *mm, pte_t *ptep, -pte_t entry, unsigned long address); +extern void radix__ptep_set_access_flags(struct vm_area_struct *vma, pte_t *ptep, +pte_t entry, unsigned long address, +int psize); static inline unsigned long __radix_pte_update(pte_t *ptep, unsigned long clr, unsigned long set) diff --git a/arch/powerpc/include/asm/nohash/32/pgtable.h b/arch/powerpc/include/asm/nohash/32/pgtable.h index 987a658b18e1..7c46a98cc7f4 100644 --- a/arch/powerpc/include/asm/nohash/32/pgtable.h +++ b/arch/powerpc/include/asm/nohash/32/pgtable.h @@ -256,15 +256,18 @@ static inline void huge_ptep_set_wrprotect(struct mm_struct *mm, } -static inline void __ptep_set_access_flags(struct mm_struct *mm, +static inline void __ptep_set_access_flags(struct vm_area_struct *vma, pte_t *ptep, pte_t entry, - unsigned long address) + unsigned long address, + int psize) {
[PATCH 1/2] powerpc/mm/radix: Move functions from radix.h to pgtable-radix.c
In later patch we will update them which require them to be moved to pgtable-radix.c Doing the move in separate patch helps in review. No function change in this patch. Only code movement. Signed-off-by: Aneesh Kumar K.V--- arch/powerpc/include/asm/book3s/64/radix.h | 63 +++--- arch/powerpc/mm/pgtable-radix.c| 48 + 2 files changed, 54 insertions(+), 57 deletions(-) diff --git a/arch/powerpc/include/asm/book3s/64/radix.h b/arch/powerpc/include/asm/book3s/64/radix.h index 705193e7192f..ff642441aaf6 100644 --- a/arch/powerpc/include/asm/book3s/64/radix.h +++ b/arch/powerpc/include/asm/book3s/64/radix.h @@ -124,6 +124,12 @@ extern void radix__mark_rodata_ro(void); extern void radix__mark_initmem_nx(void); #endif +extern unsigned long radix__pte_update(struct mm_struct *mm, unsigned long addr, + pte_t *ptep, unsigned long clr, + unsigned long set, int huge); +extern void radix__ptep_set_access_flags(struct mm_struct *mm, pte_t *ptep, +pte_t entry, unsigned long address); + static inline unsigned long __radix_pte_update(pte_t *ptep, unsigned long clr, unsigned long set) { @@ -140,35 +146,6 @@ static inline unsigned long __radix_pte_update(pte_t *ptep, unsigned long clr, return old_pte; } - -static inline unsigned long radix__pte_update(struct mm_struct *mm, - unsigned long addr, - pte_t *ptep, unsigned long clr, - unsigned long set, - int huge) -{ - unsigned long old_pte; - - if (cpu_has_feature(CPU_FTR_POWER9_DD1)) { - - unsigned long new_pte; - - old_pte = __radix_pte_update(ptep, ~0ul, 0); - /* -* new value of pte -*/ - new_pte = (old_pte | set) & ~clr; - radix__flush_tlb_pte_p9_dd1(old_pte, mm, addr); - if (new_pte) - __radix_pte_update(ptep, 0, new_pte); - } else - old_pte = __radix_pte_update(ptep, clr, set); - if (!huge) - assert_pte_locked(mm, addr); - - return old_pte; -} - static inline pte_t radix__ptep_get_and_clear_full(struct mm_struct *mm, unsigned long addr, pte_t *ptep, int full) @@ -190,34 +167,6 @@ static inline pte_t radix__ptep_get_and_clear_full(struct mm_struct *mm, return __pte(old_pte); } -/* - * Set the dirty and/or accessed bits atomically in a linux PTE, this - * function doesn't need to invalidate tlb. - */ -static inline void radix__ptep_set_access_flags(struct mm_struct *mm, - pte_t *ptep, pte_t entry, - unsigned long address) -{ - - unsigned long set = pte_val(entry) & (_PAGE_DIRTY | _PAGE_ACCESSED | - _PAGE_RW | _PAGE_EXEC); - - if (cpu_has_feature(CPU_FTR_POWER9_DD1)) { - - unsigned long old_pte, new_pte; - - old_pte = __radix_pte_update(ptep, ~0, 0); - /* -* new value of pte -*/ - new_pte = old_pte | set; - radix__flush_tlb_pte_p9_dd1(old_pte, mm, address); - __radix_pte_update(ptep, 0, new_pte); - } else - __radix_pte_update(ptep, 0, set); - asm volatile("ptesync" : : : "memory"); -} - static inline int radix__pte_same(pte_t pte_a, pte_t pte_b) { return ((pte_raw(pte_a) ^ pte_raw(pte_b)) == 0); diff --git a/arch/powerpc/mm/pgtable-radix.c b/arch/powerpc/mm/pgtable-radix.c index ce24d72ea679..68931ca549f7 100644 --- a/arch/powerpc/mm/pgtable-radix.c +++ b/arch/powerpc/mm/pgtable-radix.c @@ -1084,3 +1084,51 @@ int radix__has_transparent_hugepage(void) return 0; } #endif /* CONFIG_TRANSPARENT_HUGEPAGE */ + +unsigned long radix__pte_update(struct mm_struct *mm, unsigned long addr, + pte_t *ptep, unsigned long clr, + unsigned long set, int huge) +{ + unsigned long old_pte; + + if (cpu_has_feature(CPU_FTR_POWER9_DD1)) { + + unsigned long new_pte; + + old_pte = __radix_pte_update(ptep, ~0ul, 0); + /* +* new value of pte +*/ + new_pte = (old_pte | set) & ~clr; + radix__flush_tlb_pte_p9_dd1(old_pte, mm, addr); + if (new_pte) + __radix_pte_update(ptep, 0, new_pte); + } else + old_pte = __radix_pte_update(ptep, clr, set); + if (!huge) +
Re: [PATCH] powerpc/64s: Clear PCR on boot
On Fri, May 18, 2018 at 11:37:42AM +1000, Michael Neuling wrote: > Clear the PCR (Processor Compatibility Register) on boot to ensure we > are not running in a compatibility mode. > > We've seen this cause problems when a crash (and kdump) occurs while > running compat mode guests. The kdump kernel then runs with the PCR > set and causes problems. The symptom in the kdump kernel (also seen in > petitboot after fast-reboot) is early userspace programs taking > sigills on newer instructions (seen in libc). > Hi folks, this patch causes qemu to bail out with Trying to write privileged spr 338 (0x152) at c0033454 when running it with "-M powernv -cpu POWER8" and powernv_defconfig. Can you confirm that this is a bug in qemu ? Thanks, Guenter > Signed-off-by: Michael Neuling> Cc: sta...@vger.kernel.org > Signed-off-by: Michael Ellerman > --- > arch/powerpc/kernel/cpu_setup_power.S | 6 ++ > arch/powerpc/kernel/dt_cpu_ftrs.c | 1 + > 2 files changed, 7 insertions(+) > > diff --git a/arch/powerpc/kernel/cpu_setup_power.S > b/arch/powerpc/kernel/cpu_setup_power.S > index 3f30c994e931..458b928dbd84 100644 > --- a/arch/powerpc/kernel/cpu_setup_power.S > +++ b/arch/powerpc/kernel/cpu_setup_power.S > @@ -28,6 +28,7 @@ _GLOBAL(__setup_cpu_power7) > beqlr > li r0,0 > mtspr SPRN_LPID,r0 > + mtspr SPRN_PCR,r0 > mfspr r3,SPRN_LPCR > li r4,(LPCR_LPES1 >> LPCR_LPES_SH) > bl __init_LPCR_ISA206 > @@ -41,6 +42,7 @@ _GLOBAL(__restore_cpu_power7) > beqlr > li r0,0 > mtspr SPRN_LPID,r0 > + mtspr SPRN_PCR,r0 > mfspr r3,SPRN_LPCR > li r4,(LPCR_LPES1 >> LPCR_LPES_SH) > bl __init_LPCR_ISA206 > @@ -57,6 +59,7 @@ _GLOBAL(__setup_cpu_power8) > beqlr > li r0,0 > mtspr SPRN_LPID,r0 > + mtspr SPRN_PCR,r0 > mfspr r3,SPRN_LPCR > ori r3, r3, LPCR_PECEDH > li r4,0 /* LPES = 0 */ > @@ -78,6 +81,7 @@ _GLOBAL(__restore_cpu_power8) > beqlr > li r0,0 > mtspr SPRN_LPID,r0 > + mtspr SPRN_PCR,r0 > mfspr r3,SPRN_LPCR > ori r3, r3, LPCR_PECEDH > li r4,0 /* LPES = 0 */ > @@ -99,6 +103,7 @@ _GLOBAL(__setup_cpu_power9) > mtspr SPRN_PSSCR,r0 > mtspr SPRN_LPID,r0 > mtspr SPRN_PID,r0 > + mtspr SPRN_PCR,r0 > mfspr r3,SPRN_LPCR > LOAD_REG_IMMEDIATE(r4, LPCR_PECEDH | LPCR_PECE_HVEE | LPCR_HVICE | > LPCR_HEIC) > or r3, r3, r4 > @@ -123,6 +128,7 @@ _GLOBAL(__restore_cpu_power9) > mtspr SPRN_PSSCR,r0 > mtspr SPRN_LPID,r0 > mtspr SPRN_PID,r0 > + mtspr SPRN_PCR,r0 > mfspr r3,SPRN_LPCR > LOAD_REG_IMMEDIATE(r4, LPCR_PECEDH | LPCR_PECE_HVEE | LPCR_HVICE | > LPCR_HEIC) > or r3, r3, r4 > diff --git a/arch/powerpc/kernel/dt_cpu_ftrs.c > b/arch/powerpc/kernel/dt_cpu_ftrs.c > index 8ab51f6ca03a..c904477abaf3 100644 > --- a/arch/powerpc/kernel/dt_cpu_ftrs.c > +++ b/arch/powerpc/kernel/dt_cpu_ftrs.c > @@ -101,6 +101,7 @@ static void __restore_cpu_cpufeatures(void) > if (hv_mode) { > mtspr(SPRN_LPID, 0); > mtspr(SPRN_HFSCR, system_registers.hfscr); > + mtspr(SPRN_PCR, 0); > } > mtspr(SPRN_FSCR, system_registers.fscr); > > -- > 2.7.4
[GIT PULL] Please pull powerpc/linux.git powerpc-4.17-7 tag
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Linus, Please pull one more powerpc fix for 4.17: The following changes since commit c1d2a31397ec51f0370f6bd17b19b39152c263cb: powerpc/powernv: Fix NVRAM sleep in invalid context when crashing (2018-05-18 00:23:07 +1000) are available in the git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git tags/powerpc-4.17-7 for you to fetch changes up to faf37c44a105f3608115785f17cbbf3500f8bc71: powerpc/64s: Clear PCR on boot (2018-05-18 16:05:15 +1000) - powerpc fixes for 4.17 #7 Just one fix, to make sure the PCR (Processor Compatibility Register) is reset on boot. Otherwise if we're running in compat mode in a guest (eg. pretending a Power9 is a Power8) and the host kernel oopses and kdumps then the kdump kernel's userspace will be running in Power8 mode, and will SIGILL if it uses Power9-only instructions. Thanks to: Michael Neuling. - Michael Neuling (1): powerpc/64s: Clear PCR on boot arch/powerpc/kernel/cpu_setup_power.S | 6 ++ arch/powerpc/kernel/dt_cpu_ftrs.c | 1 + 2 files changed, 7 insertions(+) -BEGIN PGP SIGNATURE- iQIcBAEBCAAGBQJbB/bPAAoJEFHr6jzI4aWADOAP/iK5Tnxdd6NnVan9szsvmQpO TFwOB+/bYERdJfNIybe6IWCvMnRPpLWeL0tSbh9zcbx5O9QJgueOy/XxdzAvuDpk nexT03cCPS6llAcVI4HvhigfO4zUQB+pfSu5/XHjZGCqwAKP+OVBv8BuQbC6J6DV p8Kx1EpkG5kBvsN3OxwMCNjX4f99qpBEAWvDuV0Th0H1elr9kjNmkrSn6kV/56M3 MXpuAknP9QPBddiV2SbgMFw5WwmT31h3BAbTDJok64LcKVAw2PWO/YLMdYl27Gy2 6Zwern6hK9fy620JnPExNbNzME0tlgtBYpPOYUezsjg+XDxED+bwNrzEIb14HgcJ mtzd3TZUJ5GznlbxzeSso7LNsJ8CFG5k9zYtg80s3K67Z1BPosV/xXi/BR53iYDU fw+u4QqA1P/fp6wq3VWI37oyqbtMnBz/C0Lx1vbcFDBGs2rtz0+EmoBBQBxWAZ2Z CuWiuGyd+rOhMIcLX+KsnIKPLadrbj4s7EBYR+kZa7JnS2tvToLp5PjLpQaBUVSR vD6WzRRg2vH6/aicjRUjmduUCzBkaNtQjokkyv0kZqiUnnglxUbLvloprjZHEaKK VpBANpHV+N74lGwiGJFTKeEmxp6VDC7BQWSSWKvve8LwwcK6rhyQOoPPwo7NN7yp ubkeS/hnoX2H2YBP6BbT =3Iqr -END PGP SIGNATURE-
Re: powerpc/8xx: fix invalid register expression in head_8xx.S
On Thu, 2018-05-24 at 11:02:06 UTC, Christophe Leroy wrote: > New binutils generate the following warning > > AS arch/powerpc/kernel/head_8xx.o > arch/powerpc/kernel/head_8xx.S: Assembler messages: > arch/powerpc/kernel/head_8xx.S:916: Warning: invalid register expression > > This patch fixes it. > > Signed-off-by: Christophe LeroyApplied to powerpc next, thanks. https://git.kernel.org/powerpc/c/e4ccb1dae6bdef228d729c076c3816 cheers
Re: [v2] powerpc/xmon: Also setup debugger hooks when single-stepping
On Wed, 2018-05-23 at 18:00:54 UTC, Michal Suchanek wrote: > When single-stepping kernel code from xmon without a debug hook enabled > the kernel crashes. This can happen when kernel starts with xmon on > crash disabled but xmon is entered using sysrq. > > Call force_enable_xmon when single-stepping in xmon to install the xmon > debug hooks. > > Fixes: e1368d0c9edb ("powerpc/xmon: Setup debugger hooks when first > break-point is set") > > Signed-off-by: Michal Suchanek> Reviewed-by: Vaibhav Jain Applied to powerpc next, thanks. https://git.kernel.org/powerpc/c/7daf59300999693b85233762b847f1 cheers
Re: [2/2] powerpc/xmon: Realign paca dump fields
On Wed, 2018-05-23 at 11:48:37 UTC, Michael Ellerman wrote: > We've added some fields with longer names since we originally wrote > this, so the fields are no longer lined up. Adjust the widths to make > it all look nice again, eg: > > 0:mon> dp > paca for cpu 0x0 @ c1fa: >possible = yes >... >slb_shadow[0] = 0xc800 0x400ea1b217000500 >slb_shadow[1] = 0xd801 0x400d43642f000510 >... >rfi_flush_fallback_area = c000fff8 (0xcc8) >... >accounting.starttime_user = 0x51582f07 (0xae8) > > Signed-off-by: Michael EllermanApplied to powerpc next. https://git.kernel.org/powerpc/c/9ce53e27265e7bab728774fac785f6 cheers
Re: [1/2] powerpc/xmon: Specify the full format in DUMP() macro
On Wed, 2018-05-23 at 11:48:36 UTC, Michael Ellerman wrote: > In dump_one_paca() the DUMP macro unconditionally prepends '#' to the > printf format specifier. In most cases we're using either 'x' or 'lx' > etc. and that is OK. But for 'p' and other formats using '#' is > actually undefined, and once we enable printf() checking for > xmon_printf() we will get warnings from the compiler. > > So just have each usage specify the full format, that way we can omit > '#' when it's inappropriate. > > Signed-off-by: Michael Ellerman> Reviewed-by: Mathieu Malaterre Applied to powerpc next. https://git.kernel.org/powerpc/c/6671683db8540e5766f44a1089549c cheers
Re: [v9] powerpc/mm: Only read faulting instruction when necessary in do_page_fault()
On Wed, 2018-05-23 at 08:53:22 UTC, Christophe Leroy wrote: > Commit a7a9dcd882a67 ("powerpc: Avoid taking a data miss on every > userspace instruction miss") has shown that limiting the read of > faulting instruction to likely cases improves performance. > > This patch goes further into this direction by limiting the read > of the faulting instruction to the only cases where it is likely > needed. > > On an MPC885, with the same benchmark app as in the commit referred > above, we see a reduction of about 3900 dTLB misses (approx 3%): > > Before the patch: > Performance counter stats for './fault 500' (10 runs): > > 683033312 cpu-cycles > ( +- 0.03% ) > 134538 dTLB-load-misses > ( +- 0.03% ) > 46099 iTLB-load-misses > ( +- 0.02% ) > 19681 faults > ( +- 0.02% ) > >5.389747878 seconds time elapsed >( +- 0.06% ) > > With the patch: > > Performance counter stats for './fault 500' (10 runs): > > 682112862 cpu-cycles > ( +- 0.03% ) > 130619 dTLB-load-misses > ( +- 0.03% ) > 46073 iTLB-load-misses > ( +- 0.05% ) > 19681 faults > ( +- 0.01% ) > >5.381342641 seconds time elapsed >( +- 0.07% ) > > The proper work of the huge stack expansion was tested with the > following app: > > int main(int argc, char **argv) > { > char buf[1024 * 1025]; > > sprintf(buf, "Hello world !\n"); > printf(buf); > > exit(0); > } > > Signed-off-by: Christophe Leroy> Reviewed-by: Nicholas Piggin Applied to powerpc next, thanks. https://git.kernel.org/powerpc/c/0e36b0d12501e278686634712975b7 cheers
Re: [1/2] selftests/powerpc: Add ptrace hw breakpoint test
On Tue, 2018-05-22 at 06:14:27 UTC, Michael Neuling wrote: > This test the ptrace hw breakpoints via PTRACE_SET_DEBUGREG and > PPC_PTRACE_SETHWDEBUG. This test was use to find the bugs fixed by > these recent commits: > > 4f7c06e26e powerpc/ptrace: Fix setting 512B aligned breakpoints with > PTRACE_SET_DEBUGREG > cd6ef7eebf powerpc/ptrace: Fix enforcement of DAWR constraints > > Signed-off-by: Michael NeulingApplied to powerpc next, thanks. https://git.kernel.org/powerpc/c/9c2ddfe55c42bf4b9bc336a0650ab7 cheers
Re: powerpc/mm: Use instruction symbolic names in store_updates_sp()
On Wed, 2018-05-23 at 07:04:04 UTC, Christophe Leroy wrote: > Use symbolic names defined in asm/ppc-opcode.h > instead of hardcoded values. > > Signed-off-by: Christophe LeroyApplied to powerpc next, thanks. https://git.kernel.org/powerpc/c/8a0b1120cb25ccd4480ba4fe3650bc cheers
Re: selftests/powerpc: Add missing .gitignores
On Tue, 2018-05-22 at 06:13:59 UTC, Michael Neuling wrote: > Signed-off-by: Michael NeulingApplied to powerpc next, thanks. https://git.kernel.org/powerpc/c/bd79010fb3a9aa160e1780e2496798 cheers
Re: powerpc/xmon: Update paca fields dumped in xmon
On Mon, 2018-05-21 at 09:47:20 UTC, Michael Ellerman wrote: > The set of paca fields we dump in xmon has gotten somewhat out of > date. Update to add some recently added fields. > > Signed-off-by: Michael EllermanApplied to powerpc next. https://git.kernel.org/powerpc/c/2e0986d761324376021c880ddbf00c cheers
Re: [3/3] hwmon: (ibmpowernv) Add energy sensors
On Mon, 2018-05-07 at 10:25:38 UTC, Shilpasri G Bhat wrote: > This patch exports the accumulated power numbers of each power > sensor maintained by OCC. > > Signed-off-by: Shilpasri G Bhat> Acked-by: Guenter Roeck Applied to powerpc next, thanks. https://git.kernel.org/powerpc/c/43d2974b66d916a6df16e536da542e cheers
Re: [2/3] hwmon: (ibmpowernv): Add support to read 64 bit sensors
On Mon, 2018-05-07 at 10:25:37 UTC, Shilpasri G Bhat wrote: > The firmware has supported for reading sensor values of size u32. > This patch adds support to use newer firmware functions which allows > to read the sensors of size u64. > > Signed-off-by: Shilpasri G Bhat> Acked-by: Guenter Roeck Applied to powerpc next, thanks. https://git.kernel.org/powerpc/c/3c8c049aa7bdffaab2e53401fd5270 cheers
Re: [1/3] powernv: opal-sensor: Add support to read 64bit sensor values
On Mon, 2018-05-07 at 10:25:36 UTC, Shilpasri G Bhat wrote: > This patch adds support to read 64-bit sensor values. This method is > used to read energy sensors and counters which are of type u64. > > Signed-off-by: Shilpasri G BhatApplied to powerpc next, thanks. https://git.kernel.org/powerpc/c/5cdcb01e0af5a709c9bebe0e0450dc cheers
Re: powerpc/wii: Make hlwd_pic_init function static
On Mon, 2018-04-23 at 19:45:32 UTC, Mathieu Malaterre wrote: > The function hlwd_pic_init can be made static, so do it. Fix the following > warning treated as error (W=1): > > ../arch/powerpc/platforms/embedded6xx/hlwd-pic.c:158:20: error: no previous > prototype for âhlwd_pic_initâ [-Werror=missing-prototypes] > > Signed-off-by: Mathieu MalaterreApplied to powerpc next, thanks. https://git.kernel.org/powerpc/c/eed6964bce59294f293b1746a6e4a6 cheers
Re: [v2] powerpc/mm/radix: use do/while(0) trick for single statement block
On Mon, 2018-04-23 at 19:36:38 UTC, Mathieu Malaterre wrote: > In commit 7a22d6321c3d ("powerpc/mm/radix: Update command line parsing for > disable_radix") an `if` statement was added for a possible empty body > (prom_debug). > > Fix the following warning, treated as error with W=1: > > arch/powerpc/kernel/prom_init.c:656:46: error: suggest braces around empty > body in an âifâ statement [-Werror=empty-body] > > Suggested-by: Randy Dunlap> Signed-off-by: Mathieu Malaterre > Acked-by: Randy Dunlap Applied to powerpc next, thanks. https://git.kernel.org/powerpc/c/85aa4b98419d74dd5cc914e0893498 cheers
Re: [v2] powerpc/sparse: fix plain integer as NULL pointer warning
On Fri, 2018-04-13 at 18:41:43 UTC, Mathieu Malaterre wrote: > Trivial fix to remove the following sparse warnings: > > arch/powerpc/kernel/module_32.c:112:74: warning: Using plain integer as > NULL pointer > arch/powerpc/kernel/module_32.c:117:74: warning: Using plain integer as > NULL pointer > drivers/macintosh/via-pmu.c:1155:28: warning: Using plain integer as NULL > pointer > drivers/macintosh/via-pmu.c:1230:20: warning: Using plain integer as NULL > pointer > drivers/macintosh/via-pmu.c:1385:36: warning: Using plain integer as NULL > pointer > drivers/macintosh/via-pmu.c:1752:23: warning: Using plain integer as NULL > pointer > drivers/macintosh/via-pmu.c:2084:19: warning: Using plain integer as NULL > pointer > drivers/macintosh/via-pmu.c:2110:32: warning: Using plain integer as NULL > pointer > drivers/macintosh/via-pmu.c:2167:19: warning: Using plain integer as NULL > pointer > drivers/macintosh/via-pmu.c:2183:19: warning: Using plain integer as NULL > pointer > drivers/macintosh/via-pmu.c:277:20: warning: Using plain integer as NULL > pointer > arch/powerpc/platforms/powermac/setup.c:155:67: warning: Using plain > integer as NULL pointer > arch/powerpc/platforms/powermac/setup.c:247:27: warning: Using plain > integer as NULL pointer > arch/powerpc/platforms/powermac/setup.c:249:27: warning: Using plain > integer as NULL pointer > arch/powerpc/platforms/powermac/setup.c:252:37: warning: Using plain > integer as NULL pointer > arch/powerpc/mm/tlb_hash32.c:127:21: warning: Using plain integer as NULL > pointer > arch/powerpc/mm/tlb_hash32.c:148:21: warning: Using plain integer as NULL > pointer > arch/powerpc/mm/tlb_hash32.c:44:21: warning: Using plain integer as NULL > pointer > arch/powerpc/mm/tlb_hash32.c:57:21: warning: Using plain integer as NULL > pointer > arch/powerpc/mm/tlb_hash32.c:87:21: warning: Using plain integer as NULL > pointer > arch/powerpc/kernel/btext.c:160:31: warning: Using plain integer as NULL > pointer > arch/powerpc/kernel/btext.c:167:22: warning: Using plain integer as NULL > pointer > arch/powerpc/kernel/btext.c:274:21: warning: Using plain integer as NULL > pointer > arch/powerpc/kernel/btext.c:285:31: warning: Using plain integer as NULL > pointer > arch/powerpc/include/asm/hugetlb.h:204:16: warning: Using plain integer as > NULL pointer > arch/powerpc/mm/ppc_mmu_32.c:170:21: warning: Using plain integer as NULL > pointer > arch/powerpc/platforms/powermac/pci.c:1227:23: warning: Using plain integer > as NULL pointer > arch/powerpc/platforms/powermac/pci.c:65:24: warning: Using plain integer > as NULL pointer > > Also use `--fix` command line option from `script/checkpatch --strict` to > remove the following: > > CHECK: Comparison to NULL could be written "!dispDeviceBase" > #72: FILE: arch/powerpc/kernel/btext.c:160: > + if (dispDeviceBase == NULL) > > CHECK: Comparison to NULL could be written "!vbase" > #80: FILE: arch/powerpc/kernel/btext.c:167: > + if (vbase == NULL) > > CHECK: Comparison to NULL could be written "!base" > #89: FILE: arch/powerpc/kernel/btext.c:274: > + if (base == NULL) > > CHECK: Comparison to NULL could be written "!dispDeviceBase" > #98: FILE: arch/powerpc/kernel/btext.c:285: > + if (dispDeviceBase == NULL) > > CHECK: Comparison to NULL could be written "strstr" > #117: FILE: arch/powerpc/kernel/module_32.c:117: > + if (strstr(secstrings + sechdrs[i].sh_name, ".debug") != NULL) > > CHECK: Comparison to NULL could be written "!Hash" > #130: FILE: arch/powerpc/mm/ppc_mmu_32.c:170: > + if (Hash == NULL) > > CHECK: Comparison to NULL could be written "Hash" > #143: FILE: arch/powerpc/mm/tlb_hash32.c:44: > + if (Hash != NULL) { > > CHECK: Comparison to NULL could be written "!Hash" > #152: FILE: arch/powerpc/mm/tlb_hash32.c:57: > + if (Hash == NULL) { > > CHECK: Comparison to NULL could be written "!Hash" > #161: FILE: arch/powerpc/mm/tlb_hash32.c:87: > + if (Hash == NULL) { > > CHECK: Comparison to NULL could be written "!Hash" > #170: FILE: arch/powerpc/mm/tlb_hash32.c:127: > + if (Hash == NULL) { > > CHECK: Comparison to NULL could be written "!Hash" > #179: FILE: arch/powerpc/mm/tlb_hash32.c:148: > + if (Hash == NULL) { > > ERROR: space required after that ';' (ctx:VxV) > #192: FILE: arch/powerpc/platforms/powermac/pci.c:65: > + for (; node != NULL;node = node->sibling) { > > CHECK: Comparison to NULL could be written "node" > #192: FILE: arch/powerpc/platforms/powermac/pci.c:65: > + for (; node != NULL;node = node->sibling) { > > CHECK: Comparison to NULL could be written "!region" > #201: FILE: arch/powerpc/platforms/powermac/pci.c:1227: > + if (region == NULL) > > CHECK: Comparison to NULL could be written "of_get_property" > #214: FILE: arch/powerpc/platforms/powermac/setup.c:155: > + if (of_get_property(np,
Re: powerpc: add __printf verification to prom_printf
On Fri, 2018-04-06 at 20:12:19 UTC, Mathieu Malaterre wrote: > __printf is useful to verify format and arguments. Fix arg mismatch > reported by gcc, remove the following warnings (with W=1): > > arch/powerpc/kernel/prom_init.c:1467:31: error: format â%xâ expects > argument of type âunsigned intâ, but argument 2 has type âlong unsigned > intâ [-Werror=format=] > arch/powerpc/kernel/prom_init.c:1471:31: error: format â%xâ expects > argument of type âunsigned intâ, but argument 2 has type âlong unsigned > intâ [-Werror=format=] > arch/powerpc/kernel/prom_init.c:1504:33: error: format â%xâ expects > argument of type âunsigned intâ, but argument 2 has type âlong unsigned > intâ [-Werror=format=] > arch/powerpc/kernel/prom_init.c:1505:33: error: format â%xâ expects > argument of type âunsigned intâ, but argument 2 has type âlong unsigned > intâ [-Werror=format=] > arch/powerpc/kernel/prom_init.c:1506:33: error: format â%xâ expects > argument of type âunsigned intâ, but argument 2 has type âlong unsigned > intâ [-Werror=format=] > arch/powerpc/kernel/prom_init.c:1507:33: error: format â%xâ expects > argument of type âunsigned intâ, but argument 2 has type âlong unsigned > intâ [-Werror=format=] > arch/powerpc/kernel/prom_init.c:1508:33: error: format â%xâ expects > argument of type âunsigned intâ, but argument 2 has type âlong unsigned > intâ [-Werror=format=] > arch/powerpc/kernel/prom_init.c:1509:33: error: format â%xâ expects > argument of type âunsigned intâ, but argument 2 has type âlong unsigned > intâ [-Werror=format=] > arch/powerpc/kernel/prom_init.c:1975:39: error: format â%luâ expects > argument of type âlong unsigned intâ, but argument 2 has type âunsigned > intâ [-Werror=format=] > arch/powerpc/kernel/prom_init.c:1986:27: error: format â%xâ expects > argument of type âunsigned intâ, but argument 2 has type âlong unsigned > intâ [-Werror=format=] > arch/powerpc/kernel/prom_init.c:2567:38: error: format â%xâ expects > argument of type âunsigned intâ, but argument 2 has type âlong unsigned > intâ [-Werror=format=] > arch/powerpc/kernel/prom_init.c:2567:46: error: format â%xâ expects > argument of type âunsigned intâ, but argument 3 has type âlong unsigned > intâ [-Werror=format=] > arch/powerpc/kernel/prom_init.c:2569:38: error: format â%xâ expects > argument of type âunsigned intâ, but argument 2 has type âlong unsigned > intâ [-Werror=format=] > arch/powerpc/kernel/prom_init.c:2569:46: error: format â%xâ expects > argument of type âunsigned intâ, but argument 3 has type âlong unsigned > intâ [-Werror=format=] > > The patch also include arg mismatch fix for case with #define DEBUG_PROM > (warning not listed here). > > This patch fix also the following warnings revealed by checkpatch: > > WARNING: Prefer using '"%s...", __func__' to using 'alloc_up', this > function's name, in a string > #101: FILE: arch/powerpc/kernel/prom_init.c:1235: > + prom_debug("alloc_up(%lx, %lx)\n", size, align); > > and > > WARNING: Prefer using '"%s...", __func__' to using 'alloc_down', this > function's name, in a string > #138: FILE: arch/powerpc/kernel/prom_init.c:1278: > + prom_debug("alloc_down(%lx, %lx, %s)\n", size, align, > > Signed-off-by: Mathieu MalaterreApplied to powerpc next, thanks. https://git.kernel.org/powerpc/c/eae5f709a4d738c52b6ab636981755 cheers
Re: [v3,19/19] powerpc/tau: Synchronize function prototypes and body
On Wed, 2018-04-04 at 20:10:28 UTC, Mathieu Malaterre wrote: > Some function prototypes and body for Thermal Assist Units were not in > sync. Update the function definition to match the existing function > declaration found in `setup-common.c`, changing an `int` return type to a > `u32` return type. Move the prototypes to a header file. Fix the following > warnings, treated as error with W=1: > > arch/powerpc/kernel/tau_6xx.c:257:5: error: no previous prototype for > âcpu_temp_bothâ [-Werror=missing-prototypes] > arch/powerpc/kernel/tau_6xx.c:262:5: error: no previous prototype for > âcpu_tempâ [-Werror=missing-prototypes] > arch/powerpc/kernel/tau_6xx.c:267:5: error: no previous prototype for > âtau_interruptsâ [-Werror=missing-prototypes] > > Compile tested with CONFIG_TAU_INT. > > Suggested-by: Christophe Leroy> Signed-off-by: Mathieu Malaterre Applied to powerpc next, thanks. https://git.kernel.org/powerpc/c/bd13ac95f954570e01fba5a6caf771 cheers
Re: [v3,15/19] powerpc: Add missing prototype
On Wed, 2018-04-04 at 20:11:42 UTC, Mathieu Malaterre wrote: > Add one missing prototype for function rh_dump_blk. Fix warning treated as > error in W=1: > > arch/powerpc/lib/rheap.c:740:6: error: no previous prototype for > ârh_dump_blkâ [-Werror=missing-prototypes] > > Suggested-by: Christophe Leroy> Signed-off-by: Mathieu Malaterre Applied to powerpc next, thanks. https://git.kernel.org/powerpc/c/3fc5ee9b2846db2eaddeadf089ef25 cheers
Re: [v3,13/19] powerpc/52xx: Add missing functions prototypes
On Wed, 2018-04-04 at 20:12:30 UTC, Mathieu Malaterre wrote: > The function prototypes were declared within a `#ifdef CONFIG_PPC_LITE5200` > block which would prevent them from being visible when compiling > `mpc52xx_pm.c`. Move the prototypes outside of the `#ifdef` block to fix > the following warnings treated as errors with W=1: > > arch/powerpc/platforms/52xx/mpc52xx_pm.c:58:5: error: no previous prototype > for âmpc52xx_pm_prepareâ [-Werror=missing-prototypes] > arch/powerpc/platforms/52xx/mpc52xx_pm.c:113:5: error: no previous > prototype for âmpc52xx_pm_enterâ [-Werror=missing-prototypes] > arch/powerpc/platforms/52xx/mpc52xx_pm.c:181:6: error: no previous > prototype for âmpc52xx_pm_finishâ [-Werror=missing-prototypes] > > Suggested-by: Christophe Leroy> Signed-off-by: Mathieu Malaterre Applied to powerpc next, thanks. https://git.kernel.org/powerpc/c/c3f0515ea1277558e7c0c3240d17c7 cheers
Re: [v3, 12/19] powerpc/powermac: Add missing prototype for note_bootable_part()
On Wed, 2018-04-04 at 20:13:05 UTC, Mathieu Malaterre wrote: > Add a missing prototype for function `note_bootable_part` to silence a > warning treated as error with W=1: > > arch/powerpc/platforms/powermac/setup.c:361:12: error: no previous > prototype for ânote_bootable_partâ [-Werror=missing-prototypes] > > Suggested-by: Christophe Leroy> Signed-off-by: Mathieu Malaterre Applied to powerpc next, thanks. https://git.kernel.org/powerpc/c/f72cf3f1d49f2c35d6cb682af2e8c9 cheers
Re: [v3, 11/19] powerpc/powermac: Move pmac_pfunc_base_install prototype to header file
On Wed, 2018-04-04 at 20:13:55 UTC, Mathieu Malaterre wrote: > The pmac_pfunc_base_install prototype was declared in powermac/smp.c since > function was used there, move it to pmac_pfunc.h header to be visible in > pfunc_base.c. Fix a warning treated as error with W=1: > > arch/powerpc/platforms/powermac/pfunc_base.c:330:12: error: no previous > prototype for âpmac_pfunc_base_installâ [-Werror=missing-prototypes] > > Suggested-by: Christophe Leroy> Signed-off-by: Mathieu Malaterre Applied to powerpc next, thanks. https://git.kernel.org/powerpc/c/f91d5998996819eaf194ff48e00d49 cheers
Re: [v3,09/19] powerpc/chrp/pci: Make some functions static
On Wed, 2018-04-04 at 20:15:03 UTC, Mathieu Malaterre wrote: > These functions can all be static, make it so. Fix warnings treated as > errors with W=1: > > arch/powerpc/platforms/chrp/pci.c:34:5: error: no previous prototype for > âgg2_read_configâ [-Werror=missing-prototypes] > arch/powerpc/platforms/chrp/pci.c:61:5: error: no previous prototype for > âgg2_write_configâ [-Werror=missing-prototypes] > arch/powerpc/platforms/chrp/pci.c:97:5: error: no previous prototype for > ârtas_read_configâ [-Werror=missing-prototypes] > arch/powerpc/platforms/chrp/pci.c:112:5: error: no previous prototype for > ârtas_write_configâ [-Werror=missing-prototypes] > > Signed-off-by: Mathieu MalaterreApplied to powerpc next, thanks. https://git.kernel.org/powerpc/c/910be6be6c00e6d33d47985586c392 cheers
Re: [v3, 05/19] powerpc/chrp/setup: Remove idu_size variable and make some functions static
On Wed, 2018-04-04 at 20:09:11 UTC, Mathieu Malaterre wrote: > Remove variable declaration idu_size and associated code since not used. > > These functions can all be static, make it so. Fix warnings treated as > errors with W=1: > > arch/powerpc/platforms/chrp/setup.c:97:6: error: no previous prototype for > âchrp_show_cpuinfoâ [-Werror=missing-prototypes] > arch/powerpc/platforms/chrp/setup.c:302:13: error: no previous prototype > for âchrp_setup_archâ [-Werror=missing-prototypes] > arch/powerpc/platforms/chrp/setup.c:385:16: error: variable âidu_sizeâ > set but not used [-Werror=unused-but-set-variable] > arch/powerpc/platforms/chrp/setup.c:526:13: error: no previous prototype > for âchrp_init_IRQâ [-Werror=missing-prototypes] > arch/powerpc/platforms/chrp/setup.c:559:1: error: no previous prototype for > âchrp_init2â [-Werror=missing-prototypes] > > Suggested-by: Christophe Leroy> Signed-off-by: Mathieu Malaterre Applied to powerpc next, thanks. https://git.kernel.org/powerpc/c/f0e0b86638e9df6731b1d61c71ae18 cheers
Re: [v3,01/19] powerpc/powermac: Mark variable x as unused
On Wed, 2018-04-04 at 20:07:46 UTC, Mathieu Malaterre wrote: > Since the value of x is never intended to be read, declare it with gcc > attribute as unused. Fix warning treated as error with W=1: > > arch/powerpc/platforms/powermac/bootx_init.c:471:21: error: variable > âxâ set but not used [-Werror=unused-but-set-variable] > > Suggested-by: Christophe Leroy> Signed-off-by: Mathieu Malaterre Applied to powerpc next, thanks. https://git.kernel.org/powerpc/c/5a4b475cf8511da721f20ba432c244 cheers
Re: [v3] powerpc/altivec: Add missing prototypes for altivec
On Wed, 2018-03-28 at 18:55:25 UTC, Mathieu Malaterre wrote: > Some functions prototypes were missing for the non-altivec code. Add the > missing prototypes in a new header file, fix warnings treated as errors > with W=1: > > arch/powerpc/lib/xor_vmx_glue.c:18:6: error: no previous prototype for > âxor_altivec_2â [-Werror=missing-prototypes] > arch/powerpc/lib/xor_vmx_glue.c:29:6: error: no previous prototype for > âxor_altivec_3â [-Werror=missing-prototypes] > arch/powerpc/lib/xor_vmx_glue.c:40:6: error: no previous prototype for > âxor_altivec_4â [-Werror=missing-prototypes] > arch/powerpc/lib/xor_vmx_glue.c:52:6: error: no previous prototype for > âxor_altivec_5â [-Werror=missing-prototypes] > > The prototypes were already present in but this header file is > meant to be included after . Trying to re-use > directly would lead to warnings such as: > > arch/powerpc/include/asm/xor.h:39:15: error: variable > âxor_block_altivecâ has initializer but incomplete type > > Trying to re-use after in > xor_vmx_glue.c would in turn trigger the following warnings: > > include/asm-generic/xor.h:688:34: error: âxor_block_32regsâ defined but > not used [-Werror=unused-variable] > > Signed-off-by: Mathieu MalaterreApplied to powerpc next, thanks. https://git.kernel.org/powerpc/c/7cf76a68f1bcf69214da2812e8f615 cheers
Re: [v2] xmon: Use __printf markup to silence compiler
On Sun, 2018-03-25 at 09:06:47 UTC, Mathieu Malaterre wrote: > Update the other prototype declarations in asm/xmon.h. > > Silence warnings (triggered at W=1) by adding relevant __printf attribute. > Move #define at bottom of the file to prevent conflict with gcc attribute. > > Solve the original warning: > > arch/powerpc/xmon/nonstdio.c:178:2: error: function might be possible > candidate for âgnu_printfâ format attribute > [-Werror=suggest-attribute=format] > > In turn this uncovered the following (partial list) warnings (treated as > errors with W=1): > > arch/powerpc/xmon/xmon.c:2866:17: error: format â%xâ expects argument > of type âunsigned intâ, but argument 2 has type âunsigned char *â > [-Werror=format=] > arch/powerpc/xmon/xmon.c:1607:31: error: format â%lxâ expects argument > of type âlong unsigned intâ, but argument 4 has type âstruct pt_regs > *â [-Werror=format=] > arch/powerpc/xmon/xmon.c:1611:9: error: too many arguments for format > [-Werror=format-extra-args] > arch/powerpc/xmon/xmon.c:1623:26: error: format â%lxâ expects argument > of type âlong unsigned intâ, but argument 2 has type âstruct > task_struct *â [-Werror=format=] > arch/powerpc/xmon/xmon.c:630:36: error: format â%lxâ expects argument > of type âlong unsigned intâ, but argument 2 has type âintâ > [-Werror=format=] > arch/powerpc/xmon/xmon.c:1392:15: error: format â%xâ expects argument > of type âunsigned intâ, but argument 2 has type âlong intâ > [-Werror=format=] > arch/powerpc/xmon/xmon.c:2570:16: error: format â%lxâ expects argument > of type âlong unsigned intâ, but argument 3 has type âu64 {aka long > long unsigned int}â [-Werror=format=] > arch/powerpc/xmon/xmon.c:1629:25: error: format â%ldâ expects argument > of type âlong intâ, but argument 2 has type âpid_t {aka int}â > [-Werror=format=] > arch/powerpc/xmon/xmon.c:1168:18: error: format â%xâ expects argument > of type âunsigned intâ, but argument 2 has type âlong unsigned intâ > [-Werror=format=] > arch/powerpc/xmon/xmon.c:3016:24: error: format â%lxâ expects argument > of type âlong unsigned intâ, but argument 2 has type âpgd_t * {aka > struct *}â [-Werror=format=] > arch/powerpc/xmon/xmon.c:2339:9: error: format â%lxâ expects argument > of type âlong unsigned intâ, but argument 5 has type âu64 {aka long > long unsigned int}â [-Werror=format=] > arch/powerpc/xmon/xmon.c:2339:9: error: format â%llxâ expects argument > of type âlong long unsigned intâ, but argument 5 has type âlong > unsigned intâ [-Werror=format=] > arch/powerpc/xmon/xmon.c:3827:10: error: format â%pâ expects argument > of type âvoid *â, but argument 4 has type âlong long unsigned intâ > [-Werror=format=] > arch/powerpc/xmon/xmon.c:3896:50: error: format â%dâ expects argument > of type âintâ, but argument 2 has type âlong unsigned intâ > [-Werror=format=] > arch/powerpc/xmon/spu-dis.c:137:18: error: format â%dâ expects argument > of type âintâ, but argument 2 has type âlong unsigned intâ > [-Werror=format=] > arch/powerpc/xmon/xmon.c:3827:10: error: format â%dâ expects argument > of type âintâ, but argument 4 has type âu64 {aka long long unsigned > int}â [-Werror=format=] > arch/powerpc/xmon/xmon.c:1665:17: error: format â%ldâ expects argument > of type âlong intâ, but argument 2 has type âintâ [-Werror=format=] > arch/powerpc/xmon/xmon.c:2339:9: error: '#' flag used with â%pâ > gnu_printf format [-Werror=format=] > > Signed-off-by: Mathieu MalaterreApplied to powerpc next, thanks. https://git.kernel.org/powerpc/c/e70d8f55268ba95f00c61857df2bab cheers
Re: [18/19] powerpc: Add a missing include header
On Thu, 2018-03-22 at 20:20:04 UTC, Mathieu Malaterre wrote: > The header file was missing from the includes. Fix the > following warning, treated as error with W=1: > > arch/powerpc/kernel/vecemu.c:260:5: error: no previous prototype for > âemulate_altivecâ [-Werror=missing-prototypes] > > Signed-off-by: Mathieu MalaterreApplied to powerpc next, thanks. https://git.kernel.org/powerpc/c/d647b210ac738b401c7f824bbebdcb cheers
Re: [17/19] powerpc/32: Add a missing include header
On Thu, 2018-03-22 at 20:20:03 UTC, Mathieu Malaterre wrote: > The header file was missing from the includes. Fix the > following warning, treated as error with W=1: > > arch/powerpc/kernel/pci_32.c:286:6: error: no previous prototype for > âsys_pciconfig_iobaseâ [-Werror=missing-prototypes] > > Signed-off-by: Mathieu MalaterreApplied to powerpc next, thanks. https://git.kernel.org/powerpc/c/c89ca593220931c150cffda24b4d4c cheers
Re: [10/19] powerpc/chrp/time: Make some functions static, add missing header include
On Thu, 2018-03-22 at 20:19:56 UTC, Mathieu Malaterre wrote: > Add a missing include . > > These functions can all be static, make it so. Fix warnings treated as > errors with W=1: > > arch/powerpc/platforms/chrp/time.c:41:13: error: no previous prototype for > âchrp_time_initâ [-Werror=missing-prototypes] > arch/powerpc/platforms/chrp/time.c:66:5: error: no previous prototype for > âchrp_cmos_clock_readâ [-Werror=missing-prototypes] > arch/powerpc/platforms/chrp/time.c:74:6: error: no previous prototype for > âchrp_cmos_clock_writeâ [-Werror=missing-prototypes] > arch/powerpc/platforms/chrp/time.c:86:5: error: no previous prototype for > âchrp_set_rtc_timeâ [-Werror=missing-prototypes] > arch/powerpc/platforms/chrp/time.c:130:6: error: no previous prototype for > âchrp_get_rtc_timeâ [-Werror=missing-prototypes] > > Signed-off-by: Mathieu MalaterreApplied to powerpc next, thanks. https://git.kernel.org/powerpc/c/b87a358b4a1421abd544c0b554b1b7 cheers
Re: [08/19] powerpc/tau: Make some function static
On Thu, 2018-03-22 at 20:19:54 UTC, Mathieu Malaterre wrote: > These functions can all be static, make it so. Fix warnings treated as > errors with W=1: > > arch/powerpc/kernel/tau_6xx.c:53:6: error: no previous prototype for > âset_thresholdsâ [-Werror=missing-prototypes] > arch/powerpc/kernel/tau_6xx.c:73:6: error: no previous prototype for > âTAUupdateâ [-Werror=missing-prototypes] > arch/powerpc/kernel/tau_6xx.c:208:13: error: no previous prototype for > âTAU_init_smpâ [-Werror=missing-prototypes] > arch/powerpc/kernel/tau_6xx.c:220:12: error: no previous prototype for > âTAU_initâ [-Werror=missing-prototypes] > arch/powerpc/kernel/tau_6xx.c:126:6: error: no previous prototype for > âTAUExceptionâ [-Werror=missing-prototypes] > > Signed-off-by: Mathieu MalaterreApplied to powerpc next, thanks. https://git.kernel.org/powerpc/c/9e0d86cd2d749998c3792059221cef cheers
Re: [06/19] powerpc: Make function btext_initialize static
On Thu, 2018-03-22 at 20:19:52 UTC, Mathieu Malaterre wrote: > This function can be static, make it so, this fix a warning treated as > error with W=1: > > arch/powerpc/kernel/btext.c:173:5: error: no previous prototype for > âbtext_initializeâ [-Werror=missing-prototypes] > > Signed-off-by: Mathieu MalaterreApplied to powerpc next, thanks. https://git.kernel.org/powerpc/c/86e11b6e9c56e605475462bf9ba7c1 cheers
Re: [PATCH v2 2/2] selftests/powerpc: Add test to verify rfi flush across a system call
Michael Ellerman wrote: "Naveen N. Rao"writes: Michael Ellerman wrote: "Naveen N. Rao" writes: diff --git a/tools/testing/selftests/powerpc/security/rfi_flush.c b/tools/testing/selftests/powerpc/security/rfi_flush.c new file mode 100644 index ..a20fe8eca161 --- /dev/null +++ b/tools/testing/selftests/powerpc/security/rfi_flush.c @@ -0,0 +1,132 @@ ... + +int rfi_flush_test(void) +{ + char *p; + int repetitions = 10; + int fd, passes = 0, iter, rc = 0; + struct perf_event_read v; + uint64_t l1d_misses_total = 0; + unsigned long iterations = 10, zero_size = 24*1024; + int rfi_flush_org, rfi_flush; + + SKIP_IF(geteuid() != 0); + + if (read_debugfs_file("powerpc/rfi_flush", _flush_org)) { + perror("error reading powerpc/rfi_flush debugfs file"); + printf("unable to determine current rfi_flush setting"); + return 1; + } This leads to a hard error on old kernels, which I don't want (breaks my CI). Hmm... didn't realize new tests would be run on older kernels. Are those older stable/distro releases, or actually just earlier kernel versions? All of the above :) Obviously keeping all the tests working across all kernel versions ever is impossible, but when it's relatively easy like in this case, it's nice to do. So that was mostly just an FYI, I don't expect test writers to get their tests running across all kernel versions. Good to know, thanks! - Naveen
Re: [PATCH stable 4.14 00/23] powerpc backports for 4.14
On Fri, May 25, 2018 at 09:03:11PM +1000, Michael Ellerman wrote: > Michael Ellermanwrites: > > Hi Greg, > > > > Please queue up this series of patches for 4.14 if you have no objections. > > I just realised I didn't fix up the cherry-pick markings on these, so > they still say eg: > > (cherry picked from commit bdcb1aefc5b3f7d0f1dc8b02673602bca2ff7a4b) > > Not the proper "commit bdcb1... upstream" style. > > I'll hold off resending in case you have some sed magic to fix that, but > let me know if you'd like me to do it and resend the series. I don't have any sed magic for that, sorry. Can you fix up and resend? thanks, greg k-h
Re: [PATCH stable 4.14 00/23] powerpc backports for 4.14
Michael Ellermanwrites: > Hi Greg, > > Please queue up this series of patches for 4.14 if you have no objections. I just realised I didn't fix up the cherry-pick markings on these, so they still say eg: (cherry picked from commit bdcb1aefc5b3f7d0f1dc8b02673602bca2ff7a4b) Not the proper "commit bdcb1... upstream" style. I'll hold off resending in case you have some sed magic to fix that, but let me know if you'd like me to do it and resend the series. cheers
Re: [PATCH] cpuidle/powernv : init all present cpus for deep states
Akshay Adigawrites: > Yes this needs to be sent to stable. > > Fixes: d405a98c ("powerpc/powernv: Move cpuidle related code from setup.c > to new file") Is that really the commit that introduced the bug? :) Seems like it's more likely this one: Fixes: 77b54e9f213f ("powernv/powerpc: Add winkle support for offline cpus") It's true that because the code was moved in d405a98c we won't be able to automatically backport the fix past that commit, but we should still identify the right commit in the Fixes tag. cheers
Re: [PATCH] cpuidle/powernv : init all present cpus for deep states
Akshay Adigawrites: > Init all present cpus for deep states instead of "all possible" cpus. > Init fails if the possible cpu is gaurded. Resulting in making only > non-deep states available for cpuidle/hotplug. This is basically the opposite of what we just did for IMC. There we switched from present to possible, to make it work when some CPUs are guarded. Which makes me think we need a better way of dealing with guarded CPUs, because working out which code should use present or possible seems to be basically trial-and-error. I'm not actually sure why Guarded CPUs are showing up as possible but not present, did we do that on purpose or is it just happening by accident? I can merge this, but we need to make this less bug prone in future. cheers > diff --git a/arch/powerpc/platforms/powernv/idle.c > b/arch/powerpc/platforms/powernv/idle.c > index 1f12ab1..1c5d067 100644 > --- a/arch/powerpc/platforms/powernv/idle.c > +++ b/arch/powerpc/platforms/powernv/idle.c > @@ -79,7 +79,7 @@ static int pnv_save_sprs_for_deep_states(void) > uint64_t msr_val = MSR_IDLE; > uint64_t psscr_val = pnv_deepest_stop_psscr_val; > > - for_each_possible_cpu(cpu) { > + for_each_present_cpu(cpu) { > uint64_t pir = get_hard_smp_processor_id(cpu); > uint64_t hsprg0_val = (uint64_t)paca_ptrs[cpu]; > > @@ -814,7 +814,7 @@ static int __init pnv_init_idle_states(void) > int cpu; > > pr_info("powernv: idle: Saving PACA pointers of all CPUs in > their thread sibling PACA\n"); > - for_each_possible_cpu(cpu) { > + for_each_present_cpu(cpu) { > int base_cpu = cpu_first_thread_sibling(cpu); > int idx = cpu_thread_in_core(cpu); > int i; > -- > 2.5.5
Re: [PATCH v2 2/2] selftests/powerpc: Add test to verify rfi flush across a system call
"Naveen N. Rao"writes: > Michael Ellerman wrote: >> "Naveen N. Rao" writes: >>> diff --git a/tools/testing/selftests/powerpc/security/rfi_flush.c >>> b/tools/testing/selftests/powerpc/security/rfi_flush.c >>> new file mode 100644 >>> index ..a20fe8eca161 >>> --- /dev/null >>> +++ b/tools/testing/selftests/powerpc/security/rfi_flush.c >>> @@ -0,0 +1,132 @@ >> ... >>> + >>> +int rfi_flush_test(void) >>> +{ >>> + char *p; >>> + int repetitions = 10; >>> + int fd, passes = 0, iter, rc = 0; >>> + struct perf_event_read v; >>> + uint64_t l1d_misses_total = 0; >>> + unsigned long iterations = 10, zero_size = 24*1024; >>> + int rfi_flush_org, rfi_flush; >>> + >>> + SKIP_IF(geteuid() != 0); >>> + >>> + if (read_debugfs_file("powerpc/rfi_flush", _flush_org)) { >>> + perror("error reading powerpc/rfi_flush debugfs file"); >>> + printf("unable to determine current rfi_flush setting"); >>> + return 1; >>> + } >> >> This leads to a hard error on old kernels, which I don't want (breaks my CI). > > Hmm... didn't realize new tests would be run on older kernels. Are those > older stable/distro releases, or actually just earlier kernel versions? All of the above :) Obviously keeping all the tests working across all kernel versions ever is impossible, but when it's relatively easy like in this case, it's nice to do. So that was mostly just an FYI, I don't expect test writers to get their tests running across all kernel versions. cheers
Re: [PATCH 2/2] i2c: opal: don't check number of messages in the driver
Wolfram Sangwrites: > Since commit 1eace8344c02 ("i2c: add param sanity check to > i2c_transfer()") and b7f625840267 ("i2c: add quirk checks to core"), the > I2C core does this check now. We can remove it here. > > Signed-off-by: Wolfram Sang > --- > > Only build tested. It will get boot tested by me once it's in linux-next, which hopefully is sufficient for a patch like this. cheers > diff --git a/drivers/i2c/busses/i2c-opal.c b/drivers/i2c/busses/i2c-opal.c > index 0aabb7eca0c5..dc2a23f4fb52 100644 > --- a/drivers/i2c/busses/i2c-opal.c > +++ b/drivers/i2c/busses/i2c-opal.c > @@ -94,8 +94,6 @@ static int i2c_opal_master_xfer(struct i2c_adapter *adap, > struct i2c_msg *msgs, >*/ > memset(, 0, sizeof(req)); > switch(num) { > - case 0: > - return 0; > case 1: > req.type = (msgs[0].flags & I2C_M_RD) ? > OPAL_I2C_RAW_READ : OPAL_I2C_RAW_WRITE; > @@ -114,8 +112,6 @@ static int i2c_opal_master_xfer(struct i2c_adapter *adap, > struct i2c_msg *msgs, > req.size = cpu_to_be32(msgs[1].len); > req.buffer_ra = cpu_to_be64(__pa(msgs[1].buf)); > break; > - default: > - return -EOPNOTSUPP; > } > > rc = i2c_opal_send_request(opal_id, ); > -- > 2.11.0
Re: [PATCH 1/2] selftests/powerpc: Add ptrace tests for Protection Key registers
Thiago Jung Bauermannwrites: > Michael Ellerman writes: >> Thiago Jung Bauermann writes: >>> tools/testing/selftests/powerpc/include/reg.h | 1 + >>> tools/testing/selftests/powerpc/ptrace/Makefile| 5 +- >>> tools/testing/selftests/powerpc/ptrace/child.h | 130 >>> .../testing/selftests/powerpc/ptrace/ptrace-pkey.c | 326 >>> + >> >> This is failing on machines without pkeys: >> >> test: ptrace_pkey >> tags: git_version:52e7d87 >> [FAIL] Test FAILED on line 117 >> [FAIL] Test FAILED on line 191 >> failure: ptrace_pkey >> >> >> I think the first fail is in the child here: >> >> int ptrace_read_regs(pid_t child, unsigned long type, unsigned long regs[], >> int n) >> { >> struct iovec iov; >> long ret; >> >> FAIL_IF(start_trace(child)); >> >> iov.iov_base = regs; >> iov.iov_len = n * sizeof(unsigned long); >> >> ret = ptrace(PTRACE_GETREGSET, child, type, ); >> FAIL_IF(ret != 0); >> >> >> Which makes sense. > > Yes, that is indeed what is going on. > >> The test needs to skip if pkeys are not available/enabled. Using the >> availability of the REGSET might actually be a nice way to detect that, >> because it's read-only. > > I forgot to consider the case of pkeys not available or not enabled, > sorry about that. No worries. > I just sent a v2 which implements your suggestion above. Thanks. cheers
[PATCH stable 4.14 23/23] powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
From: Nicholas PigginOn some CPUs we can prevent a vulnerability related to store-to-load forwarding by preventing store forwarding between privilege domains, by inserting a barrier in kernel entry and exit paths. This is known to be the case on at least Power7, Power8 and Power9 powerpc CPUs. Barriers must be inserted generally before the first load after moving to a higher privilege, and after the last store before moving to a lower privilege, HV and PR privilege transitions must be protected. Barriers are added as patch sections, with all kernel/hypervisor entry points patched, and the exit points to lower privilge levels patched similarly to the RFI flush patching. Firmware advertisement is not implemented yet, so CPU flush types are hard coded. Thanks to Michal Suchánek for bug fixes and review. Signed-off-by: Nicholas Piggin Signed-off-by: Mauricio Faria de Oliveira Signed-off-by: Michael Neuling Signed-off-by: Michal Suchánek Signed-off-by: Michael Ellerman Signed-off-by: Linus Torvalds (cherry picked from commit a048a07d7f4535baa4cbad6bc024f175317ab938) --- arch/powerpc/include/asm/exception-64s.h | 29 ++ arch/powerpc/include/asm/feature-fixups.h| 19 arch/powerpc/include/asm/security_features.h | 11 ++ arch/powerpc/kernel/exceptions-64s.S | 19 +++- arch/powerpc/kernel/security.c | 149 +++ arch/powerpc/kernel/vmlinux.lds.S| 14 +++ arch/powerpc/lib/feature-fixups.c| 115 + arch/powerpc/platforms/powernv/setup.c | 1 + arch/powerpc/platforms/pseries/setup.c | 1 + 9 files changed, 356 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/include/asm/exception-64s.h b/arch/powerpc/include/asm/exception-64s.h index ccf10c2f8899..c3bdd2d8ec90 100644 --- a/arch/powerpc/include/asm/exception-64s.h +++ b/arch/powerpc/include/asm/exception-64s.h @@ -69,6 +69,27 @@ */ #define EX_R3 EX_DAR +#define STF_ENTRY_BARRIER_SLOT \ + STF_ENTRY_BARRIER_FIXUP_SECTION;\ + nop;\ + nop;\ + nop + +#define STF_EXIT_BARRIER_SLOT \ + STF_EXIT_BARRIER_FIXUP_SECTION; \ + nop;\ + nop;\ + nop;\ + nop;\ + nop;\ + nop + +/* + * r10 must be free to use, r13 must be paca + */ +#define INTERRUPT_TO_KERNEL\ + STF_ENTRY_BARRIER_SLOT + /* * Macros for annotating the expected destination of (h)rfid * @@ -85,16 +106,19 @@ rfid #define RFI_TO_USER\ + STF_EXIT_BARRIER_SLOT; \ RFI_FLUSH_SLOT; \ rfid; \ b rfi_flush_fallback #define RFI_TO_USER_OR_KERNEL \ + STF_EXIT_BARRIER_SLOT; \ RFI_FLUSH_SLOT; \ rfid; \ b rfi_flush_fallback #define RFI_TO_GUEST \ + STF_EXIT_BARRIER_SLOT; \ RFI_FLUSH_SLOT; \ rfid; \ b rfi_flush_fallback @@ -103,21 +127,25 @@ hrfid #define HRFI_TO_USER \ + STF_EXIT_BARRIER_SLOT; \ RFI_FLUSH_SLOT; \ hrfid; \ b hrfi_flush_fallback #define HRFI_TO_USER_OR_KERNEL \ + STF_EXIT_BARRIER_SLOT; \ RFI_FLUSH_SLOT; \ hrfid; \ b hrfi_flush_fallback #define HRFI_TO_GUEST
[PATCH stable 4.14 22/23] powerpc/64s: Fix section mismatch warnings from setup_rfi_flush()
The recent LPM changes to setup_rfi_flush() are causing some section mismatch warnings because we removed the __init annotation on setup_rfi_flush(): The function setup_rfi_flush() references the function __init ppc64_bolted_size(). the function __init memblock_alloc_base(). The references are actually in init_fallback_flush(), but that is inlined into setup_rfi_flush(). These references are safe because: - only pseries calls setup_rfi_flush() at runtime - pseries always passes L1D_FLUSH_FALLBACK at boot - so the fallback flush area will always be allocated - so the check in init_fallback_flush() will always return early: /* Only allocate the fallback flush area once (at boot time). */ if (l1d_flush_fallback_area) return; - and therefore we won't actually call the freed init routines. We should rework the code to make it safer by default rather than relying on the above, but for now as a quick-fix just add a __ref annotation to squash the warning. Fixes: abf110f3e1ce ("powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again") Signed-off-by: Michael Ellerman(cherry picked from commit 501a78cbc17c329fabf8e9750a1e9ab810c88a0e) --- arch/powerpc/kernel/setup_64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c index 1146174f45c5..0618aa61b26a 100644 --- a/arch/powerpc/kernel/setup_64.c +++ b/arch/powerpc/kernel/setup_64.c @@ -831,7 +831,7 @@ void rfi_flush_enable(bool enable) rfi_flush = enable; } -static void init_fallback_flush(void) +static void __ref init_fallback_flush(void) { u64 l1d_size, limit; int cpu; -- 2.14.1
[PATCH stable 4.14 21/23] powerpc/pseries: Restore default security feature flags on setup
From: Mauricio Faria de OliveiraAfter migration the security feature flags might have changed (e.g., destination system with unpatched firmware), but some flags are not set/clear again in init_cpu_char_feature_flags() because it assumes the security flags to be the defaults. Additionally, if the H_GET_CPU_CHARACTERISTICS hypercall fails then init_cpu_char_feature_flags() does not run again, which potentially might leave the system in an insecure or sub-optimal configuration. So, just restore the security feature flags to the defaults assumed by init_cpu_char_feature_flags() so it can set/clear them correctly, and to ensure safe settings are in place in case the hypercall fail. Fixes: f636c14790ea ("powerpc/pseries: Set or clear security feature flags") Depends-on: 19887d6a28e2 ("powerpc: Move default security feature flags") Signed-off-by: Mauricio Faria de Oliveira Signed-off-by: Michael Ellerman (cherry picked from commit 6232774f1599028a15418179d17f7df47ede770a) --- arch/powerpc/platforms/pseries/setup.c | 11 +++ 1 file changed, 11 insertions(+) diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c index 3cb12d27f168..1973de3cf355 100644 --- a/arch/powerpc/platforms/pseries/setup.c +++ b/arch/powerpc/platforms/pseries/setup.c @@ -462,6 +462,10 @@ static void __init find_and_init_phbs(void) static void init_cpu_char_feature_flags(struct h_cpu_char_result *result) { + /* +* The features below are disabled by default, so we instead look to see +* if firmware has *enabled* them, and set them if so. +*/ if (result->character & H_CPU_CHAR_SPEC_BAR_ORI31) security_ftr_set(SEC_FTR_SPEC_BAR_ORI31); @@ -501,6 +505,13 @@ void pseries_setup_rfi_flush(void) bool enable; long rc; + /* +* Set features to the defaults assumed by init_cpu_char_feature_flags() +* so it can set/clear again any features that might have changed after +* migration, and in case the hypercall fails and it is not even called. +*/ + powerpc_security_features = SEC_FTR_DEFAULT; + rc = plpar_get_cpu_characteristics(); if (rc == H_SUCCESS) init_cpu_char_feature_flags(); -- 2.14.1
[PATCH stable 4.14 20/23] powerpc: Move default security feature flags
From: Mauricio Faria de OliveiraThis moves the definition of the default security feature flags (i.e., enabled by default) closer to the security feature flags. This can be used to restore current flags to the default flags. Signed-off-by: Mauricio Faria de Oliveira Signed-off-by: Michael Ellerman (cherry picked from commit e7347a86830f38dc3e40c8f7e28c04412b12a2e7) --- arch/powerpc/include/asm/security_features.h | 8 arch/powerpc/kernel/security.c | 7 +-- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/arch/powerpc/include/asm/security_features.h b/arch/powerpc/include/asm/security_features.h index 400a9050e035..fa4d2e1cf772 100644 --- a/arch/powerpc/include/asm/security_features.h +++ b/arch/powerpc/include/asm/security_features.h @@ -63,4 +63,12 @@ static inline bool security_ftr_enabled(unsigned long feature) // Firmware configuration indicates user favours security over performance #define SEC_FTR_FAVOUR_SECURITY0x0200ull + +// Features enabled by default +#define SEC_FTR_DEFAULT \ + (SEC_FTR_L1D_FLUSH_HV | \ +SEC_FTR_L1D_FLUSH_PR | \ +SEC_FTR_BNDS_CHK_SPEC_BAR | \ +SEC_FTR_FAVOUR_SECURITY) + #endif /* _ASM_POWERPC_SECURITY_FEATURES_H */ diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c index 2cee3dcd231b..bab5a27ea805 100644 --- a/arch/powerpc/kernel/security.c +++ b/arch/powerpc/kernel/security.c @@ -11,12 +11,7 @@ #include -unsigned long powerpc_security_features __read_mostly = \ - SEC_FTR_L1D_FLUSH_HV | \ - SEC_FTR_L1D_FLUSH_PR | \ - SEC_FTR_BNDS_CHK_SPEC_BAR | \ - SEC_FTR_FAVOUR_SECURITY; - +unsigned long powerpc_security_features __read_mostly = SEC_FTR_DEFAULT; ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf) { -- 2.14.1
[PATCH stable 4.14 19/23] powerpc/pseries: Fix clearing of security feature flags
From: Mauricio Faria de OliveiraThe H_CPU_BEHAV_* flags should be checked for in the 'behaviour' field of 'struct h_cpu_char_result' -- 'character' is for H_CPU_CHAR_* flags. Found by playing around with QEMU's implementation of the hypercall: H_CPU_CHAR=0xf000 H_CPU_BEHAV=0x This clears H_CPU_BEHAV_FAVOUR_SECURITY and H_CPU_BEHAV_L1D_FLUSH_PR so pseries_setup_rfi_flush() disables 'rfi_flush'; and it also clears H_CPU_CHAR_L1D_THREAD_PRIV flag. So there is no RFI flush mitigation at all for cpu_show_meltdown() to report; but currently it does: Original kernel: # cat /sys/devices/system/cpu/vulnerabilities/meltdown Mitigation: RFI Flush Patched kernel: # cat /sys/devices/system/cpu/vulnerabilities/meltdown Not affected H_CPU_CHAR=0x H_CPU_BEHAV=0xf000 This sets H_CPU_BEHAV_BNDS_CHK_SPEC_BAR so cpu_show_spectre_v1() should report vulnerable; but currently it doesn't: Original kernel: # cat /sys/devices/system/cpu/vulnerabilities/spectre_v1 Not affected Patched kernel: # cat /sys/devices/system/cpu/vulnerabilities/spectre_v1 Vulnerable Brown-paper-bag-by: Michael Ellerman Fixes: f636c14790ea ("powerpc/pseries: Set or clear security feature flags") Signed-off-by: Mauricio Faria de Oliveira Signed-off-by: Michael Ellerman (cherry picked from commit 0f9bdfe3c77091e8704d2e510eb7c2c2c6cde524) --- arch/powerpc/platforms/pseries/setup.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c index ba0a36c577ca..3cb12d27f168 100644 --- a/arch/powerpc/platforms/pseries/setup.c +++ b/arch/powerpc/platforms/pseries/setup.c @@ -484,13 +484,13 @@ static void init_cpu_char_feature_flags(struct h_cpu_char_result *result) * The features below are enabled by default, so we instead look to see * if firmware has *disabled* them, and clear them if so. */ - if (!(result->character & H_CPU_BEHAV_FAVOUR_SECURITY)) + if (!(result->behaviour & H_CPU_BEHAV_FAVOUR_SECURITY)) security_ftr_clear(SEC_FTR_FAVOUR_SECURITY); - if (!(result->character & H_CPU_BEHAV_L1D_FLUSH_PR)) + if (!(result->behaviour & H_CPU_BEHAV_L1D_FLUSH_PR)) security_ftr_clear(SEC_FTR_L1D_FLUSH_PR); - if (!(result->character & H_CPU_BEHAV_BNDS_CHK_SPEC_BAR)) + if (!(result->behaviour & H_CPU_BEHAV_BNDS_CHK_SPEC_BAR)) security_ftr_clear(SEC_FTR_BNDS_CHK_SPEC_BAR); } -- 2.14.1
[PATCH stable 4.14 18/23] powerpc/64s: Wire up cpu_show_spectre_v2()
Add a definition for cpu_show_spectre_v2() to override the generic version. This has several permuations, though in practice some may not occur we cater for any combination. The most verbose is: Mitigation: Indirect branch serialisation (kernel only), Indirect branch cache disabled, ori31 speculation barrier enabled We don't treat the ori31 speculation barrier as a mitigation on its own, because it has to be *used* by code in order to be a mitigation and we don't know if userspace is doing that. So if that's all we see we say: Vulnerable, ori31 speculation barrier enabled Signed-off-by: Michael Ellerman(cherry picked from commit d6fbe1c55c55c6937cbea3531af7da84ab7473c3) --- arch/powerpc/kernel/security.c | 33 + 1 file changed, 33 insertions(+) diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c index 0eace3cac818..2cee3dcd231b 100644 --- a/arch/powerpc/kernel/security.c +++ b/arch/powerpc/kernel/security.c @@ -58,3 +58,36 @@ ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, c return sprintf(buf, "Vulnerable\n"); } + +ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf) +{ + bool bcs, ccd, ori; + struct seq_buf s; + + seq_buf_init(, buf, PAGE_SIZE - 1); + + bcs = security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED); + ccd = security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED); + ori = security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31); + + if (bcs || ccd) { + seq_buf_printf(, "Mitigation: "); + + if (bcs) + seq_buf_printf(, "Indirect branch serialisation (kernel only)"); + + if (bcs && ccd) + seq_buf_printf(, ", "); + + if (ccd) + seq_buf_printf(, "Indirect branch cache disabled"); + } else + seq_buf_printf(, "Vulnerable"); + + if (ori) + seq_buf_printf(, ", ori31 speculation barrier enabled"); + + seq_buf_printf(, "\n"); + + return s.len; +} -- 2.14.1
[PATCH stable 4.14 17/23] powerpc/64s: Wire up cpu_show_spectre_v1()
Add a definition for cpu_show_spectre_v1() to override the generic version. Currently this just prints "Not affected" or "Vulnerable" based on the firmware flag. Although the kernel does have array_index_nospec() in a few places, we haven't yet audited all the powerpc code to see where it's necessary, so for now we don't list that as a mitigation. Signed-off-by: Michael Ellerman(cherry picked from commit 56986016cb8cd9050e601831fe89f332b4e3c46e) --- arch/powerpc/kernel/security.c | 8 1 file changed, 8 insertions(+) diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c index 865db6f8bcca..0eace3cac818 100644 --- a/arch/powerpc/kernel/security.c +++ b/arch/powerpc/kernel/security.c @@ -50,3 +50,11 @@ ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, cha return sprintf(buf, "Vulnerable\n"); } + +ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, char *buf) +{ + if (!security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR)) + return sprintf(buf, "Not affected\n"); + + return sprintf(buf, "Vulnerable\n"); +} -- 2.14.1
[PATCH stable 4.14 16/23] powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
Now that we have the security flags we can simplify the code in pseries_setup_rfi_flush() because the security flags have pessimistic defaults. Signed-off-by: Michael Ellerman(cherry picked from commit 2e4a16161fcd324b1f9bf6cb6856529f7eaf0689) --- arch/powerpc/platforms/pseries/setup.c | 27 --- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c index 65b157a35161..ba0a36c577ca 100644 --- a/arch/powerpc/platforms/pseries/setup.c +++ b/arch/powerpc/platforms/pseries/setup.c @@ -501,30 +501,27 @@ void pseries_setup_rfi_flush(void) bool enable; long rc; - /* Enable by default */ - enable = true; - types = L1D_FLUSH_FALLBACK; - rc = plpar_get_cpu_characteristics(); - if (rc == H_SUCCESS) { + if (rc == H_SUCCESS) init_cpu_char_feature_flags(); - if (result.character & H_CPU_CHAR_L1D_FLUSH_TRIG2) - types |= L1D_FLUSH_MTTRIG; - if (result.character & H_CPU_CHAR_L1D_FLUSH_ORI30) - types |= L1D_FLUSH_ORI; - - if ((!(result.behaviour & H_CPU_BEHAV_L1D_FLUSH_PR)) || - (!(result.behaviour & H_CPU_BEHAV_FAVOUR_SECURITY))) - enable = false; - } - /* * We're the guest so this doesn't apply to us, clear it to simplify * handling of it elsewhere. */ security_ftr_clear(SEC_FTR_L1D_FLUSH_HV); + types = L1D_FLUSH_FALLBACK; + + if (security_ftr_enabled(SEC_FTR_L1D_FLUSH_TRIG2)) + types |= L1D_FLUSH_MTTRIG; + + if (security_ftr_enabled(SEC_FTR_L1D_FLUSH_ORI30)) + types |= L1D_FLUSH_ORI; + + enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) && \ +security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR); + setup_rfi_flush(types, enable); } -- 2.14.1
[PATCH stable 4.14 15/23] powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
Now that we have the security flags we can significantly simplify the code in pnv_setup_rfi_flush(), because we can use the flags instead of checking device tree properties and because the security flags have pessimistic defaults. Signed-off-by: Michael Ellerman(cherry picked from commit 37c0bdd00d3ae83369ab60a6712c28e11e6458d5) --- arch/powerpc/platforms/powernv/setup.c | 41 +- 1 file changed, 10 insertions(+), 31 deletions(-) diff --git a/arch/powerpc/platforms/powernv/setup.c b/arch/powerpc/platforms/powernv/setup.c index 4b7f2c00f870..14a24c63e6b0 100644 --- a/arch/powerpc/platforms/powernv/setup.c +++ b/arch/powerpc/platforms/powernv/setup.c @@ -65,7 +65,7 @@ static void init_fw_feat_flags(struct device_node *np) if (fw_feature_is("enabled", "fw-bcctrl-serialized", np)) security_ftr_set(SEC_FTR_BCCTRL_SERIALISED); - if (fw_feature_is("enabled", "inst-spec-barrier-ori31,31,0", np)) + if (fw_feature_is("enabled", "inst-l1d-flush-ori30,30,0", np)) security_ftr_set(SEC_FTR_L1D_FLUSH_ORI30); if (fw_feature_is("enabled", "inst-l1d-flush-trig2", np)) @@ -98,11 +98,10 @@ static void pnv_setup_rfi_flush(void) { struct device_node *np, *fw_features; enum l1d_flush_type type; - int enable; + bool enable; /* Default to fallback in case fw-features are not available */ type = L1D_FLUSH_FALLBACK; - enable = 1; np = of_find_node_by_name(NULL, "ibm,opal"); fw_features = of_get_child_by_name(np, "fw-features"); @@ -110,40 +109,20 @@ static void pnv_setup_rfi_flush(void) if (fw_features) { init_fw_feat_flags(fw_features); + of_node_put(fw_features); - np = of_get_child_by_name(fw_features, "inst-l1d-flush-trig2"); - if (np && of_property_read_bool(np, "enabled")) + if (security_ftr_enabled(SEC_FTR_L1D_FLUSH_TRIG2)) type = L1D_FLUSH_MTTRIG; - of_node_put(np); - - np = of_get_child_by_name(fw_features, "inst-l1d-flush-ori30,30,0"); - if (np && of_property_read_bool(np, "enabled")) + if (security_ftr_enabled(SEC_FTR_L1D_FLUSH_ORI30)) type = L1D_FLUSH_ORI; - - of_node_put(np); - - /* Enable unless firmware says NOT to */ - enable = 2; - np = of_get_child_by_name(fw_features, "needs-l1d-flush-msr-hv-1-to-0"); - if (np && of_property_read_bool(np, "disabled")) - enable--; - - of_node_put(np); - - np = of_get_child_by_name(fw_features, "needs-l1d-flush-msr-pr-0-to-1"); - if (np && of_property_read_bool(np, "disabled")) - enable--; - - np = of_get_child_by_name(fw_features, "speculation-policy-favor-security"); - if (np && of_property_read_bool(np, "disabled")) - enable = 0; - - of_node_put(np); - of_node_put(fw_features); } - setup_rfi_flush(type, enable > 0); + enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) && \ +(security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR) || \ + security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV)); + + setup_rfi_flush(type, enable); } static void __init pnv_setup_arch(void) -- 2.14.1
[PATCH stable 4.14 14/23] powerpc/64s: Enhance the information in cpu_show_meltdown()
Now that we have the security feature flags we can make the information displayed in the "meltdown" file more informative. Signed-off-by: Michael Ellerman(cherry picked from commit ff348355e9c72493947be337bb4fae4fc1a41eba) --- arch/powerpc/include/asm/security_features.h | 1 + arch/powerpc/kernel/security.c | 30 ++-- 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/include/asm/security_features.h b/arch/powerpc/include/asm/security_features.h index db00ad2c72c2..400a9050e035 100644 --- a/arch/powerpc/include/asm/security_features.h +++ b/arch/powerpc/include/asm/security_features.h @@ -10,6 +10,7 @@ extern unsigned long powerpc_security_features; +extern bool rfi_flush; static inline void security_ftr_set(unsigned long feature) { diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c index 564e7f182a16..865db6f8bcca 100644 --- a/arch/powerpc/kernel/security.c +++ b/arch/powerpc/kernel/security.c @@ -6,6 +6,7 @@ #include #include +#include #include @@ -19,8 +20,33 @@ unsigned long powerpc_security_features __read_mostly = \ ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf) { - if (rfi_flush) - return sprintf(buf, "Mitigation: RFI Flush\n"); + bool thread_priv; + + thread_priv = security_ftr_enabled(SEC_FTR_L1D_THREAD_PRIV); + + if (rfi_flush || thread_priv) { + struct seq_buf s; + seq_buf_init(, buf, PAGE_SIZE - 1); + + seq_buf_printf(, "Mitigation: "); + + if (rfi_flush) + seq_buf_printf(, "RFI Flush"); + + if (rfi_flush && thread_priv) + seq_buf_printf(, ", "); + + if (thread_priv) + seq_buf_printf(, "L1D private per thread"); + + seq_buf_printf(, "\n"); + + return s.len; + } + + if (!security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV) && + !security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR)) + return sprintf(buf, "Not affected\n"); return sprintf(buf, "Vulnerable\n"); } -- 2.14.1
[PATCH stable 4.14 13/23] powerpc/64s: Move cpu_show_meltdown()
This landed in setup_64.c for no good reason other than we had nowhere else to put it. Now that we have a security-related file, that is a better place for it so move it. Signed-off-by: Michael Ellerman(cherry picked from commit 8ad33041563a10b34988800c682ada14b2612533) --- arch/powerpc/kernel/security.c | 11 +++ arch/powerpc/kernel/setup_64.c | 8 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c index 4ccba00d224c..564e7f182a16 100644 --- a/arch/powerpc/kernel/security.c +++ b/arch/powerpc/kernel/security.c @@ -5,6 +5,8 @@ // Copyright 2018, Michael Ellerman, IBM Corporation. #include +#include + #include @@ -13,3 +15,12 @@ unsigned long powerpc_security_features __read_mostly = \ SEC_FTR_L1D_FLUSH_PR | \ SEC_FTR_BNDS_CHK_SPEC_BAR | \ SEC_FTR_FAVOUR_SECURITY; + + +ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf) +{ + if (rfi_flush) + return sprintf(buf, "Mitigation: RFI Flush\n"); + + return sprintf(buf, "Vulnerable\n"); +} diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c index da12b54cbe5c..1146174f45c5 100644 --- a/arch/powerpc/kernel/setup_64.c +++ b/arch/powerpc/kernel/setup_64.c @@ -910,12 +910,4 @@ static __init int rfi_flush_debugfs_init(void) } device_initcall(rfi_flush_debugfs_init); #endif - -ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf) -{ - if (rfi_flush) - return sprintf(buf, "Mitigation: RFI Flush\n"); - - return sprintf(buf, "Vulnerable\n"); -} #endif /* CONFIG_PPC_BOOK3S_64 */ -- 2.14.1
[PATCH stable 4.14 12/23] powerpc/powernv: Set or clear security feature flags
Now that we have feature flags for security related things, set or clear them based on what we see in the device tree provided by firmware. Signed-off-by: Michael Ellerman(cherry picked from commit 77addf6e95c8689e478d607176b399a6242a777e) --- arch/powerpc/platforms/powernv/setup.c | 56 ++ 1 file changed, 56 insertions(+) diff --git a/arch/powerpc/platforms/powernv/setup.c b/arch/powerpc/platforms/powernv/setup.c index 37a7f5ef00b7..4b7f2c00f870 100644 --- a/arch/powerpc/platforms/powernv/setup.c +++ b/arch/powerpc/platforms/powernv/setup.c @@ -37,9 +37,63 @@ #include #include #include +#include #include "powernv.h" + +static bool fw_feature_is(const char *state, const char *name, + struct device_node *fw_features) +{ + struct device_node *np; + bool rc = false; + + np = of_get_child_by_name(fw_features, name); + if (np) { + rc = of_property_read_bool(np, state); + of_node_put(np); + } + + return rc; +} + +static void init_fw_feat_flags(struct device_node *np) +{ + if (fw_feature_is("enabled", "inst-spec-barrier-ori31,31,0", np)) + security_ftr_set(SEC_FTR_SPEC_BAR_ORI31); + + if (fw_feature_is("enabled", "fw-bcctrl-serialized", np)) + security_ftr_set(SEC_FTR_BCCTRL_SERIALISED); + + if (fw_feature_is("enabled", "inst-spec-barrier-ori31,31,0", np)) + security_ftr_set(SEC_FTR_L1D_FLUSH_ORI30); + + if (fw_feature_is("enabled", "inst-l1d-flush-trig2", np)) + security_ftr_set(SEC_FTR_L1D_FLUSH_TRIG2); + + if (fw_feature_is("enabled", "fw-l1d-thread-split", np)) + security_ftr_set(SEC_FTR_L1D_THREAD_PRIV); + + if (fw_feature_is("enabled", "fw-count-cache-disabled", np)) + security_ftr_set(SEC_FTR_COUNT_CACHE_DISABLED); + + /* +* The features below are enabled by default, so we instead look to see +* if firmware has *disabled* them, and clear them if so. +*/ + if (fw_feature_is("disabled", "speculation-policy-favor-security", np)) + security_ftr_clear(SEC_FTR_FAVOUR_SECURITY); + + if (fw_feature_is("disabled", "needs-l1d-flush-msr-pr-0-to-1", np)) + security_ftr_clear(SEC_FTR_L1D_FLUSH_PR); + + if (fw_feature_is("disabled", "needs-l1d-flush-msr-hv-1-to-0", np)) + security_ftr_clear(SEC_FTR_L1D_FLUSH_HV); + + if (fw_feature_is("disabled", "needs-spec-barrier-for-bound-checks", np)) + security_ftr_clear(SEC_FTR_BNDS_CHK_SPEC_BAR); +} + static void pnv_setup_rfi_flush(void) { struct device_node *np, *fw_features; @@ -55,6 +109,8 @@ static void pnv_setup_rfi_flush(void) of_node_put(np); if (fw_features) { + init_fw_feat_flags(fw_features); + np = of_get_child_by_name(fw_features, "inst-l1d-flush-trig2"); if (np && of_property_read_bool(np, "enabled")) type = L1D_FLUSH_MTTRIG; -- 2.14.1
[PATCH stable 4.14 11/23] powerpc/pseries: Set or clear security feature flags
Now that we have feature flags for security related things, set or clear them based on what we receive from the hypercall. Signed-off-by: Michael Ellerman(cherry picked from commit f636c14790ead6cc22cf62279b1f8d7e11a67116) --- arch/powerpc/platforms/pseries/setup.c | 43 ++ 1 file changed, 43 insertions(+) diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c index b2d99b384089..65b157a35161 100644 --- a/arch/powerpc/platforms/pseries/setup.c +++ b/arch/powerpc/platforms/pseries/setup.c @@ -68,6 +68,7 @@ #include #include #include +#include #include "pseries.h" @@ -459,6 +460,40 @@ static void __init find_and_init_phbs(void) of_pci_check_probe_only(); } +static void init_cpu_char_feature_flags(struct h_cpu_char_result *result) +{ + if (result->character & H_CPU_CHAR_SPEC_BAR_ORI31) + security_ftr_set(SEC_FTR_SPEC_BAR_ORI31); + + if (result->character & H_CPU_CHAR_BCCTRL_SERIALISED) + security_ftr_set(SEC_FTR_BCCTRL_SERIALISED); + + if (result->character & H_CPU_CHAR_L1D_FLUSH_ORI30) + security_ftr_set(SEC_FTR_L1D_FLUSH_ORI30); + + if (result->character & H_CPU_CHAR_L1D_FLUSH_TRIG2) + security_ftr_set(SEC_FTR_L1D_FLUSH_TRIG2); + + if (result->character & H_CPU_CHAR_L1D_THREAD_PRIV) + security_ftr_set(SEC_FTR_L1D_THREAD_PRIV); + + if (result->character & H_CPU_CHAR_COUNT_CACHE_DISABLED) + security_ftr_set(SEC_FTR_COUNT_CACHE_DISABLED); + + /* +* The features below are enabled by default, so we instead look to see +* if firmware has *disabled* them, and clear them if so. +*/ + if (!(result->character & H_CPU_BEHAV_FAVOUR_SECURITY)) + security_ftr_clear(SEC_FTR_FAVOUR_SECURITY); + + if (!(result->character & H_CPU_BEHAV_L1D_FLUSH_PR)) + security_ftr_clear(SEC_FTR_L1D_FLUSH_PR); + + if (!(result->character & H_CPU_BEHAV_BNDS_CHK_SPEC_BAR)) + security_ftr_clear(SEC_FTR_BNDS_CHK_SPEC_BAR); +} + void pseries_setup_rfi_flush(void) { struct h_cpu_char_result result; @@ -472,6 +507,8 @@ void pseries_setup_rfi_flush(void) rc = plpar_get_cpu_characteristics(); if (rc == H_SUCCESS) { + init_cpu_char_feature_flags(); + if (result.character & H_CPU_CHAR_L1D_FLUSH_TRIG2) types |= L1D_FLUSH_MTTRIG; if (result.character & H_CPU_CHAR_L1D_FLUSH_ORI30) @@ -482,6 +519,12 @@ void pseries_setup_rfi_flush(void) enable = false; } + /* +* We're the guest so this doesn't apply to us, clear it to simplify +* handling of it elsewhere. +*/ + security_ftr_clear(SEC_FTR_L1D_FLUSH_HV); + setup_rfi_flush(types, enable); } -- 2.14.1
[PATCH stable 4.14 08/23] powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
We might have migrated to a machine that uses a different flush type, or doesn't need flushing at all. Signed-off-by: Michael EllermanSigned-off-by: Mauricio Faria de Oliveira Signed-off-by: Michael Ellerman (cherry picked from commit 921bc6cf807ceb2ab8005319cf39f33494d6b100) --- arch/powerpc/platforms/pseries/mobility.c | 3 +++ arch/powerpc/platforms/pseries/pseries.h | 2 ++ arch/powerpc/platforms/pseries/setup.c| 2 +- 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/powerpc/platforms/pseries/mobility.c b/arch/powerpc/platforms/pseries/mobility.c index f7042ad492ba..fbea7db043fa 100644 --- a/arch/powerpc/platforms/pseries/mobility.c +++ b/arch/powerpc/platforms/pseries/mobility.c @@ -348,6 +348,9 @@ void post_mobility_fixup(void) printk(KERN_ERR "Post-mobility device tree update " "failed: %d\n", rc); + /* Possibly switch to a new RFI flush type */ + pseries_setup_rfi_flush(); + return; } diff --git a/arch/powerpc/platforms/pseries/pseries.h b/arch/powerpc/platforms/pseries/pseries.h index 1ae1d9f4dbe9..27cdcb69fd18 100644 --- a/arch/powerpc/platforms/pseries/pseries.h +++ b/arch/powerpc/platforms/pseries/pseries.h @@ -100,4 +100,6 @@ static inline unsigned long cmo_get_page_size(void) int dlpar_workqueue_init(void); +void pseries_setup_rfi_flush(void); + #endif /* _PSERIES_PSERIES_H */ diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c index 2708ddab209b..b2d99b384089 100644 --- a/arch/powerpc/platforms/pseries/setup.c +++ b/arch/powerpc/platforms/pseries/setup.c @@ -459,7 +459,7 @@ static void __init find_and_init_phbs(void) of_pci_check_probe_only(); } -static void pseries_setup_rfi_flush(void) +void pseries_setup_rfi_flush(void) { struct h_cpu_char_result result; enum l1d_flush_type types; -- 2.14.1
[PATCH stable 4.14 10/23] powerpc: Add security feature flags for Spectre/Meltdown
This commit adds security feature flags to reflect the settings we receive from firmware regarding Spectre/Meltdown mitigations. The feature names reflect the names we are given by firmware on bare metal machines. See the hostboot source for details. Arguably these could be firmware features, but that then requires them to be read early in boot so they're available prior to asm feature patching, but we don't actually want to use them for patching. We may also want to dynamically update them in future, which would be incompatible with the way firmware features work (at the moment at least). So for now just make them separate flags. Signed-off-by: Michael Ellerman(cherry picked from commit 9a868f634349e62922c226834aa23e3d1329ae7f) --- arch/powerpc/include/asm/security_features.h | 65 arch/powerpc/kernel/Makefile | 2 +- arch/powerpc/kernel/security.c | 15 +++ 3 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 arch/powerpc/include/asm/security_features.h create mode 100644 arch/powerpc/kernel/security.c diff --git a/arch/powerpc/include/asm/security_features.h b/arch/powerpc/include/asm/security_features.h new file mode 100644 index ..db00ad2c72c2 --- /dev/null +++ b/arch/powerpc/include/asm/security_features.h @@ -0,0 +1,65 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Security related feature bit definitions. + * + * Copyright 2018, Michael Ellerman, IBM Corporation. + */ + +#ifndef _ASM_POWERPC_SECURITY_FEATURES_H +#define _ASM_POWERPC_SECURITY_FEATURES_H + + +extern unsigned long powerpc_security_features; + +static inline void security_ftr_set(unsigned long feature) +{ + powerpc_security_features |= feature; +} + +static inline void security_ftr_clear(unsigned long feature) +{ + powerpc_security_features &= ~feature; +} + +static inline bool security_ftr_enabled(unsigned long feature) +{ + return !!(powerpc_security_features & feature); +} + + +// Features indicating support for Spectre/Meltdown mitigations + +// The L1-D cache can be flushed with ori r30,r30,0 +#define SEC_FTR_L1D_FLUSH_ORI300x0001ull + +// The L1-D cache can be flushed with mtspr 882,r0 (aka SPRN_TRIG2) +#define SEC_FTR_L1D_FLUSH_TRIG20x0002ull + +// ori r31,r31,0 acts as a speculation barrier +#define SEC_FTR_SPEC_BAR_ORI31 0x0004ull + +// Speculation past bctr is disabled +#define SEC_FTR_BCCTRL_SERIALISED 0x0008ull + +// Entries in L1-D are private to a SMT thread +#define SEC_FTR_L1D_THREAD_PRIV0x0010ull + +// Indirect branch prediction cache disabled +#define SEC_FTR_COUNT_CACHE_DISABLED 0x0020ull + + +// Features indicating need for Spectre/Meltdown mitigations + +// The L1-D cache should be flushed on MSR[HV] 1->0 transition (hypervisor to guest) +#define SEC_FTR_L1D_FLUSH_HV 0x0040ull + +// The L1-D cache should be flushed on MSR[PR] 0->1 transition (kernel to userspace) +#define SEC_FTR_L1D_FLUSH_PR 0x0080ull + +// A speculation barrier should be used for bounds checks (Spectre variant 1) +#define SEC_FTR_BNDS_CHK_SPEC_BAR 0x0100ull + +// Firmware configuration indicates user favours security over performance +#define SEC_FTR_FAVOUR_SECURITY0x0200ull + +#endif /* _ASM_POWERPC_SECURITY_FEATURES_H */ diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile index 6c6cce937dd8..1479c61e29c5 100644 --- a/arch/powerpc/kernel/Makefile +++ b/arch/powerpc/kernel/Makefile @@ -42,7 +42,7 @@ obj-$(CONFIG_VDSO32) += vdso32/ obj-$(CONFIG_PPC_WATCHDOG) += watchdog.o obj-$(CONFIG_HAVE_HW_BREAKPOINT) += hw_breakpoint.o obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_ppc970.o cpu_setup_pa6t.o -obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o +obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o security.o obj-$(CONFIG_PPC_BOOK3S_64)+= mce.o mce_power.o obj-$(CONFIG_PPC_BOOK3E_64)+= exceptions-64e.o idle_book3e.o obj-$(CONFIG_PPC64)+= vdso64/ diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c new file mode 100644 index ..4ccba00d224c --- /dev/null +++ b/arch/powerpc/kernel/security.c @@ -0,0 +1,15 @@ +// SPDX-License-Identifier: GPL-2.0+ +// +// Security related flags and so on. +// +// Copyright 2018, Michael Ellerman, IBM Corporation. + +#include +#include + + +unsigned long powerpc_security_features __read_mostly = \ + SEC_FTR_L1D_FLUSH_HV | \ + SEC_FTR_L1D_FLUSH_PR | \ + SEC_FTR_BNDS_CHK_SPEC_BAR | \ + SEC_FTR_FAVOUR_SECURITY; -- 2.14.1
[PATCH stable 4.14 09/23] powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
Add some additional values which have been defined for the H_GET_CPU_CHARACTERISTICS hypercall. Signed-off-by: Michael Ellerman--- arch/powerpc/include/asm/hvcall.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/powerpc/include/asm/hvcall.h b/arch/powerpc/include/asm/hvcall.h index eca3f9c68907..5a740feb7bd7 100644 --- a/arch/powerpc/include/asm/hvcall.h +++ b/arch/powerpc/include/asm/hvcall.h @@ -337,6 +337,9 @@ #define H_CPU_CHAR_L1D_FLUSH_ORI30 (1ull << 61) // IBM bit 2 #define H_CPU_CHAR_L1D_FLUSH_TRIG2 (1ull << 60) // IBM bit 3 #define H_CPU_CHAR_L1D_THREAD_PRIV (1ull << 59) // IBM bit 4 +#define H_CPU_CHAR_BRANCH_HINTS_HONORED(1ull << 58) // IBM bit 5 +#define H_CPU_CHAR_THREAD_RECONFIG_CTRL(1ull << 57) // IBM bit 6 +#define H_CPU_CHAR_COUNT_CACHE_DISABLED(1ull << 56) // IBM bit 7 #define H_CPU_BEHAV_FAVOUR_SECURITY(1ull << 63) // IBM bit 0 #define H_CPU_BEHAV_L1D_FLUSH_PR (1ull << 62) // IBM bit 1 -- 2.14.1
[PATCH stable 4.14 07/23] powerpc/rfi-flush: Differentiate enabled and patched flush types
From: Mauricio Faria de OliveiraCurrently the rfi-flush messages print 'Using flush' for all enabled_flush_types, but that is not necessarily true -- as now the fallback flush is always enabled on pseries, but the fixup function overwrites its nop/branch slot with other flush types, if available. So, replace the 'Using flush' messages with ' flush is available'. Also, print the patched flush types in the fixup function, so users can know what is (not) being used (e.g., the slower, fallback flush, or no flush type at all if flush is disabled via the debugfs switch). Suggested-by: Michael Ellerman Signed-off-by: Mauricio Faria de Oliveira Signed-off-by: Michael Ellerman (cherry picked from commit 0063d61ccfc011f379a31acaeba6de7c926fed2c) --- arch/powerpc/kernel/setup_64.c| 6 +++--- arch/powerpc/lib/feature-fixups.c | 9 - 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c index ace6a10a242f..da12b54cbe5c 100644 --- a/arch/powerpc/kernel/setup_64.c +++ b/arch/powerpc/kernel/setup_64.c @@ -860,15 +860,15 @@ static void init_fallback_flush(void) void setup_rfi_flush(enum l1d_flush_type types, bool enable) { if (types & L1D_FLUSH_FALLBACK) { - pr_info("rfi-flush: Using fallback displacement flush\n"); + pr_info("rfi-flush: fallback displacement flush available\n"); init_fallback_flush(); } if (types & L1D_FLUSH_ORI) - pr_info("rfi-flush: Using ori type flush\n"); + pr_info("rfi-flush: ori type flush available\n"); if (types & L1D_FLUSH_MTTRIG) - pr_info("rfi-flush: Using mttrig type flush\n"); + pr_info("rfi-flush: mttrig type flush available\n"); enabled_flush_types = types; diff --git a/arch/powerpc/lib/feature-fixups.c b/arch/powerpc/lib/feature-fixups.c index d0c0b8443dcf..8ac72f7d638f 100644 --- a/arch/powerpc/lib/feature-fixups.c +++ b/arch/powerpc/lib/feature-fixups.c @@ -153,7 +153,14 @@ void do_rfi_flush_fixups(enum l1d_flush_type types) patch_instruction(dest + 2, instrs[2]); } - printk(KERN_DEBUG "rfi-flush: patched %d locations\n", i); + printk(KERN_DEBUG "rfi-flush: patched %d locations (%s flush)\n", i, + (types == L1D_FLUSH_NONE) ? "no" : + (types == L1D_FLUSH_FALLBACK) ? "fallback displacement" : + (types & L1D_FLUSH_ORI)? (types & L1D_FLUSH_MTTRIG) + ? "ori+mttrig type" + : "ori type" : + (types & L1D_FLUSH_MTTRIG) ? "mttrig type" + : "unknown"); } #endif /* CONFIG_PPC_BOOK3S_64 */ -- 2.14.1
[PATCH stable 4.14 06/23] powerpc/rfi-flush: Always enable fallback flush on pseries
This ensures the fallback flush area is always allocated on pseries, so in case a LPAR is migrated from a patched to an unpatched system, it is possible to enable the fallback flush in the target system. Signed-off-by: Michael EllermanSigned-off-by: Mauricio Faria de Oliveira Signed-off-by: Michael Ellerman (cherry picked from commit 84749a58b6e382f109abf1e734bc4dd43c2c25bb) --- arch/powerpc/platforms/pseries/setup.c | 10 +- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c index 84e753b5..2708ddab209b 100644 --- a/arch/powerpc/platforms/pseries/setup.c +++ b/arch/powerpc/platforms/pseries/setup.c @@ -468,26 +468,18 @@ static void pseries_setup_rfi_flush(void) /* Enable by default */ enable = true; + types = L1D_FLUSH_FALLBACK; rc = plpar_get_cpu_characteristics(); if (rc == H_SUCCESS) { - types = L1D_FLUSH_NONE; - if (result.character & H_CPU_CHAR_L1D_FLUSH_TRIG2) types |= L1D_FLUSH_MTTRIG; if (result.character & H_CPU_CHAR_L1D_FLUSH_ORI30) types |= L1D_FLUSH_ORI; - /* Use fallback if nothing set in hcall */ - if (types == L1D_FLUSH_NONE) - types = L1D_FLUSH_FALLBACK; - if ((!(result.behaviour & H_CPU_BEHAV_L1D_FLUSH_PR)) || (!(result.behaviour & H_CPU_BEHAV_FAVOUR_SECURITY))) enable = false; - } else { - /* Default to fallback if case hcall is not available */ - types = L1D_FLUSH_FALLBACK; } setup_rfi_flush(types, enable); -- 2.14.1
[PATCH stable 4.14 05/23] powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
For PowerVM migration we want to be able to call setup_rfi_flush() again after we've migrated the partition. To support that we need to check that we're not trying to allocate the fallback flush area after memblock has gone away (i.e., boot-time only). Signed-off-by: Michael EllermanSigned-off-by: Mauricio Faria de Oliveira Signed-off-by: Michael Ellerman (cherry picked from commit abf110f3e1cea40f5ea15e85f5d67c39c14568a7) --- arch/powerpc/include/asm/setup.h | 2 +- arch/powerpc/kernel/setup_64.c | 6 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/include/asm/setup.h b/arch/powerpc/include/asm/setup.h index 469b7fdc9be4..bbcdf929be54 100644 --- a/arch/powerpc/include/asm/setup.h +++ b/arch/powerpc/include/asm/setup.h @@ -49,7 +49,7 @@ enum l1d_flush_type { L1D_FLUSH_MTTRIG= 0x8, }; -void __init setup_rfi_flush(enum l1d_flush_type, bool enable); +void setup_rfi_flush(enum l1d_flush_type, bool enable); void do_rfi_flush_fixups(enum l1d_flush_type types); #endif /* !__ASSEMBLY__ */ diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c index cbb3fb1820ce..ace6a10a242f 100644 --- a/arch/powerpc/kernel/setup_64.c +++ b/arch/powerpc/kernel/setup_64.c @@ -836,6 +836,10 @@ static void init_fallback_flush(void) u64 l1d_size, limit; int cpu; + /* Only allocate the fallback flush area once (at boot time). */ + if (l1d_flush_fallback_area) + return; + l1d_size = ppc64_caches.l1d.size; limit = min(safe_stack_limit(), ppc64_rma_size); @@ -853,7 +857,7 @@ static void init_fallback_flush(void) } } -void __init setup_rfi_flush(enum l1d_flush_type types, bool enable) +void setup_rfi_flush(enum l1d_flush_type types, bool enable) { if (types & L1D_FLUSH_FALLBACK) { pr_info("rfi-flush: Using fallback displacement flush\n"); -- 2.14.1
[PATCH stable 4.14 04/23] powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
rfi_flush_enable() includes a check to see if we're already enabled (or disabled), and in that case does nothing. But that means calling setup_rfi_flush() a 2nd time doesn't actually work, which is a bit confusing. Move that check into the debugfs code, where it really belongs. Signed-off-by: Michael EllermanSigned-off-by: Mauricio Faria de Oliveira Signed-off-by: Michael Ellerman (cherry picked from commit 1e2a9fc7496955faacbbed49461d611b704a7505) --- arch/powerpc/kernel/setup_64.c | 13 - 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c index 333c64a794eb..cbb3fb1820ce 100644 --- a/arch/powerpc/kernel/setup_64.c +++ b/arch/powerpc/kernel/setup_64.c @@ -822,9 +822,6 @@ static void do_nothing(void *unused) void rfi_flush_enable(bool enable) { - if (rfi_flush == enable) - return; - if (enable) { do_rfi_flush_fixups(enabled_flush_types); on_each_cpu(do_nothing, NULL, 1); @@ -878,13 +875,19 @@ void __init setup_rfi_flush(enum l1d_flush_type types, bool enable) #ifdef CONFIG_DEBUG_FS static int rfi_flush_set(void *data, u64 val) { + bool enable; + if (val == 1) - rfi_flush_enable(true); + enable = true; else if (val == 0) - rfi_flush_enable(false); + enable = false; else return -EINVAL; + /* Only do anything if we're changing state */ + if (enable != rfi_flush) + rfi_flush_enable(enable); + return 0; } -- 2.14.1
[PATCH stable 4.14 03/23] powerpc/powernv: Support firmware disable of RFI flush
Some versions of firmware will have a setting that can be configured to disable the RFI flush, add support for it. Fixes: 6e032b350cd1 ("powerpc/powernv: Check device-tree for RFI flush settings") Signed-off-by: Michael Ellerman(cherry picked from commit eb0a2d2620ae431c543963c8c7f08f597366fc60) --- arch/powerpc/platforms/powernv/setup.c | 4 1 file changed, 4 insertions(+) diff --git a/arch/powerpc/platforms/powernv/setup.c b/arch/powerpc/platforms/powernv/setup.c index 7966a314d93a..37a7f5ef00b7 100644 --- a/arch/powerpc/platforms/powernv/setup.c +++ b/arch/powerpc/platforms/powernv/setup.c @@ -79,6 +79,10 @@ static void pnv_setup_rfi_flush(void) if (np && of_property_read_bool(np, "disabled")) enable--; + np = of_get_child_by_name(fw_features, "speculation-policy-favor-security"); + if (np && of_property_read_bool(np, "disabled")) + enable = 0; + of_node_put(np); of_node_put(fw_features); } -- 2.14.1
[PATCH stable 4.14 02/23] powerpc/pseries: Support firmware disable of RFI flush
Some versions of firmware will have a setting that can be configured to disable the RFI flush, add support for it. Fixes: 8989d56878a7 ("powerpc/pseries: Query hypervisor for RFI flush settings") Signed-off-by: Michael Ellerman(cherry picked from commit 582605a429e20ae68fd0b041b2e840af296edd08) --- arch/powerpc/platforms/pseries/setup.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c index ae4f596273b5..84e753b5 100644 --- a/arch/powerpc/platforms/pseries/setup.c +++ b/arch/powerpc/platforms/pseries/setup.c @@ -482,7 +482,8 @@ static void pseries_setup_rfi_flush(void) if (types == L1D_FLUSH_NONE) types = L1D_FLUSH_FALLBACK; - if (!(result.behaviour & H_CPU_BEHAV_L1D_FLUSH_PR)) + if ((!(result.behaviour & H_CPU_BEHAV_L1D_FLUSH_PR)) || + (!(result.behaviour & H_CPU_BEHAV_FAVOUR_SECURITY))) enable = false; } else { /* Default to fallback if case hcall is not available */ -- 2.14.1
[PATCH stable 4.14 01/23] powerpc/64s: Improve RFI L1-D cache flush fallback
From: Nicholas PigginThe fallback RFI flush is used when firmware does not provide a way to flush the cache. It's a "displacement flush" that evicts useful data by displacing it with an uninteresting buffer. The flush has to take care to work with implementation specific cache replacment policies, so the recipe has been in flux. The initial slow but conservative approach is to touch all lines of a congruence class, with dependencies between each load. It has since been determined that a linear pattern of loads without dependencies is sufficient, and is significantly faster. Measuring the speed of a null syscall with RFI fallback flush enabled gives the relative improvement: P8 - 1.83x P9 - 1.75x The flush also becomes simpler and more adaptable to different cache geometries. Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman (cherry picked from commit bdcb1aefc5b3f7d0f1dc8b02673602bca2ff7a4b) --- arch/powerpc/include/asm/paca.h | 3 +- arch/powerpc/kernel/asm-offsets.c| 3 +- arch/powerpc/kernel/exceptions-64s.S | 76 +--- arch/powerpc/kernel/setup_64.c | 13 +- arch/powerpc/xmon/xmon.c | 2 + 5 files changed, 41 insertions(+), 56 deletions(-) diff --git a/arch/powerpc/include/asm/paca.h b/arch/powerpc/include/asm/paca.h index b8366df50d19..e6bd59353e40 100644 --- a/arch/powerpc/include/asm/paca.h +++ b/arch/powerpc/include/asm/paca.h @@ -238,8 +238,7 @@ struct paca_struct { */ u64 exrfi[EX_SIZE] __aligned(0x80); void *rfi_flush_fallback_area; - u64 l1d_flush_congruence; - u64 l1d_flush_sets; + u64 l1d_flush_size; #endif }; diff --git a/arch/powerpc/kernel/asm-offsets.c b/arch/powerpc/kernel/asm-offsets.c index 748cdc4bb89a..2e5ea300258a 100644 --- a/arch/powerpc/kernel/asm-offsets.c +++ b/arch/powerpc/kernel/asm-offsets.c @@ -239,8 +239,7 @@ int main(void) OFFSET(PACA_IN_NMI, paca_struct, in_nmi); OFFSET(PACA_RFI_FLUSH_FALLBACK_AREA, paca_struct, rfi_flush_fallback_area); OFFSET(PACA_EXRFI, paca_struct, exrfi); - OFFSET(PACA_L1D_FLUSH_CONGRUENCE, paca_struct, l1d_flush_congruence); - OFFSET(PACA_L1D_FLUSH_SETS, paca_struct, l1d_flush_sets); + OFFSET(PACA_L1D_FLUSH_SIZE, paca_struct, l1d_flush_size); #endif OFFSET(PACAHWCPUID, paca_struct, hw_cpu_id); diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S index f9ca4bb3d48e..feba0a8d040e 100644 --- a/arch/powerpc/kernel/exceptions-64s.S +++ b/arch/powerpc/kernel/exceptions-64s.S @@ -1440,39 +1440,37 @@ TRAMP_REAL_BEGIN(rfi_flush_fallback) std r9,PACA_EXRFI+EX_R9(r13) std r10,PACA_EXRFI+EX_R10(r13) std r11,PACA_EXRFI+EX_R11(r13) - std r12,PACA_EXRFI+EX_R12(r13) - std r8,PACA_EXRFI+EX_R13(r13) mfctr r9 ld r10,PACA_RFI_FLUSH_FALLBACK_AREA(r13) - ld r11,PACA_L1D_FLUSH_SETS(r13) - ld r12,PACA_L1D_FLUSH_CONGRUENCE(r13) - /* -* The load adresses are at staggered offsets within cachelines, -* which suits some pipelines better (on others it should not -* hurt). -*/ - addir12,r12,8 + ld r11,PACA_L1D_FLUSH_SIZE(r13) + srdir11,r11,(7 + 3) /* 128 byte lines, unrolled 8x */ mtctr r11 DCBT_STOP_ALL_STREAM_IDS(r11) /* Stop prefetch streams */ /* order ld/st prior to dcbt stop all streams with flushing */ sync -1: li r8,0 - .rept 8 /* 8-way set associative */ - ldx r11,r10,r8 - add r8,r8,r12 - xor r11,r11,r11 // Ensure r11 is 0 even if fallback area is not - add r8,r8,r11 // Add 0, this creates a dependency on the ldx - .endr - addir10,r10,128 /* 128 byte cache line */ + + /* +* The load adresses are at staggered offsets within cachelines, +* which suits some pipelines better (on others it should not +* hurt). +*/ +1: + ld r11,(0x80 + 8)*0(r10) + ld r11,(0x80 + 8)*1(r10) + ld r11,(0x80 + 8)*2(r10) + ld r11,(0x80 + 8)*3(r10) + ld r11,(0x80 + 8)*4(r10) + ld r11,(0x80 + 8)*5(r10) + ld r11,(0x80 + 8)*6(r10) + ld r11,(0x80 + 8)*7(r10) + addir10,r10,0x80*8 bdnz1b mtctr r9 ld r9,PACA_EXRFI+EX_R9(r13) ld r10,PACA_EXRFI+EX_R10(r13) ld r11,PACA_EXRFI+EX_R11(r13) - ld r12,PACA_EXRFI+EX_R12(r13) - ld r8,PACA_EXRFI+EX_R13(r13) GET_SCRATCH0(r13); rfid @@ -1482,39 +1480,37 @@ TRAMP_REAL_BEGIN(hrfi_flush_fallback) std r9,PACA_EXRFI+EX_R9(r13) std r10,PACA_EXRFI+EX_R10(r13) std r11,PACA_EXRFI+EX_R11(r13) - std r12,PACA_EXRFI+EX_R12(r13) -
[PATCH stable 4.14 00/23] powerpc backports for 4.14
Hi Greg, Please queue up this series of patches for 4.14 if you have no objections. cheers Mauricio Faria de Oliveira (4): powerpc/rfi-flush: Differentiate enabled and patched flush types powerpc/pseries: Fix clearing of security feature flags powerpc: Move default security feature flags powerpc/pseries: Restore default security feature flags on setup Michael Ellerman (17): powerpc/pseries: Support firmware disable of RFI flush powerpc/powernv: Support firmware disable of RFI flush powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again powerpc/rfi-flush: Always enable fallback flush on pseries powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags powerpc: Add security feature flags for Spectre/Meltdown powerpc/pseries: Set or clear security feature flags powerpc/powernv: Set or clear security feature flags powerpc/64s: Move cpu_show_meltdown() powerpc/64s: Enhance the information in cpu_show_meltdown() powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() powerpc/64s: Wire up cpu_show_spectre_v1() powerpc/64s: Wire up cpu_show_spectre_v2() powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() Nicholas Piggin (2): powerpc/64s: Improve RFI L1-D cache flush fallback powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit arch/powerpc/include/asm/exception-64s.h | 29 arch/powerpc/include/asm/feature-fixups.h| 19 +++ arch/powerpc/include/asm/hvcall.h| 3 + arch/powerpc/include/asm/paca.h | 3 +- arch/powerpc/include/asm/security_features.h | 85 ++ arch/powerpc/include/asm/setup.h | 2 +- arch/powerpc/kernel/Makefile | 2 +- arch/powerpc/kernel/asm-offsets.c| 3 +- arch/powerpc/kernel/exceptions-64s.S | 95 ++- arch/powerpc/kernel/security.c | 237 +++ arch/powerpc/kernel/setup_64.c | 48 ++ arch/powerpc/kernel/vmlinux.lds.S| 14 ++ arch/powerpc/lib/feature-fixups.c| 124 +- arch/powerpc/platforms/powernv/setup.c | 92 --- arch/powerpc/platforms/pseries/mobility.c| 3 + arch/powerpc/platforms/pseries/pseries.h | 2 + arch/powerpc/platforms/pseries/setup.c | 81 +++-- arch/powerpc/xmon/xmon.c | 2 + 18 files changed, 721 insertions(+), 123 deletions(-) create mode 100644 arch/powerpc/include/asm/security_features.h create mode 100644 arch/powerpc/kernel/security.c -- 2.14.1
Re: [PATCH] powerpc/modules: remove unused mod_arch_specific.toc field
On Friday 25 May 2018 09:18 AM, Josh Poimboeuf wrote: The toc field in the mod_arch_specific struct isn't actually used anywhere, so remove it. Also the ftrace-specific fields are now common between 32-bit and 64-bit, so simplify the struct definition a bit by moving them out of the __powerpc64__ #ifdef. Signed-off-by: Josh PoimboeufReviewed-by: Kamalesh Babulal
Re: [PATCH 2/2] selftests/powerpc: Add perf breakpoint test
On Thu, 2018-05-24 at 20:30 +1000, Michael Ellerman wrote: > Michael Neulingwrites: > > > This tests perf hardware breakpoints (ie PERF_TYPE_BREAKPOINT) on > > powerpc. > > This doesn't work for me on a P8 guest: > > test: perf-hwbreak > tags: git_version:bb5602e > !! killing perf-hwbreak > !! child died by signal 15 > failure: perf-hwbreak > > > That means the harness killed it after 2 minutes. > > Sometimes it gets further: > > test: perf-hwbreak > tags: git_version:v4.17-rc3-109-gbb20240fb508 > threads=16 loops=1048576 scalar test > !! killing perf-hwbreak > !! child died by signal 15 > failure: perf-hwbreak > > > Do we just need to bump the timeout up, or is something going wrong > here? Yeah, sorry my bad. The test was trying to randomly test all the combinations. I've rewritten it now to explicitly test all the combinations. This gives it a more consistent runtime. I do randomly vary the loop count but this is only a small variation (~10%) to avoid using a count from a previous test. Mikey