Re: [PATCH stable 4.14 00/23] powerpc backports for 4.14

[Michael Ellerman]

Greg KH  writes:
> On Fri, May 25, 2018 at 09:03:11PM +1000, Michael Ellerman wrote:
>> Michael Ellerman  writes:
>> > Hi Greg,
>> >
>> > Please queue up this series of patches for 4.14 if you have no objections.
>> 
>> I just realised I didn't fix up the cherry-pick markings on these, so
>> they still say eg:
>> 
>>   (cherry picked from commit bdcb1aefc5b3f7d0f1dc8b02673602bca2ff7a4b)
>> 
>> Not the proper "commit bdcb1... upstream" style.
>> 
>> I'll hold off resending in case you have some sed magic to fix that, but
>> let me know if you'd like me to do it and resend the series.
>
> I don't have any sed magic for that, sorry.  Can you fix up and resend?

No worries.

I just resent them.

Below is a script that does it automatically, if you stick it in
.git/hooks/prepare-commit-msg.

cheers

#!/usr/bin/env python2
#
# prepare-commit-msg hook to rewrite git-cherry-pick style commit markers into
# the preferred form for Linux stable.
#
# ie. (cherry pick from commit abc..) -> commit abc.. upstream

import sys, re

patt = re.compile('(?:cherry picked from commit ([a-fA-F0-9]+))')

lines = open(sys.argv[1], 'r').readlines()
for line in lines:
match = patt.search(line)
if match:
lines.remove(line)
lines.insert(1, '\ncommit %s upstream.\n' % match.group(1))
open(sys.argv[1], 'w').writelines(lines)
break

sys.exit(0)

[PATCH stable 4.14 v2 23/23] powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit

[Michael Ellerman]

From: Nicholas Piggin 

commit a048a07d7f4535baa4cbad6bc024f175317ab938 upstream.

On some CPUs we can prevent a vulnerability related to store-to-load
forwarding by preventing store forwarding between privilege domains,
by inserting a barrier in kernel entry and exit paths.

This is known to be the case on at least Power7, Power8 and Power9
powerpc CPUs.

Barriers must be inserted generally before the first load after moving
to a higher privilege, and after the last store before moving to a
lower privilege, HV and PR privilege transitions must be protected.

Barriers are added as patch sections, with all kernel/hypervisor entry
points patched, and the exit points to lower privilge levels patched
similarly to the RFI flush patching.

Firmware advertisement is not implemented yet, so CPU flush types
are hard coded.

Thanks to Michal Suchánek for bug fixes and review.

Signed-off-by: Nicholas Piggin 
Signed-off-by: Mauricio Faria de Oliveira 
Signed-off-by: Michael Neuling 
Signed-off-by: Michal Suchánek 
Signed-off-by: Michael Ellerman 
Signed-off-by: Linus Torvalds 
---
 arch/powerpc/include/asm/exception-64s.h |  29 ++
 arch/powerpc/include/asm/feature-fixups.h|  19 
 arch/powerpc/include/asm/security_features.h |  11 ++
 arch/powerpc/kernel/exceptions-64s.S |  19 +++-
 arch/powerpc/kernel/security.c   | 149 +++
 arch/powerpc/kernel/vmlinux.lds.S|  14 +++
 arch/powerpc/lib/feature-fixups.c| 115 +
 arch/powerpc/platforms/powernv/setup.c   |   1 +
 arch/powerpc/platforms/pseries/setup.c   |   1 +
 9 files changed, 356 insertions(+), 2 deletions(-)

diff --git a/arch/powerpc/include/asm/exception-64s.h 
b/arch/powerpc/include/asm/exception-64s.h
index ccf10c2f8899..c3bdd2d8ec90 100644
--- a/arch/powerpc/include/asm/exception-64s.h
+++ b/arch/powerpc/include/asm/exception-64s.h
@@ -69,6 +69,27 @@
  */
 #define EX_R3  EX_DAR
 
+#define STF_ENTRY_BARRIER_SLOT \
+   STF_ENTRY_BARRIER_FIXUP_SECTION;\
+   nop;\
+   nop;\
+   nop
+
+#define STF_EXIT_BARRIER_SLOT  \
+   STF_EXIT_BARRIER_FIXUP_SECTION; \
+   nop;\
+   nop;\
+   nop;\
+   nop;\
+   nop;\
+   nop
+
+/*
+ * r10 must be free to use, r13 must be paca
+ */
+#define INTERRUPT_TO_KERNEL\
+   STF_ENTRY_BARRIER_SLOT
+
 /*
  * Macros for annotating the expected destination of (h)rfid
  *
@@ -85,16 +106,19 @@
rfid
 
 #define RFI_TO_USER\
+   STF_EXIT_BARRIER_SLOT;  \
RFI_FLUSH_SLOT; \
rfid;   \
b   rfi_flush_fallback
 
 #define RFI_TO_USER_OR_KERNEL  \
+   STF_EXIT_BARRIER_SLOT;  \
RFI_FLUSH_SLOT; \
rfid;   \
b   rfi_flush_fallback
 
 #define RFI_TO_GUEST   \
+   STF_EXIT_BARRIER_SLOT;  \
RFI_FLUSH_SLOT; \
rfid;   \
b   rfi_flush_fallback
@@ -103,21 +127,25 @@
hrfid
 
 #define HRFI_TO_USER   \
+   STF_EXIT_BARRIER_SLOT;  \
RFI_FLUSH_SLOT; \
hrfid;  \
b   hrfi_flush_fallback
 
 #define HRFI_TO_USER_OR_KERNEL \
+   STF_EXIT_BARRIER_SLOT;  \
RFI_FLUSH_SLOT; \
hrfid;  \
b   hrfi_flush_fallback
 
 #define HRFI_TO_GUEST

[PATCH stable 4.14 v2 22/23] powerpc/64s: Fix section mismatch warnings from setup_rfi_flush()

[Michael Ellerman]

commit 501a78cbc17c329fabf8e9750a1e9ab810c88a0e upstream.

The recent LPM changes to setup_rfi_flush() are causing some section
mismatch warnings because we removed the __init annotation on
setup_rfi_flush():

  The function setup_rfi_flush() references
  the function __init ppc64_bolted_size().
  the function __init memblock_alloc_base().

The references are actually in init_fallback_flush(), but that is
inlined into setup_rfi_flush().

These references are safe because:
 - only pseries calls setup_rfi_flush() at runtime
 - pseries always passes L1D_FLUSH_FALLBACK at boot
 - so the fallback flush area will always be allocated
 - so the check in init_fallback_flush() will always return early:
   /* Only allocate the fallback flush area once (at boot time). */
   if (l1d_flush_fallback_area)
return;

 - and therefore we won't actually call the freed init routines.

We should rework the code to make it safer by default rather than
relying on the above, but for now as a quick-fix just add a __ref
annotation to squash the warning.

Fixes: abf110f3e1ce ("powerpc/rfi-flush: Make it possible to call 
setup_rfi_flush() again")
Signed-off-by: Michael Ellerman 
---
 arch/powerpc/kernel/setup_64.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c
index 1146174f45c5..0618aa61b26a 100644
--- a/arch/powerpc/kernel/setup_64.c
+++ b/arch/powerpc/kernel/setup_64.c
@@ -831,7 +831,7 @@ void rfi_flush_enable(bool enable)
rfi_flush = enable;
 }
 
-static void init_fallback_flush(void)
+static void __ref init_fallback_flush(void)
 {
u64 l1d_size, limit;
int cpu;
-- 
2.14.1

[PATCH stable 4.14 v2 21/23] powerpc/pseries: Restore default security feature flags on setup

[Michael Ellerman]

From: Mauricio Faria de Oliveira 

commit 6232774f1599028a15418179d17f7df47ede770a upstream.

After migration the security feature flags might have changed (e.g.,
destination system with unpatched firmware), but some flags are not
set/clear again in init_cpu_char_feature_flags() because it assumes
the security flags to be the defaults.

Additionally, if the H_GET_CPU_CHARACTERISTICS hypercall fails then
init_cpu_char_feature_flags() does not run again, which potentially
might leave the system in an insecure or sub-optimal configuration.

So, just restore the security feature flags to the defaults assumed
by init_cpu_char_feature_flags() so it can set/clear them correctly,
and to ensure safe settings are in place in case the hypercall fail.

Fixes: f636c14790ea ("powerpc/pseries: Set or clear security feature flags")
Depends-on: 19887d6a28e2 ("powerpc: Move default security feature flags")
Signed-off-by: Mauricio Faria de Oliveira 
Signed-off-by: Michael Ellerman 
---
 arch/powerpc/platforms/pseries/setup.c | 11 +++
 1 file changed, 11 insertions(+)

diff --git a/arch/powerpc/platforms/pseries/setup.c 
b/arch/powerpc/platforms/pseries/setup.c
index 3cb12d27f168..1973de3cf355 100644
--- a/arch/powerpc/platforms/pseries/setup.c
+++ b/arch/powerpc/platforms/pseries/setup.c
@@ -462,6 +462,10 @@ static void __init find_and_init_phbs(void)
 
 static void init_cpu_char_feature_flags(struct h_cpu_char_result *result)
 {
+   /*
+* The features below are disabled by default, so we instead look to see
+* if firmware has *enabled* them, and set them if so.
+*/
if (result->character & H_CPU_CHAR_SPEC_BAR_ORI31)
security_ftr_set(SEC_FTR_SPEC_BAR_ORI31);
 
@@ -501,6 +505,13 @@ void pseries_setup_rfi_flush(void)
bool enable;
long rc;
 
+   /*
+* Set features to the defaults assumed by init_cpu_char_feature_flags()
+* so it can set/clear again any features that might have changed after
+* migration, and in case the hypercall fails and it is not even called.
+*/
+   powerpc_security_features = SEC_FTR_DEFAULT;
+
rc = plpar_get_cpu_characteristics();
if (rc == H_SUCCESS)
init_cpu_char_feature_flags();
-- 
2.14.1

[PATCH stable 4.14 v2 20/23] powerpc: Move default security feature flags

[Michael Ellerman]

From: Mauricio Faria de Oliveira 

commit e7347a86830f38dc3e40c8f7e28c04412b12a2e7 upstream.

This moves the definition of the default security feature flags
(i.e., enabled by default) closer to the security feature flags.

This can be used to restore current flags to the default flags.

Signed-off-by: Mauricio Faria de Oliveira 
Signed-off-by: Michael Ellerman 
---
 arch/powerpc/include/asm/security_features.h | 8 
 arch/powerpc/kernel/security.c   | 7 +--
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/arch/powerpc/include/asm/security_features.h 
b/arch/powerpc/include/asm/security_features.h
index 400a9050e035..fa4d2e1cf772 100644
--- a/arch/powerpc/include/asm/security_features.h
+++ b/arch/powerpc/include/asm/security_features.h
@@ -63,4 +63,12 @@ static inline bool security_ftr_enabled(unsigned long 
feature)
 // Firmware configuration indicates user favours security over performance
 #define SEC_FTR_FAVOUR_SECURITY0x0200ull
 
+
+// Features enabled by default
+#define SEC_FTR_DEFAULT \
+   (SEC_FTR_L1D_FLUSH_HV | \
+SEC_FTR_L1D_FLUSH_PR | \
+SEC_FTR_BNDS_CHK_SPEC_BAR | \
+SEC_FTR_FAVOUR_SECURITY)
+
 #endif /* _ASM_POWERPC_SECURITY_FEATURES_H */
diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
index 2cee3dcd231b..bab5a27ea805 100644
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -11,12 +11,7 @@
 #include 
 
 
-unsigned long powerpc_security_features __read_mostly = \
-   SEC_FTR_L1D_FLUSH_HV | \
-   SEC_FTR_L1D_FLUSH_PR | \
-   SEC_FTR_BNDS_CHK_SPEC_BAR | \
-   SEC_FTR_FAVOUR_SECURITY;
-
+unsigned long powerpc_security_features __read_mostly = SEC_FTR_DEFAULT;
 
 ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, 
char *buf)
 {
-- 
2.14.1

[PATCH stable 4.14 v2 19/23] powerpc/pseries: Fix clearing of security feature flags

[Michael Ellerman]

From: Mauricio Faria de Oliveira 

commit 0f9bdfe3c77091e8704d2e510eb7c2c2c6cde524 upstream.

The H_CPU_BEHAV_* flags should be checked for in the 'behaviour' field
of 'struct h_cpu_char_result' -- 'character' is for H_CPU_CHAR_*
flags.

Found by playing around with QEMU's implementation of the hypercall:

  H_CPU_CHAR=0xf000
  H_CPU_BEHAV=0x

  This clears H_CPU_BEHAV_FAVOUR_SECURITY and H_CPU_BEHAV_L1D_FLUSH_PR
  so pseries_setup_rfi_flush() disables 'rfi_flush'; and it also
  clears H_CPU_CHAR_L1D_THREAD_PRIV flag. So there is no RFI flush
  mitigation at all for cpu_show_meltdown() to report; but currently
  it does:

  Original kernel:

# cat /sys/devices/system/cpu/vulnerabilities/meltdown
Mitigation: RFI Flush

  Patched kernel:

# cat /sys/devices/system/cpu/vulnerabilities/meltdown
Not affected

  H_CPU_CHAR=0x
  H_CPU_BEHAV=0xf000

  This sets H_CPU_BEHAV_BNDS_CHK_SPEC_BAR so cpu_show_spectre_v1() should
  report vulnerable; but currently it doesn't:

  Original kernel:

# cat /sys/devices/system/cpu/vulnerabilities/spectre_v1
Not affected

  Patched kernel:

# cat /sys/devices/system/cpu/vulnerabilities/spectre_v1
Vulnerable

Brown-paper-bag-by: Michael Ellerman 
Fixes: f636c14790ea ("powerpc/pseries: Set or clear security feature flags")
Signed-off-by: Mauricio Faria de Oliveira 
Signed-off-by: Michael Ellerman 
---
 arch/powerpc/platforms/pseries/setup.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/arch/powerpc/platforms/pseries/setup.c 
b/arch/powerpc/platforms/pseries/setup.c
index ba0a36c577ca..3cb12d27f168 100644
--- a/arch/powerpc/platforms/pseries/setup.c
+++ b/arch/powerpc/platforms/pseries/setup.c
@@ -484,13 +484,13 @@ static void init_cpu_char_feature_flags(struct 
h_cpu_char_result *result)
 * The features below are enabled by default, so we instead look to see
 * if firmware has *disabled* them, and clear them if so.
 */
-   if (!(result->character & H_CPU_BEHAV_FAVOUR_SECURITY))
+   if (!(result->behaviour & H_CPU_BEHAV_FAVOUR_SECURITY))
security_ftr_clear(SEC_FTR_FAVOUR_SECURITY);
 
-   if (!(result->character & H_CPU_BEHAV_L1D_FLUSH_PR))
+   if (!(result->behaviour & H_CPU_BEHAV_L1D_FLUSH_PR))
security_ftr_clear(SEC_FTR_L1D_FLUSH_PR);
 
-   if (!(result->character & H_CPU_BEHAV_BNDS_CHK_SPEC_BAR))
+   if (!(result->behaviour & H_CPU_BEHAV_BNDS_CHK_SPEC_BAR))
security_ftr_clear(SEC_FTR_BNDS_CHK_SPEC_BAR);
 }
 
-- 
2.14.1

[PATCH stable 4.14 v2 18/23] powerpc/64s: Wire up cpu_show_spectre_v2()

[Michael Ellerman]

commit d6fbe1c55c55c6937cbea3531af7da84ab7473c3 upstream.

Add a definition for cpu_show_spectre_v2() to override the generic
version. This has several permuations, though in practice some may not
occur we cater for any combination.

The most verbose is:

  Mitigation: Indirect branch serialisation (kernel only), Indirect
  branch cache disabled, ori31 speculation barrier enabled

We don't treat the ori31 speculation barrier as a mitigation on its
own, because it has to be *used* by code in order to be a mitigation
and we don't know if userspace is doing that. So if that's all we see
we say:

  Vulnerable, ori31 speculation barrier enabled

Signed-off-by: Michael Ellerman 
---
 arch/powerpc/kernel/security.c | 33 +
 1 file changed, 33 insertions(+)

diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
index 0eace3cac818..2cee3dcd231b 100644
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -58,3 +58,36 @@ ssize_t cpu_show_spectre_v1(struct device *dev, struct 
device_attribute *attr, c
 
return sprintf(buf, "Vulnerable\n");
 }
+
+ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, 
char *buf)
+{
+   bool bcs, ccd, ori;
+   struct seq_buf s;
+
+   seq_buf_init(, buf, PAGE_SIZE - 1);
+
+   bcs = security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED);
+   ccd = security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED);
+   ori = security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31);
+
+   if (bcs || ccd) {
+   seq_buf_printf(, "Mitigation: ");
+
+   if (bcs)
+   seq_buf_printf(, "Indirect branch serialisation 
(kernel only)");
+
+   if (bcs && ccd)
+   seq_buf_printf(, ", ");
+
+   if (ccd)
+   seq_buf_printf(, "Indirect branch cache disabled");
+   } else
+   seq_buf_printf(, "Vulnerable");
+
+   if (ori)
+   seq_buf_printf(, ", ori31 speculation barrier enabled");
+
+   seq_buf_printf(, "\n");
+
+   return s.len;
+}
-- 
2.14.1

[PATCH stable 4.14 v2 17/23] powerpc/64s: Wire up cpu_show_spectre_v1()

[Michael Ellerman]

commit 56986016cb8cd9050e601831fe89f332b4e3c46e upstream.

Add a definition for cpu_show_spectre_v1() to override the generic
version. Currently this just prints "Not affected" or "Vulnerable"
based on the firmware flag.

Although the kernel does have array_index_nospec() in a few places, we
haven't yet audited all the powerpc code to see where it's necessary,
so for now we don't list that as a mitigation.

Signed-off-by: Michael Ellerman 
---
 arch/powerpc/kernel/security.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
index 865db6f8bcca..0eace3cac818 100644
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -50,3 +50,11 @@ ssize_t cpu_show_meltdown(struct device *dev, struct 
device_attribute *attr, cha
 
return sprintf(buf, "Vulnerable\n");
 }
+
+ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, 
char *buf)
+{
+   if (!security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR))
+   return sprintf(buf, "Not affected\n");
+
+   return sprintf(buf, "Vulnerable\n");
+}
-- 
2.14.1

[PATCH stable 4.14 v2 16/23] powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()

[Michael Ellerman]

commit 2e4a16161fcd324b1f9bf6cb6856529f7eaf0689 upstream.

Now that we have the security flags we can simplify the code in
pseries_setup_rfi_flush() because the security flags have pessimistic
defaults.

Signed-off-by: Michael Ellerman 
---
 arch/powerpc/platforms/pseries/setup.c | 27 ---
 1 file changed, 12 insertions(+), 15 deletions(-)

diff --git a/arch/powerpc/platforms/pseries/setup.c 
b/arch/powerpc/platforms/pseries/setup.c
index 65b157a35161..ba0a36c577ca 100644
--- a/arch/powerpc/platforms/pseries/setup.c
+++ b/arch/powerpc/platforms/pseries/setup.c
@@ -501,30 +501,27 @@ void pseries_setup_rfi_flush(void)
bool enable;
long rc;
 
-   /* Enable by default */
-   enable = true;
-   types = L1D_FLUSH_FALLBACK;
-
rc = plpar_get_cpu_characteristics();
-   if (rc == H_SUCCESS) {
+   if (rc == H_SUCCESS)
init_cpu_char_feature_flags();
 
-   if (result.character & H_CPU_CHAR_L1D_FLUSH_TRIG2)
-   types |= L1D_FLUSH_MTTRIG;
-   if (result.character & H_CPU_CHAR_L1D_FLUSH_ORI30)
-   types |= L1D_FLUSH_ORI;
-
-   if ((!(result.behaviour & H_CPU_BEHAV_L1D_FLUSH_PR)) ||
-   (!(result.behaviour & H_CPU_BEHAV_FAVOUR_SECURITY)))
-   enable = false;
-   }
-
/*
 * We're the guest so this doesn't apply to us, clear it to simplify
 * handling of it elsewhere.
 */
security_ftr_clear(SEC_FTR_L1D_FLUSH_HV);
 
+   types = L1D_FLUSH_FALLBACK;
+
+   if (security_ftr_enabled(SEC_FTR_L1D_FLUSH_TRIG2))
+   types |= L1D_FLUSH_MTTRIG;
+
+   if (security_ftr_enabled(SEC_FTR_L1D_FLUSH_ORI30))
+   types |= L1D_FLUSH_ORI;
+
+   enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) && \
+security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR);
+
setup_rfi_flush(types, enable);
 }
 
-- 
2.14.1

[PATCH stable 4.14 v2 15/23] powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()

[Michael Ellerman]

commit 37c0bdd00d3ae83369ab60a6712c28e11e6458d5 upstream.

Now that we have the security flags we can significantly simplify the
code in pnv_setup_rfi_flush(), because we can use the flags instead of
checking device tree properties and because the security flags have
pessimistic defaults.

Signed-off-by: Michael Ellerman 
---
 arch/powerpc/platforms/powernv/setup.c | 41 +-
 1 file changed, 10 insertions(+), 31 deletions(-)

diff --git a/arch/powerpc/platforms/powernv/setup.c 
b/arch/powerpc/platforms/powernv/setup.c
index 4b7f2c00f870..14a24c63e6b0 100644
--- a/arch/powerpc/platforms/powernv/setup.c
+++ b/arch/powerpc/platforms/powernv/setup.c
@@ -65,7 +65,7 @@ static void init_fw_feat_flags(struct device_node *np)
if (fw_feature_is("enabled", "fw-bcctrl-serialized", np))
security_ftr_set(SEC_FTR_BCCTRL_SERIALISED);
 
-   if (fw_feature_is("enabled", "inst-spec-barrier-ori31,31,0", np))
+   if (fw_feature_is("enabled", "inst-l1d-flush-ori30,30,0", np))
security_ftr_set(SEC_FTR_L1D_FLUSH_ORI30);
 
if (fw_feature_is("enabled", "inst-l1d-flush-trig2", np))
@@ -98,11 +98,10 @@ static void pnv_setup_rfi_flush(void)
 {
struct device_node *np, *fw_features;
enum l1d_flush_type type;
-   int enable;
+   bool enable;
 
/* Default to fallback in case fw-features are not available */
type = L1D_FLUSH_FALLBACK;
-   enable = 1;
 
np = of_find_node_by_name(NULL, "ibm,opal");
fw_features = of_get_child_by_name(np, "fw-features");
@@ -110,40 +109,20 @@ static void pnv_setup_rfi_flush(void)
 
if (fw_features) {
init_fw_feat_flags(fw_features);
+   of_node_put(fw_features);
 
-   np = of_get_child_by_name(fw_features, "inst-l1d-flush-trig2");
-   if (np && of_property_read_bool(np, "enabled"))
+   if (security_ftr_enabled(SEC_FTR_L1D_FLUSH_TRIG2))
type = L1D_FLUSH_MTTRIG;
 
-   of_node_put(np);
-
-   np = of_get_child_by_name(fw_features, 
"inst-l1d-flush-ori30,30,0");
-   if (np && of_property_read_bool(np, "enabled"))
+   if (security_ftr_enabled(SEC_FTR_L1D_FLUSH_ORI30))
type = L1D_FLUSH_ORI;
-
-   of_node_put(np);
-
-   /* Enable unless firmware says NOT to */
-   enable = 2;
-   np = of_get_child_by_name(fw_features, 
"needs-l1d-flush-msr-hv-1-to-0");
-   if (np && of_property_read_bool(np, "disabled"))
-   enable--;
-
-   of_node_put(np);
-
-   np = of_get_child_by_name(fw_features, 
"needs-l1d-flush-msr-pr-0-to-1");
-   if (np && of_property_read_bool(np, "disabled"))
-   enable--;
-
-   np = of_get_child_by_name(fw_features, 
"speculation-policy-favor-security");
-   if (np && of_property_read_bool(np, "disabled"))
-   enable = 0;
-
-   of_node_put(np);
-   of_node_put(fw_features);
}
 
-   setup_rfi_flush(type, enable > 0);
+   enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) && \
+(security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR)   || \
+ security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV));
+
+   setup_rfi_flush(type, enable);
 }
 
 static void __init pnv_setup_arch(void)
-- 
2.14.1

[PATCH stable 4.14 v2 14/23] powerpc/64s: Enhance the information in cpu_show_meltdown()

[Michael Ellerman]

commit ff348355e9c72493947be337bb4fae4fc1a41eba upstream.

Now that we have the security feature flags we can make the
information displayed in the "meltdown" file more informative.

Signed-off-by: Michael Ellerman 
---
 arch/powerpc/include/asm/security_features.h |  1 +
 arch/powerpc/kernel/security.c   | 30 ++--
 2 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/arch/powerpc/include/asm/security_features.h 
b/arch/powerpc/include/asm/security_features.h
index db00ad2c72c2..400a9050e035 100644
--- a/arch/powerpc/include/asm/security_features.h
+++ b/arch/powerpc/include/asm/security_features.h
@@ -10,6 +10,7 @@
 
 
 extern unsigned long powerpc_security_features;
+extern bool rfi_flush;
 
 static inline void security_ftr_set(unsigned long feature)
 {
diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
index 564e7f182a16..865db6f8bcca 100644
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -6,6 +6,7 @@
 
 #include 
 #include 
+#include 
 
 #include 
 
@@ -19,8 +20,33 @@ unsigned long powerpc_security_features __read_mostly = \
 
 ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, 
char *buf)
 {
-   if (rfi_flush)
-   return sprintf(buf, "Mitigation: RFI Flush\n");
+   bool thread_priv;
+
+   thread_priv = security_ftr_enabled(SEC_FTR_L1D_THREAD_PRIV);
+
+   if (rfi_flush || thread_priv) {
+   struct seq_buf s;
+   seq_buf_init(, buf, PAGE_SIZE - 1);
+
+   seq_buf_printf(, "Mitigation: ");
+
+   if (rfi_flush)
+   seq_buf_printf(, "RFI Flush");
+
+   if (rfi_flush && thread_priv)
+   seq_buf_printf(, ", ");
+
+   if (thread_priv)
+   seq_buf_printf(, "L1D private per thread");
+
+   seq_buf_printf(, "\n");
+
+   return s.len;
+   }
+
+   if (!security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV) &&
+   !security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR))
+   return sprintf(buf, "Not affected\n");
 
return sprintf(buf, "Vulnerable\n");
 }
-- 
2.14.1

[PATCH stable 4.14 v2 13/23] powerpc/64s: Move cpu_show_meltdown()

[Michael Ellerman]

commit 8ad33041563a10b34988800c682ada14b2612533 upstream.

This landed in setup_64.c for no good reason other than we had nowhere
else to put it. Now that we have a security-related file, that is a
better place for it so move it.

Signed-off-by: Michael Ellerman 
---
 arch/powerpc/kernel/security.c | 11 +++
 arch/powerpc/kernel/setup_64.c |  8 
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
index 4ccba00d224c..564e7f182a16 100644
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -5,6 +5,8 @@
 // Copyright 2018, Michael Ellerman, IBM Corporation.
 
 #include 
+#include 
+
 #include 
 
 
@@ -13,3 +15,12 @@ unsigned long powerpc_security_features __read_mostly = \
SEC_FTR_L1D_FLUSH_PR | \
SEC_FTR_BNDS_CHK_SPEC_BAR | \
SEC_FTR_FAVOUR_SECURITY;
+
+
+ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, 
char *buf)
+{
+   if (rfi_flush)
+   return sprintf(buf, "Mitigation: RFI Flush\n");
+
+   return sprintf(buf, "Vulnerable\n");
+}
diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c
index da12b54cbe5c..1146174f45c5 100644
--- a/arch/powerpc/kernel/setup_64.c
+++ b/arch/powerpc/kernel/setup_64.c
@@ -910,12 +910,4 @@ static __init int rfi_flush_debugfs_init(void)
 }
 device_initcall(rfi_flush_debugfs_init);
 #endif
-
-ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, 
char *buf)
-{
-   if (rfi_flush)
-   return sprintf(buf, "Mitigation: RFI Flush\n");
-
-   return sprintf(buf, "Vulnerable\n");
-}
 #endif /* CONFIG_PPC_BOOK3S_64 */
-- 
2.14.1

[PATCH stable 4.14 v2 12/23] powerpc/powernv: Set or clear security feature flags

[Michael Ellerman]

commit 77addf6e95c8689e478d607176b399a6242a777e upstream.

Now that we have feature flags for security related things, set or
clear them based on what we see in the device tree provided by
firmware.

Signed-off-by: Michael Ellerman 
---
 arch/powerpc/platforms/powernv/setup.c | 56 ++
 1 file changed, 56 insertions(+)

diff --git a/arch/powerpc/platforms/powernv/setup.c 
b/arch/powerpc/platforms/powernv/setup.c
index 37a7f5ef00b7..4b7f2c00f870 100644
--- a/arch/powerpc/platforms/powernv/setup.c
+++ b/arch/powerpc/platforms/powernv/setup.c
@@ -37,9 +37,63 @@
 #include 
 #include 
 #include 
+#include 
 
 #include "powernv.h"
 
+
+static bool fw_feature_is(const char *state, const char *name,
+ struct device_node *fw_features)
+{
+   struct device_node *np;
+   bool rc = false;
+
+   np = of_get_child_by_name(fw_features, name);
+   if (np) {
+   rc = of_property_read_bool(np, state);
+   of_node_put(np);
+   }
+
+   return rc;
+}
+
+static void init_fw_feat_flags(struct device_node *np)
+{
+   if (fw_feature_is("enabled", "inst-spec-barrier-ori31,31,0", np))
+   security_ftr_set(SEC_FTR_SPEC_BAR_ORI31);
+
+   if (fw_feature_is("enabled", "fw-bcctrl-serialized", np))
+   security_ftr_set(SEC_FTR_BCCTRL_SERIALISED);
+
+   if (fw_feature_is("enabled", "inst-spec-barrier-ori31,31,0", np))
+   security_ftr_set(SEC_FTR_L1D_FLUSH_ORI30);
+
+   if (fw_feature_is("enabled", "inst-l1d-flush-trig2", np))
+   security_ftr_set(SEC_FTR_L1D_FLUSH_TRIG2);
+
+   if (fw_feature_is("enabled", "fw-l1d-thread-split", np))
+   security_ftr_set(SEC_FTR_L1D_THREAD_PRIV);
+
+   if (fw_feature_is("enabled", "fw-count-cache-disabled", np))
+   security_ftr_set(SEC_FTR_COUNT_CACHE_DISABLED);
+
+   /*
+* The features below are enabled by default, so we instead look to see
+* if firmware has *disabled* them, and clear them if so.
+*/
+   if (fw_feature_is("disabled", "speculation-policy-favor-security", np))
+   security_ftr_clear(SEC_FTR_FAVOUR_SECURITY);
+
+   if (fw_feature_is("disabled", "needs-l1d-flush-msr-pr-0-to-1", np))
+   security_ftr_clear(SEC_FTR_L1D_FLUSH_PR);
+
+   if (fw_feature_is("disabled", "needs-l1d-flush-msr-hv-1-to-0", np))
+   security_ftr_clear(SEC_FTR_L1D_FLUSH_HV);
+
+   if (fw_feature_is("disabled", "needs-spec-barrier-for-bound-checks", 
np))
+   security_ftr_clear(SEC_FTR_BNDS_CHK_SPEC_BAR);
+}
+
 static void pnv_setup_rfi_flush(void)
 {
struct device_node *np, *fw_features;
@@ -55,6 +109,8 @@ static void pnv_setup_rfi_flush(void)
of_node_put(np);
 
if (fw_features) {
+   init_fw_feat_flags(fw_features);
+
np = of_get_child_by_name(fw_features, "inst-l1d-flush-trig2");
if (np && of_property_read_bool(np, "enabled"))
type = L1D_FLUSH_MTTRIG;
-- 
2.14.1

[PATCH stable 4.14 v2 11/23] powerpc/pseries: Set or clear security feature flags

[Michael Ellerman]

commit f636c14790ead6cc22cf62279b1f8d7e11a67116 upstream.

Now that we have feature flags for security related things, set or
clear them based on what we receive from the hypercall.

Signed-off-by: Michael Ellerman 
---
 arch/powerpc/platforms/pseries/setup.c | 43 ++
 1 file changed, 43 insertions(+)

diff --git a/arch/powerpc/platforms/pseries/setup.c 
b/arch/powerpc/platforms/pseries/setup.c
index b2d99b384089..65b157a35161 100644
--- a/arch/powerpc/platforms/pseries/setup.c
+++ b/arch/powerpc/platforms/pseries/setup.c
@@ -68,6 +68,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include "pseries.h"
 
@@ -459,6 +460,40 @@ static void __init find_and_init_phbs(void)
of_pci_check_probe_only();
 }
 
+static void init_cpu_char_feature_flags(struct h_cpu_char_result *result)
+{
+   if (result->character & H_CPU_CHAR_SPEC_BAR_ORI31)
+   security_ftr_set(SEC_FTR_SPEC_BAR_ORI31);
+
+   if (result->character & H_CPU_CHAR_BCCTRL_SERIALISED)
+   security_ftr_set(SEC_FTR_BCCTRL_SERIALISED);
+
+   if (result->character & H_CPU_CHAR_L1D_FLUSH_ORI30)
+   security_ftr_set(SEC_FTR_L1D_FLUSH_ORI30);
+
+   if (result->character & H_CPU_CHAR_L1D_FLUSH_TRIG2)
+   security_ftr_set(SEC_FTR_L1D_FLUSH_TRIG2);
+
+   if (result->character & H_CPU_CHAR_L1D_THREAD_PRIV)
+   security_ftr_set(SEC_FTR_L1D_THREAD_PRIV);
+
+   if (result->character & H_CPU_CHAR_COUNT_CACHE_DISABLED)
+   security_ftr_set(SEC_FTR_COUNT_CACHE_DISABLED);
+
+   /*
+* The features below are enabled by default, so we instead look to see
+* if firmware has *disabled* them, and clear them if so.
+*/
+   if (!(result->character & H_CPU_BEHAV_FAVOUR_SECURITY))
+   security_ftr_clear(SEC_FTR_FAVOUR_SECURITY);
+
+   if (!(result->character & H_CPU_BEHAV_L1D_FLUSH_PR))
+   security_ftr_clear(SEC_FTR_L1D_FLUSH_PR);
+
+   if (!(result->character & H_CPU_BEHAV_BNDS_CHK_SPEC_BAR))
+   security_ftr_clear(SEC_FTR_BNDS_CHK_SPEC_BAR);
+}
+
 void pseries_setup_rfi_flush(void)
 {
struct h_cpu_char_result result;
@@ -472,6 +507,8 @@ void pseries_setup_rfi_flush(void)
 
rc = plpar_get_cpu_characteristics();
if (rc == H_SUCCESS) {
+   init_cpu_char_feature_flags();
+
if (result.character & H_CPU_CHAR_L1D_FLUSH_TRIG2)
types |= L1D_FLUSH_MTTRIG;
if (result.character & H_CPU_CHAR_L1D_FLUSH_ORI30)
@@ -482,6 +519,12 @@ void pseries_setup_rfi_flush(void)
enable = false;
}
 
+   /*
+* We're the guest so this doesn't apply to us, clear it to simplify
+* handling of it elsewhere.
+*/
+   security_ftr_clear(SEC_FTR_L1D_FLUSH_HV);
+
setup_rfi_flush(types, enable);
 }
 
-- 
2.14.1

[PATCH stable 4.14 v2 10/23] powerpc: Add security feature flags for Spectre/Meltdown

[Michael Ellerman]

commit 9a868f634349e62922c226834aa23e3d1329ae7f upstream.

This commit adds security feature flags to reflect the settings we
receive from firmware regarding Spectre/Meltdown mitigations.

The feature names reflect the names we are given by firmware on bare
metal machines. See the hostboot source for details.

Arguably these could be firmware features, but that then requires them
to be read early in boot so they're available prior to asm feature
patching, but we don't actually want to use them for patching. We may
also want to dynamically update them in future, which would be
incompatible with the way firmware features work (at the moment at
least). So for now just make them separate flags.

Signed-off-by: Michael Ellerman 
---
 arch/powerpc/include/asm/security_features.h | 65 
 arch/powerpc/kernel/Makefile |  2 +-
 arch/powerpc/kernel/security.c   | 15 +++
 3 files changed, 81 insertions(+), 1 deletion(-)
 create mode 100644 arch/powerpc/include/asm/security_features.h
 create mode 100644 arch/powerpc/kernel/security.c

diff --git a/arch/powerpc/include/asm/security_features.h 
b/arch/powerpc/include/asm/security_features.h
new file mode 100644
index ..db00ad2c72c2
--- /dev/null
+++ b/arch/powerpc/include/asm/security_features.h
@@ -0,0 +1,65 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Security related feature bit definitions.
+ *
+ * Copyright 2018, Michael Ellerman, IBM Corporation.
+ */
+
+#ifndef _ASM_POWERPC_SECURITY_FEATURES_H
+#define _ASM_POWERPC_SECURITY_FEATURES_H
+
+
+extern unsigned long powerpc_security_features;
+
+static inline void security_ftr_set(unsigned long feature)
+{
+   powerpc_security_features |= feature;
+}
+
+static inline void security_ftr_clear(unsigned long feature)
+{
+   powerpc_security_features &= ~feature;
+}
+
+static inline bool security_ftr_enabled(unsigned long feature)
+{
+   return !!(powerpc_security_features & feature);
+}
+
+
+// Features indicating support for Spectre/Meltdown mitigations
+
+// The L1-D cache can be flushed with ori r30,r30,0
+#define SEC_FTR_L1D_FLUSH_ORI300x0001ull
+
+// The L1-D cache can be flushed with mtspr 882,r0 (aka SPRN_TRIG2)
+#define SEC_FTR_L1D_FLUSH_TRIG20x0002ull
+
+// ori r31,r31,0 acts as a speculation barrier
+#define SEC_FTR_SPEC_BAR_ORI31 0x0004ull
+
+// Speculation past bctr is disabled
+#define SEC_FTR_BCCTRL_SERIALISED  0x0008ull
+
+// Entries in L1-D are private to a SMT thread
+#define SEC_FTR_L1D_THREAD_PRIV0x0010ull
+
+// Indirect branch prediction cache disabled
+#define SEC_FTR_COUNT_CACHE_DISABLED   0x0020ull
+
+
+// Features indicating need for Spectre/Meltdown mitigations
+
+// The L1-D cache should be flushed on MSR[HV] 1->0 transition (hypervisor to 
guest)
+#define SEC_FTR_L1D_FLUSH_HV   0x0040ull
+
+// The L1-D cache should be flushed on MSR[PR] 0->1 transition (kernel to 
userspace)
+#define SEC_FTR_L1D_FLUSH_PR   0x0080ull
+
+// A speculation barrier should be used for bounds checks (Spectre variant 1)
+#define SEC_FTR_BNDS_CHK_SPEC_BAR  0x0100ull
+
+// Firmware configuration indicates user favours security over performance
+#define SEC_FTR_FAVOUR_SECURITY0x0200ull
+
+#endif /* _ASM_POWERPC_SECURITY_FEATURES_H */
diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile
index 6c6cce937dd8..1479c61e29c5 100644
--- a/arch/powerpc/kernel/Makefile
+++ b/arch/powerpc/kernel/Makefile
@@ -42,7 +42,7 @@ obj-$(CONFIG_VDSO32)  += vdso32/
 obj-$(CONFIG_PPC_WATCHDOG) += watchdog.o
 obj-$(CONFIG_HAVE_HW_BREAKPOINT)   += hw_breakpoint.o
 obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_ppc970.o cpu_setup_pa6t.o
-obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o
+obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o security.o
 obj-$(CONFIG_PPC_BOOK3S_64)+= mce.o mce_power.o
 obj-$(CONFIG_PPC_BOOK3E_64)+= exceptions-64e.o idle_book3e.o
 obj-$(CONFIG_PPC64)+= vdso64/
diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
new file mode 100644
index ..4ccba00d224c
--- /dev/null
+++ b/arch/powerpc/kernel/security.c
@@ -0,0 +1,15 @@
+// SPDX-License-Identifier: GPL-2.0+
+//
+// Security related flags and so on.
+//
+// Copyright 2018, Michael Ellerman, IBM Corporation.
+
+#include 
+#include 
+
+
+unsigned long powerpc_security_features __read_mostly = \
+   SEC_FTR_L1D_FLUSH_HV | \
+   SEC_FTR_L1D_FLUSH_PR | \
+   SEC_FTR_BNDS_CHK_SPEC_BAR | \
+   SEC_FTR_FAVOUR_SECURITY;
-- 
2.14.1

[PATCH stable 4.14 v2 09/23] powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags

[Michael Ellerman]

commit c4bc36628d7f8b664657d8bd6ad1c44c177880b7 upstream.

Add some additional values which have been defined for the
H_GET_CPU_CHARACTERISTICS hypercall.

Signed-off-by: Michael Ellerman 
---
 arch/powerpc/include/asm/hvcall.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/arch/powerpc/include/asm/hvcall.h 
b/arch/powerpc/include/asm/hvcall.h
index eca3f9c68907..5a740feb7bd7 100644
--- a/arch/powerpc/include/asm/hvcall.h
+++ b/arch/powerpc/include/asm/hvcall.h
@@ -337,6 +337,9 @@
 #define H_CPU_CHAR_L1D_FLUSH_ORI30 (1ull << 61) // IBM bit 2
 #define H_CPU_CHAR_L1D_FLUSH_TRIG2 (1ull << 60) // IBM bit 3
 #define H_CPU_CHAR_L1D_THREAD_PRIV (1ull << 59) // IBM bit 4
+#define H_CPU_CHAR_BRANCH_HINTS_HONORED(1ull << 58) // IBM bit 5
+#define H_CPU_CHAR_THREAD_RECONFIG_CTRL(1ull << 57) // IBM bit 6
+#define H_CPU_CHAR_COUNT_CACHE_DISABLED(1ull << 56) // IBM bit 7
 
 #define H_CPU_BEHAV_FAVOUR_SECURITY(1ull << 63) // IBM bit 0
 #define H_CPU_BEHAV_L1D_FLUSH_PR   (1ull << 62) // IBM bit 1
-- 
2.14.1

[PATCH stable 4.14 v2 08/23] powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration

[Michael Ellerman]

commit 921bc6cf807ceb2ab8005319cf39f33494d6b100 upstream.

We might have migrated to a machine that uses a different flush type,
or doesn't need flushing at all.

Signed-off-by: Michael Ellerman 
Signed-off-by: Mauricio Faria de Oliveira 
Signed-off-by: Michael Ellerman 
---
 arch/powerpc/platforms/pseries/mobility.c | 3 +++
 arch/powerpc/platforms/pseries/pseries.h  | 2 ++
 arch/powerpc/platforms/pseries/setup.c| 2 +-
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/arch/powerpc/platforms/pseries/mobility.c 
b/arch/powerpc/platforms/pseries/mobility.c
index f7042ad492ba..fbea7db043fa 100644
--- a/arch/powerpc/platforms/pseries/mobility.c
+++ b/arch/powerpc/platforms/pseries/mobility.c
@@ -348,6 +348,9 @@ void post_mobility_fixup(void)
printk(KERN_ERR "Post-mobility device tree update "
"failed: %d\n", rc);
 
+   /* Possibly switch to a new RFI flush type */
+   pseries_setup_rfi_flush();
+
return;
 }
 
diff --git a/arch/powerpc/platforms/pseries/pseries.h 
b/arch/powerpc/platforms/pseries/pseries.h
index 1ae1d9f4dbe9..27cdcb69fd18 100644
--- a/arch/powerpc/platforms/pseries/pseries.h
+++ b/arch/powerpc/platforms/pseries/pseries.h
@@ -100,4 +100,6 @@ static inline unsigned long cmo_get_page_size(void)
 
 int dlpar_workqueue_init(void);
 
+void pseries_setup_rfi_flush(void);
+
 #endif /* _PSERIES_PSERIES_H */
diff --git a/arch/powerpc/platforms/pseries/setup.c 
b/arch/powerpc/platforms/pseries/setup.c
index 2708ddab209b..b2d99b384089 100644
--- a/arch/powerpc/platforms/pseries/setup.c
+++ b/arch/powerpc/platforms/pseries/setup.c
@@ -459,7 +459,7 @@ static void __init find_and_init_phbs(void)
of_pci_check_probe_only();
 }
 
-static void pseries_setup_rfi_flush(void)
+void pseries_setup_rfi_flush(void)
 {
struct h_cpu_char_result result;
enum l1d_flush_type types;
-- 
2.14.1

[PATCH stable 4.14 v2 07/23] powerpc/rfi-flush: Differentiate enabled and patched flush types

[Michael Ellerman]

From: Mauricio Faria de Oliveira 

commit 0063d61ccfc011f379a31acaeba6de7c926fed2c upstream.

Currently the rfi-flush messages print 'Using  flush' for all
enabled_flush_types, but that is not necessarily true -- as now the
fallback flush is always enabled on pseries, but the fixup function
overwrites its nop/branch slot with other flush types, if available.

So, replace the 'Using  flush' messages with ' flush is
available'.

Also, print the patched flush types in the fixup function, so users
can know what is (not) being used (e.g., the slower, fallback flush,
or no flush type at all if flush is disabled via the debugfs switch).

Suggested-by: Michael Ellerman 
Signed-off-by: Mauricio Faria de Oliveira 
Signed-off-by: Michael Ellerman 
---
 arch/powerpc/kernel/setup_64.c| 6 +++---
 arch/powerpc/lib/feature-fixups.c | 9 -
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c
index ace6a10a242f..da12b54cbe5c 100644
--- a/arch/powerpc/kernel/setup_64.c
+++ b/arch/powerpc/kernel/setup_64.c
@@ -860,15 +860,15 @@ static void init_fallback_flush(void)
 void setup_rfi_flush(enum l1d_flush_type types, bool enable)
 {
if (types & L1D_FLUSH_FALLBACK) {
-   pr_info("rfi-flush: Using fallback displacement flush\n");
+   pr_info("rfi-flush: fallback displacement flush available\n");
init_fallback_flush();
}
 
if (types & L1D_FLUSH_ORI)
-   pr_info("rfi-flush: Using ori type flush\n");
+   pr_info("rfi-flush: ori type flush available\n");
 
if (types & L1D_FLUSH_MTTRIG)
-   pr_info("rfi-flush: Using mttrig type flush\n");
+   pr_info("rfi-flush: mttrig type flush available\n");
 
enabled_flush_types = types;
 
diff --git a/arch/powerpc/lib/feature-fixups.c 
b/arch/powerpc/lib/feature-fixups.c
index d0c0b8443dcf..8ac72f7d638f 100644
--- a/arch/powerpc/lib/feature-fixups.c
+++ b/arch/powerpc/lib/feature-fixups.c
@@ -153,7 +153,14 @@ void do_rfi_flush_fixups(enum l1d_flush_type types)
patch_instruction(dest + 2, instrs[2]);
}
 
-   printk(KERN_DEBUG "rfi-flush: patched %d locations\n", i);
+   printk(KERN_DEBUG "rfi-flush: patched %d locations (%s flush)\n", i,
+   (types == L1D_FLUSH_NONE)   ? "no" :
+   (types == L1D_FLUSH_FALLBACK)   ? "fallback displacement" :
+   (types &  L1D_FLUSH_ORI)? (types & L1D_FLUSH_MTTRIG)
+   ? "ori+mttrig type"
+   : "ori type" :
+   (types &  L1D_FLUSH_MTTRIG) ? "mttrig type"
+   : "unknown");
 }
 #endif /* CONFIG_PPC_BOOK3S_64 */
 
-- 
2.14.1

[PATCH stable 4.14 v2 06/23] powerpc/rfi-flush: Always enable fallback flush on pseries

[Michael Ellerman]

commit 84749a58b6e382f109abf1e734bc4dd43c2c25bb upstream.

This ensures the fallback flush area is always allocated on pseries,
so in case a LPAR is migrated from a patched to an unpatched system,
it is possible to enable the fallback flush in the target system.

Signed-off-by: Michael Ellerman 
Signed-off-by: Mauricio Faria de Oliveira 
Signed-off-by: Michael Ellerman 
---
 arch/powerpc/platforms/pseries/setup.c | 10 +-
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/arch/powerpc/platforms/pseries/setup.c 
b/arch/powerpc/platforms/pseries/setup.c
index 84e753b5..2708ddab209b 100644
--- a/arch/powerpc/platforms/pseries/setup.c
+++ b/arch/powerpc/platforms/pseries/setup.c
@@ -468,26 +468,18 @@ static void pseries_setup_rfi_flush(void)
 
/* Enable by default */
enable = true;
+   types = L1D_FLUSH_FALLBACK;
 
rc = plpar_get_cpu_characteristics();
if (rc == H_SUCCESS) {
-   types = L1D_FLUSH_NONE;
-
if (result.character & H_CPU_CHAR_L1D_FLUSH_TRIG2)
types |= L1D_FLUSH_MTTRIG;
if (result.character & H_CPU_CHAR_L1D_FLUSH_ORI30)
types |= L1D_FLUSH_ORI;
 
-   /* Use fallback if nothing set in hcall */
-   if (types == L1D_FLUSH_NONE)
-   types = L1D_FLUSH_FALLBACK;
-
if ((!(result.behaviour & H_CPU_BEHAV_L1D_FLUSH_PR)) ||
(!(result.behaviour & H_CPU_BEHAV_FAVOUR_SECURITY)))
enable = false;
-   } else {
-   /* Default to fallback if case hcall is not available */
-   types = L1D_FLUSH_FALLBACK;
}
 
setup_rfi_flush(types, enable);
-- 
2.14.1

[PATCH stable 4.14 v2 05/23] powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again

[Michael Ellerman]

commit abf110f3e1cea40f5ea15e85f5d67c39c14568a7 upstream.

For PowerVM migration we want to be able to call setup_rfi_flush()
again after we've migrated the partition.

To support that we need to check that we're not trying to allocate the
fallback flush area after memblock has gone away (i.e., boot-time only).

Signed-off-by: Michael Ellerman 
Signed-off-by: Mauricio Faria de Oliveira 
Signed-off-by: Michael Ellerman 
---
 arch/powerpc/include/asm/setup.h | 2 +-
 arch/powerpc/kernel/setup_64.c   | 6 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/arch/powerpc/include/asm/setup.h b/arch/powerpc/include/asm/setup.h
index 469b7fdc9be4..bbcdf929be54 100644
--- a/arch/powerpc/include/asm/setup.h
+++ b/arch/powerpc/include/asm/setup.h
@@ -49,7 +49,7 @@ enum l1d_flush_type {
L1D_FLUSH_MTTRIG= 0x8,
 };
 
-void __init setup_rfi_flush(enum l1d_flush_type, bool enable);
+void setup_rfi_flush(enum l1d_flush_type, bool enable);
 void do_rfi_flush_fixups(enum l1d_flush_type types);
 
 #endif /* !__ASSEMBLY__ */
diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c
index cbb3fb1820ce..ace6a10a242f 100644
--- a/arch/powerpc/kernel/setup_64.c
+++ b/arch/powerpc/kernel/setup_64.c
@@ -836,6 +836,10 @@ static void init_fallback_flush(void)
u64 l1d_size, limit;
int cpu;
 
+   /* Only allocate the fallback flush area once (at boot time). */
+   if (l1d_flush_fallback_area)
+   return;
+
l1d_size = ppc64_caches.l1d.size;
limit = min(safe_stack_limit(), ppc64_rma_size);
 
@@ -853,7 +857,7 @@ static void init_fallback_flush(void)
}
 }
 
-void __init setup_rfi_flush(enum l1d_flush_type types, bool enable)
+void setup_rfi_flush(enum l1d_flush_type types, bool enable)
 {
if (types & L1D_FLUSH_FALLBACK) {
pr_info("rfi-flush: Using fallback displacement flush\n");
-- 
2.14.1

[PATCH stable 4.14 v2 04/23] powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code

[Michael Ellerman]

commit 1e2a9fc7496955faacbbed49461d611b704a7505 upstream.

rfi_flush_enable() includes a check to see if we're already
enabled (or disabled), and in that case does nothing.

But that means calling setup_rfi_flush() a 2nd time doesn't actually
work, which is a bit confusing.

Move that check into the debugfs code, where it really belongs.

Signed-off-by: Michael Ellerman 
Signed-off-by: Mauricio Faria de Oliveira 
Signed-off-by: Michael Ellerman 
---
 arch/powerpc/kernel/setup_64.c | 13 -
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c
index 333c64a794eb..cbb3fb1820ce 100644
--- a/arch/powerpc/kernel/setup_64.c
+++ b/arch/powerpc/kernel/setup_64.c
@@ -822,9 +822,6 @@ static void do_nothing(void *unused)
 
 void rfi_flush_enable(bool enable)
 {
-   if (rfi_flush == enable)
-   return;
-
if (enable) {
do_rfi_flush_fixups(enabled_flush_types);
on_each_cpu(do_nothing, NULL, 1);
@@ -878,13 +875,19 @@ void __init setup_rfi_flush(enum l1d_flush_type types, 
bool enable)
 #ifdef CONFIG_DEBUG_FS
 static int rfi_flush_set(void *data, u64 val)
 {
+   bool enable;
+
if (val == 1)
-   rfi_flush_enable(true);
+   enable = true;
else if (val == 0)
-   rfi_flush_enable(false);
+   enable = false;
else
return -EINVAL;
 
+   /* Only do anything if we're changing state */
+   if (enable != rfi_flush)
+   rfi_flush_enable(enable);
+
return 0;
 }
 
-- 
2.14.1

[PATCH stable 4.14 v2 03/23] powerpc/powernv: Support firmware disable of RFI flush

[Michael Ellerman]

commit eb0a2d2620ae431c543963c8c7f08f597366fc60 upstream.

Some versions of firmware will have a setting that can be configured
to disable the RFI flush, add support for it.

Fixes: 6e032b350cd1 ("powerpc/powernv: Check device-tree for RFI flush 
settings")
Signed-off-by: Michael Ellerman 
---
 arch/powerpc/platforms/powernv/setup.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/arch/powerpc/platforms/powernv/setup.c 
b/arch/powerpc/platforms/powernv/setup.c
index 7966a314d93a..37a7f5ef00b7 100644
--- a/arch/powerpc/platforms/powernv/setup.c
+++ b/arch/powerpc/platforms/powernv/setup.c
@@ -79,6 +79,10 @@ static void pnv_setup_rfi_flush(void)
if (np && of_property_read_bool(np, "disabled"))
enable--;
 
+   np = of_get_child_by_name(fw_features, 
"speculation-policy-favor-security");
+   if (np && of_property_read_bool(np, "disabled"))
+   enable = 0;
+
of_node_put(np);
of_node_put(fw_features);
}
-- 
2.14.1

[PATCH stable 4.14 v2 02/23] powerpc/pseries: Support firmware disable of RFI flush

[Michael Ellerman]

commit 582605a429e20ae68fd0b041b2e840af296edd08 upstream.

Some versions of firmware will have a setting that can be configured
to disable the RFI flush, add support for it.

Fixes: 8989d56878a7 ("powerpc/pseries: Query hypervisor for RFI flush settings")
Signed-off-by: Michael Ellerman 
---
 arch/powerpc/platforms/pseries/setup.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/powerpc/platforms/pseries/setup.c 
b/arch/powerpc/platforms/pseries/setup.c
index ae4f596273b5..84e753b5 100644
--- a/arch/powerpc/platforms/pseries/setup.c
+++ b/arch/powerpc/platforms/pseries/setup.c
@@ -482,7 +482,8 @@ static void pseries_setup_rfi_flush(void)
if (types == L1D_FLUSH_NONE)
types = L1D_FLUSH_FALLBACK;
 
-   if (!(result.behaviour & H_CPU_BEHAV_L1D_FLUSH_PR))
+   if ((!(result.behaviour & H_CPU_BEHAV_L1D_FLUSH_PR)) ||
+   (!(result.behaviour & H_CPU_BEHAV_FAVOUR_SECURITY)))
enable = false;
} else {
/* Default to fallback if case hcall is not available */
-- 
2.14.1

[PATCH stable 4.14 v2 01/23] powerpc/64s: Improve RFI L1-D cache flush fallback

[Michael Ellerman]

From: Nicholas Piggin 

commit bdcb1aefc5b3f7d0f1dc8b02673602bca2ff7a4b upstream.

The fallback RFI flush is used when firmware does not provide a way
to flush the cache. It's a "displacement flush" that evicts useful
data by displacing it with an uninteresting buffer.

The flush has to take care to work with implementation specific cache
replacment policies, so the recipe has been in flux. The initial
slow but conservative approach is to touch all lines of a congruence
class, with dependencies between each load. It has since been
determined that a linear pattern of loads without dependencies is
sufficient, and is significantly faster.

Measuring the speed of a null syscall with RFI fallback flush enabled
gives the relative improvement:

P8 - 1.83x
P9 - 1.75x

The flush also becomes simpler and more adaptable to different cache
geometries.

Signed-off-by: Nicholas Piggin 
Signed-off-by: Michael Ellerman 
---
 arch/powerpc/include/asm/paca.h  |  3 +-
 arch/powerpc/kernel/asm-offsets.c|  3 +-
 arch/powerpc/kernel/exceptions-64s.S | 76 +---
 arch/powerpc/kernel/setup_64.c   | 13 +-
 arch/powerpc/xmon/xmon.c |  2 +
 5 files changed, 41 insertions(+), 56 deletions(-)

diff --git a/arch/powerpc/include/asm/paca.h b/arch/powerpc/include/asm/paca.h
index b8366df50d19..e6bd59353e40 100644
--- a/arch/powerpc/include/asm/paca.h
+++ b/arch/powerpc/include/asm/paca.h
@@ -238,8 +238,7 @@ struct paca_struct {
 */
u64 exrfi[EX_SIZE] __aligned(0x80);
void *rfi_flush_fallback_area;
-   u64 l1d_flush_congruence;
-   u64 l1d_flush_sets;
+   u64 l1d_flush_size;
 #endif
 };
 
diff --git a/arch/powerpc/kernel/asm-offsets.c 
b/arch/powerpc/kernel/asm-offsets.c
index 748cdc4bb89a..2e5ea300258a 100644
--- a/arch/powerpc/kernel/asm-offsets.c
+++ b/arch/powerpc/kernel/asm-offsets.c
@@ -239,8 +239,7 @@ int main(void)
OFFSET(PACA_IN_NMI, paca_struct, in_nmi);
OFFSET(PACA_RFI_FLUSH_FALLBACK_AREA, paca_struct, 
rfi_flush_fallback_area);
OFFSET(PACA_EXRFI, paca_struct, exrfi);
-   OFFSET(PACA_L1D_FLUSH_CONGRUENCE, paca_struct, l1d_flush_congruence);
-   OFFSET(PACA_L1D_FLUSH_SETS, paca_struct, l1d_flush_sets);
+   OFFSET(PACA_L1D_FLUSH_SIZE, paca_struct, l1d_flush_size);
 
 #endif
OFFSET(PACAHWCPUID, paca_struct, hw_cpu_id);
diff --git a/arch/powerpc/kernel/exceptions-64s.S 
b/arch/powerpc/kernel/exceptions-64s.S
index f9ca4bb3d48e..feba0a8d040e 100644
--- a/arch/powerpc/kernel/exceptions-64s.S
+++ b/arch/powerpc/kernel/exceptions-64s.S
@@ -1440,39 +1440,37 @@ TRAMP_REAL_BEGIN(rfi_flush_fallback)
std r9,PACA_EXRFI+EX_R9(r13)
std r10,PACA_EXRFI+EX_R10(r13)
std r11,PACA_EXRFI+EX_R11(r13)
-   std r12,PACA_EXRFI+EX_R12(r13)
-   std r8,PACA_EXRFI+EX_R13(r13)
mfctr   r9
ld  r10,PACA_RFI_FLUSH_FALLBACK_AREA(r13)
-   ld  r11,PACA_L1D_FLUSH_SETS(r13)
-   ld  r12,PACA_L1D_FLUSH_CONGRUENCE(r13)
-   /*
-* The load adresses are at staggered offsets within cachelines,
-* which suits some pipelines better (on others it should not
-* hurt).
-*/
-   addir12,r12,8
+   ld  r11,PACA_L1D_FLUSH_SIZE(r13)
+   srdir11,r11,(7 + 3) /* 128 byte lines, unrolled 8x */
mtctr   r11
DCBT_STOP_ALL_STREAM_IDS(r11) /* Stop prefetch streams */
 
/* order ld/st prior to dcbt stop all streams with flushing */
sync
-1: li  r8,0
-   .rept   8 /* 8-way set associative */
-   ldx r11,r10,r8
-   add r8,r8,r12
-   xor r11,r11,r11 // Ensure r11 is 0 even if fallback area is not
-   add r8,r8,r11   // Add 0, this creates a dependency on the ldx
-   .endr
-   addir10,r10,128 /* 128 byte cache line */
+
+   /*
+* The load adresses are at staggered offsets within cachelines,
+* which suits some pipelines better (on others it should not
+* hurt).
+*/
+1:
+   ld  r11,(0x80 + 8)*0(r10)
+   ld  r11,(0x80 + 8)*1(r10)
+   ld  r11,(0x80 + 8)*2(r10)
+   ld  r11,(0x80 + 8)*3(r10)
+   ld  r11,(0x80 + 8)*4(r10)
+   ld  r11,(0x80 + 8)*5(r10)
+   ld  r11,(0x80 + 8)*6(r10)
+   ld  r11,(0x80 + 8)*7(r10)
+   addir10,r10,0x80*8
bdnz1b
 
mtctr   r9
ld  r9,PACA_EXRFI+EX_R9(r13)
ld  r10,PACA_EXRFI+EX_R10(r13)
ld  r11,PACA_EXRFI+EX_R11(r13)
-   ld  r12,PACA_EXRFI+EX_R12(r13)
-   ld  r8,PACA_EXRFI+EX_R13(r13)
GET_SCRATCH0(r13);
rfid
 
@@ -1482,39 +1480,37 @@ TRAMP_REAL_BEGIN(hrfi_flush_fallback)
std r9,PACA_EXRFI+EX_R9(r13)
std r10,PACA_EXRFI+EX_R10(r13)
std r11,PACA_EXRFI+EX_R11(r13)
-   std r12,PACA_EXRFI+EX_R12(r13)
-   std 

[PATCH stable 4.14 v2 00/23] powerpc backports for 4.14

[Michael Ellerman]

Hi Greg,

Please queue up this series of patches for 4.14 if you have no objections.

cheers

v2: Fixed up upstream commit markings.

Mauricio Faria de Oliveira (4):
  powerpc/rfi-flush: Differentiate enabled and patched flush types
  powerpc/pseries: Fix clearing of security feature flags
  powerpc: Move default security feature flags
  powerpc/pseries: Restore default security feature flags on setup

Michael Ellerman (17):
  powerpc/pseries: Support firmware disable of RFI flush
  powerpc/powernv: Support firmware disable of RFI flush
  powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs
code
  powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
  powerpc/rfi-flush: Always enable fallback flush on pseries
  powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
  powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
  powerpc: Add security feature flags for Spectre/Meltdown
  powerpc/pseries: Set or clear security feature flags
  powerpc/powernv: Set or clear security feature flags
  powerpc/64s: Move cpu_show_meltdown()
  powerpc/64s: Enhance the information in cpu_show_meltdown()
  powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
  powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
  powerpc/64s: Wire up cpu_show_spectre_v1()
  powerpc/64s: Wire up cpu_show_spectre_v2()
  powerpc/64s: Fix section mismatch warnings from setup_rfi_flush()

Nicholas Piggin (2):
  powerpc/64s: Improve RFI L1-D cache flush fallback
  powerpc/64s: Add support for a store forwarding barrier at kernel
entry/exit

 arch/powerpc/include/asm/exception-64s.h |  29 
 arch/powerpc/include/asm/feature-fixups.h|  19 +++
 arch/powerpc/include/asm/hvcall.h|   3 +
 arch/powerpc/include/asm/paca.h  |   3 +-
 arch/powerpc/include/asm/security_features.h |  85 ++
 arch/powerpc/include/asm/setup.h |   2 +-
 arch/powerpc/kernel/Makefile |   2 +-
 arch/powerpc/kernel/asm-offsets.c|   3 +-
 arch/powerpc/kernel/exceptions-64s.S |  95 ++-
 arch/powerpc/kernel/security.c   | 237 +++
 arch/powerpc/kernel/setup_64.c   |  48 ++
 arch/powerpc/kernel/vmlinux.lds.S|  14 ++
 arch/powerpc/lib/feature-fixups.c| 124 +-
 arch/powerpc/platforms/powernv/setup.c   |  92 ---
 arch/powerpc/platforms/pseries/mobility.c|   3 +
 arch/powerpc/platforms/pseries/pseries.h |   2 +
 arch/powerpc/platforms/pseries/setup.c   |  81 +++--
 arch/powerpc/xmon/xmon.c |   2 +
 18 files changed, 721 insertions(+), 123 deletions(-)
 create mode 100644 arch/powerpc/include/asm/security_features.h
 create mode 100644 arch/powerpc/kernel/security.c

-- 
2.14.1

Re: [RFC V2] virtio: Add platform specific DMA API translation for virito devices

[Michael S. Tsirkin]

On Thu, May 24, 2018 at 08:27:04AM +1000, Benjamin Herrenschmidt wrote:
> On Wed, 2018-05-23 at 21:50 +0300, Michael S. Tsirkin wrote:
> 
> > I re-read that discussion and I'm still unclear on the
> > original question, since I got several apparently
> > conflicting answers.
> > 
> > I asked:
> > 
> > Why isn't setting VIRTIO_F_IOMMU_PLATFORM on the
> > hypervisor side sufficient?
> 
> I thought I had replied to this...
> 
> There are a couple of reasons:
> 
> - First qemu doesn't know that the guest will switch to "secure mode"
> in advance. There is no difference between a normal and a secure
> partition until the partition does the magic UV call to "enter secure
> mode" and qemu doesn't see any of it. So who can set the flag here ?

Not sure I understand. Just set the flag e.g. on qemu command line.
I might be wrong, but these secure mode things usually
a. require hypervisor side tricks anyway

> - Second, when using VIRTIO_F_IOMMU_PLATFORM, we also make qemu (or
> vhost) go through the emulated MMIO for every access to the guest,
> which adds additional overhead.
> 
> Cheers,
> Ben.

Well it's not supposed to be much slower for the static case.

vhost has a cache so should be fine.

A while ago Paolo implemented a translation cache which should be
perfect for this case - most of the code got merged but
never enabled because of stability issues.

If all else fails, we could teach QEMU to handle the no-iommu case
as if VIRTIO_F_IOMMU_PLATFORM was off.



> > 
> > 
> > >  arch/powerpc/include/asm/dma-mapping.h |  6 ++
> > >  arch/powerpc/platforms/pseries/iommu.c | 11 +++
> > >  drivers/virtio/virtio_ring.c   | 10 ++
> > >  3 files changed, 27 insertions(+)
> > > 
> > > diff --git a/arch/powerpc/include/asm/dma-mapping.h 
> > > b/arch/powerpc/include/asm/dma-mapping.h
> > > index 8fa3945..056e578 100644
> > > --- a/arch/powerpc/include/asm/dma-mapping.h
> > > +++ b/arch/powerpc/include/asm/dma-mapping.h
> > > @@ -115,4 +115,10 @@ extern u64 __dma_get_required_mask(struct device 
> > > *dev);
> > >  #define ARCH_HAS_DMA_MMAP_COHERENT
> > >  
> > >  #endif /* __KERNEL__ */
> > > +
> > > +#define platform_forces_virtio_dma platform_forces_virtio_dma
> > > +
> > > +struct virtio_device;
> > > +
> > > +extern bool platform_forces_virtio_dma(struct virtio_device *vdev);
> > >  #endif   /* _ASM_DMA_MAPPING_H */
> > > diff --git a/arch/powerpc/platforms/pseries/iommu.c 
> > > b/arch/powerpc/platforms/pseries/iommu.c
> > > index 06f0296..a2ec15a 100644
> > > --- a/arch/powerpc/platforms/pseries/iommu.c
> > > +++ b/arch/powerpc/platforms/pseries/iommu.c
> > > @@ -38,6 +38,7 @@
> > >  #include 
> > >  #include 
> > >  #include 
> > > +#include 
> > >  #include 
> > >  #include 
> > >  #include 
> > > @@ -1396,3 +1397,13 @@ static int __init disable_multitce(char *str)
> > >  __setup("multitce=", disable_multitce);
> > >  
> > >  machine_subsys_initcall_sync(pseries, tce_iommu_bus_notifier_init);
> > > +
> > > +bool platform_forces_virtio_dma(struct virtio_device *vdev)
> > > +{
> > > + /*
> > > +  * On protected guest platforms, force virtio core to use DMA
> > > +  * MAP API for all virtio devices. But there can also be some
> > > +  * exceptions for individual devices like virtio balloon.
> > > +  */
> > > + return (of_find_compatible_node(NULL, NULL, "ibm,ultravisor") != NULL);
> > > +}
> > 
> > Isn't this kind of slow?  vring_use_dma_api is on
> > data path and supposed to be very fast.
> > 
> > > diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c
> > > index 21d464a..47ea6c3 100644
> > > --- a/drivers/virtio/virtio_ring.c
> > > +++ b/drivers/virtio/virtio_ring.c
> > > @@ -141,8 +141,18 @@ struct vring_virtqueue {
> > >   * unconditionally on data path.
> > >   */
> > >  
> > > +#ifndef platform_forces_virtio_dma
> > > +static inline bool platform_forces_virtio_dma(struct virtio_device *vdev)
> > > +{
> > > + return false;
> > > +}
> > > +#endif
> > > +
> > >  static bool vring_use_dma_api(struct virtio_device *vdev)
> > >  {
> > > + if (platform_forces_virtio_dma(vdev))
> > > + return true;
> > > +
> > >   if (!virtio_has_iommu_quirk(vdev))
> > >   return true;
> > >  
> > > -- 
> > > 2.9.3

[PATCH 2/2] powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang

[Aneesh Kumar K.V]

When relaxing access (read -> read_write update), pte need to be marked invalid
to handle a nest MMU bug. We also need to do a tlb flush after the pte is
marked invalid before updating the pte with new access bits.

We also move tlb flush to platform specific __ptep_set_access_flags. This will
help us to gerid of unnecessary tlb flush on BOOK3S 64 later. We don't do that
in this patch. This also helps in avoiding multiple tlbies with coprocessor
attached.

Signed-off-by: Aneesh Kumar K.V 
---
 arch/powerpc/include/asm/book3s/32/pgtable.h |  8 ++--
 arch/powerpc/include/asm/book3s/64/pgtable.h |  8 +---
 arch/powerpc/include/asm/book3s/64/radix.h   |  5 +++--
 arch/powerpc/include/asm/nohash/32/pgtable.h |  7 +--
 arch/powerpc/include/asm/nohash/64/pgtable.h |  7 +--
 arch/powerpc/mm/pgtable-book3s64.c   |  9 ++---
 arch/powerpc/mm/pgtable-radix.c  | 20 +---
 arch/powerpc/mm/pgtable.c| 11 ++-
 8 files changed, 49 insertions(+), 26 deletions(-)

diff --git a/arch/powerpc/include/asm/book3s/32/pgtable.h 
b/arch/powerpc/include/asm/book3s/32/pgtable.h
index c615abdce119..9b4e95f3070b 100644
--- a/arch/powerpc/include/asm/book3s/32/pgtable.h
+++ b/arch/powerpc/include/asm/book3s/32/pgtable.h
@@ -235,15 +235,19 @@ static inline void huge_ptep_set_wrprotect(struct 
mm_struct *mm,
 }
 
 
-static inline void __ptep_set_access_flags(struct mm_struct *mm,
+static inline void __ptep_set_access_flags(struct vm_area_struct *vma,
   pte_t *ptep, pte_t entry,
-  unsigned long address)
+  unsigned long address,
+  int psize)
 {
unsigned long set = pte_val(entry) &
(_PAGE_DIRTY | _PAGE_ACCESSED | _PAGE_RW | _PAGE_EXEC);
unsigned long clr = ~pte_val(entry) & _PAGE_RO;
 
pte_update(ptep, clr, set);
+
+   flush_tlb_page(vma, address);
+
 }
 
 #define __HAVE_ARCH_PTE_SAME
diff --git a/arch/powerpc/include/asm/book3s/64/pgtable.h 
b/arch/powerpc/include/asm/book3s/64/pgtable.h
index c233915abb68..42fe7c2ff2df 100644
--- a/arch/powerpc/include/asm/book3s/64/pgtable.h
+++ b/arch/powerpc/include/asm/book3s/64/pgtable.h
@@ -767,12 +767,14 @@ static inline bool check_pte_access(unsigned long access, 
unsigned long ptev)
  * Generic functions with hash/radix callbacks
  */
 
-static inline void __ptep_set_access_flags(struct mm_struct *mm,
+static inline void __ptep_set_access_flags(struct vm_area_struct *vma,
   pte_t *ptep, pte_t entry,
-  unsigned long address)
+  unsigned long address,
+  int psize)
 {
if (radix_enabled())
-   return radix__ptep_set_access_flags(mm, ptep, entry, address);
+   return radix__ptep_set_access_flags(vma, ptep, entry,
+   address, psize);
return hash__ptep_set_access_flags(ptep, entry);
 }
 
diff --git a/arch/powerpc/include/asm/book3s/64/radix.h 
b/arch/powerpc/include/asm/book3s/64/radix.h
index ff642441aaf6..9fec7724751d 100644
--- a/arch/powerpc/include/asm/book3s/64/radix.h
+++ b/arch/powerpc/include/asm/book3s/64/radix.h
@@ -127,8 +127,9 @@ extern void radix__mark_initmem_nx(void);
 extern unsigned long radix__pte_update(struct mm_struct *mm, unsigned long 
addr,
   pte_t *ptep, unsigned long clr,
   unsigned long set, int huge);
-extern void radix__ptep_set_access_flags(struct mm_struct *mm, pte_t *ptep,
-pte_t entry, unsigned long address);
+extern void radix__ptep_set_access_flags(struct vm_area_struct *vma, pte_t 
*ptep,
+pte_t entry, unsigned long address,
+int psize);
 
 static inline unsigned long __radix_pte_update(pte_t *ptep, unsigned long clr,
   unsigned long set)
diff --git a/arch/powerpc/include/asm/nohash/32/pgtable.h 
b/arch/powerpc/include/asm/nohash/32/pgtable.h
index 987a658b18e1..7c46a98cc7f4 100644
--- a/arch/powerpc/include/asm/nohash/32/pgtable.h
+++ b/arch/powerpc/include/asm/nohash/32/pgtable.h
@@ -256,15 +256,18 @@ static inline void huge_ptep_set_wrprotect(struct 
mm_struct *mm,
 }
 
 
-static inline void __ptep_set_access_flags(struct mm_struct *mm,
+static inline void __ptep_set_access_flags(struct vm_area_struct *vma,
   pte_t *ptep, pte_t entry,
-  unsigned long address)
+  unsigned long address,
+  int psize)
 {

[PATCH 1/2] powerpc/mm/radix: Move functions from radix.h to pgtable-radix.c

[Aneesh Kumar K.V]

In later patch we will update them which require them to be moved
to pgtable-radix.c Doing the move in separate patch helps in review.

No function change in this patch. Only code movement.

Signed-off-by: Aneesh Kumar K.V 
---
 arch/powerpc/include/asm/book3s/64/radix.h | 63 +++---
 arch/powerpc/mm/pgtable-radix.c| 48 +
 2 files changed, 54 insertions(+), 57 deletions(-)

diff --git a/arch/powerpc/include/asm/book3s/64/radix.h 
b/arch/powerpc/include/asm/book3s/64/radix.h
index 705193e7192f..ff642441aaf6 100644
--- a/arch/powerpc/include/asm/book3s/64/radix.h
+++ b/arch/powerpc/include/asm/book3s/64/radix.h
@@ -124,6 +124,12 @@ extern void radix__mark_rodata_ro(void);
 extern void radix__mark_initmem_nx(void);
 #endif
 
+extern unsigned long radix__pte_update(struct mm_struct *mm, unsigned long 
addr,
+  pte_t *ptep, unsigned long clr,
+  unsigned long set, int huge);
+extern void radix__ptep_set_access_flags(struct mm_struct *mm, pte_t *ptep,
+pte_t entry, unsigned long address);
+
 static inline unsigned long __radix_pte_update(pte_t *ptep, unsigned long clr,
   unsigned long set)
 {
@@ -140,35 +146,6 @@ static inline unsigned long __radix_pte_update(pte_t 
*ptep, unsigned long clr,
return old_pte;
 }
 
-
-static inline unsigned long radix__pte_update(struct mm_struct *mm,
-   unsigned long addr,
-   pte_t *ptep, unsigned long clr,
-   unsigned long set,
-   int huge)
-{
-   unsigned long old_pte;
-
-   if (cpu_has_feature(CPU_FTR_POWER9_DD1)) {
-
-   unsigned long new_pte;
-
-   old_pte = __radix_pte_update(ptep, ~0ul, 0);
-   /*
-* new value of pte
-*/
-   new_pte = (old_pte | set) & ~clr;
-   radix__flush_tlb_pte_p9_dd1(old_pte, mm, addr);
-   if (new_pte)
-   __radix_pte_update(ptep, 0, new_pte);
-   } else
-   old_pte = __radix_pte_update(ptep, clr, set);
-   if (!huge)
-   assert_pte_locked(mm, addr);
-
-   return old_pte;
-}
-
 static inline pte_t radix__ptep_get_and_clear_full(struct mm_struct *mm,
   unsigned long addr,
   pte_t *ptep, int full)
@@ -190,34 +167,6 @@ static inline pte_t radix__ptep_get_and_clear_full(struct 
mm_struct *mm,
return __pte(old_pte);
 }
 
-/*
- * Set the dirty and/or accessed bits atomically in a linux PTE, this
- * function doesn't need to invalidate tlb.
- */
-static inline void radix__ptep_set_access_flags(struct mm_struct *mm,
-   pte_t *ptep, pte_t entry,
-   unsigned long address)
-{
-
-   unsigned long set = pte_val(entry) & (_PAGE_DIRTY | _PAGE_ACCESSED |
- _PAGE_RW | _PAGE_EXEC);
-
-   if (cpu_has_feature(CPU_FTR_POWER9_DD1)) {
-
-   unsigned long old_pte, new_pte;
-
-   old_pte = __radix_pte_update(ptep, ~0, 0);
-   /*
-* new value of pte
-*/
-   new_pte = old_pte | set;
-   radix__flush_tlb_pte_p9_dd1(old_pte, mm, address);
-   __radix_pte_update(ptep, 0, new_pte);
-   } else
-   __radix_pte_update(ptep, 0, set);
-   asm volatile("ptesync" : : : "memory");
-}
-
 static inline int radix__pte_same(pte_t pte_a, pte_t pte_b)
 {
return ((pte_raw(pte_a) ^ pte_raw(pte_b)) == 0);
diff --git a/arch/powerpc/mm/pgtable-radix.c b/arch/powerpc/mm/pgtable-radix.c
index ce24d72ea679..68931ca549f7 100644
--- a/arch/powerpc/mm/pgtable-radix.c
+++ b/arch/powerpc/mm/pgtable-radix.c
@@ -1084,3 +1084,51 @@ int radix__has_transparent_hugepage(void)
return 0;
 }
 #endif /* CONFIG_TRANSPARENT_HUGEPAGE */
+
+unsigned long radix__pte_update(struct mm_struct *mm, unsigned long addr,
+   pte_t *ptep, unsigned long clr,
+   unsigned long set, int huge)
+{
+   unsigned long old_pte;
+
+   if (cpu_has_feature(CPU_FTR_POWER9_DD1)) {
+
+   unsigned long new_pte;
+
+   old_pte = __radix_pte_update(ptep, ~0ul, 0);
+   /*
+* new value of pte
+*/
+   new_pte = (old_pte | set) & ~clr;
+   radix__flush_tlb_pte_p9_dd1(old_pte, mm, addr);
+   if (new_pte)
+   __radix_pte_update(ptep, 0, new_pte);
+   } else
+   old_pte = __radix_pte_update(ptep, clr, set);
+   if (!huge)
+  

Re: [PATCH] powerpc/64s: Clear PCR on boot

[Guenter Roeck]

On Fri, May 18, 2018 at 11:37:42AM +1000, Michael Neuling wrote:
> Clear the PCR (Processor Compatibility Register) on boot to ensure we
> are not running in a compatibility mode.
> 
> We've seen this cause problems when a crash (and kdump) occurs while
> running compat mode guests. The kdump kernel then runs with the PCR
> set and causes problems. The symptom in the kdump kernel (also seen in
> petitboot after fast-reboot) is early userspace programs taking
> sigills on newer instructions (seen in libc).
> 

Hi folks,

this patch causes qemu to bail out with

Trying to write privileged spr 338 (0x152) at c0033454

when running it with "-M powernv -cpu POWER8" and powernv_defconfig.

Can you confirm that this is a bug in qemu ?

Thanks,
Guenter

> Signed-off-by: Michael Neuling 
> Cc: sta...@vger.kernel.org
> Signed-off-by: Michael Ellerman 
> ---
>  arch/powerpc/kernel/cpu_setup_power.S | 6 ++
>  arch/powerpc/kernel/dt_cpu_ftrs.c | 1 +
>  2 files changed, 7 insertions(+)
> 
> diff --git a/arch/powerpc/kernel/cpu_setup_power.S 
> b/arch/powerpc/kernel/cpu_setup_power.S
> index 3f30c994e931..458b928dbd84 100644
> --- a/arch/powerpc/kernel/cpu_setup_power.S
> +++ b/arch/powerpc/kernel/cpu_setup_power.S
> @@ -28,6 +28,7 @@ _GLOBAL(__setup_cpu_power7)
>   beqlr
>   li  r0,0
>   mtspr   SPRN_LPID,r0
> + mtspr   SPRN_PCR,r0
>   mfspr   r3,SPRN_LPCR
>   li  r4,(LPCR_LPES1 >> LPCR_LPES_SH)
>   bl  __init_LPCR_ISA206
> @@ -41,6 +42,7 @@ _GLOBAL(__restore_cpu_power7)
>   beqlr
>   li  r0,0
>   mtspr   SPRN_LPID,r0
> + mtspr   SPRN_PCR,r0
>   mfspr   r3,SPRN_LPCR
>   li  r4,(LPCR_LPES1 >> LPCR_LPES_SH)
>   bl  __init_LPCR_ISA206
> @@ -57,6 +59,7 @@ _GLOBAL(__setup_cpu_power8)
>   beqlr
>   li  r0,0
>   mtspr   SPRN_LPID,r0
> + mtspr   SPRN_PCR,r0
>   mfspr   r3,SPRN_LPCR
>   ori r3, r3, LPCR_PECEDH
>   li  r4,0 /* LPES = 0 */
> @@ -78,6 +81,7 @@ _GLOBAL(__restore_cpu_power8)
>   beqlr
>   li  r0,0
>   mtspr   SPRN_LPID,r0
> + mtspr   SPRN_PCR,r0
>   mfspr   r3,SPRN_LPCR
>   ori r3, r3, LPCR_PECEDH
>   li  r4,0 /* LPES = 0 */
> @@ -99,6 +103,7 @@ _GLOBAL(__setup_cpu_power9)
>   mtspr   SPRN_PSSCR,r0
>   mtspr   SPRN_LPID,r0
>   mtspr   SPRN_PID,r0
> + mtspr   SPRN_PCR,r0
>   mfspr   r3,SPRN_LPCR
>   LOAD_REG_IMMEDIATE(r4, LPCR_PECEDH | LPCR_PECE_HVEE | LPCR_HVICE  | 
> LPCR_HEIC)
>   or  r3, r3, r4
> @@ -123,6 +128,7 @@ _GLOBAL(__restore_cpu_power9)
>   mtspr   SPRN_PSSCR,r0
>   mtspr   SPRN_LPID,r0
>   mtspr   SPRN_PID,r0
> + mtspr   SPRN_PCR,r0
>   mfspr   r3,SPRN_LPCR
>   LOAD_REG_IMMEDIATE(r4, LPCR_PECEDH | LPCR_PECE_HVEE | LPCR_HVICE | 
> LPCR_HEIC)
>   or  r3, r3, r4
> diff --git a/arch/powerpc/kernel/dt_cpu_ftrs.c 
> b/arch/powerpc/kernel/dt_cpu_ftrs.c
> index 8ab51f6ca03a..c904477abaf3 100644
> --- a/arch/powerpc/kernel/dt_cpu_ftrs.c
> +++ b/arch/powerpc/kernel/dt_cpu_ftrs.c
> @@ -101,6 +101,7 @@ static void __restore_cpu_cpufeatures(void)
>   if (hv_mode) {
>   mtspr(SPRN_LPID, 0);
>   mtspr(SPRN_HFSCR, system_registers.hfscr);
> + mtspr(SPRN_PCR, 0);
>   }
>   mtspr(SPRN_FSCR, system_registers.fscr);
>  
> -- 
> 2.7.4

[GIT PULL] Please pull powerpc/linux.git powerpc-4.17-7 tag

[Michael Ellerman]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi Linus,

Please pull one more powerpc fix for 4.17:

The following changes since commit c1d2a31397ec51f0370f6bd17b19b39152c263cb:

  powerpc/powernv: Fix NVRAM sleep in invalid context when crashing (2018-05-18 
00:23:07 +1000)

are available in the git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git 
tags/powerpc-4.17-7

for you to fetch changes up to faf37c44a105f3608115785f17cbbf3500f8bc71:

  powerpc/64s: Clear PCR on boot (2018-05-18 16:05:15 +1000)

- 
powerpc fixes for 4.17 #7

Just one fix, to make sure the PCR (Processor Compatibility Register) is reset
on boot. Otherwise if we're running in compat mode in a guest (eg. pretending a
Power9 is a Power8) and the host kernel oopses and kdumps then the kdump
kernel's userspace will be running in Power8 mode, and will SIGILL if it uses
Power9-only instructions.

Thanks to:
  Michael Neuling.

- 
Michael Neuling (1):
  powerpc/64s: Clear PCR on boot

 arch/powerpc/kernel/cpu_setup_power.S | 6 ++
 arch/powerpc/kernel/dt_cpu_ftrs.c | 1 +
 2 files changed, 7 insertions(+)
-BEGIN PGP SIGNATURE-

iQIcBAEBCAAGBQJbB/bPAAoJEFHr6jzI4aWADOAP/iK5Tnxdd6NnVan9szsvmQpO
TFwOB+/bYERdJfNIybe6IWCvMnRPpLWeL0tSbh9zcbx5O9QJgueOy/XxdzAvuDpk
nexT03cCPS6llAcVI4HvhigfO4zUQB+pfSu5/XHjZGCqwAKP+OVBv8BuQbC6J6DV
p8Kx1EpkG5kBvsN3OxwMCNjX4f99qpBEAWvDuV0Th0H1elr9kjNmkrSn6kV/56M3
MXpuAknP9QPBddiV2SbgMFw5WwmT31h3BAbTDJok64LcKVAw2PWO/YLMdYl27Gy2
6Zwern6hK9fy620JnPExNbNzME0tlgtBYpPOYUezsjg+XDxED+bwNrzEIb14HgcJ
mtzd3TZUJ5GznlbxzeSso7LNsJ8CFG5k9zYtg80s3K67Z1BPosV/xXi/BR53iYDU
fw+u4QqA1P/fp6wq3VWI37oyqbtMnBz/C0Lx1vbcFDBGs2rtz0+EmoBBQBxWAZ2Z
CuWiuGyd+rOhMIcLX+KsnIKPLadrbj4s7EBYR+kZa7JnS2tvToLp5PjLpQaBUVSR
vD6WzRRg2vH6/aicjRUjmduUCzBkaNtQjokkyv0kZqiUnnglxUbLvloprjZHEaKK
VpBANpHV+N74lGwiGJFTKeEmxp6VDC7BQWSSWKvve8LwwcK6rhyQOoPPwo7NN7yp
ubkeS/hnoX2H2YBP6BbT
=3Iqr
-END PGP SIGNATURE-

Re: powerpc/8xx: fix invalid register expression in head_8xx.S

[Michael Ellerman]

On Thu, 2018-05-24 at 11:02:06 UTC, Christophe Leroy wrote:
> New binutils generate the following warning
> 
>   AS  arch/powerpc/kernel/head_8xx.o
> arch/powerpc/kernel/head_8xx.S: Assembler messages:
> arch/powerpc/kernel/head_8xx.S:916: Warning: invalid register expression
> 
> This patch fixes it.
> 
> Signed-off-by: Christophe Leroy 

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/e4ccb1dae6bdef228d729c076c3816

cheers

Re: [v2] powerpc/xmon: Also setup debugger hooks when single-stepping

[Michael Ellerman]

On Wed, 2018-05-23 at 18:00:54 UTC, Michal Suchanek wrote:
> When single-stepping kernel code from xmon without a debug hook enabled
> the kernel crashes. This can happen when kernel starts with xmon on
> crash disabled but xmon is entered using sysrq.
> 
> Call force_enable_xmon when single-stepping in xmon to install the xmon
> debug hooks.
> 
> Fixes: e1368d0c9edb ("powerpc/xmon: Setup debugger hooks when first
> break-point is set")
> 
> Signed-off-by: Michal Suchanek 
> Reviewed-by: Vaibhav Jain 

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/7daf59300999693b85233762b847f1

cheers

Re: [2/2] powerpc/xmon: Realign paca dump fields

[Michael Ellerman]

On Wed, 2018-05-23 at 11:48:37 UTC, Michael Ellerman wrote:
> We've added some fields with longer names since we originally wrote
> this, so the fields are no longer lined up. Adjust the widths to make
> it all look nice again, eg:
> 
>   0:mon> dp
>   paca for cpu 0x0 @ c1fa:
>possible  = yes
>...
>slb_shadow[0] = 0xc800 0x400ea1b217000500
>slb_shadow[1] = 0xd801 0x400d43642f000510
>...
>rfi_flush_fallback_area   = c000fff8   (0xcc8)
>...
>accounting.starttime_user = 0x51582f07 (0xae8)
> 
> Signed-off-by: Michael Ellerman 

Applied to powerpc next.

https://git.kernel.org/powerpc/c/9ce53e27265e7bab728774fac785f6

cheers

Re: [1/2] powerpc/xmon: Specify the full format in DUMP() macro

[Michael Ellerman]

On Wed, 2018-05-23 at 11:48:36 UTC, Michael Ellerman wrote:
> In dump_one_paca() the DUMP macro unconditionally prepends '#' to the
> printf format specifier. In most cases we're using either 'x' or 'lx'
> etc. and that is OK. But for 'p' and other formats using '#' is
> actually undefined, and once we enable printf() checking for
> xmon_printf() we will get warnings from the compiler.
> 
> So just have each usage specify the full format, that way we can omit
> '#' when it's inappropriate.
> 
> Signed-off-by: Michael Ellerman 
> Reviewed-by: Mathieu Malaterre 

Applied to powerpc next.

https://git.kernel.org/powerpc/c/6671683db8540e5766f44a1089549c

cheers

Re: [v9] powerpc/mm: Only read faulting instruction when necessary in do_page_fault()

[Michael Ellerman]

On Wed, 2018-05-23 at 08:53:22 UTC, Christophe Leroy wrote:
> Commit a7a9dcd882a67 ("powerpc: Avoid taking a data miss on every
> userspace instruction miss") has shown that limiting the read of
> faulting instruction to likely cases improves performance.
> 
> This patch goes further into this direction by limiting the read
> of the faulting instruction to the only cases where it is likely
> needed.
> 
> On an MPC885, with the same benchmark app as in the commit referred
> above, we see a reduction of about 3900 dTLB misses (approx 3%):
> 
> Before the patch:
>  Performance counter stats for './fault 500' (10 runs):
> 
>  683033312  cpu-cycles
> ( +-  0.03% )
> 134538  dTLB-load-misses  
> ( +-  0.03% )
>  46099  iTLB-load-misses  
> ( +-  0.02% )
>  19681  faults
> ( +-  0.02% )
> 
>5.389747878 seconds time elapsed   
>( +-  0.06% )
> 
> With the patch:
> 
>  Performance counter stats for './fault 500' (10 runs):
> 
>  682112862  cpu-cycles
> ( +-  0.03% )
> 130619  dTLB-load-misses  
> ( +-  0.03% )
>  46073  iTLB-load-misses  
> ( +-  0.05% )
>  19681  faults
> ( +-  0.01% )
> 
>5.381342641 seconds time elapsed   
>( +-  0.07% )
> 
> The proper work of the huge stack expansion was tested with the
> following app:
> 
> int main(int argc, char **argv)
> {
>   char buf[1024 * 1025];
> 
>   sprintf(buf, "Hello world !\n");
>   printf(buf);
> 
>   exit(0);
> }
> 
> Signed-off-by: Christophe Leroy 
> Reviewed-by: Nicholas Piggin 

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/0e36b0d12501e278686634712975b7

cheers

Re: [1/2] selftests/powerpc: Add ptrace hw breakpoint test

[Michael Ellerman]

On Tue, 2018-05-22 at 06:14:27 UTC, Michael Neuling wrote:
> This test the ptrace hw breakpoints via PTRACE_SET_DEBUGREG and
> PPC_PTRACE_SETHWDEBUG.  This test was use to find the bugs fixed by
> these recent commits:
> 
>   4f7c06e26e powerpc/ptrace: Fix setting 512B aligned breakpoints with 
> PTRACE_SET_DEBUGREG
>   cd6ef7eebf powerpc/ptrace: Fix enforcement of DAWR constraints
> 
> Signed-off-by: Michael Neuling 

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/9c2ddfe55c42bf4b9bc336a0650ab7

cheers

Re: powerpc/mm: Use instruction symbolic names in store_updates_sp()

[Michael Ellerman]

On Wed, 2018-05-23 at 07:04:04 UTC, Christophe Leroy wrote:
> Use symbolic names defined in asm/ppc-opcode.h
> instead of hardcoded values.
> 
> Signed-off-by: Christophe Leroy 

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/8a0b1120cb25ccd4480ba4fe3650bc

cheers

Re: selftests/powerpc: Add missing .gitignores

[Michael Ellerman]

On Tue, 2018-05-22 at 06:13:59 UTC, Michael Neuling wrote:
> Signed-off-by: Michael Neuling 

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/bd79010fb3a9aa160e1780e2496798

cheers

Re: powerpc/xmon: Update paca fields dumped in xmon

[Michael Ellerman]

On Mon, 2018-05-21 at 09:47:20 UTC, Michael Ellerman wrote:
> The set of paca fields we dump in xmon has gotten somewhat out of
> date. Update to add some recently added fields.
> 
> Signed-off-by: Michael Ellerman 

Applied to powerpc next.

https://git.kernel.org/powerpc/c/2e0986d761324376021c880ddbf00c

cheers

Re: [3/3] hwmon: (ibmpowernv) Add energy sensors

[Michael Ellerman]

On Mon, 2018-05-07 at 10:25:38 UTC, Shilpasri G Bhat wrote:
> This patch exports the accumulated power numbers of each power
> sensor maintained by OCC.
> 
> Signed-off-by: Shilpasri G Bhat 
> Acked-by: Guenter Roeck 

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/43d2974b66d916a6df16e536da542e

cheers

Re: [2/3] hwmon: (ibmpowernv): Add support to read 64 bit sensors

[Michael Ellerman]

On Mon, 2018-05-07 at 10:25:37 UTC, Shilpasri G Bhat wrote:
> The firmware has supported for reading sensor values of size u32.
> This patch adds support to use newer firmware functions which allows
> to read the sensors of size u64.
> 
> Signed-off-by: Shilpasri G Bhat 
> Acked-by: Guenter Roeck 

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/3c8c049aa7bdffaab2e53401fd5270

cheers

Re: [1/3] powernv: opal-sensor: Add support to read 64bit sensor values

[Michael Ellerman]

On Mon, 2018-05-07 at 10:25:36 UTC, Shilpasri G Bhat wrote:
> This patch adds support to read 64-bit sensor values. This method is
> used to read energy sensors and counters which are of type u64.
> 
> Signed-off-by: Shilpasri G Bhat 

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/5cdcb01e0af5a709c9bebe0e0450dc

cheers

Re: powerpc/wii: Make hlwd_pic_init function static

[Michael Ellerman]

On Mon, 2018-04-23 at 19:45:32 UTC, Mathieu Malaterre wrote:
> The function hlwd_pic_init can be made static, so do it. Fix the following
> warning treated as error (W=1):
> 
> ../arch/powerpc/platforms/embedded6xx/hlwd-pic.c:158:20: error: no previous 
> prototype for ‘hlwd_pic_init’ [-Werror=missing-prototypes]
> 
> Signed-off-by: Mathieu Malaterre 

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/eed6964bce59294f293b1746a6e4a6

cheers

Re: [v2] powerpc/mm/radix: use do/while(0) trick for single statement block

[Michael Ellerman]

On Mon, 2018-04-23 at 19:36:38 UTC, Mathieu Malaterre wrote:
> In commit 7a22d6321c3d ("powerpc/mm/radix: Update command line parsing for
> disable_radix") an `if` statement was added for a possible empty body
> (prom_debug).
> 
> Fix the following warning, treated as error with W=1:
> 
>   arch/powerpc/kernel/prom_init.c:656:46: error: suggest braces around empty 
> body in an ‘if’ statement [-Werror=empty-body]
> 
> Suggested-by: Randy Dunlap 
> Signed-off-by: Mathieu Malaterre 
> Acked-by: Randy Dunlap 

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/85aa4b98419d74dd5cc914e0893498

cheers

Re: [v2] powerpc/sparse: fix plain integer as NULL pointer warning

[Michael Ellerman]

On Fri, 2018-04-13 at 18:41:43 UTC, Mathieu Malaterre wrote:
> Trivial fix to remove the following sparse warnings:
> 
>   arch/powerpc/kernel/module_32.c:112:74: warning: Using plain integer as 
> NULL pointer
>   arch/powerpc/kernel/module_32.c:117:74: warning: Using plain integer as 
> NULL pointer
>   drivers/macintosh/via-pmu.c:1155:28: warning: Using plain integer as NULL 
> pointer
>   drivers/macintosh/via-pmu.c:1230:20: warning: Using plain integer as NULL 
> pointer
>   drivers/macintosh/via-pmu.c:1385:36: warning: Using plain integer as NULL 
> pointer
>   drivers/macintosh/via-pmu.c:1752:23: warning: Using plain integer as NULL 
> pointer
>   drivers/macintosh/via-pmu.c:2084:19: warning: Using plain integer as NULL 
> pointer
>   drivers/macintosh/via-pmu.c:2110:32: warning: Using plain integer as NULL 
> pointer
>   drivers/macintosh/via-pmu.c:2167:19: warning: Using plain integer as NULL 
> pointer
>   drivers/macintosh/via-pmu.c:2183:19: warning: Using plain integer as NULL 
> pointer
>   drivers/macintosh/via-pmu.c:277:20: warning: Using plain integer as NULL 
> pointer
>   arch/powerpc/platforms/powermac/setup.c:155:67: warning: Using plain 
> integer as NULL pointer
>   arch/powerpc/platforms/powermac/setup.c:247:27: warning: Using plain 
> integer as NULL pointer
>   arch/powerpc/platforms/powermac/setup.c:249:27: warning: Using plain 
> integer as NULL pointer
>   arch/powerpc/platforms/powermac/setup.c:252:37: warning: Using plain 
> integer as NULL pointer
>   arch/powerpc/mm/tlb_hash32.c:127:21: warning: Using plain integer as NULL 
> pointer
>   arch/powerpc/mm/tlb_hash32.c:148:21: warning: Using plain integer as NULL 
> pointer
>   arch/powerpc/mm/tlb_hash32.c:44:21: warning: Using plain integer as NULL 
> pointer
>   arch/powerpc/mm/tlb_hash32.c:57:21: warning: Using plain integer as NULL 
> pointer
>   arch/powerpc/mm/tlb_hash32.c:87:21: warning: Using plain integer as NULL 
> pointer
>   arch/powerpc/kernel/btext.c:160:31: warning: Using plain integer as NULL 
> pointer
>   arch/powerpc/kernel/btext.c:167:22: warning: Using plain integer as NULL 
> pointer
>   arch/powerpc/kernel/btext.c:274:21: warning: Using plain integer as NULL 
> pointer
>   arch/powerpc/kernel/btext.c:285:31: warning: Using plain integer as NULL 
> pointer
>   arch/powerpc/include/asm/hugetlb.h:204:16: warning: Using plain integer as 
> NULL pointer
>   arch/powerpc/mm/ppc_mmu_32.c:170:21: warning: Using plain integer as NULL 
> pointer
>   arch/powerpc/platforms/powermac/pci.c:1227:23: warning: Using plain integer 
> as NULL pointer
>   arch/powerpc/platforms/powermac/pci.c:65:24: warning: Using plain integer 
> as NULL pointer
> 
> Also use `--fix` command line option from `script/checkpatch --strict` to
> remove the following:
> 
>   CHECK: Comparison to NULL could be written "!dispDeviceBase"
>   #72: FILE: arch/powerpc/kernel/btext.c:160:
>   +   if (dispDeviceBase == NULL)
> 
>   CHECK: Comparison to NULL could be written "!vbase"
>   #80: FILE: arch/powerpc/kernel/btext.c:167:
>   +   if (vbase == NULL)
> 
>   CHECK: Comparison to NULL could be written "!base"
>   #89: FILE: arch/powerpc/kernel/btext.c:274:
>   +   if (base == NULL)
> 
>   CHECK: Comparison to NULL could be written "!dispDeviceBase"
>   #98: FILE: arch/powerpc/kernel/btext.c:285:
>   +   if (dispDeviceBase == NULL)
> 
>   CHECK: Comparison to NULL could be written "strstr"
>   #117: FILE: arch/powerpc/kernel/module_32.c:117:
>   +   if (strstr(secstrings + sechdrs[i].sh_name, ".debug") != NULL)
> 
>   CHECK: Comparison to NULL could be written "!Hash"
>   #130: FILE: arch/powerpc/mm/ppc_mmu_32.c:170:
>   +   if (Hash == NULL)
> 
>   CHECK: Comparison to NULL could be written "Hash"
>   #143: FILE: arch/powerpc/mm/tlb_hash32.c:44:
>   +   if (Hash != NULL) {
> 
>   CHECK: Comparison to NULL could be written "!Hash"
>   #152: FILE: arch/powerpc/mm/tlb_hash32.c:57:
>   +   if (Hash == NULL) {
> 
>   CHECK: Comparison to NULL could be written "!Hash"
>   #161: FILE: arch/powerpc/mm/tlb_hash32.c:87:
>   +   if (Hash == NULL) {
> 
>   CHECK: Comparison to NULL could be written "!Hash"
>   #170: FILE: arch/powerpc/mm/tlb_hash32.c:127:
>   +   if (Hash == NULL) {
> 
>   CHECK: Comparison to NULL could be written "!Hash"
>   #179: FILE: arch/powerpc/mm/tlb_hash32.c:148:
>   +   if (Hash == NULL) {
> 
>   ERROR: space required after that ';' (ctx:VxV)
>   #192: FILE: arch/powerpc/platforms/powermac/pci.c:65:
>   +   for (; node != NULL;node = node->sibling) {
> 
>   CHECK: Comparison to NULL could be written "node"
>   #192: FILE: arch/powerpc/platforms/powermac/pci.c:65:
>   +   for (; node != NULL;node = node->sibling) {
> 
>   CHECK: Comparison to NULL could be written "!region"
>   #201: FILE: arch/powerpc/platforms/powermac/pci.c:1227:
>   +   if (region == NULL)
> 
>   CHECK: Comparison to NULL could be written "of_get_property"
>   #214: FILE: arch/powerpc/platforms/powermac/setup.c:155:
>   +   if (of_get_property(np, 

Re: powerpc: add __printf verification to prom_printf

[Michael Ellerman]

On Fri, 2018-04-06 at 20:12:19 UTC, Mathieu Malaterre wrote:
> __printf is useful to verify format and arguments. Fix arg mismatch
> reported by gcc, remove the following warnings (with W=1):
> 
>   arch/powerpc/kernel/prom_init.c:1467:31: error: format ‘%x’ expects 
> argument of type ‘unsigned int’, but argument 2 has type ‘long unsigned 
> int’ [-Werror=format=]
>   arch/powerpc/kernel/prom_init.c:1471:31: error: format ‘%x’ expects 
> argument of type ‘unsigned int’, but argument 2 has type ‘long unsigned 
> int’ [-Werror=format=]
>   arch/powerpc/kernel/prom_init.c:1504:33: error: format ‘%x’ expects 
> argument of type ‘unsigned int’, but argument 2 has type ‘long unsigned 
> int’ [-Werror=format=]
>   arch/powerpc/kernel/prom_init.c:1505:33: error: format ‘%x’ expects 
> argument of type ‘unsigned int’, but argument 2 has type ‘long unsigned 
> int’ [-Werror=format=]
>   arch/powerpc/kernel/prom_init.c:1506:33: error: format ‘%x’ expects 
> argument of type ‘unsigned int’, but argument 2 has type ‘long unsigned 
> int’ [-Werror=format=]
>   arch/powerpc/kernel/prom_init.c:1507:33: error: format ‘%x’ expects 
> argument of type ‘unsigned int’, but argument 2 has type ‘long unsigned 
> int’ [-Werror=format=]
>   arch/powerpc/kernel/prom_init.c:1508:33: error: format ‘%x’ expects 
> argument of type ‘unsigned int’, but argument 2 has type ‘long unsigned 
> int’ [-Werror=format=]
>   arch/powerpc/kernel/prom_init.c:1509:33: error: format ‘%x’ expects 
> argument of type ‘unsigned int’, but argument 2 has type ‘long unsigned 
> int’ [-Werror=format=]
>   arch/powerpc/kernel/prom_init.c:1975:39: error: format ‘%lu’ expects 
> argument of type ‘long unsigned int’, but argument 2 has type ‘unsigned 
> int’ [-Werror=format=]
>   arch/powerpc/kernel/prom_init.c:1986:27: error: format ‘%x’ expects 
> argument of type ‘unsigned int’, but argument 2 has type ‘long unsigned 
> int’ [-Werror=format=]
>   arch/powerpc/kernel/prom_init.c:2567:38: error: format ‘%x’ expects 
> argument of type ‘unsigned int’, but argument 2 has type ‘long unsigned 
> int’ [-Werror=format=]
>   arch/powerpc/kernel/prom_init.c:2567:46: error: format ‘%x’ expects 
> argument of type ‘unsigned int’, but argument 3 has type ‘long unsigned 
> int’ [-Werror=format=]
>   arch/powerpc/kernel/prom_init.c:2569:38: error: format ‘%x’ expects 
> argument of type ‘unsigned int’, but argument 2 has type ‘long unsigned 
> int’ [-Werror=format=]
>   arch/powerpc/kernel/prom_init.c:2569:46: error: format ‘%x’ expects 
> argument of type ‘unsigned int’, but argument 3 has type ‘long unsigned 
> int’ [-Werror=format=]
> 
> The patch also include arg mismatch fix for case with #define DEBUG_PROM
> (warning not listed here).
> 
> This patch fix also the following warnings revealed by checkpatch:
> 
>   WARNING: Prefer using '"%s...", __func__' to using 'alloc_up', this 
> function's name, in a string
>   #101: FILE: arch/powerpc/kernel/prom_init.c:1235:
>   + prom_debug("alloc_up(%lx, %lx)\n", size, align);
> 
> and
> 
>   WARNING: Prefer using '"%s...", __func__' to using 'alloc_down', this 
> function's name, in a string
>   #138: FILE: arch/powerpc/kernel/prom_init.c:1278:
>   + prom_debug("alloc_down(%lx, %lx, %s)\n", size, align,
> 
> Signed-off-by: Mathieu Malaterre 

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/eae5f709a4d738c52b6ab636981755

cheers

Re: [v3,19/19] powerpc/tau: Synchronize function prototypes and body

[Michael Ellerman]

On Wed, 2018-04-04 at 20:10:28 UTC, Mathieu Malaterre wrote:
> Some function prototypes and body for Thermal Assist Units were not in
> sync. Update the function definition to match the existing function
> declaration found in `setup-common.c`, changing an `int` return type to a
> `u32` return type. Move the prototypes to a header file. Fix the following
> warnings, treated as error with W=1:
> 
>   arch/powerpc/kernel/tau_6xx.c:257:5: error: no previous prototype for 
> ‘cpu_temp_both’ [-Werror=missing-prototypes]
>   arch/powerpc/kernel/tau_6xx.c:262:5: error: no previous prototype for 
> ‘cpu_temp’ [-Werror=missing-prototypes]
>   arch/powerpc/kernel/tau_6xx.c:267:5: error: no previous prototype for 
> ‘tau_interrupts’ [-Werror=missing-prototypes]
> 
> Compile tested with CONFIG_TAU_INT.
> 
> Suggested-by: Christophe Leroy 
> Signed-off-by: Mathieu Malaterre 

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/bd13ac95f954570e01fba5a6caf771

cheers

Re: [v3,15/19] powerpc: Add missing prototype

[Michael Ellerman]

On Wed, 2018-04-04 at 20:11:42 UTC, Mathieu Malaterre wrote:
> Add one missing prototype for function rh_dump_blk. Fix warning treated as
> error in W=1:
> 
>   arch/powerpc/lib/rheap.c:740:6: error: no previous prototype for 
> ‘rh_dump_blk’ [-Werror=missing-prototypes]
> 
> Suggested-by: Christophe Leroy 
> Signed-off-by: Mathieu Malaterre 

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/3fc5ee9b2846db2eaddeadf089ef25

cheers

Re: [v3,13/19] powerpc/52xx: Add missing functions prototypes

[Michael Ellerman]

On Wed, 2018-04-04 at 20:12:30 UTC, Mathieu Malaterre wrote:
> The function prototypes were declared within a `#ifdef CONFIG_PPC_LITE5200`
> block which would prevent them from being visible when compiling
> `mpc52xx_pm.c`. Move the prototypes outside of the `#ifdef` block to fix
> the following warnings treated as errors with W=1:
> 
>   arch/powerpc/platforms/52xx/mpc52xx_pm.c:58:5: error: no previous prototype 
> for ‘mpc52xx_pm_prepare’ [-Werror=missing-prototypes]
>   arch/powerpc/platforms/52xx/mpc52xx_pm.c:113:5: error: no previous 
> prototype for ‘mpc52xx_pm_enter’ [-Werror=missing-prototypes]
>   arch/powerpc/platforms/52xx/mpc52xx_pm.c:181:6: error: no previous 
> prototype for ‘mpc52xx_pm_finish’ [-Werror=missing-prototypes]
> 
> Suggested-by: Christophe Leroy 
> Signed-off-by: Mathieu Malaterre 

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/c3f0515ea1277558e7c0c3240d17c7

cheers

Re: [v3, 12/19] powerpc/powermac: Add missing prototype for note_bootable_part()

[Michael Ellerman]

On Wed, 2018-04-04 at 20:13:05 UTC, Mathieu Malaterre wrote:
> Add a missing prototype for function `note_bootable_part` to silence a
> warning treated as error with W=1:
> 
>   arch/powerpc/platforms/powermac/setup.c:361:12: error: no previous 
> prototype for ‘note_bootable_part’ [-Werror=missing-prototypes]
> 
> Suggested-by: Christophe Leroy 
> Signed-off-by: Mathieu Malaterre 

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/f72cf3f1d49f2c35d6cb682af2e8c9

cheers

Re: [v3, 11/19] powerpc/powermac: Move pmac_pfunc_base_install prototype to header file

[Michael Ellerman]

On Wed, 2018-04-04 at 20:13:55 UTC, Mathieu Malaterre wrote:
> The pmac_pfunc_base_install prototype was declared in powermac/smp.c since
> function was used there, move it to pmac_pfunc.h header to be visible in
> pfunc_base.c. Fix a warning treated as error with W=1:
> 
>   arch/powerpc/platforms/powermac/pfunc_base.c:330:12: error: no previous 
> prototype for ‘pmac_pfunc_base_install’ [-Werror=missing-prototypes]
> 
> Suggested-by: Christophe Leroy 
> Signed-off-by: Mathieu Malaterre 

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/f91d5998996819eaf194ff48e00d49

cheers

Re: [v3,09/19] powerpc/chrp/pci: Make some functions static

[Michael Ellerman]

On Wed, 2018-04-04 at 20:15:03 UTC, Mathieu Malaterre wrote:
> These functions can all be static, make it so. Fix warnings treated as
> errors with W=1:
> 
>   arch/powerpc/platforms/chrp/pci.c:34:5: error: no previous prototype for 
> ‘gg2_read_config’ [-Werror=missing-prototypes]
>   arch/powerpc/platforms/chrp/pci.c:61:5: error: no previous prototype for 
> ‘gg2_write_config’ [-Werror=missing-prototypes]
>   arch/powerpc/platforms/chrp/pci.c:97:5: error: no previous prototype for 
> ‘rtas_read_config’ [-Werror=missing-prototypes]
>   arch/powerpc/platforms/chrp/pci.c:112:5: error: no previous prototype for 
> ‘rtas_write_config’ [-Werror=missing-prototypes]
> 
> Signed-off-by: Mathieu Malaterre 

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/910be6be6c00e6d33d47985586c392

cheers

Re: [v3, 05/19] powerpc/chrp/setup: Remove idu_size variable and make some functions static

[Michael Ellerman]

On Wed, 2018-04-04 at 20:09:11 UTC, Mathieu Malaterre wrote:
> Remove variable declaration idu_size and associated code since not used.
> 
> These functions can all be static, make it so. Fix warnings treated as
> errors with W=1:
> 
>   arch/powerpc/platforms/chrp/setup.c:97:6: error: no previous prototype for 
> ‘chrp_show_cpuinfo’ [-Werror=missing-prototypes]
>   arch/powerpc/platforms/chrp/setup.c:302:13: error: no previous prototype 
> for ‘chrp_setup_arch’ [-Werror=missing-prototypes]
>   arch/powerpc/platforms/chrp/setup.c:385:16: error: variable ‘idu_size’ 
> set but not used [-Werror=unused-but-set-variable]
>   arch/powerpc/platforms/chrp/setup.c:526:13: error: no previous prototype 
> for ‘chrp_init_IRQ’ [-Werror=missing-prototypes]
>   arch/powerpc/platforms/chrp/setup.c:559:1: error: no previous prototype for 
> ‘chrp_init2’ [-Werror=missing-prototypes]
> 
> Suggested-by: Christophe Leroy 
> Signed-off-by: Mathieu Malaterre 

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/f0e0b86638e9df6731b1d61c71ae18

cheers

Re: [v3,01/19] powerpc/powermac: Mark variable x as unused

[Michael Ellerman]

On Wed, 2018-04-04 at 20:07:46 UTC, Mathieu Malaterre wrote:
> Since the value of x is never intended to be read, declare it with gcc
> attribute as unused. Fix warning treated as error with W=1:
> 
>   arch/powerpc/platforms/powermac/bootx_init.c:471:21: error: variable 
> ‘x’ set but not used [-Werror=unused-but-set-variable]
> 
> Suggested-by: Christophe Leroy 
> Signed-off-by: Mathieu Malaterre 

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/5a4b475cf8511da721f20ba432c244

cheers

Re: [v3] powerpc/altivec: Add missing prototypes for altivec

[Michael Ellerman]

On Wed, 2018-03-28 at 18:55:25 UTC, Mathieu Malaterre wrote:
> Some functions prototypes were missing for the non-altivec code. Add the
> missing prototypes in a new header file, fix warnings treated as errors
> with W=1:
> 
>   arch/powerpc/lib/xor_vmx_glue.c:18:6: error: no previous prototype for 
> ‘xor_altivec_2’ [-Werror=missing-prototypes]
>   arch/powerpc/lib/xor_vmx_glue.c:29:6: error: no previous prototype for 
> ‘xor_altivec_3’ [-Werror=missing-prototypes]
>   arch/powerpc/lib/xor_vmx_glue.c:40:6: error: no previous prototype for 
> ‘xor_altivec_4’ [-Werror=missing-prototypes]
>   arch/powerpc/lib/xor_vmx_glue.c:52:6: error: no previous prototype for 
> ‘xor_altivec_5’ [-Werror=missing-prototypes]
> 
> The prototypes were already present in  but this header file is
> meant to be included after . Trying to re-use
>  directly would lead to warnings such as:
> 
>   arch/powerpc/include/asm/xor.h:39:15: error: variable 
> ‘xor_block_altivec’ has initializer but incomplete type
> 
> Trying to re-use  after  in
> xor_vmx_glue.c would in turn trigger the following warnings:
> 
>   include/asm-generic/xor.h:688:34: error: ‘xor_block_32regs’ defined but 
> not used [-Werror=unused-variable]
> 
> Signed-off-by: Mathieu Malaterre 

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/7cf76a68f1bcf69214da2812e8f615

cheers

Re: [v2] xmon: Use __printf markup to silence compiler

[Michael Ellerman]

On Sun, 2018-03-25 at 09:06:47 UTC, Mathieu Malaterre wrote:
> Update the other prototype declarations in asm/xmon.h.
> 
> Silence warnings (triggered at W=1) by adding relevant __printf attribute.
> Move #define at bottom of the file to prevent conflict with gcc attribute.
> 
> Solve the original warning:
> 
>   arch/powerpc/xmon/nonstdio.c:178:2: error: function might be possible 
> candidate for ‘gnu_printf’ format attribute 
> [-Werror=suggest-attribute=format]
> 
> In turn this uncovered the following (partial list) warnings (treated as
> errors with W=1):
> 
>   arch/powerpc/xmon/xmon.c:2866:17: error: format ‘%x’ expects argument 
> of type ‘unsigned int’, but argument 2 has type ‘unsigned char *’ 
> [-Werror=format=]
>   arch/powerpc/xmon/xmon.c:1607:31: error: format ‘%lx’ expects argument 
> of type ‘long unsigned int’, but argument 4 has type ‘struct pt_regs 
> *’ [-Werror=format=]
>   arch/powerpc/xmon/xmon.c:1611:9: error: too many arguments for format 
> [-Werror=format-extra-args]
>   arch/powerpc/xmon/xmon.c:1623:26: error: format ‘%lx’ expects argument 
> of type ‘long unsigned int’, but argument 2 has type ‘struct 
> task_struct *’ [-Werror=format=]
>   arch/powerpc/xmon/xmon.c:630:36: error: format ‘%lx’ expects argument 
> of type ‘long unsigned int’, but argument 2 has type ‘int’ 
> [-Werror=format=]
>   arch/powerpc/xmon/xmon.c:1392:15: error: format ‘%x’ expects argument 
> of type ‘unsigned int’, but argument 2 has type ‘long int’ 
> [-Werror=format=]
>   arch/powerpc/xmon/xmon.c:2570:16: error: format ‘%lx’ expects argument 
> of type ‘long unsigned int’, but argument 3 has type ‘u64 {aka long 
> long unsigned int}’ [-Werror=format=]
>   arch/powerpc/xmon/xmon.c:1629:25: error: format ‘%ld’ expects argument 
> of type ‘long int’, but argument 2 has type ‘pid_t {aka int}’ 
> [-Werror=format=]
>   arch/powerpc/xmon/xmon.c:1168:18: error: format ‘%x’ expects argument 
> of type ‘unsigned int’, but argument 2 has type ‘long unsigned int’ 
> [-Werror=format=]
>   arch/powerpc/xmon/xmon.c:3016:24: error: format ‘%lx’ expects argument 
> of type ‘long unsigned int’, but argument 2 has type ‘pgd_t * {aka 
> struct  *}’ [-Werror=format=]
>   arch/powerpc/xmon/xmon.c:2339:9: error: format ‘%lx’ expects argument 
> of type ‘long unsigned int’, but argument 5 has type ‘u64 {aka long 
> long unsigned int}’ [-Werror=format=]
>   arch/powerpc/xmon/xmon.c:2339:9: error: format ‘%llx’ expects argument 
> of type ‘long long unsigned int’, but argument 5 has type ‘long 
> unsigned int’ [-Werror=format=]
>   arch/powerpc/xmon/xmon.c:3827:10: error: format ‘%p’ expects argument 
> of type ‘void *’, but argument 4 has type ‘long long unsigned int’ 
> [-Werror=format=]
>   arch/powerpc/xmon/xmon.c:3896:50: error: format ‘%d’ expects argument 
> of type ‘int’, but argument 2 has type ‘long unsigned int’ 
> [-Werror=format=]
>   arch/powerpc/xmon/spu-dis.c:137:18: error: format ‘%d’ expects argument 
> of type ‘int’, but argument 2 has type ‘long unsigned int’ 
> [-Werror=format=]
>   arch/powerpc/xmon/xmon.c:3827:10: error: format ‘%d’ expects argument 
> of type ‘int’, but argument 4 has type ‘u64 {aka long long unsigned 
> int}’ [-Werror=format=]
>   arch/powerpc/xmon/xmon.c:1665:17: error: format ‘%ld’ expects argument 
> of type ‘long int’, but argument 2 has type ‘int’ [-Werror=format=]
>   arch/powerpc/xmon/xmon.c:2339:9: error: '#' flag used with ‘%p’ 
> gnu_printf format [-Werror=format=]
> 
> Signed-off-by: Mathieu Malaterre 

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/e70d8f55268ba95f00c61857df2bab

cheers

Re: [18/19] powerpc: Add a missing include header

[Michael Ellerman]

On Thu, 2018-03-22 at 20:20:04 UTC, Mathieu Malaterre wrote:
> The header file  was missing from the includes. Fix the
> following warning, treated as error with W=1:
> 
>   arch/powerpc/kernel/vecemu.c:260:5: error: no previous prototype for 
> ‘emulate_altivec’ [-Werror=missing-prototypes]
> 
> Signed-off-by: Mathieu Malaterre 

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/d647b210ac738b401c7f824bbebdcb

cheers

Re: [17/19] powerpc/32: Add a missing include header

[Michael Ellerman]

On Thu, 2018-03-22 at 20:20:03 UTC, Mathieu Malaterre wrote:
> The header file  was missing from the includes. Fix the
> following warning, treated as error with W=1:
> 
>   arch/powerpc/kernel/pci_32.c:286:6: error: no previous prototype for 
> ‘sys_pciconfig_iobase’ [-Werror=missing-prototypes]
> 
> Signed-off-by: Mathieu Malaterre 

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/c89ca593220931c150cffda24b4d4c

cheers

Re: [10/19] powerpc/chrp/time: Make some functions static, add missing header include

[Michael Ellerman]

On Thu, 2018-03-22 at 20:19:56 UTC, Mathieu Malaterre wrote:
> Add a missing include .
> 
> These functions can all be static, make it so. Fix warnings treated as
> errors with W=1:
> 
>   arch/powerpc/platforms/chrp/time.c:41:13: error: no previous prototype for 
> ‘chrp_time_init’ [-Werror=missing-prototypes]
>   arch/powerpc/platforms/chrp/time.c:66:5: error: no previous prototype for 
> ‘chrp_cmos_clock_read’ [-Werror=missing-prototypes]
>   arch/powerpc/platforms/chrp/time.c:74:6: error: no previous prototype for 
> ‘chrp_cmos_clock_write’ [-Werror=missing-prototypes]
>   arch/powerpc/platforms/chrp/time.c:86:5: error: no previous prototype for 
> ‘chrp_set_rtc_time’ [-Werror=missing-prototypes]
>   arch/powerpc/platforms/chrp/time.c:130:6: error: no previous prototype for 
> ‘chrp_get_rtc_time’ [-Werror=missing-prototypes]
> 
> Signed-off-by: Mathieu Malaterre 

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/b87a358b4a1421abd544c0b554b1b7

cheers

Re: [08/19] powerpc/tau: Make some function static

[Michael Ellerman]

On Thu, 2018-03-22 at 20:19:54 UTC, Mathieu Malaterre wrote:
> These functions can all be static, make it so. Fix warnings treated as
> errors with W=1:
> 
>   arch/powerpc/kernel/tau_6xx.c:53:6: error: no previous prototype for 
> ‘set_thresholds’ [-Werror=missing-prototypes]
>   arch/powerpc/kernel/tau_6xx.c:73:6: error: no previous prototype for 
> ‘TAUupdate’ [-Werror=missing-prototypes]
>   arch/powerpc/kernel/tau_6xx.c:208:13: error: no previous prototype for 
> ‘TAU_init_smp’ [-Werror=missing-prototypes]
>   arch/powerpc/kernel/tau_6xx.c:220:12: error: no previous prototype for 
> ‘TAU_init’ [-Werror=missing-prototypes]
>   arch/powerpc/kernel/tau_6xx.c:126:6: error: no previous prototype for 
> ‘TAUException’ [-Werror=missing-prototypes]
> 
> Signed-off-by: Mathieu Malaterre 

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/9e0d86cd2d749998c3792059221cef

cheers

Re: [06/19] powerpc: Make function btext_initialize static

[Michael Ellerman]

On Thu, 2018-03-22 at 20:19:52 UTC, Mathieu Malaterre wrote:
> This function can be static, make it so, this fix a warning treated as
> error with W=1:
> 
>   arch/powerpc/kernel/btext.c:173:5: error: no previous prototype for 
> ‘btext_initialize’ [-Werror=missing-prototypes]
> 
> Signed-off-by: Mathieu Malaterre 

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/86e11b6e9c56e605475462bf9ba7c1

cheers

Re: [PATCH v2 2/2] selftests/powerpc: Add test to verify rfi flush across a system call

[Naveen N. Rao]

Michael Ellerman wrote:

"Naveen N. Rao"  writes:

Michael Ellerman wrote:

"Naveen N. Rao"  writes:

diff --git a/tools/testing/selftests/powerpc/security/rfi_flush.c 
b/tools/testing/selftests/powerpc/security/rfi_flush.c
new file mode 100644
index ..a20fe8eca161
--- /dev/null
+++ b/tools/testing/selftests/powerpc/security/rfi_flush.c
@@ -0,0 +1,132 @@

...

+
+int rfi_flush_test(void)
+{
+   char *p;
+   int repetitions = 10;
+   int fd, passes = 0, iter, rc = 0;
+   struct perf_event_read v;
+   uint64_t l1d_misses_total = 0;
+   unsigned long iterations = 10, zero_size = 24*1024;
+   int rfi_flush_org, rfi_flush;
+
+   SKIP_IF(geteuid() != 0);
+
+   if (read_debugfs_file("powerpc/rfi_flush", _flush_org)) {
+   perror("error reading powerpc/rfi_flush debugfs file");
+   printf("unable to determine current rfi_flush setting");
+   return 1;
+   }


This leads to a hard error on old kernels, which I don't want (breaks my CI).


Hmm... didn't realize new tests would be run on older kernels. Are those 
older stable/distro releases, or actually just earlier kernel versions?


All of the above :)

Obviously keeping all the tests working across all kernel versions ever
is impossible, but when it's relatively easy like in this case, it's
nice to do.

So that was mostly just an FYI, I don't expect test writers to get their
tests running across all kernel versions.


Good to know, thanks!
- Naveen

Re: [PATCH stable 4.14 00/23] powerpc backports for 4.14

[Greg KH]

On Fri, May 25, 2018 at 09:03:11PM +1000, Michael Ellerman wrote:
> Michael Ellerman  writes:
> > Hi Greg,
> >
> > Please queue up this series of patches for 4.14 if you have no objections.
> 
> I just realised I didn't fix up the cherry-pick markings on these, so
> they still say eg:
> 
>   (cherry picked from commit bdcb1aefc5b3f7d0f1dc8b02673602bca2ff7a4b)
> 
> Not the proper "commit bdcb1... upstream" style.
> 
> I'll hold off resending in case you have some sed magic to fix that, but
> let me know if you'd like me to do it and resend the series.

I don't have any sed magic for that, sorry.  Can you fix up and resend?

thanks,

greg k-h

Re: [PATCH stable 4.14 00/23] powerpc backports for 4.14

[Michael Ellerman]

Michael Ellerman  writes:
> Hi Greg,
>
> Please queue up this series of patches for 4.14 if you have no objections.

I just realised I didn't fix up the cherry-pick markings on these, so
they still say eg:

  (cherry picked from commit bdcb1aefc5b3f7d0f1dc8b02673602bca2ff7a4b)

Not the proper "commit bdcb1... upstream" style.

I'll hold off resending in case you have some sed magic to fix that, but
let me know if you'd like me to do it and resend the series.

cheers

Re: [PATCH] cpuidle/powernv : init all present cpus for deep states

[Michael Ellerman]

Akshay Adiga  writes:

> Yes this needs to be sent to  stable. 
>
> Fixes: d405a98c ("powerpc/powernv: Move cpuidle related code from setup.c
> to new file")

Is that really the commit that introduced the bug? :)

Seems like it's more likely this one:

  Fixes: 77b54e9f213f ("powernv/powerpc: Add winkle support for offline cpus")


It's true that because the code was moved in d405a98c we won't be able
to automatically backport the fix past that commit, but we should still
identify the right commit in the Fixes tag.

cheers

Re: [PATCH] cpuidle/powernv : init all present cpus for deep states

[Michael Ellerman]

Akshay Adiga  writes:

> Init all present cpus for deep states instead of "all possible" cpus.
> Init fails if the possible cpu is gaurded. Resulting in making only
> non-deep states available for cpuidle/hotplug.

This is basically the opposite of what we just did for IMC.

There we switched from present to possible, to make it work when some
CPUs are guarded.

Which makes me think we need a better way of dealing with guarded CPUs,
because working out which code should use present or possible seems to
be basically trial-and-error.

I'm not actually sure why Guarded CPUs are showing up as possible but
not present, did we do that on purpose or is it just happening by
accident?

I can merge this, but we need to make this less bug prone in future.

cheers

> diff --git a/arch/powerpc/platforms/powernv/idle.c 
> b/arch/powerpc/platforms/powernv/idle.c
> index 1f12ab1..1c5d067 100644
> --- a/arch/powerpc/platforms/powernv/idle.c
> +++ b/arch/powerpc/platforms/powernv/idle.c
> @@ -79,7 +79,7 @@ static int pnv_save_sprs_for_deep_states(void)
>   uint64_t msr_val = MSR_IDLE;
>   uint64_t psscr_val = pnv_deepest_stop_psscr_val;
>  
> - for_each_possible_cpu(cpu) {
> + for_each_present_cpu(cpu) {
>   uint64_t pir = get_hard_smp_processor_id(cpu);
>   uint64_t hsprg0_val = (uint64_t)paca_ptrs[cpu];
>  
> @@ -814,7 +814,7 @@ static int __init pnv_init_idle_states(void)
>   int cpu;
>  
>   pr_info("powernv: idle: Saving PACA pointers of all CPUs in 
> their thread sibling PACA\n");
> - for_each_possible_cpu(cpu) {
> + for_each_present_cpu(cpu) {
>   int base_cpu = cpu_first_thread_sibling(cpu);
>   int idx = cpu_thread_in_core(cpu);
>   int i;
> -- 
> 2.5.5

Re: [PATCH v2 2/2] selftests/powerpc: Add test to verify rfi flush across a system call

[Michael Ellerman]

"Naveen N. Rao"  writes:
> Michael Ellerman wrote:
>> "Naveen N. Rao"  writes:
>>> diff --git a/tools/testing/selftests/powerpc/security/rfi_flush.c 
>>> b/tools/testing/selftests/powerpc/security/rfi_flush.c
>>> new file mode 100644
>>> index ..a20fe8eca161
>>> --- /dev/null
>>> +++ b/tools/testing/selftests/powerpc/security/rfi_flush.c
>>> @@ -0,0 +1,132 @@
>> ...
>>> +
>>> +int rfi_flush_test(void)
>>> +{
>>> +   char *p;
>>> +   int repetitions = 10;
>>> +   int fd, passes = 0, iter, rc = 0;
>>> +   struct perf_event_read v;
>>> +   uint64_t l1d_misses_total = 0;
>>> +   unsigned long iterations = 10, zero_size = 24*1024;
>>> +   int rfi_flush_org, rfi_flush;
>>> +
>>> +   SKIP_IF(geteuid() != 0);
>>> +
>>> +   if (read_debugfs_file("powerpc/rfi_flush", _flush_org)) {
>>> +   perror("error reading powerpc/rfi_flush debugfs file");
>>> +   printf("unable to determine current rfi_flush setting");
>>> +   return 1;
>>> +   }
>> 
>> This leads to a hard error on old kernels, which I don't want (breaks my CI).
>
> Hmm... didn't realize new tests would be run on older kernels. Are those 
> older stable/distro releases, or actually just earlier kernel versions?

All of the above :)

Obviously keeping all the tests working across all kernel versions ever
is impossible, but when it's relatively easy like in this case, it's
nice to do.

So that was mostly just an FYI, I don't expect test writers to get their
tests running across all kernel versions.

cheers

Re: [PATCH 2/2] i2c: opal: don't check number of messages in the driver

[Michael Ellerman]

Wolfram Sang  writes:

> Since commit 1eace8344c02 ("i2c: add param sanity check to
> i2c_transfer()") and b7f625840267 ("i2c: add quirk checks to core"), the
> I2C core does this check now. We can remove it here.
>
> Signed-off-by: Wolfram Sang 
> ---
>
> Only build tested.

It will get boot tested by me once it's in linux-next, which hopefully
is sufficient for a patch like this.

cheers

> diff --git a/drivers/i2c/busses/i2c-opal.c b/drivers/i2c/busses/i2c-opal.c
> index 0aabb7eca0c5..dc2a23f4fb52 100644
> --- a/drivers/i2c/busses/i2c-opal.c
> +++ b/drivers/i2c/busses/i2c-opal.c
> @@ -94,8 +94,6 @@ static int i2c_opal_master_xfer(struct i2c_adapter *adap, 
> struct i2c_msg *msgs,
>*/
>   memset(, 0, sizeof(req));
>   switch(num) {
> - case 0:
> - return 0;
>   case 1:
>   req.type = (msgs[0].flags & I2C_M_RD) ?
>   OPAL_I2C_RAW_READ : OPAL_I2C_RAW_WRITE;
> @@ -114,8 +112,6 @@ static int i2c_opal_master_xfer(struct i2c_adapter *adap, 
> struct i2c_msg *msgs,
>   req.size = cpu_to_be32(msgs[1].len);
>   req.buffer_ra = cpu_to_be64(__pa(msgs[1].buf));
>   break;
> - default:
> - return -EOPNOTSUPP;
>   }
>  
>   rc = i2c_opal_send_request(opal_id, );
> -- 
> 2.11.0

Re: [PATCH 1/2] selftests/powerpc: Add ptrace tests for Protection Key registers

[Michael Ellerman]

Thiago Jung Bauermann  writes:
> Michael Ellerman  writes:
>> Thiago Jung Bauermann  writes:
>>>  tools/testing/selftests/powerpc/include/reg.h  |   1 +
>>>  tools/testing/selftests/powerpc/ptrace/Makefile|   5 +-
>>>  tools/testing/selftests/powerpc/ptrace/child.h | 130 
>>>  .../testing/selftests/powerpc/ptrace/ptrace-pkey.c | 326 
>>> +
>>
>> This is failing on machines without pkeys:
>>
>>   test: ptrace_pkey
>>   tags: git_version:52e7d87
>>   [FAIL] Test FAILED on line 117
>>   [FAIL] Test FAILED on line 191
>>   failure: ptrace_pkey
>>
>>
>> I think the first fail is in the child here:
>>
>> int ptrace_read_regs(pid_t child, unsigned long type, unsigned long regs[],
>>   int n)
>> {
>>  struct iovec iov;
>>  long ret;
>>
>>  FAIL_IF(start_trace(child));
>>
>>  iov.iov_base = regs;
>>  iov.iov_len = n * sizeof(unsigned long);
>>
>>  ret = ptrace(PTRACE_GETREGSET, child, type, );
>>  FAIL_IF(ret != 0);
>>
>>
>> Which makes sense.
>
> Yes, that is indeed what is going on.
>
>> The test needs to skip if pkeys are not available/enabled. Using the
>> availability of the REGSET might actually be a nice way to detect that,
>> because it's read-only.
>
>  I forgot to consider the case of pkeys not available or not enabled,
>  sorry about that.

No worries.

> I just sent a v2 which implements your suggestion above.

Thanks.

cheers

[PATCH stable 4.14 23/23] powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit

[Michael Ellerman]

From: Nicholas Piggin 

On some CPUs we can prevent a vulnerability related to store-to-load
forwarding by preventing store forwarding between privilege domains,
by inserting a barrier in kernel entry and exit paths.

This is known to be the case on at least Power7, Power8 and Power9
powerpc CPUs.

Barriers must be inserted generally before the first load after moving
to a higher privilege, and after the last store before moving to a
lower privilege, HV and PR privilege transitions must be protected.

Barriers are added as patch sections, with all kernel/hypervisor entry
points patched, and the exit points to lower privilge levels patched
similarly to the RFI flush patching.

Firmware advertisement is not implemented yet, so CPU flush types
are hard coded.

Thanks to Michal Suchánek for bug fixes and review.

Signed-off-by: Nicholas Piggin 
Signed-off-by: Mauricio Faria de Oliveira 
Signed-off-by: Michael Neuling 
Signed-off-by: Michal Suchánek 
Signed-off-by: Michael Ellerman 
Signed-off-by: Linus Torvalds 
(cherry picked from commit a048a07d7f4535baa4cbad6bc024f175317ab938)
---
 arch/powerpc/include/asm/exception-64s.h |  29 ++
 arch/powerpc/include/asm/feature-fixups.h|  19 
 arch/powerpc/include/asm/security_features.h |  11 ++
 arch/powerpc/kernel/exceptions-64s.S |  19 +++-
 arch/powerpc/kernel/security.c   | 149 +++
 arch/powerpc/kernel/vmlinux.lds.S|  14 +++
 arch/powerpc/lib/feature-fixups.c| 115 +
 arch/powerpc/platforms/powernv/setup.c   |   1 +
 arch/powerpc/platforms/pseries/setup.c   |   1 +
 9 files changed, 356 insertions(+), 2 deletions(-)

diff --git a/arch/powerpc/include/asm/exception-64s.h 
b/arch/powerpc/include/asm/exception-64s.h
index ccf10c2f8899..c3bdd2d8ec90 100644
--- a/arch/powerpc/include/asm/exception-64s.h
+++ b/arch/powerpc/include/asm/exception-64s.h
@@ -69,6 +69,27 @@
  */
 #define EX_R3  EX_DAR
 
+#define STF_ENTRY_BARRIER_SLOT \
+   STF_ENTRY_BARRIER_FIXUP_SECTION;\
+   nop;\
+   nop;\
+   nop
+
+#define STF_EXIT_BARRIER_SLOT  \
+   STF_EXIT_BARRIER_FIXUP_SECTION; \
+   nop;\
+   nop;\
+   nop;\
+   nop;\
+   nop;\
+   nop
+
+/*
+ * r10 must be free to use, r13 must be paca
+ */
+#define INTERRUPT_TO_KERNEL\
+   STF_ENTRY_BARRIER_SLOT
+
 /*
  * Macros for annotating the expected destination of (h)rfid
  *
@@ -85,16 +106,19 @@
rfid
 
 #define RFI_TO_USER\
+   STF_EXIT_BARRIER_SLOT;  \
RFI_FLUSH_SLOT; \
rfid;   \
b   rfi_flush_fallback
 
 #define RFI_TO_USER_OR_KERNEL  \
+   STF_EXIT_BARRIER_SLOT;  \
RFI_FLUSH_SLOT; \
rfid;   \
b   rfi_flush_fallback
 
 #define RFI_TO_GUEST   \
+   STF_EXIT_BARRIER_SLOT;  \
RFI_FLUSH_SLOT; \
rfid;   \
b   rfi_flush_fallback
@@ -103,21 +127,25 @@
hrfid
 
 #define HRFI_TO_USER   \
+   STF_EXIT_BARRIER_SLOT;  \
RFI_FLUSH_SLOT; \
hrfid;  \
b   hrfi_flush_fallback
 
 #define HRFI_TO_USER_OR_KERNEL \
+   STF_EXIT_BARRIER_SLOT;  \
RFI_FLUSH_SLOT; \
hrfid;  \
b   hrfi_flush_fallback
 
 #define HRFI_TO_GUEST  

[PATCH stable 4.14 22/23] powerpc/64s: Fix section mismatch warnings from setup_rfi_flush()

[Michael Ellerman]

The recent LPM changes to setup_rfi_flush() are causing some section
mismatch warnings because we removed the __init annotation on
setup_rfi_flush():

  The function setup_rfi_flush() references
  the function __init ppc64_bolted_size().
  the function __init memblock_alloc_base().

The references are actually in init_fallback_flush(), but that is
inlined into setup_rfi_flush().

These references are safe because:
 - only pseries calls setup_rfi_flush() at runtime
 - pseries always passes L1D_FLUSH_FALLBACK at boot
 - so the fallback flush area will always be allocated
 - so the check in init_fallback_flush() will always return early:
   /* Only allocate the fallback flush area once (at boot time). */
   if (l1d_flush_fallback_area)
return;

 - and therefore we won't actually call the freed init routines.

We should rework the code to make it safer by default rather than
relying on the above, but for now as a quick-fix just add a __ref
annotation to squash the warning.

Fixes: abf110f3e1ce ("powerpc/rfi-flush: Make it possible to call 
setup_rfi_flush() again")
Signed-off-by: Michael Ellerman 
(cherry picked from commit 501a78cbc17c329fabf8e9750a1e9ab810c88a0e)
---
 arch/powerpc/kernel/setup_64.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c
index 1146174f45c5..0618aa61b26a 100644
--- a/arch/powerpc/kernel/setup_64.c
+++ b/arch/powerpc/kernel/setup_64.c
@@ -831,7 +831,7 @@ void rfi_flush_enable(bool enable)
rfi_flush = enable;
 }
 
-static void init_fallback_flush(void)
+static void __ref init_fallback_flush(void)
 {
u64 l1d_size, limit;
int cpu;
-- 
2.14.1

[PATCH stable 4.14 21/23] powerpc/pseries: Restore default security feature flags on setup

[Michael Ellerman]

From: Mauricio Faria de Oliveira 

After migration the security feature flags might have changed (e.g.,
destination system with unpatched firmware), but some flags are not
set/clear again in init_cpu_char_feature_flags() because it assumes
the security flags to be the defaults.

Additionally, if the H_GET_CPU_CHARACTERISTICS hypercall fails then
init_cpu_char_feature_flags() does not run again, which potentially
might leave the system in an insecure or sub-optimal configuration.

So, just restore the security feature flags to the defaults assumed
by init_cpu_char_feature_flags() so it can set/clear them correctly,
and to ensure safe settings are in place in case the hypercall fail.

Fixes: f636c14790ea ("powerpc/pseries: Set or clear security feature flags")
Depends-on: 19887d6a28e2 ("powerpc: Move default security feature flags")
Signed-off-by: Mauricio Faria de Oliveira 
Signed-off-by: Michael Ellerman 
(cherry picked from commit 6232774f1599028a15418179d17f7df47ede770a)
---
 arch/powerpc/platforms/pseries/setup.c | 11 +++
 1 file changed, 11 insertions(+)

diff --git a/arch/powerpc/platforms/pseries/setup.c 
b/arch/powerpc/platforms/pseries/setup.c
index 3cb12d27f168..1973de3cf355 100644
--- a/arch/powerpc/platforms/pseries/setup.c
+++ b/arch/powerpc/platforms/pseries/setup.c
@@ -462,6 +462,10 @@ static void __init find_and_init_phbs(void)
 
 static void init_cpu_char_feature_flags(struct h_cpu_char_result *result)
 {
+   /*
+* The features below are disabled by default, so we instead look to see
+* if firmware has *enabled* them, and set them if so.
+*/
if (result->character & H_CPU_CHAR_SPEC_BAR_ORI31)
security_ftr_set(SEC_FTR_SPEC_BAR_ORI31);
 
@@ -501,6 +505,13 @@ void pseries_setup_rfi_flush(void)
bool enable;
long rc;
 
+   /*
+* Set features to the defaults assumed by init_cpu_char_feature_flags()
+* so it can set/clear again any features that might have changed after
+* migration, and in case the hypercall fails and it is not even called.
+*/
+   powerpc_security_features = SEC_FTR_DEFAULT;
+
rc = plpar_get_cpu_characteristics();
if (rc == H_SUCCESS)
init_cpu_char_feature_flags();
-- 
2.14.1

[PATCH stable 4.14 20/23] powerpc: Move default security feature flags

[Michael Ellerman]

From: Mauricio Faria de Oliveira 

This moves the definition of the default security feature flags
(i.e., enabled by default) closer to the security feature flags.

This can be used to restore current flags to the default flags.

Signed-off-by: Mauricio Faria de Oliveira 
Signed-off-by: Michael Ellerman 
(cherry picked from commit e7347a86830f38dc3e40c8f7e28c04412b12a2e7)
---
 arch/powerpc/include/asm/security_features.h | 8 
 arch/powerpc/kernel/security.c   | 7 +--
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/arch/powerpc/include/asm/security_features.h 
b/arch/powerpc/include/asm/security_features.h
index 400a9050e035..fa4d2e1cf772 100644
--- a/arch/powerpc/include/asm/security_features.h
+++ b/arch/powerpc/include/asm/security_features.h
@@ -63,4 +63,12 @@ static inline bool security_ftr_enabled(unsigned long 
feature)
 // Firmware configuration indicates user favours security over performance
 #define SEC_FTR_FAVOUR_SECURITY0x0200ull
 
+
+// Features enabled by default
+#define SEC_FTR_DEFAULT \
+   (SEC_FTR_L1D_FLUSH_HV | \
+SEC_FTR_L1D_FLUSH_PR | \
+SEC_FTR_BNDS_CHK_SPEC_BAR | \
+SEC_FTR_FAVOUR_SECURITY)
+
 #endif /* _ASM_POWERPC_SECURITY_FEATURES_H */
diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
index 2cee3dcd231b..bab5a27ea805 100644
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -11,12 +11,7 @@
 #include 
 
 
-unsigned long powerpc_security_features __read_mostly = \
-   SEC_FTR_L1D_FLUSH_HV | \
-   SEC_FTR_L1D_FLUSH_PR | \
-   SEC_FTR_BNDS_CHK_SPEC_BAR | \
-   SEC_FTR_FAVOUR_SECURITY;
-
+unsigned long powerpc_security_features __read_mostly = SEC_FTR_DEFAULT;
 
 ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, 
char *buf)
 {
-- 
2.14.1

[PATCH stable 4.14 19/23] powerpc/pseries: Fix clearing of security feature flags

[Michael Ellerman]

From: Mauricio Faria de Oliveira 

The H_CPU_BEHAV_* flags should be checked for in the 'behaviour' field
of 'struct h_cpu_char_result' -- 'character' is for H_CPU_CHAR_*
flags.

Found by playing around with QEMU's implementation of the hypercall:

  H_CPU_CHAR=0xf000
  H_CPU_BEHAV=0x

  This clears H_CPU_BEHAV_FAVOUR_SECURITY and H_CPU_BEHAV_L1D_FLUSH_PR
  so pseries_setup_rfi_flush() disables 'rfi_flush'; and it also
  clears H_CPU_CHAR_L1D_THREAD_PRIV flag. So there is no RFI flush
  mitigation at all for cpu_show_meltdown() to report; but currently
  it does:

  Original kernel:

# cat /sys/devices/system/cpu/vulnerabilities/meltdown
Mitigation: RFI Flush

  Patched kernel:

# cat /sys/devices/system/cpu/vulnerabilities/meltdown
Not affected

  H_CPU_CHAR=0x
  H_CPU_BEHAV=0xf000

  This sets H_CPU_BEHAV_BNDS_CHK_SPEC_BAR so cpu_show_spectre_v1() should
  report vulnerable; but currently it doesn't:

  Original kernel:

# cat /sys/devices/system/cpu/vulnerabilities/spectre_v1
Not affected

  Patched kernel:

# cat /sys/devices/system/cpu/vulnerabilities/spectre_v1
Vulnerable

Brown-paper-bag-by: Michael Ellerman 
Fixes: f636c14790ea ("powerpc/pseries: Set or clear security feature flags")
Signed-off-by: Mauricio Faria de Oliveira 
Signed-off-by: Michael Ellerman 
(cherry picked from commit 0f9bdfe3c77091e8704d2e510eb7c2c2c6cde524)
---
 arch/powerpc/platforms/pseries/setup.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/arch/powerpc/platforms/pseries/setup.c 
b/arch/powerpc/platforms/pseries/setup.c
index ba0a36c577ca..3cb12d27f168 100644
--- a/arch/powerpc/platforms/pseries/setup.c
+++ b/arch/powerpc/platforms/pseries/setup.c
@@ -484,13 +484,13 @@ static void init_cpu_char_feature_flags(struct 
h_cpu_char_result *result)
 * The features below are enabled by default, so we instead look to see
 * if firmware has *disabled* them, and clear them if so.
 */
-   if (!(result->character & H_CPU_BEHAV_FAVOUR_SECURITY))
+   if (!(result->behaviour & H_CPU_BEHAV_FAVOUR_SECURITY))
security_ftr_clear(SEC_FTR_FAVOUR_SECURITY);
 
-   if (!(result->character & H_CPU_BEHAV_L1D_FLUSH_PR))
+   if (!(result->behaviour & H_CPU_BEHAV_L1D_FLUSH_PR))
security_ftr_clear(SEC_FTR_L1D_FLUSH_PR);
 
-   if (!(result->character & H_CPU_BEHAV_BNDS_CHK_SPEC_BAR))
+   if (!(result->behaviour & H_CPU_BEHAV_BNDS_CHK_SPEC_BAR))
security_ftr_clear(SEC_FTR_BNDS_CHK_SPEC_BAR);
 }
 
-- 
2.14.1

[PATCH stable 4.14 18/23] powerpc/64s: Wire up cpu_show_spectre_v2()

[Michael Ellerman]

Add a definition for cpu_show_spectre_v2() to override the generic
version. This has several permuations, though in practice some may not
occur we cater for any combination.

The most verbose is:

  Mitigation: Indirect branch serialisation (kernel only), Indirect
  branch cache disabled, ori31 speculation barrier enabled

We don't treat the ori31 speculation barrier as a mitigation on its
own, because it has to be *used* by code in order to be a mitigation
and we don't know if userspace is doing that. So if that's all we see
we say:

  Vulnerable, ori31 speculation barrier enabled

Signed-off-by: Michael Ellerman 
(cherry picked from commit d6fbe1c55c55c6937cbea3531af7da84ab7473c3)
---
 arch/powerpc/kernel/security.c | 33 +
 1 file changed, 33 insertions(+)

diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
index 0eace3cac818..2cee3dcd231b 100644
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -58,3 +58,36 @@ ssize_t cpu_show_spectre_v1(struct device *dev, struct 
device_attribute *attr, c
 
return sprintf(buf, "Vulnerable\n");
 }
+
+ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, 
char *buf)
+{
+   bool bcs, ccd, ori;
+   struct seq_buf s;
+
+   seq_buf_init(, buf, PAGE_SIZE - 1);
+
+   bcs = security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED);
+   ccd = security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED);
+   ori = security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31);
+
+   if (bcs || ccd) {
+   seq_buf_printf(, "Mitigation: ");
+
+   if (bcs)
+   seq_buf_printf(, "Indirect branch serialisation 
(kernel only)");
+
+   if (bcs && ccd)
+   seq_buf_printf(, ", ");
+
+   if (ccd)
+   seq_buf_printf(, "Indirect branch cache disabled");
+   } else
+   seq_buf_printf(, "Vulnerable");
+
+   if (ori)
+   seq_buf_printf(, ", ori31 speculation barrier enabled");
+
+   seq_buf_printf(, "\n");
+
+   return s.len;
+}
-- 
2.14.1

[PATCH stable 4.14 17/23] powerpc/64s: Wire up cpu_show_spectre_v1()

[Michael Ellerman]

Add a definition for cpu_show_spectre_v1() to override the generic
version. Currently this just prints "Not affected" or "Vulnerable"
based on the firmware flag.

Although the kernel does have array_index_nospec() in a few places, we
haven't yet audited all the powerpc code to see where it's necessary,
so for now we don't list that as a mitigation.

Signed-off-by: Michael Ellerman 
(cherry picked from commit 56986016cb8cd9050e601831fe89f332b4e3c46e)
---
 arch/powerpc/kernel/security.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
index 865db6f8bcca..0eace3cac818 100644
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -50,3 +50,11 @@ ssize_t cpu_show_meltdown(struct device *dev, struct 
device_attribute *attr, cha
 
return sprintf(buf, "Vulnerable\n");
 }
+
+ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, 
char *buf)
+{
+   if (!security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR))
+   return sprintf(buf, "Not affected\n");
+
+   return sprintf(buf, "Vulnerable\n");
+}
-- 
2.14.1

[PATCH stable 4.14 16/23] powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()

[Michael Ellerman]

Now that we have the security flags we can simplify the code in
pseries_setup_rfi_flush() because the security flags have pessimistic
defaults.

Signed-off-by: Michael Ellerman 
(cherry picked from commit 2e4a16161fcd324b1f9bf6cb6856529f7eaf0689)
---
 arch/powerpc/platforms/pseries/setup.c | 27 ---
 1 file changed, 12 insertions(+), 15 deletions(-)

diff --git a/arch/powerpc/platforms/pseries/setup.c 
b/arch/powerpc/platforms/pseries/setup.c
index 65b157a35161..ba0a36c577ca 100644
--- a/arch/powerpc/platforms/pseries/setup.c
+++ b/arch/powerpc/platforms/pseries/setup.c
@@ -501,30 +501,27 @@ void pseries_setup_rfi_flush(void)
bool enable;
long rc;
 
-   /* Enable by default */
-   enable = true;
-   types = L1D_FLUSH_FALLBACK;
-
rc = plpar_get_cpu_characteristics();
-   if (rc == H_SUCCESS) {
+   if (rc == H_SUCCESS)
init_cpu_char_feature_flags();
 
-   if (result.character & H_CPU_CHAR_L1D_FLUSH_TRIG2)
-   types |= L1D_FLUSH_MTTRIG;
-   if (result.character & H_CPU_CHAR_L1D_FLUSH_ORI30)
-   types |= L1D_FLUSH_ORI;
-
-   if ((!(result.behaviour & H_CPU_BEHAV_L1D_FLUSH_PR)) ||
-   (!(result.behaviour & H_CPU_BEHAV_FAVOUR_SECURITY)))
-   enable = false;
-   }
-
/*
 * We're the guest so this doesn't apply to us, clear it to simplify
 * handling of it elsewhere.
 */
security_ftr_clear(SEC_FTR_L1D_FLUSH_HV);
 
+   types = L1D_FLUSH_FALLBACK;
+
+   if (security_ftr_enabled(SEC_FTR_L1D_FLUSH_TRIG2))
+   types |= L1D_FLUSH_MTTRIG;
+
+   if (security_ftr_enabled(SEC_FTR_L1D_FLUSH_ORI30))
+   types |= L1D_FLUSH_ORI;
+
+   enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) && \
+security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR);
+
setup_rfi_flush(types, enable);
 }
 
-- 
2.14.1

[PATCH stable 4.14 15/23] powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()

[Michael Ellerman]

Now that we have the security flags we can significantly simplify the
code in pnv_setup_rfi_flush(), because we can use the flags instead of
checking device tree properties and because the security flags have
pessimistic defaults.

Signed-off-by: Michael Ellerman 
(cherry picked from commit 37c0bdd00d3ae83369ab60a6712c28e11e6458d5)
---
 arch/powerpc/platforms/powernv/setup.c | 41 +-
 1 file changed, 10 insertions(+), 31 deletions(-)

diff --git a/arch/powerpc/platforms/powernv/setup.c 
b/arch/powerpc/platforms/powernv/setup.c
index 4b7f2c00f870..14a24c63e6b0 100644
--- a/arch/powerpc/platforms/powernv/setup.c
+++ b/arch/powerpc/platforms/powernv/setup.c
@@ -65,7 +65,7 @@ static void init_fw_feat_flags(struct device_node *np)
if (fw_feature_is("enabled", "fw-bcctrl-serialized", np))
security_ftr_set(SEC_FTR_BCCTRL_SERIALISED);
 
-   if (fw_feature_is("enabled", "inst-spec-barrier-ori31,31,0", np))
+   if (fw_feature_is("enabled", "inst-l1d-flush-ori30,30,0", np))
security_ftr_set(SEC_FTR_L1D_FLUSH_ORI30);
 
if (fw_feature_is("enabled", "inst-l1d-flush-trig2", np))
@@ -98,11 +98,10 @@ static void pnv_setup_rfi_flush(void)
 {
struct device_node *np, *fw_features;
enum l1d_flush_type type;
-   int enable;
+   bool enable;
 
/* Default to fallback in case fw-features are not available */
type = L1D_FLUSH_FALLBACK;
-   enable = 1;
 
np = of_find_node_by_name(NULL, "ibm,opal");
fw_features = of_get_child_by_name(np, "fw-features");
@@ -110,40 +109,20 @@ static void pnv_setup_rfi_flush(void)
 
if (fw_features) {
init_fw_feat_flags(fw_features);
+   of_node_put(fw_features);
 
-   np = of_get_child_by_name(fw_features, "inst-l1d-flush-trig2");
-   if (np && of_property_read_bool(np, "enabled"))
+   if (security_ftr_enabled(SEC_FTR_L1D_FLUSH_TRIG2))
type = L1D_FLUSH_MTTRIG;
 
-   of_node_put(np);
-
-   np = of_get_child_by_name(fw_features, 
"inst-l1d-flush-ori30,30,0");
-   if (np && of_property_read_bool(np, "enabled"))
+   if (security_ftr_enabled(SEC_FTR_L1D_FLUSH_ORI30))
type = L1D_FLUSH_ORI;
-
-   of_node_put(np);
-
-   /* Enable unless firmware says NOT to */
-   enable = 2;
-   np = of_get_child_by_name(fw_features, 
"needs-l1d-flush-msr-hv-1-to-0");
-   if (np && of_property_read_bool(np, "disabled"))
-   enable--;
-
-   of_node_put(np);
-
-   np = of_get_child_by_name(fw_features, 
"needs-l1d-flush-msr-pr-0-to-1");
-   if (np && of_property_read_bool(np, "disabled"))
-   enable--;
-
-   np = of_get_child_by_name(fw_features, 
"speculation-policy-favor-security");
-   if (np && of_property_read_bool(np, "disabled"))
-   enable = 0;
-
-   of_node_put(np);
-   of_node_put(fw_features);
}
 
-   setup_rfi_flush(type, enable > 0);
+   enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) && \
+(security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR)   || \
+ security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV));
+
+   setup_rfi_flush(type, enable);
 }
 
 static void __init pnv_setup_arch(void)
-- 
2.14.1

[PATCH stable 4.14 14/23] powerpc/64s: Enhance the information in cpu_show_meltdown()

[Michael Ellerman]

Now that we have the security feature flags we can make the
information displayed in the "meltdown" file more informative.

Signed-off-by: Michael Ellerman 
(cherry picked from commit ff348355e9c72493947be337bb4fae4fc1a41eba)
---
 arch/powerpc/include/asm/security_features.h |  1 +
 arch/powerpc/kernel/security.c   | 30 ++--
 2 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/arch/powerpc/include/asm/security_features.h 
b/arch/powerpc/include/asm/security_features.h
index db00ad2c72c2..400a9050e035 100644
--- a/arch/powerpc/include/asm/security_features.h
+++ b/arch/powerpc/include/asm/security_features.h
@@ -10,6 +10,7 @@
 
 
 extern unsigned long powerpc_security_features;
+extern bool rfi_flush;
 
 static inline void security_ftr_set(unsigned long feature)
 {
diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
index 564e7f182a16..865db6f8bcca 100644
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -6,6 +6,7 @@
 
 #include 
 #include 
+#include 
 
 #include 
 
@@ -19,8 +20,33 @@ unsigned long powerpc_security_features __read_mostly = \
 
 ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, 
char *buf)
 {
-   if (rfi_flush)
-   return sprintf(buf, "Mitigation: RFI Flush\n");
+   bool thread_priv;
+
+   thread_priv = security_ftr_enabled(SEC_FTR_L1D_THREAD_PRIV);
+
+   if (rfi_flush || thread_priv) {
+   struct seq_buf s;
+   seq_buf_init(, buf, PAGE_SIZE - 1);
+
+   seq_buf_printf(, "Mitigation: ");
+
+   if (rfi_flush)
+   seq_buf_printf(, "RFI Flush");
+
+   if (rfi_flush && thread_priv)
+   seq_buf_printf(, ", ");
+
+   if (thread_priv)
+   seq_buf_printf(, "L1D private per thread");
+
+   seq_buf_printf(, "\n");
+
+   return s.len;
+   }
+
+   if (!security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV) &&
+   !security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR))
+   return sprintf(buf, "Not affected\n");
 
return sprintf(buf, "Vulnerable\n");
 }
-- 
2.14.1

[PATCH stable 4.14 13/23] powerpc/64s: Move cpu_show_meltdown()

[Michael Ellerman]

This landed in setup_64.c for no good reason other than we had nowhere
else to put it. Now that we have a security-related file, that is a
better place for it so move it.

Signed-off-by: Michael Ellerman 
(cherry picked from commit 8ad33041563a10b34988800c682ada14b2612533)
---
 arch/powerpc/kernel/security.c | 11 +++
 arch/powerpc/kernel/setup_64.c |  8 
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
index 4ccba00d224c..564e7f182a16 100644
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -5,6 +5,8 @@
 // Copyright 2018, Michael Ellerman, IBM Corporation.
 
 #include 
+#include 
+
 #include 
 
 
@@ -13,3 +15,12 @@ unsigned long powerpc_security_features __read_mostly = \
SEC_FTR_L1D_FLUSH_PR | \
SEC_FTR_BNDS_CHK_SPEC_BAR | \
SEC_FTR_FAVOUR_SECURITY;
+
+
+ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, 
char *buf)
+{
+   if (rfi_flush)
+   return sprintf(buf, "Mitigation: RFI Flush\n");
+
+   return sprintf(buf, "Vulnerable\n");
+}
diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c
index da12b54cbe5c..1146174f45c5 100644
--- a/arch/powerpc/kernel/setup_64.c
+++ b/arch/powerpc/kernel/setup_64.c
@@ -910,12 +910,4 @@ static __init int rfi_flush_debugfs_init(void)
 }
 device_initcall(rfi_flush_debugfs_init);
 #endif
-
-ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, 
char *buf)
-{
-   if (rfi_flush)
-   return sprintf(buf, "Mitigation: RFI Flush\n");
-
-   return sprintf(buf, "Vulnerable\n");
-}
 #endif /* CONFIG_PPC_BOOK3S_64 */
-- 
2.14.1

[PATCH stable 4.14 12/23] powerpc/powernv: Set or clear security feature flags

[Michael Ellerman]

Now that we have feature flags for security related things, set or
clear them based on what we see in the device tree provided by
firmware.

Signed-off-by: Michael Ellerman 
(cherry picked from commit 77addf6e95c8689e478d607176b399a6242a777e)
---
 arch/powerpc/platforms/powernv/setup.c | 56 ++
 1 file changed, 56 insertions(+)

diff --git a/arch/powerpc/platforms/powernv/setup.c 
b/arch/powerpc/platforms/powernv/setup.c
index 37a7f5ef00b7..4b7f2c00f870 100644
--- a/arch/powerpc/platforms/powernv/setup.c
+++ b/arch/powerpc/platforms/powernv/setup.c
@@ -37,9 +37,63 @@
 #include 
 #include 
 #include 
+#include 
 
 #include "powernv.h"
 
+
+static bool fw_feature_is(const char *state, const char *name,
+ struct device_node *fw_features)
+{
+   struct device_node *np;
+   bool rc = false;
+
+   np = of_get_child_by_name(fw_features, name);
+   if (np) {
+   rc = of_property_read_bool(np, state);
+   of_node_put(np);
+   }
+
+   return rc;
+}
+
+static void init_fw_feat_flags(struct device_node *np)
+{
+   if (fw_feature_is("enabled", "inst-spec-barrier-ori31,31,0", np))
+   security_ftr_set(SEC_FTR_SPEC_BAR_ORI31);
+
+   if (fw_feature_is("enabled", "fw-bcctrl-serialized", np))
+   security_ftr_set(SEC_FTR_BCCTRL_SERIALISED);
+
+   if (fw_feature_is("enabled", "inst-spec-barrier-ori31,31,0", np))
+   security_ftr_set(SEC_FTR_L1D_FLUSH_ORI30);
+
+   if (fw_feature_is("enabled", "inst-l1d-flush-trig2", np))
+   security_ftr_set(SEC_FTR_L1D_FLUSH_TRIG2);
+
+   if (fw_feature_is("enabled", "fw-l1d-thread-split", np))
+   security_ftr_set(SEC_FTR_L1D_THREAD_PRIV);
+
+   if (fw_feature_is("enabled", "fw-count-cache-disabled", np))
+   security_ftr_set(SEC_FTR_COUNT_CACHE_DISABLED);
+
+   /*
+* The features below are enabled by default, so we instead look to see
+* if firmware has *disabled* them, and clear them if so.
+*/
+   if (fw_feature_is("disabled", "speculation-policy-favor-security", np))
+   security_ftr_clear(SEC_FTR_FAVOUR_SECURITY);
+
+   if (fw_feature_is("disabled", "needs-l1d-flush-msr-pr-0-to-1", np))
+   security_ftr_clear(SEC_FTR_L1D_FLUSH_PR);
+
+   if (fw_feature_is("disabled", "needs-l1d-flush-msr-hv-1-to-0", np))
+   security_ftr_clear(SEC_FTR_L1D_FLUSH_HV);
+
+   if (fw_feature_is("disabled", "needs-spec-barrier-for-bound-checks", 
np))
+   security_ftr_clear(SEC_FTR_BNDS_CHK_SPEC_BAR);
+}
+
 static void pnv_setup_rfi_flush(void)
 {
struct device_node *np, *fw_features;
@@ -55,6 +109,8 @@ static void pnv_setup_rfi_flush(void)
of_node_put(np);
 
if (fw_features) {
+   init_fw_feat_flags(fw_features);
+
np = of_get_child_by_name(fw_features, "inst-l1d-flush-trig2");
if (np && of_property_read_bool(np, "enabled"))
type = L1D_FLUSH_MTTRIG;
-- 
2.14.1

[PATCH stable 4.14 11/23] powerpc/pseries: Set or clear security feature flags

[Michael Ellerman]

Now that we have feature flags for security related things, set or
clear them based on what we receive from the hypercall.

Signed-off-by: Michael Ellerman 
(cherry picked from commit f636c14790ead6cc22cf62279b1f8d7e11a67116)
---
 arch/powerpc/platforms/pseries/setup.c | 43 ++
 1 file changed, 43 insertions(+)

diff --git a/arch/powerpc/platforms/pseries/setup.c 
b/arch/powerpc/platforms/pseries/setup.c
index b2d99b384089..65b157a35161 100644
--- a/arch/powerpc/platforms/pseries/setup.c
+++ b/arch/powerpc/platforms/pseries/setup.c
@@ -68,6 +68,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include "pseries.h"
 
@@ -459,6 +460,40 @@ static void __init find_and_init_phbs(void)
of_pci_check_probe_only();
 }
 
+static void init_cpu_char_feature_flags(struct h_cpu_char_result *result)
+{
+   if (result->character & H_CPU_CHAR_SPEC_BAR_ORI31)
+   security_ftr_set(SEC_FTR_SPEC_BAR_ORI31);
+
+   if (result->character & H_CPU_CHAR_BCCTRL_SERIALISED)
+   security_ftr_set(SEC_FTR_BCCTRL_SERIALISED);
+
+   if (result->character & H_CPU_CHAR_L1D_FLUSH_ORI30)
+   security_ftr_set(SEC_FTR_L1D_FLUSH_ORI30);
+
+   if (result->character & H_CPU_CHAR_L1D_FLUSH_TRIG2)
+   security_ftr_set(SEC_FTR_L1D_FLUSH_TRIG2);
+
+   if (result->character & H_CPU_CHAR_L1D_THREAD_PRIV)
+   security_ftr_set(SEC_FTR_L1D_THREAD_PRIV);
+
+   if (result->character & H_CPU_CHAR_COUNT_CACHE_DISABLED)
+   security_ftr_set(SEC_FTR_COUNT_CACHE_DISABLED);
+
+   /*
+* The features below are enabled by default, so we instead look to see
+* if firmware has *disabled* them, and clear them if so.
+*/
+   if (!(result->character & H_CPU_BEHAV_FAVOUR_SECURITY))
+   security_ftr_clear(SEC_FTR_FAVOUR_SECURITY);
+
+   if (!(result->character & H_CPU_BEHAV_L1D_FLUSH_PR))
+   security_ftr_clear(SEC_FTR_L1D_FLUSH_PR);
+
+   if (!(result->character & H_CPU_BEHAV_BNDS_CHK_SPEC_BAR))
+   security_ftr_clear(SEC_FTR_BNDS_CHK_SPEC_BAR);
+}
+
 void pseries_setup_rfi_flush(void)
 {
struct h_cpu_char_result result;
@@ -472,6 +507,8 @@ void pseries_setup_rfi_flush(void)
 
rc = plpar_get_cpu_characteristics();
if (rc == H_SUCCESS) {
+   init_cpu_char_feature_flags();
+
if (result.character & H_CPU_CHAR_L1D_FLUSH_TRIG2)
types |= L1D_FLUSH_MTTRIG;
if (result.character & H_CPU_CHAR_L1D_FLUSH_ORI30)
@@ -482,6 +519,12 @@ void pseries_setup_rfi_flush(void)
enable = false;
}
 
+   /*
+* We're the guest so this doesn't apply to us, clear it to simplify
+* handling of it elsewhere.
+*/
+   security_ftr_clear(SEC_FTR_L1D_FLUSH_HV);
+
setup_rfi_flush(types, enable);
 }
 
-- 
2.14.1

[PATCH stable 4.14 08/23] powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration

[Michael Ellerman]

We might have migrated to a machine that uses a different flush type,
or doesn't need flushing at all.

Signed-off-by: Michael Ellerman 
Signed-off-by: Mauricio Faria de Oliveira 
Signed-off-by: Michael Ellerman 
(cherry picked from commit 921bc6cf807ceb2ab8005319cf39f33494d6b100)
---
 arch/powerpc/platforms/pseries/mobility.c | 3 +++
 arch/powerpc/platforms/pseries/pseries.h  | 2 ++
 arch/powerpc/platforms/pseries/setup.c| 2 +-
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/arch/powerpc/platforms/pseries/mobility.c 
b/arch/powerpc/platforms/pseries/mobility.c
index f7042ad492ba..fbea7db043fa 100644
--- a/arch/powerpc/platforms/pseries/mobility.c
+++ b/arch/powerpc/platforms/pseries/mobility.c
@@ -348,6 +348,9 @@ void post_mobility_fixup(void)
printk(KERN_ERR "Post-mobility device tree update "
"failed: %d\n", rc);
 
+   /* Possibly switch to a new RFI flush type */
+   pseries_setup_rfi_flush();
+
return;
 }
 
diff --git a/arch/powerpc/platforms/pseries/pseries.h 
b/arch/powerpc/platforms/pseries/pseries.h
index 1ae1d9f4dbe9..27cdcb69fd18 100644
--- a/arch/powerpc/platforms/pseries/pseries.h
+++ b/arch/powerpc/platforms/pseries/pseries.h
@@ -100,4 +100,6 @@ static inline unsigned long cmo_get_page_size(void)
 
 int dlpar_workqueue_init(void);
 
+void pseries_setup_rfi_flush(void);
+
 #endif /* _PSERIES_PSERIES_H */
diff --git a/arch/powerpc/platforms/pseries/setup.c 
b/arch/powerpc/platforms/pseries/setup.c
index 2708ddab209b..b2d99b384089 100644
--- a/arch/powerpc/platforms/pseries/setup.c
+++ b/arch/powerpc/platforms/pseries/setup.c
@@ -459,7 +459,7 @@ static void __init find_and_init_phbs(void)
of_pci_check_probe_only();
 }
 
-static void pseries_setup_rfi_flush(void)
+void pseries_setup_rfi_flush(void)
 {
struct h_cpu_char_result result;
enum l1d_flush_type types;
-- 
2.14.1

[PATCH stable 4.14 10/23] powerpc: Add security feature flags for Spectre/Meltdown

[Michael Ellerman]

This commit adds security feature flags to reflect the settings we
receive from firmware regarding Spectre/Meltdown mitigations.

The feature names reflect the names we are given by firmware on bare
metal machines. See the hostboot source for details.

Arguably these could be firmware features, but that then requires them
to be read early in boot so they're available prior to asm feature
patching, but we don't actually want to use them for patching. We may
also want to dynamically update them in future, which would be
incompatible with the way firmware features work (at the moment at
least). So for now just make them separate flags.

Signed-off-by: Michael Ellerman 
(cherry picked from commit 9a868f634349e62922c226834aa23e3d1329ae7f)
---
 arch/powerpc/include/asm/security_features.h | 65 
 arch/powerpc/kernel/Makefile |  2 +-
 arch/powerpc/kernel/security.c   | 15 +++
 3 files changed, 81 insertions(+), 1 deletion(-)
 create mode 100644 arch/powerpc/include/asm/security_features.h
 create mode 100644 arch/powerpc/kernel/security.c

diff --git a/arch/powerpc/include/asm/security_features.h 
b/arch/powerpc/include/asm/security_features.h
new file mode 100644
index ..db00ad2c72c2
--- /dev/null
+++ b/arch/powerpc/include/asm/security_features.h
@@ -0,0 +1,65 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Security related feature bit definitions.
+ *
+ * Copyright 2018, Michael Ellerman, IBM Corporation.
+ */
+
+#ifndef _ASM_POWERPC_SECURITY_FEATURES_H
+#define _ASM_POWERPC_SECURITY_FEATURES_H
+
+
+extern unsigned long powerpc_security_features;
+
+static inline void security_ftr_set(unsigned long feature)
+{
+   powerpc_security_features |= feature;
+}
+
+static inline void security_ftr_clear(unsigned long feature)
+{
+   powerpc_security_features &= ~feature;
+}
+
+static inline bool security_ftr_enabled(unsigned long feature)
+{
+   return !!(powerpc_security_features & feature);
+}
+
+
+// Features indicating support for Spectre/Meltdown mitigations
+
+// The L1-D cache can be flushed with ori r30,r30,0
+#define SEC_FTR_L1D_FLUSH_ORI300x0001ull
+
+// The L1-D cache can be flushed with mtspr 882,r0 (aka SPRN_TRIG2)
+#define SEC_FTR_L1D_FLUSH_TRIG20x0002ull
+
+// ori r31,r31,0 acts as a speculation barrier
+#define SEC_FTR_SPEC_BAR_ORI31 0x0004ull
+
+// Speculation past bctr is disabled
+#define SEC_FTR_BCCTRL_SERIALISED  0x0008ull
+
+// Entries in L1-D are private to a SMT thread
+#define SEC_FTR_L1D_THREAD_PRIV0x0010ull
+
+// Indirect branch prediction cache disabled
+#define SEC_FTR_COUNT_CACHE_DISABLED   0x0020ull
+
+
+// Features indicating need for Spectre/Meltdown mitigations
+
+// The L1-D cache should be flushed on MSR[HV] 1->0 transition (hypervisor to 
guest)
+#define SEC_FTR_L1D_FLUSH_HV   0x0040ull
+
+// The L1-D cache should be flushed on MSR[PR] 0->1 transition (kernel to 
userspace)
+#define SEC_FTR_L1D_FLUSH_PR   0x0080ull
+
+// A speculation barrier should be used for bounds checks (Spectre variant 1)
+#define SEC_FTR_BNDS_CHK_SPEC_BAR  0x0100ull
+
+// Firmware configuration indicates user favours security over performance
+#define SEC_FTR_FAVOUR_SECURITY0x0200ull
+
+#endif /* _ASM_POWERPC_SECURITY_FEATURES_H */
diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile
index 6c6cce937dd8..1479c61e29c5 100644
--- a/arch/powerpc/kernel/Makefile
+++ b/arch/powerpc/kernel/Makefile
@@ -42,7 +42,7 @@ obj-$(CONFIG_VDSO32)  += vdso32/
 obj-$(CONFIG_PPC_WATCHDOG) += watchdog.o
 obj-$(CONFIG_HAVE_HW_BREAKPOINT)   += hw_breakpoint.o
 obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_ppc970.o cpu_setup_pa6t.o
-obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o
+obj-$(CONFIG_PPC_BOOK3S_64)+= cpu_setup_power.o security.o
 obj-$(CONFIG_PPC_BOOK3S_64)+= mce.o mce_power.o
 obj-$(CONFIG_PPC_BOOK3E_64)+= exceptions-64e.o idle_book3e.o
 obj-$(CONFIG_PPC64)+= vdso64/
diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
new file mode 100644
index ..4ccba00d224c
--- /dev/null
+++ b/arch/powerpc/kernel/security.c
@@ -0,0 +1,15 @@
+// SPDX-License-Identifier: GPL-2.0+
+//
+// Security related flags and so on.
+//
+// Copyright 2018, Michael Ellerman, IBM Corporation.
+
+#include 
+#include 
+
+
+unsigned long powerpc_security_features __read_mostly = \
+   SEC_FTR_L1D_FLUSH_HV | \
+   SEC_FTR_L1D_FLUSH_PR | \
+   SEC_FTR_BNDS_CHK_SPEC_BAR | \
+   SEC_FTR_FAVOUR_SECURITY;
-- 
2.14.1

[PATCH stable 4.14 09/23] powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags

[Michael Ellerman]

Add some additional values which have been defined for the
H_GET_CPU_CHARACTERISTICS hypercall.

Signed-off-by: Michael Ellerman 
---
 arch/powerpc/include/asm/hvcall.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/arch/powerpc/include/asm/hvcall.h 
b/arch/powerpc/include/asm/hvcall.h
index eca3f9c68907..5a740feb7bd7 100644
--- a/arch/powerpc/include/asm/hvcall.h
+++ b/arch/powerpc/include/asm/hvcall.h
@@ -337,6 +337,9 @@
 #define H_CPU_CHAR_L1D_FLUSH_ORI30 (1ull << 61) // IBM bit 2
 #define H_CPU_CHAR_L1D_FLUSH_TRIG2 (1ull << 60) // IBM bit 3
 #define H_CPU_CHAR_L1D_THREAD_PRIV (1ull << 59) // IBM bit 4
+#define H_CPU_CHAR_BRANCH_HINTS_HONORED(1ull << 58) // IBM bit 5
+#define H_CPU_CHAR_THREAD_RECONFIG_CTRL(1ull << 57) // IBM bit 6
+#define H_CPU_CHAR_COUNT_CACHE_DISABLED(1ull << 56) // IBM bit 7
 
 #define H_CPU_BEHAV_FAVOUR_SECURITY(1ull << 63) // IBM bit 0
 #define H_CPU_BEHAV_L1D_FLUSH_PR   (1ull << 62) // IBM bit 1
-- 
2.14.1

[PATCH stable 4.14 07/23] powerpc/rfi-flush: Differentiate enabled and patched flush types

[Michael Ellerman]

From: Mauricio Faria de Oliveira 

Currently the rfi-flush messages print 'Using  flush' for all
enabled_flush_types, but that is not necessarily true -- as now the
fallback flush is always enabled on pseries, but the fixup function
overwrites its nop/branch slot with other flush types, if available.

So, replace the 'Using  flush' messages with ' flush is
available'.

Also, print the patched flush types in the fixup function, so users
can know what is (not) being used (e.g., the slower, fallback flush,
or no flush type at all if flush is disabled via the debugfs switch).

Suggested-by: Michael Ellerman 
Signed-off-by: Mauricio Faria de Oliveira 
Signed-off-by: Michael Ellerman 
(cherry picked from commit 0063d61ccfc011f379a31acaeba6de7c926fed2c)
---
 arch/powerpc/kernel/setup_64.c| 6 +++---
 arch/powerpc/lib/feature-fixups.c | 9 -
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c
index ace6a10a242f..da12b54cbe5c 100644
--- a/arch/powerpc/kernel/setup_64.c
+++ b/arch/powerpc/kernel/setup_64.c
@@ -860,15 +860,15 @@ static void init_fallback_flush(void)
 void setup_rfi_flush(enum l1d_flush_type types, bool enable)
 {
if (types & L1D_FLUSH_FALLBACK) {
-   pr_info("rfi-flush: Using fallback displacement flush\n");
+   pr_info("rfi-flush: fallback displacement flush available\n");
init_fallback_flush();
}
 
if (types & L1D_FLUSH_ORI)
-   pr_info("rfi-flush: Using ori type flush\n");
+   pr_info("rfi-flush: ori type flush available\n");
 
if (types & L1D_FLUSH_MTTRIG)
-   pr_info("rfi-flush: Using mttrig type flush\n");
+   pr_info("rfi-flush: mttrig type flush available\n");
 
enabled_flush_types = types;
 
diff --git a/arch/powerpc/lib/feature-fixups.c 
b/arch/powerpc/lib/feature-fixups.c
index d0c0b8443dcf..8ac72f7d638f 100644
--- a/arch/powerpc/lib/feature-fixups.c
+++ b/arch/powerpc/lib/feature-fixups.c
@@ -153,7 +153,14 @@ void do_rfi_flush_fixups(enum l1d_flush_type types)
patch_instruction(dest + 2, instrs[2]);
}
 
-   printk(KERN_DEBUG "rfi-flush: patched %d locations\n", i);
+   printk(KERN_DEBUG "rfi-flush: patched %d locations (%s flush)\n", i,
+   (types == L1D_FLUSH_NONE)   ? "no" :
+   (types == L1D_FLUSH_FALLBACK)   ? "fallback displacement" :
+   (types &  L1D_FLUSH_ORI)? (types & L1D_FLUSH_MTTRIG)
+   ? "ori+mttrig type"
+   : "ori type" :
+   (types &  L1D_FLUSH_MTTRIG) ? "mttrig type"
+   : "unknown");
 }
 #endif /* CONFIG_PPC_BOOK3S_64 */
 
-- 
2.14.1

[PATCH stable 4.14 06/23] powerpc/rfi-flush: Always enable fallback flush on pseries

[Michael Ellerman]

This ensures the fallback flush area is always allocated on pseries,
so in case a LPAR is migrated from a patched to an unpatched system,
it is possible to enable the fallback flush in the target system.

Signed-off-by: Michael Ellerman 
Signed-off-by: Mauricio Faria de Oliveira 
Signed-off-by: Michael Ellerman 
(cherry picked from commit 84749a58b6e382f109abf1e734bc4dd43c2c25bb)
---
 arch/powerpc/platforms/pseries/setup.c | 10 +-
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/arch/powerpc/platforms/pseries/setup.c 
b/arch/powerpc/platforms/pseries/setup.c
index 84e753b5..2708ddab209b 100644
--- a/arch/powerpc/platforms/pseries/setup.c
+++ b/arch/powerpc/platforms/pseries/setup.c
@@ -468,26 +468,18 @@ static void pseries_setup_rfi_flush(void)
 
/* Enable by default */
enable = true;
+   types = L1D_FLUSH_FALLBACK;
 
rc = plpar_get_cpu_characteristics();
if (rc == H_SUCCESS) {
-   types = L1D_FLUSH_NONE;
-
if (result.character & H_CPU_CHAR_L1D_FLUSH_TRIG2)
types |= L1D_FLUSH_MTTRIG;
if (result.character & H_CPU_CHAR_L1D_FLUSH_ORI30)
types |= L1D_FLUSH_ORI;
 
-   /* Use fallback if nothing set in hcall */
-   if (types == L1D_FLUSH_NONE)
-   types = L1D_FLUSH_FALLBACK;
-
if ((!(result.behaviour & H_CPU_BEHAV_L1D_FLUSH_PR)) ||
(!(result.behaviour & H_CPU_BEHAV_FAVOUR_SECURITY)))
enable = false;
-   } else {
-   /* Default to fallback if case hcall is not available */
-   types = L1D_FLUSH_FALLBACK;
}
 
setup_rfi_flush(types, enable);
-- 
2.14.1

[PATCH stable 4.14 05/23] powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again

[Michael Ellerman]

For PowerVM migration we want to be able to call setup_rfi_flush()
again after we've migrated the partition.

To support that we need to check that we're not trying to allocate the
fallback flush area after memblock has gone away (i.e., boot-time only).

Signed-off-by: Michael Ellerman 
Signed-off-by: Mauricio Faria de Oliveira 
Signed-off-by: Michael Ellerman 
(cherry picked from commit abf110f3e1cea40f5ea15e85f5d67c39c14568a7)
---
 arch/powerpc/include/asm/setup.h | 2 +-
 arch/powerpc/kernel/setup_64.c   | 6 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/arch/powerpc/include/asm/setup.h b/arch/powerpc/include/asm/setup.h
index 469b7fdc9be4..bbcdf929be54 100644
--- a/arch/powerpc/include/asm/setup.h
+++ b/arch/powerpc/include/asm/setup.h
@@ -49,7 +49,7 @@ enum l1d_flush_type {
L1D_FLUSH_MTTRIG= 0x8,
 };
 
-void __init setup_rfi_flush(enum l1d_flush_type, bool enable);
+void setup_rfi_flush(enum l1d_flush_type, bool enable);
 void do_rfi_flush_fixups(enum l1d_flush_type types);
 
 #endif /* !__ASSEMBLY__ */
diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c
index cbb3fb1820ce..ace6a10a242f 100644
--- a/arch/powerpc/kernel/setup_64.c
+++ b/arch/powerpc/kernel/setup_64.c
@@ -836,6 +836,10 @@ static void init_fallback_flush(void)
u64 l1d_size, limit;
int cpu;
 
+   /* Only allocate the fallback flush area once (at boot time). */
+   if (l1d_flush_fallback_area)
+   return;
+
l1d_size = ppc64_caches.l1d.size;
limit = min(safe_stack_limit(), ppc64_rma_size);
 
@@ -853,7 +857,7 @@ static void init_fallback_flush(void)
}
 }
 
-void __init setup_rfi_flush(enum l1d_flush_type types, bool enable)
+void setup_rfi_flush(enum l1d_flush_type types, bool enable)
 {
if (types & L1D_FLUSH_FALLBACK) {
pr_info("rfi-flush: Using fallback displacement flush\n");
-- 
2.14.1

[PATCH stable 4.14 04/23] powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code

[Michael Ellerman]

rfi_flush_enable() includes a check to see if we're already
enabled (or disabled), and in that case does nothing.

But that means calling setup_rfi_flush() a 2nd time doesn't actually
work, which is a bit confusing.

Move that check into the debugfs code, where it really belongs.

Signed-off-by: Michael Ellerman 
Signed-off-by: Mauricio Faria de Oliveira 
Signed-off-by: Michael Ellerman 
(cherry picked from commit 1e2a9fc7496955faacbbed49461d611b704a7505)
---
 arch/powerpc/kernel/setup_64.c | 13 -
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c
index 333c64a794eb..cbb3fb1820ce 100644
--- a/arch/powerpc/kernel/setup_64.c
+++ b/arch/powerpc/kernel/setup_64.c
@@ -822,9 +822,6 @@ static void do_nothing(void *unused)
 
 void rfi_flush_enable(bool enable)
 {
-   if (rfi_flush == enable)
-   return;
-
if (enable) {
do_rfi_flush_fixups(enabled_flush_types);
on_each_cpu(do_nothing, NULL, 1);
@@ -878,13 +875,19 @@ void __init setup_rfi_flush(enum l1d_flush_type types, 
bool enable)
 #ifdef CONFIG_DEBUG_FS
 static int rfi_flush_set(void *data, u64 val)
 {
+   bool enable;
+
if (val == 1)
-   rfi_flush_enable(true);
+   enable = true;
else if (val == 0)
-   rfi_flush_enable(false);
+   enable = false;
else
return -EINVAL;
 
+   /* Only do anything if we're changing state */
+   if (enable != rfi_flush)
+   rfi_flush_enable(enable);
+
return 0;
 }
 
-- 
2.14.1

[PATCH stable 4.14 03/23] powerpc/powernv: Support firmware disable of RFI flush

[Michael Ellerman]

Some versions of firmware will have a setting that can be configured
to disable the RFI flush, add support for it.

Fixes: 6e032b350cd1 ("powerpc/powernv: Check device-tree for RFI flush 
settings")
Signed-off-by: Michael Ellerman 
(cherry picked from commit eb0a2d2620ae431c543963c8c7f08f597366fc60)
---
 arch/powerpc/platforms/powernv/setup.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/arch/powerpc/platforms/powernv/setup.c 
b/arch/powerpc/platforms/powernv/setup.c
index 7966a314d93a..37a7f5ef00b7 100644
--- a/arch/powerpc/platforms/powernv/setup.c
+++ b/arch/powerpc/platforms/powernv/setup.c
@@ -79,6 +79,10 @@ static void pnv_setup_rfi_flush(void)
if (np && of_property_read_bool(np, "disabled"))
enable--;
 
+   np = of_get_child_by_name(fw_features, 
"speculation-policy-favor-security");
+   if (np && of_property_read_bool(np, "disabled"))
+   enable = 0;
+
of_node_put(np);
of_node_put(fw_features);
}
-- 
2.14.1

[PATCH stable 4.14 02/23] powerpc/pseries: Support firmware disable of RFI flush

[Michael Ellerman]

Some versions of firmware will have a setting that can be configured
to disable the RFI flush, add support for it.

Fixes: 8989d56878a7 ("powerpc/pseries: Query hypervisor for RFI flush settings")
Signed-off-by: Michael Ellerman 
(cherry picked from commit 582605a429e20ae68fd0b041b2e840af296edd08)
---
 arch/powerpc/platforms/pseries/setup.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/powerpc/platforms/pseries/setup.c 
b/arch/powerpc/platforms/pseries/setup.c
index ae4f596273b5..84e753b5 100644
--- a/arch/powerpc/platforms/pseries/setup.c
+++ b/arch/powerpc/platforms/pseries/setup.c
@@ -482,7 +482,8 @@ static void pseries_setup_rfi_flush(void)
if (types == L1D_FLUSH_NONE)
types = L1D_FLUSH_FALLBACK;
 
-   if (!(result.behaviour & H_CPU_BEHAV_L1D_FLUSH_PR))
+   if ((!(result.behaviour & H_CPU_BEHAV_L1D_FLUSH_PR)) ||
+   (!(result.behaviour & H_CPU_BEHAV_FAVOUR_SECURITY)))
enable = false;
} else {
/* Default to fallback if case hcall is not available */
-- 
2.14.1

[PATCH stable 4.14 01/23] powerpc/64s: Improve RFI L1-D cache flush fallback

[Michael Ellerman]

From: Nicholas Piggin 

The fallback RFI flush is used when firmware does not provide a way
to flush the cache. It's a "displacement flush" that evicts useful
data by displacing it with an uninteresting buffer.

The flush has to take care to work with implementation specific cache
replacment policies, so the recipe has been in flux. The initial
slow but conservative approach is to touch all lines of a congruence
class, with dependencies between each load. It has since been
determined that a linear pattern of loads without dependencies is
sufficient, and is significantly faster.

Measuring the speed of a null syscall with RFI fallback flush enabled
gives the relative improvement:

P8 - 1.83x
P9 - 1.75x

The flush also becomes simpler and more adaptable to different cache
geometries.

Signed-off-by: Nicholas Piggin 
Signed-off-by: Michael Ellerman 
(cherry picked from commit bdcb1aefc5b3f7d0f1dc8b02673602bca2ff7a4b)
---
 arch/powerpc/include/asm/paca.h  |  3 +-
 arch/powerpc/kernel/asm-offsets.c|  3 +-
 arch/powerpc/kernel/exceptions-64s.S | 76 +---
 arch/powerpc/kernel/setup_64.c   | 13 +-
 arch/powerpc/xmon/xmon.c |  2 +
 5 files changed, 41 insertions(+), 56 deletions(-)

diff --git a/arch/powerpc/include/asm/paca.h b/arch/powerpc/include/asm/paca.h
index b8366df50d19..e6bd59353e40 100644
--- a/arch/powerpc/include/asm/paca.h
+++ b/arch/powerpc/include/asm/paca.h
@@ -238,8 +238,7 @@ struct paca_struct {
 */
u64 exrfi[EX_SIZE] __aligned(0x80);
void *rfi_flush_fallback_area;
-   u64 l1d_flush_congruence;
-   u64 l1d_flush_sets;
+   u64 l1d_flush_size;
 #endif
 };
 
diff --git a/arch/powerpc/kernel/asm-offsets.c 
b/arch/powerpc/kernel/asm-offsets.c
index 748cdc4bb89a..2e5ea300258a 100644
--- a/arch/powerpc/kernel/asm-offsets.c
+++ b/arch/powerpc/kernel/asm-offsets.c
@@ -239,8 +239,7 @@ int main(void)
OFFSET(PACA_IN_NMI, paca_struct, in_nmi);
OFFSET(PACA_RFI_FLUSH_FALLBACK_AREA, paca_struct, 
rfi_flush_fallback_area);
OFFSET(PACA_EXRFI, paca_struct, exrfi);
-   OFFSET(PACA_L1D_FLUSH_CONGRUENCE, paca_struct, l1d_flush_congruence);
-   OFFSET(PACA_L1D_FLUSH_SETS, paca_struct, l1d_flush_sets);
+   OFFSET(PACA_L1D_FLUSH_SIZE, paca_struct, l1d_flush_size);
 
 #endif
OFFSET(PACAHWCPUID, paca_struct, hw_cpu_id);
diff --git a/arch/powerpc/kernel/exceptions-64s.S 
b/arch/powerpc/kernel/exceptions-64s.S
index f9ca4bb3d48e..feba0a8d040e 100644
--- a/arch/powerpc/kernel/exceptions-64s.S
+++ b/arch/powerpc/kernel/exceptions-64s.S
@@ -1440,39 +1440,37 @@ TRAMP_REAL_BEGIN(rfi_flush_fallback)
std r9,PACA_EXRFI+EX_R9(r13)
std r10,PACA_EXRFI+EX_R10(r13)
std r11,PACA_EXRFI+EX_R11(r13)
-   std r12,PACA_EXRFI+EX_R12(r13)
-   std r8,PACA_EXRFI+EX_R13(r13)
mfctr   r9
ld  r10,PACA_RFI_FLUSH_FALLBACK_AREA(r13)
-   ld  r11,PACA_L1D_FLUSH_SETS(r13)
-   ld  r12,PACA_L1D_FLUSH_CONGRUENCE(r13)
-   /*
-* The load adresses are at staggered offsets within cachelines,
-* which suits some pipelines better (on others it should not
-* hurt).
-*/
-   addir12,r12,8
+   ld  r11,PACA_L1D_FLUSH_SIZE(r13)
+   srdir11,r11,(7 + 3) /* 128 byte lines, unrolled 8x */
mtctr   r11
DCBT_STOP_ALL_STREAM_IDS(r11) /* Stop prefetch streams */
 
/* order ld/st prior to dcbt stop all streams with flushing */
sync
-1: li  r8,0
-   .rept   8 /* 8-way set associative */
-   ldx r11,r10,r8
-   add r8,r8,r12
-   xor r11,r11,r11 // Ensure r11 is 0 even if fallback area is not
-   add r8,r8,r11   // Add 0, this creates a dependency on the ldx
-   .endr
-   addir10,r10,128 /* 128 byte cache line */
+
+   /*
+* The load adresses are at staggered offsets within cachelines,
+* which suits some pipelines better (on others it should not
+* hurt).
+*/
+1:
+   ld  r11,(0x80 + 8)*0(r10)
+   ld  r11,(0x80 + 8)*1(r10)
+   ld  r11,(0x80 + 8)*2(r10)
+   ld  r11,(0x80 + 8)*3(r10)
+   ld  r11,(0x80 + 8)*4(r10)
+   ld  r11,(0x80 + 8)*5(r10)
+   ld  r11,(0x80 + 8)*6(r10)
+   ld  r11,(0x80 + 8)*7(r10)
+   addir10,r10,0x80*8
bdnz1b
 
mtctr   r9
ld  r9,PACA_EXRFI+EX_R9(r13)
ld  r10,PACA_EXRFI+EX_R10(r13)
ld  r11,PACA_EXRFI+EX_R11(r13)
-   ld  r12,PACA_EXRFI+EX_R12(r13)
-   ld  r8,PACA_EXRFI+EX_R13(r13)
GET_SCRATCH0(r13);
rfid
 
@@ -1482,39 +1480,37 @@ TRAMP_REAL_BEGIN(hrfi_flush_fallback)
std r9,PACA_EXRFI+EX_R9(r13)
std r10,PACA_EXRFI+EX_R10(r13)
std r11,PACA_EXRFI+EX_R11(r13)
-   std r12,PACA_EXRFI+EX_R12(r13)
-   

[PATCH stable 4.14 00/23] powerpc backports for 4.14

[Michael Ellerman]

Hi Greg,

Please queue up this series of patches for 4.14 if you have no objections.

cheers



Mauricio Faria de Oliveira (4):
  powerpc/rfi-flush: Differentiate enabled and patched flush types
  powerpc/pseries: Fix clearing of security feature flags
  powerpc: Move default security feature flags
  powerpc/pseries: Restore default security feature flags on setup

Michael Ellerman (17):
  powerpc/pseries: Support firmware disable of RFI flush
  powerpc/powernv: Support firmware disable of RFI flush
  powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs
code
  powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
  powerpc/rfi-flush: Always enable fallback flush on pseries
  powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
  powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
  powerpc: Add security feature flags for Spectre/Meltdown
  powerpc/pseries: Set or clear security feature flags
  powerpc/powernv: Set or clear security feature flags
  powerpc/64s: Move cpu_show_meltdown()
  powerpc/64s: Enhance the information in cpu_show_meltdown()
  powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
  powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
  powerpc/64s: Wire up cpu_show_spectre_v1()
  powerpc/64s: Wire up cpu_show_spectre_v2()
  powerpc/64s: Fix section mismatch warnings from setup_rfi_flush()

Nicholas Piggin (2):
  powerpc/64s: Improve RFI L1-D cache flush fallback
  powerpc/64s: Add support for a store forwarding barrier at kernel
entry/exit

 arch/powerpc/include/asm/exception-64s.h |  29 
 arch/powerpc/include/asm/feature-fixups.h|  19 +++
 arch/powerpc/include/asm/hvcall.h|   3 +
 arch/powerpc/include/asm/paca.h  |   3 +-
 arch/powerpc/include/asm/security_features.h |  85 ++
 arch/powerpc/include/asm/setup.h |   2 +-
 arch/powerpc/kernel/Makefile |   2 +-
 arch/powerpc/kernel/asm-offsets.c|   3 +-
 arch/powerpc/kernel/exceptions-64s.S |  95 ++-
 arch/powerpc/kernel/security.c   | 237 +++
 arch/powerpc/kernel/setup_64.c   |  48 ++
 arch/powerpc/kernel/vmlinux.lds.S|  14 ++
 arch/powerpc/lib/feature-fixups.c| 124 +-
 arch/powerpc/platforms/powernv/setup.c   |  92 ---
 arch/powerpc/platforms/pseries/mobility.c|   3 +
 arch/powerpc/platforms/pseries/pseries.h |   2 +
 arch/powerpc/platforms/pseries/setup.c   |  81 +++--
 arch/powerpc/xmon/xmon.c |   2 +
 18 files changed, 721 insertions(+), 123 deletions(-)
 create mode 100644 arch/powerpc/include/asm/security_features.h
 create mode 100644 arch/powerpc/kernel/security.c

-- 
2.14.1

Re: [PATCH] powerpc/modules: remove unused mod_arch_specific.toc field

[Kamalesh Babulal]

On Friday 25 May 2018 09:18 AM, Josh Poimboeuf wrote:

The toc field in the mod_arch_specific struct isn't actually used
anywhere, so remove it.

Also the ftrace-specific fields are now common between 32-bit and
64-bit, so simplify the struct definition a bit by moving them out of
the __powerpc64__ #ifdef.

Signed-off-by: Josh Poimboeuf 


Reviewed-by: Kamalesh Babulal 

Re: [PATCH 2/2] selftests/powerpc: Add perf breakpoint test

[Michael Neuling]

On Thu, 2018-05-24 at 20:30 +1000, Michael Ellerman wrote:
> Michael Neuling  writes:
> 
> > This tests perf hardware breakpoints (ie PERF_TYPE_BREAKPOINT) on
> > powerpc.
> 
> This doesn't work for me on a P8 guest:
> 
>   test: perf-hwbreak
>   tags: git_version:bb5602e
>   !! killing perf-hwbreak
>   !! child died by signal 15
>   failure: perf-hwbreak
> 
> 
> That means the harness killed it after 2 minutes.
> 
> Sometimes it gets further:
> 
>   test: perf-hwbreak
>   tags: git_version:v4.17-rc3-109-gbb20240fb508
>   threads=16 loops=1048576 scalar test
>   !! killing perf-hwbreak
>   !! child died by signal 15
>   failure: perf-hwbreak
> 
> 
> Do we just need to bump the timeout up, or is something going wrong
> here?

Yeah, sorry my bad.  The test was trying to randomly test all the combinations.
 
I've rewritten it now to explicitly test all the combinations. This gives it a
more consistent runtime. I do randomly vary the loop count but this is only a
small variation (~10%) to avoid using a count from a previous test.

Mikey