1 // SPDX-License-Identifier: GPL-2.0+
3 // Security related flags and so on.
5 // Copyright 2018, Michael Ellerman, IBM Corporation.
7 #include <linux/kernel.h>
8 #include <linux/device.h>
9 #include <linux/seq_buf.h>
11 #include <asm/debugfs.h>
12 #include <asm/security_features.h>
13 #include <asm/setup.h>
16 unsigned long powerpc_security_features __read_mostly = SEC_FTR_DEFAULT;
18 bool barrier_nospec_enabled;
20 static void enable_barrier_nospec(bool enable)
22 barrier_nospec_enabled = enable;
23 do_barrier_nospec_fixups(enable);
26 void setup_barrier_nospec(void)
31 * It would make sense to check SEC_FTR_SPEC_BAR_ORI31 below as well.
32 * But there's a good reason not to. The two flags we check below are
33 * both are enabled by default in the kernel, so if the hcall is not
34 * functional they will be enabled.
35 * On a system where the host firmware has been updated (so the ori
36 * functions as a barrier), but on which the hypervisor (KVM/Qemu) has
37 * not been updated, we would like to enable the barrier. Dropping the
38 * check for SEC_FTR_SPEC_BAR_ORI31 achieves that. The only downside is
39 * we potentially enable the barrier on systems where the host firmware
40 * is not updated, but that's harmless as it's a no-op.
42 enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) &&
43 security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR);
45 enable_barrier_nospec(enable);
48 #ifdef CONFIG_DEBUG_FS
49 static int barrier_nospec_set(void *data, u64 val)
59 if (!!val == !!barrier_nospec_enabled)
62 enable_barrier_nospec(!!val);
67 static int barrier_nospec_get(void *data, u64 *val)
69 *val = barrier_nospec_enabled ? 1 : 0;
73 DEFINE_SIMPLE_ATTRIBUTE(fops_barrier_nospec,
74 barrier_nospec_get, barrier_nospec_set, "%llu\n");
76 static __init int barrier_nospec_debugfs_init(void)
78 debugfs_create_file("barrier_nospec", 0600, powerpc_debugfs_root, NULL,
79 &fops_barrier_nospec);
82 device_initcall(barrier_nospec_debugfs_init);
83 #endif /* CONFIG_DEBUG_FS */
85 ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf)
89 thread_priv = security_ftr_enabled(SEC_FTR_L1D_THREAD_PRIV);
91 if (rfi_flush || thread_priv) {
93 seq_buf_init(&s, buf, PAGE_SIZE - 1);
95 seq_buf_printf(&s, "Mitigation: ");
98 seq_buf_printf(&s, "RFI Flush");
100 if (rfi_flush && thread_priv)
101 seq_buf_printf(&s, ", ");
104 seq_buf_printf(&s, "L1D private per thread");
106 seq_buf_printf(&s, "\n");
111 if (!security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV) &&
112 !security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR))
113 return sprintf(buf, "Not affected\n");
115 return sprintf(buf, "Vulnerable\n");
118 ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, char *buf)
120 if (!security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR))
121 return sprintf(buf, "Not affected\n");
123 if (barrier_nospec_enabled)
124 return sprintf(buf, "Mitigation: __user pointer sanitization\n");
126 return sprintf(buf, "Vulnerable\n");
129 ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf)
134 seq_buf_init(&s, buf, PAGE_SIZE - 1);
136 bcs = security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED);
137 ccd = security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED);
138 ori = security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31);
141 seq_buf_printf(&s, "Mitigation: ");
144 seq_buf_printf(&s, "Indirect branch serialisation (kernel only)");
147 seq_buf_printf(&s, ", ");
150 seq_buf_printf(&s, "Indirect branch cache disabled");
152 seq_buf_printf(&s, "Vulnerable");
155 seq_buf_printf(&s, ", ori31 speculation barrier enabled");
157 seq_buf_printf(&s, "\n");
163 * Store-forwarding barrier support.
166 static enum stf_barrier_type stf_enabled_flush_types;
167 static bool no_stf_barrier;
170 static int __init handle_no_stf_barrier(char *p)
172 pr_info("stf-barrier: disabled on command line.");
173 no_stf_barrier = true;
177 early_param("no_stf_barrier", handle_no_stf_barrier);
179 /* This is the generic flag used by other architectures */
180 static int __init handle_ssbd(char *p)
182 if (!p || strncmp(p, "auto", 5) == 0 || strncmp(p, "on", 2) == 0 ) {
183 /* Until firmware tells us, we have the barrier with auto */
185 } else if (strncmp(p, "off", 3) == 0) {
186 handle_no_stf_barrier(NULL);
193 early_param("spec_store_bypass_disable", handle_ssbd);
195 /* This is the generic flag used by other architectures */
196 static int __init handle_no_ssbd(char *p)
198 handle_no_stf_barrier(NULL);
201 early_param("nospec_store_bypass_disable", handle_no_ssbd);
203 static void stf_barrier_enable(bool enable)
206 do_stf_barrier_fixups(stf_enabled_flush_types);
208 do_stf_barrier_fixups(STF_BARRIER_NONE);
210 stf_barrier = enable;
213 void setup_stf_barrier(void)
215 enum stf_barrier_type type;
218 hv = cpu_has_feature(CPU_FTR_HVMODE);
220 /* Default to fallback in case fw-features are not available */
221 if (cpu_has_feature(CPU_FTR_ARCH_300))
222 type = STF_BARRIER_EIEIO;
223 else if (cpu_has_feature(CPU_FTR_ARCH_207S))
224 type = STF_BARRIER_SYNC_ORI;
225 else if (cpu_has_feature(CPU_FTR_ARCH_206))
226 type = STF_BARRIER_FALLBACK;
228 type = STF_BARRIER_NONE;
230 enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) &&
231 (security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR) ||
232 (security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV) && hv));
234 if (type == STF_BARRIER_FALLBACK) {
235 pr_info("stf-barrier: fallback barrier available\n");
236 } else if (type == STF_BARRIER_SYNC_ORI) {
237 pr_info("stf-barrier: hwsync barrier available\n");
238 } else if (type == STF_BARRIER_EIEIO) {
239 pr_info("stf-barrier: eieio barrier available\n");
242 stf_enabled_flush_types = type;
245 stf_barrier_enable(enable);
248 ssize_t cpu_show_spec_store_bypass(struct device *dev, struct device_attribute *attr, char *buf)
250 if (stf_barrier && stf_enabled_flush_types != STF_BARRIER_NONE) {
252 switch (stf_enabled_flush_types) {
253 case STF_BARRIER_EIEIO:
256 case STF_BARRIER_SYNC_ORI:
259 case STF_BARRIER_FALLBACK:
265 return sprintf(buf, "Mitigation: Kernel entry/exit barrier (%s)\n", type);
268 if (!security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV) &&
269 !security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR))
270 return sprintf(buf, "Not affected\n");
272 return sprintf(buf, "Vulnerable\n");
275 #ifdef CONFIG_DEBUG_FS
276 static int stf_barrier_set(void *data, u64 val)
287 /* Only do anything if we're changing state */
288 if (enable != stf_barrier)
289 stf_barrier_enable(enable);
294 static int stf_barrier_get(void *data, u64 *val)
296 *val = stf_barrier ? 1 : 0;
300 DEFINE_SIMPLE_ATTRIBUTE(fops_stf_barrier, stf_barrier_get, stf_barrier_set, "%llu\n");
302 static __init int stf_barrier_debugfs_init(void)
304 debugfs_create_file("stf_barrier", 0600, powerpc_debugfs_root, NULL, &fops_stf_barrier);
307 device_initcall(stf_barrier_debugfs_init);
308 #endif /* CONFIG_DEBUG_FS */