* [PATCH v5 0/8] powerpc/fsl: Speculation barrier for NXP PowerPC Book3E
@ 2018-07-27 23:06 Michael Ellerman
2018-07-27 23:06 ` [PATCH v5 1/8] powerpc/64: Disable the speculation barrier from the command line Michael Ellerman
` (8 more replies)
0 siblings, 9 replies; 13+ messages in thread
From: Michael Ellerman @ 2018-07-27 23:06 UTC (permalink / raw)
To: linuxppc-dev, diana.craciun; +Cc: oss, leoyang.li, bharat.bhushan
Implement barrier_nospec for NXP PowerPC Book3E processors.
Hi Diana,
This series interacts with another series of mine, so I wanted to rework it
slightly. Let me know if this looks OK to you.
cheers
Diana Craciun (6):
powerpc/64: Disable the speculation barrier from the command line
powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
powerpc/64: Make meltdown reporting Book3S 64 specific
powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E
powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit
platforms
Documentation: Add nospectre_v1 parameter
Michael Ellerman (2):
powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
powerpc/64: Call setup_barrier_nospec() from setup_arch()
Documentation/admin-guide/kernel-parameters.txt | 4 +++
arch/powerpc/Kconfig | 7 ++++-
arch/powerpc/include/asm/barrier.h | 12 ++++++---
arch/powerpc/include/asm/setup.h | 6 ++++-
arch/powerpc/kernel/Makefile | 3 ++-
arch/powerpc/kernel/entry_32.S | 10 +++++++
arch/powerpc/kernel/module.c | 4 ++-
arch/powerpc/kernel/security.c | 17 +++++++++++-
arch/powerpc/kernel/setup-common.c | 2 ++
arch/powerpc/kernel/vmlinux.lds.S | 4 ++-
arch/powerpc/lib/feature-fixups.c | 35 ++++++++++++++++++++++++-
arch/powerpc/platforms/powernv/setup.c | 1 -
arch/powerpc/platforms/pseries/setup.c | 1 -
13 files changed, 94 insertions(+), 12 deletions(-)
--
2.14.1
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH v5 1/8] powerpc/64: Disable the speculation barrier from the command line
2018-07-27 23:06 [PATCH v5 0/8] powerpc/fsl: Speculation barrier for NXP PowerPC Book3E Michael Ellerman
@ 2018-07-27 23:06 ` Michael Ellerman
2018-08-08 14:26 ` [v5, " Michael Ellerman
2018-07-27 23:06 ` [PATCH v5 2/8] powerpc/64: Make stf barrier PPC_BOOK3S_64 specific Michael Ellerman
` (7 subsequent siblings)
8 siblings, 1 reply; 13+ messages in thread
From: Michael Ellerman @ 2018-07-27 23:06 UTC (permalink / raw)
To: linuxppc-dev, diana.craciun; +Cc: oss, leoyang.li, bharat.bhushan
From: Diana Craciun <diana.craciun@nxp.com>
The speculation barrier can be disabled from the command line
with the parameter: "nospectre_v1".
Signed-off-by: Diana Craciun <diana.craciun@nxp.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
---
arch/powerpc/kernel/security.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
v5: No change.
diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
index 4cb8f1f7b593..79f9397998ed 100644
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -16,6 +16,7 @@
unsigned long powerpc_security_features __read_mostly = SEC_FTR_DEFAULT;
bool barrier_nospec_enabled;
+static bool no_nospec;
static void enable_barrier_nospec(bool enable)
{
@@ -42,9 +43,18 @@ void setup_barrier_nospec(void)
enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) &&
security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR);
- enable_barrier_nospec(enable);
+ if (!no_nospec)
+ enable_barrier_nospec(enable);
}
+static int __init handle_nospectre_v1(char *p)
+{
+ no_nospec = true;
+
+ return 0;
+}
+early_param("nospectre_v1", handle_nospectre_v1);
+
#ifdef CONFIG_DEBUG_FS
static int barrier_nospec_set(void *data, u64 val)
{
--
2.14.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v5 2/8] powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
2018-07-27 23:06 [PATCH v5 0/8] powerpc/fsl: Speculation barrier for NXP PowerPC Book3E Michael Ellerman
2018-07-27 23:06 ` [PATCH v5 1/8] powerpc/64: Disable the speculation barrier from the command line Michael Ellerman
@ 2018-07-27 23:06 ` Michael Ellerman
2018-07-27 23:06 ` [PATCH v5 3/8] powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC Michael Ellerman
` (6 subsequent siblings)
8 siblings, 0 replies; 13+ messages in thread
From: Michael Ellerman @ 2018-07-27 23:06 UTC (permalink / raw)
To: linuxppc-dev, diana.craciun; +Cc: oss, leoyang.li, bharat.bhushan
From: Diana Craciun <diana.craciun@nxp.com>
NXP Book3E platforms are not vulnerable to speculative store
bypass, so make the mitigations PPC_BOOK3S_64 specific.
Signed-off-by: Diana Craciun <diana.craciun@nxp.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
---
arch/powerpc/kernel/security.c | 3 +++
1 file changed, 3 insertions(+)
v5: No change.
diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
index 79f9397998ed..77f253a6f8c9 100644
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -176,6 +176,7 @@ ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, c
return s.len;
}
+#ifdef CONFIG_PPC_BOOK3S_64
/*
* Store-forwarding barrier support.
*/
@@ -323,3 +324,5 @@ static __init int stf_barrier_debugfs_init(void)
}
device_initcall(stf_barrier_debugfs_init);
#endif /* CONFIG_DEBUG_FS */
+#endif /* CONFIG_PPC_BOOK3S_64 */
+
--
2.14.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v5 3/8] powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
2018-07-27 23:06 [PATCH v5 0/8] powerpc/fsl: Speculation barrier for NXP PowerPC Book3E Michael Ellerman
2018-07-27 23:06 ` [PATCH v5 1/8] powerpc/64: Disable the speculation barrier from the command line Michael Ellerman
2018-07-27 23:06 ` [PATCH v5 2/8] powerpc/64: Make stf barrier PPC_BOOK3S_64 specific Michael Ellerman
@ 2018-07-27 23:06 ` Michael Ellerman
2018-07-27 23:06 ` [PATCH v5 4/8] powerpc/64: Call setup_barrier_nospec() from setup_arch() Michael Ellerman
` (5 subsequent siblings)
8 siblings, 0 replies; 13+ messages in thread
From: Michael Ellerman @ 2018-07-27 23:06 UTC (permalink / raw)
To: linuxppc-dev, diana.craciun; +Cc: oss, leoyang.li, bharat.bhushan
Add a config symbol to encode which platforms support the
barrier_nospec speculation barrier. Currently this is just Book3S 64
but we will add Book3E in a future patch.
Signed-off-by: Diana Craciun <diana.craciun@nxp.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
---
arch/powerpc/Kconfig | 7 ++++++-
arch/powerpc/include/asm/barrier.h | 6 +++---
arch/powerpc/include/asm/setup.h | 2 +-
arch/powerpc/kernel/Makefile | 3 ++-
arch/powerpc/kernel/module.c | 4 +++-
arch/powerpc/kernel/vmlinux.lds.S | 4 +++-
arch/powerpc/lib/feature-fixups.c | 6 ++++--
7 files changed, 22 insertions(+), 10 deletions(-)
v5: Rename the config symbol to match the name of the barrier and the name we
use in the code, ie. BARRIER_NOSPEC.
Don't introduce the freescale code in this patch.
Use BARRIER_NOSPEC in more places.
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
index 5eb4d969afbf..aef1c4e049f1 100644
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
@@ -165,7 +165,7 @@ config PPC
select GENERIC_CLOCKEVENTS_BROADCAST if SMP
select GENERIC_CMOS_UPDATE
select GENERIC_CPU_AUTOPROBE
- select GENERIC_CPU_VULNERABILITIES if PPC_BOOK3S_64
+ select GENERIC_CPU_VULNERABILITIES if PPC_BARRIER_NOSPEC
select GENERIC_IRQ_SHOW
select GENERIC_IRQ_SHOW_LEVEL
select GENERIC_SMP_IDLE_THREAD
@@ -241,6 +241,11 @@ config PPC
# Please keep this list sorted alphabetically.
#
+config PPC_BARRIER_NOSPEC
+ bool
+ default y
+ depends on PPC_BOOK3S_64
+
config GENERIC_CSUM
def_bool n
diff --git a/arch/powerpc/include/asm/barrier.h b/arch/powerpc/include/asm/barrier.h
index f67b3f6e36be..ec43375463ba 100644
--- a/arch/powerpc/include/asm/barrier.h
+++ b/arch/powerpc/include/asm/barrier.h
@@ -76,7 +76,7 @@ do { \
___p1; \
})
-#ifdef CONFIG_PPC_BOOK3S_64
+#ifdef CONFIG_PPC_BARRIER_NOSPEC
/*
* Prevent execution of subsequent instructions until preceding branches have
* been fully resolved and are no longer executing speculatively.
@@ -86,10 +86,10 @@ do { \
// This also acts as a compiler barrier due to the memory clobber.
#define barrier_nospec() asm (stringify_in_c(barrier_nospec_asm) ::: "memory")
-#else /* !CONFIG_PPC_BOOK3S_64 */
+#else /* !CONFIG_PPC_BARRIER_NOSPEC */
#define barrier_nospec_asm
#define barrier_nospec()
-#endif
+#endif /* CONFIG_PPC_BARRIER_NOSPEC */
#include <asm-generic/barrier.h>
diff --git a/arch/powerpc/include/asm/setup.h b/arch/powerpc/include/asm/setup.h
index 8721fd004291..8205f9fdfd67 100644
--- a/arch/powerpc/include/asm/setup.h
+++ b/arch/powerpc/include/asm/setup.h
@@ -56,7 +56,7 @@ void setup_barrier_nospec(void);
void do_barrier_nospec_fixups(bool enable);
extern bool barrier_nospec_enabled;
-#ifdef CONFIG_PPC_BOOK3S_64
+#ifdef CONFIG_PPC_BARRIER_NOSPEC
void do_barrier_nospec_fixups_range(bool enable, void *start, void *end);
#else
static inline void do_barrier_nospec_fixups_range(bool enable, void *start, void *end) { };
diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile
index 2b4c40b255e4..dbe2cf04b406 100644
--- a/arch/powerpc/kernel/Makefile
+++ b/arch/powerpc/kernel/Makefile
@@ -42,9 +42,10 @@ obj-$(CONFIG_VDSO32) += vdso32/
obj-$(CONFIG_PPC_WATCHDOG) += watchdog.o
obj-$(CONFIG_HAVE_HW_BREAKPOINT) += hw_breakpoint.o
obj-$(CONFIG_PPC_BOOK3S_64) += cpu_setup_ppc970.o cpu_setup_pa6t.o
-obj-$(CONFIG_PPC_BOOK3S_64) += cpu_setup_power.o security.o
+obj-$(CONFIG_PPC_BOOK3S_64) += cpu_setup_power.o
obj-$(CONFIG_PPC_BOOK3S_64) += mce.o mce_power.o
obj-$(CONFIG_PPC_BOOK3E_64) += exceptions-64e.o idle_book3e.o
+obj-$(CONFIG_PPC_BARRIER_NOSPEC) += security.o
obj-$(CONFIG_PPC64) += vdso64/
obj-$(CONFIG_ALTIVEC) += vecemu.o
obj-$(CONFIG_PPC_970_NAP) += idle_power4.o
diff --git a/arch/powerpc/kernel/module.c b/arch/powerpc/kernel/module.c
index 1b3c6835e730..77371c9ef3d8 100644
--- a/arch/powerpc/kernel/module.c
+++ b/arch/powerpc/kernel/module.c
@@ -72,13 +72,15 @@ int module_finalize(const Elf_Ehdr *hdr,
do_feature_fixups(powerpc_firmware_features,
(void *)sect->sh_addr,
(void *)sect->sh_addr + sect->sh_size);
+#endif /* CONFIG_PPC64 */
+#ifdef CONFIG_PPC_BARRIER_NOSPEC
sect = find_section(hdr, sechdrs, "__spec_barrier_fixup");
if (sect != NULL)
do_barrier_nospec_fixups_range(barrier_nospec_enabled,
(void *)sect->sh_addr,
(void *)sect->sh_addr + sect->sh_size);
-#endif
+#endif /* CONFIG_PPC_BARRIER_NOSPEC */
sect = find_section(hdr, sechdrs, "__lwsync_fixup");
if (sect != NULL)
diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S
index 5baac79df97e..07ae018e550e 100644
--- a/arch/powerpc/kernel/vmlinux.lds.S
+++ b/arch/powerpc/kernel/vmlinux.lds.S
@@ -153,14 +153,16 @@ SECTIONS
*(__rfi_flush_fixup)
__stop___rfi_flush_fixup = .;
}
+#endif /* CONFIG_PPC64 */
+#ifdef CONFIG_PPC_BARRIER_NOSPEC
. = ALIGN(8);
__spec_barrier_fixup : AT(ADDR(__spec_barrier_fixup) - LOAD_OFFSET) {
__start___barrier_nospec_fixup = .;
*(__barrier_nospec_fixup)
__stop___barrier_nospec_fixup = .;
}
-#endif
+#endif /* CONFIG_PPC_BARRIER_NOSPEC */
EXCEPTION_TABLE(0)
diff --git a/arch/powerpc/lib/feature-fixups.c b/arch/powerpc/lib/feature-fixups.c
index 8b69f868298c..0e604b41b5d1 100644
--- a/arch/powerpc/lib/feature-fixups.c
+++ b/arch/powerpc/lib/feature-fixups.c
@@ -304,6 +304,9 @@ void do_barrier_nospec_fixups_range(bool enable, void *fixup_start, void *fixup_
printk(KERN_DEBUG "barrier-nospec: patched %d locations\n", i);
}
+#endif /* CONFIG_PPC_BOOK3S_64 */
+
+#ifdef CONFIG_PPC_BARRIER_NOSPEC
void do_barrier_nospec_fixups(bool enable)
{
void *start, *end;
@@ -313,8 +316,7 @@ void do_barrier_nospec_fixups(bool enable)
do_barrier_nospec_fixups_range(enable, start, end);
}
-
-#endif /* CONFIG_PPC_BOOK3S_64 */
+#endif /* CONFIG_PPC_BARRIER_NOSPEC */
void do_lwsync_fixups(unsigned long value, void *fixup_start, void *fixup_end)
{
--
2.14.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v5 4/8] powerpc/64: Call setup_barrier_nospec() from setup_arch()
2018-07-27 23:06 [PATCH v5 0/8] powerpc/fsl: Speculation barrier for NXP PowerPC Book3E Michael Ellerman
` (2 preceding siblings ...)
2018-07-27 23:06 ` [PATCH v5 3/8] powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC Michael Ellerman
@ 2018-07-27 23:06 ` Michael Ellerman
2018-07-27 23:06 ` [PATCH v5 5/8] powerpc/64: Make meltdown reporting Book3S 64 specific Michael Ellerman
` (4 subsequent siblings)
8 siblings, 0 replies; 13+ messages in thread
From: Michael Ellerman @ 2018-07-27 23:06 UTC (permalink / raw)
To: linuxppc-dev, diana.craciun; +Cc: oss, leoyang.li, bharat.bhushan
Currently we require platform code to call setup_barrier_nospec(). But
if we add an empty definition for the !CONFIG_PPC_BARRIER_NOSPEC case
then we can call it in setup_arch().
Signed-off-by: Diana Craciun <diana.craciun@nxp.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
---
arch/powerpc/include/asm/setup.h | 4 ++++
arch/powerpc/kernel/setup-common.c | 2 ++
arch/powerpc/platforms/powernv/setup.c | 1 -
arch/powerpc/platforms/pseries/setup.c | 1 -
4 files changed, 6 insertions(+), 2 deletions(-)
v5: Split out.
diff --git a/arch/powerpc/include/asm/setup.h b/arch/powerpc/include/asm/setup.h
index 8205f9fdfd67..1a951b00465d 100644
--- a/arch/powerpc/include/asm/setup.h
+++ b/arch/powerpc/include/asm/setup.h
@@ -52,7 +52,11 @@ enum l1d_flush_type {
void setup_rfi_flush(enum l1d_flush_type, bool enable);
void do_rfi_flush_fixups(enum l1d_flush_type types);
+#ifdef CONFIG_PPC_BARRIER_NOSPEC
void setup_barrier_nospec(void);
+#else
+static inline void setup_barrier_nospec(void) { };
+#endif
void do_barrier_nospec_fixups(bool enable);
extern bool barrier_nospec_enabled;
diff --git a/arch/powerpc/kernel/setup-common.c b/arch/powerpc/kernel/setup-common.c
index 40b44bb53a4e..93fa0c99681e 100644
--- a/arch/powerpc/kernel/setup-common.c
+++ b/arch/powerpc/kernel/setup-common.c
@@ -972,6 +972,8 @@ void __init setup_arch(char **cmdline_p)
if (ppc_md.setup_arch)
ppc_md.setup_arch();
+ setup_barrier_nospec();
+
paging_init();
/* Initialize the MMU context management stuff. */
diff --git a/arch/powerpc/platforms/powernv/setup.c b/arch/powerpc/platforms/powernv/setup.c
index f96df0a25d05..1ab6dc70b5a4 100644
--- a/arch/powerpc/platforms/powernv/setup.c
+++ b/arch/powerpc/platforms/powernv/setup.c
@@ -124,7 +124,6 @@ static void pnv_setup_rfi_flush(void)
security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV));
setup_rfi_flush(type, enable);
- setup_barrier_nospec();
}
static void __init pnv_setup_arch(void)
diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c
index 139f0af6c3d9..fdb32e056ef4 100644
--- a/arch/powerpc/platforms/pseries/setup.c
+++ b/arch/powerpc/platforms/pseries/setup.c
@@ -534,7 +534,6 @@ void pseries_setup_rfi_flush(void)
security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR);
setup_rfi_flush(types, enable);
- setup_barrier_nospec();
}
#ifdef CONFIG_PCI_IOV
--
2.14.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v5 5/8] powerpc/64: Make meltdown reporting Book3S 64 specific
2018-07-27 23:06 [PATCH v5 0/8] powerpc/fsl: Speculation barrier for NXP PowerPC Book3E Michael Ellerman
` (3 preceding siblings ...)
2018-07-27 23:06 ` [PATCH v5 4/8] powerpc/64: Call setup_barrier_nospec() from setup_arch() Michael Ellerman
@ 2018-07-27 23:06 ` Michael Ellerman
2018-07-27 23:06 ` [PATCH v5 6/8] powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E Michael Ellerman
` (3 subsequent siblings)
8 siblings, 0 replies; 13+ messages in thread
From: Michael Ellerman @ 2018-07-27 23:06 UTC (permalink / raw)
To: linuxppc-dev, diana.craciun; +Cc: oss, leoyang.li, bharat.bhushan
From: Diana Craciun <diana.craciun@nxp.com>
In a subsequent patch we will enable building security.c for Book3E.
However the NXP platforms are not vulnerable to Meltdown, so make the
Meltdown vulnerability reporting PPC_BOOK3S_64 specific.
Signed-off-by: Diana Craciun <diana.craciun@nxp.com>
[mpe: Split out of larger patch]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
---
arch/powerpc/kernel/security.c | 2 ++
1 file changed, 2 insertions(+)
v5: Split out.
diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
index 77f253a6f8c9..ef72161de474 100644
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -92,6 +92,7 @@ static __init int barrier_nospec_debugfs_init(void)
device_initcall(barrier_nospec_debugfs_init);
#endif /* CONFIG_DEBUG_FS */
+#ifdef CONFIG_PPC_BOOK3S_64
ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf)
{
bool thread_priv;
@@ -124,6 +125,7 @@ ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, cha
return sprintf(buf, "Vulnerable\n");
}
+#endif
ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, char *buf)
{
--
2.14.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v5 6/8] powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E
2018-07-27 23:06 [PATCH v5 0/8] powerpc/fsl: Speculation barrier for NXP PowerPC Book3E Michael Ellerman
` (4 preceding siblings ...)
2018-07-27 23:06 ` [PATCH v5 5/8] powerpc/64: Make meltdown reporting Book3S 64 specific Michael Ellerman
@ 2018-07-27 23:06 ` Michael Ellerman
2018-07-27 23:06 ` [PATCH v5 7/8] powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms Michael Ellerman
` (2 subsequent siblings)
8 siblings, 0 replies; 13+ messages in thread
From: Michael Ellerman @ 2018-07-27 23:06 UTC (permalink / raw)
To: linuxppc-dev, diana.craciun; +Cc: oss, leoyang.li, bharat.bhushan
From: Diana Craciun <diana.craciun@nxp.com>
Implement the barrier_nospec as a isync;sync instruction sequence.
The implementation uses the infrastructure built for BOOK3S 64.
Signed-off-by: Diana Craciun <diana.craciun@nxp.com>
[mpe: Split out of larger patch]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
---
arch/powerpc/Kconfig | 2 +-
arch/powerpc/include/asm/barrier.h | 8 +++++++-
arch/powerpc/lib/feature-fixups.c | 31 +++++++++++++++++++++++++++++++
3 files changed, 39 insertions(+), 2 deletions(-)
v5: Split out.
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
index aef1c4e049f1..a0e9946083f4 100644
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
@@ -244,7 +244,7 @@ config PPC
config PPC_BARRIER_NOSPEC
bool
default y
- depends on PPC_BOOK3S_64
+ depends on PPC_BOOK3S_64 || PPC_FSL_BOOK3E
config GENERIC_CSUM
def_bool n
diff --git a/arch/powerpc/include/asm/barrier.h b/arch/powerpc/include/asm/barrier.h
index ec43375463ba..449474f667c4 100644
--- a/arch/powerpc/include/asm/barrier.h
+++ b/arch/powerpc/include/asm/barrier.h
@@ -76,12 +76,18 @@ do { \
___p1; \
})
+#ifdef CONFIG_PPC_BOOK3S_64
+#define NOSPEC_BARRIER_SLOT nop
+#elif defined(CONFIG_PPC_FSL_BOOK3E)
+#define NOSPEC_BARRIER_SLOT nop; nop
+#endif
+
#ifdef CONFIG_PPC_BARRIER_NOSPEC
/*
* Prevent execution of subsequent instructions until preceding branches have
* been fully resolved and are no longer executing speculatively.
*/
-#define barrier_nospec_asm NOSPEC_BARRIER_FIXUP_SECTION; nop
+#define barrier_nospec_asm NOSPEC_BARRIER_FIXUP_SECTION; NOSPEC_BARRIER_SLOT
// This also acts as a compiler barrier due to the memory clobber.
#define barrier_nospec() asm (stringify_in_c(barrier_nospec_asm) ::: "memory")
diff --git a/arch/powerpc/lib/feature-fixups.c b/arch/powerpc/lib/feature-fixups.c
index 0e604b41b5d1..e613b02bb2f0 100644
--- a/arch/powerpc/lib/feature-fixups.c
+++ b/arch/powerpc/lib/feature-fixups.c
@@ -318,6 +318,37 @@ void do_barrier_nospec_fixups(bool enable)
}
#endif /* CONFIG_PPC_BARRIER_NOSPEC */
+#ifdef CONFIG_PPC_FSL_BOOK3E
+void do_barrier_nospec_fixups_range(bool enable, void *fixup_start, void *fixup_end)
+{
+ unsigned int instr[2], *dest;
+ long *start, *end;
+ int i;
+
+ start = fixup_start;
+ end = fixup_end;
+
+ instr[0] = PPC_INST_NOP;
+ instr[1] = PPC_INST_NOP;
+
+ if (enable) {
+ pr_info("barrier-nospec: using isync; sync as speculation barrier\n");
+ instr[0] = PPC_INST_ISYNC;
+ instr[1] = PPC_INST_SYNC;
+ }
+
+ for (i = 0; start < end; start++, i++) {
+ dest = (void *)start + *start;
+
+ pr_devel("patching dest %lx\n", (unsigned long)dest);
+ patch_instruction(dest, instr[0]);
+ patch_instruction(dest + 1, instr[1]);
+ }
+
+ printk(KERN_DEBUG "barrier-nospec: patched %d locations\n", i);
+}
+#endif /* CONFIG_PPC_FSL_BOOK3E */
+
void do_lwsync_fixups(unsigned long value, void *fixup_start, void *fixup_end)
{
long *start, *end;
--
2.14.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v5 7/8] powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms
2018-07-27 23:06 [PATCH v5 0/8] powerpc/fsl: Speculation barrier for NXP PowerPC Book3E Michael Ellerman
` (5 preceding siblings ...)
2018-07-27 23:06 ` [PATCH v5 6/8] powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E Michael Ellerman
@ 2018-07-27 23:06 ` Michael Ellerman
2018-07-27 23:06 ` [PATCH v5 8/8] Documentation: Add nospectre_v1 parameter Michael Ellerman
2018-08-06 13:28 ` [PATCH v5 0/8] powerpc/fsl: Speculation barrier for NXP PowerPC Book3E Diana Madalina Craciun
8 siblings, 0 replies; 13+ messages in thread
From: Michael Ellerman @ 2018-07-27 23:06 UTC (permalink / raw)
To: linuxppc-dev, diana.craciun; +Cc: oss, leoyang.li, bharat.bhushan
From: Diana Craciun <diana.craciun@nxp.com>
Used barrier_nospec to sanitize the syscall table.
Signed-off-by: Diana Craciun <diana.craciun@nxp.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
---
arch/powerpc/kernel/entry_32.S | 10 ++++++++++
1 file changed, 10 insertions(+)
v5: No change.
diff --git a/arch/powerpc/kernel/entry_32.S b/arch/powerpc/kernel/entry_32.S
index 973577f2141c..8f05280c8d92 100644
--- a/arch/powerpc/kernel/entry_32.S
+++ b/arch/powerpc/kernel/entry_32.S
@@ -33,6 +33,7 @@
#include <asm/unistd.h>
#include <asm/ptrace.h>
#include <asm/export.h>
+#include <asm/barrier.h>
/*
* MSR_KERNEL is > 0x10000 on 4xx/Book-E since it include MSR_CE.
@@ -358,6 +359,15 @@ syscall_dotrace_cont:
ori r10,r10,sys_call_table@l
slwi r0,r0,2
bge- 66f
+
+ barrier_nospec_asm
+ /*
+ * Prevent the load of the handler below (based on the user-passed
+ * system call number) being speculatively executed until the test
+ * against NR_syscalls and branch to .66f above has
+ * committed.
+ */
+
lwzx r10,r10,r0 /* Fetch system call handler [ptr] */
mtlr r10
addi r9,r1,STACK_FRAME_OVERHEAD
--
2.14.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v5 8/8] Documentation: Add nospectre_v1 parameter
2018-07-27 23:06 [PATCH v5 0/8] powerpc/fsl: Speculation barrier for NXP PowerPC Book3E Michael Ellerman
` (6 preceding siblings ...)
2018-07-27 23:06 ` [PATCH v5 7/8] powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms Michael Ellerman
@ 2018-07-27 23:06 ` Michael Ellerman
2018-08-08 14:26 ` [v5,8/8] " Michael Ellerman
2018-08-06 13:28 ` [PATCH v5 0/8] powerpc/fsl: Speculation barrier for NXP PowerPC Book3E Diana Madalina Craciun
8 siblings, 1 reply; 13+ messages in thread
From: Michael Ellerman @ 2018-07-27 23:06 UTC (permalink / raw)
To: linuxppc-dev, diana.craciun; +Cc: oss, leoyang.li, bharat.bhushan
From: Diana Craciun <diana.craciun@nxp.com>
Currently only supported on powerpc.
Signed-off-by: Diana Craciun <diana.craciun@nxp.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
---
Documentation/admin-guide/kernel-parameters.txt | 4 ++++
1 file changed, 4 insertions(+)
v5: Change log and whitespace.
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index efc7aa7a0670..4167bbea51e1 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2687,6 +2687,10 @@
nosmt [KNL,S390] Disable symmetric multithreading (SMT).
Equivalent to smt=1.
+ nospectre_v1 [PPC] Disable mitigations for Spectre Variant 1 (bounds
+ check bypass). With this option data leaks are possible
+ in the system.
+
nospectre_v2 [X86] Disable all mitigations for the Spectre variant 2
(indirect branch prediction) vulnerability. System may
allow data leaks with this option, which is equivalent
--
2.14.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [PATCH v5 0/8] powerpc/fsl: Speculation barrier for NXP PowerPC Book3E
2018-07-27 23:06 [PATCH v5 0/8] powerpc/fsl: Speculation barrier for NXP PowerPC Book3E Michael Ellerman
` (7 preceding siblings ...)
2018-07-27 23:06 ` [PATCH v5 8/8] Documentation: Add nospectre_v1 parameter Michael Ellerman
@ 2018-08-06 13:28 ` Diana Madalina Craciun
2018-08-08 14:03 ` Michael Ellerman
8 siblings, 1 reply; 13+ messages in thread
From: Diana Madalina Craciun @ 2018-08-06 13:28 UTC (permalink / raw)
To: Michael Ellerman, linuxppc-dev; +Cc: oss, Leo Li, Bharat Bhushan
Hi Michael,=0A=
=0A=
Sorry for the late answer, I was out of the office last week.=0A=
=0A=
It looks fine to me, I have tested the patches on NXP PowerPC Book 3E=0A=
platforms and it worked well.=0A=
=0A=
Thanks,=0A=
=0A=
Diana=0A=
=0A=
On 7/28/2018 2:06 AM, Michael Ellerman wrote:=0A=
> Implement barrier_nospec for NXP PowerPC Book3E processors.=0A=
>=0A=
> Hi Diana,=0A=
>=0A=
> This series interacts with another series of mine, so I wanted to rework =
it=0A=
> slightly. Let me know if this looks OK to you.=0A=
>=0A=
> cheers=0A=
>=0A=
> Diana Craciun (6):=0A=
> powerpc/64: Disable the speculation barrier from the command line=0A=
> powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.=0A=
> powerpc/64: Make meltdown reporting Book3S 64 specific=0A=
> powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E=
=0A=
> powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit=0A=
> platforms=0A=
> Documentation: Add nospectre_v1 parameter=0A=
>=0A=
> Michael Ellerman (2):=0A=
> powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC=0A=
> powerpc/64: Call setup_barrier_nospec() from setup_arch()=0A=
>=0A=
> Documentation/admin-guide/kernel-parameters.txt | 4 +++=0A=
> arch/powerpc/Kconfig | 7 ++++-=0A=
> arch/powerpc/include/asm/barrier.h | 12 ++++++---=0A=
> arch/powerpc/include/asm/setup.h | 6 ++++-=0A=
> arch/powerpc/kernel/Makefile | 3 ++-=0A=
> arch/powerpc/kernel/entry_32.S | 10 +++++++=0A=
> arch/powerpc/kernel/module.c | 4 ++-=0A=
> arch/powerpc/kernel/security.c | 17 +++++++++++-=0A=
> arch/powerpc/kernel/setup-common.c | 2 ++=0A=
> arch/powerpc/kernel/vmlinux.lds.S | 4 ++-=0A=
> arch/powerpc/lib/feature-fixups.c | 35 +++++++++++++++++++=
+++++-=0A=
> arch/powerpc/platforms/powernv/setup.c | 1 -=0A=
> arch/powerpc/platforms/pseries/setup.c | 1 -=0A=
> 13 files changed, 94 insertions(+), 12 deletions(-)=0A=
>=0A=
=0A=
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH v5 0/8] powerpc/fsl: Speculation barrier for NXP PowerPC Book3E
2018-08-06 13:28 ` [PATCH v5 0/8] powerpc/fsl: Speculation barrier for NXP PowerPC Book3E Diana Madalina Craciun
@ 2018-08-08 14:03 ` Michael Ellerman
0 siblings, 0 replies; 13+ messages in thread
From: Michael Ellerman @ 2018-08-08 14:03 UTC (permalink / raw)
To: Diana Madalina Craciun, linuxppc-dev; +Cc: oss, Leo Li, Bharat Bhushan
Diana Madalina Craciun <diana.craciun@nxp.com> writes:
> Hi Michael,
>
> Sorry for the late answer, I was out of the office last week.
>
> It looks fine to me, I have tested the patches on NXP PowerPC Book 3E
> platforms and it worked well.
Thanks.
cheers
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [v5, 1/8] powerpc/64: Disable the speculation barrier from the command line
2018-07-27 23:06 ` [PATCH v5 1/8] powerpc/64: Disable the speculation barrier from the command line Michael Ellerman
@ 2018-08-08 14:26 ` Michael Ellerman
0 siblings, 0 replies; 13+ messages in thread
From: Michael Ellerman @ 2018-08-08 14:26 UTC (permalink / raw)
To: Michael Ellerman, linuxppc-dev, diana.craciun
Cc: oss, bharat.bhushan, leoyang.li
On Fri, 2018-07-27 at 23:06:32 UTC, Michael Ellerman wrote:
> From: Diana Craciun <diana.craciun@nxp.com>
>
> The speculation barrier can be disabled from the command line
> with the parameter: "nospectre_v1".
>
> Signed-off-by: Diana Craciun <diana.craciun@nxp.com>
> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Series applied to powerpc next.
https://git.kernel.org/powerpc/c/cf175dc315f90185128fb061dc05b6
cheers
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [v5,8/8] Documentation: Add nospectre_v1 parameter
2018-07-27 23:06 ` [PATCH v5 8/8] Documentation: Add nospectre_v1 parameter Michael Ellerman
@ 2018-08-08 14:26 ` Michael Ellerman
0 siblings, 0 replies; 13+ messages in thread
From: Michael Ellerman @ 2018-08-08 14:26 UTC (permalink / raw)
To: Michael Ellerman, linuxppc-dev, diana.craciun
Cc: oss, bharat.bhushan, leoyang.li
On Fri, 2018-07-27 at 23:06:39 UTC, Michael Ellerman wrote:
> From: Diana Craciun <diana.craciun@nxp.com>
>
> Currently only supported on powerpc.
>
> Signed-off-by: Diana Craciun <diana.craciun@nxp.com>
> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Applied to powerpc next.
https://git.kernel.org/powerpc/c/26cb1f36c43ee6e89d2a9f48a5a750
cheers
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2018-08-08 14:26 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-07-27 23:06 [PATCH v5 0/8] powerpc/fsl: Speculation barrier for NXP PowerPC Book3E Michael Ellerman
2018-07-27 23:06 ` [PATCH v5 1/8] powerpc/64: Disable the speculation barrier from the command line Michael Ellerman
2018-08-08 14:26 ` [v5, " Michael Ellerman
2018-07-27 23:06 ` [PATCH v5 2/8] powerpc/64: Make stf barrier PPC_BOOK3S_64 specific Michael Ellerman
2018-07-27 23:06 ` [PATCH v5 3/8] powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC Michael Ellerman
2018-07-27 23:06 ` [PATCH v5 4/8] powerpc/64: Call setup_barrier_nospec() from setup_arch() Michael Ellerman
2018-07-27 23:06 ` [PATCH v5 5/8] powerpc/64: Make meltdown reporting Book3S 64 specific Michael Ellerman
2018-07-27 23:06 ` [PATCH v5 6/8] powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E Michael Ellerman
2018-07-27 23:06 ` [PATCH v5 7/8] powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms Michael Ellerman
2018-07-27 23:06 ` [PATCH v5 8/8] Documentation: Add nospectre_v1 parameter Michael Ellerman
2018-08-08 14:26 ` [v5,8/8] " Michael Ellerman
2018-08-06 13:28 ` [PATCH v5 0/8] powerpc/fsl: Speculation barrier for NXP PowerPC Book3E Diana Madalina Craciun
2018-08-08 14:03 ` Michael Ellerman
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.