From: Joel Stanley <joel@jms.id.au>
To: Nicholas Piggin <npiggin@gmail.com>
Cc: linuxppc-dev <linuxppc-dev@lists.ozlabs.org>
Subject: Re: [PATCH 4/4] powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes
Date: Tue, 4 May 2021 00:51:26 +0000 [thread overview]
Message-ID: <CACPK8XekEXgqA1bML6A+NbsshzsLe+pLTzGJzRLdC+QKrV5T9Q@mail.gmail.com> (raw)
In-Reply-To: <20210503130243.891868-5-npiggin@gmail.com>
On Mon, 3 May 2021 at 13:04, Nicholas Piggin <npiggin@gmail.com> wrote:
>
> These aren't necessarily POWER9 only, and it's not to say some new
> vulnerability may not get discovered on other processors for which
> we would like the flexibility of having the workaround enabled by
> firmware.
>
> Remove the restriction that they only apply to POWER9.
I was wondering how these worked which led me to reviewing your patch.
From what I could see, these are enabled by default (SEC_FTR_DEFAULT
in arch/powerpc/include/asm/security_features.h), so unless all
non-POWER9 machines have set the "please don't" bit in their firmware
this patch will enable the feature for those machines. Is that what
you wanted?
>
> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
> ---
> arch/powerpc/platforms/powernv/setup.c | 9 ---------
> 1 file changed, 9 deletions(-)
>
> diff --git a/arch/powerpc/platforms/powernv/setup.c b/arch/powerpc/platforms/powernv/setup.c
> index a8db3f153063..6ec67223f8c7 100644
> --- a/arch/powerpc/platforms/powernv/setup.c
> +++ b/arch/powerpc/platforms/powernv/setup.c
> @@ -122,15 +122,6 @@ static void pnv_setup_security_mitigations(void)
> type = L1D_FLUSH_ORI;
> }
>
> - /*
> - * If we are non-Power9 bare metal, we don't need to flush on kernel
> - * entry or after user access: they fix a P9 specific vulnerability.
> - */
> - if (!pvr_version_is(PVR_POWER9)) {
> - security_ftr_clear(SEC_FTR_L1D_FLUSH_ENTRY);
> - security_ftr_clear(SEC_FTR_L1D_FLUSH_UACCESS);
> - }
> -
> enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) && \
> (security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR) || \
> security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV));
> --
> 2.23.0
>
next prev parent reply other threads:[~2021-05-04 0:52 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-03 13:02 [PATCH 0/4] powerpc/security mitigation updates Nicholas Piggin
2021-05-03 13:02 ` [PATCH 1/4] powerpc/pseries: Get entry and uaccess flush required bits from H_GET_CPU_CHARACTERISTICS Nicholas Piggin
2021-05-03 13:02 ` [PATCH 2/4] powerpc/security: Add a security feature for STF barrier Nicholas Piggin
2021-05-03 13:02 ` [PATCH 3/4] powerpc/pesries: Get STF barrier requirement from H_GET_CPU_CHARACTERISTICS Nicholas Piggin
2021-05-03 13:02 ` [PATCH 4/4] powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes Nicholas Piggin
2021-05-04 0:51 ` Joel Stanley [this message]
2021-05-04 9:16 ` Nicholas Piggin
2021-05-05 1:43 ` Joel Stanley
2021-05-08 10:00 ` Nicholas Piggin
2021-06-24 14:03 ` [PATCH 0/4] powerpc/security mitigation updates Michael Ellerman
2021-11-25 9:35 ` Michael Ellerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CACPK8XekEXgqA1bML6A+NbsshzsLe+pLTzGJzRLdC+QKrV5T9Q@mail.gmail.com \
--to=joel@jms.id.au \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=npiggin@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.