On Mon, 3 May 2021 at 13:04, Nicholas Piggin <npig...@gmail.com> wrote:
>
> These aren't necessarily POWER9 only, and it's not to say some new
> vulnerability may not get discovered on other processors for which
> we would like the flexibility of having the workaround enabled by
> firmware.
>
> Remove the restriction that they only apply to POWER9.
I was wondering how these worked which led me to reviewing your patch.
>From what I could see, these are enabled by default (SEC_FTR_DEFAULT
in arch/powerpc/include/asm/security_features.h), so unless all
non-POWER9 machines have set the "please don't" bit in their firmware
this patch will enable the feature for those machines. Is that what
you wanted?
>
> Signed-off-by: Nicholas Piggin <npig...@gmail.com>
> ---
> arch/powerpc/platforms/powernv/setup.c | 9 ---------
> 1 file changed, 9 deletions(-)
>
> diff --git a/arch/powerpc/platforms/powernv/setup.c
> b/arch/powerpc/platforms/powernv/setup.c
> index a8db3f153063..6ec67223f8c7 100644
> --- a/arch/powerpc/platforms/powernv/setup.c
> +++ b/arch/powerpc/platforms/powernv/setup.c
> @@ -122,15 +122,6 @@ static void pnv_setup_security_mitigations(void)
> type = L1D_FLUSH_ORI;
> }
>
> - /*
> - * If we are non-Power9 bare metal, we don't need to flush on kernel
> - * entry or after user access: they fix a P9 specific vulnerability.
> - */
> - if (!pvr_version_is(PVR_POWER9)) {
> - security_ftr_clear(SEC_FTR_L1D_FLUSH_ENTRY);
> - security_ftr_clear(SEC_FTR_L1D_FLUSH_UACCESS);
> - }
> -
> enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) && \
> (security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR) || \
> security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV));
> --
> 2.23.0
>
