On Mon, 4 Apr 2022 at 10:15, Russell Currey <rus...@russell.cc> wrote:
>
> The device-tree properties no-need-l1d-flush-msr-pr-1-to-0 and
> no-need-l1d-flush-kernel-on-user-access are the equivalents of
> H_CPU_BEHAV_NO_L1D_FLUSH_ENTRY and H_CPU_BEHAV_NO_L1D_FLUSH_UACCESS
> from the H_GET_CPU_CHARACTERISTICS hcall on pseries respectively.
>
> In commit d02fa40d759f ("powerpc/powernv: Remove POWER9 PVR version
> check for entry and uaccess flushes") the condition for disabling the
> L1D flush on kernel entry and user access was changed from any non-P9
> CPU to only checking P7 and P8. Without the appropriate device-tree
> checks for newer processors on powernv, these flushes are unnecessarily
> enabled on those systems. This patch corrects this.
>
> Fixes: d02fa40d759f ("powerpc/powernv: Remove POWER9 PVR version check for
> entry and uaccess flushes")
> Reported-by: Joel Stanley <j...@jms.id.au>
> Signed-off-by: Russell Currey <rus...@russell.cc>
I booted both patches in this series on a power10 powernv machine,
applied on top of v5.18-rc1:
$ dmesg |grep -i flush
[ 0.000000] rfi-flush: fallback displacement flush available
[ 0.000000] rfi-flush: patched 12 locations (no flush)
[ 0.000000] count-cache-flush: flush disabled.
[ 0.000000] link-stack-flush: flush disabled.
$ grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/itlb_multihit:Not affected
/sys/devices/system/cpu/vulnerabilities/l1tf:Not affected
/sys/devices/system/cpu/vulnerabilities/mds:Not affected
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user
pointer sanitization, ori31 speculation barrier enabled
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation:
Software count cache flush (hardware accelerated), Software link stack
flush
/sys/devices/system/cpu/vulnerabilities/srbds:Not affected
/sys/devices/system/cpu/vulnerabilities/tsx_async_abort:Not affected
Does that match what we expect?
Cheers,
Joel
> ---
> arch/powerpc/platforms/powernv/setup.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/arch/powerpc/platforms/powernv/setup.c
> b/arch/powerpc/platforms/powernv/setup.c
> index 105d889abd51..378f7e5f18d2 100644
> --- a/arch/powerpc/platforms/powernv/setup.c
> +++ b/arch/powerpc/platforms/powernv/setup.c
> @@ -96,6 +96,12 @@ static void __init init_fw_feat_flags(struct device_node
> *np)
>
> if (fw_feature_is("disabled", "needs-spec-barrier-for-bound-checks",
> np))
> security_ftr_clear(SEC_FTR_BNDS_CHK_SPEC_BAR);
> +
> + if (fw_feature_is("enabled", "no-need-l1d-flush-msr-pr-1-to-0", np))
> + security_ftr_clear(SEC_FTR_L1D_FLUSH_ENTRY);
> +
> + if (fw_feature_is("enabled",
> "no-need-l1d-flush-kernel-on-user-access", np))
> + security_ftr_clear(SEC_FTR_L1D_FLUSH_UACCESS);
> }
>
> static void __init pnv_setup_security_mitigations(void)
> --
> 2.35.1
>
