Greg KH writes:
> On Fri, May 25, 2018 at 09:03:11PM +1000, Michael Ellerman wrote:
>> Michael Ellerman writes:
>> > Hi Greg,
>> >
>> > Please queue up this series of patches for 4.14 if you have no objections.
>>
>> I just realised I didn't fix up the cherry-pick markings on these, so
>> they s
From: Nicholas Piggin
commit a048a07d7f4535baa4cbad6bc024f175317ab938 upstream.
On some CPUs we can prevent a vulnerability related to store-to-load
forwarding by preventing store forwarding between privilege domains,
by inserting a barrier in kernel entry and exit paths.
This is known to be th
commit 501a78cbc17c329fabf8e9750a1e9ab810c88a0e upstream.
The recent LPM changes to setup_rfi_flush() are causing some section
mismatch warnings because we removed the __init annotation on
setup_rfi_flush():
The function setup_rfi_flush() references
the function __init ppc64_bolted_size().
From: Mauricio Faria de Oliveira
commit 6232774f1599028a15418179d17f7df47ede770a upstream.
After migration the security feature flags might have changed (e.g.,
destination system with unpatched firmware), but some flags are not
set/clear again in init_cpu_char_feature_flags() because it assumes
From: Mauricio Faria de Oliveira
commit e7347a86830f38dc3e40c8f7e28c04412b12a2e7 upstream.
This moves the definition of the default security feature flags
(i.e., enabled by default) closer to the security feature flags.
This can be used to restore current flags to the default flags.
Signed-off
From: Mauricio Faria de Oliveira
commit 0f9bdfe3c77091e8704d2e510eb7c2c2c6cde524 upstream.
The H_CPU_BEHAV_* flags should be checked for in the 'behaviour' field
of 'struct h_cpu_char_result' -- 'character' is for H_CPU_CHAR_*
flags.
Found by playing around with QEMU's implementation of the hyp
commit d6fbe1c55c55c6937cbea3531af7da84ab7473c3 upstream.
Add a definition for cpu_show_spectre_v2() to override the generic
version. This has several permuations, though in practice some may not
occur we cater for any combination.
The most verbose is:
Mitigation: Indirect branch serialisation
commit 56986016cb8cd9050e601831fe89f332b4e3c46e upstream.
Add a definition for cpu_show_spectre_v1() to override the generic
version. Currently this just prints "Not affected" or "Vulnerable"
based on the firmware flag.
Although the kernel does have array_index_nospec() in a few places, we
haven'
commit 2e4a16161fcd324b1f9bf6cb6856529f7eaf0689 upstream.
Now that we have the security flags we can simplify the code in
pseries_setup_rfi_flush() because the security flags have pessimistic
defaults.
Signed-off-by: Michael Ellerman
---
arch/powerpc/platforms/pseries/setup.c | 27 -
commit 37c0bdd00d3ae83369ab60a6712c28e11e6458d5 upstream.
Now that we have the security flags we can significantly simplify the
code in pnv_setup_rfi_flush(), because we can use the flags instead of
checking device tree properties and because the security flags have
pessimistic defaults.
Signed-o
commit ff348355e9c72493947be337bb4fae4fc1a41eba upstream.
Now that we have the security feature flags we can make the
information displayed in the "meltdown" file more informative.
Signed-off-by: Michael Ellerman
---
arch/powerpc/include/asm/security_features.h | 1 +
arch/powerpc/kernel/secur
commit 8ad33041563a10b34988800c682ada14b2612533 upstream.
This landed in setup_64.c for no good reason other than we had nowhere
else to put it. Now that we have a security-related file, that is a
better place for it so move it.
Signed-off-by: Michael Ellerman
---
arch/powerpc/kernel/security.c
commit 77addf6e95c8689e478d607176b399a6242a777e upstream.
Now that we have feature flags for security related things, set or
clear them based on what we see in the device tree provided by
firmware.
Signed-off-by: Michael Ellerman
---
arch/powerpc/platforms/powernv/setup.c | 56 +
commit f636c14790ead6cc22cf62279b1f8d7e11a67116 upstream.
Now that we have feature flags for security related things, set or
clear them based on what we receive from the hypercall.
Signed-off-by: Michael Ellerman
---
arch/powerpc/platforms/pseries/setup.c | 43 ++
commit 9a868f634349e62922c226834aa23e3d1329ae7f upstream.
This commit adds security feature flags to reflect the settings we
receive from firmware regarding Spectre/Meltdown mitigations.
The feature names reflect the names we are given by firmware on bare
metal machines. See the hostboot source f
commit c4bc36628d7f8b664657d8bd6ad1c44c177880b7 upstream.
Add some additional values which have been defined for the
H_GET_CPU_CHARACTERISTICS hypercall.
Signed-off-by: Michael Ellerman
---
arch/powerpc/include/asm/hvcall.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/powerpc/inc
commit 921bc6cf807ceb2ab8005319cf39f33494d6b100 upstream.
We might have migrated to a machine that uses a different flush type,
or doesn't need flushing at all.
Signed-off-by: Michael Ellerman
Signed-off-by: Mauricio Faria de Oliveira
Signed-off-by: Michael Ellerman
---
arch/powerpc/platforms
From: Mauricio Faria de Oliveira
commit 0063d61ccfc011f379a31acaeba6de7c926fed2c upstream.
Currently the rfi-flush messages print 'Using flush' for all
enabled_flush_types, but that is not necessarily true -- as now the
fallback flush is always enabled on pseries, but the fixup function
overwri
commit 84749a58b6e382f109abf1e734bc4dd43c2c25bb upstream.
This ensures the fallback flush area is always allocated on pseries,
so in case a LPAR is migrated from a patched to an unpatched system,
it is possible to enable the fallback flush in the target system.
Signed-off-by: Michael Ellerman
Si
commit abf110f3e1cea40f5ea15e85f5d67c39c14568a7 upstream.
For PowerVM migration we want to be able to call setup_rfi_flush()
again after we've migrated the partition.
To support that we need to check that we're not trying to allocate the
fallback flush area after memblock has gone away (i.e., boo
commit 1e2a9fc7496955faacbbed49461d611b704a7505 upstream.
rfi_flush_enable() includes a check to see if we're already
enabled (or disabled), and in that case does nothing.
But that means calling setup_rfi_flush() a 2nd time doesn't actually
work, which is a bit confusing.
Move that check into th
commit eb0a2d2620ae431c543963c8c7f08f597366fc60 upstream.
Some versions of firmware will have a setting that can be configured
to disable the RFI flush, add support for it.
Fixes: 6e032b350cd1 ("powerpc/powernv: Check device-tree for RFI flush
settings")
Signed-off-by: Michael Ellerman
---
arc
commit 582605a429e20ae68fd0b041b2e840af296edd08 upstream.
Some versions of firmware will have a setting that can be configured
to disable the RFI flush, add support for it.
Fixes: 8989d56878a7 ("powerpc/pseries: Query hypervisor for RFI flush settings")
Signed-off-by: Michael Ellerman
---
arch/
From: Nicholas Piggin
commit bdcb1aefc5b3f7d0f1dc8b02673602bca2ff7a4b upstream.
The fallback RFI flush is used when firmware does not provide a way
to flush the cache. It's a "displacement flush" that evicts useful
data by displacing it with an uninteresting buffer.
The flush has to take care t
Hi Greg,
Please queue up this series of patches for 4.14 if you have no objections.
cheers
v2: Fixed up upstream commit markings.
Mauricio Faria de Oliveira (4):
powerpc/rfi-flush: Differentiate enabled and patched flush types
powerpc/pseries: Fix clearing of security feature flags
powerp
On Thu, May 24, 2018 at 08:27:04AM +1000, Benjamin Herrenschmidt wrote:
> On Wed, 2018-05-23 at 21:50 +0300, Michael S. Tsirkin wrote:
>
> > I re-read that discussion and I'm still unclear on the
> > original question, since I got several apparently
> > conflicting answers.
> >
> > I asked:
> >
When relaxing access (read -> read_write update), pte need to be marked invalid
to handle a nest MMU bug. We also need to do a tlb flush after the pte is
marked invalid before updating the pte with new access bits.
We also move tlb flush to platform specific __ptep_set_access_flags. This will
help
In later patch we will update them which require them to be moved
to pgtable-radix.c Doing the move in separate patch helps in review.
No function change in this patch. Only code movement.
Signed-off-by: Aneesh Kumar K.V
---
arch/powerpc/include/asm/book3s/64/radix.h | 63 +++---
On Fri, May 18, 2018 at 11:37:42AM +1000, Michael Neuling wrote:
> Clear the PCR (Processor Compatibility Register) on boot to ensure we
> are not running in a compatibility mode.
>
> We've seen this cause problems when a crash (and kdump) occurs while
> running compat mode guests. The kdump kerne
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Linus,
Please pull one more powerpc fix for 4.17:
The following changes since commit c1d2a31397ec51f0370f6bd17b19b39152c263cb:
powerpc/powernv: Fix NVRAM sleep in invalid context when crashing (2018-05-18
00:23:07 +1000)
are available in th
On Thu, 2018-05-24 at 11:02:06 UTC, Christophe Leroy wrote:
> New binutils generate the following warning
>
> AS arch/powerpc/kernel/head_8xx.o
> arch/powerpc/kernel/head_8xx.S: Assembler messages:
> arch/powerpc/kernel/head_8xx.S:916: Warning: invalid register expression
>
> This patch fi
On Wed, 2018-05-23 at 18:00:54 UTC, Michal Suchanek wrote:
> When single-stepping kernel code from xmon without a debug hook enabled
> the kernel crashes. This can happen when kernel starts with xmon on
> crash disabled but xmon is entered using sysrq.
>
> Call force_enable_xmon when single-steppi
On Wed, 2018-05-23 at 11:48:37 UTC, Michael Ellerman wrote:
> We've added some fields with longer names since we originally wrote
> this, so the fields are no longer lined up. Adjust the widths to make
> it all look nice again, eg:
>
> 0:mon> dp
> paca for cpu 0x0 @ c1fa:
>poss
On Wed, 2018-05-23 at 11:48:36 UTC, Michael Ellerman wrote:
> In dump_one_paca() the DUMP macro unconditionally prepends '#' to the
> printf format specifier. In most cases we're using either 'x' or 'lx'
> etc. and that is OK. But for 'p' and other formats using '#' is
> actually undefined, and onc
On Wed, 2018-05-23 at 08:53:22 UTC, Christophe Leroy wrote:
> Commit a7a9dcd882a67 ("powerpc: Avoid taking a data miss on every
> userspace instruction miss") has shown that limiting the read of
> faulting instruction to likely cases improves performance.
>
> This patch goes further into this dire
On Tue, 2018-05-22 at 06:14:27 UTC, Michael Neuling wrote:
> This test the ptrace hw breakpoints via PTRACE_SET_DEBUGREG and
> PPC_PTRACE_SETHWDEBUG. This test was use to find the bugs fixed by
> these recent commits:
>
> 4f7c06e26e powerpc/ptrace: Fix setting 512B aligned breakpoints with
> P
On Wed, 2018-05-23 at 07:04:04 UTC, Christophe Leroy wrote:
> Use symbolic names defined in asm/ppc-opcode.h
> instead of hardcoded values.
>
> Signed-off-by: Christophe Leroy
Applied to powerpc next, thanks.
https://git.kernel.org/powerpc/c/8a0b1120cb25ccd4480ba4fe3650bc
cheers
On Tue, 2018-05-22 at 06:13:59 UTC, Michael Neuling wrote:
> Signed-off-by: Michael Neuling
Applied to powerpc next, thanks.
https://git.kernel.org/powerpc/c/bd79010fb3a9aa160e1780e2496798
cheers
On Mon, 2018-05-21 at 09:47:20 UTC, Michael Ellerman wrote:
> The set of paca fields we dump in xmon has gotten somewhat out of
> date. Update to add some recently added fields.
>
> Signed-off-by: Michael Ellerman
Applied to powerpc next.
https://git.kernel.org/powerpc/c/2e0986d761324376021c880
On Mon, 2018-05-07 at 10:25:38 UTC, Shilpasri G Bhat wrote:
> This patch exports the accumulated power numbers of each power
> sensor maintained by OCC.
>
> Signed-off-by: Shilpasri G Bhat
> Acked-by: Guenter Roeck
Applied to powerpc next, thanks.
https://git.kernel.org/powerpc/c/43d2974b66d91
On Mon, 2018-05-07 at 10:25:37 UTC, Shilpasri G Bhat wrote:
> The firmware has supported for reading sensor values of size u32.
> This patch adds support to use newer firmware functions which allows
> to read the sensors of size u64.
>
> Signed-off-by: Shilpasri G Bhat
> Acked-by: Guenter Roeck
On Mon, 2018-05-07 at 10:25:36 UTC, Shilpasri G Bhat wrote:
> This patch adds support to read 64-bit sensor values. This method is
> used to read energy sensors and counters which are of type u64.
>
> Signed-off-by: Shilpasri G Bhat
Applied to powerpc next, thanks.
https://git.kernel.org/powerp
On Mon, 2018-04-23 at 19:45:32 UTC, Mathieu Malaterre wrote:
> The function hlwd_pic_init can be made static, so do it. Fix the following
> warning treated as error (W=1):
>
> ../arch/powerpc/platforms/embedded6xx/hlwd-pic.c:158:20: error: no previous
> prototype for âhlwd_pic_initâ [-Werror=
On Mon, 2018-04-23 at 19:36:38 UTC, Mathieu Malaterre wrote:
> In commit 7a22d6321c3d ("powerpc/mm/radix: Update command line parsing for
> disable_radix") an `if` statement was added for a possible empty body
> (prom_debug).
>
> Fix the following warning, treated as error with W=1:
>
> arch/po
On Fri, 2018-04-13 at 18:41:43 UTC, Mathieu Malaterre wrote:
> Trivial fix to remove the following sparse warnings:
>
> arch/powerpc/kernel/module_32.c:112:74: warning: Using plain integer as
> NULL pointer
> arch/powerpc/kernel/module_32.c:117:74: warning: Using plain integer as
> NULL poin
On Fri, 2018-04-06 at 20:12:19 UTC, Mathieu Malaterre wrote:
> __printf is useful to verify format and arguments. Fix arg mismatch
> reported by gcc, remove the following warnings (with W=1):
>
> arch/powerpc/kernel/prom_init.c:1467:31: error: format â%xâ expects
> argument of type âunsig
On Wed, 2018-04-04 at 20:10:28 UTC, Mathieu Malaterre wrote:
> Some function prototypes and body for Thermal Assist Units were not in
> sync. Update the function definition to match the existing function
> declaration found in `setup-common.c`, changing an `int` return type to a
> `u32` return type
On Wed, 2018-04-04 at 20:11:42 UTC, Mathieu Malaterre wrote:
> Add one missing prototype for function rh_dump_blk. Fix warning treated as
> error in W=1:
>
> arch/powerpc/lib/rheap.c:740:6: error: no previous prototype for
> ârh_dump_blkâ [-Werror=missing-prototypes]
>
> Suggested-by: Chri
On Wed, 2018-04-04 at 20:12:30 UTC, Mathieu Malaterre wrote:
> The function prototypes were declared within a `#ifdef CONFIG_PPC_LITE5200`
> block which would prevent them from being visible when compiling
> `mpc52xx_pm.c`. Move the prototypes outside of the `#ifdef` block to fix
> the following wa
On Wed, 2018-04-04 at 20:13:05 UTC, Mathieu Malaterre wrote:
> Add a missing prototype for function `note_bootable_part` to silence a
> warning treated as error with W=1:
>
> arch/powerpc/platforms/powermac/setup.c:361:12: error: no previous
> prototype for ânote_bootable_partâ [-Werror=mis
On Wed, 2018-04-04 at 20:13:55 UTC, Mathieu Malaterre wrote:
> The pmac_pfunc_base_install prototype was declared in powermac/smp.c since
> function was used there, move it to pmac_pfunc.h header to be visible in
> pfunc_base.c. Fix a warning treated as error with W=1:
>
> arch/powerpc/platforms
On Wed, 2018-04-04 at 20:15:03 UTC, Mathieu Malaterre wrote:
> These functions can all be static, make it so. Fix warnings treated as
> errors with W=1:
>
> arch/powerpc/platforms/chrp/pci.c:34:5: error: no previous prototype for
> âgg2_read_configâ [-Werror=missing-prototypes]
> arch/pow
On Wed, 2018-04-04 at 20:09:11 UTC, Mathieu Malaterre wrote:
> Remove variable declaration idu_size and associated code since not used.
>
> These functions can all be static, make it so. Fix warnings treated as
> errors with W=1:
>
> arch/powerpc/platforms/chrp/setup.c:97:6: error: no previous
On Wed, 2018-04-04 at 20:07:46 UTC, Mathieu Malaterre wrote:
> Since the value of x is never intended to be read, declare it with gcc
> attribute as unused. Fix warning treated as error with W=1:
>
> arch/powerpc/platforms/powermac/bootx_init.c:471:21: error: variable
> âxâ set but not used
On Wed, 2018-03-28 at 18:55:25 UTC, Mathieu Malaterre wrote:
> Some functions prototypes were missing for the non-altivec code. Add the
> missing prototypes in a new header file, fix warnings treated as errors
> with W=1:
>
> arch/powerpc/lib/xor_vmx_glue.c:18:6: error: no previous prototype for
On Sun, 2018-03-25 at 09:06:47 UTC, Mathieu Malaterre wrote:
> Update the other prototype declarations in asm/xmon.h.
>
> Silence warnings (triggered at W=1) by adding relevant __printf attribute.
> Move #define at bottom of the file to prevent conflict with gcc attribute.
>
> Solve the original
On Thu, 2018-03-22 at 20:20:04 UTC, Mathieu Malaterre wrote:
> The header file was missing from the includes. Fix the
> following warning, treated as error with W=1:
>
> arch/powerpc/kernel/vecemu.c:260:5: error: no previous prototype for
> âemulate_altivecâ [-Werror=missing-prototypes]
>
On Thu, 2018-03-22 at 20:20:03 UTC, Mathieu Malaterre wrote:
> The header file was missing from the includes. Fix the
> following warning, treated as error with W=1:
>
> arch/powerpc/kernel/pci_32.c:286:6: error: no previous prototype for
> âsys_pciconfig_iobaseâ [-Werror=missing-prototype
On Thu, 2018-03-22 at 20:19:56 UTC, Mathieu Malaterre wrote:
> Add a missing include .
>
> These functions can all be static, make it so. Fix warnings treated as
> errors with W=1:
>
> arch/powerpc/platforms/chrp/time.c:41:13: error: no previous prototype for
> âchrp_time_initâ [-Werror=mi
On Thu, 2018-03-22 at 20:19:54 UTC, Mathieu Malaterre wrote:
> These functions can all be static, make it so. Fix warnings treated as
> errors with W=1:
>
> arch/powerpc/kernel/tau_6xx.c:53:6: error: no previous prototype for
> âset_thresholdsâ [-Werror=missing-prototypes]
> arch/powerpc/
On Thu, 2018-03-22 at 20:19:52 UTC, Mathieu Malaterre wrote:
> This function can be static, make it so, this fix a warning treated as
> error with W=1:
>
> arch/powerpc/kernel/btext.c:173:5: error: no previous prototype for
> âbtext_initializeâ [-Werror=missing-prototypes]
>
> Signed-off-b
Michael Ellerman wrote:
"Naveen N. Rao" writes:
Michael Ellerman wrote:
"Naveen N. Rao" writes:
diff --git a/tools/testing/selftests/powerpc/security/rfi_flush.c
b/tools/testing/selftests/powerpc/security/rfi_flush.c
new file mode 100644
index ..a20fe8eca161
--- /dev/null
+++ b/
On Fri, May 25, 2018 at 09:03:11PM +1000, Michael Ellerman wrote:
> Michael Ellerman writes:
> > Hi Greg,
> >
> > Please queue up this series of patches for 4.14 if you have no objections.
>
> I just realised I didn't fix up the cherry-pick markings on these, so
> they still say eg:
>
> (cherr
Michael Ellerman writes:
> Hi Greg,
>
> Please queue up this series of patches for 4.14 if you have no objections.
I just realised I didn't fix up the cherry-pick markings on these, so
they still say eg:
(cherry picked from commit bdcb1aefc5b3f7d0f1dc8b02673602bca2ff7a4b)
Not the proper "comm
Akshay Adiga writes:
> Yes this needs to be sent to stable.
>
> Fixes: d405a98c ("powerpc/powernv: Move cpuidle related code from setup.c
> to new file")
Is that really the commit that introduced the bug? :)
Seems like it's more likely this one:
Fixes: 77b54e9f213f ("powernv/powerpc: Add w
Akshay Adiga writes:
> Init all present cpus for deep states instead of "all possible" cpus.
> Init fails if the possible cpu is gaurded. Resulting in making only
> non-deep states available for cpuidle/hotplug.
This is basically the opposite of what we just did for IMC.
There we switched from
"Naveen N. Rao" writes:
> Michael Ellerman wrote:
>> "Naveen N. Rao" writes:
>>> diff --git a/tools/testing/selftests/powerpc/security/rfi_flush.c
>>> b/tools/testing/selftests/powerpc/security/rfi_flush.c
>>> new file mode 100644
>>> index ..a20fe8eca161
>>> --- /dev/null
>>> +++ b/
Wolfram Sang writes:
> Since commit 1eace8344c02 ("i2c: add param sanity check to
> i2c_transfer()") and b7f625840267 ("i2c: add quirk checks to core"), the
> I2C core does this check now. We can remove it here.
>
> Signed-off-by: Wolfram Sang
> ---
>
> Only build tested.
It will get boot teste
Thiago Jung Bauermann writes:
> Michael Ellerman writes:
>> Thiago Jung Bauermann writes:
>>> tools/testing/selftests/powerpc/include/reg.h | 1 +
>>> tools/testing/selftests/powerpc/ptrace/Makefile| 5 +-
>>> tools/testing/selftests/powerpc/ptrace/child.h | 130
>>> .
From: Nicholas Piggin
On some CPUs we can prevent a vulnerability related to store-to-load
forwarding by preventing store forwarding between privilege domains,
by inserting a barrier in kernel entry and exit paths.
This is known to be the case on at least Power7, Power8 and Power9
powerpc CPUs.
The recent LPM changes to setup_rfi_flush() are causing some section
mismatch warnings because we removed the __init annotation on
setup_rfi_flush():
The function setup_rfi_flush() references
the function __init ppc64_bolted_size().
the function __init memblock_alloc_base().
The references
From: Mauricio Faria de Oliveira
After migration the security feature flags might have changed (e.g.,
destination system with unpatched firmware), but some flags are not
set/clear again in init_cpu_char_feature_flags() because it assumes
the security flags to be the defaults.
Additionally, if th
From: Mauricio Faria de Oliveira
This moves the definition of the default security feature flags
(i.e., enabled by default) closer to the security feature flags.
This can be used to restore current flags to the default flags.
Signed-off-by: Mauricio Faria de Oliveira
Signed-off-by: Michael Ell
From: Mauricio Faria de Oliveira
The H_CPU_BEHAV_* flags should be checked for in the 'behaviour' field
of 'struct h_cpu_char_result' -- 'character' is for H_CPU_CHAR_*
flags.
Found by playing around with QEMU's implementation of the hypercall:
H_CPU_CHAR=0xf000
H_CPU_BEHAV=0x00
Add a definition for cpu_show_spectre_v2() to override the generic
version. This has several permuations, though in practice some may not
occur we cater for any combination.
The most verbose is:
Mitigation: Indirect branch serialisation (kernel only), Indirect
branch cache disabled, ori31 spe
Add a definition for cpu_show_spectre_v1() to override the generic
version. Currently this just prints "Not affected" or "Vulnerable"
based on the firmware flag.
Although the kernel does have array_index_nospec() in a few places, we
haven't yet audited all the powerpc code to see where it's necess
Now that we have the security flags we can simplify the code in
pseries_setup_rfi_flush() because the security flags have pessimistic
defaults.
Signed-off-by: Michael Ellerman
(cherry picked from commit 2e4a16161fcd324b1f9bf6cb6856529f7eaf0689)
---
arch/powerpc/platforms/pseries/setup.c | 27 +++
Now that we have the security flags we can significantly simplify the
code in pnv_setup_rfi_flush(), because we can use the flags instead of
checking device tree properties and because the security flags have
pessimistic defaults.
Signed-off-by: Michael Ellerman
(cherry picked from commit 37c0bdd
Now that we have the security feature flags we can make the
information displayed in the "meltdown" file more informative.
Signed-off-by: Michael Ellerman
(cherry picked from commit ff348355e9c72493947be337bb4fae4fc1a41eba)
---
arch/powerpc/include/asm/security_features.h | 1 +
arch/powerpc/ke
This landed in setup_64.c for no good reason other than we had nowhere
else to put it. Now that we have a security-related file, that is a
better place for it so move it.
Signed-off-by: Michael Ellerman
(cherry picked from commit 8ad33041563a10b34988800c682ada14b2612533)
---
arch/powerpc/kernel/
Now that we have feature flags for security related things, set or
clear them based on what we see in the device tree provided by
firmware.
Signed-off-by: Michael Ellerman
(cherry picked from commit 77addf6e95c8689e478d607176b399a6242a777e)
---
arch/powerpc/platforms/powernv/setup.c | 56 +++
Now that we have feature flags for security related things, set or
clear them based on what we receive from the hypercall.
Signed-off-by: Michael Ellerman
(cherry picked from commit f636c14790ead6cc22cf62279b1f8d7e11a67116)
---
arch/powerpc/platforms/pseries/setup.c | 43
We might have migrated to a machine that uses a different flush type,
or doesn't need flushing at all.
Signed-off-by: Michael Ellerman
Signed-off-by: Mauricio Faria de Oliveira
Signed-off-by: Michael Ellerman
(cherry picked from commit 921bc6cf807ceb2ab8005319cf39f33494d6b100)
---
arch/powerpc
This commit adds security feature flags to reflect the settings we
receive from firmware regarding Spectre/Meltdown mitigations.
The feature names reflect the names we are given by firmware on bare
metal machines. See the hostboot source for details.
Arguably these could be firmware features, but
Add some additional values which have been defined for the
H_GET_CPU_CHARACTERISTICS hypercall.
Signed-off-by: Michael Ellerman
---
arch/powerpc/include/asm/hvcall.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/powerpc/include/asm/hvcall.h
b/arch/powerpc/include/asm/hvcall.h
inde
From: Mauricio Faria de Oliveira
Currently the rfi-flush messages print 'Using flush' for all
enabled_flush_types, but that is not necessarily true -- as now the
fallback flush is always enabled on pseries, but the fixup function
overwrites its nop/branch slot with other flush types, if availabl
This ensures the fallback flush area is always allocated on pseries,
so in case a LPAR is migrated from a patched to an unpatched system,
it is possible to enable the fallback flush in the target system.
Signed-off-by: Michael Ellerman
Signed-off-by: Mauricio Faria de Oliveira
Signed-off-by: Mic
For PowerVM migration we want to be able to call setup_rfi_flush()
again after we've migrated the partition.
To support that we need to check that we're not trying to allocate the
fallback flush area after memblock has gone away (i.e., boot-time only).
Signed-off-by: Michael Ellerman
Signed-off-
rfi_flush_enable() includes a check to see if we're already
enabled (or disabled), and in that case does nothing.
But that means calling setup_rfi_flush() a 2nd time doesn't actually
work, which is a bit confusing.
Move that check into the debugfs code, where it really belongs.
Signed-off-by: Mi
Some versions of firmware will have a setting that can be configured
to disable the RFI flush, add support for it.
Fixes: 6e032b350cd1 ("powerpc/powernv: Check device-tree for RFI flush
settings")
Signed-off-by: Michael Ellerman
(cherry picked from commit eb0a2d2620ae431c543963c8c7f08f597366fc60
Some versions of firmware will have a setting that can be configured
to disable the RFI flush, add support for it.
Fixes: 8989d56878a7 ("powerpc/pseries: Query hypervisor for RFI flush settings")
Signed-off-by: Michael Ellerman
(cherry picked from commit 582605a429e20ae68fd0b041b2e840af296edd08)
From: Nicholas Piggin
The fallback RFI flush is used when firmware does not provide a way
to flush the cache. It's a "displacement flush" that evicts useful
data by displacing it with an uninteresting buffer.
The flush has to take care to work with implementation specific cache
replacment polici
Hi Greg,
Please queue up this series of patches for 4.14 if you have no objections.
cheers
Mauricio Faria de Oliveira (4):
powerpc/rfi-flush: Differentiate enabled and patched flush types
powerpc/pseries: Fix clearing of security feature flags
powerpc: Move default security feature flags
93 matches
Mail list logo
