Received: by 10.192.165.148 with SMTP id m20csp4189113imm;
        Mon, 23 Apr 2018 21:17:45 -0700 (PDT)
X-Google-Smtp-Source: AIpwx4/Hth0bYlB/KvSssCeLuCk4CC6J+ydE0RRwRkdIjRLqtb+UNdzc9c236YKlLAPplj3g9GHz
X-Received: by 2002:a17:902:b187:: with SMTP id s7-v6mr23629786plr.170.1524543465017;
        Mon, 23 Apr 2018 21:17:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1524543464; cv=none;
        d=google.com; s=arc-20160816;
        b=0Dl8fzs5OckaTHQwjOLH0T4jATBMREq0bGQZdsNy+W7pmEKwppusa5TXBR/Rik+XZb
         FFVZTNtoYT78sr+uFDCa6k3Kxiv9fDRJx9OgaRLQ7k86H/whyjYZj62248lesBizI9ZA
         KI9WfzfykkD0TCiXszMkfpUP9rS4O0MyosOjZqlUF3eL38cje0DQeY61786H0HZHIS7k
         mONkE82ZlR8K/PCT1jzQtg7wVD0SrJP9nhn/S7jgiAXp32p73F4h+IgEJjm+jIhHWm0i
         2CLq5W3ea4dmjIiIX0DLK8qtF11uncUfU72A9ju0DZibbKelPjPQu7JW83O3DhHqg49e
         E6tQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:references:in-reply-to:message-id:date
         :subject:cc:to:from:arc-authentication-results;
        bh=zTHGALj4HQLdjdqb8kw9VLs6xYvmgHceCR7FmZ51xQk=;
        b=R4PZxOXG5aWiAeDpCQItnP+hbG7vhJrkaJ935CnzXDCRC/7mxbCpOV6H1n+SF7LjA2
         +0nNhS5GSaNyvoA7Qd4JLcOl+4CS5vcJyNRrksMTbPs4DwOmTk0hg5bjPT8o45CCj14Y
         BrHLZiWPkVl6fDiBEzPtn77QS1iarpsapa4TzfqFMWn+G+b5hjaVYG6VvG/IcPusxMFm
         GO7Tu1dCYb7KIfqf7enXEk7oXodv2/3lIQ7krONJh4w2qcD+5hCz6Hm463lQWIBmeCv8
         G6l66lo7p+dvCxFxYgWJuNc+w+3qjcotoa81/i8szKX5xI3TBZfYt9jMqcdyRx8Qa7CN
         NDiQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id f59-v6si11642613plb.106.2018.04.23.21.17.30;
        Mon, 23 Apr 2018 21:17:44 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752059AbeDXEQO (ORCPT <rfc822;learnos2017@gmail.com>
        + 99 others); Tue, 24 Apr 2018 00:16:14 -0400
Received: from ozlabs.org ([203.11.71.1]:60513 "EHLO ozlabs.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751575AbeDXEQL (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 24 Apr 2018 00:16:11 -0400
Received: by ozlabs.org (Postfix, from userid 1034)
        id 40VVPj3Vrgz9s1p; Tue, 24 Apr 2018 14:16:09 +1000 (AEST)
From:   Michael Ellerman <mpe@ellerman.id.au>
To:     linuxppc-dev@ozlabs.org
Cc:     npiggin@gmail.com, msuchanek@suse.de, linux-kernel@vger.kernel.org
Subject: [PATCH 4/6] powerpc/64s: Enable barrier_nospec based on firmware settings
Date:   Tue, 24 Apr 2018 14:15:57 +1000
Message-Id: <20180424041559.32410-4-mpe@ellerman.id.au>
X-Mailer: git-send-email 2.14.1
In-Reply-To: <20180424041559.32410-1-mpe@ellerman.id.au>
References: <20180424041559.32410-1-mpe@ellerman.id.au>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Michal Suchanek <msuchanek@suse.de>

Check what firmware told us and enable/disable the barrier_nospec as
appropriate.

We err on the side of enabling the barrier, as it's no-op on older
systems, see the comment for more detail.

Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
---
 arch/powerpc/include/asm/setup.h       |  1 +
 arch/powerpc/kernel/security.c         | 60 ++++++++++++++++++++++++++++++++++
 arch/powerpc/platforms/powernv/setup.c |  1 +
 arch/powerpc/platforms/pseries/setup.c |  1 +
 4 files changed, 63 insertions(+)

diff --git a/arch/powerpc/include/asm/setup.h b/arch/powerpc/include/asm/setup.h
index 4335cddc1cf2..aeb175e8a525 100644
--- a/arch/powerpc/include/asm/setup.h
+++ b/arch/powerpc/include/asm/setup.h
@@ -52,6 +52,7 @@ enum l1d_flush_type {
 
 void setup_rfi_flush(enum l1d_flush_type, bool enable);
 void do_rfi_flush_fixups(enum l1d_flush_type types);
+void setup_barrier_nospec(void);
 void do_barrier_nospec_fixups(bool enable);
 
 #ifdef CONFIG_PPC_BOOK3S_64
diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
index b963eae0b0a0..d1b9639e5e24 100644
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -8,6 +8,7 @@
 #include <linux/device.h>
 #include <linux/seq_buf.h>
 
+#include <asm/debugfs.h>
 #include <asm/security_features.h>
 #include <asm/setup.h>
 
@@ -22,6 +23,65 @@ static void enable_barrier_nospec(bool enable)
 	do_barrier_nospec_fixups(enable);
 }
 
+void setup_barrier_nospec(void)
+{
+	bool enable;
+
+	/*
+	 * It would make sense to check SEC_FTR_SPEC_BAR_ORI31 below as well.
+	 * But there's a good reason not to. The two flags we check below are
+	 * both are enabled by default in the kernel, so if the hcall is not
+	 * functional they will be enabled.
+	 * On a system where the host firmware has been updated (so the ori
+	 * functions as a barrier), but on which the hypervisor (KVM/Qemu) has
+	 * not been updated, we would like to enable the barrier. Dropping the
+	 * check for SEC_FTR_SPEC_BAR_ORI31 achieves that. The only downside is
+	 * we potentially enable the barrier on systems where the host firmware
+	 * is not updated, but that's harmless as it's a no-op.
+	 */
+	enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) &&
+		 security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR);
+
+	enable_barrier_nospec(enable);
+}
+
+#ifdef CONFIG_DEBUG_FS
+static int barrier_nospec_set(void *data, u64 val)
+{
+	switch (val) {
+	case 0:
+	case 1:
+		break;
+	default:
+		return -EINVAL;
+	}
+
+	if (!!val == !!barrier_nospec_enabled)
+		return 0;
+
+	enable_barrier_nospec(!!val);
+
+	return 0;
+}
+
+static int barrier_nospec_get(void *data, u64 *val)
+{
+	*val = barrier_nospec_enabled ? 1 : 0;
+	return 0;
+}
+
+DEFINE_SIMPLE_ATTRIBUTE(fops_barrier_nospec,
+			barrier_nospec_get, barrier_nospec_set, "%llu\n");
+
+static __init int barrier_nospec_debugfs_init(void)
+{
+	debugfs_create_file("barrier_nospec", 0600, powerpc_debugfs_root, NULL,
+			    &fops_barrier_nospec);
+	return 0;
+}
+device_initcall(barrier_nospec_debugfs_init);
+#endif /* CONFIG_DEBUG_FS */
+
 ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf)
 {
 	bool thread_priv;
diff --git a/arch/powerpc/platforms/powernv/setup.c b/arch/powerpc/platforms/powernv/setup.c
index ef8c9ce53a61..e2ca5f77a55f 100644
--- a/arch/powerpc/platforms/powernv/setup.c
+++ b/arch/powerpc/platforms/powernv/setup.c
@@ -124,6 +124,7 @@ static void pnv_setup_rfi_flush(void)
 		  security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV));
 
 	setup_rfi_flush(type, enable);
+	setup_barrier_nospec();
 }
 
 static void __init pnv_setup_arch(void)
diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c
index b55ad4286dc7..63b1f0d10ef0 100644
--- a/arch/powerpc/platforms/pseries/setup.c
+++ b/arch/powerpc/platforms/pseries/setup.c
@@ -534,6 +534,7 @@ void pseries_setup_rfi_flush(void)
 		 security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR);
 
 	setup_rfi_flush(types, enable);
+	setup_barrier_nospec();
 }
 
 #ifdef CONFIG_PCI_IOV
-- 
2.14.1