]>
Commit | Line | Data |
---|---|---|
6e61041f ME |
1 | /* SPDX-License-Identifier: GPL-2.0+ */ |
2 | /* | |
3 | * Security related feature bit definitions. | |
4 | * | |
5 | * Copyright 2018, Michael Ellerman, IBM Corporation. | |
6 | */ | |
7 | ||
8 | #ifndef _ASM_POWERPC_SECURITY_FEATURES_H | |
9 | #define _ASM_POWERPC_SECURITY_FEATURES_H | |
10 | ||
11 | ||
12 | extern unsigned long powerpc_security_features; | |
a11b7f41 | 13 | extern bool rfi_flush; |
6e61041f | 14 | |
cc437c1d NP |
15 | /* These are bit flags */ |
16 | enum stf_barrier_type { | |
17 | STF_BARRIER_NONE = 0x1, | |
18 | STF_BARRIER_FALLBACK = 0x2, | |
19 | STF_BARRIER_EIEIO = 0x4, | |
20 | STF_BARRIER_SYNC_ORI = 0x8, | |
21 | }; | |
22 | ||
23 | void setup_stf_barrier(void); | |
24 | void do_stf_barrier_fixups(enum stf_barrier_type types); | |
25 | ||
6e61041f ME |
26 | static inline void security_ftr_set(unsigned long feature) |
27 | { | |
28 | powerpc_security_features |= feature; | |
29 | } | |
30 | ||
31 | static inline void security_ftr_clear(unsigned long feature) | |
32 | { | |
33 | powerpc_security_features &= ~feature; | |
34 | } | |
35 | ||
36 | static inline bool security_ftr_enabled(unsigned long feature) | |
37 | { | |
38 | return !!(powerpc_security_features & feature); | |
39 | } | |
40 | ||
41 | ||
42 | // Features indicating support for Spectre/Meltdown mitigations | |
43 | ||
44 | // The L1-D cache can be flushed with ori r30,r30,0 | |
45 | #define SEC_FTR_L1D_FLUSH_ORI30 0x0000000000000001ull | |
46 | ||
47 | // The L1-D cache can be flushed with mtspr 882,r0 (aka SPRN_TRIG2) | |
48 | #define SEC_FTR_L1D_FLUSH_TRIG2 0x0000000000000002ull | |
49 | ||
50 | // ori r31,r31,0 acts as a speculation barrier | |
51 | #define SEC_FTR_SPEC_BAR_ORI31 0x0000000000000004ull | |
52 | ||
53 | // Speculation past bctr is disabled | |
54 | #define SEC_FTR_BCCTRL_SERIALISED 0x0000000000000008ull | |
55 | ||
56 | // Entries in L1-D are private to a SMT thread | |
57 | #define SEC_FTR_L1D_THREAD_PRIV 0x0000000000000010ull | |
58 | ||
59 | // Indirect branch prediction cache disabled | |
60 | #define SEC_FTR_COUNT_CACHE_DISABLED 0x0000000000000020ull | |
61 | ||
62 | ||
63 | // Features indicating need for Spectre/Meltdown mitigations | |
64 | ||
65 | // The L1-D cache should be flushed on MSR[HV] 1->0 transition (hypervisor to guest) | |
66 | #define SEC_FTR_L1D_FLUSH_HV 0x0000000000000040ull | |
67 | ||
68 | // The L1-D cache should be flushed on MSR[PR] 0->1 transition (kernel to userspace) | |
69 | #define SEC_FTR_L1D_FLUSH_PR 0x0000000000000080ull | |
70 | ||
71 | // A speculation barrier should be used for bounds checks (Spectre variant 1) | |
72 | #define SEC_FTR_BNDS_CHK_SPEC_BAR 0x0000000000000100ull | |
73 | ||
74 | // Firmware configuration indicates user favours security over performance | |
75 | #define SEC_FTR_FAVOUR_SECURITY 0x0000000000000200ull | |
76 | ||
35cfd685 MFO |
77 | |
78 | // Features enabled by default | |
79 | #define SEC_FTR_DEFAULT \ | |
80 | (SEC_FTR_L1D_FLUSH_HV | \ | |
81 | SEC_FTR_L1D_FLUSH_PR | \ | |
82 | SEC_FTR_BNDS_CHK_SPEC_BAR | \ | |
83 | SEC_FTR_FAVOUR_SECURITY) | |
84 | ||
6e61041f | 85 | #endif /* _ASM_POWERPC_SECURITY_FEATURES_H */ |