powerpc/speculation: Support 'mitigations=' cmdline option

Configure powerpc CPU runtime speculation bug mitigations in accordance
with the 'mitigations=' cmdline option.  This affects Meltdown, Spectre
v1, Spectre v2, and Speculative Store Bypass.

The default behavior is unchanged.

Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Jiri Kosina <jkosina@suse.cz> (on x86)
Reviewed-by: Jiri Kosina <jkosina@suse.cz>
Cc: Borislav Petkov <bp@alien8.de>
Cc: "H . Peter Anvin" <hpa@zytor.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Jiri Kosina <jikos@kernel.org>
Cc: Waiman Long <longman@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Jon Masters <jcm@redhat.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: linuxppc-dev@lists.ozlabs.org
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: linux-s390@vger.kernel.org
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-arch@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Tyler Hicks <tyhicks@canonical.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Steven Price <steven.price@arm.com>
Cc: Phil Auld <pauld@redhat.com>
Link: https://lkml.kernel.org/r/245a606e1a42a558a310220312d9b6adb9159df6.1555085500.git.jpoimboe@redhat.com
CVE-2017-5715
CVE-2017-5753
CVE-2017-5754
CVE-2018-3639

(backported from commit 782e69efb3dfed6e8360bc612e8c7827a901a8f9 https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git)
[tyhicks: Backport to 4.15:
 - include <linux/cpu.h> from security.c]
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 399f3cca28953a7b7c579d8d70ceb83e993e2e43..4f1a3b3f87fd825d879f7b0e0f09eff84831b8a4 100644 (file)
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2424,7 +2424,7 @@
                        http://repo.or.cz/w/linux-2.6/mini2440.git
 
        mitigations=
                        http://repo.or.cz/w/linux-2.6/mini2440.git
 
        mitigations=

-                       [X86] Control optional mitigations for CPU
+                       [X86,PPC] Control optional mitigations for CPU

                        vulnerabilities.  This is a set of curated,
                        arch-independent options, each of which is an
                        aggregation of existing arch-specific options.
                        vulnerabilities.  This is a set of curated,
                        arch-independent options, each of which is an
                        aggregation of existing arch-specific options.


@@ -2433,10 +2433,11 @@
                                Disable all optional CPU mitigations.  This
                                improves system performance, but it may also
                                expose users to several CPU vulnerabilities.
                                Disable all optional CPU mitigations.  This
                                improves system performance, but it may also
                                expose users to several CPU vulnerabilities.

-                               Equivalent to: nopti [X86]
-                                              nospectre_v2 [X86]
+                               Equivalent to: nopti [X86,PPC]
+                                              nospectre_v1 [PPC]
+                                              nospectre_v2 [X86,PPC]

                                               spectre_v2_user=off [X86]
                                               spectre_v2_user=off [X86]

-                                              spec_store_bypass_disable=off [X86]
+                                              spec_store_bypass_disable=off [X86,PPC]

                                               l1tf=off [X86]
 
                        auto (default)
                                               l1tf=off [X86]
 
                        auto (default)

diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
index 1341325599a7ac10818b04a0a0623db76b8a14d3..70568ccbd9fd5eae17014473aa415d9b472b7d86 100644 (file)
--- a/arch/powerpc/kernel/security.c
+++ b/arch/powerpc/kernel/security.c
@@ -4,6 +4,7 @@
 //
 // Copyright 2018, Michael Ellerman, IBM Corporation.
 
 //
 // Copyright 2018, Michael Ellerman, IBM Corporation.
 

+#include <linux/cpu.h>

 #include <linux/kernel.h>
 #include <linux/device.h>
 #include <linux/seq_buf.h>
 #include <linux/kernel.h>
 #include <linux/device.h>
 #include <linux/seq_buf.h>


@@ -56,7 +57,7 @@ void setup_barrier_nospec(void)
        enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) &&
                 security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR);
 
        enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) &&
                 security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR);
 

-       if (!no_nospec)
+       if (!no_nospec && !cpu_mitigations_off())

                enable_barrier_nospec(enable);
 }
 
                enable_barrier_nospec(enable);
 }
 


@@ -115,7 +116,7 @@ static int __init handle_nospectre_v2(char *p)
 early_param("nospectre_v2", handle_nospectre_v2);
 void setup_spectre_v2(void)
 {
 early_param("nospectre_v2", handle_nospectre_v2);
 void setup_spectre_v2(void)
 {

-       if (no_spectrev2)
+       if (no_spectrev2 || cpu_mitigations_off())

                do_btb_flush_fixups();
        else
                btb_flush_enabled = true;
                do_btb_flush_fixups();
        else
                btb_flush_enabled = true;


@@ -299,7 +300,7 @@ void setup_stf_barrier(void)
 
        stf_enabled_flush_types = type;
 
 
        stf_enabled_flush_types = type;
 

-       if (!no_stf_barrier)
+       if (!no_stf_barrier && !cpu_mitigations_off())

                stf_barrier_enable(enable);
 }
 
                stf_barrier_enable(enable);
 }
 

diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c
index 78a71b4fd646f59d116ba1e80f150ebdc7fdb359..fe30b2d8e280fb60c24507c2208875b6e75068f4 100644 (file)
--- a/arch/powerpc/kernel/setup_64.c
+++ b/arch/powerpc/kernel/setup_64.c
@@ -900,7 +900,7 @@ void setup_rfi_flush(enum l1d_flush_type types, bool enable)
 
        enabled_flush_types = types;
 
 
        enabled_flush_types = types;
 

-       if (!no_rfi_flush)
+       if (!no_rfi_flush && !cpu_mitigations_off())

                rfi_flush_enable(enable);
 }
 
                rfi_flush_enable(enable);
 }