powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()

BugLink: https://bugs.launchpad.net/bugs/1760099
CVE-2017-5754

Now that we have the security flags we can significantly simplify the
code in pnv_setup_rfi_flush(), because we can use the flags instead of
checking device tree properties and because the security flags have
pessimistic defaults.

Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
(cherry picked from commit 37c0bdd00d3ae83369ab60a6712c28e11e6458d5 linux-next)
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>

diff --git a/arch/powerpc/platforms/powernv/setup.c b/arch/powerpc/platforms/powernv/setup.c
index f5c0c7d91db138db744620adb07a5aa2981c5df3..7de050a3736b491cb22228d23d08bae1d33dba9b 100644 (file)
--- a/arch/powerpc/platforms/powernv/setup.c
+++ b/arch/powerpc/platforms/powernv/setup.c
@@ -66,7 +66,7 @@ static void init_fw_feat_flags(struct device_node *np)
        if (fw_feature_is("enabled", "fw-bcctrl-serialized", np))
                security_ftr_set(SEC_FTR_BCCTRL_SERIALISED);
 
-       if (fw_feature_is("enabled", "inst-spec-barrier-ori31,31,0", np))
+       if (fw_feature_is("enabled", "inst-l1d-flush-ori30,30,0", np))
                security_ftr_set(SEC_FTR_L1D_FLUSH_ORI30);
 
        if (fw_feature_is("enabled", "inst-l1d-flush-trig2", np))
@@ -99,11 +99,10 @@ static void pnv_setup_rfi_flush(void)
 {
        struct device_node *np, *fw_features;
        enum l1d_flush_type type;
-       int enable;
+       bool enable;
 
        /* Default to fallback in case fw-features are not available */
        type = L1D_FLUSH_FALLBACK;
-       enable = 1;
 
        np = of_find_node_by_name(NULL, "ibm,opal");
        fw_features = of_get_child_by_name(np, "fw-features");
@@ -111,40 +110,20 @@ static void pnv_setup_rfi_flush(void)
 
        if (fw_features) {
                init_fw_feat_flags(fw_features);
+               of_node_put(fw_features);
 
-               np = of_get_child_by_name(fw_features, "inst-l1d-flush-trig2");
-               if (np && of_property_read_bool(np, "enabled"))
+               if (security_ftr_enabled(SEC_FTR_L1D_FLUSH_TRIG2))
                        type = L1D_FLUSH_MTTRIG;
 
-               of_node_put(np);
-
-               np = of_get_child_by_name(fw_features, "inst-l1d-flush-ori30,30,0");
-               if (np && of_property_read_bool(np, "enabled"))
+               if (security_ftr_enabled(SEC_FTR_L1D_FLUSH_ORI30))
                        type = L1D_FLUSH_ORI;
-
-               of_node_put(np);
-
-               /* Enable unless firmware says NOT to */
-               enable = 2;
-               np = of_get_child_by_name(fw_features, "needs-l1d-flush-msr-hv-1-to-0");
-               if (np && of_property_read_bool(np, "disabled"))
-                       enable--;
-
-               of_node_put(np);
-
-               np = of_get_child_by_name(fw_features, "needs-l1d-flush-msr-pr-0-to-1");
-               if (np && of_property_read_bool(np, "disabled"))
-                       enable--;
-
-               np = of_get_child_by_name(fw_features, "speculation-policy-favor-security");
-               if (np && of_property_read_bool(np, "disabled"))
-                       enable = 0;
-
-               of_node_put(np);
-               of_node_put(fw_features);
        }
 
-       setup_rfi_flush(type, enable > 0);
+       enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) && \
+                (security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR)   || \
+                 security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV));
+
+       setup_rfi_flush(type, enable);
 }
 
 static void __init pnv_setup_arch(void)