]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commitdiff
projects / mirror_ubuntu-artful-kernel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 162ff40)
powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
authorMichael Ellerman <mpe@ellerman.id.au>
Tue, 27 Mar 2018 12:01:51 +0000 (23:01 +1100)
committerStefan Bader <stefan.bader@canonical.com>
Tue, 15 May 2018 05:35:37 +0000 (07:35 +0200)
Now that we have the security flags we can simplify the code in
pseries_setup_rfi_flush() because the security flags have pessimistic
defaults.

Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
(cherry picked from commit 2e4a16161fcd324b1f9bf6cb6856529f7eaf0689)

CVE-2018-3639 (powerpc)

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
arch/powerpc/platforms/pseries/setup.c patch | blob | blame | history

diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c
index 1b7c3a233a6c489731e6435d044d295d128387a7..556e3507e685c71c3006e1c08c979623f4e63700 100644 (file)
--- a/arch/powerpc/platforms/pseries/setup.c
+++ b/arch/powerpc/platforms/pseries/setup.c
@@ -497,30 +497,27 @@ static void pseries_setup_rfi_flush(void)
        bool enable;
        long rc;
 
-       /* Enable by default */
-       enable = true;
-       types = L1D_FLUSH_FALLBACK;
-
        rc = plpar_get_cpu_characteristics(&result);
-       if (rc == H_SUCCESS) {
+       if (rc == H_SUCCESS)
                init_cpu_char_feature_flags(&result);
 
-               if (result.character & H_CPU_CHAR_L1D_FLUSH_TRIG2)
-                       types |= L1D_FLUSH_MTTRIG;
-               if (result.character & H_CPU_CHAR_L1D_FLUSH_ORI30)
-                       types |= L1D_FLUSH_ORI;
-
-               if ((!(result.behaviour & H_CPU_BEHAV_L1D_FLUSH_PR)) ||
-                   (!(result.behaviour & H_CPU_BEHAV_FAVOUR_SECURITY)))
-                       enable = false;
-       }
-
        /*
         * We're the guest so this doesn't apply to us, clear it to simplify
         * handling of it elsewhere.
         */
        security_ftr_clear(SEC_FTR_L1D_FLUSH_HV);
 
+       types = L1D_FLUSH_FALLBACK;
+
+       if (security_ftr_enabled(SEC_FTR_L1D_FLUSH_TRIG2))
+               types |= L1D_FLUSH_MTTRIG;
+
+       if (security_ftr_enabled(SEC_FTR_L1D_FLUSH_ORI30))
+               types |= L1D_FLUSH_ORI;
+
+       enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) && \
+                security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR);
+
        setup_rfi_flush(types, enable);
 }
 
Ubuntu Artful kernel mirror