powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()

Now that we have the security flags we can significantly simplify the
code in pnv_setup_rfi_flush(), because we can use the flags instead of
checking device tree properties and because the security flags have
pessimistic defaults.

Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
(cherry picked from commit 37c0bdd00d3ae83369ab60a6712c28e11e6458d5)

CVE-2018-3639 (powerpc)

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

diff --git a/arch/powerpc/platforms/powernv/setup.c b/arch/powerpc/platforms/powernv/setup.c
index 58c4cb5a9564e831c7e02b9166e8514f21cea8b8..f3cad49324d00d27c7ff1efe8aadaa373fe2d7ab 100644 (file)
--- a/arch/powerpc/platforms/powernv/setup.c
+++ b/arch/powerpc/platforms/powernv/setup.c
@@ -65,7 +65,7 @@ static void init_fw_feat_flags(struct device_node *np)
        if (fw_feature_is("enabled", "fw-bcctrl-serialized", np))
                security_ftr_set(SEC_FTR_BCCTRL_SERIALISED);
 
-       if (fw_feature_is("enabled", "inst-spec-barrier-ori31,31,0", np))
+       if (fw_feature_is("enabled", "inst-l1d-flush-ori30,30,0", np))
                security_ftr_set(SEC_FTR_L1D_FLUSH_ORI30);
 
        if (fw_feature_is("enabled", "inst-l1d-flush-trig2", np))
@@ -98,11 +98,10 @@ static void pnv_setup_rfi_flush(void)
 {
        struct device_node *np, *fw_features;
        enum l1d_flush_type type;
-       int enable;
+       bool enable;
 
        /* Default to fallback in case fw-features are not available */
        type = L1D_FLUSH_FALLBACK;
-       enable = 1;
 
        np = of_find_node_by_name(NULL, "ibm,opal");
        fw_features = of_get_child_by_name(np, "fw-features");
@@ -110,40 +109,20 @@ static void pnv_setup_rfi_flush(void)
 
        if (fw_features) {
                init_fw_feat_flags(fw_features);
+               of_node_put(fw_features);
 
-               np = of_get_child_by_name(fw_features, "inst-l1d-flush-trig2");
-               if (np && of_property_read_bool(np, "enabled"))
+               if (security_ftr_enabled(SEC_FTR_L1D_FLUSH_TRIG2))
                        type = L1D_FLUSH_MTTRIG;
 
-               of_node_put(np);
-
-               np = of_get_child_by_name(fw_features, "inst-l1d-flush-ori30,30,0");
-               if (np && of_property_read_bool(np, "enabled"))
+               if (security_ftr_enabled(SEC_FTR_L1D_FLUSH_ORI30))
                        type = L1D_FLUSH_ORI;
-
-               of_node_put(np);
-
-               /* Enable unless firmware says NOT to */
-               enable = 2;
-               np = of_get_child_by_name(fw_features, "needs-l1d-flush-msr-hv-1-to-0");
-               if (np && of_property_read_bool(np, "disabled"))
-                       enable--;
-
-               of_node_put(np);
-
-               np = of_get_child_by_name(fw_features, "needs-l1d-flush-msr-pr-0-to-1");
-               if (np && of_property_read_bool(np, "disabled"))
-                       enable--;
-
-               np = of_get_child_by_name(fw_features, "speculation-policy-favor-security");
-               if (np && of_property_read_bool(np, "disabled"))
-                       enable = 0;
-
-               of_node_put(np);
-               of_node_put(fw_features);
        }
 
-       setup_rfi_flush(type, enable > 0);
+       enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) && \
+                (security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR)   || \
+                 security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV));
+
+       setup_rfi_flush(type, enable);
 }
 
 static void __init pnv_setup_arch(void)