Skip to content

Commit f636c14

Browse files
mpempe
committed
powerpc/pseries: Set or clear security feature flags
Now that we have feature flags for security related things, set or clear them based on what we receive from the hypercall. Signed-off-by: Michael Ellerman <[email protected]>
1 parent 9a868f6 commit f636c14

File tree

1 file changed

+43
-0
lines changed
  • arch/powerpc/platforms/pseries

1 file changed

+43
-0
lines changed

arch/powerpc/platforms/pseries/setup.c

Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,7 @@
6868
#include <asm/plpar_wrappers.h>
6969
#include <asm/kexec.h>
7070
#include <asm/isa-bridge.h>
71+
#include <asm/security_features.h>
7172

7273
#include "pseries.h"
7374

@@ -459,6 +460,40 @@ static void __init find_and_init_phbs(void)
459460
of_pci_check_probe_only();
460461
}
461462

463+
static void init_cpu_char_feature_flags(struct h_cpu_char_result *result)
464+
{
465+
if (result->character & H_CPU_CHAR_SPEC_BAR_ORI31)
466+
security_ftr_set(SEC_FTR_SPEC_BAR_ORI31);
467+
468+
if (result->character & H_CPU_CHAR_BCCTRL_SERIALISED)
469+
security_ftr_set(SEC_FTR_BCCTRL_SERIALISED);
470+
471+
if (result->character & H_CPU_CHAR_L1D_FLUSH_ORI30)
472+
security_ftr_set(SEC_FTR_L1D_FLUSH_ORI30);
473+
474+
if (result->character & H_CPU_CHAR_L1D_FLUSH_TRIG2)
475+
security_ftr_set(SEC_FTR_L1D_FLUSH_TRIG2);
476+
477+
if (result->character & H_CPU_CHAR_L1D_THREAD_PRIV)
478+
security_ftr_set(SEC_FTR_L1D_THREAD_PRIV);
479+
480+
if (result->character & H_CPU_CHAR_COUNT_CACHE_DISABLED)
481+
security_ftr_set(SEC_FTR_COUNT_CACHE_DISABLED);
482+
483+
/*
484+
* The features below are enabled by default, so we instead look to see
485+
* if firmware has *disabled* them, and clear them if so.
486+
*/
487+
if (!(result->character & H_CPU_BEHAV_FAVOUR_SECURITY))
488+
security_ftr_clear(SEC_FTR_FAVOUR_SECURITY);
489+
490+
if (!(result->character & H_CPU_BEHAV_L1D_FLUSH_PR))
491+
security_ftr_clear(SEC_FTR_L1D_FLUSH_PR);
492+
493+
if (!(result->character & H_CPU_BEHAV_BNDS_CHK_SPEC_BAR))
494+
security_ftr_clear(SEC_FTR_BNDS_CHK_SPEC_BAR);
495+
}
496+
462497
void pseries_setup_rfi_flush(void)
463498
{
464499
struct h_cpu_char_result result;
@@ -472,6 +507,8 @@ void pseries_setup_rfi_flush(void)
472507

473508
rc = plpar_get_cpu_characteristics(&result);
474509
if (rc == H_SUCCESS) {
510+
init_cpu_char_feature_flags(&result);
511+
475512
if (result.character & H_CPU_CHAR_L1D_FLUSH_TRIG2)
476513
types |= L1D_FLUSH_MTTRIG;
477514
if (result.character & H_CPU_CHAR_L1D_FLUSH_ORI30)
@@ -482,6 +519,12 @@ void pseries_setup_rfi_flush(void)
482519
enable = false;
483520
}
484521

522+
/*
523+
* We're the guest so this doesn't apply to us, clear it to simplify
524+
* handling of it elsewhere.
525+
*/
526+
security_ftr_clear(SEC_FTR_L1D_FLUSH_HV);
527+
485528
setup_rfi_flush(types, enable);
486529
}
487530

0 commit comments

Comments
 (0)