mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-11 08:18:47 +00:00
7794b1d418
Highlights: - Infrastructure for secure boot on some bare metal Power9 machines. The firmware support is still in development, so the code here won't actually activate secure boot on any existing systems. - A change to xmon (our crash handler / pseudo-debugger) to restrict it to read-only mode when the kernel is lockdown'ed, otherwise it's trivial to drop into xmon and modify kernel data, such as the lockdown state. - Support for KASLR on 32-bit BookE machines (Freescale / NXP). - Fixes for our flush_icache_range() and __kernel_sync_dicache() (VDSO) to work with memory ranges >4GB. - Some reworks of the pseries CMM (Cooperative Memory Management) driver to make it behave more like other balloon drivers and enable some cleanups of generic mm code. - A series of fixes to our hardware breakpoint support to properly handle unaligned watchpoint addresses. Plus a bunch of other smaller improvements, fixes and cleanups. Thanks to: Alastair D'Silva, Andrew Donnellan, Aneesh Kumar K.V, Anthony Steinhauser, Cédric Le Goater, Chris Packham, Chris Smart, Christophe Leroy, Christopher M. Riedl, Christoph Hellwig, Claudio Carvalho, Daniel Axtens, David Hildenbrand, Deb McLemore, Diana Craciun, Eric Richter, Geert Uytterhoeven, Greg Kroah-Hartman, Greg Kurz, Gustavo L. F. Walbon, Hari Bathini, Harish, Jason Yan, Krzysztof Kozlowski, Leonardo Bras, Mathieu Malaterre, Mauro S. M. Rodrigues, Michal Suchanek, Mimi Zohar, Nathan Chancellor, Nathan Lynch, Nayna Jain, Nick Desaulniers, Oliver O'Halloran, Qian Cai, Rasmus Villemoes, Ravi Bangoria, Sam Bobroff, Santosh Sivaraj, Scott Wood, Thomas Huth, Tyrel Datwyler, Vaibhav Jain, Valentin Longchamp, YueHaibing. -----BEGIN PGP SIGNATURE----- iQJHBAABCAAxFiEEJFGtCPCthwEv2Y/bUevqPMjhpYAFAl3hBycTHG1wZUBlbGxl cm1hbi5pZC5hdQAKCRBR6+o8yOGlgApBEACk91MEQDYJ9MF9I6uN+85qb5p4pMsp rGzqnpt+XFidbDAc3eP63pYfIDSo3jtkQ2YL7shAnDOTvkO0md+Vqkl9Aq/G6FIf lDBlwbgkXMSxS/O2Lpvfn4NZAoK6dKmiV55LSgfliM62X3e2Saeg6TR55wBTgJ6/ SlYPDwZfcVHOAiFS3UmfB+hkiIZk+AI5Zr5VAZvT2ZmeH36yAWkq4JgJI1uAk6m1 /7iCnlfUjx/nl/BhnA3kjjmAgGCJ5s/WuVgwFMz47XpMBWGBhLWpMh/NqDTFb8ca kpiVQoVPQe2xyO3pL/kOwBy6sii26ftfHDhLKMy1hJdEhVQzS5LerPIMeh1qsU8Q hV/Cj+jfsrS/vBDOehj3jwx93t+861PmTOqgLnpYQ6Ltrt+2B/74+fufGMHE1kI3 Ffo7xvNw4sw6bSziDxDFqUx2P1dFN5D5EJsJsYM98ekkVAAkzNqCDRvfD2QI8Pif VXWPYXqtNJTrVPJA0D7Yfo9FDNwhANd0f1zi7r/U5mVXBFUyKOlGqTQSkXgMrVeK 3I7wHPOVGgdA5UUkfcd3pcuqsY081U9E//o5PUfj8ybO5JCwly8NoatbG+xHmKia a72uJT8MjCo9mGCHKDrwi9l/kqms6ZSv8RP+yMhGuB52YoiGc6PpVyab5jXIUd1N yTtBlC0YGW1JYw== =JHzg -----END PGP SIGNATURE----- Merge tag 'powerpc-5.5-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc updates from Michael Ellerman: "Highlights: - Infrastructure for secure boot on some bare metal Power9 machines. The firmware support is still in development, so the code here won't actually activate secure boot on any existing systems. - A change to xmon (our crash handler / pseudo-debugger) to restrict it to read-only mode when the kernel is lockdown'ed, otherwise it's trivial to drop into xmon and modify kernel data, such as the lockdown state. - Support for KASLR on 32-bit BookE machines (Freescale / NXP). - Fixes for our flush_icache_range() and __kernel_sync_dicache() (VDSO) to work with memory ranges >4GB. - Some reworks of the pseries CMM (Cooperative Memory Management) driver to make it behave more like other balloon drivers and enable some cleanups of generic mm code. - A series of fixes to our hardware breakpoint support to properly handle unaligned watchpoint addresses. Plus a bunch of other smaller improvements, fixes and cleanups. Thanks to: Alastair D'Silva, Andrew Donnellan, Aneesh Kumar K.V, Anthony Steinhauser, Cédric Le Goater, Chris Packham, Chris Smart, Christophe Leroy, Christopher M. Riedl, Christoph Hellwig, Claudio Carvalho, Daniel Axtens, David Hildenbrand, Deb McLemore, Diana Craciun, Eric Richter, Geert Uytterhoeven, Greg Kroah-Hartman, Greg Kurz, Gustavo L. F. Walbon, Hari Bathini, Harish, Jason Yan, Krzysztof Kozlowski, Leonardo Bras, Mathieu Malaterre, Mauro S. M. Rodrigues, Michal Suchanek, Mimi Zohar, Nathan Chancellor, Nathan Lynch, Nayna Jain, Nick Desaulniers, Oliver O'Halloran, Qian Cai, Rasmus Villemoes, Ravi Bangoria, Sam Bobroff, Santosh Sivaraj, Scott Wood, Thomas Huth, Tyrel Datwyler, Vaibhav Jain, Valentin Longchamp, YueHaibing" * tag 'powerpc-5.5-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: (144 commits) powerpc/fixmap: fix crash with HIGHMEM x86/efi: remove unused variables powerpc: Define arch_is_kernel_initmem_freed() for lockdep powerpc/prom_init: Use -ffreestanding to avoid a reference to bcmp powerpc: Avoid clang warnings around setjmp and longjmp powerpc: Don't add -mabi= flags when building with Clang powerpc: Fix Kconfig indentation powerpc/fixmap: don't clear fixmap area in paging_init() selftests/powerpc: spectre_v2 test must be built 64-bit powerpc/powernv: Disable native PCIe port management powerpc/kexec: Move kexec files into a dedicated subdir. powerpc/32: Split kexec low level code out of misc_32.S powerpc/sysdev: drop simple gpio powerpc/83xx: map IMMR with a BAT. powerpc/32s: automatically allocate BAT in setbat() powerpc/ioremap: warn on early use of ioremap() powerpc: Add support for GENERIC_EARLY_IOREMAP powerpc/fixmap: Use __fix_to_virt() instead of fix_to_virt() powerpc/8xx: use the fixmapped IMMR in cpm_reset() powerpc/8xx: add __init to cpm1 init functions ...
96 lines
2.7 KiB
C
96 lines
2.7 KiB
C
/* SPDX-License-Identifier: GPL-2.0+ */
|
|
/*
|
|
* Security related feature bit definitions.
|
|
*
|
|
* Copyright 2018, Michael Ellerman, IBM Corporation.
|
|
*/
|
|
|
|
#ifndef _ASM_POWERPC_SECURITY_FEATURES_H
|
|
#define _ASM_POWERPC_SECURITY_FEATURES_H
|
|
|
|
|
|
extern u64 powerpc_security_features;
|
|
extern bool rfi_flush;
|
|
|
|
/* These are bit flags */
|
|
enum stf_barrier_type {
|
|
STF_BARRIER_NONE = 0x1,
|
|
STF_BARRIER_FALLBACK = 0x2,
|
|
STF_BARRIER_EIEIO = 0x4,
|
|
STF_BARRIER_SYNC_ORI = 0x8,
|
|
};
|
|
|
|
void setup_stf_barrier(void);
|
|
void do_stf_barrier_fixups(enum stf_barrier_type types);
|
|
void setup_count_cache_flush(void);
|
|
|
|
static inline void security_ftr_set(u64 feature)
|
|
{
|
|
powerpc_security_features |= feature;
|
|
}
|
|
|
|
static inline void security_ftr_clear(u64 feature)
|
|
{
|
|
powerpc_security_features &= ~feature;
|
|
}
|
|
|
|
static inline bool security_ftr_enabled(u64 feature)
|
|
{
|
|
return !!(powerpc_security_features & feature);
|
|
}
|
|
|
|
|
|
// Features indicating support for Spectre/Meltdown mitigations
|
|
|
|
// The L1-D cache can be flushed with ori r30,r30,0
|
|
#define SEC_FTR_L1D_FLUSH_ORI30 0x0000000000000001ull
|
|
|
|
// The L1-D cache can be flushed with mtspr 882,r0 (aka SPRN_TRIG2)
|
|
#define SEC_FTR_L1D_FLUSH_TRIG2 0x0000000000000002ull
|
|
|
|
// ori r31,r31,0 acts as a speculation barrier
|
|
#define SEC_FTR_SPEC_BAR_ORI31 0x0000000000000004ull
|
|
|
|
// Speculation past bctr is disabled
|
|
#define SEC_FTR_BCCTRL_SERIALISED 0x0000000000000008ull
|
|
|
|
// Entries in L1-D are private to a SMT thread
|
|
#define SEC_FTR_L1D_THREAD_PRIV 0x0000000000000010ull
|
|
|
|
// Indirect branch prediction cache disabled
|
|
#define SEC_FTR_COUNT_CACHE_DISABLED 0x0000000000000020ull
|
|
|
|
// bcctr 2,0,0 triggers a hardware assisted count cache flush
|
|
#define SEC_FTR_BCCTR_FLUSH_ASSIST 0x0000000000000800ull
|
|
|
|
|
|
// Features indicating need for Spectre/Meltdown mitigations
|
|
|
|
// The L1-D cache should be flushed on MSR[HV] 1->0 transition (hypervisor to guest)
|
|
#define SEC_FTR_L1D_FLUSH_HV 0x0000000000000040ull
|
|
|
|
// The L1-D cache should be flushed on MSR[PR] 0->1 transition (kernel to userspace)
|
|
#define SEC_FTR_L1D_FLUSH_PR 0x0000000000000080ull
|
|
|
|
// A speculation barrier should be used for bounds checks (Spectre variant 1)
|
|
#define SEC_FTR_BNDS_CHK_SPEC_BAR 0x0000000000000100ull
|
|
|
|
// Firmware configuration indicates user favours security over performance
|
|
#define SEC_FTR_FAVOUR_SECURITY 0x0000000000000200ull
|
|
|
|
// Software required to flush count cache on context switch
|
|
#define SEC_FTR_FLUSH_COUNT_CACHE 0x0000000000000400ull
|
|
|
|
// Software required to flush link stack on context switch
|
|
#define SEC_FTR_FLUSH_LINK_STACK 0x0000000000001000ull
|
|
|
|
|
|
// Features enabled by default
|
|
#define SEC_FTR_DEFAULT \
|
|
(SEC_FTR_L1D_FLUSH_HV | \
|
|
SEC_FTR_L1D_FLUSH_PR | \
|
|
SEC_FTR_BNDS_CHK_SPEC_BAR | \
|
|
SEC_FTR_FAVOUR_SECURITY)
|
|
|
|
#endif /* _ASM_POWERPC_SECURITY_FEATURES_H */
|