[PATCH 4/4] powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes

Nicholas Piggin npiggin at gmail.com
Tue May 4 19:16:42 AEST 2021 

Excerpts from Joel Stanley's message of May 4, 2021 10:51 am:
> On Mon, 3 May 2021 at 13:04, Nicholas Piggin <npiggin at gmail.com> wrote:
>>
>> These aren't necessarily POWER9 only, and it's not to say some new
>> vulnerability may not get discovered on other processors for which
>> we would like the flexibility of having the workaround enabled by
>> firmware.
>>
>> Remove the restriction that they only apply to POWER9.
> 
> I was wondering how these worked which led me to reviewing your patch.
> From what I could see, these are enabled by default (SEC_FTR_DEFAULT
> in arch/powerpc/include/asm/security_features.h), so unless all
> non-POWER9 machines have set the "please don't" bit in their firmware
> this patch will enable the feature for those machines. Is that what
> you wanted?

Yes. POWER7/8 should be affected (it's similar mechanism that requires
the meltdown RFI flush, which those processors need).

POWER10 we haven't released a bare metal firmware with the right bits
yet. Not urgent at the moment but wouldn't hurt to specify them and
add the Linux code for them.

Thanks,
Nick

> 
>>
>> Signed-off-by: Nicholas Piggin <npiggin at gmail.com>
>> ---
>>  arch/powerpc/platforms/powernv/setup.c | 9 ---------
>>  1 file changed, 9 deletions(-)
>>
>> diff --git a/arch/powerpc/platforms/powernv/setup.c b/arch/powerpc/platforms/powernv/setup.c
>> index a8db3f153063..6ec67223f8c7 100644
>> --- a/arch/powerpc/platforms/powernv/setup.c
>> +++ b/arch/powerpc/platforms/powernv/setup.c
>> @@ -122,15 +122,6 @@ static void pnv_setup_security_mitigations(void)
>>                         type = L1D_FLUSH_ORI;
>>         }
>>
>> -       /*
>> -        * If we are non-Power9 bare metal, we don't need to flush on kernel
>> -        * entry or after user access: they fix a P9 specific vulnerability.
>> -        */
>> -       if (!pvr_version_is(PVR_POWER9)) {
>> -               security_ftr_clear(SEC_FTR_L1D_FLUSH_ENTRY);
>> -               security_ftr_clear(SEC_FTR_L1D_FLUSH_UACCESS);
>> -       }
>> -
>>         enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) && \
>>                  (security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR)   || \
>>                   security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV));
>> --
>> 2.23.0
>>
>

More information about the Linuxppc-dev mailing list