1 // SPDX-License-Identifier: GPL-2.0+ 2 // 3 // Security related flags and so on. 4 // 5 // Copyright 2018, Michael Ellerman, IBM Corporation. 6 7 #include <linux/kernel.h> 8 #include <linux/device.h> 9 #include <linux/seq_buf.h> 10 11 #include <asm/debugfs.h> 12 #include <asm/security_features.h> 13 #include <asm/setup.h> 14 15 16 unsigned long powerpc_security_features __read_mostly = SEC_FTR_DEFAULT; 17 18 bool barrier_nospec_enabled; 19 20 static void enable_barrier_nospec(bool enable) 21 { 22 barrier_nospec_enabled = enable; 23 do_barrier_nospec_fixups(enable); 24 } 25 26 void setup_barrier_nospec(void) 27 { 28 bool enable; 29 30 /* 31 * It would make sense to check SEC_FTR_SPEC_BAR_ORI31 below as well. 32 * But there's a good reason not to. The two flags we check below are 33 * both are enabled by default in the kernel, so if the hcall is not 34 * functional they will be enabled. 35 * On a system where the host firmware has been updated (so the ori 36 * functions as a barrier), but on which the hypervisor (KVM/Qemu) has 37 * not been updated, we would like to enable the barrier. Dropping the 38 * check for SEC_FTR_SPEC_BAR_ORI31 achieves that. The only downside is 39 * we potentially enable the barrier on systems where the host firmware 40 * is not updated, but that's harmless as it's a no-op. 41 */ 42 enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) && 43 security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR); 44 45 enable_barrier_nospec(enable); 46 } 47 48 #ifdef CONFIG_DEBUG_FS 49 static int barrier_nospec_set(void *data, u64 val) 50 { 51 switch (val) { 52 case 0: 53 case 1: 54 break; 55 default: 56 return -EINVAL; 57 } 58 59 if (!!val == !!barrier_nospec_enabled) 60 return 0; 61 62 enable_barrier_nospec(!!val); 63 64 return 0; 65 } 66 67 static int barrier_nospec_get(void *data, u64 *val) 68 { 69 *val = barrier_nospec_enabled ? 1 : 0; 70 return 0; 71 } 72 73 DEFINE_SIMPLE_ATTRIBUTE(fops_barrier_nospec, 74 barrier_nospec_get, barrier_nospec_set, "%llu\n"); 75 76 static __init int barrier_nospec_debugfs_init(void) 77 { 78 debugfs_create_file("barrier_nospec", 0600, powerpc_debugfs_root, NULL, 79 &fops_barrier_nospec); 80 return 0; 81 } 82 device_initcall(barrier_nospec_debugfs_init); 83 #endif /* CONFIG_DEBUG_FS */ 84 85 ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf) 86 { 87 bool thread_priv; 88 89 thread_priv = security_ftr_enabled(SEC_FTR_L1D_THREAD_PRIV); 90 91 if (rfi_flush || thread_priv) { 92 struct seq_buf s; 93 seq_buf_init(&s, buf, PAGE_SIZE - 1); 94 95 seq_buf_printf(&s, "Mitigation: "); 96 97 if (rfi_flush) 98 seq_buf_printf(&s, "RFI Flush"); 99 100 if (rfi_flush && thread_priv) 101 seq_buf_printf(&s, ", "); 102 103 if (thread_priv) 104 seq_buf_printf(&s, "L1D private per thread"); 105 106 seq_buf_printf(&s, "\n"); 107 108 return s.len; 109 } 110 111 if (!security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV) && 112 !security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR)) 113 return sprintf(buf, "Not affected\n"); 114 115 return sprintf(buf, "Vulnerable\n"); 116 } 117 118 ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, char *buf) 119 { 120 if (!security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR)) 121 return sprintf(buf, "Not affected\n"); 122 123 if (barrier_nospec_enabled) 124 return sprintf(buf, "Mitigation: __user pointer sanitization\n"); 125 126 return sprintf(buf, "Vulnerable\n"); 127 } 128 129 ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf) 130 { 131 bool bcs, ccd, ori; 132 struct seq_buf s; 133 134 seq_buf_init(&s, buf, PAGE_SIZE - 1); 135 136 bcs = security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED); 137 ccd = security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED); 138 ori = security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31); 139 140 if (bcs || ccd) { 141 seq_buf_printf(&s, "Mitigation: "); 142 143 if (bcs) 144 seq_buf_printf(&s, "Indirect branch serialisation (kernel only)"); 145 146 if (bcs && ccd) 147 seq_buf_printf(&s, ", "); 148 149 if (ccd) 150 seq_buf_printf(&s, "Indirect branch cache disabled"); 151 } else 152 seq_buf_printf(&s, "Vulnerable"); 153 154 if (ori) 155 seq_buf_printf(&s, ", ori31 speculation barrier enabled"); 156 157 seq_buf_printf(&s, "\n"); 158 159 return s.len; 160 } 161 162 /* 163 * Store-forwarding barrier support. 164 */ 165 166 static enum stf_barrier_type stf_enabled_flush_types; 167 static bool no_stf_barrier; 168 bool stf_barrier; 169 170 static int __init handle_no_stf_barrier(char *p) 171 { 172 pr_info("stf-barrier: disabled on command line."); 173 no_stf_barrier = true; 174 return 0; 175 } 176 177 early_param("no_stf_barrier", handle_no_stf_barrier); 178 179 /* This is the generic flag used by other architectures */ 180 static int __init handle_ssbd(char *p) 181 { 182 if (!p || strncmp(p, "auto", 5) == 0 || strncmp(p, "on", 2) == 0 ) { 183 /* Until firmware tells us, we have the barrier with auto */ 184 return 0; 185 } else if (strncmp(p, "off", 3) == 0) { 186 handle_no_stf_barrier(NULL); 187 return 0; 188 } else 189 return 1; 190 191 return 0; 192 } 193 early_param("spec_store_bypass_disable", handle_ssbd); 194 195 /* This is the generic flag used by other architectures */ 196 static int __init handle_no_ssbd(char *p) 197 { 198 handle_no_stf_barrier(NULL); 199 return 0; 200 } 201 early_param("nospec_store_bypass_disable", handle_no_ssbd); 202 203 static void stf_barrier_enable(bool enable) 204 { 205 if (enable) 206 do_stf_barrier_fixups(stf_enabled_flush_types); 207 else 208 do_stf_barrier_fixups(STF_BARRIER_NONE); 209 210 stf_barrier = enable; 211 } 212 213 void setup_stf_barrier(void) 214 { 215 enum stf_barrier_type type; 216 bool enable, hv; 217 218 hv = cpu_has_feature(CPU_FTR_HVMODE); 219 220 /* Default to fallback in case fw-features are not available */ 221 if (cpu_has_feature(CPU_FTR_ARCH_300)) 222 type = STF_BARRIER_EIEIO; 223 else if (cpu_has_feature(CPU_FTR_ARCH_207S)) 224 type = STF_BARRIER_SYNC_ORI; 225 else if (cpu_has_feature(CPU_FTR_ARCH_206)) 226 type = STF_BARRIER_FALLBACK; 227 else 228 type = STF_BARRIER_NONE; 229 230 enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) && 231 (security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR) || 232 (security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV) && hv)); 233 234 if (type == STF_BARRIER_FALLBACK) { 235 pr_info("stf-barrier: fallback barrier available\n"); 236 } else if (type == STF_BARRIER_SYNC_ORI) { 237 pr_info("stf-barrier: hwsync barrier available\n"); 238 } else if (type == STF_BARRIER_EIEIO) { 239 pr_info("stf-barrier: eieio barrier available\n"); 240 } 241 242 stf_enabled_flush_types = type; 243 244 if (!no_stf_barrier) 245 stf_barrier_enable(enable); 246 } 247 248 ssize_t cpu_show_spec_store_bypass(struct device *dev, struct device_attribute *attr, char *buf) 249 { 250 if (stf_barrier && stf_enabled_flush_types != STF_BARRIER_NONE) { 251 const char *type; 252 switch (stf_enabled_flush_types) { 253 case STF_BARRIER_EIEIO: 254 type = "eieio"; 255 break; 256 case STF_BARRIER_SYNC_ORI: 257 type = "hwsync"; 258 break; 259 case STF_BARRIER_FALLBACK: 260 type = "fallback"; 261 break; 262 default: 263 type = "unknown"; 264 } 265 return sprintf(buf, "Mitigation: Kernel entry/exit barrier (%s)\n", type); 266 } 267 268 if (!security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV) && 269 !security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR)) 270 return sprintf(buf, "Not affected\n"); 271 272 return sprintf(buf, "Vulnerable\n"); 273 } 274 275 #ifdef CONFIG_DEBUG_FS 276 static int stf_barrier_set(void *data, u64 val) 277 { 278 bool enable; 279 280 if (val == 1) 281 enable = true; 282 else if (val == 0) 283 enable = false; 284 else 285 return -EINVAL; 286 287 /* Only do anything if we're changing state */ 288 if (enable != stf_barrier) 289 stf_barrier_enable(enable); 290 291 return 0; 292 } 293 294 static int stf_barrier_get(void *data, u64 *val) 295 { 296 *val = stf_barrier ? 1 : 0; 297 return 0; 298 } 299 300 DEFINE_SIMPLE_ATTRIBUTE(fops_stf_barrier, stf_barrier_get, stf_barrier_set, "%llu\n"); 301 302 static __init int stf_barrier_debugfs_init(void) 303 { 304 debugfs_create_file("stf_barrier", 0600, powerpc_debugfs_root, NULL, &fops_stf_barrier); 305 return 0; 306 } 307 device_initcall(stf_barrier_debugfs_init); 308 #endif /* CONFIG_DEBUG_FS */ 309