linux/arch/powerpc/kernel
Michael Ellerman aa8a5e0062 powerpc/64s: Add support for RFI flush of L1-D cache
On some CPUs we can prevent the Meltdown vulnerability by flushing the
L1-D cache on exit from kernel to user mode, and from hypervisor to
guest.

This is known to be the case on at least Power7, Power8 and Power9. At
this time we do not know the status of the vulnerability on other CPUs
such as the 970 (Apple G5), pasemi CPUs (AmigaOne X1000) or Freescale
CPUs. As more information comes to light we can enable this, or other
mechanisms on those CPUs.

The vulnerability occurs when the load of an architecturally
inaccessible memory region (eg. userspace load of kernel memory) is
speculatively executed to the point where its result can influence the
address of a subsequent speculatively executed load.

In order for that to happen, the first load must hit in the L1,
because before the load is sent to the L2 the permission check is
performed. Therefore if no kernel addresses hit in the L1 the
vulnerability can not occur. We can ensure that is the case by
flushing the L1 whenever we return to userspace. Similarly for
hypervisor vs guest.

In order to flush the L1-D cache on exit, we add a section of nops at
each (h)rfi location that returns to a lower privileged context, and
patch that with some sequence. Newer firmwares are able to advertise
to us that there is a special nop instruction that flushes the L1-D.
If we do not see that advertised, we fall back to doing a displacement
flush in software.

For guest kernels we support migration between some CPU versions, and
different CPUs may use different flush instructions. So that we are
prepared to migrate to a machine with a different flush instruction
activated, we may have to patch more than one flush instruction at
boot if the hypervisor tells us to.

In the end this patch is mostly the work of Nicholas Piggin and
Michael Ellerman. However a cast of thousands contributed to analysis
of the issue, earlier versions of the patch, back ports testing etc.
Many thanks to all of them.

Tested-by: Jon Masters <jcm@redhat.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2018-01-10 21:27:06 +11:00
..
trace powerpc updates for 4.15 2017-11-16 12:47:46 -08:00
vdso32 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
vdso64 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
.gitignore
Makefile powerpc updates for 4.15 2017-11-16 12:47:46 -08:00
align.c powerpc: Fix check for copy/paste instructions in alignment handler 2017-10-25 12:42:35 +02:00
asm-offsets.c powerpc/64s: Add support for RFI flush of L1-D cache 2018-01-10 21:27:06 +11:00
audit.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
btext.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
cacheinfo.c powerpc: Convert to using %pOF instead of full_name 2017-08-23 22:27:04 +10:00
cacheinfo.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
compat_audit.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
cpu_setup_6xx.S powerpc: Various typo fixes 2016-06-14 13:58:26 +10:00
cpu_setup_44x.S
cpu_setup_fsl_booke.S powerpc/cache: add cache flush operation for various e500 2016-03-04 23:44:51 -06:00
cpu_setup_pa6t.S
cpu_setup_power.S powerpc/64s: Initialize ISAv3 MMU registers before setting partition table 2017-12-06 23:32:43 +11:00
cpu_setup_ppc970.S
cputable.c powerpc/64s: Fix Power9 DD2.0 workarounds by adding DD2.1 feature 2017-11-15 14:25:42 +11:00
crash.c powerpc/fadump: remove dependency with CONFIG_KEXEC 2017-05-08 17:15:11 -07:00
crash_dump.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
dbell.c powerpc: Introduce msgsnd/doorbell barrier primitives 2017-04-13 23:34:33 +10:00
dma-iommu.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
dma-swiotlb.c treewide: Constify most dma_map_ops structures 2017-01-24 12:23:35 -05:00
dma.c powerpc: merge __dma_set_mask into dma_set_mask 2017-06-28 06:54:55 -07:00
dt_cpu_ftrs.c powerpc/64s: Fix Power9 DD2.1 logic in DT CPU features 2017-11-22 23:17:01 +11:00
eeh.c powerpc/powernv: Rework EEH initialization on powernv 2017-09-26 11:19:07 +10:00
eeh_cache.c powerpc/eeh: Fix pr_debug()s in eeh_cache.c 2016-07-08 22:09:50 +10:00
eeh_dev.c powerpc/eeh: Create PHB PEs after EEH is initialized 2017-09-21 14:56:00 +10:00
eeh_driver.c powerpc updates for 4.15 2017-11-16 12:47:46 -08:00
eeh_event.c powerpc/pci: Always print PHB and PE numbers as hexadecimal 2016-11-22 11:57:07 +11:00
eeh_pe.c powerpc/eeh: Stop using do_gettimeofday() 2017-11-06 17:40:00 +11:00
eeh_sysfs.c powerpc/eeh: Remove unnecessary config_addr from eeh_dev 2017-08-31 14:26:09 +10:00
entry_32.S powerpc/32: Avoid risk of unrecoverable TLBmiss inside entry_32.S 2017-08-15 22:55:53 +10:00
entry_64.S powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL 2018-01-10 03:07:32 +11:00
epapr_hcalls.S ppc: move exports to definitions 2016-08-07 23:50:09 -04:00
epapr_paravirt.c
exceptions-64e.S powerpc/64e: Fix hang when debugging programs with relocated kernel 2017-04-30 01:05:18 -05:00
exceptions-64s.S powerpc/64s: Add support for RFI flush of L1-D cache 2018-01-10 21:27:06 +11:00
fadump.c Revert "powerpc: Do not call ppc_md.panic in fadump panic notifier" 2017-12-05 23:21:46 +11:00
firmware.c
fpu.S Merge branch 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild 2016-10-14 14:26:58 -07:00
fsl_booke_entry_mapping.S License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
head_8xx.S powerpc/8xx: Reduce DTLB miss handler by one insn 2017-08-15 22:55:55 +10:00
head_32.S powerpc: Fix DABR match on hash based systems 2017-11-13 22:12:48 +11:00
head_40x.S ppc: move exports to definitions 2016-08-07 23:50:09 -04:00
head_44x.S ppc: move exports to definitions 2016-08-07 23:50:09 -04:00
head_64.S powerpc/powernv: Avoid waiting for secondary hold spinloop with OPAL 2017-11-10 22:00:54 +11:00
head_booke.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
head_fsl_booke.S ppc: move exports to definitions 2016-08-07 23:50:09 -04:00
hw_breakpoint.c Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/scottwood/linux into next 2017-02-18 21:37:14 +11:00
idle.c
idle_6xx.S
idle_book3e.S
idle_book3s.S powerpc/64s: Fix Power9 DD2.0 workarounds by adding DD2.1 feature 2017-11-15 14:25:42 +11:00
idle_e500.S
idle_power4.S
ima_kexec.c powerpc: ima: send the kexec buffer to the next kernel 2016-12-20 09:48:44 -08:00
io-workarounds.c powerpc: Convert to using %pOF instead of full_name 2017-08-23 22:27:04 +10:00
io.c
iomap.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
iommu.c powerpc/iommu: Use permission-specific DEVICE_ATTR variants 2017-09-01 16:42:54 +10:00
irq.c powerpc/64: Fix latency tracing for lazy irq replay 2017-11-06 16:48:07 +11:00
isa-bridge.c powerpc: Convert to using %pOF instead of full_name 2017-08-23 22:27:04 +10:00
jump_label.c jump_label: Rename JUMP_LABEL_{EN,DIS}ABLE to JUMP_LABEL_{JMP,NOP} 2015-08-03 11:34:12 +02:00
kexec_elf_64.c powerpc: ima: send the kexec buffer to the next kernel 2016-12-20 09:48:44 -08:00
kgdb.c powerpc/8xx: Getting rid of remaining use of CONFIG_8xx 2017-08-10 23:32:12 +10:00
kprobes-ftrace.c powerpc/kprobes: Do not disable interrupts for optprobes and kprobes_on_ftrace 2017-11-12 23:51:41 +11:00
kprobes.c powerpc/kprobes: refactor kprobe_lookup_name for safer string operations 2017-11-12 23:51:43 +11:00
kvm.c powerpc/64: Fix watchdog configuration regressions 2017-08-31 14:26:00 +10:00
kvm_emul.S
l2cr_6xx.S powerpc/l2cr_6xx: Fix invalid use of register expressions 2017-08-15 21:04:32 +10:00
legacy_serial.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
machine_kexec.c powerpc: Update of_remove_property() call sites to remove null checking 2016-05-11 21:54:04 +10:00
machine_kexec_32.c
machine_kexec_64.c powerpc/64s: Replace CONFIG_PPC_STD_MMU_64 with CONFIG_PPC_BOOK3S_64 2017-11-06 16:48:14 +11:00
machine_kexec_file_64.c resource: Provide resource struct in resource walk callback 2017-11-07 15:35:57 +01:00
mce.c powerpc/mce: hookup memory_failure for UE errors 2017-10-16 23:12:02 +11:00
mce_power.c Merge branch 'fixes' into next 2017-11-10 20:55:03 +11:00
misc.S ppc: move exports to definitions 2016-08-07 23:50:09 -04:00
misc_32.S powerpc/40x: Clear MSR_DR in one insn instead of two 2017-06-02 19:20:43 +10:00
misc_64.S powerpc/kexec: Fix kexec/kdump in P9 guest kernels 2017-11-24 16:49:37 +11:00
module.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
module_32.c powerpc/module: Only try to generate the ftrace_caller() stub once 2016-03-07 14:53:53 +11:00
module_64.c powerpc/modules: Use WARN_ON() in stub_for_addr() 2017-10-13 19:41:57 +11:00
msi.c
nvram_64.c powerpc/nvram: use memdup_user 2017-06-27 17:02:50 -07:00
of_platform.c powerpc: Convert to using %pOF instead of full_name 2017-08-23 22:27:04 +10:00
optprobes.c powerpc/kprobes: Do not disable interrupts for optprobes and kprobes_on_ftrace 2017-11-12 23:51:41 +11:00
optprobes_head.S powerpc/kprobes: Don't save/restore DAR/DSISR to/from pt_regs for optprobes 2017-08-24 16:19:01 +10:00
paca.c powerpc/64s: mm_context.addr_limit is only used on hash 2017-11-13 23:35:43 +11:00
pci-common.c vgaarb: Select a default VGA device even if there's no legacy VGA 2017-10-18 10:04:56 +02:00
pci-hotplug.c powerpc/pci: Don't scan empty slot 2016-05-11 21:54:26 +10:00
pci_32.c powerpc: Convert to using %pOF instead of full_name 2017-08-23 22:27:04 +10:00
pci_64.c powerpc/64s: Replace CONFIG_PPC_STD_MMU_64 with CONFIG_PPC_BOOK3S_64 2017-11-06 16:48:14 +11:00
pci_dn.c powerpc/pci: Remove OF node back pointer from pci_dn 2017-08-31 14:26:12 +10:00
pci_of_scan.c powerpc: Convert to using %pOF instead of full_name 2017-08-23 22:27:04 +10:00
pmc.c
ppc32.h
ppc_save_regs.S
proc_powerpc.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
process.c powerpc/kernel: Print actual address of regs when oopsing 2017-12-19 13:09:40 +11:00
prom.c powerpc/64s: Replace CONFIG_PPC_STD_MMU_64 with CONFIG_PPC_BOOK3S_64 2017-11-06 16:48:14 +11:00
prom_init.c powerpc/xive: add XIVE Exploitation Mode to CAS 2017-09-02 21:02:38 +10:00
prom_init_check.sh
prom_parse.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ptrace.c powerpc/tm: Flush TM only if CPU has TM feature 2017-09-20 13:30:09 +10:00
ptrace32.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
reloc_32.S
reloc_64.S powerpc/asm: Convert .llong directives to .8byte 2017-08-31 14:26:47 +10:00
rtas-proc.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
rtas-rtc.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
rtas.c locking/arch, powerpc/rtas: Use arch_spin_lock() instead of arch_spin_lock_flags() 2017-10-18 15:15:07 +02:00
rtas_flash.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
rtas_pci.c powerpc/kernel: Change retrieval of pci_dn 2017-08-31 14:26:40 +10:00
rtasd.c powerpc: Only obtain cpu_hotplug_lock if called by rtasd 2017-06-23 09:32:11 +02:00
setup-common.c Revert "powerpc: Do not call ppc_md.panic in fadump panic notifier" 2017-12-05 23:21:46 +11:00
setup.h powerpc/64: Set DSCR default initially from SPR 2017-11-10 22:11:35 +11:00
setup_32.c powerpc/32: remove a NOP from memset() 2017-09-01 16:42:46 +10:00
setup_64.c powerpc/64s: Add support for RFI flush of L1-D cache 2018-01-10 21:27:06 +11:00
signal.c powerpc/signal: Properly handle return value from uprobe_deny_signal() 2017-11-13 10:53:05 +11:00
signal.h powerpc: tm: Rename transct_(*) to ck(\1)_state 2016-10-04 20:33:16 +11:00
signal_32.c Merge branch 'misc.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-11-17 11:54:55 -08:00
signal_64.c powerpc updates for 4.15 2017-11-16 12:47:46 -08:00
smp-tbsync.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
smp.c powerpc/smp: Add Power9 scheduler topology 2017-08-31 18:16:08 +10:00
stacktrace.c powerpc: Make /proc/self/stack always print the current stack 2017-03-28 14:43:59 +11:00
suspend.c
swsusp.c powerpc/swsusp: Include suspend.h to silence sparse warnings 2017-03-20 19:02:49 +11:00
swsusp_32.S License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
swsusp_64.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/nmi.h> 2017-03-02 08:42:30 +01:00
swsusp_asm64.S powerpc: Fix invalid use of register expressions 2017-08-10 22:29:41 +10:00
swsusp_booke.S License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sys_ppc32.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
syscalls.c powerpc/tracing: Allow tracing of mmap syscalls 2017-04-12 22:32:43 +10:00
sysfs.c powerpc/64: Set DSCR default initially from SPR 2017-11-10 22:11:35 +11:00
systbl.S powerpc/asm: Convert .llong directives to .8byte 2017-08-31 14:26:47 +10:00
systbl_chk.c powerpc: Standardise on NR_syscalls rather than __NR_syscalls. 2015-11-26 22:11:17 +11:00
systbl_chk.sh powerpc: Standardise on NR_syscalls rather than __NR_syscalls. 2015-11-26 22:11:17 +11:00
tau_6xx.c treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
time.c powerpc: use spin loop primitives in some functions 2017-07-02 20:40:24 +10:00
tm.S powerpc updates for 4.15 2017-11-16 12:47:46 -08:00
traps.c powerpc: Remove facility loadups on transactional {fp, vec, vsx} unavailable 2017-11-06 20:39:34 +11:00
udbg.c
udbg_16550.c
uprobes.c powerpc/uprobes: Implement arch_uretprobe_is_alive() 2017-08-24 16:19:21 +10:00
vdso.c powerpc/64: Clean up ppc64_caches using a struct per cache 2017-02-06 19:46:04 +11:00
vecemu.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
vector.S License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
vmlinux.lds.S powerpc/64s: Add support for RFI flush of L1-D cache 2018-01-10 21:27:06 +11:00
watchdog.c powerpc updates for 4.15 2017-11-16 12:47:46 -08:00