OpenCloudOS-Kernel/arch/powerpc/kernel/security.c

// SPDX-License-Identifier: GPL-2.0+
//
// Security related flags and so on.
//
// Copyright 2018, Michael Ellerman, IBM Corporation.

#include <linux/kernel.h>
#include <linux/device.h>

#include <asm/security_features.h>


unsigned long powerpc_security_features __read_mostly = \
	SEC_FTR_L1D_FLUSH_HV | \
	SEC_FTR_L1D_FLUSH_PR | \
	SEC_FTR_BNDS_CHK_SPEC_BAR | \
	SEC_FTR_FAVOUR_SECURITY;


ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf)
{
	if (rfi_flush)
		return sprintf(buf, "Mitigation: RFI Flush\n");

	return sprintf(buf, "Vulnerable\n");
}
powerpc: Add security feature flags for Spectre/Meltdown This commit adds security feature flags to reflect the settings we receive from firmware regarding Spectre/Meltdown mitigations. The feature names reflect the names we are given by firmware on bare metal machines. See the hostboot source for details. Arguably these could be firmware features, but that then requires them to be read early in boot so they're available prior to asm feature patching, but we don't actually want to use them for patching. We may also want to dynamically update them in future, which would be incompatible with the way firmware features work (at the moment at least). So for now just make them separate flags. Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> 2018-03-27 20:01:44 +08:00			`// SPDX-License-Identifier: GPL-2.0+`
			`//`
			`// Security related flags and so on.`
			`//`
			`// Copyright 2018, Michael Ellerman, IBM Corporation.`

			`#include <linux/kernel.h>`
powerpc/64s: Move cpu_show_meltdown() This landed in setup_64.c for no good reason other than we had nowhere else to put it. Now that we have a security-related file, that is a better place for it so move it. Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> 2018-03-27 20:01:48 +08:00			`#include <linux/device.h>`

powerpc: Add security feature flags for Spectre/Meltdown This commit adds security feature flags to reflect the settings we receive from firmware regarding Spectre/Meltdown mitigations. The feature names reflect the names we are given by firmware on bare metal machines. See the hostboot source for details. Arguably these could be firmware features, but that then requires them to be read early in boot so they're available prior to asm feature patching, but we don't actually want to use them for patching. We may also want to dynamically update them in future, which would be incompatible with the way firmware features work (at the moment at least). So for now just make them separate flags. Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> 2018-03-27 20:01:44 +08:00			`#include <asm/security_features.h>`


			`unsigned long powerpc_security_features __read_mostly = \`
			`SEC_FTR_L1D_FLUSH_HV \| \`
			`SEC_FTR_L1D_FLUSH_PR \| \`
			`SEC_FTR_BNDS_CHK_SPEC_BAR \| \`
			`SEC_FTR_FAVOUR_SECURITY;`
powerpc/64s: Move cpu_show_meltdown() This landed in setup_64.c for no good reason other than we had nowhere else to put it. Now that we have a security-related file, that is a better place for it so move it. Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> 2018-03-27 20:01:48 +08:00

			`ssize_t cpu_show_meltdown(struct device dev, struct device_attribute attr, char *buf)`
			`{`
			`if (rfi_flush)`
			`return sprintf(buf, "Mitigation: RFI Flush\n");`

			`return sprintf(buf, "Vulnerable\n");`
			`}`