Commit | Line | Data |
---|---|---|
9a868f63 ME |
1 | /* SPDX-License-Identifier: GPL-2.0+ */ |
2 | /* | |
3 | * Security related feature bit definitions. | |
4 | * | |
5 | * Copyright 2018, Michael Ellerman, IBM Corporation. | |
6 | */ | |
7 | ||
8 | #ifndef _ASM_POWERPC_SECURITY_FEATURES_H | |
9 | #define _ASM_POWERPC_SECURITY_FEATURES_H | |
10 | ||
11 | ||
12 | extern unsigned long powerpc_security_features; | |
ff348355 | 13 | extern bool rfi_flush; |
9a868f63 | 14 | |
a048a07d NP |
15 | /* These are bit flags */ |
16 | enum stf_barrier_type { | |
17 | STF_BARRIER_NONE = 0x1, | |
18 | STF_BARRIER_FALLBACK = 0x2, | |
19 | STF_BARRIER_EIEIO = 0x4, | |
20 | STF_BARRIER_SYNC_ORI = 0x8, | |
21 | }; | |
22 | ||
23 | void setup_stf_barrier(void); | |
24 | void do_stf_barrier_fixups(enum stf_barrier_type types); | |
ee13cb24 | 25 | void setup_count_cache_flush(void); |
a048a07d | 26 | |
9a868f63 ME |
27 | static inline void security_ftr_set(unsigned long feature) |
28 | { | |
29 | powerpc_security_features |= feature; | |
30 | } | |
31 | ||
32 | static inline void security_ftr_clear(unsigned long feature) | |
33 | { | |
34 | powerpc_security_features &= ~feature; | |
35 | } | |
36 | ||
37 | static inline bool security_ftr_enabled(unsigned long feature) | |
38 | { | |
39 | return !!(powerpc_security_features & feature); | |
40 | } | |
41 | ||
42 | ||
43 | // Features indicating support for Spectre/Meltdown mitigations | |
44 | ||
45 | // The L1-D cache can be flushed with ori r30,r30,0 | |
46 | #define SEC_FTR_L1D_FLUSH_ORI30 0x0000000000000001ull | |
47 | ||
48 | // The L1-D cache can be flushed with mtspr 882,r0 (aka SPRN_TRIG2) | |
49 | #define SEC_FTR_L1D_FLUSH_TRIG2 0x0000000000000002ull | |
50 | ||
51 | // ori r31,r31,0 acts as a speculation barrier | |
52 | #define SEC_FTR_SPEC_BAR_ORI31 0x0000000000000004ull | |
53 | ||
54 | // Speculation past bctr is disabled | |
55 | #define SEC_FTR_BCCTRL_SERIALISED 0x0000000000000008ull | |
56 | ||
57 | // Entries in L1-D are private to a SMT thread | |
58 | #define SEC_FTR_L1D_THREAD_PRIV 0x0000000000000010ull | |
59 | ||
60 | // Indirect branch prediction cache disabled | |
61 | #define SEC_FTR_COUNT_CACHE_DISABLED 0x0000000000000020ull | |
62 | ||
dc8c6cce ME |
63 | // bcctr 2,0,0 triggers a hardware assisted count cache flush |
64 | #define SEC_FTR_BCCTR_FLUSH_ASSIST 0x0000000000000800ull | |
65 | ||
9a868f63 ME |
66 | |
67 | // Features indicating need for Spectre/Meltdown mitigations | |
68 | ||
69 | // The L1-D cache should be flushed on MSR[HV] 1->0 transition (hypervisor to guest) | |
70 | #define SEC_FTR_L1D_FLUSH_HV 0x0000000000000040ull | |
71 | ||
72 | // The L1-D cache should be flushed on MSR[PR] 0->1 transition (kernel to userspace) | |
73 | #define SEC_FTR_L1D_FLUSH_PR 0x0000000000000080ull | |
74 | ||
75 | // A speculation barrier should be used for bounds checks (Spectre variant 1) | |
76 | #define SEC_FTR_BNDS_CHK_SPEC_BAR 0x0000000000000100ull | |
77 | ||
78 | // Firmware configuration indicates user favours security over performance | |
79 | #define SEC_FTR_FAVOUR_SECURITY 0x0000000000000200ull | |
80 | ||
dc8c6cce ME |
81 | // Software required to flush count cache on context switch |
82 | #define SEC_FTR_FLUSH_COUNT_CACHE 0x0000000000000400ull | |
83 | ||
e7347a86 MFO |
84 | |
85 | // Features enabled by default | |
86 | #define SEC_FTR_DEFAULT \ | |
87 | (SEC_FTR_L1D_FLUSH_HV | \ | |
88 | SEC_FTR_L1D_FLUSH_PR | \ | |
89 | SEC_FTR_BNDS_CHK_SPEC_BAR | \ | |
90 | SEC_FTR_FAVOUR_SECURITY) | |
91 | ||
9a868f63 | 92 | #endif /* _ASM_POWERPC_SECURITY_FEATURES_H */ |