• Michael Ellerman's avatar
    powerpc/64s: Add support for RFI flush of L1-D cache · c3b82ebe
    Michael Ellerman authored
    commit aa8a5e00 upstream.
    
    On some CPUs we can prevent the Meltdown vulnerability by flushing the
    L1-D cache on exit from kernel to user mode, and from hypervisor to
    guest.
    
    This is known to be the case on at least Power7, Power8 and Power9. At
    this time we do not know the status of the vulnerability on other CPUs
    such as the 970 (Apple G5), pasemi CPUs (AmigaOne X1000) or Freescale
    CPUs. As more information comes to light we can enable this, or other
    mechanisms on those CPUs.
    
    The vulnerability occurs when the load of an architecturally
    inaccessible memory region (eg. userspace load of kernel memory) is
    speculatively executed to the point where its result can influence the
    address of a subsequent speculatively executed load.
    
    In order for that to happen, the first load must hit in the L1,
    because before the load is sent to the L2 the permission check is
    performed. Therefore if no kernel addresses hit in the L1 the
    vulnerability can not occur. We can ensure that is the case by
    flushing the L1 whenever we return to userspace. Similarly for
    hypervisor vs guest.
    
    In order to flush the L1-D cache on exit, we add a section of nops at
    each (h)rfi location that returns to a lower privileged context, and
    patch that with some sequence. Newer firmwares are able to advertise
    to us that there is a special nop instruction that flushes the L1-D.
    If we do not see that advertised, we fall back to doing a displacement
    flush in software.
    
    For guest kernels we support migration between some CPU versions, and
    different CPUs may use different flush instructions. So that we are
    prepared to migrate to a machine with a different flush instruction
    activated, we may have to patch more than one flush instruction at
    boot if the hypervisor tells us to.
    
    In the end this patch is mostly the work of Nicholas Piggin and
    Michael Ellerman. However a cast of thousands contributed to analysis
    of the issue, earlier versions of the patch, back ports testing etc.
    Many thanks to all of them.
    Tested-by: default avatarJon Masters <jcm@redhat.com>
    Signed-off-by: default avatarNicholas Piggin <npiggin@gmail.com>
    Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
    [Balbir - back ported to stable with changes]
    Signed-off-by: default avatarBalbir Singh <bsingharora@gmail.com>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    c3b82ebe
setup_64.c 19.5 KB