18c2ecf20Sopenharmony_ci/* SPDX-License-Identifier: GPL-2.0+ */
28c2ecf20Sopenharmony_ci/*
38c2ecf20Sopenharmony_ci * Security related feature bit definitions.
48c2ecf20Sopenharmony_ci *
58c2ecf20Sopenharmony_ci * Copyright 2018, Michael Ellerman, IBM Corporation.
68c2ecf20Sopenharmony_ci */
78c2ecf20Sopenharmony_ci
88c2ecf20Sopenharmony_ci#ifndef _ASM_POWERPC_SECURITY_FEATURES_H
98c2ecf20Sopenharmony_ci#define _ASM_POWERPC_SECURITY_FEATURES_H
108c2ecf20Sopenharmony_ci
118c2ecf20Sopenharmony_ci
128c2ecf20Sopenharmony_ciextern u64 powerpc_security_features;
138c2ecf20Sopenharmony_ciextern bool rfi_flush;
148c2ecf20Sopenharmony_ci
158c2ecf20Sopenharmony_ci/* These are bit flags */
168c2ecf20Sopenharmony_cienum stf_barrier_type {
178c2ecf20Sopenharmony_ci	STF_BARRIER_NONE	= 0x1,
188c2ecf20Sopenharmony_ci	STF_BARRIER_FALLBACK	= 0x2,
198c2ecf20Sopenharmony_ci	STF_BARRIER_EIEIO	= 0x4,
208c2ecf20Sopenharmony_ci	STF_BARRIER_SYNC_ORI	= 0x8,
218c2ecf20Sopenharmony_ci};
228c2ecf20Sopenharmony_ci
238c2ecf20Sopenharmony_civoid setup_stf_barrier(void);
248c2ecf20Sopenharmony_civoid do_stf_barrier_fixups(enum stf_barrier_type types);
258c2ecf20Sopenharmony_civoid setup_count_cache_flush(void);
268c2ecf20Sopenharmony_ci
278c2ecf20Sopenharmony_cistatic inline void security_ftr_set(u64 feature)
288c2ecf20Sopenharmony_ci{
298c2ecf20Sopenharmony_ci	powerpc_security_features |= feature;
308c2ecf20Sopenharmony_ci}
318c2ecf20Sopenharmony_ci
328c2ecf20Sopenharmony_cistatic inline void security_ftr_clear(u64 feature)
338c2ecf20Sopenharmony_ci{
348c2ecf20Sopenharmony_ci	powerpc_security_features &= ~feature;
358c2ecf20Sopenharmony_ci}
368c2ecf20Sopenharmony_ci
378c2ecf20Sopenharmony_cistatic inline bool security_ftr_enabled(u64 feature)
388c2ecf20Sopenharmony_ci{
398c2ecf20Sopenharmony_ci	return !!(powerpc_security_features & feature);
408c2ecf20Sopenharmony_ci}
418c2ecf20Sopenharmony_ci
428c2ecf20Sopenharmony_ci#ifdef CONFIG_PPC_BOOK3S_64
438c2ecf20Sopenharmony_cienum stf_barrier_type stf_barrier_type_get(void);
448c2ecf20Sopenharmony_ci#else
458c2ecf20Sopenharmony_cistatic inline enum stf_barrier_type stf_barrier_type_get(void) { return STF_BARRIER_NONE; }
468c2ecf20Sopenharmony_ci#endif
478c2ecf20Sopenharmony_ci
488c2ecf20Sopenharmony_ci// Features indicating support for Spectre/Meltdown mitigations
498c2ecf20Sopenharmony_ci
508c2ecf20Sopenharmony_ci// The L1-D cache can be flushed with ori r30,r30,0
518c2ecf20Sopenharmony_ci#define SEC_FTR_L1D_FLUSH_ORI30		0x0000000000000001ull
528c2ecf20Sopenharmony_ci
538c2ecf20Sopenharmony_ci// The L1-D cache can be flushed with mtspr 882,r0 (aka SPRN_TRIG2)
548c2ecf20Sopenharmony_ci#define SEC_FTR_L1D_FLUSH_TRIG2		0x0000000000000002ull
558c2ecf20Sopenharmony_ci
568c2ecf20Sopenharmony_ci// ori r31,r31,0 acts as a speculation barrier
578c2ecf20Sopenharmony_ci#define SEC_FTR_SPEC_BAR_ORI31		0x0000000000000004ull
588c2ecf20Sopenharmony_ci
598c2ecf20Sopenharmony_ci// Speculation past bctr is disabled
608c2ecf20Sopenharmony_ci#define SEC_FTR_BCCTRL_SERIALISED	0x0000000000000008ull
618c2ecf20Sopenharmony_ci
628c2ecf20Sopenharmony_ci// Entries in L1-D are private to a SMT thread
638c2ecf20Sopenharmony_ci#define SEC_FTR_L1D_THREAD_PRIV		0x0000000000000010ull
648c2ecf20Sopenharmony_ci
658c2ecf20Sopenharmony_ci// Indirect branch prediction cache disabled
668c2ecf20Sopenharmony_ci#define SEC_FTR_COUNT_CACHE_DISABLED	0x0000000000000020ull
678c2ecf20Sopenharmony_ci
688c2ecf20Sopenharmony_ci// bcctr 2,0,0 triggers a hardware assisted count cache flush
698c2ecf20Sopenharmony_ci#define SEC_FTR_BCCTR_FLUSH_ASSIST	0x0000000000000800ull
708c2ecf20Sopenharmony_ci
718c2ecf20Sopenharmony_ci// bcctr 2,0,0 triggers a hardware assisted link stack flush
728c2ecf20Sopenharmony_ci#define SEC_FTR_BCCTR_LINK_FLUSH_ASSIST	0x0000000000002000ull
738c2ecf20Sopenharmony_ci
748c2ecf20Sopenharmony_ci// Features indicating need for Spectre/Meltdown mitigations
758c2ecf20Sopenharmony_ci
768c2ecf20Sopenharmony_ci// The L1-D cache should be flushed on MSR[HV] 1->0 transition (hypervisor to guest)
778c2ecf20Sopenharmony_ci#define SEC_FTR_L1D_FLUSH_HV		0x0000000000000040ull
788c2ecf20Sopenharmony_ci
798c2ecf20Sopenharmony_ci// The L1-D cache should be flushed on MSR[PR] 0->1 transition (kernel to userspace)
808c2ecf20Sopenharmony_ci#define SEC_FTR_L1D_FLUSH_PR		0x0000000000000080ull
818c2ecf20Sopenharmony_ci
828c2ecf20Sopenharmony_ci// A speculation barrier should be used for bounds checks (Spectre variant 1)
838c2ecf20Sopenharmony_ci#define SEC_FTR_BNDS_CHK_SPEC_BAR	0x0000000000000100ull
848c2ecf20Sopenharmony_ci
858c2ecf20Sopenharmony_ci// Firmware configuration indicates user favours security over performance
868c2ecf20Sopenharmony_ci#define SEC_FTR_FAVOUR_SECURITY		0x0000000000000200ull
878c2ecf20Sopenharmony_ci
888c2ecf20Sopenharmony_ci// Software required to flush count cache on context switch
898c2ecf20Sopenharmony_ci#define SEC_FTR_FLUSH_COUNT_CACHE	0x0000000000000400ull
908c2ecf20Sopenharmony_ci
918c2ecf20Sopenharmony_ci// Software required to flush link stack on context switch
928c2ecf20Sopenharmony_ci#define SEC_FTR_FLUSH_LINK_STACK	0x0000000000001000ull
938c2ecf20Sopenharmony_ci
948c2ecf20Sopenharmony_ci// The L1-D cache should be flushed when entering the kernel
958c2ecf20Sopenharmony_ci#define SEC_FTR_L1D_FLUSH_ENTRY		0x0000000000004000ull
968c2ecf20Sopenharmony_ci
978c2ecf20Sopenharmony_ci// The L1-D cache should be flushed after user accesses from the kernel
988c2ecf20Sopenharmony_ci#define SEC_FTR_L1D_FLUSH_UACCESS	0x0000000000008000ull
998c2ecf20Sopenharmony_ci
1008c2ecf20Sopenharmony_ci// Features enabled by default
1018c2ecf20Sopenharmony_ci#define SEC_FTR_DEFAULT \
1028c2ecf20Sopenharmony_ci	(SEC_FTR_L1D_FLUSH_HV | \
1038c2ecf20Sopenharmony_ci	 SEC_FTR_L1D_FLUSH_PR | \
1048c2ecf20Sopenharmony_ci	 SEC_FTR_BNDS_CHK_SPEC_BAR | \
1058c2ecf20Sopenharmony_ci	 SEC_FTR_L1D_FLUSH_ENTRY | \
1068c2ecf20Sopenharmony_ci	 SEC_FTR_L1D_FLUSH_UACCESS | \
1078c2ecf20Sopenharmony_ci	 SEC_FTR_FAVOUR_SECURITY)
1088c2ecf20Sopenharmony_ci
1098c2ecf20Sopenharmony_ci#endif /* _ASM_POWERPC_SECURITY_FEATURES_H */
110