1 // SPDX-License-Identifier: GPL-2.0+
3 // Security related flags and so on.
5 // Copyright 2018, Michael Ellerman, IBM Corporation.
7 #include <linux/kernel.h>
8 #include <linux/device.h>
9 #include <linux/seq_buf.h>
11 #include <asm/security_features.h>
14 unsigned long powerpc_security_features __read_mostly = SEC_FTR_DEFAULT;
16 ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf)
20 thread_priv = security_ftr_enabled(SEC_FTR_L1D_THREAD_PRIV);
22 if (rfi_flush || thread_priv) {
24 seq_buf_init(&s, buf, PAGE_SIZE - 1);
26 seq_buf_printf(&s, "Mitigation: ");
29 seq_buf_printf(&s, "RFI Flush");
31 if (rfi_flush && thread_priv)
32 seq_buf_printf(&s, ", ");
35 seq_buf_printf(&s, "L1D private per thread");
37 seq_buf_printf(&s, "\n");
42 if (!security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV) &&
43 !security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR))
44 return sprintf(buf, "Not affected\n");
46 return sprintf(buf, "Vulnerable\n");
49 ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, char *buf)
51 if (!security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR))
52 return sprintf(buf, "Not affected\n");
54 return sprintf(buf, "Vulnerable\n");
57 ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf)
62 seq_buf_init(&s, buf, PAGE_SIZE - 1);
64 bcs = security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED);
65 ccd = security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED);
66 ori = security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31);
69 seq_buf_printf(&s, "Mitigation: ");
72 seq_buf_printf(&s, "Indirect branch serialisation (kernel only)");
75 seq_buf_printf(&s, ", ");
78 seq_buf_printf(&s, "Indirect branch cache disabled");
80 seq_buf_printf(&s, "Vulnerable");
83 seq_buf_printf(&s, ", ori31 speculation barrier enabled");
85 seq_buf_printf(&s, "\n");