arch/powerpc/kernel/security.c

   1 // SPDX-License-Identifier: GPL-2.0+
   2 //
   3 // Security related flags and so on.
   4 //
   5 // Copyright 2018, Michael Ellerman, IBM Corporation.
   6
   7 #include <linux/kernel.h>
   8 #include <linux/device.h>
   9 #include <linux/seq_buf.h>
  10
  11 #include <asm/security_features.h>
  12
  13
  14 unsigned long powerpc_security_features __read_mostly = SEC_FTR_DEFAULT;
  15
  16 ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf)
  17 {
  18         bool thread_priv;
  19
  20         thread_priv = security_ftr_enabled(SEC_FTR_L1D_THREAD_PRIV);
  21
  22         if (rfi_flush || thread_priv) {
  23                 struct seq_buf s;
  24                 seq_buf_init(&s, buf, PAGE_SIZE - 1);
  25
  26                 seq_buf_printf(&s, "Mitigation: ");
  27
  28                 if (rfi_flush)
  29                         seq_buf_printf(&s, "RFI Flush");
  30
  31                 if (rfi_flush && thread_priv)
  32                         seq_buf_printf(&s, ", ");
  33
  34                 if (thread_priv)
  35                         seq_buf_printf(&s, "L1D private per thread");
  36
  37                 seq_buf_printf(&s, "\n");
  38
  39                 return s.len;
  40         }
  41
  42         if (!security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV) &&
  43             !security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR))
  44                 return sprintf(buf, "Not affected\n");
  45
  46         return sprintf(buf, "Vulnerable\n");
  47 }
  48
  49 ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, char *buf)
  50 {
  51         if (!security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR))
  52                 return sprintf(buf, "Not affected\n");
  53
  54         return sprintf(buf, "Vulnerable\n");
  55 }
  56
  57 ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf)
  58 {
  59         bool bcs, ccd, ori;
  60         struct seq_buf s;
  61
  62         seq_buf_init(&s, buf, PAGE_SIZE - 1);
  63
  64         bcs = security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED);
  65         ccd = security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED);
  66         ori = security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31);
  67
  68         if (bcs || ccd) {
  69                 seq_buf_printf(&s, "Mitigation: ");
  70
  71                 if (bcs)
  72                         seq_buf_printf(&s, "Indirect branch serialisation (kernel only)");
  73
  74                 if (bcs && ccd)
  75                         seq_buf_printf(&s, ", ");
  76
  77                 if (ccd)
  78                         seq_buf_printf(&s, "Indirect branch cache disabled");
  79         } else
  80                 seq_buf_printf(&s, "Vulnerable");
  81
  82         if (ori)
  83                 seq_buf_printf(&s, ", ori31 speculation barrier enabled");
  84
  85         seq_buf_printf(&s, "\n");
  86
  87         return s.len;
  88 }