Commit 313e806c authored by Michael Ellerman's avatar Michael Ellerman Committed by Marcelo Henrique Cerri

UBUNTU: SAUCE: rfi-flush: Support more than one flush type at once

CVE-2017-5754

BugLink: http://bugs.launchpad.net/bugs/1742772Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
Signed-off-by: default avatarMarcelo Henrique Cerri <marcelo.cerri@canonical.com>
parent 00d9e152
......@@ -836,7 +836,7 @@ static int __init disable_hardlockup_detector(void)
early_initcall(disable_hardlockup_detector);
#endif
#ifdef CONFIG_PPC_BOOK3S_64
static enum l1d_flush_type l1d_flush_type;
static enum l1d_flush_type enabled_flush_types;
static void *l1d_flush_fallback_area;
bool rfi_flush;
......@@ -854,7 +854,7 @@ void rfi_flush_enable(bool enable)
return;
if (enable) {
do_rfi_flush_fixups(l1d_flush_type);
do_rfi_flush_fixups(enabled_flush_types);
on_each_cpu(do_nothing, NULL, 1);
} else
do_rfi_flush_fixups(L1D_FLUSH_NONE);
......@@ -862,9 +862,9 @@ void rfi_flush_enable(bool enable)
rfi_flush = enable;
}
void __init setup_rfi_flush(enum l1d_flush_type type, bool enable)
void __init setup_rfi_flush(enum l1d_flush_type types, bool enable)
{
if (type == L1D_FLUSH_FALLBACK) {
if (types & L1D_FLUSH_FALLBACK) {
int cpu;
u64 l1d_size = ppc64_caches.dsize;
u64 limit = min(safe_stack_limit(), ppc64_rma_size);
......@@ -896,12 +896,15 @@ void __init setup_rfi_flush(enum l1d_flush_type type, bool enable)
paca[cpu].l1d_flush_congruence = c;
paca[cpu].l1d_flush_sets = c / 128;
}
} else if (type == L1D_FLUSH_ORI)
}
if (types & L1D_FLUSH_ORI)
pr_info("rfi-fixups: Using ori type flush\n");
else if (type == L1D_FLUSH_MTTRIG)
if (types & L1D_FLUSH_MTTRIG)
pr_info("rfi-fixups: Using mttrig type flush\n");
l1d_flush_type = type;
enabled_flush_types = types;
rfi_flush_enable(enable);
}
#endif /* CONFIG_PPC_BOOK3S_64 */
......@@ -116,34 +116,34 @@ void do_feature_fixups(unsigned long value, void *fixup_start, void *fixup_end)
#ifdef CONFIG_PPC_BOOK3S_64
void do_rfi_flush_fixups(enum l1d_flush_type types)
{
unsigned int instrs[2], *dest;
long *start, *end;
unsigned int instr, *dest;
int i;
switch (type) {
case L1D_FLUSH_FALLBACK:
instr = 0x48000008; /* b .+8 to fallback flush */
break;
case L1D_FLUSH_ORI:
instr = 0x63de0000; /* ori 30,30,0 */
break;
case L1D_FLUSH_MTTRIG:
instr = 0x7c12dba6; /* mtspr TRIG2,r0 (SPR #882) */
break;
default:
instr = 0x60000000; /* nop */
break;
}
start = PTRRELOC(&__start___rfi_flush_fixup),
end = PTRRELOC(&__stop___rfi_flush_fixup);
instrs[0] = 0x60000000; /* nop */
instrs[1] = 0x60000000; /* nop */
if (types & L1D_FLUSH_FALLBACK)
/* b .+8 to fallback flush */
instrs[1] = 0x48000008;
i = 0;
if (types & L1D_FLUSH_ORI)
instrs[i++] = 0x63de0000; /* ori 30,30,0 */
if (types & L1D_FLUSH_MTTRIG)
instrs[i++] = 0x7c12dba6; /* mtspr TRIG2,r0 (SPR #882) */
for (i = 0; start < end; start++, i++) {
dest = (void *)start + *start;
pr_devel("patching dest %lx\n", (unsigned long)dest);
patch_instruction(dest, 0x60000000);
patch_instruction(dest + 1, instr);
patch_instruction(dest, instrs[0]);
patch_instruction(dest + 1, instrs[1]);
}
printk(KERN_DEBUG "rfi-fixups: patched %d locations\n", i);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment