powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes

These aren't necessarily POWER9 only, and it's not to say some new
vulnerability may not get discovered on other processors for which
we would like the flexibility of having the workaround enabled by
firmware.

Remove the restriction that the workarounds only apply to POWER9.

However POWER7 and POWER8 are not affected, and they may not have
older firmware that does not advertise this, so clear these workarounds
manually.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Joel Stanley <joel@jms.id.au>
[mpe: Incorporate changes from Nick, reword comment slightly.]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210503130243.891868-5-npiggin@gmail.com

diff --git a/arch/powerpc/platforms/powernv/setup.c b/arch/powerpc/platforms/powernv/setup.c
index ad56a54ac9c574e913a078f9c8f2ee6bee8b9688..5ef6b8afb3d0986ac1de3fbba020fcb574222917 100644 (file)
--- a/arch/powerpc/platforms/powernv/setup.c
+++ b/arch/powerpc/platforms/powernv/setup.c
@@ -123,10 +123,14 @@ static void pnv_setup_security_mitigations(void)
        }
 
        /*
-        * If we are non-Power9 bare metal, we don't need to flush on kernel
-        * entry or after user access: they fix a P9 specific vulnerability.
+        * The issues addressed by the entry and uaccess flush don't affect P7
+        * or P8, so on bare metal disable them explicitly in case firmware does
+        * not include the features to disable them. POWER9 and newer processors
+        * should have the appropriate firmware flags.
         */
-       if (!pvr_version_is(PVR_POWER9)) {
+       if (pvr_version_is(PVR_POWER7) || pvr_version_is(PVR_POWER7p) ||
+           pvr_version_is(PVR_POWER8E) || pvr_version_is(PVR_POWER8NVL) ||
+           pvr_version_is(PVR_POWER8)) {
                security_ftr_clear(SEC_FTR_L1D_FLUSH_ENTRY);
                security_ftr_clear(SEC_FTR_L1D_FLUSH_UACCESS);
        }