[PATCH] Mention PowerPC in the L1TF documentation.

asteinhauser@xxxxxxxxxx · Thu, 14 Nov 2019 14:16:34 -0800

From: Anthony Steinhauser <asteinhauser@xxxxxxxxxx>

There is a false negative that L1TF is Intel specific while it affects
also PowerPC:
https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?id=8e6b6da91ac9b9ec5a925b6cb13f287a54bd547d
Another false negative is that the kernel is unconditionally protected
against L1TF attacks from userspace. That's true only on x86 but not on
PowerPC where you can turn the protection off by nopti.
Signed-off-by: Anthony Steinhauser <asteinhauser@xxxxxxxxxx>
---
 Documentation/admin-guide/hw-vuln/l1tf.rst | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/Documentation/admin-guide/hw-vuln/l1tf.rst b/Documentation/admin-guide/hw-vuln/l1tf.rst
index f83212fae4d5..243e494b337a 100644
--- a/Documentation/admin-guide/hw-vuln/l1tf.rst
+++ b/Documentation/admin-guide/hw-vuln/l1tf.rst
@@ -9,10 +9,11 @@ for the access, has the Present bit cleared or other reserved bits set.
 Affected processors
 -------------------
 
-This vulnerability affects a wide range of Intel processors. The
-vulnerability is not present on:
+This vulnerability affects a wide range of Intel and PowerPC processors.
+The vulnerability is not present on:
 
-   - Processors from AMD, Centaur and other non Intel vendors
+   - Processors from AMD, Centaur and other non Intel vendors except for
+     PowerPC
 
    - Older processor models, where the CPU family is < 6
 
@@ -125,7 +126,7 @@ mitigations are active. The relevant sysfs file is:
 
 /sys/devices/system/cpu/vulnerabilities/l1tf
 
-The possible values in this file are:
+The possible values in this file on x86 are:
 
   ===========================   ===============================
   'Not affected'		The processor is not vulnerable
@@ -158,8 +159,10 @@ The resulting grade of protection is discussed in the following sections.
 Host mitigation mechanism
 -------------------------
 
-The kernel is unconditionally protected against L1TF attacks from malicious
-user space running on the host.
+On x86 the kernel is unconditionally protected against L1TF attacks from
+malicious user space running on the host. On PowerPC the kernel is
+protected by flushing the L1D cache on each transition from kernel to
+userspace unless the 'nopti' boot argument turns this mitigation off.
 
 
 Guest mitigation mechanisms
-- 
2.24.0.432.g9d3f5f5b63-goog







