-
Notifications
You must be signed in to change notification settings - Fork 17
Meltdown
Some Power CPUs are affected by a variant of Meltdown.
| CPU | Affected? | Mitigation |
|---|---|---|
| Power 7 | Yes | RFI flush of L1 |
| Power 8 | Yes | RFI flush of L1 |
| Power 9 | Yes | RFI flush of L1 |
| G5 | ? | ? |
| PA6T | ? | ? |
Unlike on other processors, flushing the L1 cache is an effective mitigation on the CPUs we know about (Power7/8/9), because before the speculative load goes to the L2 the permission check must be completed.
So to mitigate the bug we flush the L1-D cache when returning to userspace (or a guest). This happens just before we RFI (Return From Interrupt), so it's called "RFI flush".
See powerpc/64s: Add support for RFI flush of L1-D cache for more details.
The mechanism for flushing the L1 is chip specific, and is controlled by firmware. Linux discovers the method via:
- Device tree flags in
/ibm,opal/fw-featureson bare metal. - The
H_GET_CPU_CHARACTERISTICShypercall when running under a PAPR hypervisor (PowerVM or KVM).
Currently the possible types of flushes are:
-
ori 30, 30, 0special-nop. mtspr TRIG2, 0- Fallback flush (done in software).
The RFI flush can be disabled at boot time by specifying either no_rfi_flush or nopti on the kernel command line.
It can also be disabled (and re-enabled) at runtime via /sys/kernel/debug/powerpc/rfi_flush.