Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp789487imm; Mon, 21 May 2018 14:29:57 -0700 (PDT) X-Google-Smtp-Source: AB8JxZp/vYy0TNsCApcL4JV8B6CHv18EUKuCMaawgGkjzQYd3otlpsOrliKZZIjF+9DPk62kTaiJ X-Received: by 2002:a62:5959:: with SMTP id n86-v6mr21542408pfb.217.1526938197149; Mon, 21 May 2018 14:29:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526938197; cv=none; d=google.com; s=arc-20160816; b=FCF4p33a0wevapl14xYUIG1JpkBRJCkGr2HdKJmHU/lj9P5Bv3pwe4pe8nPb8/k6/B B7/E3HWa3Yp+ZTdLqWT/usb5Gk+l0HLVzgIHiKNaby/A284tDY+49G2O1MNmOeB/b3t4 OmmPSkFRRALWx3bA8zWwg7BAbi1DfQdEIwgex4b07tyOohO+QK8+N55xS0YNRKYF+EQA VBA/bULqJ/upZmx9/IO+00zwZUwsPM66wPrTLVe0Zczqj2kuCjeHMGvUo0EFQfocXCqQ tVTz2IaPlcTpJ4uRPqGu6rbbUZl0CcFzsUVtw8kIn8zr7r8khnnrEGqKfNQKeH728sUn iA4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=4sYlBrAEKWJhCA4drEUOJarakGxwdXWI/hLxU5Y9YVE=; b=vydN9r10gRSMJ5DgnLCO6JTAV5XkYS3iFxc6I8RdeCYy8FAA9h7DPXBva2Paush3ir yCDaEe0rIAZVVOMBgZZTWYH37NAyXvRRuq6xMl8sQEA4qeUNexePBMJz+0GL4VVUoS9e ZGRBQ66Qs9dR+4QCD0/SqaVeIU0+1R1DSMb3Dm0xDBMj1cj1xmE1qTWyKe9u2GwncQpz yINRfPJJo+Wh4G0YmeuzdTlDfRXNZdiMq772h1kqb/JUGaF3qMyZc7gfddXddv1+jPcB f2T1jdP7BFvzcO7Af/wv1OwG/mwNY20nZdLjckgHA1dHXG2y3/GKweARJ+G7PdEtUsy2 r7ew== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=j1DNA9gO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 3-v6si14283617plm.428.2018.05.21.14.29.42; Mon, 21 May 2018 14:29:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=j1DNA9gO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754469AbeEUV2A (ORCPT + 99 others); Mon, 21 May 2018 17:28:00 -0400 Received: from mail.kernel.org ([198.145.29.99]:42100 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932723AbeEUV1S (ORCPT ); Mon, 21 May 2018 17:27:18 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 4FD6A20873; Mon, 21 May 2018 21:27:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1526938037; bh=P94VJfQ8tPA+pjmEB7RDDqj49otzwvo64WhVz5QLBpY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=j1DNA9gOQ+dGA94V+6lwGfZJ2xQ54PrlYMqLETRkAQRMpsivGlq6sn1iaKrcv3SB+ 67eBjXpbpjBLSoW0U2aFE5AQxiwpoez64Wi1GoD3gHLvEZD6rsDugf3kHextBFT8GA U2lSlMgqzCdCPpFEcHFxiorQexu9ax81Uhk6GEQQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Thomas Gleixner , Borislav Petkov Subject: [PATCH 4.16 106/110] x86/bugs: Rework spec_ctrl base and mask logic Date: Mon, 21 May 2018 23:12:43 +0200 Message-Id: <20180521210514.955223636@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180521210503.823249477@linuxfoundation.org> References: <20180521210503.823249477@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.16-stable review patch. If anyone has any objections, please let me know. ------------------ From: Thomas Gleixner commit be6fcb5478e95bb1c91f489121238deb3abca46a upstream x86_spec_ctrL_mask is intended to mask out bits from a MSR_SPEC_CTRL value which are not to be modified. However the implementation is not really used and the bitmask was inverted to make a check easier, which was removed in "x86/bugs: Remove x86_spec_ctrl_set()" Aside of that it is missing the STIBP bit if it is supported by the platform, so if the mask would be used in x86_virt_spec_ctrl() then it would prevent a guest from setting STIBP. Add the STIBP bit if supported and use the mask in x86_virt_spec_ctrl() to sanitize the value which is supplied by the guest. Signed-off-by: Thomas Gleixner Reviewed-by: Borislav Petkov Signed-off-by: Greg Kroah-Hartman --- arch/x86/kernel/cpu/bugs.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -42,7 +42,7 @@ EXPORT_SYMBOL_GPL(x86_spec_ctrl_base); * The vendor and possibly platform specific bits which can be modified in * x86_spec_ctrl_base. */ -static u64 __ro_after_init x86_spec_ctrl_mask = ~SPEC_CTRL_IBRS; +static u64 __ro_after_init x86_spec_ctrl_mask = SPEC_CTRL_IBRS; /* * AMD specific MSR info for Speculative Store Bypass control. @@ -68,6 +68,10 @@ void __init check_bugs(void) if (boot_cpu_has(X86_FEATURE_MSR_SPEC_CTRL)) rdmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base); + /* Allow STIBP in MSR_SPEC_CTRL if supported */ + if (boot_cpu_has(X86_FEATURE_STIBP)) + x86_spec_ctrl_mask |= SPEC_CTRL_STIBP; + /* Select the proper spectre mitigation before patching alternatives */ spectre_v2_select_mitigation(); @@ -136,18 +140,26 @@ static enum spectre_v2_mitigation spectr void x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool setguest) { + u64 msrval, guestval, hostval = x86_spec_ctrl_base; struct thread_info *ti = current_thread_info(); - u64 msr, host = x86_spec_ctrl_base; /* Is MSR_SPEC_CTRL implemented ? */ if (static_cpu_has(X86_FEATURE_MSR_SPEC_CTRL)) { + /* + * Restrict guest_spec_ctrl to supported values. Clear the + * modifiable bits in the host base value and or the + * modifiable bits from the guest value. + */ + guestval = hostval & ~x86_spec_ctrl_mask; + guestval |= guest_spec_ctrl & x86_spec_ctrl_mask; + /* SSBD controlled in MSR_SPEC_CTRL */ if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD)) - host |= ssbd_tif_to_spec_ctrl(ti->flags); + hostval |= ssbd_tif_to_spec_ctrl(ti->flags); - if (host != guest_spec_ctrl) { - msr = setguest ? guest_spec_ctrl : host; - wrmsrl(MSR_IA32_SPEC_CTRL, msr); + if (hostval != guestval) { + msrval = setguest ? guestval : hostval; + wrmsrl(MSR_IA32_SPEC_CTRL, msrval); } } } @@ -493,7 +505,7 @@ static enum ssb_mitigation __init __ssb_ switch (boot_cpu_data.x86_vendor) { case X86_VENDOR_INTEL: x86_spec_ctrl_base |= SPEC_CTRL_SSBD; - x86_spec_ctrl_mask &= ~SPEC_CTRL_SSBD; + x86_spec_ctrl_mask |= SPEC_CTRL_SSBD; wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base); break; case X86_VENDOR_AMD: