Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp789487imm;
        Mon, 21 May 2018 14:29:57 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZp/vYy0TNsCApcL4JV8B6CHv18EUKuCMaawgGkjzQYd3otlpsOrliKZZIjF+9DPk62kTaiJ
X-Received: by 2002:a62:5959:: with SMTP id n86-v6mr21542408pfb.217.1526938197149;
        Mon, 21 May 2018 14:29:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1526938197; cv=none;
        d=google.com; s=arc-20160816;
        b=FCF4p33a0wevapl14xYUIG1JpkBRJCkGr2HdKJmHU/lj9P5Bv3pwe4pe8nPb8/k6/B
         B7/E3HWa3Yp+ZTdLqWT/usb5Gk+l0HLVzgIHiKNaby/A284tDY+49G2O1MNmOeB/b3t4
         OmmPSkFRRALWx3bA8zWwg7BAbi1DfQdEIwgex4b07tyOohO+QK8+N55xS0YNRKYF+EQA
         VBA/bULqJ/upZmx9/IO+00zwZUwsPM66wPrTLVe0Zczqj2kuCjeHMGvUo0EFQfocXCqQ
         tVTz2IaPlcTpJ4uRPqGu6rbbUZl0CcFzsUVtw8kIn8zr7r8khnnrEGqKfNQKeH728sUn
         iA4Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature
         :arc-authentication-results;
        bh=4sYlBrAEKWJhCA4drEUOJarakGxwdXWI/hLxU5Y9YVE=;
        b=vydN9r10gRSMJ5DgnLCO6JTAV5XkYS3iFxc6I8RdeCYy8FAA9h7DPXBva2Paush3ir
         yCDaEe0rIAZVVOMBgZZTWYH37NAyXvRRuq6xMl8sQEA4qeUNexePBMJz+0GL4VVUoS9e
         ZGRBQ66Qs9dR+4QCD0/SqaVeIU0+1R1DSMb3Dm0xDBMj1cj1xmE1qTWyKe9u2GwncQpz
         yINRfPJJo+Wh4G0YmeuzdTlDfRXNZdiMq772h1kqb/JUGaF3qMyZc7gfddXddv1+jPcB
         f2T1jdP7BFvzcO7Af/wv1OwG/mwNY20nZdLjckgHA1dHXG2y3/GKweARJ+G7PdEtUsy2
         r7ew==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=j1DNA9gO;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 3-v6si14283617plm.428.2018.05.21.14.29.42;
        Mon, 21 May 2018 14:29:57 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=j1DNA9gO;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754469AbeEUV2A (ORCPT <rfc822;zzmahb@gmail.com> + 99 others);
        Mon, 21 May 2018 17:28:00 -0400
Received: from mail.kernel.org ([198.145.29.99]:42100 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S932723AbeEUV1S (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 21 May 2018 17:27:18 -0400
Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 4FD6A20873;
        Mon, 21 May 2018 21:27:17 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1526938037;
        bh=P94VJfQ8tPA+pjmEB7RDDqj49otzwvo64WhVz5QLBpY=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=j1DNA9gOQ+dGA94V+6lwGfZJ2xQ54PrlYMqLETRkAQRMpsivGlq6sn1iaKrcv3SB+
         67eBjXpbpjBLSoW0U2aFE5AQxiwpoez64Wi1GoD3gHLvEZD6rsDugf3kHextBFT8GA
         U2lSlMgqzCdCPpFEcHFxiorQexu9ax81Uhk6GEQQ=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Thomas Gleixner <tglx@linutronix.de>,
        Borislav Petkov <bp@suse.de>
Subject: [PATCH 4.16 106/110] x86/bugs: Rework spec_ctrl base and mask logic
Date:   Mon, 21 May 2018 23:12:43 +0200
Message-Id: <20180521210514.955223636@linuxfoundation.org>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <20180521210503.823249477@linuxfoundation.org>
References: <20180521210503.823249477@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.16-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Thomas Gleixner <tglx@linutronix.de>

commit be6fcb5478e95bb1c91f489121238deb3abca46a upstream

x86_spec_ctrL_mask is intended to mask out bits from a MSR_SPEC_CTRL value
which are not to be modified. However the implementation is not really used
and the bitmask was inverted to make a check easier, which was removed in
"x86/bugs: Remove x86_spec_ctrl_set()"

Aside of that it is missing the STIBP bit if it is supported by the
platform, so if the mask would be used in x86_virt_spec_ctrl() then it
would prevent a guest from setting STIBP.

Add the STIBP bit if supported and use the mask in x86_virt_spec_ctrl() to
sanitize the value which is supplied by the guest.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/x86/kernel/cpu/bugs.c |   26 +++++++++++++++++++-------
 1 file changed, 19 insertions(+), 7 deletions(-)

--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -42,7 +42,7 @@ EXPORT_SYMBOL_GPL(x86_spec_ctrl_base);
  * The vendor and possibly platform specific bits which can be modified in
  * x86_spec_ctrl_base.
  */
-static u64 __ro_after_init x86_spec_ctrl_mask = ~SPEC_CTRL_IBRS;
+static u64 __ro_after_init x86_spec_ctrl_mask = SPEC_CTRL_IBRS;
 
 /*
  * AMD specific MSR info for Speculative Store Bypass control.
@@ -68,6 +68,10 @@ void __init check_bugs(void)
 	if (boot_cpu_has(X86_FEATURE_MSR_SPEC_CTRL))
 		rdmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
 
+	/* Allow STIBP in MSR_SPEC_CTRL if supported */
+	if (boot_cpu_has(X86_FEATURE_STIBP))
+		x86_spec_ctrl_mask |= SPEC_CTRL_STIBP;
+
 	/* Select the proper spectre mitigation before patching alternatives */
 	spectre_v2_select_mitigation();
 
@@ -136,18 +140,26 @@ static enum spectre_v2_mitigation spectr
 void
 x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool setguest)
 {
+	u64 msrval, guestval, hostval = x86_spec_ctrl_base;
 	struct thread_info *ti = current_thread_info();
-	u64 msr, host = x86_spec_ctrl_base;
 
 	/* Is MSR_SPEC_CTRL implemented ? */
 	if (static_cpu_has(X86_FEATURE_MSR_SPEC_CTRL)) {
+		/*
+		 * Restrict guest_spec_ctrl to supported values. Clear the
+		 * modifiable bits in the host base value and or the
+		 * modifiable bits from the guest value.
+		 */
+		guestval = hostval & ~x86_spec_ctrl_mask;
+		guestval |= guest_spec_ctrl & x86_spec_ctrl_mask;
+
 		/* SSBD controlled in MSR_SPEC_CTRL */
 		if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD))
-			host |= ssbd_tif_to_spec_ctrl(ti->flags);
+			hostval |= ssbd_tif_to_spec_ctrl(ti->flags);
 
-		if (host != guest_spec_ctrl) {
-			msr = setguest ? guest_spec_ctrl : host;
-			wrmsrl(MSR_IA32_SPEC_CTRL, msr);
+		if (hostval != guestval) {
+			msrval = setguest ? guestval : hostval;
+			wrmsrl(MSR_IA32_SPEC_CTRL, msrval);
 		}
 	}
 }
@@ -493,7 +505,7 @@ static enum ssb_mitigation __init __ssb_
 		switch (boot_cpu_data.x86_vendor) {
 		case X86_VENDOR_INTEL:
 			x86_spec_ctrl_base |= SPEC_CTRL_SSBD;
-			x86_spec_ctrl_mask &= ~SPEC_CTRL_SSBD;
+			x86_spec_ctrl_mask |= SPEC_CTRL_SSBD;
 			wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
 			break;
 		case X86_VENDOR_AMD: