Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp5766955imm; Mon, 23 Jul 2018 05:50:52 -0700 (PDT) X-Google-Smtp-Source: AAOMgpfDf0IMvlxzIJ99dH+cGxqIF2sLzjxorlFqyr5B4ZyhY564v+i5eoxBCbe1ifeGOCcd8o+j X-Received: by 2002:a62:dc1d:: with SMTP id t29-v6mr13238869pfg.244.1532350252426; Mon, 23 Jul 2018 05:50:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532350252; cv=none; d=google.com; s=arc-20160816; b=Z26HR3r2tU3bF5XP7rTfExDVRWaw08Az3vJd6x4S1ueGcfS1SUpsecdygj9gIbp2Ik aegqnbd0fIuzYIldlIIura6pjj5HadCSCOk9zdEsBaTz+ZxZahcPZbu/g2H6Z32qnA+Q ecQpU4YntwJOR/D4NQe1twDz8WqAwA3vTnI9cPcPeo2NPovUSq5kmbGJKmA3rFohrDO8 37UO67dkD91sMJ74gUxWOpKiklqej/WGwyocYl9icgME/cwMOkEb6niK2DpDLEtCNDFX POz6ygaQ7IFhMs/HmpZRRtVrLlBk9OHMD7GMFmeic0Vxg6MHUWlDxqn1RMF93AlbYFtX rZ2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=+VniMlEQF834TQqNX43hIMILUe5+JsYWT97LmWALHPg=; b=vYxUAfhcHYJHwbcyQZnXV5MxPTnajaO11vC0Ulhu9fpt+PEWxnXukaMB2Oyi/JN1fL M3F4qkFNDT8v7nAJImNMziH+EId+Ob8ykCALo4j9bvvkeKV1ci7UrYApTDGzM6UzRlnv uAHj4ozqJitQOFv3UTbgfTcm0Tz4uGdXkFV7y8ozxpmOGGXmBuSaAdm4ue2Q+y1jp+TE zHGbPhOa1EiDa8W0ZonoYAc6jkect6+vgqviTEpjhCAoXZCg6dHKzd7drdLl3BE+6yZ4 WTBsF1zXp4PkNTZCm7fEn2usitN1GuydoCc2URmvUXvJyJ3Na9qI4iWiulWECI+WgW/H VO6Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m15-v6si7715479pls.439.2018.07.23.05.50.37; Mon, 23 Jul 2018 05:50:52 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389670AbeGWNsH (ORCPT + 99 others); Mon, 23 Jul 2018 09:48:07 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:51698 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389644AbeGWNsH (ORCPT ); Mon, 23 Jul 2018 09:48:07 -0400 Received: from localhost (LFbn-1-12238-233.w90-92.abo.wanadoo.fr [90.92.53.233]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 85521CA4; Mon, 23 Jul 2018 12:46:55 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Thomas Gleixner , Borislav Petkov , David Woodhouse , "Srivatsa S. Bhat" , "Matt Helsley (VMware)" , Alexey Makhalov , Bo Gan Subject: [PATCH 4.4 095/107] x86/bugs: Rework spec_ctrl base and mask logic Date: Mon, 23 Jul 2018 14:42:29 +0200 Message-Id: <20180723122418.270886605@linuxfoundation.org> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180723122413.003644357@linuxfoundation.org> References: <20180723122413.003644357@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Thomas Gleixner commit be6fcb5478e95bb1c91f489121238deb3abca46a upstream x86_spec_ctrL_mask is intended to mask out bits from a MSR_SPEC_CTRL value which are not to be modified. However the implementation is not really used and the bitmask was inverted to make a check easier, which was removed in "x86/bugs: Remove x86_spec_ctrl_set()" Aside of that it is missing the STIBP bit if it is supported by the platform, so if the mask would be used in x86_virt_spec_ctrl() then it would prevent a guest from setting STIBP. Add the STIBP bit if supported and use the mask in x86_virt_spec_ctrl() to sanitize the value which is supplied by the guest. Signed-off-by: Thomas Gleixner Reviewed-by: Borislav Petkov Signed-off-by: David Woodhouse Signed-off-by: Greg Kroah-Hartman Signed-off-by: Srivatsa S. Bhat Reviewed-by: Matt Helsley (VMware) Reviewed-by: Alexey Makhalov Reviewed-by: Bo Gan Signed-off-by: Greg Kroah-Hartman --- arch/x86/kernel/cpu/bugs.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -41,7 +41,7 @@ EXPORT_SYMBOL_GPL(x86_spec_ctrl_base); * The vendor and possibly platform specific bits which can be modified in * x86_spec_ctrl_base. */ -static u64 x86_spec_ctrl_mask = ~SPEC_CTRL_IBRS; +static u64 x86_spec_ctrl_mask = SPEC_CTRL_IBRS; /* * AMD specific MSR info for Speculative Store Bypass control. @@ -67,6 +67,10 @@ void __init check_bugs(void) if (boot_cpu_has(X86_FEATURE_MSR_SPEC_CTRL)) rdmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base); + /* Allow STIBP in MSR_SPEC_CTRL if supported */ + if (boot_cpu_has(X86_FEATURE_STIBP)) + x86_spec_ctrl_mask |= SPEC_CTRL_STIBP; + /* Select the proper spectre mitigation before patching alternatives */ spectre_v2_select_mitigation(); @@ -134,18 +138,26 @@ static enum spectre_v2_mitigation spectr void x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool setguest) { + u64 msrval, guestval, hostval = x86_spec_ctrl_base; struct thread_info *ti = current_thread_info(); - u64 msr, host = x86_spec_ctrl_base; /* Is MSR_SPEC_CTRL implemented ? */ if (static_cpu_has(X86_FEATURE_MSR_SPEC_CTRL)) { + /* + * Restrict guest_spec_ctrl to supported values. Clear the + * modifiable bits in the host base value and or the + * modifiable bits from the guest value. + */ + guestval = hostval & ~x86_spec_ctrl_mask; + guestval |= guest_spec_ctrl & x86_spec_ctrl_mask; + /* SSBD controlled in MSR_SPEC_CTRL */ if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD)) - host |= ssbd_tif_to_spec_ctrl(ti->flags); + hostval |= ssbd_tif_to_spec_ctrl(ti->flags); - if (host != guest_spec_ctrl) { - msr = setguest ? guest_spec_ctrl : host; - wrmsrl(MSR_IA32_SPEC_CTRL, msr); + if (hostval != guestval) { + msrval = setguest ? guestval : hostval; + wrmsrl(MSR_IA32_SPEC_CTRL, msrval); } } } @@ -491,7 +503,7 @@ static enum ssb_mitigation __init __ssb_ switch (boot_cpu_data.x86_vendor) { case X86_VENDOR_INTEL: x86_spec_ctrl_base |= SPEC_CTRL_SSBD; - x86_spec_ctrl_mask &= ~SPEC_CTRL_SSBD; + x86_spec_ctrl_mask |= SPEC_CTRL_SSBD; wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base); break; case X86_VENDOR_AMD: