Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp988334imm;
        Wed, 8 Aug 2018 08:56:10 -0700 (PDT)
X-Google-Smtp-Source: AA+uWPwLy0hK0dczh+aftMRJUnCt+OqsiMCjudTKA/mxZqoVPFWeHWO+92UEkMab9yrBN79VsoN4
X-Received: by 2002:a62:6eca:: with SMTP id j193-v6mr3587443pfc.256.1533743770199;
        Wed, 08 Aug 2018 08:56:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1533743770; cv=none;
        d=google.com; s=arc-20160816;
        b=eteYrxrzXbv7sWKb2Tc4Xh4ArOOyUO6FLSjS6IryfyC+ZLHwQ2NPRsVXCtXZaVX8DV
         McS36iPybASJ/ff/MjnsYelMxhrPNx91yquevvdH4wj3s0OGudQdpwT5X9YLXMq6z1rd
         /9+J0lw1qP/13fAfWN6fxMvAdVGNn+BkmcJ7zEIL7I8EKvy3uis/VhLyiTsp2YfNFDM9
         MNosmnUV8/7Gn3QkQMS+LqohEcZrxv6xgaWNmOjyEZSFThUDgHwnWv/0vFu3n50nJ4aB
         85QaNUUdWb/MoCYzhlgxzW8Ot4BStN2CGqsNaAUvRs50iYFJ8TNlHxINa76Uw0DTnTSu
         fZlA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature:arc-authentication-results;
        bh=jYq931jxEV+oItabJ/AA4jJJ3LI5ZmXRU/t5AB7FXgM=;
        b=DkVcMtFz2qHfeVmktnZtcrwmduUGsBSw6ESnZR+SZaeF40vp+8rTk3L3HoN+0Mayyg
         5Dv4NBcnuGd1otMY8tQ/T1sfeOzXBud3PyXNIOJXjOKnkH2PuGCmTraarVbfFppx+zpz
         xXnGwkevml1kB9a1Npp7+jVzrD/DjqpkSFLkQk3oSr0HUJRZvWHI1eNqDqE+7NuoJF9X
         X5X+5Yz3eZzVUA8m6FuItCdzYlH8S3N2UemG2woqEyGI541lh5AFK/q5z1hIb/7md4JT
         sXso5vykMnyySWPoDY9SHaM/njqLyeIQAkx96Uec8pcIq/NBv/6dKyLAYcccRkW2Kidv
         G5hA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b="HxZZEL/n";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id c197-v6si5295225pfc.74.2018.08.08.08.55.55;
        Wed, 08 Aug 2018 08:56:10 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b="HxZZEL/n";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728075AbeHHSOc (ORCPT <rfc822;marvinzhang.kernel@gmail.com>
        + 99 others); Wed, 8 Aug 2018 14:14:32 -0400
Received: from aserp2120.oracle.com ([141.146.126.78]:32894 "EHLO
        aserp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727108AbeHHSOc (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 8 Aug 2018 14:14:32 -0400
Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1])
        by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w78FiNXM029617;
        Wed, 8 Aug 2018 15:53:58 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=date : from : to : cc
 : subject : message-id : references : mime-version : content-type :
 in-reply-to; s=corp-2018-07-02;
 bh=jYq931jxEV+oItabJ/AA4jJJ3LI5ZmXRU/t5AB7FXgM=;
 b=HxZZEL/nbdd778wNcTrU+a1ZkdLQsa3LBdq+T8j0VFWgcAn8MZaPqeoO+9GYt48Meycc
 B/wN7oBGNOYFD0nSVdgG+vx/v4VP0+qJqJWeI+nUL4i9qTO6BKBKPJuI+L9o+q0tcq6a
 NIaEDlVK0sWjQOLq8gx0R+lesVOy06pfh4vPzzgB/Yh7LsucLkHfhI3wK61LmZukztGY
 kRj+e6FUfowc7UIsrSZaLmCvaqs3hksJXh6emAsE1WICLB4wOmS5a+g0OU07ubMiLz+G
 XO/9YyFYmA1VfBkkb7JGVhjNZVEFL0OgiMvd9jBkQ9YfWnuxQUM9rScseDkTNwGkUrcL +g== 
Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71])
        by aserp2120.oracle.com with ESMTP id 2kn43nxdbn-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
        Wed, 08 Aug 2018 15:53:58 +0000
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235])
        by userv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w78FrvIq026806
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
        Wed, 8 Aug 2018 15:53:57 GMT
Received: from abhmp0008.oracle.com (abhmp0008.oracle.com [141.146.116.14])
        by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w78FrvrN015915;
        Wed, 8 Aug 2018 15:53:57 GMT
Received: from char.us.oracle.com (/10.152.35.101)
        by default (Oracle Beehive Gateway v4.0)
        with ESMTP ; Wed, 08 Aug 2018 08:53:56 -0700
Received: by char.us.oracle.com (Postfix, from userid 1000)
        id A33156A00F6; Wed,  8 Aug 2018 11:53:55 -0400 (EDT)
Date:   Wed, 8 Aug 2018 11:53:55 -0400
From:   Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To:     Jim Mattson <jmattson@google.com>
Cc:     Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>,
        "H. Peter Anvin" <hpa@zytor.com>, x86@kernel.org,
        Borislav Petkov <bp@suse.de>,
        David Woodhouse <dwmw@amazon.co.uk>,
        linux-kernel@vger.kernel.org, Fred Jacobs <fjacobs@vmware.com>,
        Peter Shier <pshier@google.com>
Subject: Re: [PATCH] x86/spectre: Expand test for vulnerability to empty RSB
 exploits
Message-ID: <20180808155355.GA9635@char.us.oracle.com>
References: <20180807222535.143193-1-jmattson@google.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20180807222535.143193-1-jmattson@google.com>
User-Agent: Mutt/1.8.3 (2017-05-23)
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8978 signatures=668707
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0
 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999
 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.0.1-1807170000 definitions=main-1808080161
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Aug 07, 2018 at 03:25:35PM -0700, Jim Mattson wrote:
> Skylake-era Intel CPUs are vulnerable to exploits of empty RSB
> conditions. On hardware, platform vulnerability can be determined
> simply by checking the processor's DisplayModel/DisplayFamily
> signature.  However, when running in a VM, the operating system should
> also query IA32_ARCH_CAPABILITIES.RSBA[bit 2], a synthetic bit that
> can be set by a hypervisor to indicate that the VM might run on a
> vulnerable physical processor, regardless of the
> DisplayModel/DisplayFamily reported by CPUID.
> 
> Note that IA32_ARCH_CAPABILITIES.RSBA[bit 2] is always clear on
> hardware, so the DisplayModel/DisplayFamily check is still required.
> 
> For all of the details, see the Intel white paper, "Retpoline: A
> Branch Target Injection Mitigation" (document number 337131-001),
> section 5.3: Virtual Machine CPU Identification.
> 
> Signed-off-by: Jim Mattson <jmattson@google.com>
> Reviewed-by: Peter Shier <pshier@google.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>

Thank you as it saves me from doing this :-)
> ---
>  arch/x86/include/asm/msr-index.h |  1 +
>  arch/x86/kernel/cpu/bugs.c       | 14 +++++++++++++-
>  2 files changed, 14 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
> index 68b2c3150de1..f37ec58c4e04 100644
> --- a/arch/x86/include/asm/msr-index.h
> +++ b/arch/x86/include/asm/msr-index.h
> @@ -70,6 +70,7 @@
>  #define MSR_IA32_ARCH_CAPABILITIES	0x0000010a
>  #define ARCH_CAP_RDCL_NO		(1 << 0)   /* Not susceptible to Meltdown */
>  #define ARCH_CAP_IBRS_ALL		(1 << 1)   /* Enhanced IBRS support */
> +#define ARCH_CAP_RSBA			(1 << 2)   /* Vulnerable to empty RSB */
>  #define ARCH_CAP_SSB_NO			(1 << 4)   /*
>  						    * Not susceptible to Speculative Store Bypass
>  						    * attack, so no Speculative Store Bypass
> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> index 5c0ea39311fe..b6fe335746a4 100644
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -330,6 +330,18 @@ static bool __init is_skylake_era(void)
>  	return false;
>  }
>  
> +/* Check for vulnerability to exploits of empty RSB conditions */
> +static bool __init is_vulnerable_to_empty_rsb(void)
> +{
> +	u64 ia32_cap = 0;
> +
> +	if (boot_cpu_has(X86_FEATURE_ARCH_CAPABILITIES))
> +		rdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap);
> +
> +	return (ia32_cap & ARCH_CAP_RSBA) || is_skylake_era();
> +}
> +
> +
>  static void __init spectre_v2_select_mitigation(void)
>  {
>  	enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline();
> @@ -402,7 +414,7 @@ static void __init spectre_v2_select_mitigation(void)
>  	 * switch is required.
>  	 */
>  	if ((!boot_cpu_has(X86_FEATURE_PTI) &&
> -	     !boot_cpu_has(X86_FEATURE_SMEP)) || is_skylake_era()) {
> +	     !boot_cpu_has(X86_FEATURE_SMEP)) || is_vulnerable_to_empty_rsb()) {
>  		setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW);
>  		pr_info("Spectre v2 mitigation: Filling RSB on context switch\n");
>  	}
> -- 
> 2.18.0.597.ga71716f1ad-goog
>