Received: by 2002:a25:824b:0:0:0:0:0 with SMTP id d11csp1188130ybn; Wed, 2 Oct 2019 12:09:36 -0700 (PDT) X-Google-Smtp-Source: APXvYqzvvkI+Z2PnMxqb8ihtImB543QoXJX+azUqsfe85ixIE7sjtqDJXdBIHOPfp8QLFudZUs4r X-Received: by 2002:aa7:df14:: with SMTP id c20mr5535870edy.133.1570043375798; Wed, 02 Oct 2019 12:09:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570043375; cv=none; d=google.com; s=arc-20160816; b=Viup1kHAFuy4QQ78ccRSodx3yFx2fI+tGTXcKrGN+69YTTZUI2ZX7mSUzla2DdgYBE hu8e1/4My0Ks+vSU6j5J+b+KWlmVQ0qsZwsc90jhaeZ/UVLz7rgef9/pITMTcViLXqh8 372oFitEZ4YvJiEt59No17OngAHixl/vcuPjzWXmSWMgM0T+igKMOWyGwOtDKtcVMyC/ IBRq9PHGHK42pwPPv3x6WSnofkX3TFT0SHsEqHRTWMeOLmIf3ETMaMlCTC+aQDVMCXm2 uHqSg33N7xCQ0Fkfy2Sh3HGpWUd+IBii0hhGCKSSsgfis1l97ZdGf+T6vc2np+mpCwKT uGnA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:subject:message-id:date:cc:to :from:mime-version:content-transfer-encoding:content-disposition; bh=ri7i0TkhJpQn8teRp3DksjN/PWhXmRb903MHaxFOVhs=; b=JlBYEiHLjNaf9G5MYrlJRcxnZ30j4px/FmacBK5EdiBcdtCBUydRhc0v6DKNQwX/7y MYzATi5SygU070eLnu4TFMdZ8LKjKNVPDGs3lzW7HH6lYaULk78WPsE25UtgdZUhqycR coAH4Dtq6LKSsxvoqIvPhabm7TK/eALJ+kxQtELAZ66gt8RLzXb0bWcoy4ZkoTaLnYGG hBTgwJ0Sy15CXsAhTWiXaf/jhvLsCc6ZJ8lI4aTS23B6K3fFQjRgnKqSBL2PxjiOZqJJ Dp0qew8DfC08A55Y0R92xQbIVlmF4HTPxLL1Frke++hBRgqKycMo1wDha3amvaATO83N ZT6A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w14si24856edx.197.2019.10.02.12.09.11; Wed, 02 Oct 2019 12:09:35 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729510AbfJBTIf (ORCPT + 99 others); Wed, 2 Oct 2019 15:08:35 -0400 Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:36040 "EHLO shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729356AbfJBTIT (ORCPT ); Wed, 2 Oct 2019 15:08:19 -0400 Received: from [192.168.4.242] (helo=deadeye) by shadbolt.decadent.org.uk with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1iFjyu-000365-Kv; Wed, 02 Oct 2019 20:08:13 +0100 Received: from ben by deadeye with local (Exim 4.92.1) (envelope-from ) id 1iFjyq-0003g8-4Y; Wed, 02 Oct 2019 20:08:08 +0100 Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline Content-Transfer-Encoding: 8bit MIME-Version: 1.0 From: Ben Hutchings To: linux-kernel@vger.kernel.org, stable@vger.kernel.org CC: akpm@linux-foundation.org, Denis Kirjanov , rkrcmar@redhat.com, "Alejandro Jimenez" , "Thomas Gleixner" , "Mark Kanda" , "Liam Merwick" , bp@alien8.de, kvm@vger.kernel.org, "Paolo Bonzini" Date: Wed, 02 Oct 2019 20:06:51 +0100 Message-ID: X-Mailer: LinuxStableQueue (scripts by bwh) X-Patchwork-Hint: ignore Subject: [PATCH 3.16 78/87] x86/speculation: Allow guests to use SSBD even if host does not In-Reply-To: X-SA-Exim-Connect-IP: 192.168.4.242 X-SA-Exim-Mail-From: ben@decadent.org.uk X-SA-Exim-Scanned: No (on shadbolt.decadent.org.uk); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.16.75-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Alejandro Jimenez commit c1f7fec1eb6a2c86d01bc22afce772c743451d88 upstream. The bits set in x86_spec_ctrl_mask are used to calculate the guest's value of SPEC_CTRL that is written to the MSR before VMENTRY, and control which mitigations the guest can enable. In the case of SSBD, unless the host has enabled SSBD always on mode (by passing "spec_store_bypass_disable=on" in the kernel parameters), the SSBD bit is not set in the mask and the guest can not properly enable the SSBD always on mitigation mode. This has been confirmed by running the SSBD PoC on a guest using the SSBD always on mitigation mode (booted with kernel parameter "spec_store_bypass_disable=on"), and verifying that the guest is vulnerable unless the host is also using SSBD always on mode. In addition, the guest OS incorrectly reports the SSB vulnerability as mitigated. Always set the SSBD bit in x86_spec_ctrl_mask when the host CPU supports it, allowing the guest to use SSBD whether or not the host has chosen to enable the mitigation in any of its modes. Fixes: be6fcb5478e9 ("x86/bugs: Rework spec_ctrl base and mask logic") Signed-off-by: Alejandro Jimenez Signed-off-by: Thomas Gleixner Reviewed-by: Liam Merwick Reviewed-by: Mark Kanda Reviewed-by: Paolo Bonzini Cc: bp@alien8.de Cc: rkrcmar@redhat.com Cc: kvm@vger.kernel.org Link: https://lkml.kernel.org/r/1560187210-11054-1-git-send-email-alejandro.j.jimenez@oracle.com Signed-off-by: Ben Hutchings --- arch/x86/kernel/cpu/bugs.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -960,6 +960,16 @@ static enum ssb_mitigation __init __ssb_ } /* + * If SSBD is controlled by the SPEC_CTRL MSR, then set the proper + * bit in the mask to allow guests to use the mitigation even in the + * case where the host does not enable it. + */ + if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD) || + static_cpu_has(X86_FEATURE_AMD_SSBD)) { + x86_spec_ctrl_mask |= SPEC_CTRL_SSBD; + } + + /* * We have three CPU feature flags that are in play here: * - X86_BUG_SPEC_STORE_BYPASS - CPU is susceptible. * - X86_FEATURE_SSBD - CPU is able to turn off speculative store bypass @@ -976,7 +986,6 @@ static enum ssb_mitigation __init __ssb_ x86_amd_ssb_disable(); } else { x86_spec_ctrl_base |= SPEC_CTRL_SSBD; - x86_spec_ctrl_mask |= SPEC_CTRL_SSBD; wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base); } }