Attachment #859690 for bug #904035

View | Details | Raw Unified | Return to bug 904035
Collapse All | Expand All

Lines 621-629 Link Here

(-)a/Documentation/admin-guide/hw-vuln/spectre.rst (-3 / +3 lines)
621	retpoline,generic Retpolines	621	retpoline,generic Retpolines
622	retpoline,lfence LFENCE; indirect branch	622	retpoline,lfence LFENCE; indirect branch
623	retpoline,amd alias for retpoline,lfence	623	retpoline,amd alias for retpoline,lfence
624	eibrs enhanced IBRS	624	eibrs Enhanced/Auto IBRS
625	eibrs,retpoline enhanced IBRS + Retpolines	625	eibrs,retpoline Enhanced/Auto IBRS + Retpolines
626	eibrs,lfence enhanced IBRS + LFENCE	626	eibrs,lfence Enhanced/Auto IBRS + LFENCE
627	ibrs use IBRS to protect kernel	627	ibrs use IBRS to protect kernel
628		628
629	Not specifying this option is equivalent to	629	Not specifying this option is equivalent to

Lines 5735-5743 Link Here

(-)a/Documentation/admin-guide/kernel-parameters.txt (-3 / +3 lines)
5735	retpoline,generic - Retpolines	5735	retpoline,generic - Retpolines
5736	retpoline,lfence - LFENCE; indirect branch	5736	retpoline,lfence - LFENCE; indirect branch
5737	retpoline,amd - alias for retpoline,lfence	5737	retpoline,amd - alias for retpoline,lfence
5738	eibrs - enhanced IBRS	5738	eibrs - Enhanced/Auto IBRS
5739	eibrs,retpoline - enhanced IBRS + Retpolines	5739	eibrs,retpoline - Enhanced/Auto IBRS + Retpolines
5740	eibrs,lfence - enhanced IBRS + LFENCE	5740	eibrs,lfence - Enhanced/Auto IBRS + LFENCE
5741	ibrs - use IBRS to protect kernel	5741	ibrs - use IBRS to protect kernel
5742		5742
5743	Not specifying this option is equivalent to	5743	Not specifying this option is equivalent to




T:	git git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git x86/asm
F:	arch/x86/entry/

X86 HARDWARE VULNERABILITIES
M:	Thomas Gleixner <tglx@linutronix.de>
M:	Borislav Petkov <bp@alien8.de>
M:	Peter Zijlstra <peterz@infradead.org>
M:	Josh Poimboeuf <jpoimboe@kernel.org>
R:	Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
S:	Maintained
F:	Documentation/admin-guide/hw-vuln/
F:	arch/x86/include/asm/nospec-branch.h
F:	arch/x86/kernel/cpu/bugs.c

X86 MCE INFRASTRUCTURE
M:	Tony Luck <tony.luck@intel.com>
M:	Borislav Petkov <bp@alien8.de>




	CPUID_8000_0007_EBX,
	CPUID_7_EDX,
	CPUID_8000_001F_EAX,
	CPUID_8000_0021_EAX,
};

#define X86_CAP_FMT_NUM "%d:%d"

	   CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 17, feature_bit) ||	\
	   CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 18, feature_bit) ||	\
	   CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 19, feature_bit) ||	\
	   CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 20, feature_bit) ||	\
	   REQUIRED_MASK_CHECK					  ||	\
	   BUILD_BUG_ON_ZERO(NCAPINTS != 21))

#define DISABLED_MASK_BIT_SET(feature_bit)				\
	 ( CHECK_BIT_IN_MASK_WORD(DISABLED_MASK,  0, feature_bit) ||	\

	   CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 17, feature_bit) ||	\
	   CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 18, feature_bit) ||	\
	   CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 19, feature_bit) ||	\
	   CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 20, feature_bit) ||	\
	   DISABLED_MASK_CHECK					  ||	\
	   BUILD_BUG_ON_ZERO(NCAPINTS != 21))

#define cpu_has(c, bit)							\
	(__builtin_constant_p(bit) && REQUIRED_MASK_BIT_SET(bit) ? 1 :	\

Lines 13-19 Link Here

(-)a/arch/x86/include/asm/cpufeatures.h (-2 / +9 lines)
13	/*	13	/*
14	* Defines x86 CPU feature bits	14	* Defines x86 CPU feature bits
15	*/	15	*/
16	#define NCAPINTS 20 /* N 32-bit words worth of info */	16	#define NCAPINTS 21 /* N 32-bit words worth of info */
17	#define NBUGINTS 1 /* N 32-bit bug flags */	17	#define NBUGINTS 1 /* N 32-bit bug flags */
18		18
19	/*	19	/*
Lines 97-103 Link Here
97	#define X86_FEATURE_SYSENTER32 ( 332+15) / "" sysenter in IA32 userspace */	97	#define X86_FEATURE_SYSENTER32 ( 332+15) / "" sysenter in IA32 userspace */
98	#define X86_FEATURE_REP_GOOD ( 332+16) / REP microcode works well */	98	#define X86_FEATURE_REP_GOOD ( 332+16) / REP microcode works well */
99	#define X86_FEATURE_AMD_LBR_V2 ( 332+17) / AMD Last Branch Record Extension Version 2 */	99	#define X86_FEATURE_AMD_LBR_V2 ( 332+17) / AMD Last Branch Record Extension Version 2 */
100	#define X86_FEATURE_LFENCE_RDTSC ( 332+18) / "" LFENCE synchronizes RDTSC */	100	/* FREE, was #define X86_FEATURE_LFENCE_RDTSC ( 332+18) "" LFENCE synchronizes RDTSC /
101	#define X86_FEATURE_ACC_POWER ( 332+19) / AMD Accumulated Power Mechanism */	101	#define X86_FEATURE_ACC_POWER ( 332+19) / AMD Accumulated Power Mechanism */
102	#define X86_FEATURE_NOPL ( 332+20) / The NOPL (0F 1F) instructions */	102	#define X86_FEATURE_NOPL ( 332+20) / The NOPL (0F 1F) instructions */
103	#define X86_FEATURE_ALWAYS ( 332+21) / "" Always-present feature */	103	#define X86_FEATURE_ALWAYS ( 332+21) / "" Always-present feature */
Lines 426-431 Link Here
426	#define X86_FEATURE_V_TSC_AUX (1932+ 9) / "" Virtual TSC_AUX */	426	#define X86_FEATURE_V_TSC_AUX (1932+ 9) / "" Virtual TSC_AUX */
427	#define X86_FEATURE_SME_COHERENT (1932+10) / "" AMD hardware-enforced cache coherency */	427	#define X86_FEATURE_SME_COHERENT (1932+10) / "" AMD hardware-enforced cache coherency */
428		428
		429	/* AMD-defined Extended Feature 2 EAX, CPUID level 0x80000021 (EAX), word 20 */
		430	#define X86_FEATURE_NO_NESTED_DATA_BP (2032+ 0) / "" No Nested Data Breakpoints */
		431	#define X86_FEATURE_LFENCE_RDTSC (2032+ 2) / "" LFENCE always serializing / synchronizes RDTSC */
		432	#define X86_FEATURE_NULL_SEL_CLR_BASE (2032+ 6) / "" Null Selector Clears Base */
		433	#define X86_FEATURE_AUTOIBRS (2032+ 8) / "" Automatic IBRS */
		434	#define X86_FEATURE_NO_SMM_CTL_MSR (2032+ 9) / "" SMM_CTL MSR is not present */
		435
429	/*	436	/*
430	* BUG word(s)	437	* BUG word(s)
431	*/	438	*/

Lines 124-129 Link Here

(-)a/arch/x86/include/asm/disabled-features.h (-1 / +2 lines)
124	#define DISABLED_MASK17 0	124	#define DISABLED_MASK17 0
125	#define DISABLED_MASK18 0	125	#define DISABLED_MASK18 0
126	#define DISABLED_MASK19 0	126	#define DISABLED_MASK19 0
127	#define DISABLED_MASK_CHECK BUILD_BUG_ON_ZERO(NCAPINTS != 20)	127	#define DISABLED_MASK20 0
		128	#define DISABLED_MASK_CHECK BUILD_BUG_ON_ZERO(NCAPINTS != 21)
128		129
129	#endif /* _ASM_X86_DISABLED_FEATURES_H */	130	#endif /* _ASM_X86_DISABLED_FEATURES_H */

Lines 25-30 Link Here

(-)a/arch/x86/include/asm/msr-index.h (+2 lines)
25	#define _EFER_SVME 12 /* Enable virtualization */	25	#define _EFER_SVME 12 /* Enable virtualization */
26	#define _EFER_LMSLE 13 /* Long Mode Segment Limit Enable */	26	#define _EFER_LMSLE 13 /* Long Mode Segment Limit Enable */
27	#define _EFER_FFXSR 14 /* Enable Fast FXSAVE/FXRSTOR */	27	#define _EFER_FFXSR 14 /* Enable Fast FXSAVE/FXRSTOR */
		28	#define _EFER_AUTOIBRS 21 /* Enable Automatic IBRS */
28		29
29	#define EFER_SCE (1<<_EFER_SCE)	30	#define EFER_SCE (1<<_EFER_SCE)
30	#define EFER_LME (1<<_EFER_LME)	31	#define EFER_LME (1<<_EFER_LME)
Lines 33-38 Link Here
33	#define EFER_SVME (1<<_EFER_SVME)	34	#define EFER_SVME (1<<_EFER_SVME)
34	#define EFER_LMSLE (1<<_EFER_LMSLE)	35	#define EFER_LMSLE (1<<_EFER_LMSLE)
35	#define EFER_FFXSR (1<<_EFER_FFXSR)	36	#define EFER_FFXSR (1<<_EFER_FFXSR)
		37	#define EFER_AUTOIBRS (1<<_EFER_AUTOIBRS)
36		38
37	/* Intel MSRs. Some also available on other CPUs */	39	/* Intel MSRs. Some also available on other CPUs */
38		40

Lines 98-103 Link Here

(-)a/arch/x86/include/asm/required-features.h (-1 / +2 lines)
98	#define REQUIRED_MASK17 0	98	#define REQUIRED_MASK17 0
99	#define REQUIRED_MASK18 0	99	#define REQUIRED_MASK18 0
100	#define REQUIRED_MASK19 0	100	#define REQUIRED_MASK19 0
101	#define REQUIRED_MASK_CHECK BUILD_BUG_ON_ZERO(NCAPINTS != 20)	101	#define REQUIRED_MASK20 0
		102	#define REQUIRED_MASK_CHECK BUILD_BUG_ON_ZERO(NCAPINTS != 21)
102		103
103	#endif /* _ASM_X86_REQUIRED_FEATURES_H */	104	#endif /* _ASM_X86_REQUIRED_FEATURES_H */





	init_amd_cacheinfo(c);

	if (!cpu_has(c, X86_FEATURE_LFENCE_RDTSC) && cpu_has(c, X86_FEATURE_XMM2)) {
		/*
		 * Use LFENCE for execution serialization.  On families which
		 * don't have that MSR, LFENCE is already serializing.

		msr_set_bit(MSR_K7_HWCR, MSR_K7_HWCR_IRPERF_EN_BIT);

	check_null_seg_clears_base(c);

	/*
	 * Make sure EFER[AIBRSE - Automatic IBRS Enable] is set. The APs are brought up
	 * using the trampoline code and as part of it, MSR_EFER gets prepared there in
	 * order to be replicated onto them. Regardless, set it here again, if not set,
	 * to protect against any future refactoring/code reorganization which might
	 * miss setting this important bit.
	 */
	if (spectre_v2_in_eibrs_mode(spectre_v2_enabled) &&
	    cpu_has(c, X86_FEATURE_AUTOIBRS))
		WARN_ON_ONCE(msr_set_bit(MSR_EFER, _EFER_AUTOIBRS));
}

#ifdef CONFIG_X86_32




}
early_param("nospectre_v1", nospectre_v1_cmdline);

enum spectre_v2_mitigation spectre_v2_enabled __ro_after_init = SPECTRE_V2_NONE;
	SPECTRE_V2_NONE;

#undef pr_fmt
#define pr_fmt(fmt)     "RETBleed: " fmt

	return SPECTRE_V2_USER_CMD_AUTO;
}

static inline bool spectre_v2_in_eibrs_mode(enum spectre_v2_mitigation mode)
{
	return mode == SPECTRE_V2_EIBRS ||
	       mode == SPECTRE_V2_EIBRS_RETPOLINE ||
	       mode == SPECTRE_V2_EIBRS_LFENCE;
}

static inline bool spectre_v2_in_ibrs_mode(enum spectre_v2_mitigation mode)
{
	return spectre_v2_in_eibrs_mode(mode) || mode == SPECTRE_V2_IBRS;

	[SPECTRE_V2_NONE]			= "Vulnerable",
	[SPECTRE_V2_RETPOLINE]			= "Mitigation: Retpolines",
	[SPECTRE_V2_LFENCE]			= "Mitigation: LFENCE",
	[SPECTRE_V2_EIBRS]			= "Mitigation: Enhanced / Automatic IBRS",
	[SPECTRE_V2_EIBRS_LFENCE]		= "Mitigation: Enhanced / Automatic IBRS + LFENCE",
	[SPECTRE_V2_EIBRS_RETPOLINE]		= "Mitigation: Enhanced / Automatic IBRS + Retpolines",
	[SPECTRE_V2_IBRS]			= "Mitigation: IBRS",
};


	     cmd == SPECTRE_V2_CMD_EIBRS_LFENCE ||
	     cmd == SPECTRE_V2_CMD_EIBRS_RETPOLINE) &&
	    !boot_cpu_has(X86_FEATURE_IBRS_ENHANCED)) {
		pr_err("%s selected but CPU doesn't have Enhanced or Automatic IBRS. Switching to AUTO select\n",
		       mitigation_options[i].option);
		return SPECTRE_V2_CMD_AUTO;
	}

		pr_err(SPECTRE_V2_EIBRS_EBPF_MSG);

	if (spectre_v2_in_ibrs_mode(mode)) {
		if (boot_cpu_has(X86_FEATURE_AUTOIBRS)) {
			msr_set_bit(MSR_EFER, _EFER_AUTOIBRS);
		} else {
			x86_spec_ctrl_base |= SPEC_CTRL_IBRS;
			update_spec_ctrl(x86_spec_ctrl_base);
		}
	}

	switch (mode) {

	/*
	 * Retpoline protects the kernel, but doesn't protect firmware.  IBRS
	 * and Enhanced IBRS protect firmware too, so enable IBRS around
	 * firmware calls only when IBRS / Enhanced / Automatic IBRS aren't
	 * otherwise enabled.
	 *
	 * Use "mode" to check Enhanced IBRS instead of boot_cpu_has(), because
	 * the user might select retpoline on the kernel command line and if

Lines 1093-1098 Link Here

(-)a/arch/x86/kernel/cpu/common.c (-11 / +15 lines)
1093	if (c->extended_cpuid_level >= 0x8000001f)	1093	if (c->extended_cpuid_level >= 0x8000001f)
1094	c->x86_capability[CPUID_8000_001F_EAX] = cpuid_eax(0x8000001f);	1094	c->x86_capability[CPUID_8000_001F_EAX] = cpuid_eax(0x8000001f);
1095		1095
		1096	if (c->extended_cpuid_level >= 0x80000021)
		1097	c->x86_capability[CPUID_8000_0021_EAX] = cpuid_eax(0x80000021);
		1098
1096	init_scattered_cpuid_features(c);	1099	init_scattered_cpuid_features(c);
1097	init_speculation_control(c);	1100	init_speculation_control(c);
1098		1101
Lines 1226-1233 Link Here
1226	VULNWL_AMD(0x12, NO_MELTDOWN \| NO_SSB \| NO_L1TF \| NO_MDS \| NO_SWAPGS \| NO_ITLB_MULTIHIT \| NO_MMIO),	1229	VULNWL_AMD(0x12, NO_MELTDOWN \| NO_SSB \| NO_L1TF \| NO_MDS \| NO_SWAPGS \| NO_ITLB_MULTIHIT \| NO_MMIO),
1227		1230
1228	/* FAMILY_ANY must be last, otherwise 0x0f - 0x12 matches won't work */	1231	/* FAMILY_ANY must be last, otherwise 0x0f - 0x12 matches won't work */
1229	VULNWL_AMD(X86_FAMILY_ANY, NO_MELTDOWN \| NO_L1TF \| NO_MDS \| NO_SWAPGS \| NO_ITLB_MULTIHIT \| NO_MMIO),	1232	VULNWL_AMD(X86_FAMILY_ANY, NO_MELTDOWN \| NO_L1TF \| NO_MDS \| NO_SWAPGS \| NO_ITLB_MULTIHIT \| NO_MMIO \| NO_EIBRS_PBRSB),
1230	VULNWL_HYGON(X86_FAMILY_ANY, NO_MELTDOWN \| NO_L1TF \| NO_MDS \| NO_SWAPGS \| NO_ITLB_MULTIHIT \| NO_MMIO),	1233	VULNWL_HYGON(X86_FAMILY_ANY, NO_MELTDOWN \| NO_L1TF \| NO_MDS \| NO_SWAPGS \| NO_ITLB_MULTIHIT \| NO_MMIO \| NO_EIBRS_PBRSB),
1231		1234
1232	/* Zhaoxin Family 7 */	1235	/* Zhaoxin Family 7 */
1233	VULNWL(CENTAUR, 7, X86_MODEL_ANY, NO_SPECTRE_V2 \| NO_SWAPGS \| NO_MMIO),	1236	VULNWL(CENTAUR, 7, X86_MODEL_ANY, NO_SPECTRE_V2 \| NO_SWAPGS \| NO_MMIO),
Lines 1340-1347 Link Here
1340	!cpu_has(c, X86_FEATURE_AMD_SSB_NO))	1343	!cpu_has(c, X86_FEATURE_AMD_SSB_NO))
1341	setup_force_cpu_bug(X86_BUG_SPEC_STORE_BYPASS);	1344	setup_force_cpu_bug(X86_BUG_SPEC_STORE_BYPASS);
1342		1345
1343	if (ia32_cap & ARCH_CAP_IBRS_ALL)	1346	/*
		1347	* AMD's AutoIBRS is equivalent to Intel's eIBRS - use the Intel feature
		1348	* flag and protect from vendor-specific bugs via the whitelist.
		1349	*/
		1350	if ((ia32_cap & ARCH_CAP_IBRS_ALL) \|\| cpu_has(c, X86_FEATURE_AUTOIBRS)) {
1344	setup_force_cpu_cap(X86_FEATURE_IBRS_ENHANCED);	1351	setup_force_cpu_cap(X86_FEATURE_IBRS_ENHANCED);
		1352	if (!cpu_matches(cpu_vuln_whitelist, NO_EIBRS_PBRSB) &&
		1353	!(ia32_cap & ARCH_CAP_PBRSB_NO))
		1354	setup_force_cpu_bug(X86_BUG_EIBRS_PBRSB);
		1355	}
1345		1356
1346	if (!cpu_matches(cpu_vuln_whitelist, NO_MDS) &&	1357	if (!cpu_matches(cpu_vuln_whitelist, NO_MDS) &&
1347	!(ia32_cap & ARCH_CAP_MDS_NO)) {	1358	!(ia32_cap & ARCH_CAP_MDS_NO)) {
Lines 1403-1413 Link Here
1403	setup_force_cpu_bug(X86_BUG_RETBLEED);	1414	setup_force_cpu_bug(X86_BUG_RETBLEED);
1404	}	1415	}
1405		1416
1406	if (cpu_has(c, X86_FEATURE_IBRS_ENHANCED) &&
1407	!cpu_matches(cpu_vuln_whitelist, NO_EIBRS_PBRSB) &&
1408	!(ia32_cap & ARCH_CAP_PBRSB_NO))
1409	setup_force_cpu_bug(X86_BUG_EIBRS_PBRSB);
1410
1411	if (cpu_matches(cpu_vuln_blacklist, SMT_RSB))	1417	if (cpu_matches(cpu_vuln_blacklist, SMT_RSB))
1412	setup_force_cpu_bug(X86_BUG_SMT_RSB);	1418	setup_force_cpu_bug(X86_BUG_SMT_RSB);
1413		1419
Lines 1687-1695 Link Here
1687	if (!IS_ENABLED(CONFIG_X86_64))	1693	if (!IS_ENABLED(CONFIG_X86_64))
1688	return;	1694	return;
1689		1695
1690	/* Zen3 CPUs advertise Null Selector Clears Base in CPUID. */	1696	if (cpu_has(c, X86_FEATURE_NULL_SEL_CLR_BASE))
1691	if (c->extended_cpuid_level >= 0x80000021 &&
1692	cpuid_eax(0x80000021) & BIT(6))
1693	return;	1697	return;
1694		1698
1695	/*	1699	/*

Lines 83-88 Link Here

(-)a/arch/x86/kernel/cpu/cpu.h (+9 lines)
83	extern void x86_spec_ctrl_setup_ap(void);	83	extern void x86_spec_ctrl_setup_ap(void);
84	extern void update_srbds_msr(void);	84	extern void update_srbds_msr(void);
85		85
		86	extern enum spectre_v2_mitigation spectre_v2_enabled;
		87
		88	static inline bool spectre_v2_in_eibrs_mode(enum spectre_v2_mitigation mode)
		89	{
		90	return mode == SPECTRE_V2_EIBRS \|\|
		91	mode == SPECTRE_V2_EIBRS_RETPOLINE \|\|
		92	mode == SPECTRE_V2_EIBRS_LFENCE;
		93	}
		94
86	extern u64 x86_read_arch_cap_msr(void);	95	extern u64 x86_read_arch_cap_msr(void);
87		96
88	#endif /* ARCH_X86_CPU_H */	97	#endif /* ARCH_X86_CPU_H */




		0 /* SME */ | F(SEV) | 0 /* VM_PAGE_FLUSH */ | F(SEV_ES) |
		F(SME_COHERENT));

	kvm_cpu_cap_mask(CPUID_8000_0021_EAX,
		F(NO_NESTED_DATA_BP) | F(LFENCE_RDTSC) | 0 /* SmmPgCfgLock */ |
		F(NULL_SEL_CLR_BASE) | F(AUTOIBRS) | 0 /* PrefetchCtlMsr */
	);

	/*
	 * Synthesize "LFENCE is serializing" into the AMD-defined entry in
	 * KVM's supported CPUID if the feature is reported as supported by the
	 * kernel.  LFENCE_RDTSC was a Linux-defined synthetic feature long
	 * before AMD joined the bandwagon, e.g. LFENCE is serializing on most
	 * CPUs that support SSE2.  On CPUs that don't support AMD's leaf,
	 * kvm_cpu_cap_mask() will unfortunately drop the flag due to ANDing
	 * the mask with the raw host CPUID, and reporting support in AMD's
	 * leaf can make it easier for userspace to detect the feature.
	 */
	if (cpu_feature_enabled(X86_FEATURE_LFENCE_RDTSC))
		kvm_cpu_cap_set(X86_FEATURE_LFENCE_RDTSC);
	if (!static_cpu_has_bug(X86_BUG_NULL_SEG))
		kvm_cpu_cap_set(X86_FEATURE_NULL_SEL_CLR_BASE);
	kvm_cpu_cap_set(X86_FEATURE_NO_SMM_CTL_MSR);

	kvm_cpu_cap_mask(CPUID_C000_0001_EDX,
		F(XSTORE) | F(XSTORE_EN) | F(XCRYPT) | F(XCRYPT_EN) |
		F(ACE2) | F(ACE2_EN) | F(PHE) | F(PHE_EN) |

		break;
	case 0x80000021:
		entry->ebx = entry->ecx = entry->edx = 0;
		cpuid_entry_override(entry, CPUID_8000_0021_EAX);
		 * Pass down these bits:
		 *    EAX      0      NNDBP, Processor ignores nested data breakpoints
		 *    EAX      2      LAS, LFENCE always serializing
		 *    EAX      6      NSCB, Null selector clear base
		 *
		 * Other defined bits are for MSRs that KVM does not expose:
		 *   EAX      3      SPCL, SMM page configuration lock
		 *   EAX      13     PCMSR, Prefetch control MSR
		 *
		 * KVM doesn't support SMM_CTL.
		 *   EAX       9     SMM_CTL MSR is not supported
		 */
		entry->eax &= BIT(0) | BIT(2) | BIT(6);
		entry->eax |= BIT(9);
		if (static_cpu_has(X86_FEATURE_LFENCE_RDTSC))
			entry->eax |= BIT(2);
		if (!static_cpu_has_bug(X86_BUG_NULL_SEG))
			entry->eax |= BIT(6);
		break;
	/*Add support for Centaur's CPUID instruction*/
	case 0xC0000000:

Lines 68-73 Link Here

(-)a/arch/x86/kvm/reverse_cpuid.h (+1 lines)
68	[CPUID_12_EAX] = {0x00000012, 0, CPUID_EAX},	68	[CPUID_12_EAX] = {0x00000012, 0, CPUID_EAX},
69	[CPUID_8000_001F_EAX] = {0x8000001f, 0, CPUID_EAX},	69	[CPUID_8000_001F_EAX] = {0x8000001f, 0, CPUID_EAX},
70	[CPUID_7_1_EDX] = { 7, 1, CPUID_EDX},	70	[CPUID_7_1_EDX] = { 7, 1, CPUID_EDX},
		71	[CPUID_8000_0021_EAX] = {0x80000021, 0, CPUID_EAX},
71	};	72	};
72		73
73	/*	74	/*

Lines 4969-4974 Link Here

(-)a/arch/x86/kvm/svm/svm.c (+3 lines)
4969		4969
4970	tsc_aux_uret_slot = kvm_add_user_return_msr(MSR_TSC_AUX);	4970	tsc_aux_uret_slot = kvm_add_user_return_msr(MSR_TSC_AUX);
4971		4971
		4972	if (boot_cpu_has(X86_FEATURE_AUTOIBRS))
		4973	kvm_enable_efer_bits(EFER_AUTOIBRS);
		4974
4972	/* Check for pause filtering support */	4975	/* Check for pause filtering support */
4973	if (!boot_cpu_has(X86_FEATURE_PAUSEFILTER)) {	4976	if (!boot_cpu_has(X86_FEATURE_PAUSEFILTER)) {
4974	pause_filter_count = 0;	4977	pause_filter_count = 0;

Lines 1689-1694 Link Here

(-)a/arch/x86/kvm/x86.c (+3 lines)
1689		1689
1690	static bool __kvm_valid_efer(struct kvm_vcpu *vcpu, u64 efer)	1690	static bool __kvm_valid_efer(struct kvm_vcpu *vcpu, u64 efer)
1691	{	1691	{
		1692	if (efer & EFER_AUTOIBRS && !guest_cpuid_has(vcpu, X86_FEATURE_AUTOIBRS))
		1693	return false;
		1694
1692	if (efer & EFER_FFXSR && !guest_cpuid_has(vcpu, X86_FEATURE_FXSR_OPT))	1695	if (efer & EFER_FFXSR && !guest_cpuid_has(vcpu, X86_FEATURE_FXSR_OPT))
1693	return false;	1696	return false;
1694		1697

Return to bug 904035

Lines 22611-22616 Link Here

(-)a/MAINTAINERS (+11 lines)
22611	T: git git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git x86/asm	22611	T: git git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git x86/asm
22612	F: arch/x86/entry/	22612	F: arch/x86/entry/
22613		22613
		22614	X86 HARDWARE VULNERABILITIES
		22615	M: Thomas Gleixner <tglx@linutronix.de>
		22616	M: Borislav Petkov <bp@alien8.de>
		22617	M: Peter Zijlstra <peterz@infradead.org>
		22618	M: Josh Poimboeuf <jpoimboe@kernel.org>
		22619	R: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
		22620	S: Maintained
		22621	F: Documentation/admin-guide/hw-vuln/
		22622	F: arch/x86/include/asm/nospec-branch.h
		22623	F: arch/x86/kernel/cpu/bugs.c
		22624
22614	X86 MCE INFRASTRUCTURE	22625	X86 MCE INFRASTRUCTURE
22615	M: Tony Luck <tony.luck@intel.com>	22626	M: Tony Luck <tony.luck@intel.com>
22616	M: Borislav Petkov <bp@alien8.de>	22627	M: Borislav Petkov <bp@alien8.de>

Lines 965-971 Link Here

(-)a/arch/x86/kernel/cpu/amd.c (-1 / +12 lines)
965		965
966	init_amd_cacheinfo(c);	966	init_amd_cacheinfo(c);
967		967
968	if (cpu_has(c, X86_FEATURE_XMM2)) {	968	if (!cpu_has(c, X86_FEATURE_LFENCE_RDTSC) && cpu_has(c, X86_FEATURE_XMM2)) {
969	/*	969	/*
970	* Use LFENCE for execution serialization. On families which	970	* Use LFENCE for execution serialization. On families which
971	* don't have that MSR, LFENCE is already serializing.	971	* don't have that MSR, LFENCE is already serializing.
Lines 1005-1010 Link Here
1005	msr_set_bit(MSR_K7_HWCR, MSR_K7_HWCR_IRPERF_EN_BIT);	1005	msr_set_bit(MSR_K7_HWCR, MSR_K7_HWCR_IRPERF_EN_BIT);
1006		1006
1007	check_null_seg_clears_base(c);	1007	check_null_seg_clears_base(c);
		1008
		1009	/*
		1010	* Make sure EFER[AIBRSE - Automatic IBRS Enable] is set. The APs are brought up
		1011	* using the trampoline code and as part of it, MSR_EFER gets prepared there in
		1012	* order to be replicated onto them. Regardless, set it here again, if not set,
		1013	* to protect against any future refactoring/code reorganization which might
		1014	* miss setting this important bit.
		1015	*/
		1016	if (spectre_v2_in_eibrs_mode(spectre_v2_enabled) &&
		1017	cpu_has(c, X86_FEATURE_AUTOIBRS))
		1018	WARN_ON_ONCE(msr_set_bit(MSR_EFER, _EFER_AUTOIBRS));
1008	}	1019	}
1009		1020
1010	#ifdef CONFIG_X86_32	1021	#ifdef CONFIG_X86_32

Lines 783-790 Link Here

(-)a/arch/x86/kernel/cpu/bugs.c (-17 / +13 lines)
783	}	783	}
784	early_param("nospectre_v1", nospectre_v1_cmdline);	784	early_param("nospectre_v1", nospectre_v1_cmdline);
785		785
786	static enum spectre_v2_mitigation spectre_v2_enabled __ro_after_init =	786	enum spectre_v2_mitigation spectre_v2_enabled __ro_after_init = SPECTRE_V2_NONE;
787	SPECTRE_V2_NONE;
788		787
789	#undef pr_fmt	788	#undef pr_fmt
790	#define pr_fmt(fmt) "RETBleed: " fmt	789	#define pr_fmt(fmt) "RETBleed: " fmt
Lines 1132-1144 Link Here
1132	return SPECTRE_V2_USER_CMD_AUTO;	1131	return SPECTRE_V2_USER_CMD_AUTO;
1133	}	1132	}
1134		1133
1135	static inline bool spectre_v2_in_eibrs_mode(enum spectre_v2_mitigation mode)
1136	{
1137	return mode == SPECTRE_V2_EIBRS \|\|
1138	mode == SPECTRE_V2_EIBRS_RETPOLINE \|\|
1139	mode == SPECTRE_V2_EIBRS_LFENCE;
1140	}
1141
1142	static inline bool spectre_v2_in_ibrs_mode(enum spectre_v2_mitigation mode)	1134	static inline bool spectre_v2_in_ibrs_mode(enum spectre_v2_mitigation mode)
1143	{	1135	{
1144	return spectre_v2_in_eibrs_mode(mode) \|\| mode == SPECTRE_V2_IBRS;	1136	return spectre_v2_in_eibrs_mode(mode) \|\| mode == SPECTRE_V2_IBRS;
Lines 1248-1256 Link Here
1248	[SPECTRE_V2_NONE] = "Vulnerable",	1240	[SPECTRE_V2_NONE] = "Vulnerable",
1249	[SPECTRE_V2_RETPOLINE] = "Mitigation: Retpolines",	1241	[SPECTRE_V2_RETPOLINE] = "Mitigation: Retpolines",
1250	[SPECTRE_V2_LFENCE] = "Mitigation: LFENCE",	1242	[SPECTRE_V2_LFENCE] = "Mitigation: LFENCE",
1251	[SPECTRE_V2_EIBRS] = "Mitigation: Enhanced IBRS",	1243	[SPECTRE_V2_EIBRS] = "Mitigation: Enhanced / Automatic IBRS",
1252	[SPECTRE_V2_EIBRS_LFENCE] = "Mitigation: Enhanced IBRS + LFENCE",	1244	[SPECTRE_V2_EIBRS_LFENCE] = "Mitigation: Enhanced / Automatic IBRS + LFENCE",
1253	[SPECTRE_V2_EIBRS_RETPOLINE] = "Mitigation: Enhanced IBRS + Retpolines",	1245	[SPECTRE_V2_EIBRS_RETPOLINE] = "Mitigation: Enhanced / Automatic IBRS + Retpolines",
1254	[SPECTRE_V2_IBRS] = "Mitigation: IBRS",	1246	[SPECTRE_V2_IBRS] = "Mitigation: IBRS",
1255	};	1247	};
1256		1248
Lines 1319-1325 Link Here
1319	cmd == SPECTRE_V2_CMD_EIBRS_LFENCE \|\|	1311	cmd == SPECTRE_V2_CMD_EIBRS_LFENCE \|\|
1320	cmd == SPECTRE_V2_CMD_EIBRS_RETPOLINE) &&	1312	cmd == SPECTRE_V2_CMD_EIBRS_RETPOLINE) &&
1321	!boot_cpu_has(X86_FEATURE_IBRS_ENHANCED)) {	1313	!boot_cpu_has(X86_FEATURE_IBRS_ENHANCED)) {
1322	pr_err("%s selected but CPU doesn't have eIBRS. Switching to AUTO select\n",	1314	pr_err("%s selected but CPU doesn't have Enhanced or Automatic IBRS. Switching to AUTO select\n",
1323	mitigation_options[i].option);	1315	mitigation_options[i].option);
1324	return SPECTRE_V2_CMD_AUTO;	1316	return SPECTRE_V2_CMD_AUTO;
1325	}	1317	}
Lines 1505-1512 Link Here
1505	pr_err(SPECTRE_V2_EIBRS_EBPF_MSG);	1497	pr_err(SPECTRE_V2_EIBRS_EBPF_MSG);
1506		1498
1507	if (spectre_v2_in_ibrs_mode(mode)) {	1499	if (spectre_v2_in_ibrs_mode(mode)) {
1508	x86_spec_ctrl_base \|= SPEC_CTRL_IBRS;	1500	if (boot_cpu_has(X86_FEATURE_AUTOIBRS)) {
1509	update_spec_ctrl(x86_spec_ctrl_base);	1501	msr_set_bit(MSR_EFER, _EFER_AUTOIBRS);
		1502	} else {
		1503	x86_spec_ctrl_base \|= SPEC_CTRL_IBRS;
		1504	update_spec_ctrl(x86_spec_ctrl_base);
		1505	}
1510	}	1506	}
1511		1507
1512	switch (mode) {	1508	switch (mode) {
Lines 1590-1597 Link Here
1590	/*	1586	/*
1591	* Retpoline protects the kernel, but doesn't protect firmware. IBRS	1587	* Retpoline protects the kernel, but doesn't protect firmware. IBRS
1592	* and Enhanced IBRS protect firmware too, so enable IBRS around	1588	* and Enhanced IBRS protect firmware too, so enable IBRS around
1593	* firmware calls only when IBRS / Enhanced IBRS aren't otherwise	1589	* firmware calls only when IBRS / Enhanced / Automatic IBRS aren't
1594	* enabled.	1590	* otherwise enabled.
1595	*	1591	*
1596	* Use "mode" to check Enhanced IBRS instead of boot_cpu_has(), because	1592	* Use "mode" to check Enhanced IBRS instead of boot_cpu_has(), because
1597	* the user might select retpoline on the kernel command line and if	1593	* the user might select retpoline on the kernel command line and if

Lines 32-37 Link Here

(-)a/arch/x86/include/asm/cpufeature.h (-2 / +5 lines)
32	CPUID_8000_0007_EBX,	32	CPUID_8000_0007_EBX,
33	CPUID_7_EDX,	33	CPUID_7_EDX,
34	CPUID_8000_001F_EAX,	34	CPUID_8000_001F_EAX,
		35	CPUID_8000_0021_EAX,
35	};	36	};
36		37
37	#define X86_CAP_FMT_NUM "%d:%d"	38	#define X86_CAP_FMT_NUM "%d:%d"
Lines 94-101 Link Here
94	CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 17, feature_bit) \|\| \	95	CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 17, feature_bit) \|\| \
95	CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 18, feature_bit) \|\| \	96	CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 18, feature_bit) \|\| \
96	CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 19, feature_bit) \|\| \	97	CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 19, feature_bit) \|\| \
		98	CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 20, feature_bit) \|\| \
97	REQUIRED_MASK_CHECK \|\| \	99	REQUIRED_MASK_CHECK \|\| \
98	BUILD_BUG_ON_ZERO(NCAPINTS != 20))	100	BUILD_BUG_ON_ZERO(NCAPINTS != 21))
99		101
100	#define DISABLED_MASK_BIT_SET(feature_bit) \	102	#define DISABLED_MASK_BIT_SET(feature_bit) \
101	( CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 0, feature_bit) \|\| \	103	( CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 0, feature_bit) \|\| \
Lines 118-125 Link Here
118	CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 17, feature_bit) \|\| \	120	CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 17, feature_bit) \|\| \
119	CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 18, feature_bit) \|\| \	121	CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 18, feature_bit) \|\| \
120	CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 19, feature_bit) \|\| \	122	CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 19, feature_bit) \|\| \
		123	CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 20, feature_bit) \|\| \
121	DISABLED_MASK_CHECK \|\| \	124	DISABLED_MASK_CHECK \|\| \
122	BUILD_BUG_ON_ZERO(NCAPINTS != 20))	125	BUILD_BUG_ON_ZERO(NCAPINTS != 21))
123		126
124	#define cpu_has(c, bit) \	127	#define cpu_has(c, bit) \
125	(__builtin_constant_p(bit) && REQUIRED_MASK_BIT_SET(bit) ? 1 : \	128	(__builtin_constant_p(bit) && REQUIRED_MASK_BIT_SET(bit) ? 1 : \

Lines 741-746 Link Here

(-)a/arch/x86/kvm/cpuid.c (-19 / +22 lines)
741	0 /* SME / \| F(SEV) \| 0 / VM_PAGE_FLUSH */ \| F(SEV_ES) \|	741	0 /* SME / \| F(SEV) \| 0 / VM_PAGE_FLUSH */ \| F(SEV_ES) \|
742	F(SME_COHERENT));	742	F(SME_COHERENT));
743		743
		744	kvm_cpu_cap_mask(CPUID_8000_0021_EAX,
		745	F(NO_NESTED_DATA_BP) \| F(LFENCE_RDTSC) \| 0 /* SmmPgCfgLock */ \|
		746	F(NULL_SEL_CLR_BASE) \| F(AUTOIBRS) \| 0 /* PrefetchCtlMsr */
		747	);
		748
		749	/*
		750	* Synthesize "LFENCE is serializing" into the AMD-defined entry in
		751	* KVM's supported CPUID if the feature is reported as supported by the
		752	* kernel. LFENCE_RDTSC was a Linux-defined synthetic feature long
		753	* before AMD joined the bandwagon, e.g. LFENCE is serializing on most
		754	* CPUs that support SSE2. On CPUs that don't support AMD's leaf,
		755	* kvm_cpu_cap_mask() will unfortunately drop the flag due to ANDing
		756	* the mask with the raw host CPUID, and reporting support in AMD's
		757	* leaf can make it easier for userspace to detect the feature.
		758	*/
		759	if (cpu_feature_enabled(X86_FEATURE_LFENCE_RDTSC))
		760	kvm_cpu_cap_set(X86_FEATURE_LFENCE_RDTSC);
		761	if (!static_cpu_has_bug(X86_BUG_NULL_SEG))
		762	kvm_cpu_cap_set(X86_FEATURE_NULL_SEL_CLR_BASE);
		763	kvm_cpu_cap_set(X86_FEATURE_NO_SMM_CTL_MSR);
		764
744	kvm_cpu_cap_mask(CPUID_C000_0001_EDX,	765	kvm_cpu_cap_mask(CPUID_C000_0001_EDX,
745	F(XSTORE) \| F(XSTORE_EN) \| F(XCRYPT) \| F(XCRYPT_EN) \|	766	F(XSTORE) \| F(XSTORE_EN) \| F(XCRYPT) \| F(XCRYPT_EN) \|
746	F(ACE2) \| F(ACE2_EN) \| F(PHE) \| F(PHE_EN) \|	767	F(ACE2) \| F(ACE2_EN) \| F(PHE) \| F(PHE_EN) \|
Lines 1222-1246 Link Here
1222	break;	1243	break;
1223	case 0x80000021:	1244	case 0x80000021:
1224	entry->ebx = entry->ecx = entry->edx = 0;	1245	entry->ebx = entry->ecx = entry->edx = 0;
1225	/*	1246	cpuid_entry_override(entry, CPUID_8000_0021_EAX);
1226	* Pass down these bits:
1227	* EAX 0 NNDBP, Processor ignores nested data breakpoints
1228	* EAX 2 LAS, LFENCE always serializing
1229	* EAX 6 NSCB, Null selector clear base
1230	*
1231	* Other defined bits are for MSRs that KVM does not expose:
1232	* EAX 3 SPCL, SMM page configuration lock
1233	* EAX 13 PCMSR, Prefetch control MSR
1234	*
1235	* KVM doesn't support SMM_CTL.
1236	* EAX 9 SMM_CTL MSR is not supported
1237	*/
1238	entry->eax &= BIT(0) \| BIT(2) \| BIT(6);
1239	entry->eax \|= BIT(9);
1240	if (static_cpu_has(X86_FEATURE_LFENCE_RDTSC))
1241	entry->eax \|= BIT(2);
1242	if (!static_cpu_has_bug(X86_BUG_NULL_SEG))
1243	entry->eax \|= BIT(6);
1244	break;	1247	break;
1245	/Add support for Centaur's CPUID instruction/	1248	/Add support for Centaur's CPUID instruction/
1246	case 0xC0000000:	1249	case 0xC0000000: