From: Josh Poimboeuf <jpoimboe@kernel.org>

Date: Tue, 14 Jun 2022 23:16:06 +0200

Subject: x86/speculation: Fix firmware entry SPEC_CTRL handling

Git-commit: e6aa13622ea8283cc699cac5d018cc40a2ba2010

Patch-mainline: v5.19-rc4

References: bsc#1199657 CVE-2022-29900 CVE-2022-29901

The firmware entry code may accidentally clear STIBP or SSBD. Fix that.

Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>

Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>

Signed-off-by: Borislav Petkov <bp@suse.de>

---

 arch/x86/include/asm/nospec-branch.h | 10 ++++------

 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h

index 08b03c12e6c2..dee9ef77af13 100644

--- a/arch/x86/include/asm/nospec-branch.h

+++ b/arch/x86/include/asm/nospec-branch.h

@@ -285,18 +285,16 @@ extern u64 spec_ctrl_current(void);

  */

 #define firmware_restrict_branch_speculation_start()			\

 do {									\

-	u64 val = x86_spec_ctrl_base | SPEC_CTRL_IBRS;			\

-									\

 	preempt_disable();						\

-	alternative_msr_write(MSR_IA32_SPEC_CTRL, val,			\

+	alternative_msr_write(MSR_IA32_SPEC_CTRL,			\

+			      spec_ctrl_current() | SPEC_CTRL_IBRS,	\

 			      X86_FEATURE_USE_IBRS_FW);			\

 } while (0)

 #define firmware_restrict_branch_speculation_end()			\

 do {									\

-	u64 val = x86_spec_ctrl_base;					\

-									\

-	alternative_msr_write(MSR_IA32_SPEC_CTRL, val,			\

+	alternative_msr_write(MSR_IA32_SPEC_CTRL,			\

+			      spec_ctrl_current(),			\

 			      X86_FEATURE_USE_IBRS_FW);			\

 	preempt_enable();						\

 } while (0)