|
Borislav Petkov |
cce428 |
From: Josh Poimboeuf <jpoimboe@kernel.org>
|
|
Borislav Petkov |
cce428 |
Date: Fri, 17 Jun 2022 12:12:48 -0700
|
|
Borislav Petkov |
cce428 |
Subject: x86/speculation: Remove x86_spec_ctrl_mask
|
|
Borislav Petkov |
cce428 |
Git-commit: acac5e98ef8d638a411cfa2ee676c87e1973f126
|
|
Borislav Petkov |
d06c64 |
Patch-mainline: v5.19-rc4
|
|
Borislav Petkov |
cce428 |
References: bsc#1199657 CVE-2022-29900 CVE-2022-29901
|
|
Borislav Petkov |
cce428 |
|
|
Borislav Petkov |
cce428 |
This mask has been made redundant by kvm_spec_ctrl_test_value(). And it
|
|
Borislav Petkov |
cce428 |
doesn't even work when MSR interception is disabled, as the guest can
|
|
Borislav Petkov |
cce428 |
just write to SPEC_CTRL directly.
|
|
Borislav Petkov |
cce428 |
|
|
Borislav Petkov |
cce428 |
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
|
|
Borislav Petkov |
cce428 |
Signed-off-by: Borislav Petkov <bp@suse.de>
|
|
Borislav Petkov |
cce428 |
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Borislav Petkov |
cce428 |
Signed-off-by: Borislav Petkov <bp@suse.de>
|
|
Borislav Petkov |
cce428 |
---
|
|
Borislav Petkov |
cce428 |
arch/x86/kernel/cpu/bugs.c | 31 +------------------------------
|
|
Borislav Petkov |
cce428 |
1 file changed, 1 insertion(+), 30 deletions(-)
|
|
Borislav Petkov |
cce428 |
|
|
Borislav Petkov |
cce428 |
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
|
|
Borislav Petkov |
cce428 |
index f884f9497666..efff8b9f1bbd 100644
|
|
Borislav Petkov |
cce428 |
--- a/arch/x86/kernel/cpu/bugs.c
|
|
Borislav Petkov |
cce428 |
+++ b/arch/x86/kernel/cpu/bugs.c
|
|
Borislav Petkov |
cce428 |
@@ -85,12 +85,6 @@ u64 spec_ctrl_current(void)
|
|
Borislav Petkov |
cce428 |
}
|
|
Borislav Petkov |
cce428 |
EXPORT_SYMBOL_GPL(spec_ctrl_current);
|
|
Borislav Petkov |
cce428 |
|
|
Borislav Petkov |
cce428 |
-/*
|
|
Borislav Petkov |
cce428 |
- * The vendor and possibly platform specific bits which can be modified in
|
|
Borislav Petkov |
cce428 |
- * x86_spec_ctrl_base.
|
|
Borislav Petkov |
cce428 |
- */
|
|
Borislav Petkov |
cce428 |
-static u64 __ro_after_init x86_spec_ctrl_mask = SPEC_CTRL_IBRS;
|
|
Borislav Petkov |
cce428 |
-
|
|
Borislav Petkov |
cce428 |
/*
|
|
Borislav Petkov |
cce428 |
* AMD specific MSR info for Speculative Store Bypass control.
|
|
Borislav Petkov |
cce428 |
* x86_amd_ls_cfg_ssbd_mask is initialized in identify_boot_cpu().
|
|
Borislav Petkov |
cce428 |
@@ -146,10 +140,6 @@ void __init check_bugs(void)
|
|
Borislav Petkov |
cce428 |
if (boot_cpu_has(X86_FEATURE_MSR_SPEC_CTRL))
|
|
Borislav Petkov |
cce428 |
rdmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
|
|
Borislav Petkov |
cce428 |
|
|
Borislav Petkov |
cce428 |
- /* Allow STIBP in MSR_SPEC_CTRL if supported */
|
|
Borislav Petkov |
cce428 |
- if (boot_cpu_has(X86_FEATURE_STIBP))
|
|
Borislav Petkov |
cce428 |
- x86_spec_ctrl_mask |= SPEC_CTRL_STIBP;
|
|
Borislav Petkov |
cce428 |
-
|
|
Borislav Petkov |
cce428 |
/* Select the proper CPU mitigations before patching alternatives: */
|
|
Borislav Petkov |
cce428 |
spectre_v1_select_mitigation();
|
|
Borislav Petkov |
cce428 |
spectre_v2_select_mitigation();
|
|
Borislav Petkov |
cce428 |
@@ -208,19 +198,10 @@ void __init check_bugs(void)
|
|
Borislav Petkov |
cce428 |
void
|
|
Borislav Petkov |
cce428 |
x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool setguest)
|
|
Borislav Petkov |
cce428 |
{
|
|
Borislav Petkov |
cce428 |
- u64 msrval, guestval, hostval = spec_ctrl_current();
|
|
Borislav Petkov |
cce428 |
+ u64 msrval, guestval = guest_spec_ctrl, hostval = spec_ctrl_current();
|
|
Borislav Petkov |
cce428 |
struct thread_info *ti = current_thread_info();
|
|
Borislav Petkov |
cce428 |
|
|
Borislav Petkov |
cce428 |
- /* Is MSR_SPEC_CTRL implemented ? */
|
|
Borislav Petkov |
cce428 |
if (static_cpu_has(X86_FEATURE_MSR_SPEC_CTRL)) {
|
|
Borislav Petkov |
cce428 |
- /*
|
|
Borislav Petkov |
cce428 |
- * Restrict guest_spec_ctrl to supported values. Clear the
|
|
Borislav Petkov |
cce428 |
- * modifiable bits in the host base value and or the
|
|
Borislav Petkov |
cce428 |
- * modifiable bits from the guest value.
|
|
Borislav Petkov |
cce428 |
- */
|
|
Borislav Petkov |
cce428 |
- guestval = hostval & ~x86_spec_ctrl_mask;
|
|
Borislav Petkov |
cce428 |
- guestval |= guest_spec_ctrl & x86_spec_ctrl_mask;
|
|
Borislav Petkov |
cce428 |
-
|
|
Borislav Petkov |
cce428 |
if (hostval != guestval) {
|
|
Borislav Petkov |
cce428 |
msrval = setguest ? guestval : hostval;
|
|
Borislav Petkov |
cce428 |
wrmsrl(MSR_IA32_SPEC_CTRL, msrval);
|
|
Borislav Petkov |
cce428 |
@@ -1665,16 +1646,6 @@ static enum ssb_mitigation __init __ssb_select_mitigation(void)
|
|
Borislav Petkov |
cce428 |
break;
|
|
Borislav Petkov |
cce428 |
}
|
|
Borislav Petkov |
cce428 |
|
|
Borislav Petkov |
cce428 |
- /*
|
|
Borislav Petkov |
cce428 |
- * If SSBD is controlled by the SPEC_CTRL MSR, then set the proper
|
|
Borislav Petkov |
cce428 |
- * bit in the mask to allow guests to use the mitigation even in the
|
|
Borislav Petkov |
cce428 |
- * case where the host does not enable it.
|
|
Borislav Petkov |
cce428 |
- */
|
|
Borislav Petkov |
cce428 |
- if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD) ||
|
|
Borislav Petkov |
cce428 |
- static_cpu_has(X86_FEATURE_AMD_SSBD)) {
|
|
Borislav Petkov |
cce428 |
- x86_spec_ctrl_mask |= SPEC_CTRL_SSBD;
|
|
Borislav Petkov |
cce428 |
- }
|
|
Borislav Petkov |
cce428 |
-
|
|
Borislav Petkov |
cce428 |
/*
|
|
Borislav Petkov |
cce428 |
* We have three CPU feature flags that are in play here:
|
|
Borislav Petkov |
cce428 |
* - X86_BUG_SPEC_STORE_BYPASS - CPU is susceptible.
|
|
Borislav Petkov |
cce428 |
|