From d9a50a1fb1f4a62cf1b7906e046bf9575e35c008 Mon Sep 17 00:00:00 2001
From: Nikolay Borisov <nik.borisov@suse.com>
Date: Apr 05 2024 15:08:40 +0000
Subject: - KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace  (bsc#1217339 CVE-2024-2201).


- Refresh patches.suse/x86-bhi-Define-SPEC_CTRL_BHI_DIS_S.patch.

---

diff --git a/patches.suse/KVM-x86-Advertise-CPUID.-EAX-7-ECX-2-EDX-5-0-to-userspace.patch b/patches.suse/KVM-x86-Advertise-CPUID.-EAX-7-ECX-2-EDX-5-0-to-userspace.patch
new file mode 100644
index 0000000..f4c3318
--- /dev/null
+++ b/patches.suse/KVM-x86-Advertise-CPUID.-EAX-7-ECX-2-EDX-5-0-to-userspace.patch
@@ -0,0 +1,119 @@
+From: Jim Mattson <jmattson@google.com>
+Date: Mon, 23 Oct 2023 17:16:35 -0700
+Subject: KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace
+Git-commit: eefe5e6682099445f77f2d97d4c525f9ac9d9b07
+Patch-mainline: v6.8-rc1
+References: bsc#1217339 CVE-2024-2201
+
+The low five bits {INTEL_PSFD, IPRED_CTRL, RRSBA_CTRL, DDPD_U, BHI_CTRL}
+advertise the availability of specific bits in IA32_SPEC_CTRL. Since KVM
+dynamically determines the legal IA32_SPEC_CTRL bits for the underlying
+hardware, the hard work has already been done. Just let userspace know
+that a guest can use these IA32_SPEC_CTRL bits.
+
+The sixth bit (MCDT_NO) states that the processor does not exhibit MXCSR
+Configuration Dependent Timing (MCDT) behavior. This is an inherent
+property of the physical processor that is inherited by the virtual
+CPU. Pass that information on to userspace.
+
+Signed-off-by: Jim Mattson <jmattson@google.com>
+Reviewed-by: Chao Gao <chao.gao@intel.com>
+Link: https://lore.kernel.org/r/20231024001636.890236-1-jmattson@google.com
+Signed-off-by: Sean Christopherson <seanjc@google.com>
+Acked-by: Nikolay Borisov <nik.borisov@suse.com>
+---
+ arch/x86/kvm/cpuid.c         |   21 ++++++++++++++++++---
+ arch/x86/kvm/reverse_cpuid.h |   13 +++++++++++++
+ 2 files changed, 31 insertions(+), 3 deletions(-)
+
+--- a/arch/x86/kvm/cpuid.c
++++ b/arch/x86/kvm/cpuid.c
+@@ -486,6 +486,11 @@ void kvm_set_cpu_caps(void)
+ 		F(AVX_VNNI) | F(AVX512_BF16)
+ 	);
+ 
++	kvm_cpu_cap_init_scattered(CPUID_7_2_EDX,
++		F(INTEL_PSFD) | F(IPRED_CTRL) | F(RRSBA_CTRL) | F(DDPD_U) |
++		F(BHI_CTRL) | F(MCDT_NO)
++	);
++
+ 	kvm_cpu_cap_mask(CPUID_D_1_EAX,
+ 		F(XSAVEOPT) | F(XSAVEC) | F(XGETBV1) | F(XSAVES)
+ 	);
+@@ -735,13 +740,13 @@ static inline int __do_cpuid_func(struct
+ 		break;
+ 	/* function 7 has additional index. */
+ 	case 7:
+-		entry->eax = min(entry->eax, 1u);
++		max_idx = entry->eax = min(entry->eax, 2u);
+ 		cpuid_entry_override(entry, CPUID_7_0_EBX);
+ 		cpuid_entry_override(entry, CPUID_7_ECX);
+ 		cpuid_entry_override(entry, CPUID_7_EDX);
+ 
+-		/* KVM only supports 0x7.0 and 0x7.1, capped above via min(). */
+-		if (entry->eax == 1) {
++		/* KVM only supports up to 0x7.2, capped above via min(). */
++		if (max_idx >= 1) {
+ 			entry = do_host_cpuid(array, function, 1);
+ 			if (!entry)
+ 				goto out;
+@@ -751,6 +756,16 @@ static inline int __do_cpuid_func(struct
+ 			entry->ecx = 0;
+ 			entry->edx = 0;
+ 		}
++		if (max_idx >= 2) {
++			entry = do_host_cpuid(array, function, 2);
++			if (!entry)
++				goto out;
++
++			cpuid_entry_override(entry, CPUID_7_2_EDX);
++			entry->ecx = 0;
++			entry->ebx = 0;
++			entry->eax = 0;
++		}
+ 		break;
+ 	case 0xa: { /* Architectural Performance Monitoring */
+ 		struct x86_pmu_capability cap;
+--- a/arch/x86/kvm/reverse_cpuid.h
++++ b/arch/x86/kvm/reverse_cpuid.h
+@@ -13,6 +13,7 @@
+  */
+ enum kvm_only_cpuid_leafs {
+ 	CPUID_12_EAX	 = NCAPINTS,
++	CPUID_7_2_EDX,
+ 	NR_KVM_CPU_CAPS,
+ 
+ 	NKVMCAPINTS = NR_KVM_CPU_CAPS - NCAPINTS,
+@@ -20,6 +21,15 @@ enum kvm_only_cpuid_leafs {
+ 
+ #define KVM_X86_FEATURE(w, f)		((w)*32 + (f))
+ 
++/* Intel-defined sub-features, CPUID level 0x00000007:2 (EDX) */
++#define X86_FEATURE_INTEL_PSFD		KVM_X86_FEATURE(CPUID_7_2_EDX, 0)
++#define X86_FEATURE_IPRED_CTRL		KVM_X86_FEATURE(CPUID_7_2_EDX, 1)
++#define KVM_X86_FEATURE_RRSBA_CTRL	KVM_X86_FEATURE(CPUID_7_2_EDX, 2)
++#define X86_FEATURE_DDPD_U		KVM_X86_FEATURE(CPUID_7_2_EDX, 3)
++#define KVM_X86_FEATURE_BHI_CTRL	KVM_X86_FEATURE(CPUID_7_2_EDX, 4)
++#define X86_FEATURE_MCDT_NO		KVM_X86_FEATURE(CPUID_7_2_EDX, 5)
++
++
+ /* Intel-defined SGX sub-features, CPUID level 0x12 (EAX). */
+ #define KVM_X86_FEATURE_SGX1		KVM_X86_FEATURE(CPUID_12_EAX, 0)
+ #define KVM_X86_FEATURE_SGX2		KVM_X86_FEATURE(CPUID_12_EAX, 1)
+@@ -49,6 +59,7 @@ static const struct cpuid_reg reverse_cp
+ 	[CPUID_12_EAX]        = {0x00000012, 0, CPUID_EAX},
+ 	[CPUID_8000_001F_EAX] = {0x8000001f, 0, CPUID_EAX},
+ 	[CPUID_8000_0021_EAX] = {0x80000021, 0, CPUID_EAX},
++	[CPUID_7_2_EDX]       = {         7, 2, CPUID_EDX},
+ };
+ 
+ /*
+@@ -79,6 +90,8 @@ static __always_inline u32 __feature_tra
+ 		return KVM_X86_FEATURE_SGX1;
+ 	else if (x86_feature == X86_FEATURE_SGX2)
+ 		return KVM_X86_FEATURE_SGX2;
++	else if (x86_feature == X86_FEATURE_RRSBA_CTRL)
++		return KVM_X86_FEATURE_RRSBA_CTRL;
+ 
+ 	return x86_feature;
+ }
diff --git a/patches.suse/x86-bhi-Define-SPEC_CTRL_BHI_DIS_S.patch b/patches.suse/x86-bhi-Define-SPEC_CTRL_BHI_DIS_S.patch
index 5b1731e..50772f7 100644
--- a/patches.suse/x86-bhi-Define-SPEC_CTRL_BHI_DIS_S.patch
+++ b/patches.suse/x86-bhi-Define-SPEC_CTRL_BHI_DIS_S.patch
@@ -62,7 +62,7 @@ Acked-by: Nikolay Borisov <nik.borisov@suse.com>
  	{ X86_FEATURE_CQM_OCCUP_LLC,	CPUID_EDX,  0, 0x0000000f, 1 },
 --- a/arch/x86/kvm/reverse_cpuid.h
 +++ b/arch/x86/kvm/reverse_cpuid.h
-@@ -23,6 +23,7 @@ enum kvm_only_cpuid_leafs {
+@@ -33,6 +33,7 @@ enum kvm_only_cpuid_leafs {
  /* Intel-defined SGX sub-features, CPUID level 0x12 (EAX). */
  #define KVM_X86_FEATURE_SGX1		KVM_X86_FEATURE(CPUID_12_EAX, 0)
  #define KVM_X86_FEATURE_SGX2		KVM_X86_FEATURE(CPUID_12_EAX, 1)
@@ -70,10 +70,10 @@ Acked-by: Nikolay Borisov <nik.borisov@suse.com>
  
  struct cpuid_reg {
  	u32 function;
-@@ -80,6 +81,8 @@ static __always_inline u32 __feature_tra
- 		return KVM_X86_FEATURE_SGX1;
- 	else if (x86_feature == X86_FEATURE_SGX2)
+@@ -93,6 +94,8 @@ static __always_inline u32 __feature_tra
  		return KVM_X86_FEATURE_SGX2;
+ 	else if (x86_feature == X86_FEATURE_RRSBA_CTRL)
+ 		return KVM_X86_FEATURE_RRSBA_CTRL;
 +	else if (x86_feature == X86_FEATURE_BHI_CTRL)
 +		return KVM_X86_FEATURE_BHI_CTRL;
  
diff --git a/series.conf b/series.conf
index f6875c3..caaf35f 100644
--- a/series.conf
+++ b/series.conf
@@ -45344,6 +45344,7 @@
 	patches.suse/ubifs-ubifs_symlink-Fix-memleak-of-inode-i_link-in-error-path.patch
 	patches.suse/KVM-s390-vsie-Fix-STFLE-interpretive-execution-identification.patch
 	patches.suse/KVM-arm64-vgic-its-Avoid-potential-UAF-in-LPI-transl.patch
+	patches.suse/KVM-x86-Advertise-CPUID.-EAX-7-ECX-2-EDX-5-0-to-userspace.patch
 	patches.suse/thermal-intel-hfi-Add-syscore-callbacks-for-system-w.patch
 	patches.suse/mfd-syscon-Fix-null-pointer-dereference-in-of_syscon.patch
 	patches.suse/mfd-intel-lpss-Fix-the-fractional-clock-divider-flag.patch