1. photon
  2. Commit c3d25b5f315c4cfe71d147abfe21b1e8ec3a5854
Browse code

kernels: Update to version 4.9.101 and fix CVE-2018-3639

Update to version 4.9.101 and apply patches to fix CVE-2018-3639
(Speculative Store Bypass).

Change-Id: Iafde465bd15d997c6aa5babc9e80e314787320c6
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/5175
Reviewed-by: Sharath George
Tested-by: Sharath George

Srivatsa S. Bhat authored on 2018/05/22 07:11:15
Showing 58 changed files
SPECS/linux-api-headers/linux-api-headers.spec
History View file @ c3d25b5
... ... 
@@ -1,6 +1,6 @@
1 1 
 Summary:	Linux API header files
2 2 
 Name:		linux-api-headers
3 
-Version:	4.9.99
3 
+Version:	4.9.101
4 4 
 Release:	1%{?dist}
5 5 
 License:	GPLv2
6 6 
 URL:		http://www.kernel.org/
... ... 
@@ -8,7 +8,7 @@ Group:		System Environment/Kernel
8 8 
 Vendor:		VMware, Inc.
9 9 
 Distribution: Photon
10 10 
 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
11 
-%define sha1 linux=d35adbca6133a7b5a382bd523f63322d0d56aeff
11 
+%define sha1 linux=12b399649df63355823d482fd91711b1be3e7f1b
12 12 
 BuildArch:	noarch
13 13 
 %description
14 14 
 The Linux API Headers expose the kernel's API for use by Glibc.
... ... 
@@ -25,6 +25,8 @@ find /%{buildroot}%{_includedir} \( -name .install -o -name ..install.cmd \) -de
25 25 
 %defattr(-,root,root)
26 26 
 %{_includedir}/*
27 27 
 %changelog
28 
+*   Mon May 21 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.101-1
29 
+-   Update to version 4.9.101
28 30 
 *   Wed May 09 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.99-1
29 31 
 -   Update to version 4.9.99
30 32 
 *   Fri May 04 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.98-1
SPECS/linux/linux-aws.spec
History View file @ c3d25b5
... ... 
@@ -1,7 +1,7 @@
1 1 
 %global security_hardening none
2 2 
 Summary:        Kernel
3 3 
 Name:           linux-aws
4 
-Version:        4.9.99
4 
+Version:        4.9.101
5 5 
 Release:        1%{?kat_build:.%kat_build}%{?dist}
6 6 
 License:    	GPLv2
7 7 
 URL:        	http://www.kernel.org/
... ... 
@@ -9,7 +9,7 @@ Group:        	System Environment/Kernel
9 9 
 Vendor:         VMware, Inc.
10 10 
 Distribution: 	Photon
11 11 
 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
12 
-%define sha1 linux=d35adbca6133a7b5a382bd523f63322d0d56aeff
12 
+%define sha1 linux=12b399649df63355823d482fd91711b1be3e7f1b
13 13 
 Source1:	config-aws
14 14 
 Source2:	initramfs.trigger
15 15 
 # common
... ... 
@@ -123,6 +123,61 @@ Patch144: 0052-drivers-amazon-ena-update-to-1.4.0.patch
123 123 
 Patch145: 0053-PM-hibernate-update-the-resume-offset-on-SNAPSHOT_SE.patch
124 124 
 Patch146: 0054-Not-for-upstream-PM-hibernate-Speed-up-hibernation-b.patch
125 125
126 
+# Fix CVE-2018-3639 (Speculative Store Bypass)
127 
+Patch201: 0001-x86-amd-don-t-set-X86_BUG_SYSRET_SS_ATTRS-when-runni.patch
128 
+Patch202: 0002-x86-nospec-Simplify-alternative_msr_write.patch
129 
+Patch203: 0003-x86-bugs-Concentrate-bug-detection-into-a-separate-f.patch
130 
+Patch204: 0004-x86-bugs-Concentrate-bug-reporting-into-a-separate-f.patch
131 
+Patch205: 0005-x86-bugs-Read-SPEC_CTRL-MSR-during-boot-and-re-use-r.patch
132 
+Patch206: 0006-x86-bugs-KVM-Support-the-combination-of-guest-and-ho.patch
133 
+Patch207: 0007-x86-bugs-Expose-sys-.-spec_store_bypass.patch
134 
+Patch208: 0008-x86-cpufeatures-Add-X86_FEATURE_RDS.patch
135 
+Patch209: 0009-x86-bugs-Provide-boot-parameters-for-the-spec_store_.patch
136 
+Patch210: 0010-x86-bugs-intel-Set-proper-CPU-features-and-setup-RDS.patch
137 
+Patch211: 0011-x86-bugs-Whitelist-allowed-SPEC_CTRL-MSR-values.patch
138 
+Patch212: 0012-x86-bugs-AMD-Add-support-to-disable-RDS-on-Fam-15-16.patch
139 
+Patch213: 0013-x86-KVM-VMX-Expose-SPEC_CTRL-Bit-2-to-the-guest.patch
140 
+Patch214: 0014-x86-speculation-Create-spec-ctrl.h-to-avoid-include-.patch
141 
+Patch215: 0015-prctl-Add-speculation-control-prctls.patch
142 
+Patch216: 0016-x86-process-Optimize-TIF-checks-in-__switch_to_xtra.patch
143 
+Patch217: 0017-x86-process-Correct-and-optimize-TIF_BLOCKSTEP-switc.patch
144 
+Patch218: 0018-x86-process-Optimize-TIF_NOTSC-switch.patch
145 
+Patch219: 0019-x86-process-Allow-runtime-control-of-Speculative-Sto.patch
146 
+Patch220: 0020-x86-speculation-Add-prctl-for-Speculative-Store-Bypa.patch
147 
+Patch221: 0021-nospec-Allow-getting-setting-on-non-current-task.patch
148 
+Patch222: 0022-proc-Provide-details-on-speculation-flaw-mitigations.patch
149 
+Patch223: 0023-seccomp-Enable-speculation-flaw-mitigations.patch
150 
+Patch224: 0024-x86-bugs-Make-boot-modes-__ro_after_init.patch
151 
+Patch225: 0025-prctl-Add-force-disable-speculation.patch
152 
+Patch226: 0026-seccomp-Use-PR_SPEC_FORCE_DISABLE.patch
153 
+Patch227: 0027-seccomp-Add-filter-flag-to-opt-out-of-SSB-mitigation.patch
154 
+Patch228: 0028-seccomp-Move-speculation-migitation-control-to-arch-.patch
155 
+Patch229: 0029-x86-speculation-Make-seccomp-the-default-mode-for-Sp.patch
156 
+Patch230: 0030-x86-bugs-Rename-_RDS-to-_SSBD.patch
157 
+Patch231: 0031-proc-Use-underscores-for-SSBD-in-status.patch
158 
+Patch232: 0032-Documentation-spec_ctrl-Do-some-minor-cleanups.patch
159 
+Patch233: 0033-x86-bugs-Fix-__ssb_select_mitigation-return-type.patch
160 
+Patch234: 0034-x86-bugs-Make-cpu_show_common-static.patch
161 
+Patch235: 0035-x86-bugs-Fix-the-parameters-alignment-and-missing-vo.patch
162 
+Patch236: 0036-x86-cpu-Make-alternative_msr_write-work-for-32-bit-c.patch
163 
+Patch237: 0037-KVM-SVM-Move-spec-control-call-after-restore-of-GS.patch
164 
+Patch238: 0038-x86-speculation-Use-synthetic-bits-for-IBRS-IBPB-STI.patch
165 
+Patch239: 0039-x86-cpufeatures-Disentangle-MSR_SPEC_CTRL-enumeratio.patch
166 
+Patch240: 0040-x86-cpufeatures-Disentangle-SSBD-enumeration.patch
167 
+Patch241: 0041-x86-cpu-AMD-Fix-erratum-1076-CPB-bit.patch
168 
+Patch242: 0042-x86-cpufeatures-Add-FEATURE_ZEN.patch
169 
+Patch243: 0043-x86-speculation-Handle-HT-correctly-on-AMD.patch
170 
+Patch244: 0044-x86-bugs-KVM-Extend-speculation-control-for-VIRT_SPE.patch
171 
+Patch245: 0045-x86-speculation-Add-virtualized-speculative-store-by.patch
172 
+Patch246: 0046-x86-speculation-Rework-speculative_store_bypass_upda.patch
173 
+Patch247: 0047-x86-bugs-Unify-x86_spec_ctrl_-set_guest-restore_host.patch
174 
+Patch248: 0048-x86-bugs-Expose-x86_spec_ctrl_base-directly.patch
175 
+Patch249: 0049-x86-bugs-Remove-x86_spec_ctrl_set.patch
176 
+Patch250: 0050-x86-bugs-Rework-spec_ctrl-base-and-mask-logic.patch
177 
+Patch251: 0051-x86-speculation-KVM-Implement-support-for-VIRT_SPEC_.patch
178 
+Patch252: 0052-KVM-SVM-Implement-VIRT_SPEC_CTRL-support-for-SSBD.patch
179 
+Patch253: 0053-x86-bugs-Rename-SSBD_NO-to-SSB_NO.patch
180 
+
126 181 
 %if 0%{?kat_build:1}
127 182 
 Patch1000:	%{kat_build}.patch
128 183 
 %endif
... ... 
@@ -292,6 +347,60 @@ This package contains the 'perf' performance analysis tools for Linux kernel.
292 292 
 %patch145 -p1
293 293 
 %patch146 -p1
294 294
295 
+%patch201 -p1
296 
+%patch202 -p1
297 
+%patch203 -p1
298 
+%patch204 -p1
299 
+%patch205 -p1
300 
+%patch206 -p1
301 
+%patch207 -p1
302 
+%patch208 -p1
303 
+%patch209 -p1
304 
+%patch210 -p1
305 
+%patch211 -p1
306 
+%patch212 -p1
307 
+%patch213 -p1
308 
+%patch214 -p1
309 
+%patch215 -p1
310 
+%patch216 -p1
311 
+%patch217 -p1
312 
+%patch218 -p1
313 
+%patch219 -p1
314 
+%patch220 -p1
315 
+%patch221 -p1
316 
+%patch222 -p1
317 
+%patch223 -p1
318 
+%patch224 -p1
319 
+%patch225 -p1
320 
+%patch226 -p1
321 
+%patch227 -p1
322 
+%patch228 -p1
323 
+%patch229 -p1
324 
+%patch230 -p1
325 
+%patch231 -p1
326 
+%patch232 -p1
327 
+%patch233 -p1
328 
+%patch234 -p1
329 
+%patch235 -p1
330 
+%patch236 -p1
331 
+%patch237 -p1
332 
+%patch238 -p1
333 
+%patch239 -p1
334 
+%patch240 -p1
335 
+%patch241 -p1
336 
+%patch242 -p1
337 
+%patch243 -p1
338 
+%patch244 -p1
339 
+%patch245 -p1
340 
+%patch246 -p1
341 
+%patch247 -p1
342 
+%patch248 -p1
343 
+%patch249 -p1
344 
+%patch250 -p1
345 
+%patch251 -p1
346 
+%patch252 -p1
347 
+%patch253 -p1
348 
+
295 349 
 %if 0%{?kat_build:1}
296 350 
 %patch1000 -p1
297 351 
 %endif
... ... 
@@ -448,6 +557,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg
448 448 
 /usr/share/doc/*
449 449
450 450 
 %changelog
451 
+*   Mon May 21 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.101-1
452 
+-   Update to version 4.9.101 and fix CVE-2018-3639.
451 453 
 *   Wed May 09 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.99-1
452 454 
 -   Update to version 4.9.99
453 455 
 *   Fri May 04 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.98-2
SPECS/linux/linux-esx.spec
History View file @ c3d25b5
... ... 
@@ -1,7 +1,7 @@
1 1 
 %global security_hardening none
2 2 
 Summary:        Kernel
3 3 
 Name:           linux-esx
4 
-Version:        4.9.99
4 
+Version:        4.9.101
5 5 
 Release:        1%{?dist}
6 6 
 License:        GPLv2
7 7 
 URL:            http://www.kernel.org/
... ... 
@@ -9,7 +9,7 @@ Group:          System Environment/Kernel
9 9 
 Vendor:         VMware, Inc.
10 10 
 Distribution:   Photon
11 11 
 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
12 
-%define sha1 linux=d35adbca6133a7b5a382bd523f63322d0d56aeff
12 
+%define sha1 linux=12b399649df63355823d482fd91711b1be3e7f1b
13 13 
 Source1:        config-esx
14 14 
 Source2:        initramfs.trigger
15 15 
 # common
... ... 
@@ -73,6 +73,61 @@ Patch64: 0153-net-mpls-prevent-speculative-execution.patch
73 73 
 Patch65: 0154-udf-prevent-speculative-execution.patch
74 74 
 Patch66: 0155-userns-prevent-speculative-execution.patch
75 75
76 
+# Fix CVE-2018-3639 (Speculative Store Bypass)
77 
+Patch201: 0001-x86-amd-don-t-set-X86_BUG_SYSRET_SS_ATTRS-when-runni.patch
78 
+Patch202: 0002-x86-nospec-Simplify-alternative_msr_write.patch
79 
+Patch203: 0003-x86-bugs-Concentrate-bug-detection-into-a-separate-f.patch
80 
+Patch204: 0004-x86-bugs-Concentrate-bug-reporting-into-a-separate-f.patch
81 
+Patch205: 0005-x86-bugs-Read-SPEC_CTRL-MSR-during-boot-and-re-use-r.patch
82 
+Patch206: 0006-x86-bugs-KVM-Support-the-combination-of-guest-and-ho.patch
83 
+Patch207: 0007-x86-bugs-Expose-sys-.-spec_store_bypass.patch
84 
+Patch208: 0008-x86-cpufeatures-Add-X86_FEATURE_RDS.patch
85 
+Patch209: 0009-x86-bugs-Provide-boot-parameters-for-the-spec_store_.patch
86 
+Patch210: 0010-x86-bugs-intel-Set-proper-CPU-features-and-setup-RDS.patch
87 
+Patch211: 0011-x86-bugs-Whitelist-allowed-SPEC_CTRL-MSR-values.patch
88 
+Patch212: 0012-x86-bugs-AMD-Add-support-to-disable-RDS-on-Fam-15-16.patch
89 
+Patch213: 0013-x86-KVM-VMX-Expose-SPEC_CTRL-Bit-2-to-the-guest.patch
90 
+Patch214: 0014-x86-speculation-Create-spec-ctrl.h-to-avoid-include-.patch
91 
+Patch215: 0015-prctl-Add-speculation-control-prctls.patch
92 
+Patch216: 0016-x86-process-Optimize-TIF-checks-in-__switch_to_xtra.patch
93 
+Patch217: 0017-x86-process-Correct-and-optimize-TIF_BLOCKSTEP-switc.patch
94 
+Patch218: 0018-x86-process-Optimize-TIF_NOTSC-switch.patch
95 
+Patch219: 0019-x86-process-Allow-runtime-control-of-Speculative-Sto.patch
96 
+Patch220: 0020-x86-speculation-Add-prctl-for-Speculative-Store-Bypa.patch
97 
+Patch221: 0021-nospec-Allow-getting-setting-on-non-current-task.patch
98 
+Patch222: 0022-proc-Provide-details-on-speculation-flaw-mitigations.patch
99 
+Patch223: 0023-seccomp-Enable-speculation-flaw-mitigations.patch
100 
+Patch224: 0024-x86-bugs-Make-boot-modes-__ro_after_init.patch
101 
+Patch225: 0025-prctl-Add-force-disable-speculation.patch
102 
+Patch226: 0026-seccomp-Use-PR_SPEC_FORCE_DISABLE.patch
103 
+Patch227: 0027-seccomp-Add-filter-flag-to-opt-out-of-SSB-mitigation.patch
104 
+Patch228: 0028-seccomp-Move-speculation-migitation-control-to-arch-.patch
105 
+Patch229: 0029-x86-speculation-Make-seccomp-the-default-mode-for-Sp.patch
106 
+Patch230: 0030-x86-bugs-Rename-_RDS-to-_SSBD.patch
107 
+Patch231: 0031-proc-Use-underscores-for-SSBD-in-status.patch
108 
+Patch232: 0032-Documentation-spec_ctrl-Do-some-minor-cleanups.patch
109 
+Patch233: 0033-x86-bugs-Fix-__ssb_select_mitigation-return-type.patch
110 
+Patch234: 0034-x86-bugs-Make-cpu_show_common-static.patch
111 
+Patch235: 0035-x86-bugs-Fix-the-parameters-alignment-and-missing-vo.patch
112 
+Patch236: 0036-x86-cpu-Make-alternative_msr_write-work-for-32-bit-c.patch
113 
+Patch237: 0037-KVM-SVM-Move-spec-control-call-after-restore-of-GS.patch
114 
+Patch238: 0038-x86-speculation-Use-synthetic-bits-for-IBRS-IBPB-STI.patch
115 
+Patch239: 0039-x86-cpufeatures-Disentangle-MSR_SPEC_CTRL-enumeratio.patch
116 
+Patch240: 0040-x86-cpufeatures-Disentangle-SSBD-enumeration.patch
117 
+Patch241: 0041-x86-cpu-AMD-Fix-erratum-1076-CPB-bit.patch
118 
+Patch242: 0042-x86-cpufeatures-Add-FEATURE_ZEN.patch
119 
+Patch243: 0043-x86-speculation-Handle-HT-correctly-on-AMD.patch
120 
+Patch244: 0044-x86-bugs-KVM-Extend-speculation-control-for-VIRT_SPE.patch
121 
+Patch245: 0045-x86-speculation-Add-virtualized-speculative-store-by.patch
122 
+Patch246: 0046-x86-speculation-Rework-speculative_store_bypass_upda.patch
123 
+Patch247: 0047-x86-bugs-Unify-x86_spec_ctrl_-set_guest-restore_host.patch
124 
+Patch248: 0048-x86-bugs-Expose-x86_spec_ctrl_base-directly.patch
125 
+Patch249: 0049-x86-bugs-Remove-x86_spec_ctrl_set.patch
126 
+Patch250: 0050-x86-bugs-Rework-spec_ctrl-base-and-mask-logic.patch
127 
+Patch251: 0051-x86-speculation-KVM-Implement-support-for-VIRT_SPEC_.patch
128 
+Patch252: 0052-KVM-SVM-Implement-VIRT_SPEC_CTRL-support-for-SSBD.patch
129 
+Patch253: 0053-x86-bugs-Rename-SSBD_NO-to-SSB_NO.patch
130 
+
76 131 
 BuildRequires: bc
77 132 
 BuildRequires: kbd
78 133 
 BuildRequires: kmod-devel
... ... 
@@ -160,6 +215,60 @@ The Linux package contains the Linux kernel doc files
160 160 
 %patch65 -p1
161 161 
 %patch66 -p1
162 162
163 
+%patch201 -p1
164 
+%patch202 -p1
165 
+%patch203 -p1
166 
+%patch204 -p1
167 
+%patch205 -p1
168 
+%patch206 -p1
169 
+%patch207 -p1
170 
+%patch208 -p1
171 
+%patch209 -p1
172 
+%patch210 -p1
173 
+%patch211 -p1
174 
+%patch212 -p1
175 
+%patch213 -p1
176 
+%patch214 -p1
177 
+%patch215 -p1
178 
+%patch216 -p1
179 
+%patch217 -p1
180 
+%patch218 -p1
181 
+%patch219 -p1
182 
+%patch220 -p1
183 
+%patch221 -p1
184 
+%patch222 -p1
185 
+%patch223 -p1
186 
+%patch224 -p1
187 
+%patch225 -p1
188 
+%patch226 -p1
189 
+%patch227 -p1
190 
+%patch228 -p1
191 
+%patch229 -p1
192 
+%patch230 -p1
193 
+%patch231 -p1
194 
+%patch232 -p1
195 
+%patch233 -p1
196 
+%patch234 -p1
197 
+%patch235 -p1
198 
+%patch236 -p1
199 
+%patch237 -p1
200 
+%patch238 -p1
201 
+%patch239 -p1
202 
+%patch240 -p1
203 
+%patch241 -p1
204 
+%patch242 -p1
205 
+%patch243 -p1
206 
+%patch244 -p1
207 
+%patch245 -p1
208 
+%patch246 -p1
209 
+%patch247 -p1
210 
+%patch248 -p1
211 
+%patch249 -p1
212 
+%patch250 -p1
213 
+%patch251 -p1
214 
+%patch252 -p1
215 
+%patch253 -p1
216 
+
163 217 
 %build
164 218 
 # patch vmw_balloon driver
165 219 
 sed -i 's/module_init/late_initcall/' drivers/misc/vmw_balloon.c
... ... 
@@ -255,6 +364,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
255 255 
 /usr/src/linux-headers-%{uname_r}
256 256
257 257 
 %changelog
258 
+*   Mon May 21 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.101-1
259 
+-   Update to version 4.9.101 and fix CVE-2018-3639.
258 260 
 *   Wed May 09 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.99-1
259 261 
 -   Update to version 4.9.99
260 262 
 *   Fri May 04 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.98-2
SPECS/linux/linux-secure.spec
History View file @ c3d25b5
... ... 
@@ -1,7 +1,7 @@
1 1 
 %global security_hardening none
2 2 
 Summary:        Kernel
3 3 
 Name:           linux-secure
4 
-Version:        4.9.99
4 
+Version:        4.9.101
5 5 
 Release:        1%{?kat_build:.%kat_build}%{?dist}
6 6 
 License:        GPLv2
7 7 
 URL:            http://www.kernel.org/
... ... 
@@ -9,7 +9,7 @@ Group:          System Environment/Kernel
9 9 
 Vendor:         VMware, Inc.
10 10 
 Distribution:   Photon
11 11 
 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
12 
-%define sha1 linux=d35adbca6133a7b5a382bd523f63322d0d56aeff
12 
+%define sha1 linux=12b399649df63355823d482fd91711b1be3e7f1b
13 13 
 Source1:        config-secure
14 14 
 Source2:        aufs4.9.tar.gz
15 15 
 %define sha1 aufs=ebe716ce4b638a3772c7cd3161abbfe11d584906
... ... 
@@ -82,6 +82,61 @@ Patch64: 0153-net-mpls-prevent-speculative-execution.patch
82 82 
 Patch65: 0154-udf-prevent-speculative-execution.patch
83 83 
 Patch66: 0155-userns-prevent-speculative-execution.patch
84 84
85 
+# Fix CVE-2018-3639 (Speculative Store Bypass)
86 
+Patch201: 0001-x86-amd-don-t-set-X86_BUG_SYSRET_SS_ATTRS-when-runni.patch
87 
+Patch202: 0002-x86-nospec-Simplify-alternative_msr_write.patch
88 
+Patch203: 0003-x86-bugs-Concentrate-bug-detection-into-a-separate-f.patch
89 
+Patch204: 0004-x86-bugs-Concentrate-bug-reporting-into-a-separate-f.patch
90 
+Patch205: 0005-x86-bugs-Read-SPEC_CTRL-MSR-during-boot-and-re-use-r.patch
91 
+Patch206: 0006-x86-bugs-KVM-Support-the-combination-of-guest-and-ho.patch
92 
+Patch207: 0007-x86-bugs-Expose-sys-.-spec_store_bypass.patch
93 
+Patch208: 0008-x86-cpufeatures-Add-X86_FEATURE_RDS.patch
94 
+Patch209: 0009-x86-bugs-Provide-boot-parameters-for-the-spec_store_.patch
95 
+Patch210: 0010-x86-bugs-intel-Set-proper-CPU-features-and-setup-RDS.patch
96 
+Patch211: 0011-x86-bugs-Whitelist-allowed-SPEC_CTRL-MSR-values.patch
97 
+Patch212: 0012-x86-bugs-AMD-Add-support-to-disable-RDS-on-Fam-15-16.patch
98 
+Patch213: 0013-x86-KVM-VMX-Expose-SPEC_CTRL-Bit-2-to-the-guest.patch
99 
+Patch214: 0014-x86-speculation-Create-spec-ctrl.h-to-avoid-include-.patch
100 
+Patch215: 0015-prctl-Add-speculation-control-prctls.patch
101 
+Patch216: 0016-x86-process-Optimize-TIF-checks-in-__switch_to_xtra.patch
102 
+Patch217: 0017-x86-process-Correct-and-optimize-TIF_BLOCKSTEP-switc.patch
103 
+Patch218: 0018-x86-process-Optimize-TIF_NOTSC-switch.patch
104 
+Patch219: 0019-x86-process-Allow-runtime-control-of-Speculative-Sto.patch
105 
+Patch220: 0020-x86-speculation-Add-prctl-for-Speculative-Store-Bypa.patch
106 
+Patch221: 0021-nospec-Allow-getting-setting-on-non-current-task.patch
107 
+Patch222: 0022-proc-Provide-details-on-speculation-flaw-mitigations.patch
108 
+Patch223: 0023-seccomp-Enable-speculation-flaw-mitigations.patch
109 
+Patch224: 0024-x86-bugs-Make-boot-modes-__ro_after_init.patch
110 
+Patch225: 0025-prctl-Add-force-disable-speculation.patch
111 
+Patch226: 0026-seccomp-Use-PR_SPEC_FORCE_DISABLE.patch
112 
+Patch227: 0027-seccomp-Add-filter-flag-to-opt-out-of-SSB-mitigation.patch
113 
+Patch228: 0028-seccomp-Move-speculation-migitation-control-to-arch-.patch
114 
+Patch229: 0029-x86-speculation-Make-seccomp-the-default-mode-for-Sp.patch
115 
+Patch230: 0030-x86-bugs-Rename-_RDS-to-_SSBD.patch
116 
+Patch231: 0031-proc-Use-underscores-for-SSBD-in-status.patch
117 
+Patch232: 0032-Documentation-spec_ctrl-Do-some-minor-cleanups.patch
118 
+Patch233: 0033-x86-bugs-Fix-__ssb_select_mitigation-return-type.patch
119 
+Patch234: 0034-x86-bugs-Make-cpu_show_common-static.patch
120 
+Patch235: 0035-x86-bugs-Fix-the-parameters-alignment-and-missing-vo.patch
121 
+Patch236: 0036-x86-cpu-Make-alternative_msr_write-work-for-32-bit-c.patch
122 
+Patch237: 0037-KVM-SVM-Move-spec-control-call-after-restore-of-GS.patch
123 
+Patch238: 0038-x86-speculation-Use-synthetic-bits-for-IBRS-IBPB-STI.patch
124 
+Patch239: 0039-x86-cpufeatures-Disentangle-MSR_SPEC_CTRL-enumeratio.patch
125 
+Patch240: 0040-x86-cpufeatures-Disentangle-SSBD-enumeration.patch
126 
+Patch241: 0041-x86-cpu-AMD-Fix-erratum-1076-CPB-bit.patch
127 
+Patch242: 0042-x86-cpufeatures-Add-FEATURE_ZEN.patch
128 
+Patch243: 0043-x86-speculation-Handle-HT-correctly-on-AMD.patch
129 
+Patch244: 0044-x86-bugs-KVM-Extend-speculation-control-for-VIRT_SPE.patch
130 
+Patch245: 0045-x86-speculation-Add-virtualized-speculative-store-by.patch
131 
+Patch246: 0046-x86-speculation-Rework-speculative_store_bypass_upda.patch
132 
+Patch247: 0047-x86-bugs-Unify-x86_spec_ctrl_-set_guest-restore_host.patch
133 
+Patch248: 0048-x86-bugs-Expose-x86_spec_ctrl_base-directly.patch
134 
+Patch249: 0049-x86-bugs-Remove-x86_spec_ctrl_set.patch
135 
+Patch250: 0050-x86-bugs-Rework-spec_ctrl-base-and-mask-logic.patch
136 
+Patch251: 0051-x86-speculation-KVM-Implement-support-for-VIRT_SPEC_.patch
137 
+Patch252: 0052-KVM-SVM-Implement-VIRT_SPEC_CTRL-support-for-SSBD.patch
138 
+Patch253: 0053-x86-bugs-Rename-SSBD_NO-to-SSB_NO.patch
139 
+
85 140 
 # NSX requirements (should be removed)
86 141 
 Patch99:        LKCM.patch
87 142
... ... 
@@ -219,6 +274,60 @@ EOF
219 219 
 %patch14 -p1
220 220 
 %patch15 -p1
221 221
222 
+%patch201 -p1
223 
+%patch202 -p1
224 
+%patch203 -p1
225 
+%patch204 -p1
226 
+%patch205 -p1
227 
+%patch206 -p1
228 
+%patch207 -p1
229 
+%patch208 -p1
230 
+%patch209 -p1
231 
+%patch210 -p1
232 
+%patch211 -p1
233 
+%patch212 -p1
234 
+%patch213 -p1
235 
+%patch214 -p1
236 
+%patch215 -p1
237 
+%patch216 -p1
238 
+%patch217 -p1
239 
+%patch218 -p1
240 
+%patch219 -p1
241 
+%patch220 -p1
242 
+%patch221 -p1
243 
+%patch222 -p1
244 
+%patch223 -p1
245 
+%patch224 -p1
246 
+%patch225 -p1
247 
+%patch226 -p1
248 
+%patch227 -p1
249 
+%patch228 -p1
250 
+%patch229 -p1
251 
+%patch230 -p1
252 
+%patch231 -p1
253 
+%patch232 -p1
254 
+%patch233 -p1
255 
+%patch234 -p1
256 
+%patch235 -p1
257 
+%patch236 -p1
258 
+%patch237 -p1
259 
+%patch238 -p1
260 
+%patch239 -p1
261 
+%patch240 -p1
262 
+%patch241 -p1
263 
+%patch242 -p1
264 
+%patch243 -p1
265 
+%patch244 -p1
266 
+%patch245 -p1
267 
+%patch246 -p1
268 
+%patch247 -p1
269 
+%patch248 -p1
270 
+%patch249 -p1
271 
+%patch250 -p1
272 
+%patch251 -p1
273 
+%patch252 -p1
274 
+%patch253 -p1
275 
+
222 276 
 pushd ..
223 277 
 %patch99 -p0
224 278 
 popd
... ... 
@@ -344,6 +453,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
344 344 
 /usr/src/linux-headers-%{uname_r}
345 345
346 346 
 %changelog
347 
+*   Mon May 21 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.101-1
348 
+-   Update to version 4.9.101 and fix CVE-2018-3639.
347 349 
 *   Wed May 09 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.99-1
348 350 
 -   Update to version 4.9.99
349 351 
 *   Fri May 04 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.98-2
SPECS/linux/linux.spec
History View file @ c3d25b5
... ... 
@@ -1,7 +1,7 @@
1 1 
 %global security_hardening none
2 2 
 Summary:        Kernel
3 3 
 Name:           linux
4 
-Version:        4.9.99
4 
+Version:        4.9.101
5 5 
 Release:        1%{?kat_build:.%kat_build}%{?dist}
6 6 
 License:    	GPLv2
7 7 
 URL:        	http://www.kernel.org/
... ... 
@@ -9,7 +9,7 @@ Group:        	System Environment/Kernel
9 9 
 Vendor:         VMware, Inc.
10 10 
 Distribution: 	Photon
11 11 
 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
12 
-%define sha1 linux=d35adbca6133a7b5a382bd523f63322d0d56aeff
12 
+%define sha1 linux=12b399649df63355823d482fd91711b1be3e7f1b
13 13 
 Source1:	config
14 14 
 Source2:	initramfs.trigger
15 15 
 %define ena_version 1.1.3
... ... 
@@ -80,6 +80,61 @@ Patch64: 0153-net-mpls-prevent-speculative-execution.patch
80 80 
 Patch65: 0154-udf-prevent-speculative-execution.patch
81 81 
 Patch66: 0155-userns-prevent-speculative-execution.patch
82 82
83 
+# Fix CVE-2018-3639 (Speculative Store Bypass)
84 
+Patch201: 0001-x86-amd-don-t-set-X86_BUG_SYSRET_SS_ATTRS-when-runni.patch
85 
+Patch202: 0002-x86-nospec-Simplify-alternative_msr_write.patch
86 
+Patch203: 0003-x86-bugs-Concentrate-bug-detection-into-a-separate-f.patch
87 
+Patch204: 0004-x86-bugs-Concentrate-bug-reporting-into-a-separate-f.patch
88 
+Patch205: 0005-x86-bugs-Read-SPEC_CTRL-MSR-during-boot-and-re-use-r.patch
89 
+Patch206: 0006-x86-bugs-KVM-Support-the-combination-of-guest-and-ho.patch
90 
+Patch207: 0007-x86-bugs-Expose-sys-.-spec_store_bypass.patch
91 
+Patch208: 0008-x86-cpufeatures-Add-X86_FEATURE_RDS.patch
92 
+Patch209: 0009-x86-bugs-Provide-boot-parameters-for-the-spec_store_.patch
93 
+Patch210: 0010-x86-bugs-intel-Set-proper-CPU-features-and-setup-RDS.patch
94 
+Patch211: 0011-x86-bugs-Whitelist-allowed-SPEC_CTRL-MSR-values.patch
95 
+Patch212: 0012-x86-bugs-AMD-Add-support-to-disable-RDS-on-Fam-15-16.patch
96 
+Patch213: 0013-x86-KVM-VMX-Expose-SPEC_CTRL-Bit-2-to-the-guest.patch
97 
+Patch214: 0014-x86-speculation-Create-spec-ctrl.h-to-avoid-include-.patch
98 
+Patch215: 0015-prctl-Add-speculation-control-prctls.patch
99 
+Patch216: 0016-x86-process-Optimize-TIF-checks-in-__switch_to_xtra.patch
100 
+Patch217: 0017-x86-process-Correct-and-optimize-TIF_BLOCKSTEP-switc.patch
101 
+Patch218: 0018-x86-process-Optimize-TIF_NOTSC-switch.patch
102 
+Patch219: 0019-x86-process-Allow-runtime-control-of-Speculative-Sto.patch
103 
+Patch220: 0020-x86-speculation-Add-prctl-for-Speculative-Store-Bypa.patch
104 
+Patch221: 0021-nospec-Allow-getting-setting-on-non-current-task.patch
105 
+Patch222: 0022-proc-Provide-details-on-speculation-flaw-mitigations.patch
106 
+Patch223: 0023-seccomp-Enable-speculation-flaw-mitigations.patch
107 
+Patch224: 0024-x86-bugs-Make-boot-modes-__ro_after_init.patch
108 
+Patch225: 0025-prctl-Add-force-disable-speculation.patch
109 
+Patch226: 0026-seccomp-Use-PR_SPEC_FORCE_DISABLE.patch
110 
+Patch227: 0027-seccomp-Add-filter-flag-to-opt-out-of-SSB-mitigation.patch
111 
+Patch228: 0028-seccomp-Move-speculation-migitation-control-to-arch-.patch
112 
+Patch229: 0029-x86-speculation-Make-seccomp-the-default-mode-for-Sp.patch
113 
+Patch230: 0030-x86-bugs-Rename-_RDS-to-_SSBD.patch
114 
+Patch231: 0031-proc-Use-underscores-for-SSBD-in-status.patch
115 
+Patch232: 0032-Documentation-spec_ctrl-Do-some-minor-cleanups.patch
116 
+Patch233: 0033-x86-bugs-Fix-__ssb_select_mitigation-return-type.patch
117 
+Patch234: 0034-x86-bugs-Make-cpu_show_common-static.patch
118 
+Patch235: 0035-x86-bugs-Fix-the-parameters-alignment-and-missing-vo.patch
119 
+Patch236: 0036-x86-cpu-Make-alternative_msr_write-work-for-32-bit-c.patch
120 
+Patch237: 0037-KVM-SVM-Move-spec-control-call-after-restore-of-GS.patch
121 
+Patch238: 0038-x86-speculation-Use-synthetic-bits-for-IBRS-IBPB-STI.patch
122 
+Patch239: 0039-x86-cpufeatures-Disentangle-MSR_SPEC_CTRL-enumeratio.patch
123 
+Patch240: 0040-x86-cpufeatures-Disentangle-SSBD-enumeration.patch
124 
+Patch241: 0041-x86-cpu-AMD-Fix-erratum-1076-CPB-bit.patch
125 
+Patch242: 0042-x86-cpufeatures-Add-FEATURE_ZEN.patch
126 
+Patch243: 0043-x86-speculation-Handle-HT-correctly-on-AMD.patch
127 
+Patch244: 0044-x86-bugs-KVM-Extend-speculation-control-for-VIRT_SPE.patch
128 
+Patch245: 0045-x86-speculation-Add-virtualized-speculative-store-by.patch
129 
+Patch246: 0046-x86-speculation-Rework-speculative_store_bypass_upda.patch
130 
+Patch247: 0047-x86-bugs-Unify-x86_spec_ctrl_-set_guest-restore_host.patch
131 
+Patch248: 0048-x86-bugs-Expose-x86_spec_ctrl_base-directly.patch
132 
+Patch249: 0049-x86-bugs-Remove-x86_spec_ctrl_set.patch
133 
+Patch250: 0050-x86-bugs-Rework-spec_ctrl-base-and-mask-logic.patch
134 
+Patch251: 0051-x86-speculation-KVM-Implement-support-for-VIRT_SPEC_.patch
135 
+Patch252: 0052-KVM-SVM-Implement-VIRT_SPEC_CTRL-support-for-SSBD.patch
136 
+Patch253: 0053-x86-bugs-Rename-SSBD_NO-to-SSB_NO.patch
137 
+
83 138 
 %if 0%{?kat_build:1}
84 139 
 Patch1000:	%{kat_build}.patch
85 140 
 %endif
... ... 
@@ -204,6 +259,60 @@ This package contains the 'perf' performance analysis tools for Linux kernel.
204 204 
 %patch65 -p1
205 205 
 %patch66 -p1
206 206
207 
+%patch201 -p1
208 
+%patch202 -p1
209 
+%patch203 -p1
210 
+%patch204 -p1
211 
+%patch205 -p1
212 
+%patch206 -p1
213 
+%patch207 -p1
214 
+%patch208 -p1
215 
+%patch209 -p1
216 
+%patch210 -p1
217 
+%patch211 -p1
218 
+%patch212 -p1
219 
+%patch213 -p1
220 
+%patch214 -p1
221 
+%patch215 -p1
222 
+%patch216 -p1
223 
+%patch217 -p1
224 
+%patch218 -p1
225 
+%patch219 -p1
226 
+%patch220 -p1
227 
+%patch221 -p1
228 
+%patch222 -p1
229 
+%patch223 -p1
230 
+%patch224 -p1
231 
+%patch225 -p1
232 
+%patch226 -p1
233 
+%patch227 -p1
234 
+%patch228 -p1
235 
+%patch229 -p1
236 
+%patch230 -p1
237 
+%patch231 -p1
238 
+%patch232 -p1
239 
+%patch233 -p1
240 
+%patch234 -p1
241 
+%patch235 -p1
242 
+%patch236 -p1
243 
+%patch237 -p1
244 
+%patch238 -p1
245 
+%patch239 -p1
246 
+%patch240 -p1
247 
+%patch241 -p1
248 
+%patch242 -p1
249 
+%patch243 -p1
250 
+%patch244 -p1
251 
+%patch245 -p1
252 
+%patch246 -p1
253 
+%patch247 -p1
254 
+%patch248 -p1
255 
+%patch249 -p1
256 
+%patch250 -p1
257 
+%patch251 -p1
258 
+%patch252 -p1
259 
+%patch253 -p1
260 
+
207 261 
 %if 0%{?kat_build:1}
208 262 
 %patch1000 -p1
209 263 
 %endif
... ... 
@@ -370,6 +479,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg
370 370 
 /usr/share/doc/*
371 371
372 372 
 %changelog
373 
+*   Mon May 21 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.101-1
374 
+-   Update to version 4.9.101 and fix CVE-2018-3639.
373 375 
 *   Wed May 09 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.99-1
374 376 
 -   Update to version 4.9.99
375 377 
 *   Fri May 04 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.98-2
SPECS/linux/speculative-store-bypass/0001-x86-amd-don-t-set-X86_BUG_SYSRET_SS_ATTRS-when-runni.patch
History View file @ c3d25b5
376 378 
new file mode 100644
... ... 
@@ -0,0 +1,66 @@
0 
+From 955fb59065c8d4dd1efe70a6d3233f7f2aa925f8 Mon Sep 17 00:00:00 2001
1 
+From: David Woodhouse <dwmw@amazon.co.uk>
2 
+Date: Sun, 20 May 2018 20:51:10 +0100
3 
+Subject: [PATCH] x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under
4 
+ Xen
5 
+
6 
+commit def9331a12977770cc6132d79f8e6565871e8e38 upstream
7 
+
8 
+When running as Xen pv guest X86_BUG_SYSRET_SS_ATTRS must not be set
9 
+on AMD cpus.
10 
+
11 
+This bug/feature bit is kind of special as it will be used very early
12 
+when switching threads. Setting the bit and clearing it a little bit
13 
+later leaves a critical window where things can go wrong. This time
14 
+window has enlarged a little bit by using setup_clear_cpu_cap() instead
15 
+of the hypervisor's set_cpu_features callback. It seems this larger
16 
+window now makes it rather easy to hit the problem.
17 
+
18 
+The proper solution is to never set the bit in case of Xen.
19 
+
20 
+Signed-off-by: Juergen Gross <jgross@suse.com>
21 
+Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
22 
+Acked-by: Thomas Gleixner <tglx@linutronix.de>
23 
+Signed-off-by: Juergen Gross <jgross@suse.com>
24 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
25 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
26 
+---
27 
+ arch/x86/kernel/cpu/amd.c | 5 +++--
28 
+ arch/x86/xen/enlighten.c  | 4 +---
29 
+ 2 files changed, 4 insertions(+), 5 deletions(-)
30 
+
31 
+diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
32 
+index c375bc6..747f8a2 100644
33 
+--- a/arch/x86/kernel/cpu/amd.c
34 
+@@ -824,8 +824,9 @@ static void init_amd(struct cpuinfo_x86 *c)
35 
+ 		if (cpu_has(c, X86_FEATURE_3DNOW) || cpu_has(c, X86_FEATURE_LM))
36 
+ 			set_cpu_cap(c, X86_FEATURE_3DNOWPREFETCH);
37 
+
38 
+-	/* AMD CPUs don't reset SS attributes on SYSRET */
39 
+-	set_cpu_bug(c, X86_BUG_SYSRET_SS_ATTRS);
40 
++	/* AMD CPUs don't reset SS attributes on SYSRET, Xen does. */
41 
++	if (!cpu_has(c, X86_FEATURE_XENPV))
42 
++		set_cpu_bug(c, X86_BUG_SYSRET_SS_ATTRS);
43 
+ }
44 
+
45 
+ #ifdef CONFIG_X86_32
46 
+diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
47 
+index 2bea87c..081437b 100644
48 
+--- a/arch/x86/xen/enlighten.c
49 
+@@ -1977,10 +1977,8 @@ EXPORT_SYMBOL_GPL(xen_hvm_need_lapic);
50 
+
51 
+ static void xen_set_cpu_features(struct cpuinfo_x86 *c)
52 
+ {
53 
+-	if (xen_pv_domain()) {
54 
+-		clear_cpu_bug(c, X86_BUG_SYSRET_SS_ATTRS);
55 
++	if (xen_pv_domain())
56 
+ 		set_cpu_cap(c, X86_FEATURE_XENPV);
57 
+-	}
58 
+ }
59 
+
60 
+ static void xen_pin_vcpu(int cpu)
61 
+--
62 
+2.7.4
63 
+
SPECS/linux/speculative-store-bypass/0002-x86-nospec-Simplify-alternative_msr_write.patch
History View file @ c3d25b5
0 64 
new file mode 100644
... ... 
@@ -0,0 +1,71 @@
0 
+From 50611b175f16c043d2a277faef4dd1a73050bba1 Mon Sep 17 00:00:00 2001
1 
+From: Linus Torvalds <torvalds@linux-foundation.org>
2 
+Date: Tue, 1 May 2018 15:55:51 +0200
3 
+Subject: [PATCH 02/54] x86/nospec: Simplify alternative_msr_write()
4 
+
5 
+commit 1aa7a5735a41418d8e01fa7c9565eb2657e2ea3f upstream
6 
+
7 
+The macro is not type safe and I did look for why that "g" constraint for
8 
+the asm doesn't work: it's because the asm is more fundamentally wrong.
9 
+
10 
+It does
11 
+
12 
+        movl %[val], %%eax
13 
+
14 
+but "val" isn't a 32-bit value, so then gcc will pass it in a register,
15 
+and generate code like
16 
+
17 
+        movl %rsi, %eax
18 
+
19 
+and gas will complain about a nonsensical 'mov' instruction (it's moving a
20 
+64-bit register to a 32-bit one).
21 
+
22 
+Passing it through memory will just hide the real bug - gcc still thinks
23 
+the memory location is 64-bit, but the "movl" will only load the first 32
24 
+bits and it all happens to work because x86 is little-endian.
25 
+
26 
+Convert it to a type safe inline function with a little trick which hands
27 
+the feature into the ALTERNATIVE macro.
28 
+
29 
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
30 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
31 
+Reviewed-by: Ingo Molnar <mingo@kernel.org>
32 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
33 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
34 
+---
35 
+ arch/x86/include/asm/nospec-branch.h | 19 ++++++++++---------
36 
+ 1 file changed, 10 insertions(+), 9 deletions(-)
37 
+
38 
+diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
39 
+index f928ad9..870acfc 100644
40 
+--- a/arch/x86/include/asm/nospec-branch.h
41 
+@@ -241,15 +241,16 @@ static inline void vmexit_fill_RSB(void)
42 
+ #endif
43 
+ }
44 
+
45 
+-#define alternative_msr_write(_msr, _val, _feature)		\
46 
+-	asm volatile(ALTERNATIVE("",				\
47 
+-				 "movl %[msr], %%ecx\n\t"	\
48 
+-				 "movl %[val], %%eax\n\t"	\
49 
+-				 "movl $0, %%edx\n\t"		\
50 
+-				 "wrmsr",			\
51 
+-				 _feature)			\
52 
+-		     : : [msr] "i" (_msr), [val] "i" (_val)	\
53 
+-		     : "eax", "ecx", "edx", "memory")
54 
++static __always_inline
55 
++void alternative_msr_write(unsigned int msr, u64 val, unsigned int feature)
56 
++{
57 
++	asm volatile(ALTERNATIVE("", "wrmsr", %c[feature])
58 
++		: : "c" (msr),
59 
++		    "a" (val),
60 
++		    "d" (val >> 32),
61 
++		    [feature] "i" (feature)
62 
++		: "memory");
63 
++}
64 
+
65 
+ static inline void indirect_branch_prediction_barrier(void)
66 
+ {
67 
+--
68 
+2.7.4
69 
+
SPECS/linux/speculative-store-bypass/0003-x86-bugs-Concentrate-bug-detection-into-a-separate-f.patch
History View file @ c3d25b5
0 70 
new file mode 100644
... ... 
@@ -0,0 +1,75 @@
0 
+From c0fe8ba000900104b0e1d75792cc3b649e2ca5c8 Mon Sep 17 00:00:00 2001
1 
+From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
2 
+Date: Wed, 25 Apr 2018 22:04:16 -0400
3 
+Subject: [PATCH 03/54] x86/bugs: Concentrate bug detection into a separate
4 
+ function
5 
+
6 
+commit 4a28bfe3267b68e22c663ac26185aa16c9b879ef upstream
7 
+
8 
+Combine the various logic which goes through all those
9 
+x86_cpu_id matching structures in one function.
10 
+
11 
+Suggested-by: Borislav Petkov <bp@suse.de>
12 
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
13 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
14 
+Reviewed-by: Borislav Petkov <bp@suse.de>
15 
+Reviewed-by: Ingo Molnar <mingo@kernel.org>
16 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
17 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
18 
+---
19 
+ arch/x86/kernel/cpu/common.c | 21 +++++++++++----------
20 
+ 1 file changed, 11 insertions(+), 10 deletions(-)
21 
+
22 
+diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
23 
+index 301bbd1..357c589 100644
24 
+--- a/arch/x86/kernel/cpu/common.c
25 
+@@ -879,21 +879,27 @@ static const __initconst struct x86_cpu_id cpu_no_meltdown[] = {
26 
+ 	{}
27 
+ };
28 
+
29 
+-static bool __init cpu_vulnerable_to_meltdown(struct cpuinfo_x86 *c)
30 
++static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
31 
+ {
32 
+ 	u64 ia32_cap = 0;
33 
+
34 
++	if (x86_match_cpu(cpu_no_speculation))
35 
++		return;
36 
++
37 
++	setup_force_cpu_bug(X86_BUG_SPECTRE_V1);
38 
++	setup_force_cpu_bug(X86_BUG_SPECTRE_V2);
39 
++
40 
+ 	if (x86_match_cpu(cpu_no_meltdown))
41 
+-		return false;
42 
++		return;
43 
+
44 
+ 	if (cpu_has(c, X86_FEATURE_ARCH_CAPABILITIES))
45 
+ 		rdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap);
46 
+
47 
+ 	/* Rogue Data Cache Load? No! */
48 
+ 	if (ia32_cap & ARCH_CAP_RDCL_NO)
49 
+-		return false;
50 
++		return;
51 
+
52 
+-	return true;
53 
++	setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN);
54 
+ }
55 
+
56 
+ /*
57 
+@@ -942,12 +948,7 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c)
58 
+
59 
+ 	setup_force_cpu_cap(X86_FEATURE_ALWAYS);
60 
+
61 
+-	if (!x86_match_cpu(cpu_no_speculation)) {
62 
+-		if (cpu_vulnerable_to_meltdown(c))
63 
+-			setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN);
64 
+-		setup_force_cpu_bug(X86_BUG_SPECTRE_V1);
65 
+-		setup_force_cpu_bug(X86_BUG_SPECTRE_V2);
66 
+-	}
67 
++	cpu_set_bug_bits(c);
68 
+
69 
+ 	fpu__init_system(c);
70 
+
71 
+--
72 
+2.7.4
73 
+
SPECS/linux/speculative-store-bypass/0004-x86-bugs-Concentrate-bug-reporting-into-a-separate-f.patch
History View file @ c3d25b5
0 74 
new file mode 100644
... ... 
@@ -0,0 +1,92 @@
0 
+From ff78adefff46730763280872f6c78e9599b58eaf Mon Sep 17 00:00:00 2001
1 
+From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
2 
+Date: Wed, 25 Apr 2018 22:04:17 -0400
3 
+Subject: [PATCH 04/54] x86/bugs: Concentrate bug reporting into a separate
4 
+ function
5 
+
6 
+commit d1059518b4789cabe34bb4b714d07e6089c82ca1 upstream
7 
+
8 
+Those SysFS functions have a similar preamble, as such make common
9 
+code to handle them.
10 
+
11 
+Suggested-by: Borislav Petkov <bp@suse.de>
12 
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
13 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
14 
+Reviewed-by: Borislav Petkov <bp@suse.de>
15 
+Reviewed-by: Ingo Molnar <mingo@kernel.org>
16 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
17 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
18 
+---
19 
+ arch/x86/kernel/cpu/bugs.c | 46 ++++++++++++++++++++++++++++++++--------------
20 
+ 1 file changed, 32 insertions(+), 14 deletions(-)
21 
+
22 
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
23 
+index b8b0b6e..4d9c5fe 100644
24 
+--- a/arch/x86/kernel/cpu/bugs.c
25 
+@@ -313,30 +313,48 @@ static void __init spectre_v2_select_mitigation(void)
26 
+ #undef pr_fmt
27 
+
28 
+ #ifdef CONFIG_SYSFS
29 
+-ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf)
30 
++
31 
++ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr,
32 
++			char *buf, unsigned int bug)
33 
+ {
34 
+-	if (!boot_cpu_has_bug(X86_BUG_CPU_MELTDOWN))
35 
++	if (!boot_cpu_has_bug(bug))
36 
+ 		return sprintf(buf, "Not affected\n");
37 
+-	if (boot_cpu_has(X86_FEATURE_KAISER))
38 
+-		return sprintf(buf, "Mitigation: PTI\n");
39 
++
40 
++	switch (bug) {
41 
++	case X86_BUG_CPU_MELTDOWN:
42 
++		if (boot_cpu_has(X86_FEATURE_KAISER))
43 
++			return sprintf(buf, "Mitigation: PTI\n");
44 
++
45 
++		break;
46 
++
47 
++	case X86_BUG_SPECTRE_V1:
48 
++		return sprintf(buf, "Mitigation: __user pointer sanitization\n");
49 
++
50 
++	case X86_BUG_SPECTRE_V2:
51 
++		return sprintf(buf, "%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled],
52 
++			       boot_cpu_has(X86_FEATURE_USE_IBPB) ? ", IBPB" : "",
53 
++			       boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "",
54 
++			       spectre_v2_module_string());
55 
++
56 
++	default:
57 
++		break;
58 
++	}
59 
++
60 
+ 	return sprintf(buf, "Vulnerable\n");
61 
+ }
62 
+
63 
++ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf)
64 
++{
65 
++	return cpu_show_common(dev, attr, buf, X86_BUG_CPU_MELTDOWN);
66 
++}
67 
++
68 
+ ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, char *buf)
69 
+ {
70 
+-	if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V1))
71 
+-		return sprintf(buf, "Not affected\n");
72 
+-	return sprintf(buf, "Mitigation: __user pointer sanitization\n");
73 
++	return cpu_show_common(dev, attr, buf, X86_BUG_SPECTRE_V1);
74 
+ }
75 
+
76 
+ ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf)
77 
+ {
78 
+-	if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2))
79 
+-		return sprintf(buf, "Not affected\n");
80 
+-
81 
+-	return sprintf(buf, "%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled],
82 
+-		       boot_cpu_has(X86_FEATURE_USE_IBPB) ? ", IBPB" : "",
83 
+-		       boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "",
84 
+-		       spectre_v2_module_string());
85 
++	return cpu_show_common(dev, attr, buf, X86_BUG_SPECTRE_V2);
86 
+ }
87 
+ #endif
88 
+--
89 
+2.7.4
90 
+
SPECS/linux/speculative-store-bypass/0005-x86-bugs-Read-SPEC_CTRL-MSR-during-boot-and-re-use-r.patch
History View file @ c3d25b5
0 91 
new file mode 100644
... ... 
@@ -0,0 +1,143 @@
0 
+From 84f69ae87c13c1ab6f0bdf945f5e3710a37bcb6d Mon Sep 17 00:00:00 2001
1 
+From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
2 
+Date: Wed, 25 Apr 2018 22:04:18 -0400
3 
+Subject: [PATCH 05/54] x86/bugs: Read SPEC_CTRL MSR during boot and re-use
4 
+ reserved bits
5 
+
6 
+commit 1b86883ccb8d5d9506529d42dbe1a5257cb30b18 upstream
7 
+
8 
+The 336996-Speculative-Execution-Side-Channel-Mitigations.pdf refers to all
9 
+the other bits as reserved. The Intel SDM glossary defines reserved as
10 
+implementation specific - aka unknown.
11 
+
12 
+As such at bootup this must be taken it into account and proper masking for
13 
+the bits in use applied.
14 
+
15 
+A copy of this document is available at
16 
+https://bugzilla.kernel.org/show_bug.cgi?id=199511
17 
+
18 
+[ tglx: Made x86_spec_ctrl_base __ro_after_init ]
19 
+
20 
+Suggested-by: Jon Masters <jcm@redhat.com>
21 
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
22 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
23 
+Reviewed-by: Borislav Petkov <bp@suse.de>
24 
+Reviewed-by: Ingo Molnar <mingo@kernel.org>
25 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
26 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
27 
+---
28 
+ arch/x86/include/asm/nospec-branch.h | 24 ++++++++++++++++++++----
29 
+ arch/x86/kernel/cpu/bugs.c           | 28 ++++++++++++++++++++++++++++
30 
+ 2 files changed, 48 insertions(+), 4 deletions(-)
31 
+
32 
+diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
33 
+index 870acfc..9ec3d4d 100644
34 
+--- a/arch/x86/include/asm/nospec-branch.h
35 
+@@ -217,6 +217,17 @@ enum spectre_v2_mitigation {
36 
+ 	SPECTRE_V2_IBRS,
37 
+ };
38 
+
39 
++/*
40 
++ * The Intel specification for the SPEC_CTRL MSR requires that we
41 
++ * preserve any already set reserved bits at boot time (e.g. for
42 
++ * future additions that this kernel is not currently aware of).
43 
++ * We then set any additional mitigation bits that we want
44 
++ * ourselves and always use this as the base for SPEC_CTRL.
45 
++ * We also use this when handling guest entry/exit as below.
46 
++ */
47 
++extern void x86_spec_ctrl_set(u64);
48 
++extern u64 x86_spec_ctrl_get_default(void);
49 
++
50 
+ extern char __indirect_thunk_start[];
51 
+ extern char __indirect_thunk_end[];
52 
+
53 
+@@ -254,8 +265,9 @@ void alternative_msr_write(unsigned int msr, u64 val, unsigned int feature)
54 
+
55 
+ static inline void indirect_branch_prediction_barrier(void)
56 
+ {
57 
+-	alternative_msr_write(MSR_IA32_PRED_CMD, PRED_CMD_IBPB,
58 
+-			      X86_FEATURE_USE_IBPB);
59 
++	u64 val = PRED_CMD_IBPB;
60 
++
61 
++	alternative_msr_write(MSR_IA32_PRED_CMD, val, X86_FEATURE_USE_IBPB);
62 
+ }
63 
+
64 
+ /*
65 
+@@ -266,14 +278,18 @@ static inline void indirect_branch_prediction_barrier(void)
66 
+  */
67 
+ #define firmware_restrict_branch_speculation_start()			\
68 
+ do {									\
69 
++	u64 val = x86_spec_ctrl_get_default() | SPEC_CTRL_IBRS;		\
70 
++									\
71 
+ 	preempt_disable();						\
72 
+-	alternative_msr_write(MSR_IA32_SPEC_CTRL, SPEC_CTRL_IBRS,	\
73 
++	alternative_msr_write(MSR_IA32_SPEC_CTRL, val,			\
74 
+ 			      X86_FEATURE_USE_IBRS_FW);			\
75 
+ } while (0)
76 
+
77 
+ #define firmware_restrict_branch_speculation_end()			\
78 
+ do {									\
79 
+-	alternative_msr_write(MSR_IA32_SPEC_CTRL, 0,			\
80 
++	u64 val = x86_spec_ctrl_get_default();				\
81 
++									\
82 
++	alternative_msr_write(MSR_IA32_SPEC_CTRL, val,			\
83 
+ 			      X86_FEATURE_USE_IBRS_FW);			\
84 
+ 	preempt_enable();						\
85 
+ } while (0)
86 
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
87 
+index 4d9c5fe..6ff972a 100644
88 
+--- a/arch/x86/kernel/cpu/bugs.c
89 
+@@ -27,6 +27,12 @@
90 
+
91 
+ static void __init spectre_v2_select_mitigation(void);
92 
+
93 
++/*
94 
++ * Our boot-time value of the SPEC_CTRL MSR. We read it once so that any
95 
++ * writes to SPEC_CTRL contain whatever reserved bits have been set.
96 
++ */
97 
++static u64 __ro_after_init x86_spec_ctrl_base;
98 
++
99 
+ void __init check_bugs(void)
100 
+ {
101 
+ 	identify_boot_cpu();
102 
+@@ -36,6 +42,13 @@ void __init check_bugs(void)
103 
+ 		print_cpu_info(&boot_cpu_data);
104 
+ 	}
105 
+
106 
++	/*
107 
++	 * Read the SPEC_CTRL MSR to account for reserved bits which may
108 
++	 * have unknown values.
109 
++	 */
110 
++	if (boot_cpu_has(X86_FEATURE_IBRS))
111 
++		rdmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
112 
++
113 
+ 	/* Select the proper spectre mitigation before patching alternatives */
114 
+ 	spectre_v2_select_mitigation();
115 
+
116 
+@@ -94,6 +107,21 @@ static const char *spectre_v2_strings[] = {
117 
+
118 
+ static enum spectre_v2_mitigation spectre_v2_enabled = SPECTRE_V2_NONE;
119 
+
120 
++void x86_spec_ctrl_set(u64 val)
121 
++{
122 
++	if (val & ~SPEC_CTRL_IBRS)
123 
++		WARN_ONCE(1, "SPEC_CTRL MSR value 0x%16llx is unknown.\n", val);
124 
++	else
125 
++		wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base | val);
126 
++}
127 
++EXPORT_SYMBOL_GPL(x86_spec_ctrl_set);
128 
++
129 
++u64 x86_spec_ctrl_get_default(void)
130 
++{
131 
++	return x86_spec_ctrl_base;
132 
++}
133 
++EXPORT_SYMBOL_GPL(x86_spec_ctrl_get_default);
134 
++
135 
+ #ifdef RETPOLINE
136 
+ static bool spectre_v2_bad_module;
137 
+
138 
+--
139 
+2.7.4
140 
+
SPECS/linux/speculative-store-bypass/0006-x86-bugs-KVM-Support-the-combination-of-guest-and-ho.patch
History View file @ c3d25b5
0 141 
new file mode 100644
... ... 
@@ -0,0 +1,137 @@
0 
+From 77da8ae16be7e944aad9306ecb481131ae77bb1f Mon Sep 17 00:00:00 2001
1 
+From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
2 
+Date: Wed, 25 Apr 2018 22:04:19 -0400
3 
+Subject: [PATCH 06/54] x86/bugs, KVM: Support the combination of guest and
4 
+ host IBRS
5 
+
6 
+commit 5cf687548705412da47c9cec342fd952d71ed3d5 upstream
7 
+
8 
+A guest may modify the SPEC_CTRL MSR from the value used by the
9 
+kernel. Since the kernel doesn't use IBRS, this means a value of zero is
10 
+what is needed in the host.
11 
+
12 
+But the 336996-Speculative-Execution-Side-Channel-Mitigations.pdf refers to
13 
+the other bits as reserved so the kernel should respect the boot time
14 
+SPEC_CTRL value and use that.
15 
+
16 
+This allows to deal with future extensions to the SPEC_CTRL interface if
17 
+any at all.
18 
+
19 
+Note: This uses wrmsrl() instead of native_wrmsl(). I does not make any
20 
+difference as paravirt will over-write the callq *0xfff.. with the wrmsrl
21 
+assembler code.
22 
+
23 
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
24 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
25 
+Reviewed-by: Borislav Petkov <bp@suse.de>
26 
+Reviewed-by: Ingo Molnar <mingo@kernel.org>
27 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
28 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
29 
+---
30 
+ arch/x86/include/asm/nospec-branch.h | 10 ++++++++++
31 
+ arch/x86/kernel/cpu/bugs.c           | 18 ++++++++++++++++++
32 
+ arch/x86/kvm/svm.c                   |  6 ++----
33 
+ arch/x86/kvm/vmx.c                   |  6 ++----
34 
+ 4 files changed, 32 insertions(+), 8 deletions(-)
35 
+
36 
+diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
37 
+index 9ec3d4d..d1c26309 100644
38 
+--- a/arch/x86/include/asm/nospec-branch.h
39 
+@@ -228,6 +228,16 @@ enum spectre_v2_mitigation {
40 
+ extern void x86_spec_ctrl_set(u64);
41 
+ extern u64 x86_spec_ctrl_get_default(void);
42 
+
43 
++/*
44 
++ * On VMENTER we must preserve whatever view of the SPEC_CTRL MSR
45 
++ * the guest has, while on VMEXIT we restore the host view. This
46 
++ * would be easier if SPEC_CTRL were architecturally maskable or
47 
++ * shadowable for guests but this is not (currently) the case.
48 
++ * Takes the guest view of SPEC_CTRL MSR as a parameter.
49 
++ */
50 
++extern void x86_spec_ctrl_set_guest(u64);
51 
++extern void x86_spec_ctrl_restore_host(u64);
52 
++
53 
+ extern char __indirect_thunk_start[];
54 
+ extern char __indirect_thunk_end[];
55 
+
56 
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
57 
+index 6ff972a..f5cad2f 100644
58 
+--- a/arch/x86/kernel/cpu/bugs.c
59 
+@@ -122,6 +122,24 @@ u64 x86_spec_ctrl_get_default(void)
60 
+ }
61 
+ EXPORT_SYMBOL_GPL(x86_spec_ctrl_get_default);
62 
+
63 
++void x86_spec_ctrl_set_guest(u64 guest_spec_ctrl)
64 
++{
65 
++	if (!boot_cpu_has(X86_FEATURE_IBRS))
66 
++		return;
67 
++	if (x86_spec_ctrl_base != guest_spec_ctrl)
68 
++		wrmsrl(MSR_IA32_SPEC_CTRL, guest_spec_ctrl);
69 
++}
70 
++EXPORT_SYMBOL_GPL(x86_spec_ctrl_set_guest);
71 
++
72 
++void x86_spec_ctrl_restore_host(u64 guest_spec_ctrl)
73 
++{
74 
++	if (!boot_cpu_has(X86_FEATURE_IBRS))
75 
++		return;
76 
++	if (x86_spec_ctrl_base != guest_spec_ctrl)
77 
++		wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
78 
++}
79 
++EXPORT_SYMBOL_GPL(x86_spec_ctrl_restore_host);
80 
++
81 
+ #ifdef RETPOLINE
82 
+ static bool spectre_v2_bad_module;
83 
+
84 
+diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
85 
+index aaa93b4..eeb8cd3 100644
86 
+--- a/arch/x86/kvm/svm.c
87 
+@@ -4917,8 +4917,7 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
88 
+ 	 * is no need to worry about the conditional branch over the wrmsr
89 
+ 	 * being speculatively taken.
90 
+ 	 */
91 
+-	if (svm->spec_ctrl)
92 
+-		native_wrmsrl(MSR_IA32_SPEC_CTRL, svm->spec_ctrl);
93 
++	x86_spec_ctrl_set_guest(svm->spec_ctrl);
94 
+
95 
+ 	asm volatile (
96 
+ 		"push %%" _ASM_BP "; \n\t"
97 
+@@ -5030,8 +5029,7 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
98 
+ 	if (unlikely(!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL)))
99 
+ 		svm->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL);
100 
+
101 
+-	if (svm->spec_ctrl)
102 
+-		native_wrmsrl(MSR_IA32_SPEC_CTRL, 0);
103 
++	x86_spec_ctrl_restore_host(svm->spec_ctrl);
104 
+
105 
+ 	/* Eliminate branch target predictions from guest mode */
106 
+ 	vmexit_fill_RSB();
107 
+diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
108 
+index b978aec..266db0b 100644
109 
+--- a/arch/x86/kvm/vmx.c
110 
+@@ -8916,8 +8916,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
111 
+ 	 * is no need to worry about the conditional branch over the wrmsr
112 
+ 	 * being speculatively taken.
113 
+ 	 */
114 
+-	if (vmx->spec_ctrl)
115 
+-		native_wrmsrl(MSR_IA32_SPEC_CTRL, vmx->spec_ctrl);
116 
++	x86_spec_ctrl_set_guest(vmx->spec_ctrl);
117 
+
118 
+ 	vmx->__launched = vmx->loaded_vmcs->launched;
119 
+ 	asm(
120 
+@@ -9055,8 +9054,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
121 
+ 	if (unlikely(!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL)))
122 
+ 		vmx->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL);
123 
+
124 
+-	if (vmx->spec_ctrl)
125 
+-		native_wrmsrl(MSR_IA32_SPEC_CTRL, 0);
126 
++	x86_spec_ctrl_restore_host(vmx->spec_ctrl);
127 
+
128 
+ 	/* Eliminate branch target predictions from guest mode */
129 
+ 	vmexit_fill_RSB();
130 
+--
131 
+2.7.4
132 
+
SPECS/linux/speculative-store-bypass/0007-x86-bugs-Expose-sys-.-spec_store_bypass.patch
History View file @ c3d25b5
0 133 
new file mode 100644
... ... 
@@ -0,0 +1,148 @@
0 
+From 0e2bf3faef41f14a643e992c4be77fbab56381c1 Mon Sep 17 00:00:00 2001
1 
+From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
2 
+Date: Wed, 25 Apr 2018 22:04:20 -0400
3 
+Subject: [PATCH 07/54] x86/bugs: Expose /sys/../spec_store_bypass
4 
+
5 
+commit c456442cd3a59eeb1d60293c26cbe2ff2c4e42cf upstream
6 
+
7 
+Add the sysfs file for the new vulerability. It does not do much except
8 
+show the words 'Vulnerable' for recent x86 cores.
9 
+
10 
+Intel cores prior to family 6 are known not to be vulnerable, and so are
11 
+some Atoms and some Xeon Phi.
12 
+
13 
+It assumes that older Cyrix, Centaur, etc. cores are immune.
14 
+
15 
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
16 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
17 
+Reviewed-by: Borislav Petkov <bp@suse.de>
18 
+Reviewed-by: Ingo Molnar <mingo@kernel.org>
19 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
20 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
21 
+---
22 
+ Documentation/ABI/testing/sysfs-devices-system-cpu |  1 +
23 
+ arch/x86/include/asm/cpufeatures.h                 |  1 +
24 
+ arch/x86/kernel/cpu/bugs.c                         |  5 +++++
25 
+ arch/x86/kernel/cpu/common.c                       | 23 ++++++++++++++++++++++
26 
+ drivers/base/cpu.c                                 |  8 ++++++++
27 
+ include/linux/cpu.h                                |  2 ++
28 
+ 6 files changed, 40 insertions(+)
29 
+
30 
+diff --git a/Documentation/ABI/testing/sysfs-devices-system-cpu b/Documentation/ABI/testing/sysfs-devices-system-cpu
31 
+index dfd56ec..6d75a9c 100644
32 
+--- a/Documentation/ABI/testing/sysfs-devices-system-cpu
33 
+@@ -355,6 +355,7 @@ What:		/sys/devices/system/cpu/vulnerabilities
34 
+ 		/sys/devices/system/cpu/vulnerabilities/meltdown
35 
+ 		/sys/devices/system/cpu/vulnerabilities/spectre_v1
36 
+ 		/sys/devices/system/cpu/vulnerabilities/spectre_v2
37 
++		/sys/devices/system/cpu/vulnerabilities/spec_store_bypass
38 
+ Date:		January 2018
39 
+ Contact:	Linux kernel mailing list <linux-kernel@vger.kernel.org>
40 
+ Description:	Information about CPU vulnerabilities
41 
+diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
42 
+index a248531..a688adb 100644
43 
+--- a/arch/x86/include/asm/cpufeatures.h
44 
+@@ -335,5 +335,6 @@
45 
+ #define X86_BUG_CPU_MELTDOWN	X86_BUG(14) /* CPU is affected by meltdown attack and needs kernel page table isolation */
46 
+ #define X86_BUG_SPECTRE_V1	X86_BUG(15) /* CPU is affected by Spectre variant 1 attack with conditional branches */
47 
+ #define X86_BUG_SPECTRE_V2	X86_BUG(16) /* CPU is affected by Spectre variant 2 attack with indirect branches */
48 
++#define X86_BUG_SPEC_STORE_BYPASS X86_BUG(17) /* CPU is affected by speculative store bypass attack */
49 
+
50 
+ #endif /* _ASM_X86_CPUFEATURES_H */
51 
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
52 
+index f5cad2f..64e17a9 100644
53 
+--- a/arch/x86/kernel/cpu/bugs.c
54 
+@@ -403,4 +403,9 @@ ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, c
55 
+ {
56 
+ 	return cpu_show_common(dev, attr, buf, X86_BUG_SPECTRE_V2);
57 
+ }
58 
++
59 
++ssize_t cpu_show_spec_store_bypass(struct device *dev, struct device_attribute *attr, char *buf)
60 
++{
61 
++	return cpu_show_common(dev, attr, buf, X86_BUG_SPEC_STORE_BYPASS);
62 
++}
63 
+ #endif
64 
+diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
65 
+index 357c589..4f1050a 100644
66 
+--- a/arch/x86/kernel/cpu/common.c
67 
+@@ -879,10 +879,33 @@ static const __initconst struct x86_cpu_id cpu_no_meltdown[] = {
68 
+ 	{}
69 
+ };
70 
+
71 
++static const __initconst struct x86_cpu_id cpu_no_spec_store_bypass[] = {
72 
++	{ X86_VENDOR_INTEL,	6,	INTEL_FAM6_ATOM_PINEVIEW	},
73 
++	{ X86_VENDOR_INTEL,	6,	INTEL_FAM6_ATOM_LINCROFT	},
74 
++	{ X86_VENDOR_INTEL,	6,	INTEL_FAM6_ATOM_PENWELL		},
75 
++	{ X86_VENDOR_INTEL,	6,	INTEL_FAM6_ATOM_CLOVERVIEW	},
76 
++	{ X86_VENDOR_INTEL,	6,	INTEL_FAM6_ATOM_CEDARVIEW	},
77 
++	{ X86_VENDOR_INTEL,	6,	INTEL_FAM6_ATOM_SILVERMONT1	},
78 
++	{ X86_VENDOR_INTEL,	6,	INTEL_FAM6_ATOM_AIRMONT		},
79 
++	{ X86_VENDOR_INTEL,	6,	INTEL_FAM6_ATOM_SILVERMONT2	},
80 
++	{ X86_VENDOR_INTEL,	6,	INTEL_FAM6_ATOM_MERRIFIELD	},
81 
++	{ X86_VENDOR_INTEL,	6,	INTEL_FAM6_CORE_YONAH		},
82 
++	{ X86_VENDOR_INTEL,	6,	INTEL_FAM6_XEON_PHI_KNL		},
83 
++	{ X86_VENDOR_INTEL,	6,	INTEL_FAM6_XEON_PHI_KNM		},
84 
++	{ X86_VENDOR_CENTAUR,	5,					},
85 
++	{ X86_VENDOR_INTEL,	5,					},
86 
++	{ X86_VENDOR_NSC,	5,					},
87 
++	{ X86_VENDOR_ANY,	4,					},
88 
++	{}
89 
++};
90 
++
91 
+ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
92 
+ {
93 
+ 	u64 ia32_cap = 0;
94 
+
95 
++	if (!x86_match_cpu(cpu_no_spec_store_bypass))
96 
++		setup_force_cpu_bug(X86_BUG_SPEC_STORE_BYPASS);
97 
++
98 
+ 	if (x86_match_cpu(cpu_no_speculation))
99 
+ 		return;
100 
+
101 
+diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c
102 
+index 56b6c85..cbb1cc6 100644
103 
+--- a/drivers/base/cpu.c
104 
+@@ -519,14 +519,22 @@ ssize_t __weak cpu_show_spectre_v2(struct device *dev,
105 
+ 	return sprintf(buf, "Not affected\n");
106 
+ }
107 
+
108 
++ssize_t __weak cpu_show_spec_store_bypass(struct device *dev,
109 
++					  struct device_attribute *attr, char *buf)
110 
++{
111 
++	return sprintf(buf, "Not affected\n");
112 
++}
113 
++
114 
+ static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL);
115 
+ static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL);
116 
+ static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL);
117 
++static DEVICE_ATTR(spec_store_bypass, 0444, cpu_show_spec_store_bypass, NULL);
118 
+
119 
+ static struct attribute *cpu_root_vulnerabilities_attrs[] = {
120 
+ 	&dev_attr_meltdown.attr,
121 
+ 	&dev_attr_spectre_v1.attr,
122 
+ 	&dev_attr_spectre_v2.attr,
123 
++	&dev_attr_spec_store_bypass.attr,
124 
+ 	NULL
125 
+ };
126 
+
127 
+diff --git a/include/linux/cpu.h b/include/linux/cpu.h
128 
+index 2f475ad..917829b 100644
129 
+--- a/include/linux/cpu.h
130 
+@@ -50,6 +50,8 @@ extern ssize_t cpu_show_spectre_v1(struct device *dev,
131 
+ 				   struct device_attribute *attr, char *buf);
132 
+ extern ssize_t cpu_show_spectre_v2(struct device *dev,
133 
+ 				   struct device_attribute *attr, char *buf);
134 
++extern ssize_t cpu_show_spec_store_bypass(struct device *dev,
135 
++					  struct device_attribute *attr, char *buf);
136 
+
137 
+ extern __printf(4, 5)
138 
+ struct device *cpu_device_create(struct device *parent, void *drvdata,
139 
+--
140 
+2.7.4
141 
+
SPECS/linux/speculative-store-bypass/0008-x86-cpufeatures-Add-X86_FEATURE_RDS.patch
History View file @ c3d25b5
0 142 
new file mode 100644
... ... 
@@ -0,0 +1,36 @@
0 
+From 4cd0acbafcc274cc32fe6aa371e2c444741f66d3 Mon Sep 17 00:00:00 2001
1 
+From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
2 
+Date: Sat, 28 Apr 2018 22:34:17 +0200
3 
+Subject: [PATCH 08/54] x86/cpufeatures: Add X86_FEATURE_RDS
4 
+
5 
+commit 0cc5fa00b0a88dad140b4e5c2cead9951ad36822 upstream
6 
+
7 
+Add the CPU feature bit CPUID.7.0.EDX[31] which indicates whether the CPU
8 
+supports Reduced Data Speculation.
9 
+
10 
+[ tglx: Split it out from a later patch ]
11 
+
12 
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
13 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
14 
+Reviewed-by: Ingo Molnar <mingo@kernel.org>
15 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
16 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
17 
+---
18 
+ arch/x86/include/asm/cpufeatures.h | 1 +
19 
+ 1 file changed, 1 insertion(+)
20 
+
21 
+diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
22 
+index a688adb..0c05c6c 100644
23 
+--- a/arch/x86/include/asm/cpufeatures.h
24 
+@@ -306,6 +306,7 @@
25 
+ #define X86_FEATURE_SPEC_CTRL		(18*32+26) /* "" Speculation Control (IBRS + IBPB) */
26 
+ #define X86_FEATURE_INTEL_STIBP		(18*32+27) /* "" Single Thread Indirect Branch Predictors */
27 
+ #define X86_FEATURE_ARCH_CAPABILITIES	(18*32+29) /* IA32_ARCH_CAPABILITIES MSR (Intel) */
28 
++#define X86_FEATURE_RDS			(18*32+31) /* Reduced Data Speculation */
29 
+
30 
+ /*
31 
+  * BUG word(s)
32 
+--
33 
+2.7.4
34 
+
SPECS/linux/speculative-store-bypass/0009-x86-bugs-Provide-boot-parameters-for-the-spec_store_.patch
History View file @ c3d25b5
0 35 
new file mode 100644
... ... 
@@ -0,0 +1,272 @@
0 
+From e247cb769c45f3b7faa0efa8d854be2d2b6e52bf Mon Sep 17 00:00:00 2001
1 
+From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
2 
+Date: Wed, 25 Apr 2018 22:04:21 -0400
3 
+Subject: [PATCH 09/54] x86/bugs: Provide boot parameters for the
4 
+ spec_store_bypass_disable mitigation
5 
+
6 
+commit 24f7fc83b9204d20f878c57cb77d261ae825e033 upstream
7 
+
8 
+Contemporary high performance processors use a common industry-wide
9 
+optimization known as "Speculative Store Bypass" in which loads from
10 
+addresses to which a recent store has occurred may (speculatively) see an
11 
+older value. Intel refers to this feature as "Memory Disambiguation" which
12 
+is part of their "Smart Memory Access" capability.
13 
+
14 
+Memory Disambiguation can expose a cache side-channel attack against such
15 
+speculatively read values. An attacker can create exploit code that allows
16 
+them to read memory outside of a sandbox environment (for example,
17 
+malicious JavaScript in a web page), or to perform more complex attacks
18 
+against code running within the same privilege level, e.g. via the stack.
19 
+
20 
+As a first step to mitigate against such attacks, provide two boot command
21 
+line control knobs:
22 
+
23 
+ nospec_store_bypass_disable
24 
+ spec_store_bypass_disable=[off,auto,on]
25 
+
26 
+By default affected x86 processors will power on with Speculative
27 
+Store Bypass enabled. Hence the provided kernel parameters are written
28 
+from the point of view of whether to enable a mitigation or not.
29 
+The parameters are as follows:
30 
+
31 
+ - auto - Kernel detects whether your CPU model contains an implementation
32 
+	  of Speculative Store Bypass and picks the most appropriate
33 
+	  mitigation.
34 
+
35 
+ - on   - disable Speculative Store Bypass
36 
+ - off  - enable Speculative Store Bypass
37 
+
38 
+[ tglx: Reordered the checks so that the whole evaluation is not done
39 
+  	when the CPU does not support RDS ]
40 
+
41 
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
42 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
43 
+Reviewed-by: Borislav Petkov <bp@suse.de>
44 
+Reviewed-by: Ingo Molnar <mingo@kernel.org>
45 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
46 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
47 
+---
48 
+ Documentation/kernel-parameters.txt  |  33 +++++++++++
49 
+ arch/x86/include/asm/cpufeatures.h   |   1 +
50 
+ arch/x86/include/asm/nospec-branch.h |   6 ++
51 
+ arch/x86/kernel/cpu/bugs.c           | 103 +++++++++++++++++++++++++++++++++++
52 
+ 4 files changed, 143 insertions(+)
53 
+
54 
+diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
55 
+index 5f9e514..792ac91 100644
56 
+--- a/Documentation/kernel-parameters.txt
57 
+@@ -2699,6 +2699,9 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
58 
+ 			allow data leaks with this option, which is equivalent
59 
+ 			to spectre_v2=off.
60 
+
61 
++	nospec_store_bypass_disable
62 
++			[HW] Disable all mitigations for the Speculative Store Bypass vulnerability
63 
++
64 
+ 	noxsave		[BUGS=X86] Disables x86 extended register state save
65 
+ 			and restore using xsave. The kernel will fallback to
66 
+ 			enabling legacy floating-point and sse state.
67 
+@@ -3973,6 +3976,36 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
68 
+ 			Not specifying this option is equivalent to
69 
+ 			spectre_v2=auto.
70 
+
71 
++	spec_store_bypass_disable=
72 
++			[HW] Control Speculative Store Bypass (SSB) Disable mitigation
73 
++			(Speculative Store Bypass vulnerability)
74 
++
75 
++			Certain CPUs are vulnerable to an exploit against a
76 
++			a common industry wide performance optimization known
77 
++			as "Speculative Store Bypass" in which recent stores
78 
++			to the same memory location may not be observed by
79 
++			later loads during speculative execution. The idea
80 
++			is that such stores are unlikely and that they can
81 
++			be detected prior to instruction retirement at the
82 
++			end of a particular speculation execution window.
83 
++
84 
++			In vulnerable processors, the speculatively forwarded
85 
++			store can be used in a cache side channel attack, for
86 
++			example to read memory to which the attacker does not
87 
++			directly have access (e.g. inside sandboxed code).
88 
++
89 
++			This parameter controls whether the Speculative Store
90 
++			Bypass optimization is used.
91 
++
92 
++			on     - Unconditionally disable Speculative Store Bypass
93 
++			off    - Unconditionally enable Speculative Store Bypass
94 
++			auto   - Kernel detects whether the CPU model contains an
95 
++				 implementation of Speculative Store Bypass and
96 
++				 picks the most appropriate mitigation
97 
++
98 
++			Not specifying this option is equivalent to
99 
++			spec_store_bypass_disable=auto.
100 
++
101 
+ 	spia_io_base=	[HW,MTD]
102 
+ 	spia_fio_base=
103 
+ 	spia_pedr=
104 
+diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
105 
+index 0c05c6c..013f3de 100644
106 
+--- a/arch/x86/include/asm/cpufeatures.h
107 
+@@ -204,6 +204,7 @@
108 
+
109 
+ #define X86_FEATURE_USE_IBPB	( 7*32+21) /* "" Indirect Branch Prediction Barrier enabled */
110 
+ #define X86_FEATURE_USE_IBRS_FW	( 7*32+22) /* "" Use IBRS during runtime firmware calls */
111 
++#define X86_FEATURE_SPEC_STORE_BYPASS_DISABLE ( 7*32+23) /* "" Disable Speculative Store Bypass. */
112 
+
113 
+ /* Virtualization flags: Linux defined, word 8 */
114 
+ #define X86_FEATURE_TPR_SHADOW  ( 8*32+ 0) /* Intel TPR Shadow */
115 
+diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
116 
+index d1c26309..7b9eacf 100644
117 
+--- a/arch/x86/include/asm/nospec-branch.h
118 
+@@ -238,6 +238,12 @@ extern u64 x86_spec_ctrl_get_default(void);
119 
+ extern void x86_spec_ctrl_set_guest(u64);
120 
+ extern void x86_spec_ctrl_restore_host(u64);
121 
+
122 
++/* The Speculative Store Bypass disable variants */
123 
++enum ssb_mitigation {
124 
++	SPEC_STORE_BYPASS_NONE,
125 
++	SPEC_STORE_BYPASS_DISABLE,
126 
++};
127 
++
128 
+ extern char __indirect_thunk_start[];
129 
+ extern char __indirect_thunk_end[];
130 
+
131 
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
132 
+index 64e17a9..75146d9 100644
133 
+--- a/arch/x86/kernel/cpu/bugs.c
134 
+@@ -26,6 +26,7 @@
135 
+ #include <asm/intel-family.h>
136 
+
137 
+ static void __init spectre_v2_select_mitigation(void);
138 
++static void __init ssb_select_mitigation(void);
139 
+
140 
+ /*
141 
+  * Our boot-time value of the SPEC_CTRL MSR. We read it once so that any
142 
+@@ -52,6 +53,12 @@ void __init check_bugs(void)
143 
+ 	/* Select the proper spectre mitigation before patching alternatives */
144 
+ 	spectre_v2_select_mitigation();
145 
+
146 
++	/*
147 
++	 * Select proper mitigation for any exposure to the Speculative Store
148 
++	 * Bypass vulnerability.
149 
++	 */
150 
++	ssb_select_mitigation();
151 
++
152 
+ #ifdef CONFIG_X86_32
153 
+ 	/*
154 
+ 	 * Check whether we are able to run this kernel safely on SMP.
155 
+@@ -357,6 +364,99 @@ static void __init spectre_v2_select_mitigation(void)
156 
+ }
157 
+
158 
+ #undef pr_fmt
159 
++#define pr_fmt(fmt)	"Speculative Store Bypass: " fmt
160 
++
161 
++static enum ssb_mitigation ssb_mode = SPEC_STORE_BYPASS_NONE;
162 
++
163 
++/* The kernel command line selection */
164 
++enum ssb_mitigation_cmd {
165 
++	SPEC_STORE_BYPASS_CMD_NONE,
166 
++	SPEC_STORE_BYPASS_CMD_AUTO,
167 
++	SPEC_STORE_BYPASS_CMD_ON,
168 
++};
169 
++
170 
++static const char *ssb_strings[] = {
171 
++	[SPEC_STORE_BYPASS_NONE]	= "Vulnerable",
172 
++	[SPEC_STORE_BYPASS_DISABLE]	= "Mitigation: Speculative Store Bypass disabled"
173 
++};
174 
++
175 
++static const struct {
176 
++	const char *option;
177 
++	enum ssb_mitigation_cmd cmd;
178 
++} ssb_mitigation_options[] = {
179 
++	{ "auto",	SPEC_STORE_BYPASS_CMD_AUTO }, /* Platform decides */
180 
++	{ "on",		SPEC_STORE_BYPASS_CMD_ON },   /* Disable Speculative Store Bypass */
181 
++	{ "off",	SPEC_STORE_BYPASS_CMD_NONE }, /* Don't touch Speculative Store Bypass */
182 
++};
183 
++
184 
++static enum ssb_mitigation_cmd __init ssb_parse_cmdline(void)
185 
++{
186 
++	enum ssb_mitigation_cmd cmd = SPEC_STORE_BYPASS_CMD_AUTO;
187 
++	char arg[20];
188 
++	int ret, i;
189 
++
190 
++	if (cmdline_find_option_bool(boot_command_line, "nospec_store_bypass_disable")) {
191 
++		return SPEC_STORE_BYPASS_CMD_NONE;
192 
++	} else {
193 
++		ret = cmdline_find_option(boot_command_line, "spec_store_bypass_disable",
194 
++					  arg, sizeof(arg));
195 
++		if (ret < 0)
196 
++			return SPEC_STORE_BYPASS_CMD_AUTO;
197 
++
198 
++		for (i = 0; i < ARRAY_SIZE(ssb_mitigation_options); i++) {
199 
++			if (!match_option(arg, ret, ssb_mitigation_options[i].option))
200 
++				continue;
201 
++
202 
++			cmd = ssb_mitigation_options[i].cmd;
203 
++			break;
204 
++		}
205 
++
206 
++		if (i >= ARRAY_SIZE(ssb_mitigation_options)) {
207 
++			pr_err("unknown option (%s). Switching to AUTO select\n", arg);
208 
++			return SPEC_STORE_BYPASS_CMD_AUTO;
209 
++		}
210 
++	}
211 
++
212 
++	return cmd;
213 
++}
214 
++
215 
++static enum ssb_mitigation_cmd __init __ssb_select_mitigation(void)
216 
++{
217 
++	enum ssb_mitigation mode = SPEC_STORE_BYPASS_NONE;
218 
++	enum ssb_mitigation_cmd cmd;
219 
++
220 
++	if (!boot_cpu_has(X86_FEATURE_RDS))
221 
++		return mode;
222 
++
223 
++	cmd = ssb_parse_cmdline();
224 
++	if (!boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS) &&
225 
++	    (cmd == SPEC_STORE_BYPASS_CMD_NONE ||
226 
++	     cmd == SPEC_STORE_BYPASS_CMD_AUTO))
227 
++		return mode;
228 
++
229 
++	switch (cmd) {
230 
++	case SPEC_STORE_BYPASS_CMD_AUTO:
231 
++	case SPEC_STORE_BYPASS_CMD_ON:
232 
++		mode = SPEC_STORE_BYPASS_DISABLE;
233 
++		break;
234 
++	case SPEC_STORE_BYPASS_CMD_NONE:
235 
++		break;
236 
++	}
237 
++
238 
++	if (mode != SPEC_STORE_BYPASS_NONE)
239 
++		setup_force_cpu_cap(X86_FEATURE_SPEC_STORE_BYPASS_DISABLE);
240 
++	return mode;
241 
++}
242 
++
243 
++static void ssb_select_mitigation()
244 
++{
245 
++	ssb_mode = __ssb_select_mitigation();
246 
++
247 
++	if (boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS))
248 
++		pr_info("%s\n", ssb_strings[ssb_mode]);
249 
++}
250 
++
251 
++#undef pr_fmt
252 
+
253 
+ #ifdef CONFIG_SYSFS
254 
+
255 
+@@ -382,6 +482,9 @@ ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr,
256 
+ 			       boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "",
257 
+ 			       spectre_v2_module_string());
258 
+
259 
++	case X86_BUG_SPEC_STORE_BYPASS:
260 
++		return sprintf(buf, "%s\n", ssb_strings[ssb_mode]);
261 
++
262 
+ 	default:
263 
+ 		break;
264 
+ 	}
265 
+--
266 
+2.7.4
267 
+
SPECS/linux/speculative-store-bypass/0010-x86-bugs-intel-Set-proper-CPU-features-and-setup-RDS.patch
History View file @ c3d25b5
0 268 
new file mode 100644
... ... 
@@ -0,0 +1,183 @@
0 
+From 7b6ef10e387fe35068656595506ff0e80e5dc8cf Mon Sep 17 00:00:00 2001
1 
+From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
2 
+Date: Wed, 25 Apr 2018 22:04:22 -0400
3 
+Subject: [PATCH 10/54] x86/bugs/intel: Set proper CPU features and setup RDS
4 
+
5 
+commit 772439717dbf703b39990be58d8d4e3e4ad0598a upstream
6 
+
7 
+Intel CPUs expose methods to:
8 
+
9 
+ - Detect whether RDS capability is available via CPUID.7.0.EDX[31],
10 
+
11 
+ - The SPEC_CTRL MSR(0x48), bit 2 set to enable RDS.
12 
+
13 
+ - MSR_IA32_ARCH_CAPABILITIES, Bit(4) no need to enable RRS.
14 
+
15 
+With that in mind if spec_store_bypass_disable=[auto,on] is selected set at
16 
+boot-time the SPEC_CTRL MSR to enable RDS if the platform requires it.
17 
+
18 
+Note that this does not fix the KVM case where the SPEC_CTRL is exposed to
19 
+guests which can muck with it, see patch titled :
20 
+ KVM/SVM/VMX/x86/spectre_v2: Support the combination of guest and host IBRS.
21 
+
22 
+And for the firmware (IBRS to be set), see patch titled:
23 
+ x86/spectre_v2: Read SPEC_CTRL MSR during boot and re-use reserved bits
24 
+
25 
+[ tglx: Distangled it from the intel implementation and kept the call order ]
26 
+
27 
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
28 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
29 
+Reviewed-by: Borislav Petkov <bp@suse.de>
30 
+Reviewed-by: Ingo Molnar <mingo@kernel.org>
31 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
32 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
33 
+---
34 
+ arch/x86/include/asm/msr-index.h |  6 ++++++
35 
+ arch/x86/kernel/cpu/bugs.c       | 30 ++++++++++++++++++++++++++++--
36 
+ arch/x86/kernel/cpu/common.c     | 10 ++++++----
37 
+ arch/x86/kernel/cpu/cpu.h        |  3 +++
38 
+ arch/x86/kernel/cpu/intel.c      |  1 +
39 
+ 5 files changed, 44 insertions(+), 6 deletions(-)
40 
+
41 
+diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
42 
+index c768bc1..87103e8 100644
43 
+--- a/arch/x86/include/asm/msr-index.h
44 
+@@ -40,6 +40,7 @@
45 
+ #define MSR_IA32_SPEC_CTRL		0x00000048 /* Speculation Control */
46 
+ #define SPEC_CTRL_IBRS			(1 << 0)   /* Indirect Branch Restricted Speculation */
47 
+ #define SPEC_CTRL_STIBP			(1 << 1)   /* Single Thread Indirect Branch Predictors */
48 
++#define SPEC_CTRL_RDS			(1 << 2)   /* Reduced Data Speculation */
49 
+
50 
+ #define MSR_IA32_PRED_CMD		0x00000049 /* Prediction Command */
51 
+ #define PRED_CMD_IBPB			(1 << 0)   /* Indirect Branch Prediction Barrier */
52 
+@@ -61,6 +62,11 @@
53 
+ #define MSR_IA32_ARCH_CAPABILITIES	0x0000010a
54 
+ #define ARCH_CAP_RDCL_NO		(1 << 0)   /* Not susceptible to Meltdown */
55 
+ #define ARCH_CAP_IBRS_ALL		(1 << 1)   /* Enhanced IBRS support */
56 
++#define ARCH_CAP_RDS_NO			(1 << 4)   /*
57 
++						    * Not susceptible to Speculative Store Bypass
58 
++						    * attack, so no Reduced Data Speculation control
59 
++						    * required.
60 
++						    */
61 
+
62 
+ #define MSR_IA32_BBL_CR_CTL		0x00000119
63 
+ #define MSR_IA32_BBL_CR_CTL3		0x0000011e
64 
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
65 
+index 75146d9..7dd16f4 100644
66 
+--- a/arch/x86/kernel/cpu/bugs.c
67 
+@@ -116,7 +116,7 @@ static enum spectre_v2_mitigation spectre_v2_enabled = SPECTRE_V2_NONE;
68 
+
69 
+ void x86_spec_ctrl_set(u64 val)
70 
+ {
71 
+-	if (val & ~SPEC_CTRL_IBRS)
72 
++	if (val & ~(SPEC_CTRL_IBRS | SPEC_CTRL_RDS))
73 
+ 		WARN_ONCE(1, "SPEC_CTRL MSR value 0x%16llx is unknown.\n", val);
74 
+ 	else
75 
+ 		wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base | val);
76 
+@@ -443,8 +443,28 @@ static enum ssb_mitigation_cmd __init __ssb_select_mitigation(void)
77 
+ 		break;
78 
+ 	}
79 
+
80 
+-	if (mode != SPEC_STORE_BYPASS_NONE)
81 
++	/*
82 
++	 * We have three CPU feature flags that are in play here:
83 
++	 *  - X86_BUG_SPEC_STORE_BYPASS - CPU is susceptible.
84 
++	 *  - X86_FEATURE_RDS - CPU is able to turn off speculative store bypass
85 
++	 *  - X86_FEATURE_SPEC_STORE_BYPASS_DISABLE - engage the mitigation
86 
++	 */
87 
++	if (mode != SPEC_STORE_BYPASS_NONE) {
88 
+ 		setup_force_cpu_cap(X86_FEATURE_SPEC_STORE_BYPASS_DISABLE);
89 
++		/*
90 
++		 * Intel uses the SPEC CTRL MSR Bit(2) for this, while AMD uses
91 
++		 * a completely different MSR and bit dependent on family.
92 
++		 */
93 
++		switch (boot_cpu_data.x86_vendor) {
94 
++		case X86_VENDOR_INTEL:
95 
++			x86_spec_ctrl_base |= SPEC_CTRL_RDS;
96 
++			x86_spec_ctrl_set(SPEC_CTRL_RDS);
97 
++			break;
98 
++		case X86_VENDOR_AMD:
99 
++			break;
100 
++		}
101 
++	}
102 
++
103 
+ 	return mode;
104 
+ }
105 
+
106 
+@@ -458,6 +478,12 @@ static void ssb_select_mitigation()
107 
+
108 
+ #undef pr_fmt
109 
+
110 
++void x86_spec_ctrl_setup_ap(void)
111 
++{
112 
++	if (boot_cpu_has(X86_FEATURE_IBRS))
113 
++		x86_spec_ctrl_set(x86_spec_ctrl_base & (SPEC_CTRL_IBRS | SPEC_CTRL_RDS));
114 
++}
115 
++
116 
+ #ifdef CONFIG_SYSFS
117 
+
118 
+ ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr,
119 
+diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
120 
+index 4f1050a..ab6b3ad 100644
121 
+--- a/arch/x86/kernel/cpu/common.c
122 
+@@ -903,7 +903,11 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
123 
+ {
124 
+ 	u64 ia32_cap = 0;
125 
+
126 
+-	if (!x86_match_cpu(cpu_no_spec_store_bypass))
127 
++	if (cpu_has(c, X86_FEATURE_ARCH_CAPABILITIES))
128 
++		rdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap);
129 
++
130 
++	if (!x86_match_cpu(cpu_no_spec_store_bypass) &&
131 
++	   !(ia32_cap & ARCH_CAP_RDS_NO))
132 
+ 		setup_force_cpu_bug(X86_BUG_SPEC_STORE_BYPASS);
133 
+
134 
+ 	if (x86_match_cpu(cpu_no_speculation))
135 
+@@ -915,9 +919,6 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
136 
+ 	if (x86_match_cpu(cpu_no_meltdown))
137 
+ 		return;
138 
+
139 
+-	if (cpu_has(c, X86_FEATURE_ARCH_CAPABILITIES))
140 
+-		rdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap);
141 
+-
142 
+ 	/* Rogue Data Cache Load? No! */
143 
+ 	if (ia32_cap & ARCH_CAP_RDCL_NO)
144 
+ 		return;
145 
+@@ -1339,6 +1340,7 @@ void identify_secondary_cpu(struct cpuinfo_x86 *c)
146 
+ #endif
147 
+ 	mtrr_ap_init();
148 
+ 	validate_apic_and_package_id(c);
149 
++	x86_spec_ctrl_setup_ap();
150 
+ }
151 
+
152 
+ struct msr_range {
153 
+diff --git a/arch/x86/kernel/cpu/cpu.h b/arch/x86/kernel/cpu/cpu.h
154 
+index 2584265..3b19d82 100644
155 
+--- a/arch/x86/kernel/cpu/cpu.h
156 
+@@ -46,4 +46,7 @@ extern const struct cpu_dev *const __x86_cpu_dev_start[],
157 
+
158 
+ extern void get_cpu_cap(struct cpuinfo_x86 *c);
159 
+ extern void cpu_detect_cache_sizes(struct cpuinfo_x86 *c);
160 
++
161 
++extern void x86_spec_ctrl_setup_ap(void);
162 
++
163 
+ #endif /* ARCH_X86_CPU_H */
164 
+diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
165 
+index 8fb1d65..f15aea6 100644
166 
+--- a/arch/x86/kernel/cpu/intel.c
167 
+@@ -154,6 +154,7 @@ static void early_init_intel(struct cpuinfo_x86 *c)
168 
+ 		setup_clear_cpu_cap(X86_FEATURE_STIBP);
169 
+ 		setup_clear_cpu_cap(X86_FEATURE_SPEC_CTRL);
170 
+ 		setup_clear_cpu_cap(X86_FEATURE_INTEL_STIBP);
171 
++		setup_clear_cpu_cap(X86_FEATURE_RDS);
172 
+ 	}
173 
+
174 
+ 	/*
175 
+--
176 
+2.7.4
177 
+
SPECS/linux/speculative-store-bypass/0011-x86-bugs-Whitelist-allowed-SPEC_CTRL-MSR-values.patch
History View file @ c3d25b5
0 178 
new file mode 100644
... ... 
@@ -0,0 +1,70 @@
0 
+From 3cf8074c8d4211e42bb7a57bfbf97bb39160a1d2 Mon Sep 17 00:00:00 2001
1 
+From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
2 
+Date: Wed, 25 Apr 2018 22:04:23 -0400
3 
+Subject: [PATCH 11/54] x86/bugs: Whitelist allowed SPEC_CTRL MSR values
4 
+
5 
+commit 1115a859f33276fe8afb31c60cf9d8e657872558 upstream
6 
+
7 
+Intel and AMD SPEC_CTRL (0x48) MSR semantics may differ in the
8 
+future (or in fact use different MSRs for the same functionality).
9 
+
10 
+As such a run-time mechanism is required to whitelist the appropriate MSR
11 
+values.
12 
+
13 
+[ tglx: Made the variable __ro_after_init ]
14 
+
15 
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
16 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
17 
+Reviewed-by: Ingo Molnar <mingo@kernel.org>
18 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
19 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
20 
+---
21 
+ arch/x86/kernel/cpu/bugs.c | 11 +++++++++--
22 
+ 1 file changed, 9 insertions(+), 2 deletions(-)
23 
+
24 
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
25 
+index 7dd16f4..b92c469 100644
26 
+--- a/arch/x86/kernel/cpu/bugs.c
27 
+@@ -34,6 +34,12 @@ static void __init ssb_select_mitigation(void);
28 
+  */
29 
+ static u64 __ro_after_init x86_spec_ctrl_base;
30 
+
31 
++/*
32 
++ * The vendor and possibly platform specific bits which can be modified in
33 
++ * x86_spec_ctrl_base.
34 
++ */
35 
++static u64 __ro_after_init x86_spec_ctrl_mask = ~SPEC_CTRL_IBRS;
36 
++
37 
+ void __init check_bugs(void)
38 
+ {
39 
+ 	identify_boot_cpu();
40 
+@@ -116,7 +122,7 @@ static enum spectre_v2_mitigation spectre_v2_enabled = SPECTRE_V2_NONE;
41 
+
42 
+ void x86_spec_ctrl_set(u64 val)
43 
+ {
44 
+-	if (val & ~(SPEC_CTRL_IBRS | SPEC_CTRL_RDS))
45 
++	if (val & x86_spec_ctrl_mask)
46 
+ 		WARN_ONCE(1, "SPEC_CTRL MSR value 0x%16llx is unknown.\n", val);
47 
+ 	else
48 
+ 		wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base | val);
49 
+@@ -458,6 +464,7 @@ static enum ssb_mitigation_cmd __init __ssb_select_mitigation(void)
50 
+ 		switch (boot_cpu_data.x86_vendor) {
51 
+ 		case X86_VENDOR_INTEL:
52 
+ 			x86_spec_ctrl_base |= SPEC_CTRL_RDS;
53 
++			x86_spec_ctrl_mask &= ~SPEC_CTRL_RDS;
54 
+ 			x86_spec_ctrl_set(SPEC_CTRL_RDS);
55 
+ 			break;
56 
+ 		case X86_VENDOR_AMD:
57 
+@@ -481,7 +488,7 @@ static void ssb_select_mitigation()
58 
+ void x86_spec_ctrl_setup_ap(void)
59 
+ {
60 
+ 	if (boot_cpu_has(X86_FEATURE_IBRS))
61 
+-		x86_spec_ctrl_set(x86_spec_ctrl_base & (SPEC_CTRL_IBRS | SPEC_CTRL_RDS));
62 
++		x86_spec_ctrl_set(x86_spec_ctrl_base & ~x86_spec_ctrl_mask);
63 
+ }
64 
+
65 
+ #ifdef CONFIG_SYSFS
66 
+--
67 
+2.7.4
68 
+
SPECS/linux/speculative-store-bypass/0012-x86-bugs-AMD-Add-support-to-disable-RDS-on-Fam-15-16.patch
History View file @ c3d25b5
0 69 
new file mode 100644
... ... 
@@ -0,0 +1,200 @@
0 
+From 0c6f26d225be4797e07f72a7d05437d0f750b758 Mon Sep 17 00:00:00 2001
1 
+From: David Woodhouse <dwmw@amazon.co.uk>
2 
+Date: Sun, 20 May 2018 20:52:05 +0100
3 
+Subject: [PATCH 12/54] x86/bugs/AMD: Add support to disable RDS on
4 
+ Fam[15,16,17]h if requested
5 
+
6 
+commit 764f3c21588a059cd783c6ba0734d4db2d72822d upstream
7 
+
8 
+AMD does not need the Speculative Store Bypass mitigation to be enabled.
9 
+
10 
+The parameters for this are already available and can be done via MSR
11 
+C001_1020. Each family uses a different bit in that MSR for this.
12 
+
13 
+[ tglx: Expose the bit mask via a variable and move the actual MSR fiddling
14 
+  	into the bugs code as that's the right thing to do and also required
15 
+	to prepare for dynamic enable/disable ]
16 
+
17 
+Suggested-by: Borislav Petkov <bp@suse.de>
18 
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
19 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
20 
+Reviewed-by: Ingo Molnar <mingo@kernel.org>
21 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
22 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
23 
+---
24 
+ arch/x86/include/asm/cpufeatures.h   |  1 +
25 
+ arch/x86/include/asm/nospec-branch.h |  4 ++++
26 
+ arch/x86/kernel/cpu/amd.c            | 26 ++++++++++++++++++++++++++
27 
+ arch/x86/kernel/cpu/bugs.c           | 27 ++++++++++++++++++++++++++-
28 
+ arch/x86/kernel/cpu/common.c         |  4 ++++
29 
+ 5 files changed, 61 insertions(+), 1 deletion(-)
30 
+
31 
+diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
32 
+index 013f3de..8797069 100644
33 
+--- a/arch/x86/include/asm/cpufeatures.h
34 
+@@ -205,6 +205,7 @@
35 
+ #define X86_FEATURE_USE_IBPB	( 7*32+21) /* "" Indirect Branch Prediction Barrier enabled */
36 
+ #define X86_FEATURE_USE_IBRS_FW	( 7*32+22) /* "" Use IBRS during runtime firmware calls */
37 
+ #define X86_FEATURE_SPEC_STORE_BYPASS_DISABLE ( 7*32+23) /* "" Disable Speculative Store Bypass. */
38 
++#define X86_FEATURE_AMD_RDS	(7*32+24)  /* "" AMD RDS implementation */
39 
+
40 
+ /* Virtualization flags: Linux defined, word 8 */
41 
+ #define X86_FEATURE_TPR_SHADOW  ( 8*32+ 0) /* Intel TPR Shadow */
42 
+diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
43 
+index 7b9eacf..3a1541c 100644
44 
+--- a/arch/x86/include/asm/nospec-branch.h
45 
+@@ -244,6 +244,10 @@ enum ssb_mitigation {
46 
+ 	SPEC_STORE_BYPASS_DISABLE,
47 
+ };
48 
+
49 
++/* AMD specific Speculative Store Bypass MSR data */
50 
++extern u64 x86_amd_ls_cfg_base;
51 
++extern u64 x86_amd_ls_cfg_rds_mask;
52 
++
53 
+ extern char __indirect_thunk_start[];
54 
+ extern char __indirect_thunk_end[];
55 
+
56 
+diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
57 
+index 747f8a2..7551d9ad 100644
58 
+--- a/arch/x86/kernel/cpu/amd.c
59 
+@@ -9,6 +9,7 @@
60 
+ #include <asm/processor.h>
61 
+ #include <asm/apic.h>
62 
+ #include <asm/cpu.h>
63 
++#include <asm/nospec-branch.h>
64 
+ #include <asm/smp.h>
65 
+ #include <asm/pci-direct.h>
66 
+ #include <asm/delay.h>
67 
+@@ -542,6 +543,26 @@ static void bsp_init_amd(struct cpuinfo_x86 *c)
68 
+ 		rdmsrl(MSR_FAM10H_NODE_ID, value);
69 
+ 		nodes_per_socket = ((value >> 3) & 7) + 1;
70 
+ 	}
71 
++
72 
++	if (c->x86 >= 0x15 && c->x86 <= 0x17) {
73 
++		unsigned int bit;
74 
++
75 
++		switch (c->x86) {
76 
++		case 0x15: bit = 54; break;
77 
++		case 0x16: bit = 33; break;
78 
++		case 0x17: bit = 10; break;
79 
++		default: return;
80 
++		}
81 
++		/*
82 
++		 * Try to cache the base value so further operations can
83 
++		 * avoid RMW. If that faults, do not enable RDS.
84 
++		 */
85 
++		if (!rdmsrl_safe(MSR_AMD64_LS_CFG, &x86_amd_ls_cfg_base)) {
86 
++			setup_force_cpu_cap(X86_FEATURE_RDS);
87 
++			setup_force_cpu_cap(X86_FEATURE_AMD_RDS);
88 
++			x86_amd_ls_cfg_rds_mask = 1ULL << bit;
89 
++		}
90 
++	}
91 
+ }
92 
+
93 
+ static void early_init_amd(struct cpuinfo_x86 *c)
94 
+@@ -827,6 +848,11 @@ static void init_amd(struct cpuinfo_x86 *c)
95 
+ 	/* AMD CPUs don't reset SS attributes on SYSRET, Xen does. */
96 
+ 	if (!cpu_has(c, X86_FEATURE_XENPV))
97 
+ 		set_cpu_bug(c, X86_BUG_SYSRET_SS_ATTRS);
98 
++
99 
++	if (boot_cpu_has(X86_FEATURE_AMD_RDS)) {
100 
++		set_cpu_cap(c, X86_FEATURE_RDS);
101 
++		set_cpu_cap(c, X86_FEATURE_AMD_RDS);
102 
++	}
103 
+ }
104 
+
105 
+ #ifdef CONFIG_X86_32
106 
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
107 
+index b92c469..b3696cc 100644
108 
+--- a/arch/x86/kernel/cpu/bugs.c
109 
+@@ -40,6 +40,13 @@ static u64 __ro_after_init x86_spec_ctrl_base;
110 
+  */
111 
+ static u64 __ro_after_init x86_spec_ctrl_mask = ~SPEC_CTRL_IBRS;
112 
+
113 
++/*
114 
++ * AMD specific MSR info for Speculative Store Bypass control.
115 
++ * x86_amd_ls_cfg_rds_mask is initialized in identify_boot_cpu().
116 
++ */
117 
++u64 __ro_after_init x86_amd_ls_cfg_base;
118 
++u64 __ro_after_init x86_amd_ls_cfg_rds_mask;
119 
++
120 
+ void __init check_bugs(void)
121 
+ {
122 
+ 	identify_boot_cpu();
123 
+@@ -51,7 +58,8 @@ void __init check_bugs(void)
124 
+
125 
+ 	/*
126 
+ 	 * Read the SPEC_CTRL MSR to account for reserved bits which may
127 
+-	 * have unknown values.
128 
++	 * have unknown values. AMD64_LS_CFG MSR is cached in the early AMD
129 
++	 * init code as it is not enumerated and depends on the family.
130 
+ 	 */
131 
+ 	if (boot_cpu_has(X86_FEATURE_IBRS))
132 
+ 		rdmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
133 
+@@ -153,6 +161,14 @@ void x86_spec_ctrl_restore_host(u64 guest_spec_ctrl)
134 
+ }
135 
+ EXPORT_SYMBOL_GPL(x86_spec_ctrl_restore_host);
136 
+
137 
++static void x86_amd_rds_enable(void)
138 
++{
139 
++	u64 msrval = x86_amd_ls_cfg_base | x86_amd_ls_cfg_rds_mask;
140 
++
141 
++	if (boot_cpu_has(X86_FEATURE_AMD_RDS))
142 
++		wrmsrl(MSR_AMD64_LS_CFG, msrval);
143 
++}
144 
++
145 
+ #ifdef RETPOLINE
146 
+ static bool spectre_v2_bad_module;
147 
+
148 
+@@ -442,6 +458,11 @@ static enum ssb_mitigation_cmd __init __ssb_select_mitigation(void)
149 
+
150 
+ 	switch (cmd) {
151 
+ 	case SPEC_STORE_BYPASS_CMD_AUTO:
152 
++		/*
153 
++		 * AMD platforms by default don't need SSB mitigation.
154 
++		 */
155 
++		if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD)
156 
++			break;
157 
+ 	case SPEC_STORE_BYPASS_CMD_ON:
158 
+ 		mode = SPEC_STORE_BYPASS_DISABLE;
159 
+ 		break;
160 
+@@ -468,6 +489,7 @@ static enum ssb_mitigation_cmd __init __ssb_select_mitigation(void)
161 
+ 			x86_spec_ctrl_set(SPEC_CTRL_RDS);
162 
+ 			break;
163 
+ 		case X86_VENDOR_AMD:
164 
++			x86_amd_rds_enable();
165 
+ 			break;
166 
+ 		}
167 
+ 	}
168 
+@@ -489,6 +511,9 @@ void x86_spec_ctrl_setup_ap(void)
169 
+ {
170 
+ 	if (boot_cpu_has(X86_FEATURE_IBRS))
171 
+ 		x86_spec_ctrl_set(x86_spec_ctrl_base & ~x86_spec_ctrl_mask);
172 
++
173 
++	if (ssb_mode == SPEC_STORE_BYPASS_DISABLE)
174 
++		x86_amd_rds_enable();
175 
+ }
176 
+
177 
+ #ifdef CONFIG_SYSFS
178 
+diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
179 
+index ab6b3ad..beb1da8 100644
180 
+--- a/arch/x86/kernel/cpu/common.c
181 
+@@ -895,6 +895,10 @@ static const __initconst struct x86_cpu_id cpu_no_spec_store_bypass[] = {
182 
+ 	{ X86_VENDOR_CENTAUR,	5,					},
183 
+ 	{ X86_VENDOR_INTEL,	5,					},
184 
+ 	{ X86_VENDOR_NSC,	5,					},
185 
++	{ X86_VENDOR_AMD,	0x12,					},
186 
++	{ X86_VENDOR_AMD,	0x11,					},
187 
++	{ X86_VENDOR_AMD,	0x10,					},
188 
++	{ X86_VENDOR_AMD,	0xf,					},
189 
+ 	{ X86_VENDOR_ANY,	4,					},
190 
+ 	{}
191 
+ };
192 
+--
193 
+2.7.4
194 
+
SPECS/linux/speculative-store-bypass/0013-x86-KVM-VMX-Expose-SPEC_CTRL-Bit-2-to-the-guest.patch
History View file @ c3d25b5
0 195 
new file mode 100644
... ... 
@@ -0,0 +1,120 @@
0 
+From d9234d3b1e19782a47e762987b7bda684c8d6b22 Mon Sep 17 00:00:00 2001
1 
+From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
2 
+Date: Wed, 25 Apr 2018 22:04:25 -0400
3 
+Subject: [PATCH 13/54] x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
4 
+MIME-Version: 1.0
5 
+Content-Type: text/plain; charset=UTF-8
6 
+Content-Transfer-Encoding: 8bit
7 
+
8 
+commit da39556f66f5cfe8f9c989206974f1cb16ca5d7c upstream
9 
+
10 
+Expose the CPUID.7.EDX[31] bit to the guest, and also guard against various
11 
+combinations of SPEC_CTRL MSR values.
12 
+
13 
+The handling of the MSR (to take into account the host value of SPEC_CTRL
14 
+Bit(2)) is taken care of in patch:
15 
+
16 
+  KVM/SVM/VMX/x86/spectre_v2: Support the combination of guest and host IBRS
17 
+
18 
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
19 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
20 
+Reviewed-by: Ingo Molnar <mingo@kernel.org>
21 
+
22 
+[dwmw2: Handle 4.9 guest CPUID differences, rename
23 
+        guest_cpu_has_ibrs() → guest_cpu_has_spec_ctrl()]
24 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
25 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
26 
+---
27 
+ arch/x86/kvm/cpuid.c | 2 +-
28 
+ arch/x86/kvm/cpuid.h | 4 ++--
29 
+ arch/x86/kvm/svm.c   | 4 ++--
30 
+ arch/x86/kvm/vmx.c   | 6 +++---
31 
+ 4 files changed, 8 insertions(+), 8 deletions(-)
32 
+
33 
+diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
34 
+index 93f924d..a9409f0 100644
35 
+--- a/arch/x86/kvm/cpuid.c
36 
+@@ -382,7 +382,7 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
37 
+
38 
+ 	/* cpuid 7.0.edx*/
39 
+ 	const u32 kvm_cpuid_7_0_edx_x86_features =
40 
+-		F(SPEC_CTRL) | F(ARCH_CAPABILITIES);
41 
++		F(SPEC_CTRL) | F(RDS) | F(ARCH_CAPABILITIES);
42 
+
43 
+ 	/* all calls to cpuid_count() should be made on the same cpu */
44 
+ 	get_cpu();
45 
+diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h
46 
+index d1beb71..24187d0 100644
47 
+--- a/arch/x86/kvm/cpuid.h
48 
+@@ -171,7 +171,7 @@ static inline bool guest_cpuid_has_ibpb(struct kvm_vcpu *vcpu)
49 
+ 	return best && (best->edx & bit(X86_FEATURE_SPEC_CTRL));
50 
+ }
51 
+
52 
+-static inline bool guest_cpuid_has_ibrs(struct kvm_vcpu *vcpu)
53 
++static inline bool guest_cpuid_has_spec_ctrl(struct kvm_vcpu *vcpu)
54 
+ {
55 
+ 	struct kvm_cpuid_entry2 *best;
56 
+
57 
+@@ -179,7 +179,7 @@ static inline bool guest_cpuid_has_ibrs(struct kvm_vcpu *vcpu)
58 
+ 	if (best && (best->ebx & bit(X86_FEATURE_IBRS)))
59 
+ 		return true;
60 
+ 	best = kvm_find_cpuid_entry(vcpu, 7, 0);
61 
+-	return best && (best->edx & bit(X86_FEATURE_SPEC_CTRL));
62 
++	return best && (best->edx & (bit(X86_FEATURE_SPEC_CTRL) | bit(X86_FEATURE_RDS)));
63 
+ }
64 
+
65 
+ static inline bool guest_cpuid_has_arch_capabilities(struct kvm_vcpu *vcpu)
66 
+diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
67 
+index eeb8cd3..57b886b 100644
68 
+--- a/arch/x86/kvm/svm.c
69 
+@@ -3545,7 +3545,7 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
70 
+ 		break;
71 
+ 	case MSR_IA32_SPEC_CTRL:
72 
+ 		if (!msr_info->host_initiated &&
73 
+-		    !guest_cpuid_has_ibrs(vcpu))
74 
++		    !guest_cpuid_has_spec_ctrl(vcpu))
75 
+ 			return 1;
76 
+
77 
+ 		msr_info->data = svm->spec_ctrl;
78 
+@@ -3643,7 +3643,7 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
79 
+ 		break;
80 
+ 	case MSR_IA32_SPEC_CTRL:
81 
+ 		if (!msr->host_initiated &&
82 
+-		    !guest_cpuid_has_ibrs(vcpu))
83 
++		    !guest_cpuid_has_spec_ctrl(vcpu))
84 
+ 			return 1;
85 
+
86 
+ 		/* The STIBP bit doesn't fault even if it's not advertised */
87 
+diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
88 
+index 266db0b..67ed4e9 100644
89 
+--- a/arch/x86/kvm/vmx.c
90 
+@@ -3020,7 +3020,7 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
91 
+ 		break;
92 
+ 	case MSR_IA32_SPEC_CTRL:
93 
+ 		if (!msr_info->host_initiated &&
94 
+-		    !guest_cpuid_has_ibrs(vcpu))
95 
++		    !guest_cpuid_has_spec_ctrl(vcpu))
96 
+ 			return 1;
97 
+
98 
+ 		msr_info->data = to_vmx(vcpu)->spec_ctrl;
99 
+@@ -3137,11 +3137,11 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
100 
+ 		break;
101 
+ 	case MSR_IA32_SPEC_CTRL:
102 
+ 		if (!msr_info->host_initiated &&
103 
+-		    !guest_cpuid_has_ibrs(vcpu))
104 
++		    !guest_cpuid_has_spec_ctrl(vcpu))
105 
+ 			return 1;
106 
+
107 
+ 		/* The STIBP bit doesn't fault even if it's not advertised */
108 
+-		if (data & ~(SPEC_CTRL_IBRS | SPEC_CTRL_STIBP))
109 
++		if (data & ~(SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | SPEC_CTRL_RDS))
110 
+ 			return 1;
111 
+
112 
+ 		vmx->spec_ctrl = data;
113 
+--
114 
+2.7.4
115 
+
SPECS/linux/speculative-store-bypass/0014-x86-speculation-Create-spec-ctrl.h-to-avoid-include-.patch
History View file @ c3d25b5
0 116 
new file mode 100644
... ... 
@@ -0,0 +1,141 @@
0 
+From 5e82739dc5290969a34d90066c15241425c4a748 Mon Sep 17 00:00:00 2001
1 
+From: Thomas Gleixner <tglx@linutronix.de>
2 
+Date: Sun, 29 Apr 2018 15:01:37 +0200
3 
+Subject: [PATCH 14/54] x86/speculation: Create spec-ctrl.h to avoid include
4 
+ hell
5 
+
6 
+commit 28a2775217b17208811fa43a9e96bd1fdf417b86 upstream
7 
+
8 
+Having everything in nospec-branch.h creates a hell of dependencies when
9 
+adding the prctl based switching mechanism. Move everything which is not
10 
+required in nospec-branch.h to spec-ctrl.h and fix up the includes in the
11 
+relevant files.
12 
+
13 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
14 
+Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
15 
+Reviewed-by: Ingo Molnar <mingo@kernel.org>
16 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
17 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
18 
+---
19 
+ arch/x86/include/asm/nospec-branch.h | 14 --------------
20 
+ arch/x86/include/asm/spec-ctrl.h     | 21 +++++++++++++++++++++
21 
+ arch/x86/kernel/cpu/amd.c            |  2 +-
22 
+ arch/x86/kernel/cpu/bugs.c           |  2 +-
23 
+ arch/x86/kvm/svm.c                   |  2 +-
24 
+ arch/x86/kvm/vmx.c                   |  2 +-
25 
+ 6 files changed, 25 insertions(+), 18 deletions(-)
26 
+ create mode 100644 arch/x86/include/asm/spec-ctrl.h
27 
+
28 
+diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
29 
+index 3a1541c..1119f14 100644
30 
+--- a/arch/x86/include/asm/nospec-branch.h
31 
+@@ -228,26 +228,12 @@ enum spectre_v2_mitigation {
32 
+ extern void x86_spec_ctrl_set(u64);
33 
+ extern u64 x86_spec_ctrl_get_default(void);
34 
+
35 
+-/*
36 
+- * On VMENTER we must preserve whatever view of the SPEC_CTRL MSR
37 
+- * the guest has, while on VMEXIT we restore the host view. This
38 
+- * would be easier if SPEC_CTRL were architecturally maskable or
39 
+- * shadowable for guests but this is not (currently) the case.
40 
+- * Takes the guest view of SPEC_CTRL MSR as a parameter.
41 
+- */
42 
+-extern void x86_spec_ctrl_set_guest(u64);
43 
+-extern void x86_spec_ctrl_restore_host(u64);
44 
+-
45 
+ /* The Speculative Store Bypass disable variants */
46 
+ enum ssb_mitigation {
47 
+ 	SPEC_STORE_BYPASS_NONE,
48 
+ 	SPEC_STORE_BYPASS_DISABLE,
49 
+ };
50 
+
51 
+-/* AMD specific Speculative Store Bypass MSR data */
52 
+-extern u64 x86_amd_ls_cfg_base;
53 
+-extern u64 x86_amd_ls_cfg_rds_mask;
54 
+-
55 
+ extern char __indirect_thunk_start[];
56 
+ extern char __indirect_thunk_end[];
57 
+
58 
+diff --git a/arch/x86/include/asm/spec-ctrl.h b/arch/x86/include/asm/spec-ctrl.h
59 
+new file mode 100644
60 
+index 0000000..3ad6442
61 
+--- /dev/null
62 
+@@ -0,0 +1,21 @@
63 
++/* SPDX-License-Identifier: GPL-2.0 */
64 
++#ifndef _ASM_X86_SPECCTRL_H_
65 
++#define _ASM_X86_SPECCTRL_H_
66 
++
67 
++#include <asm/nospec-branch.h>
68 
++
69 
++/*
70 
++ * On VMENTER we must preserve whatever view of the SPEC_CTRL MSR
71 
++ * the guest has, while on VMEXIT we restore the host view. This
72 
++ * would be easier if SPEC_CTRL were architecturally maskable or
73 
++ * shadowable for guests but this is not (currently) the case.
74 
++ * Takes the guest view of SPEC_CTRL MSR as a parameter.
75 
++ */
76 
++extern void x86_spec_ctrl_set_guest(u64);
77 
++extern void x86_spec_ctrl_restore_host(u64);
78 
++
79 
++/* AMD specific Speculative Store Bypass MSR data */
80 
++extern u64 x86_amd_ls_cfg_base;
81 
++extern u64 x86_amd_ls_cfg_rds_mask;
82 
++
83 
++#endif
84 
+diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
85 
+index 7551d9ad..a176c81 100644
86 
+--- a/arch/x86/kernel/cpu/amd.c
87 
+@@ -9,7 +9,7 @@
88 
+ #include <asm/processor.h>
89 
+ #include <asm/apic.h>
90 
+ #include <asm/cpu.h>
91 
+-#include <asm/nospec-branch.h>
92 
++#include <asm/spec-ctrl.h>
93 
+ #include <asm/smp.h>
94 
+ #include <asm/pci-direct.h>
95 
+ #include <asm/delay.h>
96 
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
97 
+index b3696cc..46d01fd 100644
98 
+--- a/arch/x86/kernel/cpu/bugs.c
99 
+@@ -12,7 +12,7 @@
100 
+ #include <linux/cpu.h>
101 
+ #include <linux/module.h>
102 
+
103 
+-#include <asm/nospec-branch.h>
104 
++#include <asm/spec-ctrl.h>
105 
+ #include <asm/cmdline.h>
106 
+ #include <asm/bugs.h>
107 
+ #include <asm/processor.h>
108 
+diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
109 
+index 57b886b..516ddff 100644
110 
+--- a/arch/x86/kvm/svm.c
111 
+@@ -45,7 +45,7 @@
112 
+ #include <asm/kvm_para.h>
113 
+ #include <asm/irq_remapping.h>
114 
+ #include <asm/microcode.h>
115 
+-#include <asm/nospec-branch.h>
116 
++#include <asm/spec-ctrl.h>
117 
+
118 
+ #include <asm/virtext.h>
119 
+ #include "trace.h"
120 
+diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
121 
+index 67ed4e9..0eb3863 100644
122 
+--- a/arch/x86/kvm/vmx.c
123 
+@@ -50,7 +50,7 @@
124 
+ #include <asm/apic.h>
125 
+ #include <asm/irq_remapping.h>
126 
+ #include <asm/microcode.h>
127 
+-#include <asm/nospec-branch.h>
128 
++#include <asm/spec-ctrl.h>
129 
+
130 
+ #include "trace.h"
131 
+ #include "pmu.h"
132 
+--
133 
+2.7.4
134 
+
SPECS/linux/speculative-store-bypass/0015-prctl-Add-speculation-control-prctls.patch
History View file @ c3d25b5
0 135 
new file mode 100644
... ... 
@@ -0,0 +1,239 @@
0 
+From 259d613d145206198100baf407e1f41c0e1edf15 Mon Sep 17 00:00:00 2001
1 
+From: Thomas Gleixner <tglx@linutronix.de>
2 
+Date: Sun, 29 Apr 2018 15:20:11 +0200
3 
+Subject: [PATCH 15/54] prctl: Add speculation control prctls
4 
+
5 
+commit b617cfc858161140d69cc0b5cc211996b557a1c7 upstream
6 
+
7 
+Add two new prctls to control aspects of speculation related vulnerabilites
8 
+and their mitigations to provide finer grained control over performance
9 
+impacting mitigations.
10 
+
11 
+PR_GET_SPECULATION_CTRL returns the state of the speculation misfeature
12 
+which is selected with arg2 of prctl(2). The return value uses bit 0-2 with
13 
+the following meaning:
14 
+
15 
+Bit  Define           Description
16 
+0    PR_SPEC_PRCTL    Mitigation can be controlled per task by
17 
+                      PR_SET_SPECULATION_CTRL
18 
+1    PR_SPEC_ENABLE   The speculation feature is enabled, mitigation is
19 
+                      disabled
20 
+2    PR_SPEC_DISABLE  The speculation feature is disabled, mitigation is
21 
+                      enabled
22 
+
23 
+If all bits are 0 the CPU is not affected by the speculation misfeature.
24 
+
25 
+If PR_SPEC_PRCTL is set, then the per task control of the mitigation is
26 
+available. If not set, prctl(PR_SET_SPECULATION_CTRL) for the speculation
27 
+misfeature will fail.
28 
+
29 
+PR_SET_SPECULATION_CTRL allows to control the speculation misfeature, which
30 
+is selected by arg2 of prctl(2) per task. arg3 is used to hand in the
31 
+control value, i.e. either PR_SPEC_ENABLE or PR_SPEC_DISABLE.
32 
+
33 
+The common return values are:
34 
+
35 
+EINVAL  prctl is not implemented by the architecture or the unused prctl()
36 
+        arguments are not 0
37 
+ENODEV  arg2 is selecting a not supported speculation misfeature
38 
+
39 
+PR_SET_SPECULATION_CTRL has these additional return values:
40 
+
41 
+ERANGE  arg3 is incorrect, i.e. it's not either PR_SPEC_ENABLE or PR_SPEC_DISABLE
42 
+ENXIO   prctl control of the selected speculation misfeature is disabled
43 
+
44 
+The first supported controlable speculation misfeature is
45 
+PR_SPEC_STORE_BYPASS. Add the define so this can be shared between
46 
+architectures.
47 
+
48 
+Based on an initial patch from Tim Chen and mostly rewritten.
49 
+
50 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
51 
+Reviewed-by: Ingo Molnar <mingo@kernel.org>
52 
+Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
53 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
54 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
55 
+---
56 
+ Documentation/spec_ctrl.txt | 86 +++++++++++++++++++++++++++++++++++++++++++++
57 
+ include/linux/nospec.h      |  5 +++
58 
+ include/uapi/linux/prctl.h  | 11 ++++++
59 
+ kernel/sys.c                | 22 ++++++++++++
60 
+ 4 files changed, 124 insertions(+)
61 
+ create mode 100644 Documentation/spec_ctrl.txt
62 
+
63 
+diff --git a/Documentation/spec_ctrl.txt b/Documentation/spec_ctrl.txt
64 
+new file mode 100644
65 
+index 0000000..ddbebcd
66 
+--- /dev/null
67 
+@@ -0,0 +1,86 @@
68 
++===================
69 
++Speculation Control
70 
++===================
71 
++
72 
++Quite some CPUs have speculation related misfeatures which are in fact
73 
++vulnerabilites causing data leaks in various forms even accross privilege
74 
++domains.
75 
++
76 
++The kernel provides mitigation for such vulnerabilities in various
77 
++forms. Some of these mitigations are compile time configurable and some on
78 
++the kernel command line.
79 
++
80 
++There is also a class of mitigations which are very expensive, but they can
81 
++be restricted to a certain set of processes or tasks in controlled
82 
++environments. The mechanism to control these mitigations is via
83 
++:manpage:`prctl(2)`.
84 
++
85 
++There are two prctl options which are related to this:
86 
++
87 
++ * PR_GET_SPECULATION_CTRL
88 
++
89 
++ * PR_SET_SPECULATION_CTRL
90 
++
91 
++PR_GET_SPECULATION_CTRL
92 
++-----------------------
93 
++
94 
++PR_GET_SPECULATION_CTRL returns the state of the speculation misfeature
95 
++which is selected with arg2 of prctl(2). The return value uses bits 0-2 with
96 
++the following meaning:
97 
++
98 
++==== ================ ===================================================
99 
++Bit  Define           Description
100 
++==== ================ ===================================================
101 
++0    PR_SPEC_PRCTL    Mitigation can be controlled per task by
102 
++                      PR_SET_SPECULATION_CTRL
103 
++1    PR_SPEC_ENABLE   The speculation feature is enabled, mitigation is
104 
++                      disabled
105 
++2    PR_SPEC_DISABLE  The speculation feature is disabled, mitigation is
106 
++                      enabled
107 
++==== ================ ===================================================
108 
++
109 
++If all bits are 0 the CPU is not affected by the speculation misfeature.
110 
++
111 
++If PR_SPEC_PRCTL is set, then the per task control of the mitigation is
112 
++available. If not set, prctl(PR_SET_SPECULATION_CTRL) for the speculation
113 
++misfeature will fail.
114 
++
115 
++PR_SET_SPECULATION_CTRL
116 
++-----------------------
117 
++PR_SET_SPECULATION_CTRL allows to control the speculation misfeature, which
118 
++is selected by arg2 of :manpage:`prctl(2)` per task. arg3 is used to hand
119 
++in the control value, i.e. either PR_SPEC_ENABLE or PR_SPEC_DISABLE.
120 
++
121 
++Common error codes
122 
++------------------
123 
++======= =================================================================
124 
++Value   Meaning
125 
++======= =================================================================
126 
++EINVAL  The prctl is not implemented by the architecture or unused
127 
++        prctl(2) arguments are not 0
128 
++
129 
++ENODEV  arg2 is selecting a not supported speculation misfeature
130 
++======= =================================================================
131 
++
132 
++PR_SET_SPECULATION_CTRL error codes
133 
++-----------------------------------
134 
++======= =================================================================
135 
++Value   Meaning
136 
++======= =================================================================
137 
++0       Success
138 
++
139 
++ERANGE  arg3 is incorrect, i.e. it's neither PR_SPEC_ENABLE nor
140 
++        PR_SPEC_DISABLE
141 
++
142 
++ENXIO   Control of the selected speculation misfeature is not possible.
143 
++        See PR_GET_SPECULATION_CTRL.
144 
++======= =================================================================
145 
++
146 
++Speculation misfeature controls
147 
++-------------------------------
148 
++- PR_SPEC_STORE_BYPASS: Speculative Store Bypass
149 
++
150 
++  Invocations:
151 
++   * prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, 0, 0, 0);
152 
++   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_ENABLE, 0, 0);
153 
++   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
154 
+diff --git a/include/linux/nospec.h b/include/linux/nospec.h
155 
+index e791ebc..700bb8a 100644
156 
+--- a/include/linux/nospec.h
157 
+@@ -55,4 +55,9 @@ static inline unsigned long array_index_mask_nospec(unsigned long index,
158 
+ 									\
159 
+ 	(typeof(_i)) (_i & _mask);					\
160 
+ })
161 
++
162 
++/* Speculation control prctl */
163 
++int arch_prctl_spec_ctrl_get(unsigned long which);
164 
++int arch_prctl_spec_ctrl_set(unsigned long which, unsigned long ctrl);
165 
++
166 
+ #endif /* _LINUX_NOSPEC_H */
167 
+diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h
168 
+index a8d0759..3b316be 100644
169 
+--- a/include/uapi/linux/prctl.h
170 
+@@ -197,4 +197,15 @@ struct prctl_mm_map {
171 
+ # define PR_CAP_AMBIENT_LOWER		3
172 
+ # define PR_CAP_AMBIENT_CLEAR_ALL	4
173 
+
174 
++/* Per task speculation control */
175 
++#define PR_GET_SPECULATION_CTRL		52
176 
++#define PR_SET_SPECULATION_CTRL		53
177 
++/* Speculation control variants */
178 
++# define PR_SPEC_STORE_BYPASS		0
179 
++/* Return and control values for PR_SET/GET_SPECULATION_CTRL */
180 
++# define PR_SPEC_NOT_AFFECTED		0
181 
++# define PR_SPEC_PRCTL			(1UL << 0)
182 
++# define PR_SPEC_ENABLE			(1UL << 1)
183 
++# define PR_SPEC_DISABLE		(1UL << 2)
184 
++
185 
+ #endif /* _LINUX_PRCTL_H */
186 
+diff --git a/kernel/sys.c b/kernel/sys.c
187 
+index 89d5be4..312c985 100644
188 
+--- a/kernel/sys.c
189 
+@@ -53,6 +53,8 @@
190 
+ #include <linux/uidgid.h>
191 
+ #include <linux/cred.h>
192 
+
193 
++#include <linux/nospec.h>
194 
++
195 
+ #include <linux/kmsg_dump.h>
196 
+ /* Move somewhere else to avoid recompiling? */
197 
+ #include <generated/utsrelease.h>
198 
+@@ -2072,6 +2074,16 @@ static int prctl_get_tid_address(struct task_struct *me, int __user **tid_addr)
199 
+ }
200 
+ #endif
201 
+
202 
++int __weak arch_prctl_spec_ctrl_get(unsigned long which)
203 
++{
204 
++	return -EINVAL;
205 
++}
206 
++
207 
++int __weak arch_prctl_spec_ctrl_set(unsigned long which, unsigned long ctrl)
208 
++{
209 
++	return -EINVAL;
210 
++}
211 
++
212 
+ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
213 
+ 		unsigned long, arg4, unsigned long, arg5)
214 
+ {
215 
+@@ -2270,6 +2282,16 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
216 
+ 	case PR_GET_FP_MODE:
217 
+ 		error = GET_FP_MODE(me);
218 
+ 		break;
219 
++	case PR_GET_SPECULATION_CTRL:
220 
++		if (arg3 || arg4 || arg5)
221 
++			return -EINVAL;
222 
++		error = arch_prctl_spec_ctrl_get(arg2);
223 
++		break;
224 
++	case PR_SET_SPECULATION_CTRL:
225 
++		if (arg4 || arg5)
226 
++			return -EINVAL;
227 
++		error = arch_prctl_spec_ctrl_set(arg2, arg3);
228 
++		break;
229 
+ 	default:
230 
+ 		error = -EINVAL;
231 
+ 		break;
232 
+--
233 
+2.7.4
234 
+
SPECS/linux/speculative-store-bypass/0016-x86-process-Optimize-TIF-checks-in-__switch_to_xtra.patch
History View file @ c3d25b5
0 235 
new file mode 100644
... ... 
@@ -0,0 +1,125 @@
0 
+From 0a927d08b636a68b1eaa44edf4ebc1b12e7ca86f Mon Sep 17 00:00:00 2001
1 
+From: Kyle Huey <me@kylehuey.com>
2 
+Date: Tue, 14 Feb 2017 00:11:02 -0800
3 
+Subject: [PATCH 16/54] x86/process: Optimize TIF checks in __switch_to_xtra()
4 
+
5 
+commit af8b3cd3934ec60f4c2a420d19a9d416554f140b upstream
6 
+
7 
+Help the compiler to avoid reevaluating the thread flags for each checked
8 
+bit by reordering the bit checks and providing an explicit xor for
9 
+evaluation.
10 
+
11 
+With default defconfigs for each arch,
12 
+
13 
+x86_64: arch/x86/kernel/process.o
14 
+text       data     bss     dec     hex
15 
+3056       8577      16   11649    2d81	Before
16 
+3024	   8577      16	  11617	   2d61	After
17 
+
18 
+i386: arch/x86/kernel/process.o
19 
+text       data     bss     dec     hex
20 
+2957	   8673	      8	  11638	   2d76	Before
21 
+2925	   8673       8	  11606	   2d56	After
22 
+
23 
+Originally-by: Thomas Gleixner <tglx@linutronix.de>
24 
+Signed-off-by: Kyle Huey <khuey@kylehuey.com>
25 
+Cc: Peter Zijlstra <peterz@infradead.org>
26 
+Cc: Andy Lutomirski <luto@kernel.org>
27 
+Link: http://lkml.kernel.org/r/20170214081104.9244-2-khuey@kylehuey.com
28 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
29 
+
30 
+[dwmw2: backported to make TIF_RDS handling simpler.
31 
+        No deferred TR reload.]
32 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
33 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
34 
+---
35 
+ arch/x86/kernel/process.c | 54 +++++++++++++++++++++++++++--------------------
36 
+ 1 file changed, 31 insertions(+), 23 deletions(-)
37 
+
38 
+diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
39 
+index a55b320..0e1999e 100644
40 
+--- a/arch/x86/kernel/process.c
41 
+@@ -192,48 +192,56 @@ int set_tsc_mode(unsigned int val)
42 
+ 	return 0;
43 
+ }
44 
+
45 
++static inline void switch_to_bitmap(struct tss_struct *tss,
46 
++				    struct thread_struct *prev,
47 
++				    struct thread_struct *next,
48 
++				    unsigned long tifp, unsigned long tifn)
49 
++{
50 
++	if (tifn & _TIF_IO_BITMAP) {
51 
++		/*
52 
++		 * Copy the relevant range of the IO bitmap.
53 
++		 * Normally this is 128 bytes or less:
54 
++		 */
55 
++		memcpy(tss->io_bitmap, next->io_bitmap_ptr,
56 
++		       max(prev->io_bitmap_max, next->io_bitmap_max));
57 
++	} else if (tifp & _TIF_IO_BITMAP) {
58 
++		/*
59 
++		 * Clear any possible leftover bits:
60 
++		 */
61 
++		memset(tss->io_bitmap, 0xff, prev->io_bitmap_max);
62 
++	}
63 
++}
64 
++
65 
+ void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p,
66 
+ 		      struct tss_struct *tss)
67 
+ {
68 
+ 	struct thread_struct *prev, *next;
69 
++	unsigned long tifp, tifn;
70 
+
71 
+ 	prev = &prev_p->thread;
72 
+ 	next = &next_p->thread;
73 
+
74 
+-	if (test_tsk_thread_flag(prev_p, TIF_BLOCKSTEP) ^
75 
+-	    test_tsk_thread_flag(next_p, TIF_BLOCKSTEP)) {
76 
++	tifn = READ_ONCE(task_thread_info(next_p)->flags);
77 
++	tifp = READ_ONCE(task_thread_info(prev_p)->flags);
78 
++	switch_to_bitmap(tss, prev, next, tifp, tifn);
79 
++
80 
++	propagate_user_return_notify(prev_p, next_p);
81 
++
82 
++	if ((tifp ^ tifn) & _TIF_BLOCKSTEP) {
83 
+ 		unsigned long debugctl = get_debugctlmsr();
84 
+
85 
+ 		debugctl &= ~DEBUGCTLMSR_BTF;
86 
+-		if (test_tsk_thread_flag(next_p, TIF_BLOCKSTEP))
87 
++		if (tifn & _TIF_BLOCKSTEP)
88 
+ 			debugctl |= DEBUGCTLMSR_BTF;
89 
+-
90 
+ 		update_debugctlmsr(debugctl);
91 
+ 	}
92 
+
93 
+-	if (test_tsk_thread_flag(prev_p, TIF_NOTSC) ^
94 
+-	    test_tsk_thread_flag(next_p, TIF_NOTSC)) {
95 
+-		/* prev and next are different */
96 
+-		if (test_tsk_thread_flag(next_p, TIF_NOTSC))
97 
++	if ((tifp ^ tifn) & _TIF_NOTSC) {
98 
++		if (tifn & _TIF_NOTSC)
99 
+ 			hard_disable_TSC();
100 
+ 		else
101 
+ 			hard_enable_TSC();
102 
+ 	}
103 
+-
104 
+-	if (test_tsk_thread_flag(next_p, TIF_IO_BITMAP)) {
105 
+-		/*
106 
+-		 * Copy the relevant range of the IO bitmap.
107 
+-		 * Normally this is 128 bytes or less:
108 
+-		 */
109 
+-		memcpy(tss->io_bitmap, next->io_bitmap_ptr,
110 
+-		       max(prev->io_bitmap_max, next->io_bitmap_max));
111 
+-	} else if (test_tsk_thread_flag(prev_p, TIF_IO_BITMAP)) {
112 
+-		/*
113 
+-		 * Clear any possible leftover bits:
114 
+-		 */
115 
+-		memset(tss->io_bitmap, 0xff, prev->io_bitmap_max);
116 
+-	}
117 
+-	propagate_user_return_notify(prev_p, next_p);
118 
+ }
119 
+
120 
+ /*
121 
+--
122 
+2.7.4
123 
+
SPECS/linux/speculative-store-bypass/0017-x86-process-Correct-and-optimize-TIF_BLOCKSTEP-switc.patch
History View file @ c3d25b5
0 124 
new file mode 100644
... ... 
@@ -0,0 +1,84 @@
0 
+From bb8a828adfbc5120a1beec01403e672f36cac5bf Mon Sep 17 00:00:00 2001
1 
+From: Kyle Huey <me@kylehuey.com>
2 
+Date: Tue, 14 Feb 2017 00:11:03 -0800
3 
+Subject: [PATCH 17/54] x86/process: Correct and optimize TIF_BLOCKSTEP switch
4 
+
5 
+commit b9894a2f5bd18b1691cb6872c9afe32b148d0132 upstream
6 
+
7 
+The debug control MSR is "highly magical" as the blockstep bit can be
8 
+cleared by hardware under not well documented circumstances.
9 
+
10 
+So a task switch relying on the bit set by the previous task (according to
11 
+the previous tasks thread flags) can trip over this and not update the flag
12 
+for the next task.
13 
+
14 
+To fix this its required to handle DEBUGCTLMSR_BTF when either the previous
15 
+or the next or both tasks have the TIF_BLOCKSTEP flag set.
16 
+
17 
+While at it avoid branching within the TIF_BLOCKSTEP case and evaluating
18 
+boot_cpu_data twice in kernels without CONFIG_X86_DEBUGCTLMSR.
19 
+
20 
+x86_64: arch/x86/kernel/process.o
21 
+text	data	bss	dec	 hex
22 
+3024    8577    16      11617    2d61	Before
23 
+3008	8577	16	11601	 2d51	After
24 
+
25 
+i386: No change
26 
+
27 
+[ tglx: Made the shift value explicit, use a local variable to make the
28 
+code readable and massaged changelog]
29 
+
30 
+Originally-by: Thomas Gleixner <tglx@linutronix.de>
31 
+Signed-off-by: Kyle Huey <khuey@kylehuey.com>
32 
+Cc: Peter Zijlstra <peterz@infradead.org>
33 
+Cc: Andy Lutomirski <luto@kernel.org>
34 
+Link: http://lkml.kernel.org/r/20170214081104.9244-3-khuey@kylehuey.com
35 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
36 
+
37 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
38 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
39 
+---
40 
+ arch/x86/include/asm/msr-index.h |  1 +
41 
+ arch/x86/kernel/process.c        | 12 +++++++-----
42 
+ 2 files changed, 8 insertions(+), 5 deletions(-)
43 
+
44 
+diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
45 
+index 87103e8..076e868 100644
46 
+--- a/arch/x86/include/asm/msr-index.h
47 
+@@ -141,6 +141,7 @@
48 
+
49 
+ /* DEBUGCTLMSR bits (others vary by model): */
50 
+ #define DEBUGCTLMSR_LBR			(1UL <<  0) /* last branch recording */
51 
++#define DEBUGCTLMSR_BTF_SHIFT		1
52 
+ #define DEBUGCTLMSR_BTF			(1UL <<  1) /* single-step on branches */
53 
+ #define DEBUGCTLMSR_TR			(1UL <<  6)
54 
+ #define DEBUGCTLMSR_BTS			(1UL <<  7)
55 
+diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
56 
+index 0e1999e..496eef6 100644
57 
+--- a/arch/x86/kernel/process.c
58 
+@@ -227,13 +227,15 @@ void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p,
59 
+
60 
+ 	propagate_user_return_notify(prev_p, next_p);
61 
+
62 
+-	if ((tifp ^ tifn) & _TIF_BLOCKSTEP) {
63 
+-		unsigned long debugctl = get_debugctlmsr();
64 
++	if ((tifp & _TIF_BLOCKSTEP || tifn & _TIF_BLOCKSTEP) &&
65 
++	    arch_has_block_step()) {
66 
++		unsigned long debugctl, msk;
67 
+
68 
++		rdmsrl(MSR_IA32_DEBUGCTLMSR, debugctl);
69 
+ 		debugctl &= ~DEBUGCTLMSR_BTF;
70 
+-		if (tifn & _TIF_BLOCKSTEP)
71 
+-			debugctl |= DEBUGCTLMSR_BTF;
72 
+-		update_debugctlmsr(debugctl);
73 
++		msk = tifn & _TIF_BLOCKSTEP;
74 
++		debugctl |= (msk >> TIF_BLOCKSTEP) << DEBUGCTLMSR_BTF_SHIFT;
75 
++		wrmsrl(MSR_IA32_DEBUGCTLMSR, debugctl);
76 
+ 	}
77 
+
78 
+ 	if ((tifp ^ tifn) & _TIF_NOTSC) {
79 
+--
80 
+2.7.4
81 
+
SPECS/linux/speculative-store-bypass/0018-x86-process-Optimize-TIF_NOTSC-switch.patch
History View file @ c3d25b5
0 82 
new file mode 100644
... ... 
@@ -0,0 +1,112 @@
0 
+From ae00cf150c8b8d9e0ede34bc70499eab625f9e70 Mon Sep 17 00:00:00 2001
1 
+From: Thomas Gleixner <tglx@linutronix.de>
2 
+Date: Tue, 14 Feb 2017 00:11:04 -0800
3 
+Subject: [PATCH 18/54] x86/process: Optimize TIF_NOTSC switch
4 
+
5 
+commit 5a920155e388ec22a22e0532fb695b9215c9b34d upstream
6 
+
7 
+Provide and use a toggle helper instead of doing it with a branch.
8 
+
9 
+x86_64: arch/x86/kernel/process.o
10 
+text	   data	    bss	    dec	    hex
11 
+3008	   8577	     16	  11601	   2d51 Before
12 
+2976       8577      16	  11569	   2d31 After
13 
+
14 
+i386: arch/x86/kernel/process.o
15 
+text	   data	    bss	    dec	    hex
16 
+2925	   8673	      8	  11606	   2d56 Before
17 
+2893	   8673       8	  11574	   2d36 After
18 
+
19 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
20 
+Cc: Peter Zijlstra <peterz@infradead.org>
21 
+Cc: Andy Lutomirski <luto@kernel.org>
22 
+Link: http://lkml.kernel.org/r/20170214081104.9244-4-khuey@kylehuey.com
23 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
24 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
25 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
26 
+---
27 
+ arch/x86/include/asm/tlbflush.h | 10 ++++++++++
28 
+ arch/x86/kernel/process.c       | 22 ++++------------------
29 
+ 2 files changed, 14 insertions(+), 18 deletions(-)
30 
+
31 
+diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
32 
+index 99185a0..686a58d 100644
33 
+--- a/arch/x86/include/asm/tlbflush.h
34 
+@@ -111,6 +111,16 @@ static inline void cr4_clear_bits(unsigned long mask)
35 
+ 	}
36 
+ }
37 
+
38 
++static inline void cr4_toggle_bits(unsigned long mask)
39 
++{
40 
++	unsigned long cr4;
41 
++
42 
++	cr4 = this_cpu_read(cpu_tlbstate.cr4);
43 
++	cr4 ^= mask;
44 
++	this_cpu_write(cpu_tlbstate.cr4, cr4);
45 
++	__write_cr4(cr4);
46 
++}
47 
++
48 
+ /* Read the CR4 shadow. */
49 
+ static inline unsigned long cr4_read_shadow(void)
50 
+ {
51 
+diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
52 
+index 496eef6..b7e3822 100644
53 
+--- a/arch/x86/kernel/process.c
54 
+@@ -134,11 +134,6 @@ void flush_thread(void)
55 
+ 	fpu__clear(&tsk->thread.fpu);
56 
+ }
57 
+
58 
+-static void hard_disable_TSC(void)
59 
+-{
60 
+-	cr4_set_bits(X86_CR4_TSD);
61 
+-}
62 
+-
63 
+ void disable_TSC(void)
64 
+ {
65 
+ 	preempt_disable();
66 
+@@ -147,15 +142,10 @@ void disable_TSC(void)
67 
+ 		 * Must flip the CPU state synchronously with
68 
+ 		 * TIF_NOTSC in the current running context.
69 
+ 		 */
70 
+-		hard_disable_TSC();
71 
++		cr4_set_bits(X86_CR4_TSD);
72 
+ 	preempt_enable();
73 
+ }
74 
+
75 
+-static void hard_enable_TSC(void)
76 
+-{
77 
+-	cr4_clear_bits(X86_CR4_TSD);
78 
+-}
79 
+-
80 
+ static void enable_TSC(void)
81 
+ {
82 
+ 	preempt_disable();
83 
+@@ -164,7 +154,7 @@ static void enable_TSC(void)
84 
+ 		 * Must flip the CPU state synchronously with
85 
+ 		 * TIF_NOTSC in the current running context.
86 
+ 		 */
87 
+-		hard_enable_TSC();
88 
++		cr4_clear_bits(X86_CR4_TSD);
89 
+ 	preempt_enable();
90 
+ }
91 
+
92 
+@@ -238,12 +228,8 @@ void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p,
93 
+ 		wrmsrl(MSR_IA32_DEBUGCTLMSR, debugctl);
94 
+ 	}
95 
+
96 
+-	if ((tifp ^ tifn) & _TIF_NOTSC) {
97 
+-		if (tifn & _TIF_NOTSC)
98 
+-			hard_disable_TSC();
99 
+-		else
100 
+-			hard_enable_TSC();
101 
+-	}
102 
++	if ((tifp ^ tifn) & _TIF_NOTSC)
103 
++		cr4_toggle_bits(X86_CR4_TSD);
104 
+ }
105 
+
106 
+ /*
107 
+--
108 
+2.7.4
109 
+
SPECS/linux/speculative-store-bypass/0019-x86-process-Allow-runtime-control-of-Speculative-Sto.patch
History View file @ c3d25b5
0 110 
new file mode 100644
... ... 
@@ -0,0 +1,229 @@
0 
+From c06c1b2d1725c1f6618d389cffe61cb538ca24b9 Mon Sep 17 00:00:00 2001
1 
+From: Thomas Gleixner <tglx@linutronix.de>
2 
+Date: Sun, 29 Apr 2018 15:21:42 +0200
3 
+Subject: [PATCH 19/54] x86/process: Allow runtime control of Speculative Store
4 
+ Bypass
5 
+
6 
+commit 885f82bfbc6fefb6664ea27965c3ab9ac4194b8c upstream
7 
+
8 
+The Speculative Store Bypass vulnerability can be mitigated with the
9 
+Reduced Data Speculation (RDS) feature. To allow finer grained control of
10 
+this eventually expensive mitigation a per task mitigation control is
11 
+required.
12 
+
13 
+Add a new TIF_RDS flag and put it into the group of TIF flags which are
14 
+evaluated for mismatch in switch_to(). If these bits differ in the previous
15 
+and the next task, then the slow path function __switch_to_xtra() is
16 
+invoked. Implement the TIF_RDS dependent mitigation control in the slow
17 
+path.
18 
+
19 
+If the prctl for controlling Speculative Store Bypass is disabled or no
20 
+task uses the prctl then there is no overhead in the switch_to() fast
21 
+path.
22 
+
23 
+Update the KVM related speculation control functions to take TID_RDS into
24 
+account as well.
25 
+
26 
+Based on a patch from Tim Chen. Completely rewritten.
27 
+
28 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
29 
+Reviewed-by: Ingo Molnar <mingo@kernel.org>
30 
+Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
31 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
32 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
33 
+---
34 
+ arch/x86/include/asm/msr-index.h   |  3 ++-
35 
+ arch/x86/include/asm/spec-ctrl.h   | 17 +++++++++++++++++
36 
+ arch/x86/include/asm/thread_info.h |  6 ++++--
37 
+ arch/x86/kernel/cpu/bugs.c         | 26 +++++++++++++++++++++-----
38 
+ arch/x86/kernel/process.c          | 22 ++++++++++++++++++++++
39 
+ 5 files changed, 66 insertions(+), 8 deletions(-)
40 
+
41 
+diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
42 
+index 076e868..5dd28d0 100644
43 
+--- a/arch/x86/include/asm/msr-index.h
44 
+@@ -40,7 +40,8 @@
45 
+ #define MSR_IA32_SPEC_CTRL		0x00000048 /* Speculation Control */
46 
+ #define SPEC_CTRL_IBRS			(1 << 0)   /* Indirect Branch Restricted Speculation */
47 
+ #define SPEC_CTRL_STIBP			(1 << 1)   /* Single Thread Indirect Branch Predictors */
48 
+-#define SPEC_CTRL_RDS			(1 << 2)   /* Reduced Data Speculation */
49 
++#define SPEC_CTRL_RDS_SHIFT		2	   /* Reduced Data Speculation bit */
50 
++#define SPEC_CTRL_RDS			(1 << SPEC_CTRL_RDS_SHIFT)   /* Reduced Data Speculation */
51 
+
52 
+ #define MSR_IA32_PRED_CMD		0x00000049 /* Prediction Command */
53 
+ #define PRED_CMD_IBPB			(1 << 0)   /* Indirect Branch Prediction Barrier */
54 
+diff --git a/arch/x86/include/asm/spec-ctrl.h b/arch/x86/include/asm/spec-ctrl.h
55 
+index 3ad6442..45ef00a 100644
56 
+--- a/arch/x86/include/asm/spec-ctrl.h
57 
+@@ -2,6 +2,7 @@
58 
+ #ifndef _ASM_X86_SPECCTRL_H_
59 
+ #define _ASM_X86_SPECCTRL_H_
60 
+
61 
++#include <linux/thread_info.h>
62 
+ #include <asm/nospec-branch.h>
63 
+
64 
+ /*
65 
+@@ -18,4 +19,20 @@ extern void x86_spec_ctrl_restore_host(u64);
66 
+ extern u64 x86_amd_ls_cfg_base;
67 
+ extern u64 x86_amd_ls_cfg_rds_mask;
68 
+
69 
++/* The Intel SPEC CTRL MSR base value cache */
70 
++extern u64 x86_spec_ctrl_base;
71 
++
72 
++static inline u64 rds_tif_to_spec_ctrl(u64 tifn)
73 
++{
74 
++	BUILD_BUG_ON(TIF_RDS < SPEC_CTRL_RDS_SHIFT);
75 
++	return (tifn & _TIF_RDS) >> (TIF_RDS - SPEC_CTRL_RDS_SHIFT);
76 
++}
77 
++
78 
++static inline u64 rds_tif_to_amd_ls_cfg(u64 tifn)
79 
++{
80 
++	return (tifn & _TIF_RDS) ? x86_amd_ls_cfg_rds_mask : 0ULL;
81 
++}
82 
++
83 
++extern void speculative_store_bypass_update(void);
84 
++
85 
+ #endif
86 
+diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
87 
+index 89978b9..661afac 100644
88 
+--- a/arch/x86/include/asm/thread_info.h
89 
+@@ -83,6 +83,7 @@ struct thread_info {
90 
+ #define TIF_SIGPENDING		2	/* signal pending */
91 
+ #define TIF_NEED_RESCHED	3	/* rescheduling necessary */
92 
+ #define TIF_SINGLESTEP		4	/* reenable singlestep on user return*/
93 
++#define TIF_RDS			5	/* Reduced data speculation */
94 
+ #define TIF_SYSCALL_EMU		6	/* syscall emulation active */
95 
+ #define TIF_SYSCALL_AUDIT	7	/* syscall auditing active */
96 
+ #define TIF_SECCOMP		8	/* secure computing */
97 
+@@ -104,8 +105,9 @@ struct thread_info {
98 
+ #define _TIF_SYSCALL_TRACE	(1 << TIF_SYSCALL_TRACE)
99 
+ #define _TIF_NOTIFY_RESUME	(1 << TIF_NOTIFY_RESUME)
100 
+ #define _TIF_SIGPENDING		(1 << TIF_SIGPENDING)
101 
+-#define _TIF_SINGLESTEP		(1 << TIF_SINGLESTEP)
102 
+ #define _TIF_NEED_RESCHED	(1 << TIF_NEED_RESCHED)
103 
++#define _TIF_SINGLESTEP		(1 << TIF_SINGLESTEP)
104 
++#define _TIF_RDS		(1 << TIF_RDS)
105 
+ #define _TIF_SYSCALL_EMU	(1 << TIF_SYSCALL_EMU)
106 
+ #define _TIF_SYSCALL_AUDIT	(1 << TIF_SYSCALL_AUDIT)
107 
+ #define _TIF_SECCOMP		(1 << TIF_SECCOMP)
108 
+@@ -139,7 +141,7 @@ struct thread_info {
109 
+
110 
+ /* flags to check in __switch_to() */
111 
+ #define _TIF_WORK_CTXSW							\
112 
+-	(_TIF_IO_BITMAP|_TIF_NOTSC|_TIF_BLOCKSTEP)
113 
++	(_TIF_IO_BITMAP|_TIF_NOTSC|_TIF_BLOCKSTEP|_TIF_RDS)
114 
+
115 
+ #define _TIF_WORK_CTXSW_PREV (_TIF_WORK_CTXSW|_TIF_USER_RETURN_NOTIFY)
116 
+ #define _TIF_WORK_CTXSW_NEXT (_TIF_WORK_CTXSW)
117 
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
118 
+index 46d01fd..4f09576 100644
119 
+--- a/arch/x86/kernel/cpu/bugs.c
120 
+@@ -32,7 +32,7 @@ static void __init ssb_select_mitigation(void);
121 
+  * Our boot-time value of the SPEC_CTRL MSR. We read it once so that any
122 
+  * writes to SPEC_CTRL contain whatever reserved bits have been set.
123 
+  */
124 
+-static u64 __ro_after_init x86_spec_ctrl_base;
125 
++u64 __ro_after_init x86_spec_ctrl_base;
126 
+
127 
+ /*
128 
+  * The vendor and possibly platform specific bits which can be modified in
129 
+@@ -139,25 +139,41 @@ EXPORT_SYMBOL_GPL(x86_spec_ctrl_set);
130 
+
131 
+ u64 x86_spec_ctrl_get_default(void)
132 
+ {
133 
+-	return x86_spec_ctrl_base;
134 
++	u64 msrval = x86_spec_ctrl_base;
135 
++
136 
++	if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL)
137 
++		msrval |= rds_tif_to_spec_ctrl(current_thread_info()->flags);
138 
++	return msrval;
139 
+ }
140 
+ EXPORT_SYMBOL_GPL(x86_spec_ctrl_get_default);
141 
+
142 
+ void x86_spec_ctrl_set_guest(u64 guest_spec_ctrl)
143 
+ {
144 
++	u64 host = x86_spec_ctrl_base;
145 
++
146 
+ 	if (!boot_cpu_has(X86_FEATURE_IBRS))
147 
+ 		return;
148 
+-	if (x86_spec_ctrl_base != guest_spec_ctrl)
149 
++
150 
++	if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL)
151 
++		host |= rds_tif_to_spec_ctrl(current_thread_info()->flags);
152 
++
153 
++	if (host != guest_spec_ctrl)
154 
+ 		wrmsrl(MSR_IA32_SPEC_CTRL, guest_spec_ctrl);
155 
+ }
156 
+ EXPORT_SYMBOL_GPL(x86_spec_ctrl_set_guest);
157 
+
158 
+ void x86_spec_ctrl_restore_host(u64 guest_spec_ctrl)
159 
+ {
160 
++	u64 host = x86_spec_ctrl_base;
161 
++
162 
+ 	if (!boot_cpu_has(X86_FEATURE_IBRS))
163 
+ 		return;
164 
+-	if (x86_spec_ctrl_base != guest_spec_ctrl)
165 
+-		wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
166 
++
167 
++	if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL)
168 
++		host |= rds_tif_to_spec_ctrl(current_thread_info()->flags);
169 
++
170 
++	if (host != guest_spec_ctrl)
171 
++		wrmsrl(MSR_IA32_SPEC_CTRL, host);
172 
+ }
173 
+ EXPORT_SYMBOL_GPL(x86_spec_ctrl_restore_host);
174 
+
175 
+diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
176 
+index b7e3822..9c48e18 100644
177 
+--- a/arch/x86/kernel/process.c
178 
+@@ -33,6 +33,7 @@
179 
+ #include <asm/mce.h>
180 
+ #include <asm/vm86.h>
181 
+ #include <asm/switch_to.h>
182 
++#include <asm/spec-ctrl.h>
183 
+
184 
+ /*
185 
+  * per-CPU TSS segments. Threads are completely 'soft' on Linux,
186 
+@@ -202,6 +203,24 @@ static inline void switch_to_bitmap(struct tss_struct *tss,
187 
+ 	}
188 
+ }
189 
+
190 
++static __always_inline void __speculative_store_bypass_update(unsigned long tifn)
191 
++{
192 
++	u64 msr;
193 
++
194 
++	if (static_cpu_has(X86_FEATURE_AMD_RDS)) {
195 
++		msr = x86_amd_ls_cfg_base | rds_tif_to_amd_ls_cfg(tifn);
196 
++		wrmsrl(MSR_AMD64_LS_CFG, msr);
197 
++	} else {
198 
++		msr = x86_spec_ctrl_base | rds_tif_to_spec_ctrl(tifn);
199 
++		wrmsrl(MSR_IA32_SPEC_CTRL, msr);
200 
++	}
201 
++}
202 
++
203 
++void speculative_store_bypass_update(void)
204 
++{
205 
++	__speculative_store_bypass_update(current_thread_info()->flags);
206 
++}
207 
++
208 
+ void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p,
209 
+ 		      struct tss_struct *tss)
210 
+ {
211 
+@@ -230,6 +249,9 @@ void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p,
212 
+
213 
+ 	if ((tifp ^ tifn) & _TIF_NOTSC)
214 
+ 		cr4_toggle_bits(X86_CR4_TSD);
215 
++
216 
++	if ((tifp ^ tifn) & _TIF_RDS)
217 
++		__speculative_store_bypass_update(tifn);
218 
+ }
219 
+
220 
+ /*
221 
+--
222 
+2.7.4
223 
+
SPECS/linux/speculative-store-bypass/0020-x86-speculation-Add-prctl-for-Speculative-Store-Bypa.patch
History View file @ c3d25b5
0 224 
new file mode 100644
... ... 
@@ -0,0 +1,222 @@
0 
+From 38c6d310c9ef423b9c7f4c6490d2086858a4a740 Mon Sep 17 00:00:00 2001
1 
+From: Thomas Gleixner <tglx@linutronix.de>
2 
+Date: Sun, 29 Apr 2018 15:26:40 +0200
3 
+Subject: [PATCH 20/54] x86/speculation: Add prctl for Speculative Store Bypass
4 
+ mitigation
5 
+
6 
+commit a73ec77ee17ec556fe7f165d00314cb7c047b1ac upstream
7 
+
8 
+Add prctl based control for Speculative Store Bypass mitigation and make it
9 
+the default mitigation for Intel and AMD.
10 
+
11 
+Andi Kleen provided the following rationale (slightly redacted):
12 
+
13 
+ There are multiple levels of impact of Speculative Store Bypass:
14 
+
15 
+ 1) JITed sandbox.
16 
+    It cannot invoke system calls, but can do PRIME+PROBE and may have call
17 
+    interfaces to other code
18 
+
19 
+ 2) Native code process.
20 
+    No protection inside the process at this level.
21 
+
22 
+ 3) Kernel.
23 
+
24 
+ 4) Between processes.
25 
+
26 
+ The prctl tries to protect against case (1) doing attacks.
27 
+
28 
+ If the untrusted code can do random system calls then control is already
29 
+ lost in a much worse way. So there needs to be system call protection in
30 
+ some way (using a JIT not allowing them or seccomp). Or rather if the
31 
+ process can subvert its environment somehow to do the prctl it can already
32 
+ execute arbitrary code, which is much worse than SSB.
33 
+
34 
+ To put it differently, the point of the prctl is to not allow JITed code
35 
+ to read data it shouldn't read from its JITed sandbox. If it already has
36 
+ escaped its sandbox then it can already read everything it wants in its
37 
+ address space, and do much worse.
38 
+
39 
+ The ability to control Speculative Store Bypass allows to enable the
40 
+ protection selectively without affecting overall system performance.
41 
+
42 
+Based on an initial patch from Tim Chen. Completely rewritten.
43 
+
44 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
45 
+Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
46 
+
47 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
48 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
49 
+---
50 
+ Documentation/kernel-parameters.txt  |  6 ++-
51 
+ arch/x86/include/asm/nospec-branch.h |  1 +
52 
+ arch/x86/kernel/cpu/bugs.c           | 83 +++++++++++++++++++++++++++++++-----
53 
+ 3 files changed, 79 insertions(+), 11 deletions(-)
54 
+
55 
+diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
56 
+index 792ac91..543923b 100644
57 
+--- a/Documentation/kernel-parameters.txt
58 
+@@ -4001,7 +4001,11 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
59 
+ 			off    - Unconditionally enable Speculative Store Bypass
60 
+ 			auto   - Kernel detects whether the CPU model contains an
61 
+ 				 implementation of Speculative Store Bypass and
62 
+-				 picks the most appropriate mitigation
63 
++				 picks the most appropriate mitigation.
64 
++			prctl  - Control Speculative Store Bypass per thread
65 
++				 via prctl. Speculative Store Bypass is enabled
66 
++				 for a process by default. The state of the control
67 
++				 is inherited on fork.
68 
+
69 
+ 			Not specifying this option is equivalent to
70 
+ 			spec_store_bypass_disable=auto.
71 
+diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
72 
+index 1119f14..71ad014 100644
73 
+--- a/arch/x86/include/asm/nospec-branch.h
74 
+@@ -232,6 +232,7 @@ extern u64 x86_spec_ctrl_get_default(void);
75 
+ enum ssb_mitigation {
76 
+ 	SPEC_STORE_BYPASS_NONE,
77 
+ 	SPEC_STORE_BYPASS_DISABLE,
78 
++	SPEC_STORE_BYPASS_PRCTL,
79 
+ };
80 
+
81 
+ extern char __indirect_thunk_start[];
82 
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
83 
+index 4f09576..b7d9adf 100644
84 
+--- a/arch/x86/kernel/cpu/bugs.c
85 
+@@ -11,6 +11,8 @@
86 
+ #include <linux/utsname.h>
87 
+ #include <linux/cpu.h>
88 
+ #include <linux/module.h>
89 
++#include <linux/nospec.h>
90 
++#include <linux/prctl.h>
91 
+
92 
+ #include <asm/spec-ctrl.h>
93 
+ #include <asm/cmdline.h>
94 
+@@ -411,20 +413,23 @@ enum ssb_mitigation_cmd {
95 
+ 	SPEC_STORE_BYPASS_CMD_NONE,
96 
+ 	SPEC_STORE_BYPASS_CMD_AUTO,
97 
+ 	SPEC_STORE_BYPASS_CMD_ON,
98 
++	SPEC_STORE_BYPASS_CMD_PRCTL,
99 
+ };
100 
+
101 
+ static const char *ssb_strings[] = {
102 
+ 	[SPEC_STORE_BYPASS_NONE]	= "Vulnerable",
103 
+-	[SPEC_STORE_BYPASS_DISABLE]	= "Mitigation: Speculative Store Bypass disabled"
104 
++	[SPEC_STORE_BYPASS_DISABLE]	= "Mitigation: Speculative Store Bypass disabled",
105 
++	[SPEC_STORE_BYPASS_PRCTL]	= "Mitigation: Speculative Store Bypass disabled via prctl"
106 
+ };
107 
+
108 
+ static const struct {
109 
+ 	const char *option;
110 
+ 	enum ssb_mitigation_cmd cmd;
111 
+ } ssb_mitigation_options[] = {
112 
+-	{ "auto",	SPEC_STORE_BYPASS_CMD_AUTO }, /* Platform decides */
113 
+-	{ "on",		SPEC_STORE_BYPASS_CMD_ON },   /* Disable Speculative Store Bypass */
114 
+-	{ "off",	SPEC_STORE_BYPASS_CMD_NONE }, /* Don't touch Speculative Store Bypass */
115 
++	{ "auto",	SPEC_STORE_BYPASS_CMD_AUTO },  /* Platform decides */
116 
++	{ "on",		SPEC_STORE_BYPASS_CMD_ON },    /* Disable Speculative Store Bypass */
117 
++	{ "off",	SPEC_STORE_BYPASS_CMD_NONE },  /* Don't touch Speculative Store Bypass */
118 
++	{ "prctl",	SPEC_STORE_BYPASS_CMD_PRCTL }, /* Disable Speculative Store Bypass via prctl */
119 
+ };
120 
+
121 
+ static enum ssb_mitigation_cmd __init ssb_parse_cmdline(void)
122 
+@@ -474,14 +479,15 @@ static enum ssb_mitigation_cmd __init __ssb_select_mitigation(void)
123 
+
124 
+ 	switch (cmd) {
125 
+ 	case SPEC_STORE_BYPASS_CMD_AUTO:
126 
+-		/*
127 
+-		 * AMD platforms by default don't need SSB mitigation.
128 
+-		 */
129 
+-		if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD)
130 
+-			break;
131 
++		/* Choose prctl as the default mode */
132 
++		mode = SPEC_STORE_BYPASS_PRCTL;
133 
++		break;
134 
+ 	case SPEC_STORE_BYPASS_CMD_ON:
135 
+ 		mode = SPEC_STORE_BYPASS_DISABLE;
136 
+ 		break;
137 
++	case SPEC_STORE_BYPASS_CMD_PRCTL:
138 
++		mode = SPEC_STORE_BYPASS_PRCTL;
139 
++		break;
140 
+ 	case SPEC_STORE_BYPASS_CMD_NONE:
141 
+ 		break;
142 
+ 	}
143 
+@@ -492,7 +498,7 @@ static enum ssb_mitigation_cmd __init __ssb_select_mitigation(void)
144 
+ 	 *  - X86_FEATURE_RDS - CPU is able to turn off speculative store bypass
145 
+ 	 *  - X86_FEATURE_SPEC_STORE_BYPASS_DISABLE - engage the mitigation
146 
+ 	 */
147 
+-	if (mode != SPEC_STORE_BYPASS_NONE) {
148 
++	if (mode == SPEC_STORE_BYPASS_DISABLE) {
149 
+ 		setup_force_cpu_cap(X86_FEATURE_SPEC_STORE_BYPASS_DISABLE);
150 
+ 		/*
151 
+ 		 * Intel uses the SPEC CTRL MSR Bit(2) for this, while AMD uses
152 
+@@ -523,6 +529,63 @@ static void ssb_select_mitigation()
153 
+
154 
+ #undef pr_fmt
155 
+
156 
++static int ssb_prctl_set(unsigned long ctrl)
157 
++{
158 
++	bool rds = !!test_tsk_thread_flag(current, TIF_RDS);
159 
++
160 
++	if (ssb_mode != SPEC_STORE_BYPASS_PRCTL)
161 
++		return -ENXIO;
162 
++
163 
++	if (ctrl == PR_SPEC_ENABLE)
164 
++		clear_tsk_thread_flag(current, TIF_RDS);
165 
++	else
166 
++		set_tsk_thread_flag(current, TIF_RDS);
167 
++
168 
++	if (rds != !!test_tsk_thread_flag(current, TIF_RDS))
169 
++		speculative_store_bypass_update();
170 
++
171 
++	return 0;
172 
++}
173 
++
174 
++static int ssb_prctl_get(void)
175 
++{
176 
++	switch (ssb_mode) {
177 
++	case SPEC_STORE_BYPASS_DISABLE:
178 
++		return PR_SPEC_DISABLE;
179 
++	case SPEC_STORE_BYPASS_PRCTL:
180 
++		if (test_tsk_thread_flag(current, TIF_RDS))
181 
++			return PR_SPEC_PRCTL | PR_SPEC_DISABLE;
182 
++		return PR_SPEC_PRCTL | PR_SPEC_ENABLE;
183 
++	default:
184 
++		if (boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS))
185 
++			return PR_SPEC_ENABLE;
186 
++		return PR_SPEC_NOT_AFFECTED;
187 
++	}
188 
++}
189 
++
190 
++int arch_prctl_spec_ctrl_set(unsigned long which, unsigned long ctrl)
191 
++{
192 
++	if (ctrl != PR_SPEC_ENABLE && ctrl != PR_SPEC_DISABLE)
193 
++		return -ERANGE;
194 
++
195 
++	switch (which) {
196 
++	case PR_SPEC_STORE_BYPASS:
197 
++		return ssb_prctl_set(ctrl);
198 
++	default:
199 
++		return -ENODEV;
200 
++	}
201 
++}
202 
++
203 
++int arch_prctl_spec_ctrl_get(unsigned long which)
204 
++{
205 
++	switch (which) {
206 
++	case PR_SPEC_STORE_BYPASS:
207 
++		return ssb_prctl_get();
208 
++	default:
209 
++		return -ENODEV;
210 
++	}
211 
++}
212 
++
213 
+ void x86_spec_ctrl_setup_ap(void)
214 
+ {
215 
+ 	if (boot_cpu_has(X86_FEATURE_IBRS))
216 
+--
217 
+2.7.4
218 
+
SPECS/linux/speculative-store-bypass/0021-nospec-Allow-getting-setting-on-non-current-task.patch
History View file @ c3d25b5
0 219 
new file mode 100644
... ... 
@@ -0,0 +1,162 @@
0 
+From b78a78bbe1529796b94416af04e302f872bb9646 Mon Sep 17 00:00:00 2001
1 
+From: Kees Cook <keescook@chromium.org>
2 
+Date: Tue, 1 May 2018 15:19:04 -0700
3 
+Subject: [PATCH 21/54] nospec: Allow getting/setting on non-current task
4 
+
5 
+commit 7bbf1373e228840bb0295a2ca26d548ef37f448e upstream
6 
+
7 
+Adjust arch_prctl_get/set_spec_ctrl() to operate on tasks other than
8 
+current.
9 
+
10 
+This is needed both for /proc/$pid/status queries and for seccomp (since
11 
+thread-syncing can trigger seccomp in non-current threads).
12 
+
13 
+Signed-off-by: Kees Cook <keescook@chromium.org>
14 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
15 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
16 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
17 
+---
18 
+ arch/x86/kernel/cpu/bugs.c | 27 ++++++++++++++++-----------
19 
+ include/linux/nospec.h     |  7 +++++--
20 
+ kernel/sys.c               |  9 +++++----
21 
+ 3 files changed, 26 insertions(+), 17 deletions(-)
22 
+
23 
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
24 
+index b7d9adf..3760931 100644
25 
+--- a/arch/x86/kernel/cpu/bugs.c
26 
+@@ -529,31 +529,35 @@ static void ssb_select_mitigation()
27 
+
28 
+ #undef pr_fmt
29 
+
30 
+-static int ssb_prctl_set(unsigned long ctrl)
31 
++static int ssb_prctl_set(struct task_struct *task, unsigned long ctrl)
32 
+ {
33 
+-	bool rds = !!test_tsk_thread_flag(current, TIF_RDS);
34 
++	bool rds = !!test_tsk_thread_flag(task, TIF_RDS);
35 
+
36 
+ 	if (ssb_mode != SPEC_STORE_BYPASS_PRCTL)
37 
+ 		return -ENXIO;
38 
+
39 
+ 	if (ctrl == PR_SPEC_ENABLE)
40 
+-		clear_tsk_thread_flag(current, TIF_RDS);
41 
++		clear_tsk_thread_flag(task, TIF_RDS);
42 
+ 	else
43 
+-		set_tsk_thread_flag(current, TIF_RDS);
44 
++		set_tsk_thread_flag(task, TIF_RDS);
45 
+
46 
+-	if (rds != !!test_tsk_thread_flag(current, TIF_RDS))
47 
++	/*
48 
++	 * If being set on non-current task, delay setting the CPU
49 
++	 * mitigation until it is next scheduled.
50 
++	 */
51 
++	if (task == current && rds != !!test_tsk_thread_flag(task, TIF_RDS))
52 
+ 		speculative_store_bypass_update();
53 
+
54 
+ 	return 0;
55 
+ }
56 
+
57 
+-static int ssb_prctl_get(void)
58 
++static int ssb_prctl_get(struct task_struct *task)
59 
+ {
60 
+ 	switch (ssb_mode) {
61 
+ 	case SPEC_STORE_BYPASS_DISABLE:
62 
+ 		return PR_SPEC_DISABLE;
63 
+ 	case SPEC_STORE_BYPASS_PRCTL:
64 
+-		if (test_tsk_thread_flag(current, TIF_RDS))
65 
++		if (test_tsk_thread_flag(task, TIF_RDS))
66 
+ 			return PR_SPEC_PRCTL | PR_SPEC_DISABLE;
67 
+ 		return PR_SPEC_PRCTL | PR_SPEC_ENABLE;
68 
+ 	default:
69 
+@@ -563,24 +567,25 @@ static int ssb_prctl_get(void)
70 
+ 	}
71 
+ }
72 
+
73 
+-int arch_prctl_spec_ctrl_set(unsigned long which, unsigned long ctrl)
74 
++int arch_prctl_spec_ctrl_set(struct task_struct *task, unsigned long which,
75 
++			     unsigned long ctrl)
76 
+ {
77 
+ 	if (ctrl != PR_SPEC_ENABLE && ctrl != PR_SPEC_DISABLE)
78 
+ 		return -ERANGE;
79 
+
80 
+ 	switch (which) {
81 
+ 	case PR_SPEC_STORE_BYPASS:
82 
+-		return ssb_prctl_set(ctrl);
83 
++		return ssb_prctl_set(task, ctrl);
84 
+ 	default:
85 
+ 		return -ENODEV;
86 
+ 	}
87 
+ }
88 
+
89 
+-int arch_prctl_spec_ctrl_get(unsigned long which)
90 
++int arch_prctl_spec_ctrl_get(struct task_struct *task, unsigned long which)
91 
+ {
92 
+ 	switch (which) {
93 
+ 	case PR_SPEC_STORE_BYPASS:
94 
+-		return ssb_prctl_get();
95 
++		return ssb_prctl_get(task);
96 
+ 	default:
97 
+ 		return -ENODEV;
98 
+ 	}
99 
+diff --git a/include/linux/nospec.h b/include/linux/nospec.h
100 
+index 700bb8a..a908c95 100644
101 
+--- a/include/linux/nospec.h
102 
+@@ -7,6 +7,8 @@
103 
+ #define _LINUX_NOSPEC_H
104 
+ #include <asm/barrier.h>
105 
+
106 
++struct task_struct;
107 
++
108 
+ /**
109 
+  * array_index_mask_nospec() - generate a ~0 mask when index < size, 0 otherwise
110 
+  * @index: array element index
111 
+@@ -57,7 +59,8 @@ static inline unsigned long array_index_mask_nospec(unsigned long index,
112 
+ })
113 
+
114 
+ /* Speculation control prctl */
115 
+-int arch_prctl_spec_ctrl_get(unsigned long which);
116 
+-int arch_prctl_spec_ctrl_set(unsigned long which, unsigned long ctrl);
117 
++int arch_prctl_spec_ctrl_get(struct task_struct *task, unsigned long which);
118 
++int arch_prctl_spec_ctrl_set(struct task_struct *task, unsigned long which,
119 
++			     unsigned long ctrl);
120 
+
121 
+ #endif /* _LINUX_NOSPEC_H */
122 
+diff --git a/kernel/sys.c b/kernel/sys.c
123 
+index 312c985..143cd63 100644
124 
+--- a/kernel/sys.c
125 
+@@ -2074,12 +2074,13 @@ static int prctl_get_tid_address(struct task_struct *me, int __user **tid_addr)
126 
+ }
127 
+ #endif
128 
+
129 
+-int __weak arch_prctl_spec_ctrl_get(unsigned long which)
130 
++int __weak arch_prctl_spec_ctrl_get(struct task_struct *t, unsigned long which)
131 
+ {
132 
+ 	return -EINVAL;
133 
+ }
134 
+
135 
+-int __weak arch_prctl_spec_ctrl_set(unsigned long which, unsigned long ctrl)
136 
++int __weak arch_prctl_spec_ctrl_set(struct task_struct *t, unsigned long which,
137 
++				    unsigned long ctrl)
138 
+ {
139 
+ 	return -EINVAL;
140 
+ }
141 
+@@ -2285,12 +2286,12 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
142 
+ 	case PR_GET_SPECULATION_CTRL:
143 
+ 		if (arg3 || arg4 || arg5)
144 
+ 			return -EINVAL;
145 
+-		error = arch_prctl_spec_ctrl_get(arg2);
146 
++		error = arch_prctl_spec_ctrl_get(me, arg2);
147 
+ 		break;
148 
+ 	case PR_SET_SPECULATION_CTRL:
149 
+ 		if (arg4 || arg5)
150 
+ 			return -EINVAL;
151 
+-		error = arch_prctl_spec_ctrl_set(arg2, arg3);
152 
++		error = arch_prctl_spec_ctrl_set(me, arg2, arg3);
153 
+ 		break;
154 
+ 	default:
155 
+ 		error = -EINVAL;
156 
+--
157 
+2.7.4
158 
+
SPECS/linux/speculative-store-bypass/0022-proc-Provide-details-on-speculation-flaw-mitigations.patch
History View file @ c3d25b5
0 159 
new file mode 100644
... ... 
@@ -0,0 +1,64 @@
0 
+From 35ac7b7721fcf4ec87ddbcff4cda073bec0175e6 Mon Sep 17 00:00:00 2001
1 
+From: Kees Cook <keescook@chromium.org>
2 
+Date: Tue, 1 May 2018 15:31:45 -0700
3 
+Subject: [PATCH 22/54] proc: Provide details on speculation flaw mitigations
4 
+
5 
+commit fae1fa0fc6cca8beee3ab8ed71d54f9a78fa3f64 upstream
6 
+
7 
+As done with seccomp and no_new_privs, also show speculation flaw
8 
+mitigation state in /proc/$pid/status.
9 
+
10 
+Signed-off-by: Kees Cook <keescook@chromium.org>
11 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
12 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
13 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
14 
+---
15 
+ fs/proc/array.c | 24 +++++++++++++++++++++++-
16 
+ 1 file changed, 23 insertions(+), 1 deletion(-)
17 
+
18 
+diff --git a/fs/proc/array.c b/fs/proc/array.c
19 
+index 794b52a..64f3f20 100644
20 
+--- a/fs/proc/array.c
21 
+@@ -80,6 +80,7 @@
22 
+ #include <linux/delayacct.h>
23 
+ #include <linux/seq_file.h>
24 
+ #include <linux/pid_namespace.h>
25 
++#include <linux/prctl.h>
26 
+ #include <linux/ptrace.h>
27 
+ #include <linux/tracehook.h>
28 
+ #include <linux/string_helpers.h>
29 
+@@ -345,8 +346,29 @@ static inline void task_seccomp(struct seq_file *m, struct task_struct *p)
30 
+ {
31 
+ #ifdef CONFIG_SECCOMP
32 
+ 	seq_put_decimal_ull(m, "Seccomp:\t", p->seccomp.mode);
33 
+-	seq_putc(m, '\n');
34 
+ #endif
35 
++	seq_printf(m, "\nSpeculation Store Bypass:\t");
36 
++	switch (arch_prctl_spec_ctrl_get(p, PR_SPEC_STORE_BYPASS)) {
37 
++	case -EINVAL:
38 
++		seq_printf(m, "unknown");
39 
++		break;
40 
++	case PR_SPEC_NOT_AFFECTED:
41 
++		seq_printf(m, "not vulnerable");
42 
++		break;
43 
++	case PR_SPEC_PRCTL | PR_SPEC_DISABLE:
44 
++		seq_printf(m, "thread mitigated");
45 
++		break;
46 
++	case PR_SPEC_PRCTL | PR_SPEC_ENABLE:
47 
++		seq_printf(m, "thread vulnerable");
48 
++		break;
49 
++	case PR_SPEC_DISABLE:
50 
++		seq_printf(m, "globally mitigated");
51 
++		break;
52 
++	default:
53 
++		seq_printf(m, "vulnerable");
54 
++		break;
55 
++	}
56 
++	seq_putc(m, '\n');
57 
+ }
58 
+
59 
+ static inline void task_context_switch_counts(struct seq_file *m,
60 
+--
61 
+2.7.4
62 
+
SPECS/linux/speculative-store-bypass/0023-seccomp-Enable-speculation-flaw-mitigations.patch
History View file @ c3d25b5
0 63 
new file mode 100644
... ... 
@@ -0,0 +1,64 @@
0 
+From 8f4e8b49f542bef6dbdbf8b5373d6222e524d8c9 Mon Sep 17 00:00:00 2001
1 
+From: Kees Cook <keescook@chromium.org>
2 
+Date: Tue, 1 May 2018 15:07:31 -0700
3 
+Subject: [PATCH 23/54] seccomp: Enable speculation flaw mitigations
4 
+
5 
+commit 5c3070890d06ff82eecb808d02d2ca39169533ef upstream
6 
+
7 
+When speculation flaw mitigations are opt-in (via prctl), using seccomp
8 
+will automatically opt-in to these protections, since using seccomp
9 
+indicates at least some level of sandboxing is desired.
10 
+
11 
+Signed-off-by: Kees Cook <keescook@chromium.org>
12 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
13 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
14 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
15 
+---
16 
+ kernel/seccomp.c | 17 +++++++++++++++++
17 
+ 1 file changed, 17 insertions(+)
18 
+
19 
+diff --git a/kernel/seccomp.c b/kernel/seccomp.c
20 
+index af182a6..1d3078b 100644
21 
+--- a/kernel/seccomp.c
22 
+@@ -16,6 +16,8 @@
23 
+ #include <linux/atomic.h>
24 
+ #include <linux/audit.h>
25 
+ #include <linux/compat.h>
26 
++#include <linux/nospec.h>
27 
++#include <linux/prctl.h>
28 
+ #include <linux/sched.h>
29 
+ #include <linux/seccomp.h>
30 
+ #include <linux/slab.h>
31 
+@@ -214,6 +216,19 @@ static inline bool seccomp_may_assign_mode(unsigned long seccomp_mode)
32 
+ 	return true;
33 
+ }
34 
+
35 
++/*
36 
++ * If a given speculation mitigation is opt-in (prctl()-controlled),
37 
++ * select it, by disabling speculation (enabling mitigation).
38 
++ */
39 
++static inline void spec_mitigate(struct task_struct *task,
40 
++				 unsigned long which)
41 
++{
42 
++	int state = arch_prctl_spec_ctrl_get(task, which);
43 
++
44 
++	if (state > 0 && (state & PR_SPEC_PRCTL))
45 
++		arch_prctl_spec_ctrl_set(task, which, PR_SPEC_DISABLE);
46 
++}
47 
++
48 
+ static inline void seccomp_assign_mode(struct task_struct *task,
49 
+ 				       unsigned long seccomp_mode)
50 
+ {
51 
+@@ -225,6 +240,8 @@ static inline void seccomp_assign_mode(struct task_struct *task,
52 
+ 	 * filter) is set.
53 
+ 	 */
54 
+ 	smp_mb__before_atomic();
55 
++	/* Assume seccomp processes want speculation flaw mitigation. */
56 
++	spec_mitigate(task, PR_SPEC_STORE_BYPASS);
57 
+ 	set_tsk_thread_flag(task, TIF_SECCOMP);
58 
+ }
59 
+
60 
+--
61 
+2.7.4
62 
+
SPECS/linux/speculative-store-bypass/0024-x86-bugs-Make-boot-modes-__ro_after_init.patch
History View file @ c3d25b5
0 63 
new file mode 100644
... ... 
@@ -0,0 +1,43 @@
0 
+From bb7394efb622c21daa838048937e0ef45674f413 Mon Sep 17 00:00:00 2001
1 
+From: Kees Cook <keescook@chromium.org>
2 
+Date: Thu, 3 May 2018 15:03:30 -0700
3 
+Subject: [PATCH 24/54] x86/bugs: Make boot modes __ro_after_init
4 
+
5 
+commit f9544b2b076ca90d887c5ae5d74fab4c21bb7c13 upstream
6 
+
7 
+There's no reason for these to be changed after boot.
8 
+
9 
+Signed-off-by: Kees Cook <keescook@chromium.org>
10 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
11 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
12 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
13 
+---
14 
+ arch/x86/kernel/cpu/bugs.c | 5 +++--
15 
+ 1 file changed, 3 insertions(+), 2 deletions(-)
16 
+
17 
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
18 
+index 3760931..65114d2 100644
19 
+--- a/arch/x86/kernel/cpu/bugs.c
20 
+@@ -128,7 +128,8 @@ static const char *spectre_v2_strings[] = {
21 
+ #undef pr_fmt
22 
+ #define pr_fmt(fmt)     "Spectre V2 : " fmt
23 
+
24 
+-static enum spectre_v2_mitigation spectre_v2_enabled = SPECTRE_V2_NONE;
25 
++static enum spectre_v2_mitigation spectre_v2_enabled __ro_after_init =
26 
++	SPECTRE_V2_NONE;
27 
+
28 
+ void x86_spec_ctrl_set(u64 val)
29 
+ {
30 
+@@ -406,7 +407,7 @@ static void __init spectre_v2_select_mitigation(void)
31 
+ #undef pr_fmt
32 
+ #define pr_fmt(fmt)	"Speculative Store Bypass: " fmt
33 
+
34 
+-static enum ssb_mitigation ssb_mode = SPEC_STORE_BYPASS_NONE;
35 
++static enum ssb_mitigation ssb_mode __ro_after_init = SPEC_STORE_BYPASS_NONE;
36 
+
37 
+ /* The kernel command line selection */
38 
+ enum ssb_mitigation_cmd {
39 
+--
40 
+2.7.4
41 
+
SPECS/linux/speculative-store-bypass/0025-prctl-Add-force-disable-speculation.patch
History View file @ c3d25b5
0 42 
new file mode 100644
... ... 
@@ -0,0 +1,218 @@
0 
+From 512e11d2918b279a0f895d6f9eb560d815ce2ea2 Mon Sep 17 00:00:00 2001
1 
+From: Thomas Gleixner <tglx@linutronix.de>
2 
+Date: Thu, 3 May 2018 22:09:15 +0200
3 
+Subject: [PATCH 25/54] prctl: Add force disable speculation
4 
+
5 
+commit 356e4bfff2c5489e016fdb925adbf12a1e3950ee upstream
6 
+
7 
+For certain use cases it is desired to enforce mitigations so they cannot
8 
+be undone afterwards. That's important for loader stubs which want to
9 
+prevent a child from disabling the mitigation again. Will also be used for
10 
+seccomp(). The extra state preserving of the prctl state for SSB is a
11 
+preparatory step for EBPF dymanic speculation control.
12 
+
13 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
14 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
15 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
16 
+---
17 
+ Documentation/spec_ctrl.txt | 34 +++++++++++++++++++++-------------
18 
+ arch/x86/kernel/cpu/bugs.c  | 35 +++++++++++++++++++++++++----------
19 
+ fs/proc/array.c             |  3 +++
20 
+ include/linux/sched.h       |  9 +++++++++
21 
+ include/uapi/linux/prctl.h  |  1 +
22 
+ 5 files changed, 59 insertions(+), 23 deletions(-)
23 
+
24 
+diff --git a/Documentation/spec_ctrl.txt b/Documentation/spec_ctrl.txt
25 
+index ddbebcd..1b3690d 100644
26 
+--- a/Documentation/spec_ctrl.txt
27 
+@@ -25,19 +25,21 @@ PR_GET_SPECULATION_CTRL
28 
+ -----------------------
29 
+
30 
+ PR_GET_SPECULATION_CTRL returns the state of the speculation misfeature
31 
+-which is selected with arg2 of prctl(2). The return value uses bits 0-2 with
32 
++which is selected with arg2 of prctl(2). The return value uses bits 0-3 with
33 
+ the following meaning:
34 
+
35 
+-==== ================ ===================================================
36 
+-Bit  Define           Description
37 
+-==== ================ ===================================================
38 
+-0    PR_SPEC_PRCTL    Mitigation can be controlled per task by
39 
+-                      PR_SET_SPECULATION_CTRL
40 
+-1    PR_SPEC_ENABLE   The speculation feature is enabled, mitigation is
41 
+-                      disabled
42 
+-2    PR_SPEC_DISABLE  The speculation feature is disabled, mitigation is
43 
+-                      enabled
44 
+-==== ================ ===================================================
45 
++==== ===================== ===================================================
46 
++Bit  Define                Description
47 
++==== ===================== ===================================================
48 
++0    PR_SPEC_PRCTL         Mitigation can be controlled per task by
49 
++                           PR_SET_SPECULATION_CTRL
50 
++1    PR_SPEC_ENABLE        The speculation feature is enabled, mitigation is
51 
++                           disabled
52 
++2    PR_SPEC_DISABLE       The speculation feature is disabled, mitigation is
53 
++                           enabled
54 
++3    PR_SPEC_FORCE_DISABLE Same as PR_SPEC_DISABLE, but cannot be undone. A
55 
++                           subsequent prctl(..., PR_SPEC_ENABLE) will fail.
56 
++==== ===================== ===================================================
57 
+
58 
+ If all bits are 0 the CPU is not affected by the speculation misfeature.
59 
+
60 
+@@ -47,9 +49,11 @@ misfeature will fail.
61 
+
62 
+ PR_SET_SPECULATION_CTRL
63 
+ -----------------------
64 
++
65 
+ PR_SET_SPECULATION_CTRL allows to control the speculation misfeature, which
66 
+ is selected by arg2 of :manpage:`prctl(2)` per task. arg3 is used to hand
67 
+-in the control value, i.e. either PR_SPEC_ENABLE or PR_SPEC_DISABLE.
68 
++in the control value, i.e. either PR_SPEC_ENABLE or PR_SPEC_DISABLE or
69 
++PR_SPEC_FORCE_DISABLE.
70 
+
71 
+ Common error codes
72 
+ ------------------
73 
+@@ -70,10 +74,13 @@ Value   Meaning
74 
+ 0       Success
75 
+
76 
+ ERANGE  arg3 is incorrect, i.e. it's neither PR_SPEC_ENABLE nor
77 
+-        PR_SPEC_DISABLE
78 
++        PR_SPEC_DISABLE nor PR_SPEC_FORCE_DISABLE
79 
+
80 
+ ENXIO   Control of the selected speculation misfeature is not possible.
81 
+         See PR_GET_SPECULATION_CTRL.
82 
++
83 
++EPERM   Speculation was disabled with PR_SPEC_FORCE_DISABLE and caller
84 
++        tried to enable it again.
85 
+ ======= =================================================================
86 
+
87 
+ Speculation misfeature controls
88 
+@@ -84,3 +91,4 @@ Speculation misfeature controls
89 
+    * prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, 0, 0, 0);
90 
+    * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_ENABLE, 0, 0);
91 
+    * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
92 
++   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_FORCE_DISABLE, 0, 0);
93 
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
94 
+index 65114d2..fdbd8e5 100644
95 
+--- a/arch/x86/kernel/cpu/bugs.c
96 
+@@ -532,21 +532,37 @@ static void ssb_select_mitigation()
97 
+
98 
+ static int ssb_prctl_set(struct task_struct *task, unsigned long ctrl)
99 
+ {
100 
+-	bool rds = !!test_tsk_thread_flag(task, TIF_RDS);
101 
++	bool update;
102 
+
103 
+ 	if (ssb_mode != SPEC_STORE_BYPASS_PRCTL)
104 
+ 		return -ENXIO;
105 
+
106 
+-	if (ctrl == PR_SPEC_ENABLE)
107 
+-		clear_tsk_thread_flag(task, TIF_RDS);
108 
+-	else
109 
+-		set_tsk_thread_flag(task, TIF_RDS);
110 
++	switch (ctrl) {
111 
++	case PR_SPEC_ENABLE:
112 
++		/* If speculation is force disabled, enable is not allowed */
113 
++		if (task_spec_ssb_force_disable(task))
114 
++			return -EPERM;
115 
++		task_clear_spec_ssb_disable(task);
116 
++		update = test_and_clear_tsk_thread_flag(task, TIF_RDS);
117 
++		break;
118 
++	case PR_SPEC_DISABLE:
119 
++		task_set_spec_ssb_disable(task);
120 
++		update = !test_and_set_tsk_thread_flag(task, TIF_RDS);
121 
++		break;
122 
++	case PR_SPEC_FORCE_DISABLE:
123 
++		task_set_spec_ssb_disable(task);
124 
++		task_set_spec_ssb_force_disable(task);
125 
++		update = !test_and_set_tsk_thread_flag(task, TIF_RDS);
126 
++		break;
127 
++	default:
128 
++		return -ERANGE;
129 
++	}
130 
+
131 
+ 	/*
132 
+ 	 * If being set on non-current task, delay setting the CPU
133 
+ 	 * mitigation until it is next scheduled.
134 
+ 	 */
135 
+-	if (task == current && rds != !!test_tsk_thread_flag(task, TIF_RDS))
136 
++	if (task == current && update)
137 
+ 		speculative_store_bypass_update();
138 
+
139 
+ 	return 0;
140 
+@@ -558,7 +574,9 @@ static int ssb_prctl_get(struct task_struct *task)
141 
+ 	case SPEC_STORE_BYPASS_DISABLE:
142 
+ 		return PR_SPEC_DISABLE;
143 
+ 	case SPEC_STORE_BYPASS_PRCTL:
144 
+-		if (test_tsk_thread_flag(task, TIF_RDS))
145 
++		if (task_spec_ssb_force_disable(task))
146 
++			return PR_SPEC_PRCTL | PR_SPEC_FORCE_DISABLE;
147 
++		if (task_spec_ssb_disable(task))
148 
+ 			return PR_SPEC_PRCTL | PR_SPEC_DISABLE;
149 
+ 		return PR_SPEC_PRCTL | PR_SPEC_ENABLE;
150 
+ 	default:
151 
+@@ -571,9 +589,6 @@ static int ssb_prctl_get(struct task_struct *task)
152 
+ int arch_prctl_spec_ctrl_set(struct task_struct *task, unsigned long which,
153 
+ 			     unsigned long ctrl)
154 
+ {
155 
+-	if (ctrl != PR_SPEC_ENABLE && ctrl != PR_SPEC_DISABLE)
156 
+-		return -ERANGE;
157 
+-
158 
+ 	switch (which) {
159 
+ 	case PR_SPEC_STORE_BYPASS:
160 
+ 		return ssb_prctl_set(task, ctrl);
161 
+diff --git a/fs/proc/array.c b/fs/proc/array.c
162 
+index 64f3f20..3e37195 100644
163 
+--- a/fs/proc/array.c
164 
+@@ -355,6 +355,9 @@ static inline void task_seccomp(struct seq_file *m, struct task_struct *p)
165 
+ 	case PR_SPEC_NOT_AFFECTED:
166 
+ 		seq_printf(m, "not vulnerable");
167 
+ 		break;
168 
++	case PR_SPEC_PRCTL | PR_SPEC_FORCE_DISABLE:
169 
++		seq_printf(m, "thread force mitigated");
170 
++		break;
171 
+ 	case PR_SPEC_PRCTL | PR_SPEC_DISABLE:
172 
+ 		seq_printf(m, "thread mitigated");
173 
+ 		break;
174 
+diff --git a/include/linux/sched.h b/include/linux/sched.h
175 
+index c549c8c..5ebef8c 100644
176 
+--- a/include/linux/sched.h
177 
+@@ -2354,6 +2354,8 @@ static inline void memalloc_noio_restore(unsigned int flags)
178 
+ #define PFA_SPREAD_PAGE  1      /* Spread page cache over cpuset */
179 
+ #define PFA_SPREAD_SLAB  2      /* Spread some slab caches over cpuset */
180 
+ #define PFA_LMK_WAITING  3      /* Lowmemorykiller is waiting */
181 
++#define PFA_SPEC_SSB_DISABLE		4	/* Speculative Store Bypass disabled */
182 
++#define PFA_SPEC_SSB_FORCE_DISABLE	5	/* Speculative Store Bypass force disabled*/
183 
+
184 
+
185 
+ #define TASK_PFA_TEST(name, func)					\
186 
+@@ -2380,6 +2382,13 @@ TASK_PFA_CLEAR(SPREAD_SLAB, spread_slab)
187 
+ TASK_PFA_TEST(LMK_WAITING, lmk_waiting)
188 
+ TASK_PFA_SET(LMK_WAITING, lmk_waiting)
189 
+
190 
++TASK_PFA_TEST(SPEC_SSB_DISABLE, spec_ssb_disable)
191 
++TASK_PFA_SET(SPEC_SSB_DISABLE, spec_ssb_disable)
192 
++TASK_PFA_CLEAR(SPEC_SSB_DISABLE, spec_ssb_disable)
193 
++
194 
++TASK_PFA_TEST(SPEC_SSB_FORCE_DISABLE, spec_ssb_force_disable)
195 
++TASK_PFA_SET(SPEC_SSB_FORCE_DISABLE, spec_ssb_force_disable)
196 
++
197 
+ /*
198 
+  * task->jobctl flags
199 
+  */
200 
+diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h
201 
+index 3b316be..64776b7 100644
202 
+--- a/include/uapi/linux/prctl.h
203 
+@@ -207,5 +207,6 @@ struct prctl_mm_map {
204 
+ # define PR_SPEC_PRCTL			(1UL << 0)
205 
+ # define PR_SPEC_ENABLE			(1UL << 1)
206 
+ # define PR_SPEC_DISABLE		(1UL << 2)
207 
++# define PR_SPEC_FORCE_DISABLE		(1UL << 3)
208 
+
209 
+ #endif /* _LINUX_PRCTL_H */
210 
+--
211 
+2.7.4
212 
+
SPECS/linux/speculative-store-bypass/0026-seccomp-Use-PR_SPEC_FORCE_DISABLE.patch
History View file @ c3d25b5
0 213 
new file mode 100644
... ... 
@@ -0,0 +1,33 @@
0 
+From 80e6b62a0da8f9769f3480b42998b4fead364e06 Mon Sep 17 00:00:00 2001
1 
+From: Thomas Gleixner <tglx@linutronix.de>
2 
+Date: Fri, 4 May 2018 09:40:03 +0200
3 
+Subject: [PATCH 26/54] seccomp: Use PR_SPEC_FORCE_DISABLE
4 
+
5 
+commit b849a812f7eb92e96d1c8239b06581b2cfd8b275 upstream
6 
+
7 
+Use PR_SPEC_FORCE_DISABLE in seccomp() because seccomp does not allow to
8 
+widen restrictions.
9 
+
10 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
11 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
12 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
13 
+---
14 
+ kernel/seccomp.c | 2 +-
15 
+ 1 file changed, 1 insertion(+), 1 deletion(-)
16 
+
17 
+diff --git a/kernel/seccomp.c b/kernel/seccomp.c
18 
+index 1d3078b..a0bd6ea 100644
19 
+--- a/kernel/seccomp.c
20 
+@@ -226,7 +226,7 @@ static inline void spec_mitigate(struct task_struct *task,
21 
+ 	int state = arch_prctl_spec_ctrl_get(task, which);
22 
+
23 
+ 	if (state > 0 && (state & PR_SPEC_PRCTL))
24 
+-		arch_prctl_spec_ctrl_set(task, which, PR_SPEC_DISABLE);
25 
++		arch_prctl_spec_ctrl_set(task, which, PR_SPEC_FORCE_DISABLE);
26 
+ }
27 
+
28 
+ static inline void seccomp_assign_mode(struct task_struct *task,
29 
+--
30 
+2.7.4
31 
+
SPECS/linux/speculative-store-bypass/0027-seccomp-Add-filter-flag-to-opt-out-of-SSB-mitigation.patch
History View file @ c3d25b5
0 32 
new file mode 100644
... ... 
@@ -0,0 +1,222 @@
0 
+From 85ad3fad7eefe018f2400c609658dacb060cfeb1 Mon Sep 17 00:00:00 2001
1 
+From: Kees Cook <keescook@chromium.org>
2 
+Date: Thu, 3 May 2018 14:56:12 -0700
3 
+Subject: [PATCH 27/54] seccomp: Add filter flag to opt-out of SSB mitigation
4 
+
5 
+commit 00a02d0c502a06d15e07b857f8ff921e3e402675 upstream
6 
+
7 
+If a seccomp user is not interested in Speculative Store Bypass mitigation
8 
+by default, it can set the new SECCOMP_FILTER_FLAG_SPEC_ALLOW flag when
9 
+adding filters.
10 
+
11 
+Signed-off-by: Kees Cook <keescook@chromium.org>
12 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
13 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
14 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
15 
+---
16 
+ include/linux/seccomp.h                       |  3 +-
17 
+ include/uapi/linux/seccomp.h                  |  4 +-
18 
+ kernel/seccomp.c                              | 19 ++++---
19 
+ tools/testing/selftests/seccomp/seccomp_bpf.c | 78 ++++++++++++++++++++++++++-
20 
+ 4 files changed, 93 insertions(+), 11 deletions(-)
21 
+
22 
+diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h
23 
+index ecc296c..50c460a 100644
24 
+--- a/include/linux/seccomp.h
25 
+@@ -3,7 +3,8 @@
26 
+
27 
+ #include <uapi/linux/seccomp.h>
28 
+
29 
+-#define SECCOMP_FILTER_FLAG_MASK	(SECCOMP_FILTER_FLAG_TSYNC)
30 
++#define SECCOMP_FILTER_FLAG_MASK	(SECCOMP_FILTER_FLAG_TSYNC	| \
31 
++					 SECCOMP_FILTER_FLAG_SPEC_ALLOW)
32 
+
33 
+ #ifdef CONFIG_SECCOMP
34 
+
35 
+diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/seccomp.h
36 
+index 0f238a4..e4acb61 100644
37 
+--- a/include/uapi/linux/seccomp.h
38 
+@@ -15,7 +15,9 @@
39 
+ #define SECCOMP_SET_MODE_FILTER	1
40 
+
41 
+ /* Valid flags for SECCOMP_SET_MODE_FILTER */
42 
+-#define SECCOMP_FILTER_FLAG_TSYNC	1
43 
++#define SECCOMP_FILTER_FLAG_TSYNC	(1UL << 0)
44 
++/* In v4.14+ SECCOMP_FILTER_FLAG_LOG is (1UL << 1) */
45 
++#define SECCOMP_FILTER_FLAG_SPEC_ALLOW	(1UL << 2)
46 
+
47 
+ /*
48 
+  * All BPF programs must return a 32-bit value.
49 
+diff --git a/kernel/seccomp.c b/kernel/seccomp.c
50 
+index a0bd6ea..62a60e7 100644
51 
+--- a/kernel/seccomp.c
52 
+@@ -230,7 +230,8 @@ static inline void spec_mitigate(struct task_struct *task,
53 
+ }
54 
+
55 
+ static inline void seccomp_assign_mode(struct task_struct *task,
56 
+-				       unsigned long seccomp_mode)
57 
++				       unsigned long seccomp_mode,
58 
++				       unsigned long flags)
59 
+ {
60 
+ 	assert_spin_locked(&task->sighand->siglock);
61 
+
62 
+@@ -240,8 +241,9 @@ static inline void seccomp_assign_mode(struct task_struct *task,
63 
+ 	 * filter) is set.
64 
+ 	 */
65 
+ 	smp_mb__before_atomic();
66 
+-	/* Assume seccomp processes want speculation flaw mitigation. */
67 
+-	spec_mitigate(task, PR_SPEC_STORE_BYPASS);
68 
++	/* Assume default seccomp processes want spec flaw mitigation. */
69 
++	if ((flags & SECCOMP_FILTER_FLAG_SPEC_ALLOW) == 0)
70 
++		spec_mitigate(task, PR_SPEC_STORE_BYPASS);
71 
+ 	set_tsk_thread_flag(task, TIF_SECCOMP);
72 
+ }
73 
+
74 
+@@ -309,7 +311,7 @@ static inline pid_t seccomp_can_sync_threads(void)
75 
+  * without dropping the locks.
76 
+  *
77 
+  */
78 
+-static inline void seccomp_sync_threads(void)
79 
++static inline void seccomp_sync_threads(unsigned long flags)
80 
+ {
81 
+ 	struct task_struct *thread, *caller;
82 
+
83 
+@@ -350,7 +352,8 @@ static inline void seccomp_sync_threads(void)
84 
+ 		 * allow one thread to transition the other.
85 
+ 		 */
86 
+ 		if (thread->seccomp.mode == SECCOMP_MODE_DISABLED)
87 
+-			seccomp_assign_mode(thread, SECCOMP_MODE_FILTER);
88 
++			seccomp_assign_mode(thread, SECCOMP_MODE_FILTER,
89 
++					    flags);
90 
+ 	}
91 
+ }
92 
+
93 
+@@ -469,7 +472,7 @@ static long seccomp_attach_filter(unsigned int flags,
94 
+
95 
+ 	/* Now that the new filter is in place, synchronize to all threads. */
96 
+ 	if (flags & SECCOMP_FILTER_FLAG_TSYNC)
97 
+-		seccomp_sync_threads();
98 
++		seccomp_sync_threads(flags);
99 
+
100 
+ 	return 0;
101 
+ }
102 
+@@ -729,7 +732,7 @@ static long seccomp_set_mode_strict(void)
103 
+ #ifdef TIF_NOTSC
104 
+ 	disable_TSC();
105 
+ #endif
106 
+-	seccomp_assign_mode(current, seccomp_mode);
107 
++	seccomp_assign_mode(current, seccomp_mode, 0);
108 
+ 	ret = 0;
109 
+
110 
+ out:
111 
+@@ -787,7 +790,7 @@ static long seccomp_set_mode_filter(unsigned int flags,
112 
+ 	/* Do not free the successfully attached filter. */
113 
+ 	prepared = NULL;
114 
+
115 
+-	seccomp_assign_mode(current, seccomp_mode);
116 
++	seccomp_assign_mode(current, seccomp_mode, flags);
117 
+ out:
118 
+ 	spin_unlock_irq(&current->sighand->siglock);
119 
+ 	if (flags & SECCOMP_FILTER_FLAG_TSYNC)
120 
+diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c
121 
+index f689981..d5be7b5 100644
122 
+--- a/tools/testing/selftests/seccomp/seccomp_bpf.c
123 
+@@ -1692,7 +1692,11 @@ TEST_F_SIGNAL(TRACE_syscall, kill_after_ptrace, SIGSYS)
124 
+ #endif
125 
+
126 
+ #ifndef SECCOMP_FILTER_FLAG_TSYNC
127 
+-#define SECCOMP_FILTER_FLAG_TSYNC 1
128 
++#define SECCOMP_FILTER_FLAG_TSYNC (1UL << 0)
129 
++#endif
130 
++
131 
++#ifndef SECCOMP_FILTER_FLAG_SPEC_ALLOW
132 
++#define SECCOMP_FILTER_FLAG_SPEC_ALLOW (1UL << 2)
133 
+ #endif
134 
+
135 
+ #ifndef seccomp
136 
+@@ -1791,6 +1795,78 @@ TEST(seccomp_syscall_mode_lock)
137 
+ 	}
138 
+ }
139 
+
140 
++/*
141 
++ * Test detection of known and unknown filter flags. Userspace needs to be able
142 
++ * to check if a filter flag is supported by the current kernel and a good way
143 
++ * of doing that is by attempting to enter filter mode, with the flag bit in
144 
++ * question set, and a NULL pointer for the _args_ parameter. EFAULT indicates
145 
++ * that the flag is valid and EINVAL indicates that the flag is invalid.
146 
++ */
147 
++TEST(detect_seccomp_filter_flags)
148 
++{
149 
++	unsigned int flags[] = { SECCOMP_FILTER_FLAG_TSYNC,
150 
++				 SECCOMP_FILTER_FLAG_SPEC_ALLOW };
151 
++	unsigned int flag, all_flags;
152 
++	int i;
153 
++	long ret;
154 
++
155 
++	/* Test detection of known-good filter flags */
156 
++	for (i = 0, all_flags = 0; i < ARRAY_SIZE(flags); i++) {
157 
++		int bits = 0;
158 
++
159 
++		flag = flags[i];
160 
++		/* Make sure the flag is a single bit! */
161 
++		while (flag) {
162 
++			if (flag & 0x1)
163 
++				bits ++;
164 
++			flag >>= 1;
165 
++		}
166 
++		ASSERT_EQ(1, bits);
167 
++		flag = flags[i];
168 
++
169 
++		ret = seccomp(SECCOMP_SET_MODE_FILTER, flag, NULL);
170 
++		ASSERT_NE(ENOSYS, errno) {
171 
++			TH_LOG("Kernel does not support seccomp syscall!");
172 
++		}
173 
++		EXPECT_EQ(-1, ret);
174 
++		EXPECT_EQ(EFAULT, errno) {
175 
++			TH_LOG("Failed to detect that a known-good filter flag (0x%X) is supported!",
176 
++			       flag);
177 
++		}
178 
++
179 
++		all_flags |= flag;
180 
++	}
181 
++
182 
++	/* Test detection of all known-good filter flags */
183 
++	ret = seccomp(SECCOMP_SET_MODE_FILTER, all_flags, NULL);
184 
++	EXPECT_EQ(-1, ret);
185 
++	EXPECT_EQ(EFAULT, errno) {
186 
++		TH_LOG("Failed to detect that all known-good filter flags (0x%X) are supported!",
187 
++		       all_flags);
188 
++	}
189 
++
190 
++	/* Test detection of an unknown filter flag */
191 
++	flag = -1;
192 
++	ret = seccomp(SECCOMP_SET_MODE_FILTER, flag, NULL);
193 
++	EXPECT_EQ(-1, ret);
194 
++	EXPECT_EQ(EINVAL, errno) {
195 
++		TH_LOG("Failed to detect that an unknown filter flag (0x%X) is unsupported!",
196 
++		       flag);
197 
++	}
198 
++
199 
++	/*
200 
++	 * Test detection of an unknown filter flag that may simply need to be
201 
++	 * added to this test
202 
++	 */
203 
++	flag = flags[ARRAY_SIZE(flags) - 1] << 1;
204 
++	ret = seccomp(SECCOMP_SET_MODE_FILTER, flag, NULL);
205 
++	EXPECT_EQ(-1, ret);
206 
++	EXPECT_EQ(EINVAL, errno) {
207 
++		TH_LOG("Failed to detect that an unknown filter flag (0x%X) is unsupported! Does a new flag need to be added to this test?",
208 
++		       flag);
209 
++	}
210 
++}
211 
++
212 
+ TEST(TSYNC_first)
213 
+ {
214 
+ 	struct sock_filter filter[] = {
215 
+--
216 
+2.7.4
217 
+
SPECS/linux/speculative-store-bypass/0028-seccomp-Move-speculation-migitation-control-to-arch-.patch
History View file @ c3d25b5
0 218 
new file mode 100644
... ... 
@@ -0,0 +1,121 @@
0 
+From 2dfae1442193d33c0a0de1fa83d37afe6b000fb8 Mon Sep 17 00:00:00 2001
1 
+From: Thomas Gleixner <tglx@linutronix.de>
2 
+Date: Fri, 4 May 2018 15:12:06 +0200
3 
+Subject: [PATCH 28/54] seccomp: Move speculation migitation control to arch
4 
+ code
5 
+
6 
+commit 8bf37d8c067bb7eb8e7c381bdadf9bd89182b6bc upstream
7 
+
8 
+The migitation control is simpler to implement in architecture code as it
9 
+avoids the extra function call to check the mode. Aside of that having an
10 
+explicit seccomp enabled mode in the architecture mitigations would require
11 
+even more workarounds.
12 
+
13 
+Move it into architecture code and provide a weak function in the seccomp
14 
+code. Remove the 'which' argument as this allows the architecture to decide
15 
+which mitigations are relevant for seccomp.
16 
+
17 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
18 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
19 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
20 
+---
21 
+ arch/x86/kernel/cpu/bugs.c | 29 ++++++++++++++++++-----------
22 
+ include/linux/nospec.h     |  2 ++
23 
+ kernel/seccomp.c           | 15 ++-------------
24 
+ 3 files changed, 22 insertions(+), 24 deletions(-)
25 
+
26 
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
27 
+index fdbd8e5..131617d 100644
28 
+--- a/arch/x86/kernel/cpu/bugs.c
29 
+@@ -568,6 +568,24 @@ static int ssb_prctl_set(struct task_struct *task, unsigned long ctrl)
30 
+ 	return 0;
31 
+ }
32 
+
33 
++int arch_prctl_spec_ctrl_set(struct task_struct *task, unsigned long which,
34 
++			     unsigned long ctrl)
35 
++{
36 
++	switch (which) {
37 
++	case PR_SPEC_STORE_BYPASS:
38 
++		return ssb_prctl_set(task, ctrl);
39 
++	default:
40 
++		return -ENODEV;
41 
++	}
42 
++}
43 
++
44 
++#ifdef CONFIG_SECCOMP
45 
++void arch_seccomp_spec_mitigate(struct task_struct *task)
46 
++{
47 
++	ssb_prctl_set(task, PR_SPEC_FORCE_DISABLE);
48 
++}
49 
++#endif
50 
++
51 
+ static int ssb_prctl_get(struct task_struct *task)
52 
+ {
53 
+ 	switch (ssb_mode) {
54 
+@@ -586,17 +604,6 @@ static int ssb_prctl_get(struct task_struct *task)
55 
+ 	}
56 
+ }
57 
+
58 
+-int arch_prctl_spec_ctrl_set(struct task_struct *task, unsigned long which,
59 
+-			     unsigned long ctrl)
60 
+-{
61 
+-	switch (which) {
62 
+-	case PR_SPEC_STORE_BYPASS:
63 
+-		return ssb_prctl_set(task, ctrl);
64 
+-	default:
65 
+-		return -ENODEV;
66 
+-	}
67 
+-}
68 
+-
69 
+ int arch_prctl_spec_ctrl_get(struct task_struct *task, unsigned long which)
70 
+ {
71 
+ 	switch (which) {
72 
+diff --git a/include/linux/nospec.h b/include/linux/nospec.h
73 
+index a908c95..0c5ef54 100644
74 
+--- a/include/linux/nospec.h
75 
+@@ -62,5 +62,7 @@ static inline unsigned long array_index_mask_nospec(unsigned long index,
76 
+ int arch_prctl_spec_ctrl_get(struct task_struct *task, unsigned long which);
77 
+ int arch_prctl_spec_ctrl_set(struct task_struct *task, unsigned long which,
78 
+ 			     unsigned long ctrl);
79 
++/* Speculation control for seccomp enforced mitigation */
80 
++void arch_seccomp_spec_mitigate(struct task_struct *task);
81 
+
82 
+ #endif /* _LINUX_NOSPEC_H */
83 
+diff --git a/kernel/seccomp.c b/kernel/seccomp.c
84 
+index 62a60e7..3975856 100644
85 
+--- a/kernel/seccomp.c
86 
+@@ -216,18 +216,7 @@ static inline bool seccomp_may_assign_mode(unsigned long seccomp_mode)
87 
+ 	return true;
88 
+ }
89 
+
90 
+-/*
91 
+- * If a given speculation mitigation is opt-in (prctl()-controlled),
92 
+- * select it, by disabling speculation (enabling mitigation).
93 
+- */
94 
+-static inline void spec_mitigate(struct task_struct *task,
95 
+-				 unsigned long which)
96 
+-{
97 
+-	int state = arch_prctl_spec_ctrl_get(task, which);
98 
+-
99 
+-	if (state > 0 && (state & PR_SPEC_PRCTL))
100 
+-		arch_prctl_spec_ctrl_set(task, which, PR_SPEC_FORCE_DISABLE);
101 
+-}
102 
++void __weak arch_seccomp_spec_mitigate(struct task_struct *task) { }
103 
+
104 
+ static inline void seccomp_assign_mode(struct task_struct *task,
105 
+ 				       unsigned long seccomp_mode,
106 
+@@ -243,7 +232,7 @@ static inline void seccomp_assign_mode(struct task_struct *task,
107 
+ 	smp_mb__before_atomic();
108 
+ 	/* Assume default seccomp processes want spec flaw mitigation. */
109 
+ 	if ((flags & SECCOMP_FILTER_FLAG_SPEC_ALLOW) == 0)
110 
+-		spec_mitigate(task, PR_SPEC_STORE_BYPASS);
111 
++		arch_seccomp_spec_mitigate(task);
112 
+ 	set_tsk_thread_flag(task, TIF_SECCOMP);
113 
+ }
114 
+
115 
+--
116 
+2.7.4
117 
+
SPECS/linux/speculative-store-bypass/0029-x86-speculation-Make-seccomp-the-default-mode-for-Sp.patch
History View file @ c3d25b5
0 118 
new file mode 100644
... ... 
@@ -0,0 +1,166 @@
0 
+From e72eb1d28d45418efd77444d3b5935212f6e7e6c Mon Sep 17 00:00:00 2001
1 
+From: Kees Cook <keescook@chromium.org>
2 
+Date: Thu, 3 May 2018 14:37:54 -0700
3 
+Subject: [PATCH 29/54] x86/speculation: Make "seccomp" the default mode for
4 
+ Speculative Store Bypass
5 
+
6 
+commit f21b53b20c754021935ea43364dbf53778eeba32 upstream
7 
+
8 
+Unless explicitly opted out of, anything running under seccomp will have
9 
+SSB mitigations enabled. Choosing the "prctl" mode will disable this.
10 
+
11 
+[ tglx: Adjusted it to the new arch_seccomp_spec_mitigate() mechanism ]
12 
+
13 
+Signed-off-by: Kees Cook <keescook@chromium.org>
14 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
15 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
16 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
17 
+---
18 
+ Documentation/kernel-parameters.txt  | 26 +++++++++++++++++---------
19 
+ arch/x86/include/asm/nospec-branch.h |  1 +
20 
+ arch/x86/kernel/cpu/bugs.c           | 32 +++++++++++++++++++++++---------
21 
+ 3 files changed, 41 insertions(+), 18 deletions(-)
22 
+
23 
+diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
24 
+index 543923b..52240a6 100644
25 
+--- a/Documentation/kernel-parameters.txt
26 
+@@ -3997,19 +3997,27 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
27 
+ 			This parameter controls whether the Speculative Store
28 
+ 			Bypass optimization is used.
29 
+
30 
+-			on     - Unconditionally disable Speculative Store Bypass
31 
+-			off    - Unconditionally enable Speculative Store Bypass
32 
+-			auto   - Kernel detects whether the CPU model contains an
33 
+-				 implementation of Speculative Store Bypass and
34 
+-				 picks the most appropriate mitigation.
35 
+-			prctl  - Control Speculative Store Bypass per thread
36 
+-				 via prctl. Speculative Store Bypass is enabled
37 
+-				 for a process by default. The state of the control
38 
+-				 is inherited on fork.
39 
++			on      - Unconditionally disable Speculative Store Bypass
40 
++			off     - Unconditionally enable Speculative Store Bypass
41 
++			auto    - Kernel detects whether the CPU model contains an
42 
++				  implementation of Speculative Store Bypass and
43 
++				  picks the most appropriate mitigation. If the
44 
++				  CPU is not vulnerable, "off" is selected. If the
45 
++				  CPU is vulnerable the default mitigation is
46 
++				  architecture and Kconfig dependent. See below.
47 
++			prctl   - Control Speculative Store Bypass per thread
48 
++				  via prctl. Speculative Store Bypass is enabled
49 
++				  for a process by default. The state of the control
50 
++				  is inherited on fork.
51 
++			seccomp - Same as "prctl" above, but all seccomp threads
52 
++				  will disable SSB unless they explicitly opt out.
53 
+
54 
+ 			Not specifying this option is equivalent to
55 
+ 			spec_store_bypass_disable=auto.
56 
+
57 
++			Default mitigations:
58 
++			X86:	If CONFIG_SECCOMP=y "seccomp", otherwise "prctl"
59 
++
60 
+ 	spia_io_base=	[HW,MTD]
61 
+ 	spia_fio_base=
62 
+ 	spia_pedr=
63 
+diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
64 
+index 71ad014..328ea3c 100644
65 
+--- a/arch/x86/include/asm/nospec-branch.h
66 
+@@ -233,6 +233,7 @@ enum ssb_mitigation {
67 
+ 	SPEC_STORE_BYPASS_NONE,
68 
+ 	SPEC_STORE_BYPASS_DISABLE,
69 
+ 	SPEC_STORE_BYPASS_PRCTL,
70 
++	SPEC_STORE_BYPASS_SECCOMP,
71 
+ };
72 
+
73 
+ extern char __indirect_thunk_start[];
74 
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
75 
+index 131617d..9a3bb65 100644
76 
+--- a/arch/x86/kernel/cpu/bugs.c
77 
+@@ -415,22 +415,25 @@ enum ssb_mitigation_cmd {
78 
+ 	SPEC_STORE_BYPASS_CMD_AUTO,
79 
+ 	SPEC_STORE_BYPASS_CMD_ON,
80 
+ 	SPEC_STORE_BYPASS_CMD_PRCTL,
81 
++	SPEC_STORE_BYPASS_CMD_SECCOMP,
82 
+ };
83 
+
84 
+ static const char *ssb_strings[] = {
85 
+ 	[SPEC_STORE_BYPASS_NONE]	= "Vulnerable",
86 
+ 	[SPEC_STORE_BYPASS_DISABLE]	= "Mitigation: Speculative Store Bypass disabled",
87 
+-	[SPEC_STORE_BYPASS_PRCTL]	= "Mitigation: Speculative Store Bypass disabled via prctl"
88 
++	[SPEC_STORE_BYPASS_PRCTL]	= "Mitigation: Speculative Store Bypass disabled via prctl",
89 
++	[SPEC_STORE_BYPASS_SECCOMP]	= "Mitigation: Speculative Store Bypass disabled via prctl and seccomp",
90 
+ };
91 
+
92 
+ static const struct {
93 
+ 	const char *option;
94 
+ 	enum ssb_mitigation_cmd cmd;
95 
+ } ssb_mitigation_options[] = {
96 
+-	{ "auto",	SPEC_STORE_BYPASS_CMD_AUTO },  /* Platform decides */
97 
+-	{ "on",		SPEC_STORE_BYPASS_CMD_ON },    /* Disable Speculative Store Bypass */
98 
+-	{ "off",	SPEC_STORE_BYPASS_CMD_NONE },  /* Don't touch Speculative Store Bypass */
99 
+-	{ "prctl",	SPEC_STORE_BYPASS_CMD_PRCTL }, /* Disable Speculative Store Bypass via prctl */
100 
++	{ "auto",	SPEC_STORE_BYPASS_CMD_AUTO },    /* Platform decides */
101 
++	{ "on",		SPEC_STORE_BYPASS_CMD_ON },      /* Disable Speculative Store Bypass */
102 
++	{ "off",	SPEC_STORE_BYPASS_CMD_NONE },    /* Don't touch Speculative Store Bypass */
103 
++	{ "prctl",	SPEC_STORE_BYPASS_CMD_PRCTL },   /* Disable Speculative Store Bypass via prctl */
104 
++	{ "seccomp",	SPEC_STORE_BYPASS_CMD_SECCOMP }, /* Disable Speculative Store Bypass via prctl and seccomp */
105 
+ };
106 
+
107 
+ static enum ssb_mitigation_cmd __init ssb_parse_cmdline(void)
108 
+@@ -480,8 +483,15 @@ static enum ssb_mitigation_cmd __init __ssb_select_mitigation(void)
109 
+
110 
+ 	switch (cmd) {
111 
+ 	case SPEC_STORE_BYPASS_CMD_AUTO:
112 
+-		/* Choose prctl as the default mode */
113 
+-		mode = SPEC_STORE_BYPASS_PRCTL;
114 
++	case SPEC_STORE_BYPASS_CMD_SECCOMP:
115 
++		/*
116 
++		 * Choose prctl+seccomp as the default mode if seccomp is
117 
++		 * enabled.
118 
++		 */
119 
++		if (IS_ENABLED(CONFIG_SECCOMP))
120 
++			mode = SPEC_STORE_BYPASS_SECCOMP;
121 
++		else
122 
++			mode = SPEC_STORE_BYPASS_PRCTL;
123 
+ 		break;
124 
+ 	case SPEC_STORE_BYPASS_CMD_ON:
125 
+ 		mode = SPEC_STORE_BYPASS_DISABLE;
126 
+@@ -529,12 +539,14 @@ static void ssb_select_mitigation()
127 
+ }
128 
+
129 
+ #undef pr_fmt
130 
++#define pr_fmt(fmt)     "Speculation prctl: " fmt
131 
+
132 
+ static int ssb_prctl_set(struct task_struct *task, unsigned long ctrl)
133 
+ {
134 
+ 	bool update;
135 
+
136 
+-	if (ssb_mode != SPEC_STORE_BYPASS_PRCTL)
137 
++	if (ssb_mode != SPEC_STORE_BYPASS_PRCTL &&
138 
++	    ssb_mode != SPEC_STORE_BYPASS_SECCOMP)
139 
+ 		return -ENXIO;
140 
+
141 
+ 	switch (ctrl) {
142 
+@@ -582,7 +594,8 @@ int arch_prctl_spec_ctrl_set(struct task_struct *task, unsigned long which,
143 
+ #ifdef CONFIG_SECCOMP
144 
+ void arch_seccomp_spec_mitigate(struct task_struct *task)
145 
+ {
146 
+-	ssb_prctl_set(task, PR_SPEC_FORCE_DISABLE);
147 
++	if (ssb_mode == SPEC_STORE_BYPASS_SECCOMP)
148 
++		ssb_prctl_set(task, PR_SPEC_FORCE_DISABLE);
149 
+ }
150 
+ #endif
151 
+
152 
+@@ -591,6 +604,7 @@ static int ssb_prctl_get(struct task_struct *task)
153 
+ 	switch (ssb_mode) {
154 
+ 	case SPEC_STORE_BYPASS_DISABLE:
155 
+ 		return PR_SPEC_DISABLE;
156 
++	case SPEC_STORE_BYPASS_SECCOMP:
157 
+ 	case SPEC_STORE_BYPASS_PRCTL:
158 
+ 		if (task_spec_ssb_force_disable(task))
159 
+ 			return PR_SPEC_PRCTL | PR_SPEC_FORCE_DISABLE;
160 
+--
161 
+2.7.4
162 
+
SPECS/linux/speculative-store-bypass/0030-x86-bugs-Rename-_RDS-to-_SSBD.patch
History View file @ c3d25b5
0 163 
new file mode 100644
... ... 
@@ -0,0 +1,405 @@
0 
+From 3418b83309406d775ef700aefaedd0665e7f7855 Mon Sep 17 00:00:00 2001
1 
+From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
2 
+Date: Wed, 9 May 2018 21:41:38 +0200
3 
+Subject: [PATCH 30/54] x86/bugs: Rename _RDS to _SSBD
4 
+
5 
+commit 9f65fb29374ee37856dbad847b4e121aab72b510 upstream
6 
+
7 
+Intel collateral will reference the SSB mitigation bit in IA32_SPEC_CTL[2]
8 
+as SSBD (Speculative Store Bypass Disable).
9 
+
10 
+Hence changing it.
11 
+
12 
+It is unclear yet what the MSR_IA32_ARCH_CAPABILITIES (0x10a) Bit(4) name
13 
+is going to be. Following the rename it would be SSBD_NO but that rolls out
14 
+to Speculative Store Bypass Disable No.
15 
+
16 
+Also fixed the missing space in X86_FEATURE_AMD_SSBD.
17 
+
18 
+[ tglx: Fixup x86_amd_rds_enable() and rds_tif_to_amd_ls_cfg() as well ]
19 
+
20 
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
21 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
22 
+
23 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
24 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
25 
+---
26 
+ arch/x86/include/asm/cpufeatures.h |  4 ++--
27 
+ arch/x86/include/asm/msr-index.h   | 10 +++++-----
28 
+ arch/x86/include/asm/spec-ctrl.h   | 12 ++++++------
29 
+ arch/x86/include/asm/thread_info.h |  6 +++---
30 
+ arch/x86/kernel/cpu/amd.c          | 14 +++++++-------
31 
+ arch/x86/kernel/cpu/bugs.c         | 36 ++++++++++++++++++------------------
32 
+ arch/x86/kernel/cpu/common.c       |  2 +-
33 
+ arch/x86/kernel/cpu/intel.c        |  2 +-
34 
+ arch/x86/kernel/process.c          |  8 ++++----
35 
+ arch/x86/kvm/cpuid.c               |  2 +-
36 
+ arch/x86/kvm/cpuid.h               |  2 +-
37 
+ arch/x86/kvm/vmx.c                 |  2 +-
38 
+ 12 files changed, 50 insertions(+), 50 deletions(-)
39 
+
40 
+diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
41 
+index 8797069..0ed8ea5 100644
42 
+--- a/arch/x86/include/asm/cpufeatures.h
43 
+@@ -205,7 +205,7 @@
44 
+ #define X86_FEATURE_USE_IBPB	( 7*32+21) /* "" Indirect Branch Prediction Barrier enabled */
45 
+ #define X86_FEATURE_USE_IBRS_FW	( 7*32+22) /* "" Use IBRS during runtime firmware calls */
46 
+ #define X86_FEATURE_SPEC_STORE_BYPASS_DISABLE ( 7*32+23) /* "" Disable Speculative Store Bypass. */
47 
+-#define X86_FEATURE_AMD_RDS	(7*32+24)  /* "" AMD RDS implementation */
48 
++#define X86_FEATURE_AMD_SSBD	(7*32+24)  /* "" AMD SSBD implementation */
49 
+
50 
+ /* Virtualization flags: Linux defined, word 8 */
51 
+ #define X86_FEATURE_TPR_SHADOW  ( 8*32+ 0) /* Intel TPR Shadow */
52 
+@@ -308,7 +308,7 @@
53 
+ #define X86_FEATURE_SPEC_CTRL		(18*32+26) /* "" Speculation Control (IBRS + IBPB) */
54 
+ #define X86_FEATURE_INTEL_STIBP		(18*32+27) /* "" Single Thread Indirect Branch Predictors */
55 
+ #define X86_FEATURE_ARCH_CAPABILITIES	(18*32+29) /* IA32_ARCH_CAPABILITIES MSR (Intel) */
56 
+-#define X86_FEATURE_RDS			(18*32+31) /* Reduced Data Speculation */
57 
++#define X86_FEATURE_SSBD		(18*32+31) /* Speculative Store Bypass Disable */
58 
+
59 
+ /*
60 
+  * BUG word(s)
61 
+diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
62 
+index 5dd28d0..b67d57e 100644
63 
+--- a/arch/x86/include/asm/msr-index.h
64 
+@@ -40,8 +40,8 @@
65 
+ #define MSR_IA32_SPEC_CTRL		0x00000048 /* Speculation Control */
66 
+ #define SPEC_CTRL_IBRS			(1 << 0)   /* Indirect Branch Restricted Speculation */
67 
+ #define SPEC_CTRL_STIBP			(1 << 1)   /* Single Thread Indirect Branch Predictors */
68 
+-#define SPEC_CTRL_RDS_SHIFT		2	   /* Reduced Data Speculation bit */
69 
+-#define SPEC_CTRL_RDS			(1 << SPEC_CTRL_RDS_SHIFT)   /* Reduced Data Speculation */
70 
++#define SPEC_CTRL_SSBD_SHIFT		2	   /* Speculative Store Bypass Disable bit */
71 
++#define SPEC_CTRL_SSBD			(1 << SPEC_CTRL_SSBD_SHIFT)   /* Speculative Store Bypass Disable */
72 
+
73 
+ #define MSR_IA32_PRED_CMD		0x00000049 /* Prediction Command */
74 
+ #define PRED_CMD_IBPB			(1 << 0)   /* Indirect Branch Prediction Barrier */
75 
+@@ -63,10 +63,10 @@
76 
+ #define MSR_IA32_ARCH_CAPABILITIES	0x0000010a
77 
+ #define ARCH_CAP_RDCL_NO		(1 << 0)   /* Not susceptible to Meltdown */
78 
+ #define ARCH_CAP_IBRS_ALL		(1 << 1)   /* Enhanced IBRS support */
79 
+-#define ARCH_CAP_RDS_NO			(1 << 4)   /*
80 
++#define ARCH_CAP_SSBD_NO		(1 << 4)   /*
81 
+ 						    * Not susceptible to Speculative Store Bypass
82 
+-						    * attack, so no Reduced Data Speculation control
83 
+-						    * required.
84 
++						    * attack, so no Speculative Store Bypass
85 
++						    * control required.
86 
+ 						    */
87 
+
88 
+ #define MSR_IA32_BBL_CR_CTL		0x00000119
89 
+diff --git a/arch/x86/include/asm/spec-ctrl.h b/arch/x86/include/asm/spec-ctrl.h
90 
+index 45ef00a..dc21209 100644
91 
+--- a/arch/x86/include/asm/spec-ctrl.h
92 
+@@ -17,20 +17,20 @@ extern void x86_spec_ctrl_restore_host(u64);
93 
+
94 
+ /* AMD specific Speculative Store Bypass MSR data */
95 
+ extern u64 x86_amd_ls_cfg_base;
96 
+-extern u64 x86_amd_ls_cfg_rds_mask;
97 
++extern u64 x86_amd_ls_cfg_ssbd_mask;
98 
+
99 
+ /* The Intel SPEC CTRL MSR base value cache */
100 
+ extern u64 x86_spec_ctrl_base;
101 
+
102 
+-static inline u64 rds_tif_to_spec_ctrl(u64 tifn)
103 
++static inline u64 ssbd_tif_to_spec_ctrl(u64 tifn)
104 
+ {
105 
+-	BUILD_BUG_ON(TIF_RDS < SPEC_CTRL_RDS_SHIFT);
106 
+-	return (tifn & _TIF_RDS) >> (TIF_RDS - SPEC_CTRL_RDS_SHIFT);
107 
++	BUILD_BUG_ON(TIF_SSBD < SPEC_CTRL_SSBD_SHIFT);
108 
++	return (tifn & _TIF_SSBD) >> (TIF_SSBD - SPEC_CTRL_SSBD_SHIFT);
109 
+ }
110 
+
111 
+-static inline u64 rds_tif_to_amd_ls_cfg(u64 tifn)
112 
++static inline u64 ssbd_tif_to_amd_ls_cfg(u64 tifn)
113 
+ {
114 
+-	return (tifn & _TIF_RDS) ? x86_amd_ls_cfg_rds_mask : 0ULL;
115 
++	return (tifn & _TIF_SSBD) ? x86_amd_ls_cfg_ssbd_mask : 0ULL;
116 
+ }
117 
+
118 
+ extern void speculative_store_bypass_update(void);
119 
+diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
120 
+index 661afac..2d8788a 100644
121 
+--- a/arch/x86/include/asm/thread_info.h
122 
+@@ -83,7 +83,7 @@ struct thread_info {
123 
+ #define TIF_SIGPENDING		2	/* signal pending */
124 
+ #define TIF_NEED_RESCHED	3	/* rescheduling necessary */
125 
+ #define TIF_SINGLESTEP		4	/* reenable singlestep on user return*/
126 
+-#define TIF_RDS			5	/* Reduced data speculation */
127 
++#define TIF_SSBD		5	/* Reduced data speculation */
128 
+ #define TIF_SYSCALL_EMU		6	/* syscall emulation active */
129 
+ #define TIF_SYSCALL_AUDIT	7	/* syscall auditing active */
130 
+ #define TIF_SECCOMP		8	/* secure computing */
131 
+@@ -107,7 +107,7 @@ struct thread_info {
132 
+ #define _TIF_SIGPENDING		(1 << TIF_SIGPENDING)
133 
+ #define _TIF_NEED_RESCHED	(1 << TIF_NEED_RESCHED)
134 
+ #define _TIF_SINGLESTEP		(1 << TIF_SINGLESTEP)
135 
+-#define _TIF_RDS		(1 << TIF_RDS)
136 
++#define _TIF_SSBD		(1 << TIF_SSBD)
137 
+ #define _TIF_SYSCALL_EMU	(1 << TIF_SYSCALL_EMU)
138 
+ #define _TIF_SYSCALL_AUDIT	(1 << TIF_SYSCALL_AUDIT)
139 
+ #define _TIF_SECCOMP		(1 << TIF_SECCOMP)
140 
+@@ -141,7 +141,7 @@ struct thread_info {
141 
+
142 
+ /* flags to check in __switch_to() */
143 
+ #define _TIF_WORK_CTXSW							\
144 
+-	(_TIF_IO_BITMAP|_TIF_NOTSC|_TIF_BLOCKSTEP|_TIF_RDS)
145 
++	(_TIF_IO_BITMAP|_TIF_NOTSC|_TIF_BLOCKSTEP|_TIF_SSBD)
146 
+
147 
+ #define _TIF_WORK_CTXSW_PREV (_TIF_WORK_CTXSW|_TIF_USER_RETURN_NOTIFY)
148 
+ #define _TIF_WORK_CTXSW_NEXT (_TIF_WORK_CTXSW)
149 
+diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
150 
+index a176c81..acb2fcc 100644
151 
+--- a/arch/x86/kernel/cpu/amd.c
152 
+@@ -555,12 +555,12 @@ static void bsp_init_amd(struct cpuinfo_x86 *c)
153 
+ 		}
154 
+ 		/*
155 
+ 		 * Try to cache the base value so further operations can
156 
+-		 * avoid RMW. If that faults, do not enable RDS.
157 
++		 * avoid RMW. If that faults, do not enable SSBD.
158 
+ 		 */
159 
+ 		if (!rdmsrl_safe(MSR_AMD64_LS_CFG, &x86_amd_ls_cfg_base)) {
160 
+-			setup_force_cpu_cap(X86_FEATURE_RDS);
161 
+-			setup_force_cpu_cap(X86_FEATURE_AMD_RDS);
162 
+-			x86_amd_ls_cfg_rds_mask = 1ULL << bit;
163 
++			setup_force_cpu_cap(X86_FEATURE_SSBD);
164 
++			setup_force_cpu_cap(X86_FEATURE_AMD_SSBD);
165 
++			x86_amd_ls_cfg_ssbd_mask = 1ULL << bit;
166 
+ 		}
167 
+ 	}
168 
+ }
169 
+@@ -849,9 +849,9 @@ static void init_amd(struct cpuinfo_x86 *c)
170 
+ 	if (!cpu_has(c, X86_FEATURE_XENPV))
171 
+ 		set_cpu_bug(c, X86_BUG_SYSRET_SS_ATTRS);
172 
+
173 
+-	if (boot_cpu_has(X86_FEATURE_AMD_RDS)) {
174 
+-		set_cpu_cap(c, X86_FEATURE_RDS);
175 
+-		set_cpu_cap(c, X86_FEATURE_AMD_RDS);
176 
++	if (boot_cpu_has(X86_FEATURE_AMD_SSBD)) {
177 
++		set_cpu_cap(c, X86_FEATURE_SSBD);
178 
++		set_cpu_cap(c, X86_FEATURE_AMD_SSBD);
179 
+ 	}
180 
+ }
181 
+
182 
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
183 
+index 9a3bb65..ae6f9ba 100644
184 
+--- a/arch/x86/kernel/cpu/bugs.c
185 
+@@ -44,10 +44,10 @@ static u64 __ro_after_init x86_spec_ctrl_mask = ~SPEC_CTRL_IBRS;
186 
+
187 
+ /*
188 
+  * AMD specific MSR info for Speculative Store Bypass control.
189 
+- * x86_amd_ls_cfg_rds_mask is initialized in identify_boot_cpu().
190 
++ * x86_amd_ls_cfg_ssbd_mask is initialized in identify_boot_cpu().
191 
+  */
192 
+ u64 __ro_after_init x86_amd_ls_cfg_base;
193 
+-u64 __ro_after_init x86_amd_ls_cfg_rds_mask;
194 
++u64 __ro_after_init x86_amd_ls_cfg_ssbd_mask;
195 
+
196 
+ void __init check_bugs(void)
197 
+ {
198 
+@@ -145,7 +145,7 @@ u64 x86_spec_ctrl_get_default(void)
199 
+ 	u64 msrval = x86_spec_ctrl_base;
200 
+
201 
+ 	if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL)
202 
+-		msrval |= rds_tif_to_spec_ctrl(current_thread_info()->flags);
203 
++		msrval |= ssbd_tif_to_spec_ctrl(current_thread_info()->flags);
204 
+ 	return msrval;
205 
+ }
206 
+ EXPORT_SYMBOL_GPL(x86_spec_ctrl_get_default);
207 
+@@ -158,7 +158,7 @@ void x86_spec_ctrl_set_guest(u64 guest_spec_ctrl)
208 
+ 		return;
209 
+
210 
+ 	if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL)
211 
+-		host |= rds_tif_to_spec_ctrl(current_thread_info()->flags);
212 
++		host |= ssbd_tif_to_spec_ctrl(current_thread_info()->flags);
213 
+
214 
+ 	if (host != guest_spec_ctrl)
215 
+ 		wrmsrl(MSR_IA32_SPEC_CTRL, guest_spec_ctrl);
216 
+@@ -173,18 +173,18 @@ void x86_spec_ctrl_restore_host(u64 guest_spec_ctrl)
217 
+ 		return;
218 
+
219 
+ 	if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL)
220 
+-		host |= rds_tif_to_spec_ctrl(current_thread_info()->flags);
221 
++		host |= ssbd_tif_to_spec_ctrl(current_thread_info()->flags);
222 
+
223 
+ 	if (host != guest_spec_ctrl)
224 
+ 		wrmsrl(MSR_IA32_SPEC_CTRL, host);
225 
+ }
226 
+ EXPORT_SYMBOL_GPL(x86_spec_ctrl_restore_host);
227 
+
228 
+-static void x86_amd_rds_enable(void)
229 
++static void x86_amd_ssb_disable(void)
230 
+ {
231 
+-	u64 msrval = x86_amd_ls_cfg_base | x86_amd_ls_cfg_rds_mask;
232 
++	u64 msrval = x86_amd_ls_cfg_base | x86_amd_ls_cfg_ssbd_mask;
233 
+
234 
+-	if (boot_cpu_has(X86_FEATURE_AMD_RDS))
235 
++	if (boot_cpu_has(X86_FEATURE_AMD_SSBD))
236 
+ 		wrmsrl(MSR_AMD64_LS_CFG, msrval);
237 
+ }
238 
+
239 
+@@ -472,7 +472,7 @@ static enum ssb_mitigation_cmd __init __ssb_select_mitigation(void)
240 
+ 	enum ssb_mitigation mode = SPEC_STORE_BYPASS_NONE;
241 
+ 	enum ssb_mitigation_cmd cmd;
242 
+
243 
+-	if (!boot_cpu_has(X86_FEATURE_RDS))
244 
++	if (!boot_cpu_has(X86_FEATURE_SSBD))
245 
+ 		return mode;
246 
+
247 
+ 	cmd = ssb_parse_cmdline();
248 
+@@ -506,7 +506,7 @@ static enum ssb_mitigation_cmd __init __ssb_select_mitigation(void)
249 
+ 	/*
250 
+ 	 * We have three CPU feature flags that are in play here:
251 
+ 	 *  - X86_BUG_SPEC_STORE_BYPASS - CPU is susceptible.
252 
+-	 *  - X86_FEATURE_RDS - CPU is able to turn off speculative store bypass
253 
++	 *  - X86_FEATURE_SSBD - CPU is able to turn off speculative store bypass
254 
+ 	 *  - X86_FEATURE_SPEC_STORE_BYPASS_DISABLE - engage the mitigation
255 
+ 	 */
256 
+ 	if (mode == SPEC_STORE_BYPASS_DISABLE) {
257 
+@@ -517,12 +517,12 @@ static enum ssb_mitigation_cmd __init __ssb_select_mitigation(void)
258 
+ 		 */
259 
+ 		switch (boot_cpu_data.x86_vendor) {
260 
+ 		case X86_VENDOR_INTEL:
261 
+-			x86_spec_ctrl_base |= SPEC_CTRL_RDS;
262 
+-			x86_spec_ctrl_mask &= ~SPEC_CTRL_RDS;
263 
+-			x86_spec_ctrl_set(SPEC_CTRL_RDS);
264 
++			x86_spec_ctrl_base |= SPEC_CTRL_SSBD;
265 
++			x86_spec_ctrl_mask &= ~SPEC_CTRL_SSBD;
266 
++			x86_spec_ctrl_set(SPEC_CTRL_SSBD);
267 
+ 			break;
268 
+ 		case X86_VENDOR_AMD:
269 
+-			x86_amd_rds_enable();
270 
++			x86_amd_ssb_disable();
271 
+ 			break;
272 
+ 		}
273 
+ 	}
274 
+@@ -555,16 +555,16 @@ static int ssb_prctl_set(struct task_struct *task, unsigned long ctrl)
275 
+ 		if (task_spec_ssb_force_disable(task))
276 
+ 			return -EPERM;
277 
+ 		task_clear_spec_ssb_disable(task);
278 
+-		update = test_and_clear_tsk_thread_flag(task, TIF_RDS);
279 
++		update = test_and_clear_tsk_thread_flag(task, TIF_SSBD);
280 
+ 		break;
281 
+ 	case PR_SPEC_DISABLE:
282 
+ 		task_set_spec_ssb_disable(task);
283 
+-		update = !test_and_set_tsk_thread_flag(task, TIF_RDS);
284 
++		update = !test_and_set_tsk_thread_flag(task, TIF_SSBD);
285 
+ 		break;
286 
+ 	case PR_SPEC_FORCE_DISABLE:
287 
+ 		task_set_spec_ssb_disable(task);
288 
+ 		task_set_spec_ssb_force_disable(task);
289 
+-		update = !test_and_set_tsk_thread_flag(task, TIF_RDS);
290 
++		update = !test_and_set_tsk_thread_flag(task, TIF_SSBD);
291 
+ 		break;
292 
+ 	default:
293 
+ 		return -ERANGE;
294 
+@@ -634,7 +634,7 @@ void x86_spec_ctrl_setup_ap(void)
295 
+ 		x86_spec_ctrl_set(x86_spec_ctrl_base & ~x86_spec_ctrl_mask);
296 
+
297 
+ 	if (ssb_mode == SPEC_STORE_BYPASS_DISABLE)
298 
+-		x86_amd_rds_enable();
299 
++		x86_amd_ssb_disable();
300 
+ }
301 
+
302 
+ #ifdef CONFIG_SYSFS
303 
+diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
304 
+index beb1da8..d0dd736 100644
305 
+--- a/arch/x86/kernel/cpu/common.c
306 
+@@ -911,7 +911,7 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
307 
+ 		rdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap);
308 
+
309 
+ 	if (!x86_match_cpu(cpu_no_spec_store_bypass) &&
310 
+-	   !(ia32_cap & ARCH_CAP_RDS_NO))
311 
++	   !(ia32_cap & ARCH_CAP_SSBD_NO))
312 
+ 		setup_force_cpu_bug(X86_BUG_SPEC_STORE_BYPASS);
313 
+
314 
+ 	if (x86_match_cpu(cpu_no_speculation))
315 
+diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
316 
+index f15aea6..047adaa 100644
317 
+--- a/arch/x86/kernel/cpu/intel.c
318 
+@@ -154,7 +154,7 @@ static void early_init_intel(struct cpuinfo_x86 *c)
319 
+ 		setup_clear_cpu_cap(X86_FEATURE_STIBP);
320 
+ 		setup_clear_cpu_cap(X86_FEATURE_SPEC_CTRL);
321 
+ 		setup_clear_cpu_cap(X86_FEATURE_INTEL_STIBP);
322 
+-		setup_clear_cpu_cap(X86_FEATURE_RDS);
323 
++		setup_clear_cpu_cap(X86_FEATURE_SSBD);
324 
+ 	}
325 
+
326 
+ 	/*
327 
+diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
328 
+index 9c48e18..c344230 100644
329 
+--- a/arch/x86/kernel/process.c
330 
+@@ -207,11 +207,11 @@ static __always_inline void __speculative_store_bypass_update(unsigned long tifn
331 
+ {
332 
+ 	u64 msr;
333 
+
334 
+-	if (static_cpu_has(X86_FEATURE_AMD_RDS)) {
335 
+-		msr = x86_amd_ls_cfg_base | rds_tif_to_amd_ls_cfg(tifn);
336 
++	if (static_cpu_has(X86_FEATURE_AMD_SSBD)) {
337 
++		msr = x86_amd_ls_cfg_base | ssbd_tif_to_amd_ls_cfg(tifn);
338 
+ 		wrmsrl(MSR_AMD64_LS_CFG, msr);
339 
+ 	} else {
340 
+-		msr = x86_spec_ctrl_base | rds_tif_to_spec_ctrl(tifn);
341 
++		msr = x86_spec_ctrl_base | ssbd_tif_to_spec_ctrl(tifn);
342 
+ 		wrmsrl(MSR_IA32_SPEC_CTRL, msr);
343 
+ 	}
344 
+ }
345 
+@@ -250,7 +250,7 @@ void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p,
346 
+ 	if ((tifp ^ tifn) & _TIF_NOTSC)
347 
+ 		cr4_toggle_bits(X86_CR4_TSD);
348 
+
349 
+-	if ((tifp ^ tifn) & _TIF_RDS)
350 
++	if ((tifp ^ tifn) & _TIF_SSBD)
351 
+ 		__speculative_store_bypass_update(tifn);
352 
+ }
353 
+
354 
+diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
355 
+index a9409f0..18e6db5 100644
356 
+--- a/arch/x86/kvm/cpuid.c
357 
+@@ -382,7 +382,7 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
358 
+
359 
+ 	/* cpuid 7.0.edx*/
360 
+ 	const u32 kvm_cpuid_7_0_edx_x86_features =
361 
+-		F(SPEC_CTRL) | F(RDS) | F(ARCH_CAPABILITIES);
362 
++		F(SPEC_CTRL) | F(SSBD) | F(ARCH_CAPABILITIES);
363 
+
364 
+ 	/* all calls to cpuid_count() should be made on the same cpu */
365 
+ 	get_cpu();
366 
+diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h
367 
+index 24187d0..aedeb6c 100644
368 
+--- a/arch/x86/kvm/cpuid.h
369 
+@@ -179,7 +179,7 @@ static inline bool guest_cpuid_has_spec_ctrl(struct kvm_vcpu *vcpu)
370 
+ 	if (best && (best->ebx & bit(X86_FEATURE_IBRS)))
371 
+ 		return true;
372 
+ 	best = kvm_find_cpuid_entry(vcpu, 7, 0);
373 
+-	return best && (best->edx & (bit(X86_FEATURE_SPEC_CTRL) | bit(X86_FEATURE_RDS)));
374 
++	return best && (best->edx & (bit(X86_FEATURE_SPEC_CTRL) | bit(X86_FEATURE_SSBD)));
375 
+ }
376 
+
377 
+ static inline bool guest_cpuid_has_arch_capabilities(struct kvm_vcpu *vcpu)
378 
+diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
379 
+index 0eb3863..874b661 100644
380 
+--- a/arch/x86/kvm/vmx.c
381 
+@@ -3141,7 +3141,7 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
382 
+ 			return 1;
383 
+
384 
+ 		/* The STIBP bit doesn't fault even if it's not advertised */
385 
+-		if (data & ~(SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | SPEC_CTRL_RDS))
386 
++		if (data & ~(SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | SPEC_CTRL_SSBD))
387 
+ 			return 1;
388 
+
389 
+ 		vmx->spec_ctrl = data;
390 
+--
391 
+2.7.4
392 
+
SPECS/linux/speculative-store-bypass/0031-proc-Use-underscores-for-SSBD-in-status.patch
History View file @ c3d25b5
0 393 
new file mode 100644
... ... 
@@ -0,0 +1,34 @@
0 
+From c33e51ed9fc094af5b2469428a609b5977d783c6 Mon Sep 17 00:00:00 2001
1 
+From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
2 
+Date: Wed, 9 May 2018 21:41:38 +0200
3 
+Subject: [PATCH 31/54] proc: Use underscores for SSBD in 'status'
4 
+
5 
+commit e96f46ee8587607a828f783daa6eb5b44d25004d upstream
6 
+
7 
+The style for the 'status' file is CamelCase or this. _.
8 
+
9 
+Fixes: fae1fa0fc ("proc: Provide details on speculation flaw mitigations")
10 
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
11 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
12 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
13 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
14 
+---
15 
+ fs/proc/array.c | 2 +-
16 
+ 1 file changed, 1 insertion(+), 1 deletion(-)
17 
+
18 
+diff --git a/fs/proc/array.c b/fs/proc/array.c
19 
+index 3e37195..94f83e7 100644
20 
+--- a/fs/proc/array.c
21 
+@@ -347,7 +347,7 @@ static inline void task_seccomp(struct seq_file *m, struct task_struct *p)
22 
+ #ifdef CONFIG_SECCOMP
23 
+ 	seq_put_decimal_ull(m, "Seccomp:\t", p->seccomp.mode);
24 
+ #endif
25 
+-	seq_printf(m, "\nSpeculation Store Bypass:\t");
26 
++	seq_printf(m, "\nSpeculation_Store_Bypass:\t");
27 
+ 	switch (arch_prctl_spec_ctrl_get(p, PR_SPEC_STORE_BYPASS)) {
28 
+ 	case -EINVAL:
29 
+ 		seq_printf(m, "unknown");
30 
+--
31 
+2.7.4
32 
+
SPECS/linux/speculative-store-bypass/0032-Documentation-spec_ctrl-Do-some-minor-cleanups.patch
History View file @ c3d25b5
0 33 
new file mode 100644
... ... 
@@ -0,0 +1,87 @@
0 
+From 4d01ab5d2407e797f7dbac38e3adfc5f5169073f Mon Sep 17 00:00:00 2001
1 
+From: Borislav Petkov <bp@suse.de>
2 
+Date: Tue, 8 May 2018 15:43:45 +0200
3 
+Subject: [PATCH 32/54] Documentation/spec_ctrl: Do some minor cleanups
4 
+
5 
+commit dd0792699c4058e63c0715d9a7c2d40226fcdddc upstream
6 
+
7 
+Fix some typos, improve formulations, end sentences with a fullstop.
8 
+
9 
+Signed-off-by: Borislav Petkov <bp@suse.de>
10 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
11 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
12 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
13 
+---
14 
+ Documentation/spec_ctrl.txt | 24 ++++++++++++------------
15 
+ 1 file changed, 12 insertions(+), 12 deletions(-)
16 
+
17 
+diff --git a/Documentation/spec_ctrl.txt b/Documentation/spec_ctrl.txt
18 
+index 1b3690d..32f3d55 100644
19 
+--- a/Documentation/spec_ctrl.txt
20 
+@@ -2,13 +2,13 @@
21 
+ Speculation Control
22 
+ ===================
23 
+
24 
+-Quite some CPUs have speculation related misfeatures which are in fact
25 
+-vulnerabilites causing data leaks in various forms even accross privilege
26 
+-domains.
27 
++Quite some CPUs have speculation-related misfeatures which are in
28 
++fact vulnerabilities causing data leaks in various forms even across
29 
++privilege domains.
30 
+
31 
+ The kernel provides mitigation for such vulnerabilities in various
32 
+-forms. Some of these mitigations are compile time configurable and some on
33 
+-the kernel command line.
34 
++forms. Some of these mitigations are compile-time configurable and some
35 
++can be supplied on the kernel command line.
36 
+
37 
+ There is also a class of mitigations which are very expensive, but they can
38 
+ be restricted to a certain set of processes or tasks in controlled
39 
+@@ -32,18 +32,18 @@ the following meaning:
40 
+ Bit  Define                Description
41 
+ ==== ===================== ===================================================
42 
+ 0    PR_SPEC_PRCTL         Mitigation can be controlled per task by
43 
+-                           PR_SET_SPECULATION_CTRL
44 
++                           PR_SET_SPECULATION_CTRL.
45 
+ 1    PR_SPEC_ENABLE        The speculation feature is enabled, mitigation is
46 
+-                           disabled
47 
++                           disabled.
48 
+ 2    PR_SPEC_DISABLE       The speculation feature is disabled, mitigation is
49 
+-                           enabled
50 
++                           enabled.
51 
+ 3    PR_SPEC_FORCE_DISABLE Same as PR_SPEC_DISABLE, but cannot be undone. A
52 
+                            subsequent prctl(..., PR_SPEC_ENABLE) will fail.
53 
+ ==== ===================== ===================================================
54 
+
55 
+ If all bits are 0 the CPU is not affected by the speculation misfeature.
56 
+
57 
+-If PR_SPEC_PRCTL is set, then the per task control of the mitigation is
58 
++If PR_SPEC_PRCTL is set, then the per-task control of the mitigation is
59 
+ available. If not set, prctl(PR_SET_SPECULATION_CTRL) for the speculation
60 
+ misfeature will fail.
61 
+
62 
+@@ -61,9 +61,9 @@ Common error codes
63 
+ Value   Meaning
64 
+ ======= =================================================================
65 
+ EINVAL  The prctl is not implemented by the architecture or unused
66 
+-        prctl(2) arguments are not 0
67 
++        prctl(2) arguments are not 0.
68 
+
69 
+-ENODEV  arg2 is selecting a not supported speculation misfeature
70 
++ENODEV  arg2 is selecting a not supported speculation misfeature.
71 
+ ======= =================================================================
72 
+
73 
+ PR_SET_SPECULATION_CTRL error codes
74 
+@@ -74,7 +74,7 @@ Value   Meaning
75 
+ 0       Success
76 
+
77 
+ ERANGE  arg3 is incorrect, i.e. it's neither PR_SPEC_ENABLE nor
78 
+-        PR_SPEC_DISABLE nor PR_SPEC_FORCE_DISABLE
79 
++        PR_SPEC_DISABLE nor PR_SPEC_FORCE_DISABLE.
80 
+
81 
+ ENXIO   Control of the selected speculation misfeature is not possible.
82 
+         See PR_GET_SPECULATION_CTRL.
83 
+--
84 
+2.7.4
85 
+
SPECS/linux/speculative-store-bypass/0033-x86-bugs-Fix-__ssb_select_mitigation-return-type.patch
History View file @ c3d25b5
0 86 
new file mode 100644
... ... 
@@ -0,0 +1,35 @@
0 
+From 721940f2f2f86c7d0303681a6729d67c52276436 Mon Sep 17 00:00:00 2001
1 
+From: Jiri Kosina <jkosina@suse.cz>
2 
+Date: Thu, 10 May 2018 22:47:18 +0200
3 
+Subject: [PATCH 33/54] x86/bugs: Fix __ssb_select_mitigation() return type
4 
+
5 
+commit d66d8ff3d21667b41eddbe86b35ab411e40d8c5f upstream
6 
+
7 
+__ssb_select_mitigation() returns one of the members of enum ssb_mitigation,
8 
+not ssb_mitigation_cmd; fix the prototype to reflect that.
9 
+
10 
+Fixes: 24f7fc83b9204 ("x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation")
11 
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
12 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
13 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
14 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
15 
+---
16 
+ arch/x86/kernel/cpu/bugs.c | 2 +-
17 
+ 1 file changed, 1 insertion(+), 1 deletion(-)
18 
+
19 
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
20 
+index ae6f9ba..c7b4d11 100644
21 
+--- a/arch/x86/kernel/cpu/bugs.c
22 
+@@ -467,7 +467,7 @@ static enum ssb_mitigation_cmd __init ssb_parse_cmdline(void)
23 
+ 	return cmd;
24 
+ }
25 
+
26 
+-static enum ssb_mitigation_cmd __init __ssb_select_mitigation(void)
27 
++static enum ssb_mitigation __init __ssb_select_mitigation(void)
28 
+ {
29 
+ 	enum ssb_mitigation mode = SPEC_STORE_BYPASS_NONE;
30 
+ 	enum ssb_mitigation_cmd cmd;
31 
+--
32 
+2.7.4
33 
+
SPECS/linux/speculative-store-bypass/0034-x86-bugs-Make-cpu_show_common-static.patch
History View file @ c3d25b5
0 34 
new file mode 100644
... ... 
@@ -0,0 +1,34 @@
0 
+From 91c8d38470acf7b6b4a26087add879f512305237 Mon Sep 17 00:00:00 2001
1 
+From: Jiri Kosina <jkosina@suse.cz>
2 
+Date: Thu, 10 May 2018 22:47:32 +0200
3 
+Subject: [PATCH 34/54] x86/bugs: Make cpu_show_common() static
4 
+
5 
+commit 7bb4d366cba992904bffa4820d24e70a3de93e76 upstream
6 
+
7 
+cpu_show_common() is not used outside of arch/x86/kernel/cpu/bugs.c, so
8 
+make it static.
9 
+
10 
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
11 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
12 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
13 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
14 
+---
15 
+ arch/x86/kernel/cpu/bugs.c | 2 +-
16 
+ 1 file changed, 1 insertion(+), 1 deletion(-)
17 
+
18 
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
19 
+index c7b4d11..8187642 100644
20 
+--- a/arch/x86/kernel/cpu/bugs.c
21 
+@@ -639,7 +639,7 @@ void x86_spec_ctrl_setup_ap(void)
22 
+
23 
+ #ifdef CONFIG_SYSFS
24 
+
25 
+-ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr,
26 
++static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr,
27 
+ 			char *buf, unsigned int bug)
28 
+ {
29 
+ 	if (!boot_cpu_has_bug(bug))
30 
+--
31 
+2.7.4
32 
+
SPECS/linux/speculative-store-bypass/0035-x86-bugs-Fix-the-parameters-alignment-and-missing-vo.patch
History View file @ c3d25b5
0 33 
new file mode 100644
... ... 
@@ -0,0 +1,42 @@
0 
+From a972acb35aa7282fc471ec9ce4274547f5791460 Mon Sep 17 00:00:00 2001
1 
+From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
2 
+Date: Fri, 11 May 2018 16:50:35 -0400
3 
+Subject: [PATCH 35/54] x86/bugs: Fix the parameters alignment and missing void
4 
+
5 
+commit ffed645e3be0e32f8e9ab068d257aee8d0fe8eec upstream
6 
+
7 
+Fixes: 7bb4d366c ("x86/bugs: Make cpu_show_common() static")
8 
+Fixes: 24f7fc83b ("x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation")
9 
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
10 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
11 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
12 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
13 
+---
14 
+ arch/x86/kernel/cpu/bugs.c | 4 ++--
15 
+ 1 file changed, 2 insertions(+), 2 deletions(-)
16 
+
17 
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
18 
+index 8187642..4f8c88e 100644
19 
+--- a/arch/x86/kernel/cpu/bugs.c
20 
+@@ -530,7 +530,7 @@ static enum ssb_mitigation __init __ssb_select_mitigation(void)
21 
+ 	return mode;
22 
+ }
23 
+
24 
+-static void ssb_select_mitigation()
25 
++static void ssb_select_mitigation(void)
26 
+ {
27 
+ 	ssb_mode = __ssb_select_mitigation();
28 
+
29 
+@@ -640,7 +640,7 @@ void x86_spec_ctrl_setup_ap(void)
30 
+ #ifdef CONFIG_SYSFS
31 
+
32 
+ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr,
33 
+-			char *buf, unsigned int bug)
34 
++			       char *buf, unsigned int bug)
35 
+ {
36 
+ 	if (!boot_cpu_has_bug(bug))
37 
+ 		return sprintf(buf, "Not affected\n");
38 
+--
39 
+2.7.4
40 
+
SPECS/linux/speculative-store-bypass/0036-x86-cpu-Make-alternative_msr_write-work-for-32-bit-c.patch
History View file @ c3d25b5
0 41 
new file mode 100644
... ... 
@@ -0,0 +1,42 @@
0 
+From de18dfe897c77e37a955b82998ea832d2d1273ab Mon Sep 17 00:00:00 2001
1 
+From: Jim Mattson <jmattson@google.com>
2 
+Date: Sun, 13 May 2018 17:33:57 -0400
3 
+Subject: [PATCH 36/54] x86/cpu: Make alternative_msr_write work for 32-bit
4 
+ code
5 
+
6 
+commit 5f2b745f5e1304f438f9b2cd03ebc8120b6e0d3b upstream
7 
+
8 
+Cast val and (val >> 32) to (u32), so that they fit in a
9 
+general-purpose register in both 32-bit and 64-bit code.
10 
+
11 
+[ tglx: Made it u32 instead of uintptr_t ]
12 
+
13 
+Fixes: c65732e4f721 ("x86/cpu: Restore CPUID_8000_0008_EBX reload")
14 
+Signed-off-by: Jim Mattson <jmattson@google.com>
15 
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
16 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
17 
+Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
18 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
19 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
20 
+---
21 
+ arch/x86/include/asm/nospec-branch.h | 4 ++--
22 
+ 1 file changed, 2 insertions(+), 2 deletions(-)
23 
+
24 
+diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
25 
+index 328ea3c..bc258e6 100644
26 
+--- a/arch/x86/include/asm/nospec-branch.h
27 
+@@ -265,8 +265,8 @@ void alternative_msr_write(unsigned int msr, u64 val, unsigned int feature)
28 
+ {
29 
+ 	asm volatile(ALTERNATIVE("", "wrmsr", %c[feature])
30 
+ 		: : "c" (msr),
31 
+-		    "a" (val),
32 
+-		    "d" (val >> 32),
33 
++		    "a" ((u32)val),
34 
++		    "d" ((u32)(val >> 32)),
35 
+ 		    [feature] "i" (feature)
36 
+ 		: "memory");
37 
+ }
38 
+--
39 
+2.7.4
40 
+
SPECS/linux/speculative-store-bypass/0037-KVM-SVM-Move-spec-control-call-after-restore-of-GS.patch
History View file @ c3d25b5
0 41 
new file mode 100644
... ... 
@@ -0,0 +1,70 @@
0 
+From f30da25e77ba42e685d370e695759910625a885c Mon Sep 17 00:00:00 2001
1 
+From: Thomas Gleixner <tglx@linutronix.de>
2 
+Date: Fri, 11 May 2018 15:21:01 +0200
3 
+Subject: [PATCH 37/54] KVM: SVM: Move spec control call after restore of GS
4 
+
5 
+commit 15e6c22fd8e5a42c5ed6d487b7c9fe44c2517765 upstream
6 
+
7 
+svm_vcpu_run() invokes x86_spec_ctrl_restore_host() after VMEXIT, but
8 
+before the host GS is restored. x86_spec_ctrl_restore_host() uses 'current'
9 
+to determine the host SSBD state of the thread. 'current' is GS based, but
10 
+host GS is not yet restored and the access causes a triple fault.
11 
+
12 
+Move the call after the host GS restore.
13 
+
14 
+Fixes: 885f82bfbc6f x86/process: Allow runtime control of Speculative Store Bypass
15 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
16 
+Reviewed-by: Borislav Petkov <bp@suse.de>
17 
+Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
18 
+Acked-by: Paolo Bonzini <pbonzini@redhat.com>
19 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
20 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
21 
+---
22 
+ arch/x86/kvm/svm.c | 24 ++++++++++++------------
23 
+ 1 file changed, 12 insertions(+), 12 deletions(-)
24 
+
25 
+diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
26 
+index 516ddff..d1a4321 100644
27 
+--- a/arch/x86/kvm/svm.c
28 
+@@ -5011,6 +5011,18 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
29 
+ #endif
30 
+ 		);
31 
+
32 
++	/* Eliminate branch target predictions from guest mode */
33 
++	vmexit_fill_RSB();
34 
++
35 
++#ifdef CONFIG_X86_64
36 
++	wrmsrl(MSR_GS_BASE, svm->host.gs_base);
37 
++#else
38 
++	loadsegment(fs, svm->host.fs);
39 
++#ifndef CONFIG_X86_32_LAZY_GS
40 
++	loadsegment(gs, svm->host.gs);
41 
++#endif
42 
++#endif
43 
++
44 
+ 	/*
45 
+ 	 * We do not use IBRS in the kernel. If this vCPU has used the
46 
+ 	 * SPEC_CTRL MSR it may have left it on; save the value and
47 
+@@ -5031,18 +5043,6 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
48 
+
49 
+ 	x86_spec_ctrl_restore_host(svm->spec_ctrl);
50 
+
51 
+-	/* Eliminate branch target predictions from guest mode */
52 
+-	vmexit_fill_RSB();
53 
+-
54 
+-#ifdef CONFIG_X86_64
55 
+-	wrmsrl(MSR_GS_BASE, svm->host.gs_base);
56 
+-#else
57 
+-	loadsegment(fs, svm->host.fs);
58 
+-#ifndef CONFIG_X86_32_LAZY_GS
59 
+-	loadsegment(gs, svm->host.gs);
60 
+-#endif
61 
+-#endif
62 
+-
63 
+ 	reload_tss(vcpu);
64 
+
65 
+ 	local_irq_disable();
66 
+--
67 
+2.7.4
68 
+
SPECS/linux/speculative-store-bypass/0038-x86-speculation-Use-synthetic-bits-for-IBRS-IBPB-STI.patch
History View file @ c3d25b5
0 69 
new file mode 100644
... ... 
@@ -0,0 +1,156 @@
0 
+From d359a8adfc5e7974969b45eaeb8569621b1dbe12 Mon Sep 17 00:00:00 2001
1 
+From: Borislav Petkov <bp@suse.de>
2 
+Date: Wed, 2 May 2018 18:15:14 +0200
3 
+Subject: [PATCH 38/54] x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
4 
+MIME-Version: 1.0
5 
+Content-Type: text/plain; charset=UTF-8
6 
+Content-Transfer-Encoding: 8bit
7 
+
8 
+commit e7c587da125291db39ddf1f49b18e5970adbac17 upstream
9 
+
10 
+Intel and AMD have different CPUID bits hence for those use synthetic bits
11 
+which get set on the respective vendor's in init_speculation_control(). So
12 
+that debacles like what the commit message of
13 
+
14 
+  c65732e4f721 ("x86/cpu: Restore CPUID_8000_0008_EBX reload")
15 
+
16 
+talks about don't happen anymore.
17 
+
18 
+Signed-off-by: Borislav Petkov <bp@suse.de>
19 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
20 
+Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
21 
+Tested-by: Jörg Otte <jrg.otte@gmail.com>
22 
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
23 
+Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
24 
+Link: https://lkml.kernel.org/r/20180504161815.GG9257@pd.tnic
25 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
26 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
27 
+---
28 
+ arch/x86/include/asm/cpufeatures.h | 12 ++++++++----
29 
+ arch/x86/kernel/cpu/common.c       | 14 ++++++++++----
30 
+ arch/x86/kvm/cpuid.c               | 10 +++++-----
31 
+ arch/x86/kvm/cpuid.h               |  4 ++--
32 
+ 4 files changed, 25 insertions(+), 15 deletions(-)
33 
+
34 
+diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
35 
+index 0ed8ea5..059437a 100644
36 
+--- a/arch/x86/include/asm/cpufeatures.h
37 
+@@ -205,7 +205,10 @@
38 
+ #define X86_FEATURE_USE_IBPB	( 7*32+21) /* "" Indirect Branch Prediction Barrier enabled */
39 
+ #define X86_FEATURE_USE_IBRS_FW	( 7*32+22) /* "" Use IBRS during runtime firmware calls */
40 
+ #define X86_FEATURE_SPEC_STORE_BYPASS_DISABLE ( 7*32+23) /* "" Disable Speculative Store Bypass. */
41 
+-#define X86_FEATURE_AMD_SSBD	(7*32+24)  /* "" AMD SSBD implementation */
42 
++#define X86_FEATURE_AMD_SSBD	( 7*32+24) /* "" AMD SSBD implementation */
43 
++#define X86_FEATURE_IBRS	( 7*32+25) /* Indirect Branch Restricted Speculation */
44 
++#define X86_FEATURE_IBPB	( 7*32+26) /* Indirect Branch Prediction Barrier */
45 
++#define X86_FEATURE_STIBP	( 7*32+27) /* Single Thread Indirect Branch Predictors */
46 
+
47 
+ /* Virtualization flags: Linux defined, word 8 */
48 
+ #define X86_FEATURE_TPR_SHADOW  ( 8*32+ 0) /* Intel TPR Shadow */
49 
+@@ -263,9 +266,9 @@
50 
+ /* AMD-defined CPU features, CPUID level 0x80000008 (ebx), word 13 */
51 
+ #define X86_FEATURE_CLZERO	(13*32+0) /* CLZERO instruction */
52 
+ #define X86_FEATURE_IRPERF	(13*32+1) /* Instructions Retired Count */
53 
+-#define X86_FEATURE_IBPB	(13*32+12) /* Indirect Branch Prediction Barrier */
54 
+-#define X86_FEATURE_IBRS	(13*32+14) /* Indirect Branch Restricted Speculation */
55 
+-#define X86_FEATURE_STIBP	(13*32+15) /* Single Thread Indirect Branch Predictors */
56 
++#define X86_FEATURE_AMD_IBPB	(13*32+12) /* Indirect Branch Prediction Barrier */
57 
++#define X86_FEATURE_AMD_IBRS	(13*32+14) /* Indirect Branch Restricted Speculation */
58 
++#define X86_FEATURE_AMD_STIBP	(13*32+15) /* Single Thread Indirect Branch Predictors */
59 
+
60 
+ /* Thermal and Power Management Leaf, CPUID level 0x00000006 (eax), word 14 */
61 
+ #define X86_FEATURE_DTHERM	(14*32+ 0) /* Digital Thermal Sensor */
62 
+@@ -301,6 +304,7 @@
63 
+ #define X86_FEATURE_SUCCOR	(17*32+1) /* Uncorrectable error containment and recovery */
64 
+ #define X86_FEATURE_SMCA	(17*32+3) /* Scalable MCA */
65 
+
66 
++
67 
+ /* Intel-defined CPU features, CPUID level 0x00000007:0 (EDX), word 18 */
68 
+ #define X86_FEATURE_AVX512_4VNNIW	(18*32+ 2) /* AVX-512 Neural Network Instructions */
69 
+ #define X86_FEATURE_AVX512_4FMAPS	(18*32+ 3) /* AVX-512 Multiply Accumulation Single precision */
70 
+diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
71 
+index d0dd736..67bfa3c 100644
72 
+--- a/arch/x86/kernel/cpu/common.c
73 
+@@ -725,17 +725,23 @@ static void init_speculation_control(struct cpuinfo_x86 *c)
74 
+ 	 * and they also have a different bit for STIBP support. Also,
75 
+ 	 * a hypervisor might have set the individual AMD bits even on
76 
+ 	 * Intel CPUs, for finer-grained selection of what's available.
77 
+-	 *
78 
+-	 * We use the AMD bits in 0x8000_0008 EBX as the generic hardware
79 
+-	 * features, which are visible in /proc/cpuinfo and used by the
80 
+-	 * kernel. So set those accordingly from the Intel bits.
81 
+ 	 */
82 
+ 	if (cpu_has(c, X86_FEATURE_SPEC_CTRL)) {
83 
+ 		set_cpu_cap(c, X86_FEATURE_IBRS);
84 
+ 		set_cpu_cap(c, X86_FEATURE_IBPB);
85 
+ 	}
86 
++
87 
+ 	if (cpu_has(c, X86_FEATURE_INTEL_STIBP))
88 
+ 		set_cpu_cap(c, X86_FEATURE_STIBP);
89 
++
90 
++	if (cpu_has(c, X86_FEATURE_AMD_IBRS))
91 
++		set_cpu_cap(c, X86_FEATURE_IBRS);
92 
++
93 
++	if (cpu_has(c, X86_FEATURE_AMD_IBPB))
94 
++		set_cpu_cap(c, X86_FEATURE_IBPB);
95 
++
96 
++	if (cpu_has(c, X86_FEATURE_AMD_STIBP))
97 
++		set_cpu_cap(c, X86_FEATURE_STIBP);
98 
+ }
99 
+
100 
+ void get_cpu_cap(struct cpuinfo_x86 *c)
101 
+diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
102 
+index 18e6db5..910c2db 100644
103 
+--- a/arch/x86/kvm/cpuid.c
104 
+@@ -357,7 +357,7 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
105 
+
106 
+ 	/* cpuid 0x80000008.ebx */
107 
+ 	const u32 kvm_cpuid_8000_0008_ebx_x86_features =
108 
+-		F(IBPB) | F(IBRS);
109 
++		F(AMD_IBPB) | F(AMD_IBRS);
110 
+
111 
+ 	/* cpuid 0xC0000001.edx */
112 
+ 	const u32 kvm_cpuid_C000_0001_edx_x86_features =
113 
+@@ -619,10 +619,10 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
114 
+ 		entry->eax = g_phys_as | (virt_as << 8);
115 
+ 		entry->edx = 0;
116 
+ 		/* IBRS and IBPB aren't necessarily present in hardware cpuid */
117 
+-		if (boot_cpu_has(X86_FEATURE_IBPB))
118 
+-			entry->ebx |= F(IBPB);
119 
+-		if (boot_cpu_has(X86_FEATURE_IBRS))
120 
+-			entry->ebx |= F(IBRS);
121 
++		if (boot_cpu_has(X86_FEATURE_AMD_IBPB))
122 
++			entry->ebx |= F(AMD_IBPB);
123 
++		if (boot_cpu_has(X86_FEATURE_AMD_IBRS))
124 
++			entry->ebx |= F(AMD_IBRS);
125 
+ 		entry->ebx &= kvm_cpuid_8000_0008_ebx_x86_features;
126 
+ 		cpuid_mask(&entry->ebx, CPUID_8000_0008_EBX);
127 
+ 		break;
128 
+diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h
129 
+index aedeb6c..eb47c37 100644
130 
+--- a/arch/x86/kvm/cpuid.h
131 
+@@ -165,7 +165,7 @@ static inline bool guest_cpuid_has_ibpb(struct kvm_vcpu *vcpu)
132 
+ 	struct kvm_cpuid_entry2 *best;
133 
+
134 
+ 	best = kvm_find_cpuid_entry(vcpu, 0x80000008, 0);
135 
+-	if (best && (best->ebx & bit(X86_FEATURE_IBPB)))
136 
++	if (best && (best->ebx & bit(X86_FEATURE_AMD_IBPB)))
137 
+ 		return true;
138 
+ 	best = kvm_find_cpuid_entry(vcpu, 7, 0);
139 
+ 	return best && (best->edx & bit(X86_FEATURE_SPEC_CTRL));
140 
+@@ -176,7 +176,7 @@ static inline bool guest_cpuid_has_spec_ctrl(struct kvm_vcpu *vcpu)
141 
+ 	struct kvm_cpuid_entry2 *best;
142 
+
143 
+ 	best = kvm_find_cpuid_entry(vcpu, 0x80000008, 0);
144 
+-	if (best && (best->ebx & bit(X86_FEATURE_IBRS)))
145 
++	if (best && (best->ebx & bit(X86_FEATURE_AMD_IBRS)))
146 
+ 		return true;
147 
+ 	best = kvm_find_cpuid_entry(vcpu, 7, 0);
148 
+ 	return best && (best->edx & (bit(X86_FEATURE_SPEC_CTRL) | bit(X86_FEATURE_SSBD)));
149 
+--
150 
+2.7.4
151 
+
SPECS/linux/speculative-store-bypass/0039-x86-cpufeatures-Disentangle-MSR_SPEC_CTRL-enumeratio.patch
History View file @ c3d25b5
0 152 
new file mode 100644
... ... 
@@ -0,0 +1,155 @@
0 
+From 0197f009f7ddca5784d0b4a00529dad84c09cbc6 Mon Sep 17 00:00:00 2001
1 
+From: Thomas Gleixner <tglx@linutronix.de>
2 
+Date: Thu, 10 May 2018 19:13:18 +0200
3 
+Subject: [PATCH 39/54] x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration
4 
+ from IBRS
5 
+
6 
+commit 7eb8956a7fec3c1f0abc2a5517dada99ccc8a961 upstream
7 
+
8 
+The availability of the SPEC_CTRL MSR is enumerated by a CPUID bit on
9 
+Intel and implied by IBRS or STIBP support on AMD. That's just confusing
10 
+and in case an AMD CPU has IBRS not supported because the underlying
11 
+problem has been fixed but has another bit valid in the SPEC_CTRL MSR,
12 
+the thing falls apart.
13 
+
14 
+Add a synthetic feature bit X86_FEATURE_MSR_SPEC_CTRL to denote the
15 
+availability on both Intel and AMD.
16 
+
17 
+While at it replace the boot_cpu_has() checks with static_cpu_has() where
18 
+possible. This prevents late microcode loading from exposing SPEC_CTRL, but
19 
+late loading is already very limited as it does not reevaluate the
20 
+mitigation options and other bits and pieces. Having static_cpu_has() is
21 
+the simplest and least fragile solution.
22 
+
23 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
24 
+Reviewed-by: Borislav Petkov <bp@suse.de>
25 
+Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
26 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
27 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
28 
+---
29 
+ arch/x86/include/asm/cpufeatures.h |  2 ++
30 
+ arch/x86/kernel/cpu/bugs.c         | 18 +++++++++++-------
31 
+ arch/x86/kernel/cpu/common.c       |  9 +++++++--
32 
+ arch/x86/kernel/cpu/intel.c        |  1 +
33 
+ 4 files changed, 21 insertions(+), 9 deletions(-)
34 
+
35 
+diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
36 
+index 059437a..ca0f33f 100644
37 
+--- a/arch/x86/include/asm/cpufeatures.h
38 
+@@ -197,6 +197,8 @@
39 
+ #define X86_FEATURE_RETPOLINE	( 7*32+12) /* "" Generic Retpoline mitigation for Spectre variant 2 */
40 
+ #define X86_FEATURE_RETPOLINE_AMD ( 7*32+13) /* "" AMD Retpoline mitigation for Spectre variant 2 */
41 
+
42 
++#define X86_FEATURE_MSR_SPEC_CTRL ( 7*32+16) /* "" MSR SPEC_CTRL is implemented */
43 
++
44 
+ #define X86_FEATURE_RSB_CTXSW	( 7*32+19) /* "" Fill RSB on context switches */
45 
+
46 
+ /* Because the ALTERNATIVE scheme is for members of the X86_FEATURE club... */
47 
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
48 
+index 4f8c88e..59649310 100644
49 
+--- a/arch/x86/kernel/cpu/bugs.c
50 
+@@ -63,7 +63,7 @@ void __init check_bugs(void)
51 
+ 	 * have unknown values. AMD64_LS_CFG MSR is cached in the early AMD
52 
+ 	 * init code as it is not enumerated and depends on the family.
53 
+ 	 */
54 
+-	if (boot_cpu_has(X86_FEATURE_IBRS))
55 
++	if (boot_cpu_has(X86_FEATURE_MSR_SPEC_CTRL))
56 
+ 		rdmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
57 
+
58 
+ 	/* Select the proper spectre mitigation before patching alternatives */
59 
+@@ -144,7 +144,7 @@ u64 x86_spec_ctrl_get_default(void)
60 
+ {
61 
+ 	u64 msrval = x86_spec_ctrl_base;
62 
+
63 
+-	if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL)
64 
++	if (static_cpu_has(X86_FEATURE_SPEC_CTRL))
65 
+ 		msrval |= ssbd_tif_to_spec_ctrl(current_thread_info()->flags);
66 
+ 	return msrval;
67 
+ }
68 
+@@ -154,10 +154,12 @@ void x86_spec_ctrl_set_guest(u64 guest_spec_ctrl)
69 
+ {
70 
+ 	u64 host = x86_spec_ctrl_base;
71 
+
72 
+-	if (!boot_cpu_has(X86_FEATURE_IBRS))
73 
++	/* Is MSR_SPEC_CTRL implemented ? */
74 
++	if (!static_cpu_has(X86_FEATURE_MSR_SPEC_CTRL))
75 
+ 		return;
76 
+
77 
+-	if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL)
78 
++	/* Intel controls SSB in MSR_SPEC_CTRL */
79 
++	if (static_cpu_has(X86_FEATURE_SPEC_CTRL))
80 
+ 		host |= ssbd_tif_to_spec_ctrl(current_thread_info()->flags);
81 
+
82 
+ 	if (host != guest_spec_ctrl)
83 
+@@ -169,10 +171,12 @@ void x86_spec_ctrl_restore_host(u64 guest_spec_ctrl)
84 
+ {
85 
+ 	u64 host = x86_spec_ctrl_base;
86 
+
87 
+-	if (!boot_cpu_has(X86_FEATURE_IBRS))
88 
++	/* Is MSR_SPEC_CTRL implemented ? */
89 
++	if (!static_cpu_has(X86_FEATURE_MSR_SPEC_CTRL))
90 
+ 		return;
91 
+
92 
+-	if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL)
93 
++	/* Intel controls SSB in MSR_SPEC_CTRL */
94 
++	if (static_cpu_has(X86_FEATURE_SPEC_CTRL))
95 
+ 		host |= ssbd_tif_to_spec_ctrl(current_thread_info()->flags);
96 
+
97 
+ 	if (host != guest_spec_ctrl)
98 
+@@ -630,7 +634,7 @@ int arch_prctl_spec_ctrl_get(struct task_struct *task, unsigned long which)
99 
+
100 
+ void x86_spec_ctrl_setup_ap(void)
101 
+ {
102 
+-	if (boot_cpu_has(X86_FEATURE_IBRS))
103 
++	if (boot_cpu_has(X86_FEATURE_MSR_SPEC_CTRL))
104 
+ 		x86_spec_ctrl_set(x86_spec_ctrl_base & ~x86_spec_ctrl_mask);
105 
+
106 
+ 	if (ssb_mode == SPEC_STORE_BYPASS_DISABLE)
107 
+diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
108 
+index 67bfa3c..04362282 100644
109 
+--- a/arch/x86/kernel/cpu/common.c
110 
+@@ -729,19 +729,24 @@ static void init_speculation_control(struct cpuinfo_x86 *c)
111 
+ 	if (cpu_has(c, X86_FEATURE_SPEC_CTRL)) {
112 
+ 		set_cpu_cap(c, X86_FEATURE_IBRS);
113 
+ 		set_cpu_cap(c, X86_FEATURE_IBPB);
114 
++		set_cpu_cap(c, X86_FEATURE_MSR_SPEC_CTRL);
115 
+ 	}
116 
+
117 
+ 	if (cpu_has(c, X86_FEATURE_INTEL_STIBP))
118 
+ 		set_cpu_cap(c, X86_FEATURE_STIBP);
119 
+
120 
+-	if (cpu_has(c, X86_FEATURE_AMD_IBRS))
121 
++	if (cpu_has(c, X86_FEATURE_AMD_IBRS)) {
122 
+ 		set_cpu_cap(c, X86_FEATURE_IBRS);
123 
++		set_cpu_cap(c, X86_FEATURE_MSR_SPEC_CTRL);
124 
++	}
125 
+
126 
+ 	if (cpu_has(c, X86_FEATURE_AMD_IBPB))
127 
+ 		set_cpu_cap(c, X86_FEATURE_IBPB);
128 
+
129 
+-	if (cpu_has(c, X86_FEATURE_AMD_STIBP))
130 
++	if (cpu_has(c, X86_FEATURE_AMD_STIBP)) {
131 
+ 		set_cpu_cap(c, X86_FEATURE_STIBP);
132 
++		set_cpu_cap(c, X86_FEATURE_MSR_SPEC_CTRL);
133 
++	}
134 
+ }
135 
+
136 
+ void get_cpu_cap(struct cpuinfo_x86 *c)
137 
+diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
138 
+index 047adaa..7f495e8 100644
139 
+--- a/arch/x86/kernel/cpu/intel.c
140 
+@@ -153,6 +153,7 @@ static void early_init_intel(struct cpuinfo_x86 *c)
141 
+ 		setup_clear_cpu_cap(X86_FEATURE_IBPB);
142 
+ 		setup_clear_cpu_cap(X86_FEATURE_STIBP);
143 
+ 		setup_clear_cpu_cap(X86_FEATURE_SPEC_CTRL);
144 
++		setup_clear_cpu_cap(X86_FEATURE_MSR_SPEC_CTRL);
145 
+ 		setup_clear_cpu_cap(X86_FEATURE_INTEL_STIBP);
146 
+ 		setup_clear_cpu_cap(X86_FEATURE_SSBD);
147 
+ 	}
148 
+--
149 
+2.7.4
150 
+
SPECS/linux/speculative-store-bypass/0040-x86-cpufeatures-Disentangle-SSBD-enumeration.patch
History View file @ c3d25b5
0 151 
new file mode 100644
... ... 
@@ -0,0 +1,163 @@
0 
+From c0374a5d3dcefc7e21ae1ebe2343c88f8e0ff121 Mon Sep 17 00:00:00 2001
1 
+From: Thomas Gleixner <tglx@linutronix.de>
2 
+Date: Thu, 10 May 2018 20:21:36 +0200
3 
+Subject: [PATCH 40/54] x86/cpufeatures: Disentangle SSBD enumeration
4 
+
5 
+commit 52817587e706686fcdb27f14c1b000c92f266c96 upstream
6 
+
7 
+The SSBD enumeration is similarly to the other bits magically shared
8 
+between Intel and AMD though the mechanisms are different.
9 
+
10 
+Make X86_FEATURE_SSBD synthetic and set it depending on the vendor specific
11 
+features or family dependent setup.
12 
+
13 
+Change the Intel bit to X86_FEATURE_SPEC_CTRL_SSBD to denote that SSBD is
14 
+controlled via MSR_SPEC_CTRL and fix up the usage sites.
15 
+
16 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
17 
+Reviewed-by: Borislav Petkov <bp@suse.de>
18 
+Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
19 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
20 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
21 
+---
22 
+ arch/x86/include/asm/cpufeatures.h |  5 +++--
23 
+ arch/x86/kernel/cpu/amd.c          |  7 +------
24 
+ arch/x86/kernel/cpu/bugs.c         | 10 +++++-----
25 
+ arch/x86/kernel/cpu/common.c       |  3 +++
26 
+ arch/x86/kernel/cpu/intel.c        |  1 +
27 
+ arch/x86/kernel/process.c          |  2 +-
28 
+ 6 files changed, 14 insertions(+), 14 deletions(-)
29 
+
30 
+diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
31 
+index ca0f33f..d071767 100644
32 
+--- a/arch/x86/include/asm/cpufeatures.h
33 
+@@ -198,6 +198,7 @@
34 
+ #define X86_FEATURE_RETPOLINE_AMD ( 7*32+13) /* "" AMD Retpoline mitigation for Spectre variant 2 */
35 
+
36 
+ #define X86_FEATURE_MSR_SPEC_CTRL ( 7*32+16) /* "" MSR SPEC_CTRL is implemented */
37 
++#define X86_FEATURE_SSBD	( 7*32+17) /* Speculative Store Bypass Disable */
38 
+
39 
+ #define X86_FEATURE_RSB_CTXSW	( 7*32+19) /* "" Fill RSB on context switches */
40 
+
41 
+@@ -207,7 +208,7 @@
42 
+ #define X86_FEATURE_USE_IBPB	( 7*32+21) /* "" Indirect Branch Prediction Barrier enabled */
43 
+ #define X86_FEATURE_USE_IBRS_FW	( 7*32+22) /* "" Use IBRS during runtime firmware calls */
44 
+ #define X86_FEATURE_SPEC_STORE_BYPASS_DISABLE ( 7*32+23) /* "" Disable Speculative Store Bypass. */
45 
+-#define X86_FEATURE_AMD_SSBD	( 7*32+24) /* "" AMD SSBD implementation */
46 
++#define X86_FEATURE_LS_CFG_SSBD	( 7*32+24) /* "" AMD SSBD implementation */
47 
+ #define X86_FEATURE_IBRS	( 7*32+25) /* Indirect Branch Restricted Speculation */
48 
+ #define X86_FEATURE_IBPB	( 7*32+26) /* Indirect Branch Prediction Barrier */
49 
+ #define X86_FEATURE_STIBP	( 7*32+27) /* Single Thread Indirect Branch Predictors */
50 
+@@ -314,7 +315,7 @@
51 
+ #define X86_FEATURE_SPEC_CTRL		(18*32+26) /* "" Speculation Control (IBRS + IBPB) */
52 
+ #define X86_FEATURE_INTEL_STIBP		(18*32+27) /* "" Single Thread Indirect Branch Predictors */
53 
+ #define X86_FEATURE_ARCH_CAPABILITIES	(18*32+29) /* IA32_ARCH_CAPABILITIES MSR (Intel) */
54 
+-#define X86_FEATURE_SSBD		(18*32+31) /* Speculative Store Bypass Disable */
55 
++#define X86_FEATURE_SPEC_CTRL_SSBD	(18*32+31) /* "" Speculative Store Bypass Disable */
56 
+
57 
+ /*
58 
+  * BUG word(s)
59 
+diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
60 
+index acb2fcc..179d572 100644
61 
+--- a/arch/x86/kernel/cpu/amd.c
62 
+@@ -558,8 +558,8 @@ static void bsp_init_amd(struct cpuinfo_x86 *c)
63 
+ 		 * avoid RMW. If that faults, do not enable SSBD.
64 
+ 		 */
65 
+ 		if (!rdmsrl_safe(MSR_AMD64_LS_CFG, &x86_amd_ls_cfg_base)) {
66 
++			setup_force_cpu_cap(X86_FEATURE_LS_CFG_SSBD);
67 
+ 			setup_force_cpu_cap(X86_FEATURE_SSBD);
68 
+-			setup_force_cpu_cap(X86_FEATURE_AMD_SSBD);
69 
+ 			x86_amd_ls_cfg_ssbd_mask = 1ULL << bit;
70 
+ 		}
71 
+ 	}
72 
+@@ -848,11 +848,6 @@ static void init_amd(struct cpuinfo_x86 *c)
73 
+ 	/* AMD CPUs don't reset SS attributes on SYSRET, Xen does. */
74 
+ 	if (!cpu_has(c, X86_FEATURE_XENPV))
75 
+ 		set_cpu_bug(c, X86_BUG_SYSRET_SS_ATTRS);
76 
+-
77 
+-	if (boot_cpu_has(X86_FEATURE_AMD_SSBD)) {
78 
+-		set_cpu_cap(c, X86_FEATURE_SSBD);
79 
+-		set_cpu_cap(c, X86_FEATURE_AMD_SSBD);
80 
+-	}
81 
+ }
82 
+
83 
+ #ifdef CONFIG_X86_32
84 
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
85 
+index 59649310..15a6c58 100644
86 
+--- a/arch/x86/kernel/cpu/bugs.c
87 
+@@ -158,8 +158,8 @@ void x86_spec_ctrl_set_guest(u64 guest_spec_ctrl)
88 
+ 	if (!static_cpu_has(X86_FEATURE_MSR_SPEC_CTRL))
89 
+ 		return;
90 
+
91 
+-	/* Intel controls SSB in MSR_SPEC_CTRL */
92 
+-	if (static_cpu_has(X86_FEATURE_SPEC_CTRL))
93 
++	/* SSBD controlled in MSR_SPEC_CTRL */
94 
++	if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD))
95 
+ 		host |= ssbd_tif_to_spec_ctrl(current_thread_info()->flags);
96 
+
97 
+ 	if (host != guest_spec_ctrl)
98 
+@@ -175,8 +175,8 @@ void x86_spec_ctrl_restore_host(u64 guest_spec_ctrl)
99 
+ 	if (!static_cpu_has(X86_FEATURE_MSR_SPEC_CTRL))
100 
+ 		return;
101 
+
102 
+-	/* Intel controls SSB in MSR_SPEC_CTRL */
103 
+-	if (static_cpu_has(X86_FEATURE_SPEC_CTRL))
104 
++	/* SSBD controlled in MSR_SPEC_CTRL */
105 
++	if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD))
106 
+ 		host |= ssbd_tif_to_spec_ctrl(current_thread_info()->flags);
107 
+
108 
+ 	if (host != guest_spec_ctrl)
109 
+@@ -188,7 +188,7 @@ static void x86_amd_ssb_disable(void)
110 
+ {
111 
+ 	u64 msrval = x86_amd_ls_cfg_base | x86_amd_ls_cfg_ssbd_mask;
112 
+
113 
+-	if (boot_cpu_has(X86_FEATURE_AMD_SSBD))
114 
++	if (boot_cpu_has(X86_FEATURE_LS_CFG_SSBD))
115 
+ 		wrmsrl(MSR_AMD64_LS_CFG, msrval);
116 
+ }
117 
+
118 
+diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
119 
+index 04362282..945e841 100644
120 
+--- a/arch/x86/kernel/cpu/common.c
121 
+@@ -735,6 +735,9 @@ static void init_speculation_control(struct cpuinfo_x86 *c)
122 
+ 	if (cpu_has(c, X86_FEATURE_INTEL_STIBP))
123 
+ 		set_cpu_cap(c, X86_FEATURE_STIBP);
124 
+
125 
++	if (cpu_has(c, X86_FEATURE_SPEC_CTRL_SSBD))
126 
++		set_cpu_cap(c, X86_FEATURE_SSBD);
127 
++
128 
+ 	if (cpu_has(c, X86_FEATURE_AMD_IBRS)) {
129 
+ 		set_cpu_cap(c, X86_FEATURE_IBRS);
130 
+ 		set_cpu_cap(c, X86_FEATURE_MSR_SPEC_CTRL);
131 
+diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
132 
+index 7f495e8..93781e3 100644
133 
+--- a/arch/x86/kernel/cpu/intel.c
134 
+@@ -156,6 +156,7 @@ static void early_init_intel(struct cpuinfo_x86 *c)
135 
+ 		setup_clear_cpu_cap(X86_FEATURE_MSR_SPEC_CTRL);
136 
+ 		setup_clear_cpu_cap(X86_FEATURE_INTEL_STIBP);
137 
+ 		setup_clear_cpu_cap(X86_FEATURE_SSBD);
138 
++		setup_clear_cpu_cap(X86_FEATURE_SPEC_CTRL_SSBD);
139 
+ 	}
140 
+
141 
+ 	/*
142 
+diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
143 
+index c344230..b3cd08e 100644
144 
+--- a/arch/x86/kernel/process.c
145 
+@@ -207,7 +207,7 @@ static __always_inline void __speculative_store_bypass_update(unsigned long tifn
146 
+ {
147 
+ 	u64 msr;
148 
+
149 
+-	if (static_cpu_has(X86_FEATURE_AMD_SSBD)) {
150 
++	if (static_cpu_has(X86_FEATURE_LS_CFG_SSBD)) {
151 
+ 		msr = x86_amd_ls_cfg_base | ssbd_tif_to_amd_ls_cfg(tifn);
152 
+ 		wrmsrl(MSR_AMD64_LS_CFG, msr);
153 
+ 	} else {
154 
+--
155 
+2.7.4
156 
+
SPECS/linux/speculative-store-bypass/0041-x86-cpu-AMD-Fix-erratum-1076-CPB-bit.patch
History View file @ c3d25b5
0 157 
new file mode 100644
... ... 
@@ -0,0 +1,55 @@
0 
+From be3e692ab1eb72a96b4b46a63384fbe2e5bac2f8 Mon Sep 17 00:00:00 2001
1 
+From: Borislav Petkov <bp@suse.de>
2 
+Date: Thu, 7 Sep 2017 19:08:21 +0200
3 
+Subject: [PATCH 41/54] x86/cpu/AMD: Fix erratum 1076 (CPB bit)
4 
+
5 
+commit f7f3dc00f61261cdc9ccd8b886f21bc4dffd6fd9 upstream
6 
+
7 
+CPUID Fn8000_0007_EDX[CPB] is wrongly 0 on models up to B1. But they do
8 
+support CPB (AMD's Core Performance Boosting cpufreq CPU feature), so fix that.
9 
+
10 
+Signed-off-by: Borislav Petkov <bp@suse.de>
11 
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
12 
+Cc: Peter Zijlstra <peterz@infradead.org>
13 
+Cc: Sherry Hurwitz <sherry.hurwitz@amd.com>
14 
+Cc: Thomas Gleixner <tglx@linutronix.de>
15 
+Link: http://lkml.kernel.org/r/20170907170821.16021-1-bp@alien8.de
16 
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
17 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
18 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
19 
+---
20 
+ arch/x86/kernel/cpu/amd.c | 11 +++++++++++
21 
+ 1 file changed, 11 insertions(+)
22 
+
23 
+diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
24 
+index 179d572..21367b5 100644
25 
+--- a/arch/x86/kernel/cpu/amd.c
26 
+@@ -749,6 +749,16 @@ static void init_amd_bd(struct cpuinfo_x86 *c)
27 
+ 	}
28 
+ }
29 
+
30 
++static void init_amd_zn(struct cpuinfo_x86 *c)
31 
++{
32 
++	/*
33 
++	 * Fix erratum 1076: CPB feature bit not being set in CPUID. It affects
34 
++	 * all up to and including B1.
35 
++	 */
36 
++	if (c->x86_model <= 1 && c->x86_stepping <= 1)
37 
++		set_cpu_cap(c, X86_FEATURE_CPB);
38 
++}
39 
++
40 
+ static void init_amd(struct cpuinfo_x86 *c)
41 
+ {
42 
+ 	u32 dummy;
43 
+@@ -779,6 +789,7 @@ static void init_amd(struct cpuinfo_x86 *c)
44 
+ 	case 0x10: init_amd_gh(c); break;
45 
+ 	case 0x12: init_amd_ln(c); break;
46 
+ 	case 0x15: init_amd_bd(c); break;
47 
++	case 0x17: init_amd_zn(c); break;
48 
+ 	}
49 
+
50 
+ 	/* Enable workaround for FXSAVE leak */
51 
+--
52 
+2.7.4
53 
+
SPECS/linux/speculative-store-bypass/0042-x86-cpufeatures-Add-FEATURE_ZEN.patch
History View file @ c3d25b5
0 54 
new file mode 100644
... ... 
@@ -0,0 +1,48 @@
0 
+From 3532efa1474efa07d13c3b8022bc84e07f94b55b Mon Sep 17 00:00:00 2001
1 
+From: Thomas Gleixner <tglx@linutronix.de>
2 
+Date: Thu, 10 May 2018 16:26:00 +0200
3 
+Subject: [PATCH 42/54] x86/cpufeatures: Add FEATURE_ZEN
4 
+
5 
+commit d1035d971829dcf80e8686ccde26f94b0a069472 upstream
6 
+
7 
+Add a ZEN feature bit so family-dependent static_cpu_has() optimizations
8 
+can be built for ZEN.
9 
+
10 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
11 
+Reviewed-by: Borislav Petkov <bp@suse.de>
12 
+Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
13 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
14 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
15 
+---
16 
+ arch/x86/include/asm/cpufeatures.h | 2 ++
17 
+ arch/x86/kernel/cpu/amd.c          | 1 +
18 
+ 2 files changed, 3 insertions(+)
19 
+
20 
+diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
21 
+index d071767..ec87b8c 100644
22 
+--- a/arch/x86/include/asm/cpufeatures.h
23 
+@@ -212,6 +212,8 @@
24 
+ #define X86_FEATURE_IBRS	( 7*32+25) /* Indirect Branch Restricted Speculation */
25 
+ #define X86_FEATURE_IBPB	( 7*32+26) /* Indirect Branch Prediction Barrier */
26 
+ #define X86_FEATURE_STIBP	( 7*32+27) /* Single Thread Indirect Branch Predictors */
27 
++#define X86_FEATURE_ZEN		( 7*32+28) /* "" CPU is AMD family 0x17 (Zen) */
28 
++
29 
+
30 
+ /* Virtualization flags: Linux defined, word 8 */
31 
+ #define X86_FEATURE_TPR_SHADOW  ( 8*32+ 0) /* Intel TPR Shadow */
32 
+diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
33 
+index 21367b5..4c2be99 100644
34 
+--- a/arch/x86/kernel/cpu/amd.c
35 
+@@ -751,6 +751,7 @@ static void init_amd_bd(struct cpuinfo_x86 *c)
36 
+
37 
+ static void init_amd_zn(struct cpuinfo_x86 *c)
38 
+ {
39 
++	set_cpu_cap(c, X86_FEATURE_ZEN);
40 
+ 	/*
41 
+ 	 * Fix erratum 1076: CPB feature bit not being set in CPUID. It affects
42 
+ 	 * all up to and including B1.
43 
+--
44 
+2.7.4
45 
+
SPECS/linux/speculative-store-bypass/0043-x86-speculation-Handle-HT-correctly-on-AMD.patch
History View file @ c3d25b5
0 46 
new file mode 100644
... ... 
@@ -0,0 +1,240 @@
0 
+From dd42e8f6dc439a771e8864502f1404ecec2b031b Mon Sep 17 00:00:00 2001
1 
+From: Thomas Gleixner <tglx@linutronix.de>
2 
+Date: Wed, 9 May 2018 21:53:09 +0200
3 
+Subject: [PATCH 43/54] x86/speculation: Handle HT correctly on AMD
4 
+
5 
+commit 1f50ddb4f4189243c05926b842dc1a0332195f31 upstream
6 
+
7 
+The AMD64_LS_CFG MSR is a per core MSR on Family 17H CPUs. That means when
8 
+hyperthreading is enabled the SSBD bit toggle needs to take both cores into
9 
+account. Otherwise the following situation can happen:
10 
+
11 
+CPU0		CPU1
12 
+
13 
+disable SSB
14 
+		disable SSB
15 
+		enable  SSB <- Enables it for the Core, i.e. for CPU0 as well
16 
+
17 
+So after the SSB enable on CPU1 the task on CPU0 runs with SSB enabled
18 
+again.
19 
+
20 
+On Intel the SSBD control is per core as well, but the synchronization
21 
+logic is implemented behind the per thread SPEC_CTRL MSR. It works like
22 
+this:
23 
+
24 
+  CORE_SPEC_CTRL = THREAD0_SPEC_CTRL | THREAD1_SPEC_CTRL
25 
+
26 
+i.e. if one of the threads enables a mitigation then this affects both and
27 
+the mitigation is only disabled in the core when both threads disabled it.
28 
+
29 
+Add the necessary synchronization logic for AMD family 17H. Unfortunately
30 
+that requires a spinlock to serialize the access to the MSR, but the locks
31 
+are only shared between siblings.
32 
+
33 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
34 
+Reviewed-by: Borislav Petkov <bp@suse.de>
35 
+Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
36 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
37 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
38 
+---
39 
+ arch/x86/include/asm/spec-ctrl.h |   6 ++
40 
+ arch/x86/kernel/process.c        | 125 +++++++++++++++++++++++++++++++++++++--
41 
+ arch/x86/kernel/smpboot.c        |   5 ++
42 
+ 3 files changed, 130 insertions(+), 6 deletions(-)
43 
+
44 
+diff --git a/arch/x86/include/asm/spec-ctrl.h b/arch/x86/include/asm/spec-ctrl.h
45 
+index dc21209..0cb49c4 100644
46 
+--- a/arch/x86/include/asm/spec-ctrl.h
47 
+@@ -33,6 +33,12 @@ static inline u64 ssbd_tif_to_amd_ls_cfg(u64 tifn)
48 
+ 	return (tifn & _TIF_SSBD) ? x86_amd_ls_cfg_ssbd_mask : 0ULL;
49 
+ }
50 
+
51 
++#ifdef CONFIG_SMP
52 
++extern void speculative_store_bypass_ht_init(void);
53 
++#else
54 
++static inline void speculative_store_bypass_ht_init(void) { }
55 
++#endif
56 
++
57 
+ extern void speculative_store_bypass_update(void);
58 
+
59 
+ #endif
60 
+diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
61 
+index b3cd08e..1e9d155 100644
62 
+--- a/arch/x86/kernel/process.c
63 
+@@ -203,22 +203,135 @@ static inline void switch_to_bitmap(struct tss_struct *tss,
64 
+ 	}
65 
+ }
66 
+
67 
+-static __always_inline void __speculative_store_bypass_update(unsigned long tifn)
68 
++#ifdef CONFIG_SMP
69 
++
70 
++struct ssb_state {
71 
++	struct ssb_state	*shared_state;
72 
++	raw_spinlock_t		lock;
73 
++	unsigned int		disable_state;
74 
++	unsigned long		local_state;
75 
++};
76 
++
77 
++#define LSTATE_SSB	0
78 
++
79 
++static DEFINE_PER_CPU(struct ssb_state, ssb_state);
80 
++
81 
++void speculative_store_bypass_ht_init(void)
82 
+ {
83 
+-	u64 msr;
84 
++	struct ssb_state *st = this_cpu_ptr(&ssb_state);
85 
++	unsigned int this_cpu = smp_processor_id();
86 
++	unsigned int cpu;
87 
++
88 
++	st->local_state = 0;
89 
++
90 
++	/*
91 
++	 * Shared state setup happens once on the first bringup
92 
++	 * of the CPU. It's not destroyed on CPU hotunplug.
93 
++	 */
94 
++	if (st->shared_state)
95 
++		return;
96 
++
97 
++	raw_spin_lock_init(&st->lock);
98 
+
99 
+-	if (static_cpu_has(X86_FEATURE_LS_CFG_SSBD)) {
100 
+-		msr = x86_amd_ls_cfg_base | ssbd_tif_to_amd_ls_cfg(tifn);
101 
++	/*
102 
++	 * Go over HT siblings and check whether one of them has set up the
103 
++	 * shared state pointer already.
104 
++	 */
105 
++	for_each_cpu(cpu, topology_sibling_cpumask(this_cpu)) {
106 
++		if (cpu == this_cpu)
107 
++			continue;
108 
++
109 
++		if (!per_cpu(ssb_state, cpu).shared_state)
110 
++			continue;
111 
++
112 
++		/* Link it to the state of the sibling: */
113 
++		st->shared_state = per_cpu(ssb_state, cpu).shared_state;
114 
++		return;
115 
++	}
116 
++
117 
++	/*
118 
++	 * First HT sibling to come up on the core.  Link shared state of
119 
++	 * the first HT sibling to itself. The siblings on the same core
120 
++	 * which come up later will see the shared state pointer and link
121 
++	 * themself to the state of this CPU.
122 
++	 */
123 
++	st->shared_state = st;
124 
++}
125 
++
126 
++/*
127 
++ * Logic is: First HT sibling enables SSBD for both siblings in the core
128 
++ * and last sibling to disable it, disables it for the whole core. This how
129 
++ * MSR_SPEC_CTRL works in "hardware":
130 
++ *
131 
++ *  CORE_SPEC_CTRL = THREAD0_SPEC_CTRL | THREAD1_SPEC_CTRL
132 
++ */
133 
++static __always_inline void amd_set_core_ssb_state(unsigned long tifn)
134 
++{
135 
++	struct ssb_state *st = this_cpu_ptr(&ssb_state);
136 
++	u64 msr = x86_amd_ls_cfg_base;
137 
++
138 
++	if (!static_cpu_has(X86_FEATURE_ZEN)) {
139 
++		msr |= ssbd_tif_to_amd_ls_cfg(tifn);
140 
+ 		wrmsrl(MSR_AMD64_LS_CFG, msr);
141 
++		return;
142 
++	}
143 
++
144 
++	if (tifn & _TIF_SSBD) {
145 
++		/*
146 
++		 * Since this can race with prctl(), block reentry on the
147 
++		 * same CPU.
148 
++		 */
149 
++		if (__test_and_set_bit(LSTATE_SSB, &st->local_state))
150 
++			return;
151 
++
152 
++		msr |= x86_amd_ls_cfg_ssbd_mask;
153 
++
154 
++		raw_spin_lock(&st->shared_state->lock);
155 
++		/* First sibling enables SSBD: */
156 
++		if (!st->shared_state->disable_state)
157 
++			wrmsrl(MSR_AMD64_LS_CFG, msr);
158 
++		st->shared_state->disable_state++;
159 
++		raw_spin_unlock(&st->shared_state->lock);
160 
+ 	} else {
161 
+-		msr = x86_spec_ctrl_base | ssbd_tif_to_spec_ctrl(tifn);
162 
+-		wrmsrl(MSR_IA32_SPEC_CTRL, msr);
163 
++		if (!__test_and_clear_bit(LSTATE_SSB, &st->local_state))
164 
++			return;
165 
++
166 
++		raw_spin_lock(&st->shared_state->lock);
167 
++		st->shared_state->disable_state--;
168 
++		if (!st->shared_state->disable_state)
169 
++			wrmsrl(MSR_AMD64_LS_CFG, msr);
170 
++		raw_spin_unlock(&st->shared_state->lock);
171 
+ 	}
172 
+ }
173 
++#else
174 
++static __always_inline void amd_set_core_ssb_state(unsigned long tifn)
175 
++{
176 
++	u64 msr = x86_amd_ls_cfg_base | ssbd_tif_to_amd_ls_cfg(tifn);
177 
++
178 
++	wrmsrl(MSR_AMD64_LS_CFG, msr);
179 
++}
180 
++#endif
181 
++
182 
++static __always_inline void intel_set_ssb_state(unsigned long tifn)
183 
++{
184 
++	u64 msr = x86_spec_ctrl_base | ssbd_tif_to_spec_ctrl(tifn);
185 
++
186 
++	wrmsrl(MSR_IA32_SPEC_CTRL, msr);
187 
++}
188 
++
189 
++static __always_inline void __speculative_store_bypass_update(unsigned long tifn)
190 
++{
191 
++	if (static_cpu_has(X86_FEATURE_LS_CFG_SSBD))
192 
++		amd_set_core_ssb_state(tifn);
193 
++	else
194 
++		intel_set_ssb_state(tifn);
195 
++}
196 
+
197 
+ void speculative_store_bypass_update(void)
198 
+ {
199 
++	preempt_disable();
200 
+ 	__speculative_store_bypass_update(current_thread_info()->flags);
201 
++	preempt_enable();
202 
+ }
203 
+
204 
+ void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p,
205 
+diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
206 
+index 83929cc4..cb94514 100644
207 
+--- a/arch/x86/kernel/smpboot.c
208 
+@@ -75,6 +75,7 @@
209 
+ #include <asm/i8259.h>
210 
+ #include <asm/realmode.h>
211 
+ #include <asm/misc.h>
212 
++#include <asm/spec-ctrl.h>
213 
+
214 
+ /* Number of siblings per CPU package */
215 
+ int smp_num_siblings = 1;
216 
+@@ -229,6 +230,8 @@ static void notrace start_secondary(void *unused)
217 
+ 	 */
218 
+ 	check_tsc_sync_target();
219 
+
220 
++	speculative_store_bypass_ht_init();
221 
++
222 
+ 	/*
223 
+ 	 * Lock vector_lock and initialize the vectors on this cpu
224 
+ 	 * before setting the cpu online. We must set it online with
225 
+@@ -1325,6 +1328,8 @@ void __init native_smp_prepare_cpus(unsigned int max_cpus)
226 
+ 	set_mtrr_aps_delayed_init();
227 
+
228 
+ 	smp_quirk_init_udelay();
229 
++
230 
++	speculative_store_bypass_ht_init();
231 
+ }
232 
+
233 
+ void arch_enable_nonboot_cpus_begin(void)
234 
+--
235 
+2.7.4
236 
+
SPECS/linux/speculative-store-bypass/0044-x86-bugs-KVM-Extend-speculation-control-for-VIRT_SPE.patch
History View file @ c3d25b5
0 237 
new file mode 100644
... ... 
@@ -0,0 +1,163 @@
0 
+From 56e877154f4bae42342edf644f77d446e102690d Mon Sep 17 00:00:00 2001
1 
+From: Thomas Gleixner <tglx@linutronix.de>
2 
+Date: Wed, 9 May 2018 23:01:01 +0200
3 
+Subject: [PATCH 44/54] x86/bugs, KVM: Extend speculation control for
4 
+ VIRT_SPEC_CTRL
5 
+
6 
+commit ccbcd2674472a978b48c91c1fbfb66c0ff959f24 upstream
7 
+
8 
+AMD is proposing a VIRT_SPEC_CTRL MSR to handle the Speculative Store
9 
+Bypass Disable via MSR_AMD64_LS_CFG so that guests do not have to care
10 
+about the bit position of the SSBD bit and thus facilitate migration.
11 
+Also, the sibling coordination on Family 17H CPUs can only be done on
12 
+the host.
13 
+
14 
+Extend x86_spec_ctrl_set_guest() and x86_spec_ctrl_restore_host() with an
15 
+extra argument for the VIRT_SPEC_CTRL MSR.
16 
+
17 
+Hand in 0 from VMX and in SVM add a new virt_spec_ctrl member to the CPU
18 
+data structure which is going to be used in later patches for the actual
19 
+implementation.
20 
+
21 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
22 
+Reviewed-by: Borislav Petkov <bp@suse.de>
23 
+Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
24 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
25 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
26 
+---
27 
+ arch/x86/include/asm/spec-ctrl.h |  9 ++++++---
28 
+ arch/x86/kernel/cpu/bugs.c       | 20 ++++++++++++++++++--
29 
+ arch/x86/kvm/svm.c               | 11 +++++++++--
30 
+ arch/x86/kvm/vmx.c               |  5 +++--
31 
+ 4 files changed, 36 insertions(+), 9 deletions(-)
32 
+
33 
+diff --git a/arch/x86/include/asm/spec-ctrl.h b/arch/x86/include/asm/spec-ctrl.h
34 
+index 0cb49c4..6e28740 100644
35 
+--- a/arch/x86/include/asm/spec-ctrl.h
36 
+@@ -10,10 +10,13 @@
37 
+  * the guest has, while on VMEXIT we restore the host view. This
38 
+  * would be easier if SPEC_CTRL were architecturally maskable or
39 
+  * shadowable for guests but this is not (currently) the case.
40 
+- * Takes the guest view of SPEC_CTRL MSR as a parameter.
41 
++ * Takes the guest view of SPEC_CTRL MSR as a parameter and also
42 
++ * the guest's version of VIRT_SPEC_CTRL, if emulated.
43 
+  */
44 
+-extern void x86_spec_ctrl_set_guest(u64);
45 
+-extern void x86_spec_ctrl_restore_host(u64);
46 
++extern void x86_spec_ctrl_set_guest(u64 guest_spec_ctrl,
47 
++				    u64 guest_virt_spec_ctrl);
48 
++extern void x86_spec_ctrl_restore_host(u64 guest_spec_ctrl,
49 
++				       u64 guest_virt_spec_ctrl);
50 
+
51 
+ /* AMD specific Speculative Store Bypass MSR data */
52 
+ extern u64 x86_amd_ls_cfg_base;
53 
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
54 
+index 15a6c58..d00e246 100644
55 
+--- a/arch/x86/kernel/cpu/bugs.c
56 
+@@ -150,7 +150,15 @@ u64 x86_spec_ctrl_get_default(void)
57 
+ }
58 
+ EXPORT_SYMBOL_GPL(x86_spec_ctrl_get_default);
59 
+
60 
+-void x86_spec_ctrl_set_guest(u64 guest_spec_ctrl)
61 
++/**
62 
++ * x86_spec_ctrl_set_guest - Set speculation control registers for the guest
63 
++ * @guest_spec_ctrl:		The guest content of MSR_SPEC_CTRL
64 
++ * @guest_virt_spec_ctrl:	The guest controlled bits of MSR_VIRT_SPEC_CTRL
65 
++ *				(may get translated to MSR_AMD64_LS_CFG bits)
66 
++ *
67 
++ * Avoids writing to the MSR if the content/bits are the same
68 
++ */
69 
++void x86_spec_ctrl_set_guest(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl)
70 
+ {
71 
+ 	u64 host = x86_spec_ctrl_base;
72 
+
73 
+@@ -167,7 +175,15 @@ void x86_spec_ctrl_set_guest(u64 guest_spec_ctrl)
74 
+ }
75 
+ EXPORT_SYMBOL_GPL(x86_spec_ctrl_set_guest);
76 
+
77 
+-void x86_spec_ctrl_restore_host(u64 guest_spec_ctrl)
78 
++/**
79 
++ * x86_spec_ctrl_restore_host - Restore host speculation control registers
80 
++ * @guest_spec_ctrl:		The guest content of MSR_SPEC_CTRL
81 
++ * @guest_virt_spec_ctrl:	The guest controlled bits of MSR_VIRT_SPEC_CTRL
82 
++ *				(may get translated to MSR_AMD64_LS_CFG bits)
83 
++ *
84 
++ * Avoids writing to the MSR if the content/bits are the same
85 
++ */
86 
++void x86_spec_ctrl_restore_host(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl)
87 
+ {
88 
+ 	u64 host = x86_spec_ctrl_base;
89 
+
90 
+diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
91 
+index d1a4321..57c96f1 100644
92 
+--- a/arch/x86/kvm/svm.c
93 
+@@ -185,6 +185,12 @@ struct vcpu_svm {
94 
+ 	} host;
95 
+
96 
+ 	u64 spec_ctrl;
97 
++	/*
98 
++	 * Contains guest-controlled bits of VIRT_SPEC_CTRL, which will be
99 
++	 * translated into the appropriate L2_CFG bits on the host to
100 
++	 * perform speculative control.
101 
++	 */
102 
++	u64 virt_spec_ctrl;
103 
+
104 
+ 	u32 *msrpm;
105 
+
106 
+@@ -1561,6 +1567,7 @@ static void svm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)
107 
+ 	u32 eax = 1;
108 
+
109 
+ 	svm->spec_ctrl = 0;
110 
++	svm->virt_spec_ctrl = 0;
111 
+
112 
+ 	if (!init_event) {
113 
+ 		svm->vcpu.arch.apic_base = APIC_DEFAULT_PHYS_BASE |
114 
+@@ -4917,7 +4924,7 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
115 
+ 	 * is no need to worry about the conditional branch over the wrmsr
116 
+ 	 * being speculatively taken.
117 
+ 	 */
118 
+-	x86_spec_ctrl_set_guest(svm->spec_ctrl);
119 
++	x86_spec_ctrl_set_guest(svm->spec_ctrl, svm->virt_spec_ctrl);
120 
+
121 
+ 	asm volatile (
122 
+ 		"push %%" _ASM_BP "; \n\t"
123 
+@@ -5041,7 +5048,7 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
124 
+ 	if (unlikely(!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL)))
125 
+ 		svm->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL);
126 
+
127 
+-	x86_spec_ctrl_restore_host(svm->spec_ctrl);
128 
++	x86_spec_ctrl_restore_host(svm->spec_ctrl, svm->virt_spec_ctrl);
129 
+
130 
+ 	reload_tss(vcpu);
131 
+
132 
+diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
133 
+index 874b661..f1d158a 100644
134 
+--- a/arch/x86/kvm/vmx.c
135 
+@@ -8916,9 +8916,10 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
136 
+ 	 * is no need to worry about the conditional branch over the wrmsr
137 
+ 	 * being speculatively taken.
138 
+ 	 */
139 
+-	x86_spec_ctrl_set_guest(vmx->spec_ctrl);
140 
++	x86_spec_ctrl_set_guest(vmx->spec_ctrl, 0);
141 
+
142 
+ 	vmx->__launched = vmx->loaded_vmcs->launched;
143 
++
144 
+ 	asm(
145 
+ 		/* Store host registers */
146 
+ 		"push %%" _ASM_DX "; push %%" _ASM_BP ";"
147 
+@@ -9054,7 +9055,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
148 
+ 	if (unlikely(!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL)))
149 
+ 		vmx->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL);
150 
+
151 
+-	x86_spec_ctrl_restore_host(vmx->spec_ctrl);
152 
++	x86_spec_ctrl_restore_host(vmx->spec_ctrl, 0);
153 
+
154 
+ 	/* Eliminate branch target predictions from guest mode */
155 
+ 	vmexit_fill_RSB();
156 
+--
157 
+2.7.4
158 
+
SPECS/linux/speculative-store-bypass/0045-x86-speculation-Add-virtualized-speculative-store-by.patch
History View file @ c3d25b5
0 159 
new file mode 100644
... ... 
@@ -0,0 +1,104 @@
0 
+From 1aa0d4cbe3810b3161bad906163e198bb6f3f753 Mon Sep 17 00:00:00 2001
1 
+From: Tom Lendacky <thomas.lendacky@amd.com>
2 
+Date: Thu, 17 May 2018 17:09:18 +0200
3 
+Subject: [PATCH 45/54] x86/speculation: Add virtualized speculative store
4 
+ bypass disable support
5 
+
6 
+commit 11fb0683493b2da112cd64c9dada221b52463bf7 upstream
7 
+
8 
+Some AMD processors only support a non-architectural means of enabling
9 
+speculative store bypass disable (SSBD).  To allow a simplified view of
10 
+this to a guest, an architectural definition has been created through a new
11 
+CPUID bit, 0x80000008_EBX[25], and a new MSR, 0xc001011f.  With this, a
12 
+hypervisor can virtualize the existence of this definition and provide an
13 
+architectural method for using SSBD to a guest.
14 
+
15 
+Add the new CPUID feature, the new MSR and update the existing SSBD
16 
+support to use this MSR when present.
17 
+
18 
+Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
19 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
20 
+Reviewed-by: Borislav Petkov <bp@suse.de>
21 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
22 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
23 
+---
24 
+ arch/x86/include/asm/cpufeatures.h |  1 +
25 
+ arch/x86/include/asm/msr-index.h   |  2 ++
26 
+ arch/x86/kernel/cpu/bugs.c         |  4 +++-
27 
+ arch/x86/kernel/process.c          | 13 ++++++++++++-
28 
+ 4 files changed, 18 insertions(+), 2 deletions(-)
29 
+
30 
+diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
31 
+index ec87b8c..c278f27 100644
32 
+--- a/arch/x86/include/asm/cpufeatures.h
33 
+@@ -274,6 +274,7 @@
34 
+ #define X86_FEATURE_AMD_IBPB	(13*32+12) /* Indirect Branch Prediction Barrier */
35 
+ #define X86_FEATURE_AMD_IBRS	(13*32+14) /* Indirect Branch Restricted Speculation */
36 
+ #define X86_FEATURE_AMD_STIBP	(13*32+15) /* Single Thread Indirect Branch Predictors */
37 
++#define X86_FEATURE_VIRT_SSBD	(13*32+25) /* Virtualized Speculative Store Bypass Disable */
38 
+
39 
+ /* Thermal and Power Management Leaf, CPUID level 0x00000006 (eax), word 14 */
40 
+ #define X86_FEATURE_DTHERM	(14*32+ 0) /* Digital Thermal Sensor */
41 
+diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
42 
+index b67d57e..9fd9dcf 100644
43 
+--- a/arch/x86/include/asm/msr-index.h
44 
+@@ -323,6 +323,8 @@
45 
+ #define MSR_AMD64_IBSOPDATA4		0xc001103d
46 
+ #define MSR_AMD64_IBS_REG_COUNT_MAX	8 /* includes MSR_AMD64_IBSBRTARGET */
47 
+
48 
++#define MSR_AMD64_VIRT_SPEC_CTRL	0xc001011f
49 
++
50 
+ /* Fam 17h MSRs */
51 
+ #define MSR_F17H_IRPERF			0xc00000e9
52 
+
53 
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
54 
+index d00e246..97987b5 100644
55 
+--- a/arch/x86/kernel/cpu/bugs.c
56 
+@@ -204,7 +204,9 @@ static void x86_amd_ssb_disable(void)
57 
+ {
58 
+ 	u64 msrval = x86_amd_ls_cfg_base | x86_amd_ls_cfg_ssbd_mask;
59 
+
60 
+-	if (boot_cpu_has(X86_FEATURE_LS_CFG_SSBD))
61 
++	if (boot_cpu_has(X86_FEATURE_VIRT_SSBD))
62 
++		wrmsrl(MSR_AMD64_VIRT_SPEC_CTRL, SPEC_CTRL_SSBD);
63 
++	else if (boot_cpu_has(X86_FEATURE_LS_CFG_SSBD))
64 
+ 		wrmsrl(MSR_AMD64_LS_CFG, msrval);
65 
+ }
66 
+
67 
+diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
68 
+index 1e9d155..6d9e1ee 100644
69 
+--- a/arch/x86/kernel/process.c
70 
+@@ -312,6 +312,15 @@ static __always_inline void amd_set_core_ssb_state(unsigned long tifn)
71 
+ }
72 
+ #endif
73 
+
74 
++static __always_inline void amd_set_ssb_virt_state(unsigned long tifn)
75 
++{
76 
++	/*
77 
++	 * SSBD has the same definition in SPEC_CTRL and VIRT_SPEC_CTRL,
78 
++	 * so ssbd_tif_to_spec_ctrl() just works.
79 
++	 */
80 
++	wrmsrl(MSR_AMD64_VIRT_SPEC_CTRL, ssbd_tif_to_spec_ctrl(tifn));
81 
++}
82 
++
83 
+ static __always_inline void intel_set_ssb_state(unsigned long tifn)
84 
+ {
85 
+ 	u64 msr = x86_spec_ctrl_base | ssbd_tif_to_spec_ctrl(tifn);
86 
+@@ -321,7 +330,9 @@ static __always_inline void intel_set_ssb_state(unsigned long tifn)
87 
+
88 
+ static __always_inline void __speculative_store_bypass_update(unsigned long tifn)
89 
+ {
90 
+-	if (static_cpu_has(X86_FEATURE_LS_CFG_SSBD))
91 
++	if (static_cpu_has(X86_FEATURE_VIRT_SSBD))
92 
++		amd_set_ssb_virt_state(tifn);
93 
++	else if (static_cpu_has(X86_FEATURE_LS_CFG_SSBD))
94 
+ 		amd_set_core_ssb_state(tifn);
95 
+ 	else
96 
+ 		intel_set_ssb_state(tifn);
97 
+--
98 
+2.7.4
99 
+
SPECS/linux/speculative-store-bypass/0046-x86-speculation-Rework-speculative_store_bypass_upda.patch
History View file @ c3d25b5
0 100 
new file mode 100644
... ... 
@@ -0,0 +1,75 @@
0 
+From 5be915f638a3c90d5b8ee435f586377438bd4c05 Mon Sep 17 00:00:00 2001
1 
+From: Thomas Gleixner <tglx@linutronix.de>
2 
+Date: Thu, 10 May 2018 20:31:44 +0200
3 
+Subject: [PATCH 46/54] x86/speculation: Rework
4 
+ speculative_store_bypass_update()
5 
+
6 
+commit 0270be3e34efb05a88bc4c422572ece038ef3608 upstream
7 
+
8 
+The upcoming support for the virtual SPEC_CTRL MSR on AMD needs to reuse
9 
+speculative_store_bypass_update() to avoid code duplication. Add an
10 
+argument for supplying a thread info (TIF) value and create a wrapper
11 
+speculative_store_bypass_update_current() which is used at the existing
12 
+call site.
13 
+
14 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
15 
+Reviewed-by: Borislav Petkov <bp@suse.de>
16 
+Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
17 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
18 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
19 
+---
20 
+ arch/x86/include/asm/spec-ctrl.h | 7 ++++++-
21 
+ arch/x86/kernel/cpu/bugs.c       | 2 +-
22 
+ arch/x86/kernel/process.c        | 4 ++--
23 
+ 3 files changed, 9 insertions(+), 4 deletions(-)
24 
+
25 
+diff --git a/arch/x86/include/asm/spec-ctrl.h b/arch/x86/include/asm/spec-ctrl.h
26 
+index 6e28740..82b6c5a 100644
27 
+--- a/arch/x86/include/asm/spec-ctrl.h
28 
+@@ -42,6 +42,11 @@ extern void speculative_store_bypass_ht_init(void);
29 
+ static inline void speculative_store_bypass_ht_init(void) { }
30 
+ #endif
31 
+
32 
+-extern void speculative_store_bypass_update(void);
33 
++extern void speculative_store_bypass_update(unsigned long tif);
34 
++
35 
++static inline void speculative_store_bypass_update_current(void)
36 
++{
37 
++	speculative_store_bypass_update(current_thread_info()->flags);
38 
++}
39 
+
40 
+ #endif
41 
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
42 
+index 97987b5..eddbdc8 100644
43 
+--- a/arch/x86/kernel/cpu/bugs.c
44 
+@@ -597,7 +597,7 @@ static int ssb_prctl_set(struct task_struct *task, unsigned long ctrl)
45 
+ 	 * mitigation until it is next scheduled.
46 
+ 	 */
47 
+ 	if (task == current && update)
48 
+-		speculative_store_bypass_update();
49 
++		speculative_store_bypass_update_current();
50 
+
51 
+ 	return 0;
52 
+ }
53 
+diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
54 
+index 6d9e1ee..00a9047 100644
55 
+--- a/arch/x86/kernel/process.c
56 
+@@ -338,10 +338,10 @@ static __always_inline void __speculative_store_bypass_update(unsigned long tifn
57 
+ 		intel_set_ssb_state(tifn);
58 
+ }
59 
+
60 
+-void speculative_store_bypass_update(void)
61 
++void speculative_store_bypass_update(unsigned long tif)
62 
+ {
63 
+ 	preempt_disable();
64 
+-	__speculative_store_bypass_update(current_thread_info()->flags);
65 
++	__speculative_store_bypass_update(tif);
66 
+ 	preempt_enable();
67 
+ }
68 
+
69 
+--
70 
+2.7.4
71 
+
SPECS/linux/speculative-store-bypass/0047-x86-bugs-Unify-x86_spec_ctrl_-set_guest-restore_host.patch
History View file @ c3d25b5
0 72 
new file mode 100644
... ... 
@@ -0,0 +1,145 @@
0 
+From 7b74e5e60aab9eb69f6e7df757292da84bdbee36 Mon Sep 17 00:00:00 2001
1 
+From: Borislav Petkov <bp@suse.de>
2 
+Date: Sat, 12 May 2018 00:14:51 +0200
3 
+Subject: [PATCH 47/54] x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
4 
+
5 
+commit cc69b34989210f067b2c51d5539b5f96ebcc3a01 upstream
6 
+
7 
+Function bodies are very similar and are going to grow more almost
8 
+identical code. Add a bool arg to determine whether SPEC_CTRL is being set
9 
+for the guest or restored to the host.
10 
+
11 
+No functional changes.
12 
+
13 
+Signed-off-by: Borislav Petkov <bp@suse.de>
14 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
15 
+Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
16 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
17 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
18 
+---
19 
+ arch/x86/include/asm/spec-ctrl.h | 33 +++++++++++++++++++---
20 
+ arch/x86/kernel/cpu/bugs.c       | 60 ++++++++++------------------------------
21 
+ 2 files changed, 44 insertions(+), 49 deletions(-)
22 
+
23 
+diff --git a/arch/x86/include/asm/spec-ctrl.h b/arch/x86/include/asm/spec-ctrl.h
24 
+index 82b6c5a..9cecbe5 100644
25 
+--- a/arch/x86/include/asm/spec-ctrl.h
26 
+@@ -13,10 +13,35 @@
27 
+  * Takes the guest view of SPEC_CTRL MSR as a parameter and also
28 
+  * the guest's version of VIRT_SPEC_CTRL, if emulated.
29 
+  */
30 
+-extern void x86_spec_ctrl_set_guest(u64 guest_spec_ctrl,
31 
+-				    u64 guest_virt_spec_ctrl);
32 
+-extern void x86_spec_ctrl_restore_host(u64 guest_spec_ctrl,
33 
+-				       u64 guest_virt_spec_ctrl);
34 
++extern void x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool guest);
35 
++
36 
++/**
37 
++ * x86_spec_ctrl_set_guest - Set speculation control registers for the guest
38 
++ * @guest_spec_ctrl:		The guest content of MSR_SPEC_CTRL
39 
++ * @guest_virt_spec_ctrl:	The guest controlled bits of MSR_VIRT_SPEC_CTRL
40 
++ *				(may get translated to MSR_AMD64_LS_CFG bits)
41 
++ *
42 
++ * Avoids writing to the MSR if the content/bits are the same
43 
++ */
44 
++static inline
45 
++void x86_spec_ctrl_set_guest(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl)
46 
++{
47 
++	x86_virt_spec_ctrl(guest_spec_ctrl, guest_virt_spec_ctrl, true);
48 
++}
49 
++
50 
++/**
51 
++ * x86_spec_ctrl_restore_host - Restore host speculation control registers
52 
++ * @guest_spec_ctrl:		The guest content of MSR_SPEC_CTRL
53 
++ * @guest_virt_spec_ctrl:	The guest controlled bits of MSR_VIRT_SPEC_CTRL
54 
++ *				(may get translated to MSR_AMD64_LS_CFG bits)
55 
++ *
56 
++ * Avoids writing to the MSR if the content/bits are the same
57 
++ */
58 
++static inline
59 
++void x86_spec_ctrl_restore_host(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl)
60 
++{
61 
++	x86_virt_spec_ctrl(guest_spec_ctrl, guest_virt_spec_ctrl, false);
62 
++}
63 
+
64 
+ /* AMD specific Speculative Store Bypass MSR data */
65 
+ extern u64 x86_amd_ls_cfg_base;
66 
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
67 
+index eddbdc8..9203150 100644
68 
+--- a/arch/x86/kernel/cpu/bugs.c
69 
+@@ -150,55 +150,25 @@ u64 x86_spec_ctrl_get_default(void)
70 
+ }
71 
+ EXPORT_SYMBOL_GPL(x86_spec_ctrl_get_default);
72 
+
73 
+-/**
74 
+- * x86_spec_ctrl_set_guest - Set speculation control registers for the guest
75 
+- * @guest_spec_ctrl:		The guest content of MSR_SPEC_CTRL
76 
+- * @guest_virt_spec_ctrl:	The guest controlled bits of MSR_VIRT_SPEC_CTRL
77 
+- *				(may get translated to MSR_AMD64_LS_CFG bits)
78 
+- *
79 
+- * Avoids writing to the MSR if the content/bits are the same
80 
+- */
81 
+-void x86_spec_ctrl_set_guest(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl)
82 
++void
83 
++x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool setguest)
84 
+ {
85 
+-	u64 host = x86_spec_ctrl_base;
86 
++	struct thread_info *ti = current_thread_info();
87 
++	u64 msr, host = x86_spec_ctrl_base;
88 
+
89 
+ 	/* Is MSR_SPEC_CTRL implemented ? */
90 
+-	if (!static_cpu_has(X86_FEATURE_MSR_SPEC_CTRL))
91 
+-		return;
92 
+-
93 
+-	/* SSBD controlled in MSR_SPEC_CTRL */
94 
+-	if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD))
95 
+-		host |= ssbd_tif_to_spec_ctrl(current_thread_info()->flags);
96 
+-
97 
+-	if (host != guest_spec_ctrl)
98 
+-		wrmsrl(MSR_IA32_SPEC_CTRL, guest_spec_ctrl);
99 
+-}
100 
+-EXPORT_SYMBOL_GPL(x86_spec_ctrl_set_guest);
101 
+-
102 
+-/**
103 
+- * x86_spec_ctrl_restore_host - Restore host speculation control registers
104 
+- * @guest_spec_ctrl:		The guest content of MSR_SPEC_CTRL
105 
+- * @guest_virt_spec_ctrl:	The guest controlled bits of MSR_VIRT_SPEC_CTRL
106 
+- *				(may get translated to MSR_AMD64_LS_CFG bits)
107 
+- *
108 
+- * Avoids writing to the MSR if the content/bits are the same
109 
+- */
110 
+-void x86_spec_ctrl_restore_host(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl)
111 
+-{
112 
+-	u64 host = x86_spec_ctrl_base;
113 
+-
114 
+-	/* Is MSR_SPEC_CTRL implemented ? */
115 
+-	if (!static_cpu_has(X86_FEATURE_MSR_SPEC_CTRL))
116 
+-		return;
117 
+-
118 
+-	/* SSBD controlled in MSR_SPEC_CTRL */
119 
+-	if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD))
120 
+-		host |= ssbd_tif_to_spec_ctrl(current_thread_info()->flags);
121 
+-
122 
+-	if (host != guest_spec_ctrl)
123 
+-		wrmsrl(MSR_IA32_SPEC_CTRL, host);
124 
++	if (static_cpu_has(X86_FEATURE_MSR_SPEC_CTRL)) {
125 
++		/* SSBD controlled in MSR_SPEC_CTRL */
126 
++		if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD))
127 
++			host |= ssbd_tif_to_spec_ctrl(ti->flags);
128 
++
129 
++		if (host != guest_spec_ctrl) {
130 
++			msr = setguest ? guest_spec_ctrl : host;
131 
++			wrmsrl(MSR_IA32_SPEC_CTRL, msr);
132 
++		}
133 
++	}
134 
+ }
135 
+-EXPORT_SYMBOL_GPL(x86_spec_ctrl_restore_host);
136 
++EXPORT_SYMBOL_GPL(x86_virt_spec_ctrl);
137 
+
138 
+ static void x86_amd_ssb_disable(void)
139 
+ {
140 
+--
141 
+2.7.4
142 
+
SPECS/linux/speculative-store-bypass/0048-x86-bugs-Expose-x86_spec_ctrl_base-directly.patch
History View file @ c3d25b5
0 143 
new file mode 100644
... ... 
@@ -0,0 +1,120 @@
0 
+From deeee7b974828f923efeb93946efc701dd668f78 Mon Sep 17 00:00:00 2001
1 
+From: Thomas Gleixner <tglx@linutronix.de>
2 
+Date: Sat, 12 May 2018 20:49:16 +0200
3 
+Subject: [PATCH 48/54] x86/bugs: Expose x86_spec_ctrl_base directly
4 
+
5 
+commit fa8ac4988249c38476f6ad678a4848a736373403 upstream
6 
+
7 
+x86_spec_ctrl_base is the system wide default value for the SPEC_CTRL MSR.
8 
+x86_spec_ctrl_get_default() returns x86_spec_ctrl_base and was intended to
9 
+prevent modification to that variable. Though the variable is read only
10 
+after init and globaly visible already.
11 
+
12 
+Remove the function and export the variable instead.
13 
+
14 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
15 
+Reviewed-by: Borislav Petkov <bp@suse.de>
16 
+Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
17 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
18 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
19 
+---
20 
+ arch/x86/include/asm/nospec-branch.h | 16 +++++-----------
21 
+ arch/x86/include/asm/spec-ctrl.h     |  3 ---
22 
+ arch/x86/kernel/cpu/bugs.c           | 11 +----------
23 
+ 3 files changed, 6 insertions(+), 24 deletions(-)
24 
+
25 
+diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
26 
+index bc258e6..8d9deec 100644
27 
+--- a/arch/x86/include/asm/nospec-branch.h
28 
+@@ -217,16 +217,7 @@ enum spectre_v2_mitigation {
29 
+ 	SPECTRE_V2_IBRS,
30 
+ };
31 
+
32 
+-/*
33 
+- * The Intel specification for the SPEC_CTRL MSR requires that we
34 
+- * preserve any already set reserved bits at boot time (e.g. for
35 
+- * future additions that this kernel is not currently aware of).
36 
+- * We then set any additional mitigation bits that we want
37 
+- * ourselves and always use this as the base for SPEC_CTRL.
38 
+- * We also use this when handling guest entry/exit as below.
39 
+- */
40 
+ extern void x86_spec_ctrl_set(u64);
41 
+-extern u64 x86_spec_ctrl_get_default(void);
42 
+
43 
+ /* The Speculative Store Bypass disable variants */
44 
+ enum ssb_mitigation {
45 
+@@ -278,6 +269,9 @@ static inline void indirect_branch_prediction_barrier(void)
46 
+ 	alternative_msr_write(MSR_IA32_PRED_CMD, val, X86_FEATURE_USE_IBPB);
47 
+ }
48 
+
49 
++/* The Intel SPEC CTRL MSR base value cache */
50 
++extern u64 x86_spec_ctrl_base;
51 
++
52 
+ /*
53 
+  * With retpoline, we must use IBRS to restrict branch prediction
54 
+  * before calling into firmware.
55 
+@@ -286,7 +280,7 @@ static inline void indirect_branch_prediction_barrier(void)
56 
+  */
57 
+ #define firmware_restrict_branch_speculation_start()			\
58 
+ do {									\
59 
+-	u64 val = x86_spec_ctrl_get_default() | SPEC_CTRL_IBRS;		\
60 
++	u64 val = x86_spec_ctrl_base | SPEC_CTRL_IBRS;			\
61 
+ 									\
62 
+ 	preempt_disable();						\
63 
+ 	alternative_msr_write(MSR_IA32_SPEC_CTRL, val,			\
64 
+@@ -295,7 +289,7 @@ do {									\
65 
+
66 
+ #define firmware_restrict_branch_speculation_end()			\
67 
+ do {									\
68 
+-	u64 val = x86_spec_ctrl_get_default();				\
69 
++	u64 val = x86_spec_ctrl_base;					\
70 
+ 									\
71 
+ 	alternative_msr_write(MSR_IA32_SPEC_CTRL, val,			\
72 
+ 			      X86_FEATURE_USE_IBRS_FW);			\
73 
+diff --git a/arch/x86/include/asm/spec-ctrl.h b/arch/x86/include/asm/spec-ctrl.h
74 
+index 9cecbe5..763d497 100644
75 
+--- a/arch/x86/include/asm/spec-ctrl.h
76 
+@@ -47,9 +47,6 @@ void x86_spec_ctrl_restore_host(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl)
77 
+ extern u64 x86_amd_ls_cfg_base;
78 
+ extern u64 x86_amd_ls_cfg_ssbd_mask;
79 
+
80 
+-/* The Intel SPEC CTRL MSR base value cache */
81 
+-extern u64 x86_spec_ctrl_base;
82 
+-
83 
+ static inline u64 ssbd_tif_to_spec_ctrl(u64 tifn)
84 
+ {
85 
+ 	BUILD_BUG_ON(TIF_SSBD < SPEC_CTRL_SSBD_SHIFT);
86 
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
87 
+index 9203150..47b7f4f 100644
88 
+--- a/arch/x86/kernel/cpu/bugs.c
89 
+@@ -35,6 +35,7 @@ static void __init ssb_select_mitigation(void);
90 
+  * writes to SPEC_CTRL contain whatever reserved bits have been set.
91 
+  */
92 
+ u64 __ro_after_init x86_spec_ctrl_base;
93 
++EXPORT_SYMBOL_GPL(x86_spec_ctrl_base);
94 
+
95 
+ /*
96 
+  * The vendor and possibly platform specific bits which can be modified in
97 
+@@ -140,16 +141,6 @@ void x86_spec_ctrl_set(u64 val)
98 
+ }
99 
+ EXPORT_SYMBOL_GPL(x86_spec_ctrl_set);
100 
+
101 
+-u64 x86_spec_ctrl_get_default(void)
102 
+-{
103 
+-	u64 msrval = x86_spec_ctrl_base;
104 
+-
105 
+-	if (static_cpu_has(X86_FEATURE_SPEC_CTRL))
106 
+-		msrval |= ssbd_tif_to_spec_ctrl(current_thread_info()->flags);
107 
+-	return msrval;
108 
+-}
109 
+-EXPORT_SYMBOL_GPL(x86_spec_ctrl_get_default);
110 
+-
111 
+ void
112 
+ x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool setguest)
113 
+ {
114 
+--
115 
+2.7.4
116 
+
SPECS/linux/speculative-store-bypass/0049-x86-bugs-Remove-x86_spec_ctrl_set.patch
History View file @ c3d25b5
0 117 
new file mode 100644
... ... 
@@ -0,0 +1,76 @@
0 
+From 5eb348cfda0c0efd41e44ca4ba6e267eb5877a3a Mon Sep 17 00:00:00 2001
1 
+From: Thomas Gleixner <tglx@linutronix.de>
2 
+Date: Sat, 12 May 2018 20:53:14 +0200
3 
+Subject: [PATCH 49/54] x86/bugs: Remove x86_spec_ctrl_set()
4 
+
5 
+commit 4b59bdb569453a60b752b274ca61f009e37f4dae upstream
6 
+
7 
+x86_spec_ctrl_set() is only used in bugs.c and the extra mask checks there
8 
+provide no real value as both call sites can just write x86_spec_ctrl_base
9 
+to MSR_SPEC_CTRL. x86_spec_ctrl_base is valid and does not need any extra
10 
+masking or checking.
11 
+
12 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
13 
+Reviewed-by: Borislav Petkov <bp@suse.de>
14 
+Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
15 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
16 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
17 
+---
18 
+ arch/x86/include/asm/nospec-branch.h |  2 --
19 
+ arch/x86/kernel/cpu/bugs.c           | 13 ++-----------
20 
+ 2 files changed, 2 insertions(+), 13 deletions(-)
21 
+
22 
+diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
23 
+index 8d9deec..8b38df9 100644
24 
+--- a/arch/x86/include/asm/nospec-branch.h
25 
+@@ -217,8 +217,6 @@ enum spectre_v2_mitigation {
26 
+ 	SPECTRE_V2_IBRS,
27 
+ };
28 
+
29 
+-extern void x86_spec_ctrl_set(u64);
30 
+-
31 
+ /* The Speculative Store Bypass disable variants */
32 
+ enum ssb_mitigation {
33 
+ 	SPEC_STORE_BYPASS_NONE,
34 
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
35 
+index 47b7f4f..82a99d0 100644
36 
+--- a/arch/x86/kernel/cpu/bugs.c
37 
+@@ -132,15 +132,6 @@ static const char *spectre_v2_strings[] = {
38 
+ static enum spectre_v2_mitigation spectre_v2_enabled __ro_after_init =
39 
+ 	SPECTRE_V2_NONE;
40 
+
41 
+-void x86_spec_ctrl_set(u64 val)
42 
+-{
43 
+-	if (val & x86_spec_ctrl_mask)
44 
+-		WARN_ONCE(1, "SPEC_CTRL MSR value 0x%16llx is unknown.\n", val);
45 
+-	else
46 
+-		wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base | val);
47 
+-}
48 
+-EXPORT_SYMBOL_GPL(x86_spec_ctrl_set);
49 
+-
50 
+ void
51 
+ x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool setguest)
52 
+ {
53 
+@@ -502,7 +493,7 @@ static enum ssb_mitigation __init __ssb_select_mitigation(void)
54 
+ 		case X86_VENDOR_INTEL:
55 
+ 			x86_spec_ctrl_base |= SPEC_CTRL_SSBD;
56 
+ 			x86_spec_ctrl_mask &= ~SPEC_CTRL_SSBD;
57 
+-			x86_spec_ctrl_set(SPEC_CTRL_SSBD);
58 
++			wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
59 
+ 			break;
60 
+ 		case X86_VENDOR_AMD:
61 
+ 			x86_amd_ssb_disable();
62 
+@@ -614,7 +605,7 @@ int arch_prctl_spec_ctrl_get(struct task_struct *task, unsigned long which)
63 
+ void x86_spec_ctrl_setup_ap(void)
64 
+ {
65 
+ 	if (boot_cpu_has(X86_FEATURE_MSR_SPEC_CTRL))
66 
+-		x86_spec_ctrl_set(x86_spec_ctrl_base & ~x86_spec_ctrl_mask);
67 
++		wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
68 
+
69 
+ 	if (ssb_mode == SPEC_STORE_BYPASS_DISABLE)
70 
+ 		x86_amd_ssb_disable();
71 
+--
72 
+2.7.4
73 
+
SPECS/linux/speculative-store-bypass/0050-x86-bugs-Rework-spec_ctrl-base-and-mask-logic.patch
History View file @ c3d25b5
0 74 
new file mode 100644
... ... 
@@ -0,0 +1,95 @@
0 
+From 899b5d7cb4192d50163bb45e4957df11b4557696 Mon Sep 17 00:00:00 2001
1 
+From: Thomas Gleixner <tglx@linutronix.de>
2 
+Date: Sat, 12 May 2018 20:10:00 +0200
3 
+Subject: [PATCH 50/54] x86/bugs: Rework spec_ctrl base and mask logic
4 
+
5 
+commit be6fcb5478e95bb1c91f489121238deb3abca46a upstream
6 
+
7 
+x86_spec_ctrL_mask is intended to mask out bits from a MSR_SPEC_CTRL value
8 
+which are not to be modified. However the implementation is not really used
9 
+and the bitmask was inverted to make a check easier, which was removed in
10 
+"x86/bugs: Remove x86_spec_ctrl_set()"
11 
+
12 
+Aside of that it is missing the STIBP bit if it is supported by the
13 
+platform, so if the mask would be used in x86_virt_spec_ctrl() then it
14 
+would prevent a guest from setting STIBP.
15 
+
16 
+Add the STIBP bit if supported and use the mask in x86_virt_spec_ctrl() to
17 
+sanitize the value which is supplied by the guest.
18 
+
19 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
20 
+Reviewed-by: Borislav Petkov <bp@suse.de>
21 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
22 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
23 
+---
24 
+ arch/x86/kernel/cpu/bugs.c | 26 +++++++++++++++++++-------
25 
+ 1 file changed, 19 insertions(+), 7 deletions(-)
26 
+
27 
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
28 
+index 82a99d0..2ae3586 100644
29 
+--- a/arch/x86/kernel/cpu/bugs.c
30 
+@@ -41,7 +41,7 @@ EXPORT_SYMBOL_GPL(x86_spec_ctrl_base);
31 
+  * The vendor and possibly platform specific bits which can be modified in
32 
+  * x86_spec_ctrl_base.
33 
+  */
34 
+-static u64 __ro_after_init x86_spec_ctrl_mask = ~SPEC_CTRL_IBRS;
35 
++static u64 __ro_after_init x86_spec_ctrl_mask = SPEC_CTRL_IBRS;
36 
+
37 
+ /*
38 
+  * AMD specific MSR info for Speculative Store Bypass control.
39 
+@@ -67,6 +67,10 @@ void __init check_bugs(void)
40 
+ 	if (boot_cpu_has(X86_FEATURE_MSR_SPEC_CTRL))
41 
+ 		rdmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
42 
+
43 
++	/* Allow STIBP in MSR_SPEC_CTRL if supported */
44 
++	if (boot_cpu_has(X86_FEATURE_STIBP))
45 
++		x86_spec_ctrl_mask |= SPEC_CTRL_STIBP;
46 
++
47 
+ 	/* Select the proper spectre mitigation before patching alternatives */
48 
+ 	spectre_v2_select_mitigation();
49 
+
50 
+@@ -135,18 +139,26 @@ static enum spectre_v2_mitigation spectre_v2_enabled __ro_after_init =
51 
+ void
52 
+ x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool setguest)
53 
+ {
54 
++	u64 msrval, guestval, hostval = x86_spec_ctrl_base;
55 
+ 	struct thread_info *ti = current_thread_info();
56 
+-	u64 msr, host = x86_spec_ctrl_base;
57 
+
58 
+ 	/* Is MSR_SPEC_CTRL implemented ? */
59 
+ 	if (static_cpu_has(X86_FEATURE_MSR_SPEC_CTRL)) {
60 
++		/*
61 
++		 * Restrict guest_spec_ctrl to supported values. Clear the
62 
++		 * modifiable bits in the host base value and or the
63 
++		 * modifiable bits from the guest value.
64 
++		 */
65 
++		guestval = hostval & ~x86_spec_ctrl_mask;
66 
++		guestval |= guest_spec_ctrl & x86_spec_ctrl_mask;
67 
++
68 
+ 		/* SSBD controlled in MSR_SPEC_CTRL */
69 
+ 		if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD))
70 
+-			host |= ssbd_tif_to_spec_ctrl(ti->flags);
71 
++			hostval |= ssbd_tif_to_spec_ctrl(ti->flags);
72 
+
73 
+-		if (host != guest_spec_ctrl) {
74 
+-			msr = setguest ? guest_spec_ctrl : host;
75 
+-			wrmsrl(MSR_IA32_SPEC_CTRL, msr);
76 
++		if (hostval != guestval) {
77 
++			msrval = setguest ? guestval : hostval;
78 
++			wrmsrl(MSR_IA32_SPEC_CTRL, msrval);
79 
+ 		}
80 
+ 	}
81 
+ }
82 
+@@ -492,7 +504,7 @@ static enum ssb_mitigation __init __ssb_select_mitigation(void)
83 
+ 		switch (boot_cpu_data.x86_vendor) {
84 
+ 		case X86_VENDOR_INTEL:
85 
+ 			x86_spec_ctrl_base |= SPEC_CTRL_SSBD;
86 
+-			x86_spec_ctrl_mask &= ~SPEC_CTRL_SSBD;
87 
++			x86_spec_ctrl_mask |= SPEC_CTRL_SSBD;
88 
+ 			wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
89 
+ 			break;
90 
+ 		case X86_VENDOR_AMD:
91 
+--
92 
+2.7.4
93 
+
SPECS/linux/speculative-store-bypass/0051-x86-speculation-KVM-Implement-support-for-VIRT_SPEC_.patch
History View file @ c3d25b5
0 94 
new file mode 100644
... ... 
@@ -0,0 +1,84 @@
0 
+From ea1f82069f5733039a4a535c3f8260c61b0ef793 Mon Sep 17 00:00:00 2001
1 
+From: Thomas Gleixner <tglx@linutronix.de>
2 
+Date: Thu, 10 May 2018 20:42:48 +0200
3 
+Subject: [PATCH 51/54] x86/speculation, KVM: Implement support for
4 
+ VIRT_SPEC_CTRL/LS_CFG
5 
+
6 
+commit 47c61b3955cf712cadfc25635bf9bc174af030ea upstream
7 
+
8 
+Add the necessary logic for supporting the emulated VIRT_SPEC_CTRL MSR to
9 
+x86_virt_spec_ctrl().  If either X86_FEATURE_LS_CFG_SSBD or
10 
+X86_FEATURE_VIRT_SPEC_CTRL is set then use the new guest_virt_spec_ctrl
11 
+argument to check whether the state must be modified on the host. The
12 
+update reuses speculative_store_bypass_update() so the ZEN-specific sibling
13 
+coordination can be reused.
14 
+
15 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
16 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
17 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
18 
+---
19 
+ arch/x86/include/asm/spec-ctrl.h |  6 ++++++
20 
+ arch/x86/kernel/cpu/bugs.c       | 30 ++++++++++++++++++++++++++++++
21 
+ 2 files changed, 36 insertions(+)
22 
+
23 
+diff --git a/arch/x86/include/asm/spec-ctrl.h b/arch/x86/include/asm/spec-ctrl.h
24 
+index 763d497..ae7c2c5 100644
25 
+--- a/arch/x86/include/asm/spec-ctrl.h
26 
+@@ -53,6 +53,12 @@ static inline u64 ssbd_tif_to_spec_ctrl(u64 tifn)
27 
+ 	return (tifn & _TIF_SSBD) >> (TIF_SSBD - SPEC_CTRL_SSBD_SHIFT);
28 
+ }
29 
+
30 
++static inline unsigned long ssbd_spec_ctrl_to_tif(u64 spec_ctrl)
31 
++{
32 
++	BUILD_BUG_ON(TIF_SSBD < SPEC_CTRL_SSBD_SHIFT);
33 
++	return (spec_ctrl & SPEC_CTRL_SSBD) << (TIF_SSBD - SPEC_CTRL_SSBD_SHIFT);
34 
++}
35 
++
36 
+ static inline u64 ssbd_tif_to_amd_ls_cfg(u64 tifn)
37 
+ {
38 
+ 	return (tifn & _TIF_SSBD) ? x86_amd_ls_cfg_ssbd_mask : 0ULL;
39 
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
40 
+index 2ae3586..86af9b1 100644
41 
+--- a/arch/x86/kernel/cpu/bugs.c
42 
+@@ -161,6 +161,36 @@ x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool setguest)
43 
+ 			wrmsrl(MSR_IA32_SPEC_CTRL, msrval);
44 
+ 		}
45 
+ 	}
46 
++
47 
++	/*
48 
++	 * If SSBD is not handled in MSR_SPEC_CTRL on AMD, update
49 
++	 * MSR_AMD64_L2_CFG or MSR_VIRT_SPEC_CTRL if supported.
50 
++	 */
51 
++	if (!static_cpu_has(X86_FEATURE_LS_CFG_SSBD) &&
52 
++	    !static_cpu_has(X86_FEATURE_VIRT_SSBD))
53 
++		return;
54 
++
55 
++	/*
56 
++	 * If the host has SSBD mitigation enabled, force it in the host's
57 
++	 * virtual MSR value. If its not permanently enabled, evaluate
58 
++	 * current's TIF_SSBD thread flag.
59 
++	 */
60 
++	if (static_cpu_has(X86_FEATURE_SPEC_STORE_BYPASS_DISABLE))
61 
++		hostval = SPEC_CTRL_SSBD;
62 
++	else
63 
++		hostval = ssbd_tif_to_spec_ctrl(ti->flags);
64 
++
65 
++	/* Sanitize the guest value */
66 
++	guestval = guest_virt_spec_ctrl & SPEC_CTRL_SSBD;
67 
++
68 
++	if (hostval != guestval) {
69 
++		unsigned long tif;
70 
++
71 
++		tif = setguest ? ssbd_spec_ctrl_to_tif(guestval) :
72 
++				 ssbd_spec_ctrl_to_tif(hostval);
73 
++
74 
++		speculative_store_bypass_update(tif);
75 
++	}
76 
+ }
77 
+ EXPORT_SYMBOL_GPL(x86_virt_spec_ctrl);
78 
+
79 
+--
80 
+2.7.4
81 
+
SPECS/linux/speculative-store-bypass/0052-KVM-SVM-Implement-VIRT_SPEC_CTRL-support-for-SSBD.patch
History View file @ c3d25b5
0 82 
new file mode 100644
... ... 
@@ -0,0 +1,241 @@
0 
+From 2bf8ebaf99e44d838272a02b32501511d716cb64 Mon Sep 17 00:00:00 2001
1 
+From: Tom Lendacky <thomas.lendacky@amd.com>
2 
+Date: Thu, 10 May 2018 22:06:39 +0200
3 
+Subject: [PATCH 52/54] KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
4 
+
5 
+commit bc226f07dcd3c9ef0b7f6236fe356ea4a9cb4769 upstream
6 
+
7 
+Expose the new virtualized architectural mechanism, VIRT_SSBD, for using
8 
+speculative store bypass disable (SSBD) under SVM.  This will allow guests
9 
+to use SSBD on hardware that uses non-architectural mechanisms for enabling
10 
+SSBD.
11 
+
12 
+[ tglx: Folded the migration fixup from Paolo Bonzini ]
13 
+
14 
+Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
15 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
16 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
17 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
18 
+---
19 
+ arch/x86/include/asm/kvm_host.h |  2 +-
20 
+ arch/x86/kernel/cpu/common.c    |  3 ++-
21 
+ arch/x86/kvm/cpuid.c            | 11 +++++++++--
22 
+ arch/x86/kvm/cpuid.h            |  9 +++++++++
23 
+ arch/x86/kvm/svm.c              | 21 +++++++++++++++++++--
24 
+ arch/x86/kvm/vmx.c              | 18 +++++++++++++++---
25 
+ arch/x86/kvm/x86.c              | 13 ++++---------
26 
+ 7 files changed, 59 insertions(+), 18 deletions(-)
27 
+
28 
+diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
29 
+index 20cfeeb..7598a6c 100644
30 
+--- a/arch/x86/include/asm/kvm_host.h
31 
+@@ -864,7 +864,7 @@ struct kvm_x86_ops {
32 
+ 	int (*hardware_setup)(void);               /* __init */
33 
+ 	void (*hardware_unsetup)(void);            /* __exit */
34 
+ 	bool (*cpu_has_accelerated_tpr)(void);
35 
+-	bool (*cpu_has_high_real_mode_segbase)(void);
36 
++	bool (*has_emulated_msr)(int index);
37 
+ 	void (*cpuid_update)(struct kvm_vcpu *vcpu);
38 
+
39 
+ 	int (*vm_init)(struct kvm *kvm);
40 
+diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
41 
+index 945e841..40fc748 100644
42 
+--- a/arch/x86/kernel/cpu/common.c
43 
+@@ -735,7 +735,8 @@ static void init_speculation_control(struct cpuinfo_x86 *c)
44 
+ 	if (cpu_has(c, X86_FEATURE_INTEL_STIBP))
45 
+ 		set_cpu_cap(c, X86_FEATURE_STIBP);
46 
+
47 
+-	if (cpu_has(c, X86_FEATURE_SPEC_CTRL_SSBD))
48 
++	if (cpu_has(c, X86_FEATURE_SPEC_CTRL_SSBD) ||
49 
++	    cpu_has(c, X86_FEATURE_VIRT_SSBD))
50 
+ 		set_cpu_cap(c, X86_FEATURE_SSBD);
51 
+
52 
+ 	if (cpu_has(c, X86_FEATURE_AMD_IBRS)) {
53 
+diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
54 
+index 910c2db..a69f18d 100644
55 
+--- a/arch/x86/kvm/cpuid.c
56 
+@@ -357,7 +357,7 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
57 
+
58 
+ 	/* cpuid 0x80000008.ebx */
59 
+ 	const u32 kvm_cpuid_8000_0008_ebx_x86_features =
60 
+-		F(AMD_IBPB) | F(AMD_IBRS);
61 
++		F(AMD_IBPB) | F(AMD_IBRS) | F(VIRT_SSBD);
62 
+
63 
+ 	/* cpuid 0xC0000001.edx */
64 
+ 	const u32 kvm_cpuid_C000_0001_edx_x86_features =
65 
+@@ -618,13 +618,20 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
66 
+ 			g_phys_as = phys_as;
67 
+ 		entry->eax = g_phys_as | (virt_as << 8);
68 
+ 		entry->edx = 0;
69 
+-		/* IBRS and IBPB aren't necessarily present in hardware cpuid */
70 
++		/*
71 
++		 * IBRS, IBPB and VIRT_SSBD aren't necessarily present in
72 
++		 * hardware cpuid
73 
++		 */
74 
+ 		if (boot_cpu_has(X86_FEATURE_AMD_IBPB))
75 
+ 			entry->ebx |= F(AMD_IBPB);
76 
+ 		if (boot_cpu_has(X86_FEATURE_AMD_IBRS))
77 
+ 			entry->ebx |= F(AMD_IBRS);
78 
++		if (boot_cpu_has(X86_FEATURE_VIRT_SSBD))
79 
++			entry->ebx |= F(VIRT_SSBD);
80 
+ 		entry->ebx &= kvm_cpuid_8000_0008_ebx_x86_features;
81 
+ 		cpuid_mask(&entry->ebx, CPUID_8000_0008_EBX);
82 
++		if (boot_cpu_has(X86_FEATURE_LS_CFG_SSBD))
83 
++			entry->ebx |= F(VIRT_SSBD);
84 
+ 		break;
85 
+ 	}
86 
+ 	case 0x80000019:
87 
+diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h
88 
+index eb47c37..c383697 100644
89 
+--- a/arch/x86/kvm/cpuid.h
90 
+@@ -190,6 +190,15 @@ static inline bool guest_cpuid_has_arch_capabilities(struct kvm_vcpu *vcpu)
91 
+ 	return best && (best->edx & bit(X86_FEATURE_ARCH_CAPABILITIES));
92 
+ }
93 
+
94 
++static inline bool guest_cpuid_has_virt_ssbd(struct kvm_vcpu *vcpu)
95 
++{
96 
++	struct kvm_cpuid_entry2 *best;
97 
++
98 
++	best = kvm_find_cpuid_entry(vcpu, 0x80000008, 0);
99 
++	return best && (best->ebx & bit(X86_FEATURE_VIRT_SSBD));
100 
++}
101 
++
102 
++
103 
+
104 
+ /*
105 
+  * NRIPS is provided through cpuidfn 0x8000000a.edx bit 3
106 
+diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
107 
+index 57c96f1..a27f9e4 100644
108 
+--- a/arch/x86/kvm/svm.c
109 
+@@ -3557,6 +3557,13 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
110 
+
111 
+ 		msr_info->data = svm->spec_ctrl;
112 
+ 		break;
113 
++	case MSR_AMD64_VIRT_SPEC_CTRL:
114 
++		if (!msr_info->host_initiated &&
115 
++		    !guest_cpuid_has_virt_ssbd(vcpu))
116 
++			return 1;
117 
++
118 
++		msr_info->data = svm->virt_spec_ctrl;
119 
++		break;
120 
+ 	case MSR_IA32_UCODE_REV:
121 
+ 		msr_info->data = 0x01000065;
122 
+ 		break;
123 
+@@ -3691,6 +3698,16 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
124 
+ 			break;
125 
+ 		set_msr_interception(svm->msrpm, MSR_IA32_PRED_CMD, 0, 1);
126 
+ 		break;
127 
++	case MSR_AMD64_VIRT_SPEC_CTRL:
128 
++		if (!msr->host_initiated &&
129 
++		    !guest_cpuid_has_virt_ssbd(vcpu))
130 
++			return 1;
131 
++
132 
++		if (data & ~SPEC_CTRL_SSBD)
133 
++			return 1;
134 
++
135 
++		svm->virt_spec_ctrl = data;
136 
++		break;
137 
+ 	case MSR_STAR:
138 
+ 		svm->vmcb->save.star = data;
139 
+ 		break;
140 
+@@ -5150,7 +5167,7 @@ static bool svm_cpu_has_accelerated_tpr(void)
141 
+ 	return false;
142 
+ }
143 
+
144 
+-static bool svm_has_high_real_mode_segbase(void)
145 
++static bool svm_has_emulated_msr(int index)
146 
+ {
147 
+ 	return true;
148 
+ }
149 
+@@ -5467,7 +5484,7 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = {
150 
+ 	.hardware_enable = svm_hardware_enable,
151 
+ 	.hardware_disable = svm_hardware_disable,
152 
+ 	.cpu_has_accelerated_tpr = svm_cpu_has_accelerated_tpr,
153 
+-	.cpu_has_high_real_mode_segbase = svm_has_high_real_mode_segbase,
154 
++	.has_emulated_msr = svm_has_emulated_msr,
155 
+
156 
+ 	.vcpu_create = svm_create_vcpu,
157 
+ 	.vcpu_free = svm_free_vcpu,
158 
+diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
159 
+index f1d158a..d92523a 100644
160 
+--- a/arch/x86/kvm/vmx.c
161 
+@@ -8691,9 +8691,21 @@ static void vmx_handle_external_intr(struct kvm_vcpu *vcpu)
162 
+ 	}
163 
+ }
164 
+
165 
+-static bool vmx_has_high_real_mode_segbase(void)
166 
++static bool vmx_has_emulated_msr(int index)
167 
+ {
168 
+-	return enable_unrestricted_guest || emulate_invalid_guest_state;
169 
++	switch (index) {
170 
++	case MSR_IA32_SMBASE:
171 
++		/*
172 
++		 * We cannot do SMM unless we can run the guest in big
173 
++		 * real mode.
174 
++		 */
175 
++		return enable_unrestricted_guest || emulate_invalid_guest_state;
176 
++	case MSR_AMD64_VIRT_SPEC_CTRL:
177 
++		/* This is AMD only.  */
178 
++		return false;
179 
++	default:
180 
++		return true;
181 
++	}
182 
+ }
183 
+
184 
+ static bool vmx_mpx_supported(void)
185 
+@@ -11346,7 +11358,7 @@ static struct kvm_x86_ops vmx_x86_ops __ro_after_init = {
186 
+ 	.hardware_enable = hardware_enable,
187 
+ 	.hardware_disable = hardware_disable,
188 
+ 	.cpu_has_accelerated_tpr = report_flexpriority,
189 
+-	.cpu_has_high_real_mode_segbase = vmx_has_high_real_mode_segbase,
190 
++	.has_emulated_msr = vmx_has_emulated_msr,
191 
+
192 
+ 	.vcpu_create = vmx_create_vcpu,
193 
+ 	.vcpu_free = vmx_free_vcpu,
194 
+diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
195 
+index 3aaaf30..a0cb85f 100644
196 
+--- a/arch/x86/kvm/x86.c
197 
+@@ -1002,6 +1002,7 @@ static u32 emulated_msrs[] = {
198 
+ 	MSR_IA32_MCG_CTL,
199 
+ 	MSR_IA32_MCG_EXT_CTL,
200 
+ 	MSR_IA32_SMBASE,
201 
++	MSR_AMD64_VIRT_SPEC_CTRL,
202 
+ };
203 
+
204 
+ static unsigned num_emulated_msrs;
205 
+@@ -2664,7 +2665,7 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
206 
+ 		 * fringe case that is not enabled except via specific settings
207 
+ 		 * of the module parameters.
208 
+ 		 */
209 
+-		r = kvm_x86_ops->cpu_has_high_real_mode_segbase();
210 
++		r = kvm_x86_ops->has_emulated_msr(MSR_IA32_SMBASE);
211 
+ 		break;
212 
+ 	case KVM_CAP_COALESCED_MMIO:
213 
+ 		r = KVM_COALESCED_MMIO_PAGE_OFFSET;
214 
+@@ -4226,14 +4227,8 @@ static void kvm_init_msr_list(void)
215 
+ 	num_msrs_to_save = j;
216 
+
217 
+ 	for (i = j = 0; i < ARRAY_SIZE(emulated_msrs); i++) {
218 
+-		switch (emulated_msrs[i]) {
219 
+-		case MSR_IA32_SMBASE:
220 
+-			if (!kvm_x86_ops->cpu_has_high_real_mode_segbase())
221 
+-				continue;
222 
+-			break;
223 
+-		default:
224 
+-			break;
225 
+-		}
226 
++		if (!kvm_x86_ops->has_emulated_msr(emulated_msrs[i]))
227 
++			continue;
228 
+
229 
+ 		if (j < i)
230 
+ 			emulated_msrs[j] = emulated_msrs[i];
231 
+--
232 
+2.7.4
233 
+
SPECS/linux/speculative-store-bypass/0053-x86-bugs-Rename-SSBD_NO-to-SSB_NO.patch
History View file @ c3d25b5
0 234 
new file mode 100644
... ... 
@@ -0,0 +1,48 @@
0 
+From 3c8411083c45a3eb9f9b9b381ed553d9fea7e05b Mon Sep 17 00:00:00 2001
1 
+From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
2 
+Date: Wed, 16 May 2018 23:18:09 -0400
3 
+Subject: [PATCH 53/54] x86/bugs: Rename SSBD_NO to SSB_NO
4 
+
5 
+commit 240da953fcc6a9008c92fae5b1f727ee5ed167ab upstream
6 
+
7 
+The "336996 Speculative Execution Side Channel Mitigations" from
8 
+May defines this as SSB_NO, hence lets sync-up.
9 
+
10 
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
11 
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
12 
+Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
13 
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
14 
+---
15 
+ arch/x86/include/asm/msr-index.h | 2 +-
16 
+ arch/x86/kernel/cpu/common.c     | 2 +-
17 
+ 2 files changed, 2 insertions(+), 2 deletions(-)
18 
+
19 
+diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
20 
+index 9fd9dcf..1ec13e2 100644
21 
+--- a/arch/x86/include/asm/msr-index.h
22 
+@@ -63,7 +63,7 @@
23 
+ #define MSR_IA32_ARCH_CAPABILITIES	0x0000010a
24 
+ #define ARCH_CAP_RDCL_NO		(1 << 0)   /* Not susceptible to Meltdown */
25 
+ #define ARCH_CAP_IBRS_ALL		(1 << 1)   /* Enhanced IBRS support */
26 
+-#define ARCH_CAP_SSBD_NO		(1 << 4)   /*
27 
++#define ARCH_CAP_SSB_NO			(1 << 4)   /*
28 
+ 						    * Not susceptible to Speculative Store Bypass
29 
+ 						    * attack, so no Speculative Store Bypass
30 
+ 						    * control required.
31 
+diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
32 
+index 40fc748..b0fd028 100644
33 
+--- a/arch/x86/kernel/cpu/common.c
34 
+@@ -926,7 +926,7 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
35 
+ 		rdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap);
36 
+
37 
+ 	if (!x86_match_cpu(cpu_no_spec_store_bypass) &&
38 
+-	   !(ia32_cap & ARCH_CAP_SSBD_NO))
39 
++	   !(ia32_cap & ARCH_CAP_SSB_NO))
40 
+ 		setup_force_cpu_bug(X86_BUG_SPEC_STORE_BYPASS);
41 
+
42 
+ 	if (x86_match_cpu(cpu_no_speculation))
43 
+--
44 
+2.7.4
45 
+