Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJan Beulich <jbeulich@suse.com>2018-06-06 14:39:02 +0200
committerJan Beulich <jbeulich@suse.com>2018-06-06 14:39:02 +0200
commit4c7b76b6da61cf1d8e66f0f9d0332c7dda12f68d (patch)
tree04faab4df836d8b6457a4aa41fa1ee676becd020
parent5cadddf9a0494a73a2f3dbb017b584afab47aa2a (diff)
- Delete bogus patches.xen/0001-SSB-Xen-build-fix.patch, replaced
by the three ones below. - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested (bsc#1087082 CVE-2018-3639). - xen/x86/process: Allow runtime control of Speculative Store Bypass (bsc#1087082 CVE-2018-3639). - xen/x86/bugs: Rename _RDS to _SSBD (bsc#1087082 CVE-2018-3639).
-rw-r--r--patches.xen/0001-SSB-Xen-build-fix.patch30
-rw-r--r--patches.xen/xen3-0008-x86-bugs-AMD-Add-support-to-disable-RDS-on-Fam-15-16.patch38
-rw-r--r--patches.xen/xen3-0013-x86-process-Allow-runtime-control-of-Speculative-Sto.patch104
-rw-r--r--patches.xen/xen3-26-x86-bugs-rename-rds-to-ssbd.patch86
-rw-r--r--series.conf5
5 files changed, 231 insertions, 32 deletions
diff --git a/patches.xen/0001-SSB-Xen-build-fix.patch b/patches.xen/0001-SSB-Xen-build-fix.patch
deleted file mode 100644
index f70f9b5e80..0000000000
--- a/patches.xen/0001-SSB-Xen-build-fix.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From: Joerg Roedel <jroedel@suse.de>
-Date: Wed, 9 May 2018 22:05:33 +0200
-Subject: SSB: Xen build fix
-Patch-mainline: Not yet, work in progress
-References: bsc#1087082 CVE-2018-3639
-
-Signed-off-by: Joerg Roedel <jroedel@suse.de>
----
- arch/x86/kernel/process-xen.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/arch/x86/kernel/process-xen.c b/arch/x86/kernel/process-xen.c
-index 3a8a891a..589121c9 100644
---- a/arch/x86/kernel/process-xen.c
-+++ b/arch/x86/kernel/process-xen.c
-@@ -193,6 +193,11 @@ int set_tsc_mode(unsigned int val)
- return 0;
- }
-
-+void speculative_store_bypass_update(void)
-+{
-+ /* Nothing to do for Xen here */
-+}
-+
- void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p)
- {
- struct thread_struct *prev, *next;
---
-2.12.3
-
diff --git a/patches.xen/xen3-0008-x86-bugs-AMD-Add-support-to-disable-RDS-on-Fam-15-16.patch b/patches.xen/xen3-0008-x86-bugs-AMD-Add-support-to-disable-RDS-on-Fam-15-16.patch
new file mode 100644
index 0000000000..a47655a6a0
--- /dev/null
+++ b/patches.xen/xen3-0008-x86-bugs-AMD-Add-support-to-disable-RDS-on-Fam-15-16.patch
@@ -0,0 +1,38 @@
+From 351c1f71a7cf150cb5ee52092ee7a90c2037da1c Mon Sep 17 00:00:00 2001
+From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Date: Wed, 25 Apr 2018 22:04:24 -0400
+Subject: x86/bugs/AMD: Add support to disable RDS on
+ Fam[15,16,17]h if requested
+Patch-mainline: not yet, queued in subsystem tree
+References: bsc#1087082 CVE-2018-3639
+
+AMD does not need the Speculative Store Bypass mitigation to be enabled.
+
+The parameters for this are already available and can be done via MSR
+C001_1020. Each family uses a different bit in that MSR for this.
+
+[ tglx: Expose the bit mask via a variable and move the actual MSR fiddling
+ into the bugs code as that's the right thing to do and also required
+ to prepare for dynamic enable/disable ]
+
+Suggested-by: Borislav Petkov <bp@suse.de>
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Reviewed-by: Ingo Molnar <mingo@kernel.org>
+Acked-by: Joerg Roedel <jroedel@suse.de>
+Automatically created from "patches.arch/0008-x86-bugs-AMD-Add-support-to-disable-RDS-on-Fam-15-16.patch" by xen-port-patches.py
+
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@ -823,6 +823,11 @@ static void x86_amd_ssbd_disable(void)
+ {
+ u64 msrval = x86_amd_ls_cfg_base | x86_amd_ls_cfg_ssbd_mask;
+
++#ifdef CONFIG_XEN
++ if (x86_amd_ls_cfg_base & x86_amd_ls_cfg_rds_mask)
++ return;
++#endif
++
+ if (boot_cpu_has(X86_FEATURE_AMD_SSBD))
+ wrmsrl(MSR_AMD64_LS_CFG, msrval);
+ }
diff --git a/patches.xen/xen3-0013-x86-process-Allow-runtime-control-of-Speculative-Sto.patch b/patches.xen/xen3-0013-x86-process-Allow-runtime-control-of-Speculative-Sto.patch
new file mode 100644
index 0000000000..b50d9e3cf9
--- /dev/null
+++ b/patches.xen/xen3-0013-x86-process-Allow-runtime-control-of-Speculative-Sto.patch
@@ -0,0 +1,104 @@
+From b5122a6c3822880fee8f3dd871723f3d9b860425 Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Sun, 29 Apr 2018 15:21:42 +0200
+Subject: xen/x86/process: Allow runtime control of Speculative Store
+ Bypass
+Patch-mainline: Never, SUSE-Xen specific
+References: bsc#1087082 CVE-2018-3639
+
+The Speculative Store Bypass vulnerability can be mitigated with the
+Reduced Data Speculation (RDS) feature. To allow finer grained control of
+this eventually expensive mitigation a per task mitigation control is
+required.
+
+Add a new TIF_RDS flag and put it into the group of TIF flags which are
+evaluated for mismatch in switch_to(). If these bits differ in the previous
+and the next task, then the slow path function __switch_to_xtra() is
+invoked. Implement the TIF_RDS dependent mitigation control in the slow
+path.
+
+If the prctl for controlling Speculative Store Bypass is disabled or no
+task uses the prctl then there is no overhead in the switch_to() fast
+path.
+
+Update the KVM related speculation control functions to take TID_RDS into
+account as well.
+
+Based on a patch from Tim Chen. Completely rewritten.
+
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Reviewed-by: Ingo Molnar <mingo@kernel.org>
+Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Acked-by: Joerg Roedel <jroedel@suse.de>
+Automatically created from "patches.arch/0013-x86-process-Allow-runtime-control-of-Speculative-Sto.patch" by xen-port-patches.py
+
+--- a/arch/x86/kernel/process-xen.c
++++ b/arch/x86/kernel/process-xen.c
+@@ -23,6 +23,7 @@
+ #include <asm/i387.h>
+ #include <asm/debugreg.h>
+ #include <asm/spec_ctrl.h>
++#include <asm/spec-ctrl.h>
+ #include <xen/evtchn.h>
+
+ struct kmem_cache *task_xstate_cachep;
+@@ -193,6 +194,36 @@ int set_tsc_mode(unsigned int val)
+ return 0;
+ }
+
++static __always_inline void __speculative_store_bypass_update(int rds)
++{
++ u64 msr;
++
++ if (static_cpu_has(X86_FEATURE_AMD_RDS)) {
++ msr = x86_amd_ls_cfg_base | rds_tif_to_amd_ls_cfg(rds);
++#ifdef CONFIG_XEN
++ /*
++ * At the moment Xen does not virtualize LS_CFG, and it
++ * unconditionally sets the flag in question (unless disabled).
++ * Avoid the MSR write when possible, as it triggers a (rate
++ * limited) hypervisor log message. (This could be further
++ * enhanced by also avoiding the write if the bit is fixed to
++ * zero, but that would be more involved. If any guest is to
++ * rely on the feature, Xen better had it enabled globally.)
++ */
++ if (!(x86_amd_ls_cfg_base & x86_amd_ls_cfg_rds_mask))
++#endif
++ wrmsrl(MSR_AMD64_LS_CFG, msr);
++ } else {
++ msr = x86_spec_ctrl_base | rds_tif_to_spec_ctrl(rds);
++ wrmsrl(MSR_IA32_SPEC_CTRL, msr);
++ }
++}
++
++void speculative_store_bypass_update(void)
++{
++ __speculative_store_bypass_update(current_thread_info()->flags);
++}
++
+ void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p)
+ {
+ struct thread_struct *prev, *next;
+@@ -219,6 +250,11 @@ void __switch_to_xtra(struct task_struct
+ else
+ hard_enable_TSC();
+ }
++
++ if (test_tsk_thread_flag(prev_p, TIF_RDS) ^
++ test_tsk_thread_flag(next_p, TIF_RDS))
++ __speculative_store_bypass_update(test_tsk_thread_flag(next_p, TIF_RDS));
++
+ propagate_user_return_notify(prev_p, next_p);
+ }
+
+--- a/arch/x86/include/asm/thread_info.h
++++ b/arch/x86/include/asm/thread_info.h
+@@ -155,7 +155,7 @@ struct thread_info {
+ (_TIF_IO_BITMAP|_TIF_NOTSC|_TIF_BLOCKSTEP|_TIF_SSBD)
+
+ #else
+-#define _TIF_WORK_CTXSW (_TIF_NOTSC /*todo | _TIF_BLOCKSTEP */)
++#define _TIF_WORK_CTXSW (_TIF_NOTSC /*todo | _TIF_BLOCKSTEP */ | _TIF_RDS)
+ #endif
+ #define _TIF_WORK_CTXSW_PREV (_TIF_WORK_CTXSW|_TIF_USER_RETURN_NOTIFY)
+ #define _TIF_WORK_CTXSW_NEXT (_TIF_WORK_CTXSW|_TIF_DEBUG)
diff --git a/patches.xen/xen3-26-x86-bugs-rename-rds-to-ssbd.patch b/patches.xen/xen3-26-x86-bugs-rename-rds-to-ssbd.patch
new file mode 100644
index 0000000000..f445ab9293
--- /dev/null
+++ b/patches.xen/xen3-26-x86-bugs-rename-rds-to-ssbd.patch
@@ -0,0 +1,86 @@
+From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Date: Wed, 9 May 2018 21:41:38 +0200
+Subject: xen/x86/bugs: Rename _RDS to _SSBD
+Patch-mainline: Never, SUSE-Xen specific
+References: bsc#1087082 CVE-2018-3639
+
+Intel collateral will reference the SSB mitigation bit in IA32_SPEC_CTL[2]
+as SSBD (Speculative Store Bypass Disable).
+
+Hence changing it.
+
+It is unclear yet what the MSR_IA32_ARCH_CAPABILITIES (0x10a) Bit(4) name
+is going to be. Following the rename it would be SSBD_NO but that rolls out
+to Speculative Store Bypass Disable No.
+
+Also fixed the missing space in X86_FEATURE_AMD_SSBD.
+
+[ tglx: Fixup x86_amd_rds_enable() and rds_tif_to_amd_ls_cfg() as well ]
+
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: Borislav Petkov <bp@suse.de>
+Automatically created from "patches.arch/26-x86-bugs-rename-rds-to-ssbd.patch" by xen-port-patches.py
+
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@ -824,7 +824,7 @@ static void x86_amd_ssbd_disable(void)
+ u64 msrval = x86_amd_ls_cfg_base | x86_amd_ls_cfg_ssbd_mask;
+
+ #ifdef CONFIG_XEN
+- if (x86_amd_ls_cfg_base & x86_amd_ls_cfg_rds_mask)
++ if (x86_amd_ls_cfg_base & x86_amd_ls_cfg_ssbd_mask)
+ return;
+ #endif
+
+--- a/arch/x86/kernel/process-xen.c
++++ b/arch/x86/kernel/process-xen.c
+@@ -198,8 +198,8 @@ static __always_inline void __speculativ
+ {
+ u64 msr;
+
+- if (static_cpu_has(X86_FEATURE_AMD_RDS)) {
+- msr = x86_amd_ls_cfg_base | rds_tif_to_amd_ls_cfg(rds);
++ if (static_cpu_has(X86_FEATURE_AMD_SSBD)) {
++ msr = x86_amd_ls_cfg_base | ssbd_tif_to_amd_ls_cfg(rds);
+ #ifdef CONFIG_XEN
+ /*
+ * At the moment Xen does not virtualize LS_CFG, and it
+@@ -210,11 +210,11 @@ static __always_inline void __speculativ
+ * zero, but that would be more involved. If any guest is to
+ * rely on the feature, Xen better had it enabled globally.)
+ */
+- if (!(x86_amd_ls_cfg_base & x86_amd_ls_cfg_rds_mask))
++ if (!(x86_amd_ls_cfg_base & x86_amd_ls_cfg_ssbd_mask))
+ #endif
+ wrmsrl(MSR_AMD64_LS_CFG, msr);
+ } else {
+- msr = x86_spec_ctrl_base | rds_tif_to_spec_ctrl(rds);
++ msr = x86_spec_ctrl_base | ssbd_tif_to_spec_ctrl(rds);
+ wrmsrl(MSR_IA32_SPEC_CTRL, msr);
+ }
+ }
+@@ -251,9 +251,9 @@ void __switch_to_xtra(struct task_struct
+ hard_enable_TSC();
+ }
+
+- if (test_tsk_thread_flag(prev_p, TIF_RDS) ^
+- test_tsk_thread_flag(next_p, TIF_RDS))
+- __speculative_store_bypass_update(test_tsk_thread_flag(next_p, TIF_RDS));
++ if (test_tsk_thread_flag(prev_p, TIF_SSBD) ^
++ test_tsk_thread_flag(next_p, TIF_SSBD))
++ __speculative_store_bypass_update(test_tsk_thread_flag(next_p, TIF_SSBD));
+
+ propagate_user_return_notify(prev_p, next_p);
+ }
+--- a/arch/x86/include/asm/thread_info.h
++++ b/arch/x86/include/asm/thread_info.h
+@@ -155,7 +155,7 @@ struct thread_info {
+ (_TIF_IO_BITMAP|_TIF_NOTSC|_TIF_BLOCKSTEP|_TIF_SSBD)
+
+ #else
+-#define _TIF_WORK_CTXSW (_TIF_NOTSC /*todo | _TIF_BLOCKSTEP */ | _TIF_RDS)
++#define _TIF_WORK_CTXSW (_TIF_NOTSC /*todo | _TIF_BLOCKSTEP */ | _TIF_SSBD)
+ #endif
+ #define _TIF_WORK_CTXSW_PREV (_TIF_WORK_CTXSW|_TIF_USER_RETURN_NOTIFY)
+ #define _TIF_WORK_CTXSW_NEXT (_TIF_WORK_CTXSW|_TIF_DEBUG)
diff --git a/series.conf b/series.conf
index cde0804749..692feec68c 100644
--- a/series.conf
+++ b/series.conf
@@ -25511,6 +25511,9 @@
patches.xen/xen3-0006-x86-mm-Makse-sure-only-valid-bits-are-set-on-top-lev.patch
patches.xen/xen3-x86-entry-64-don-t-use-ist-entry-for-bp-stack.patch
patches.xen/xen3-0006-x86-bugs-intel-Set-proper-CPU-features-and-setup-RDS.patch
+ patches.xen/xen3-0008-x86-bugs-AMD-Add-support-to-disable-RDS-on-Fam-15-16.patch
+ patches.xen/xen3-0013-x86-process-Allow-runtime-control-of-Speculative-Sto.patch
+ patches.xen/xen3-26-x86-bugs-rename-rds-to-ssbd.patch
# upstream block frontend backports
patches.xen/4e96ec2f-xen-blkfront-Handle-discard-requests.patch
@@ -25628,5 +25631,3 @@
patches.xen/xen-x86_64-dump-user-pgt
patches.xen/xen-x86_64-note-init-p2m
patches.xen/xen-x86_64-unmapped-initrd
-
- patches.xen/0001-SSB-Xen-build-fix.patch