Home Home > GIT Browse > SLE11-SP4
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJan Beulich <jbeulich@suse.com>2018-06-06 14:39:02 +0200
committerJan Beulich <jbeulich@suse.com>2018-06-06 14:39:02 +0200
commita379559d2dbb44d4f881ac087f7a7cde9e06ec15 (patch)
treec2437aaff78d5d15187ae2ecbb6c9efe0f81d67f
parenta3756fe31a51fe81da858136e637df391c74d7e1 (diff)
- Delete bogus patches.xen/0001-SSB-Xen-build-fix.patch, replaced
by the three ones below. - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested (bsc#1087082 CVE-2018-3639). - xen/x86/process: Allow runtime control of Speculative Store Bypass (bsc#1087082 CVE-2018-3639). - xen/x86/bugs: Rename _RDS to _SSBD (bsc#1087082 CVE-2018-3639). suse-commit: 4c7b76b6da61cf1d8e66f0f9d0332c7dda12f68d
-rw-r--r--arch/x86/include/asm/thread_info.h2
-rw-r--r--arch/x86/kernel/cpu/bugs.c5
-rw-r--r--arch/x86/kernel/process-xen.c33
3 files changed, 38 insertions, 2 deletions
diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
index 58dbed1eba8c..4a14c58cc04a 100644
--- a/arch/x86/include/asm/thread_info.h
+++ b/arch/x86/include/asm/thread_info.h
@@ -155,7 +155,7 @@ struct thread_info {
(_TIF_IO_BITMAP|_TIF_NOTSC|_TIF_BLOCKSTEP|_TIF_SSBD)
#else
-#define _TIF_WORK_CTXSW (_TIF_NOTSC /*todo | _TIF_BLOCKSTEP */)
+#define _TIF_WORK_CTXSW (_TIF_NOTSC /*todo | _TIF_BLOCKSTEP */ | _TIF_SSBD)
#endif
#define _TIF_WORK_CTXSW_PREV (_TIF_WORK_CTXSW|_TIF_USER_RETURN_NOTIFY)
#define _TIF_WORK_CTXSW_NEXT (_TIF_WORK_CTXSW|_TIF_DEBUG)
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index cbac5034dc96..f0eaa2480d59 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -823,6 +823,11 @@ static void x86_amd_ssbd_disable(void)
{
u64 msrval = x86_amd_ls_cfg_base | x86_amd_ls_cfg_ssbd_mask;
+#ifdef CONFIG_XEN
+ if (x86_amd_ls_cfg_base & x86_amd_ls_cfg_ssbd_mask)
+ return;
+#endif
+
if (boot_cpu_has(X86_FEATURE_AMD_SSBD))
wrmsrl(MSR_AMD64_LS_CFG, msrval);
}
diff --git a/arch/x86/kernel/process-xen.c b/arch/x86/kernel/process-xen.c
index 589121c9da8b..197092c244f7 100644
--- a/arch/x86/kernel/process-xen.c
+++ b/arch/x86/kernel/process-xen.c
@@ -23,6 +23,7 @@
#include <asm/i387.h>
#include <asm/debugreg.h>
#include <asm/spec_ctrl.h>
+#include <asm/spec-ctrl.h>
#include <xen/evtchn.h>
struct kmem_cache *task_xstate_cachep;
@@ -193,9 +194,34 @@ int set_tsc_mode(unsigned int val)
return 0;
}
+static __always_inline void __speculative_store_bypass_update(int rds)
+{
+ u64 msr;
+
+ if (static_cpu_has(X86_FEATURE_AMD_SSBD)) {
+ msr = x86_amd_ls_cfg_base | ssbd_tif_to_amd_ls_cfg(rds);
+#ifdef CONFIG_XEN
+ /*
+ * At the moment Xen does not virtualize LS_CFG, and it
+ * unconditionally sets the flag in question (unless disabled).
+ * Avoid the MSR write when possible, as it triggers a (rate
+ * limited) hypervisor log message. (This could be further
+ * enhanced by also avoiding the write if the bit is fixed to
+ * zero, but that would be more involved. If any guest is to
+ * rely on the feature, Xen better had it enabled globally.)
+ */
+ if (!(x86_amd_ls_cfg_base & x86_amd_ls_cfg_ssbd_mask))
+#endif
+ wrmsrl(MSR_AMD64_LS_CFG, msr);
+ } else {
+ msr = x86_spec_ctrl_base | ssbd_tif_to_spec_ctrl(rds);
+ wrmsrl(MSR_IA32_SPEC_CTRL, msr);
+ }
+}
+
void speculative_store_bypass_update(void)
{
- /* Nothing to do for Xen here */
+ __speculative_store_bypass_update(current_thread_info()->flags);
}
void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p)
@@ -224,6 +250,11 @@ void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p)
else
hard_enable_TSC();
}
+
+ if (test_tsk_thread_flag(prev_p, TIF_SSBD) ^
+ test_tsk_thread_flag(next_p, TIF_SSBD))
+ __speculative_store_bypass_update(test_tsk_thread_flag(next_p, TIF_SSBD));
+
propagate_user_return_notify(prev_p, next_p);
}