[pve-kernel.git] / patches / kernel / 0256-x86-cpu-AMD-Use-LFENCE_RDTSC-in-preference-to-MFENCE.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tom Lendacky <thomas.lendacky@amd.com>
Date: Mon, 8 Jan 2018 16:09:32 -0600
Subject: [PATCH] x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CVE-2017-5754

With LFENCE now a serializing instruction, use LFENCE_RDTSC in preference
to MFENCE_RDTSC.  However, since the kernel could be running under a
hypervisor that does not support writing that MSR, read the MSR back and
verify that the bit has been set successfully.  If the MSR can be read
and the bit is set, then set the LFENCE_RDTSC feature, otherwise set the
MFENCE_RDTSC feature.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Reviewed-by: Borislav Petkov <bp@suse.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Greg Kroah-Hartman <gregkh@linux-foundation.org>
Cc: David Woodhouse <dwmw@amazon.co.uk>
Cc: Paul Turner <pjt@google.com>
Link: https://lkml.kernel.org/r/20180108220932.12580.52458.stgit@tlendack-t1.amdoffice.net

(cherry picked from commit 9c6a73c75864ad9fa49e5fa6513e4c4071c0e29f)
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
(cherry picked from commit dc39f26bf11d270cb4cfd251919afb16d98d6c2b)
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 arch/x86/include/asm/msr-index.h |  1 +
 arch/x86/kernel/cpu/amd.c        | 18 ++++++++++++++++--
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
index 25147df4acfc..db88b7f852b4 100644
--- a/arch/x86/include/asm/msr-index.h
+++ b/arch/x86/include/asm/msr-index.h
@@ -353,6 +353,7 @@
 #define MSR_FAM10H_NODE_ID		0xc001100c
 #define MSR_F10H_DECFG			0xc0011029
 #define MSR_F10H_DECFG_LFENCE_SERIALIZE_BIT	1
+#define MSR_F10H_DECFG_LFENCE_SERIALIZE		BIT_ULL(MSR_F10H_DECFG_LFENCE_SERIALIZE_BIT)
 
 /* K8 MSRs */
 #define MSR_K8_TOP_MEM1			0xc001001a
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
index c9a4e4db7860..99eef4a09fd9 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
@@ -785,6 +785,9 @@ static void init_amd(struct cpuinfo_x86 *c)
 		set_cpu_cap(c, X86_FEATURE_K8);
 
 	if (cpu_has(c, X86_FEATURE_XMM2)) {
+		unsigned long long val;
+		int ret;
+
 		/*
 		 * A serializing LFENCE has less overhead than MFENCE, so
 		 * use it for execution serialization.  On families which
@@ -795,8 +798,19 @@ static void init_amd(struct cpuinfo_x86 *c)
 		msr_set_bit(MSR_F10H_DECFG,
 			    MSR_F10H_DECFG_LFENCE_SERIALIZE_BIT);
 
-		/* MFENCE stops RDTSC speculation */
-		set_cpu_cap(c, X86_FEATURE_MFENCE_RDTSC);
+		/*
+		 * Verify that the MSR write was successful (could be running
+		 * under a hypervisor) and only then assume that LFENCE is
+		 * serializing.
+		 */
+		ret = rdmsrl_safe(MSR_F10H_DECFG, &val);
+		if (!ret && (val & MSR_F10H_DECFG_LFENCE_SERIALIZE)) {
+			/* A serializing LFENCE stops RDTSC speculation */
+			set_cpu_cap(c, X86_FEATURE_LFENCE_RDTSC);
+		} else {
+			/* MFENCE stops RDTSC speculation */
+			set_cpu_cap(c, X86_FEATURE_MFENCE_RDTSC);
+		}
 	}
 
 	/*
-- 
2.14.2
Commit	Line	Data
035dbe67 FG	1	From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
	2	From: Tom Lendacky <thomas.lendacky@amd.com>
	3	Date: Mon, 8 Jan 2018 16:09:32 -0600
	4	Subject: [PATCH] x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC
	5	MIME-Version: 1.0
	6	Content-Type: text/plain; charset=UTF-8
	7	Content-Transfer-Encoding: 8bit
	8
	9	CVE-2017-5754
	10
	11	With LFENCE now a serializing instruction, use LFENCE_RDTSC in preference
	12	to MFENCE_RDTSC. However, since the kernel could be running under a
	13	hypervisor that does not support writing that MSR, read the MSR back and
	14	verify that the bit has been set successfully. If the MSR can be read
	15	and the bit is set, then set the LFENCE_RDTSC feature, otherwise set the
	16	MFENCE_RDTSC feature.
	17
	18	Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
	19	Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
	20	Reviewed-by: Reviewed-by: Borislav Petkov <bp@suse.de>
	21	Cc: Peter Zijlstra <peterz@infradead.org>
	22	Cc: Tim Chen <tim.c.chen@linux.intel.com>
	23	Cc: Dave Hansen <dave.hansen@intel.com>
	24	Cc: Borislav Petkov <bp@alien8.de>
	25	Cc: Dan Williams <dan.j.williams@intel.com>
	26	Cc: Linus Torvalds <torvalds@linux-foundation.org>
	27	Cc: Greg Kroah-Hartman <gregkh@linux-foundation.org>
	28	Cc: David Woodhouse <dwmw@amazon.co.uk>
	29	Cc: Paul Turner <pjt@google.com>
	30	Link: https://lkml.kernel.org/r/20180108220932.12580.52458.stgit@tlendack-t1.amdoffice.net
	31
	32	(cherry picked from commit 9c6a73c75864ad9fa49e5fa6513e4c4071c0e29f)
	33	Signed-off-by: Andy Whitcroft <apw@canonical.com>
	34	Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
	35	(cherry picked from commit dc39f26bf11d270cb4cfd251919afb16d98d6c2b)
	36	Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
	37	---
	38	arch/x86/include/asm/msr-index.h \| 1 +
	39	arch/x86/kernel/cpu/amd.c \| 18 ++++++++++++++++--
	40	2 files changed, 17 insertions(+), 2 deletions(-)
	41
	42	diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
	43	index 25147df4acfc..db88b7f852b4 100644
	44	--- a/arch/x86/include/asm/msr-index.h
	45	+++ b/arch/x86/include/asm/msr-index.h
	46	@@ -353,6 +353,7 @@
	47	#define MSR_FAM10H_NODE_ID 0xc001100c
	48	#define MSR_F10H_DECFG 0xc0011029
	49	#define MSR_F10H_DECFG_LFENCE_SERIALIZE_BIT 1
	50	+#define MSR_F10H_DECFG_LFENCE_SERIALIZE BIT_ULL(MSR_F10H_DECFG_LFENCE_SERIALIZE_BIT)
	51
	52	/* K8 MSRs */
	53	#define MSR_K8_TOP_MEM1 0xc001001a
	54	diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
	55	index c9a4e4db7860..99eef4a09fd9 100644
	56	--- a/arch/x86/kernel/cpu/amd.c
	57	+++ b/arch/x86/kernel/cpu/amd.c
	58	@@ -785,6 +785,9 @@ static void init_amd(struct cpuinfo_x86 *c)
	59	set_cpu_cap(c, X86_FEATURE_K8);
	60
	61	if (cpu_has(c, X86_FEATURE_XMM2)) {
	62	+ unsigned long long val;
	63	+ int ret;
	64	+
65	/*
66	* A serializing LFENCE has less overhead than MFENCE, so
67	* use it for execution serialization. On families which
68	@@ -795,8 +798,19 @@ static void init_amd(struct cpuinfo_x86 *c)
69	msr_set_bit(MSR_F10H_DECFG,
70	MSR_F10H_DECFG_LFENCE_SERIALIZE_BIT);
71
72	- /* MFENCE stops RDTSC speculation */
73	- set_cpu_cap(c, X86_FEATURE_MFENCE_RDTSC);
74	+ /*
75	+ * Verify that the MSR write was successful (could be running
76	+ * under a hypervisor) and only then assume that LFENCE is
77	+ * serializing.
78	+ */
79	+ ret = rdmsrl_safe(MSR_F10H_DECFG, &val);
80	+ if (!ret && (val & MSR_F10H_DECFG_LFENCE_SERIALIZE)) {
81	+ /* A serializing LFENCE stops RDTSC speculation */
82	+ set_cpu_cap(c, X86_FEATURE_LFENCE_RDTSC);
83	+ } else {
84	+ /* MFENCE stops RDTSC speculation */
85	+ set_cpu_cap(c, X86_FEATURE_MFENCE_RDTSC);
86	+ }
87	}
88
89	/*
90	--
91	2.14.2
92