]>
Commit | Line | Data |
---|---|---|
035dbe67 FG |
1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
2 | From: Tom Lendacky <thomas.lendacky@amd.com> | |
3 | Date: Wed, 20 Dec 2017 10:52:54 +0000 | |
4 | Subject: [PATCH] x86/cpu/AMD: Add speculative control support for AMD | |
5 | MIME-Version: 1.0 | |
6 | Content-Type: text/plain; charset=UTF-8 | |
7 | Content-Transfer-Encoding: 8bit | |
8 | ||
9 | CVE-2017-5753 | |
10 | CVE-2017-5715 | |
11 | ||
12 | Add speculative control support for AMD processors. For AMD, speculative | |
13 | control is indicated as follows: | |
14 | ||
15 | CPUID EAX=0x00000007, ECX=0x00 return EDX[26] indicates support for | |
16 | both IBRS and IBPB. | |
17 | ||
18 | CPUID EAX=0x80000008, ECX=0x00 return EBX[12] indicates support for | |
19 | just IBPB. | |
20 | ||
21 | On AMD family 0x10, 0x12 and 0x16 processors where either of the above | |
22 | features are not supported, IBPB can be achieved by disabling | |
23 | indirect branch predictor support in MSR 0xc0011021[14] at boot. | |
24 | ||
25 | Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> | |
26 | Signed-off-by: Andy Whitcroft <apw@canonical.com> | |
27 | Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> | |
28 | (cherry picked from commit 8c3fc9e98177daee2281ed40e3d61f9cf4eee576) | |
29 | Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> | |
30 | --- | |
31 | arch/x86/include/asm/cpufeatures.h | 1 + | |
32 | arch/x86/include/asm/msr-index.h | 1 + | |
33 | arch/x86/kernel/cpu/amd.c | 39 ++++++++++++++++++++++++++++++++++++++ | |
34 | 3 files changed, 41 insertions(+) | |
35 | ||
36 | diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h | |
37 | index 44be8fd069bf..a97b327137aa 100644 | |
38 | --- a/arch/x86/include/asm/cpufeatures.h | |
39 | +++ b/arch/x86/include/asm/cpufeatures.h | |
40 | @@ -268,6 +268,7 @@ | |
41 | #define X86_FEATURE_CLZERO (13*32+ 0) /* CLZERO instruction */ | |
42 | #define X86_FEATURE_IRPERF (13*32+ 1) /* Instructions Retired Count */ | |
43 | #define X86_FEATURE_XSAVEERPTR (13*32+ 2) /* Always save/restore FP error pointers */ | |
44 | +#define X86_FEATURE_IBPB (13*32+12) /* Indirect Branch Prediction Barrier */ | |
45 | ||
46 | /* Thermal and Power Management Leaf, CPUID level 0x00000006 (EAX), word 14 */ | |
47 | #define X86_FEATURE_DTHERM (14*32+ 0) /* Digital Thermal Sensor */ | |
48 | diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h | |
49 | index 4e3438a00a50..954aad6c32f4 100644 | |
50 | --- a/arch/x86/include/asm/msr-index.h | |
51 | +++ b/arch/x86/include/asm/msr-index.h | |
52 | @@ -345,6 +345,7 @@ | |
53 | #define MSR_F15H_NB_PERF_CTR 0xc0010241 | |
54 | #define MSR_F15H_PTSC 0xc0010280 | |
55 | #define MSR_F15H_IC_CFG 0xc0011021 | |
56 | +#define MSR_F15H_IC_CFG_DIS_IND BIT_ULL(14) | |
57 | ||
58 | /* Fam 10h MSRs */ | |
59 | #define MSR_FAM10H_MMIO_CONF_BASE 0xc0010058 | |
60 | diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c | |
61 | index 99eef4a09fd9..42871c1a8da8 100644 | |
62 | --- a/arch/x86/kernel/cpu/amd.c | |
63 | +++ b/arch/x86/kernel/cpu/amd.c | |
64 | @@ -830,6 +830,45 @@ static void init_amd(struct cpuinfo_x86 *c) | |
65 | /* AMD CPUs don't reset SS attributes on SYSRET, Xen does. */ | |
66 | if (!cpu_has(c, X86_FEATURE_XENPV)) | |
67 | set_cpu_bug(c, X86_BUG_SYSRET_SS_ATTRS); | |
68 | + | |
69 | + /* AMD speculative control support */ | |
70 | + if (cpu_has(c, X86_FEATURE_SPEC_CTRL)) { | |
71 | + pr_info_once("FEATURE SPEC_CTRL Present\n"); | |
72 | + set_ibrs_supported(); | |
73 | + set_ibpb_supported(); | |
74 | + if (ibrs_inuse) | |
75 | + sysctl_ibrs_enabled = 1; | |
76 | + if (ibpb_inuse) | |
77 | + sysctl_ibpb_enabled = 1; | |
78 | + } else if (cpu_has(c, X86_FEATURE_IBPB)) { | |
79 | + pr_info_once("FEATURE SPEC_CTRL Not Present\n"); | |
80 | + pr_info_once("FEATURE IBPB Present\n"); | |
81 | + set_ibpb_supported(); | |
82 | + if (ibpb_inuse) | |
83 | + sysctl_ibpb_enabled = 1; | |
84 | + } else { | |
85 | + pr_info_once("FEATURE SPEC_CTRL Not Present\n"); | |
86 | + pr_info_once("FEATURE IBPB Not Present\n"); | |
87 | + /* | |
88 | + * On AMD processors that do not support the speculative | |
89 | + * control features, IBPB type support can be achieved by | |
90 | + * disabling indirect branch predictor support. | |
91 | + */ | |
92 | + if (!ibpb_disabled) { | |
93 | + u64 val; | |
94 | + | |
95 | + switch (c->x86) { | |
96 | + case 0x10: | |
97 | + case 0x12: | |
98 | + case 0x16: | |
99 | + pr_info_once("Disabling indirect branch predictor support\n"); | |
100 | + rdmsrl(MSR_F15H_IC_CFG, val); | |
101 | + val |= MSR_F15H_IC_CFG_DIS_IND; | |
102 | + wrmsrl(MSR_F15H_IC_CFG, val); | |
103 | + break; | |
104 | + } | |
105 | + } | |
106 | + } | |
107 | } | |
108 | ||
109 | #ifdef CONFIG_X86_32 | |
110 | -- | |
111 | 2.14.2 | |
112 |