git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
	Thu, 26 Apr 2018 02:04:22 +0000 (22:04 -0400)
committer	Stefan Bader <stefan.bader@canonical.com>
	Wed, 16 May 2018 11:52:21 +0000 (13:52 +0200)
commit	23b9eab92219d81ff708205d946e33203f166e93
tree	34eec3a56ac0873a986559c2d9ab4e37ad8dff26	tree
parent	e63490c837b2a106107130ab6db8097c76e62d7e	commit \| diff

x86/bugs/intel: Set proper CPU features and setup RDS

Intel CPUs expose methods to:

- Detect whether RDS capability is available via CPUID.7.0.EDX[31],

- The SPEC_CTRL MSR(0x48), bit 2 set to enable RDS.

- MSR_IA32_ARCH_CAPABILITIES, Bit(4) no need to enable RRS.

With that in mind if spec_store_bypass_disable=[auto,on] is selected set at
boot-time the SPEC_CTRL MSR to enable RDS if the platform requires it.

Note that this does not fix the KVM case where the SPEC_CTRL is exposed to
guests which can muck with it, see patch titled :
KVM/SVM/VMX/x86/spectre_v2: Support the combination of guest and host IBRS.

And for the firmware (IBRS to be set), see patch titled:
x86/spectre_v2: Read SPEC_CTRL MSR during boot and re-use reserved bits

[ tglx: Distangled it from the intel implementation and kept the call order ]

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Ingo Molnar <mingo@kernel.org>
CVE-2018-3639 (x86)

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

arch/x86/include/asm/msr-index.h		diff \| blob \| blame \| history
arch/x86/kernel/cpu/bugs.c		diff \| blob \| blame \| history
arch/x86/kernel/cpu/common.c		diff \| blob \| blame \| history
arch/x86/kernel/cpu/cpu.h		diff \| blob \| blame \| history
arch/x86/kernel/cpu/intel.c		diff \| blob \| blame \| history