git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit

author	Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
	Thu, 26 Apr 2018 02:04:22 +0000 (22:04 -0400)
committer	Stefan Bader <stefan.bader@canonical.com>
	Mon, 14 May 2018 10:08:45 +0000 (12:08 +0200)
commit	2b83aba8ce5edc2f26681b3bdc64d17b14e0f69b
tree	13bdba1bd268e78fd70ee3b4baee90c553d187ba	tree
parent	ef68a13e1d4e53cfee4ea8b92b14faa891426363	commit \| diff

x86/bugs/intel: Set proper CPU features and setup RDS

Intel CPUs expose methods to:

- Detect whether RDS capability is available via CPUID.7.0.EDX[31],

- The SPEC_CTRL MSR(0x48), bit 2 set to enable RDS.

- MSR_IA32_ARCH_CAPABILITIES, Bit(4) no need to enable RRS.

With that in mind if spec_store_bypass_disable=[auto,on] is selected set at
boot-time the SPEC_CTRL MSR to enable RDS if the platform requires it.

Note that this does not fix the KVM case where the SPEC_CTRL is exposed to
guests which can muck with it, see patch titled :
KVM/SVM/VMX/x86/spectre_v2: Support the combination of guest and host IBRS.

And for the firmware (IBRS to be set), see patch titled:
x86/spectre_v2: Read SPEC_CTRL MSR during boot and re-use reserved bits

[ tglx: Distangled it from the intel implementation and kept the call order ]

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Ingo Molnar <mingo@kernel.org>
CVE-2018-3639 (x86)

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
[backport drops clear feature for bad microcode]
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

arch/x86/include/asm/msr-index.h		diff \| blob \| blame \| history
arch/x86/kernel/cpu/bugs.c		diff \| blob \| blame \| history
arch/x86/kernel/cpu/common.c		diff \| blob \| blame \| history
arch/x86/kernel/cpu/cpu.h		diff \| blob \| blame \| history