x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel

BugLink: http://bugs.launchpad.net/bugs/1748072
commit 7fcae1118f5fd44a862aa5c3525248e35ee67c3b

Despite the fact that all the other code there seems to be doing it, just
using set_cpu_cap() in early_intel_init() doesn't actually work.

For CPUs with PKU support, setup_pku() calls get_cpu_cap() after
c->c_init() has set those feature bits. That resets those bits back to what
was queried from the hardware.

Turning the bits off for bad microcode is easy to fix. That can just use
setup_clear_cpu_cap() to force them off for all CPUs.

I was less keen on forcing the feature bits *on* that way, just in case
of inconsistencies. I appreciate that the kernel is going to get this
utterly wrong if CPU features are not consistent, because it has already
applied alternatives by the time secondary CPUs are brought up.

But at least if setup_force_cpu_cap() isn't being used, we might have a
chance of *detecting* the lack of the corresponding bit and either
panicking or refusing to bring the offending CPU online.

So ensure that the appropriate feature bits are set within get_cpu_cap()
regardless of how many extra times it's called.

Fixes: 2961298e ("x86/cpufeatures: Clean up Spectre v2 related CPUID flags")
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: karahmed@amazon.de
Cc: peterz@infradead.org
Cc: bp@alien8.de
Link: https://lkml.kernel.org/r/1517322623-15261-1-git-send-email-dwmw@amazon.co.uk
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>

diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index c7c996a692fd9d6af8d36ac57d6ec70a3e47e620..dd09270bb74ec2578ee42148a5c5924e4664473e 100644 (file)
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -750,6 +750,26 @@ static void apply_forced_caps(struct cpuinfo_x86 *c)
        }
 }
 
+static void init_speculation_control(struct cpuinfo_x86 *c)
+{
+       /*
+        * The Intel SPEC_CTRL CPUID bit implies IBRS and IBPB support,
+        * and they also have a different bit for STIBP support. Also,
+        * a hypervisor might have set the individual AMD bits even on
+        * Intel CPUs, for finer-grained selection of what's available.
+        *
+        * We use the AMD bits in 0x8000_0008 EBX as the generic hardware
+        * features, which are visible in /proc/cpuinfo and used by the
+        * kernel. So set those accordingly from the Intel bits.
+        */
+       if (cpu_has(c, X86_FEATURE_SPEC_CTRL)) {
+               set_cpu_cap(c, X86_FEATURE_IBRS);
+               set_cpu_cap(c, X86_FEATURE_IBPB);
+       }
+       if (cpu_has(c, X86_FEATURE_INTEL_STIBP))
+               set_cpu_cap(c, X86_FEATURE_STIBP);
+}
+
 void get_cpu_cap(struct cpuinfo_x86 *c)
 {
        u32 eax, ebx, ecx, edx;
@@ -844,6 +864,7 @@ void get_cpu_cap(struct cpuinfo_x86 *c)
                c->x86_capability[CPUID_8000_000A_EDX] = cpuid_edx(0x8000000a);
 
        init_scattered_cpuid_features(c);
+       init_speculation_control(c);
 
        /*
         * Clear/Set all flags overridden by options, after probe.

diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
index 6936d14d4c779c77abb32b7890ad14cdc2d12aee..319bf989fad1e1f3d7ed2234090a51c55a0067c6 100644 (file)
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -175,28 +175,17 @@ static void early_init_intel(struct cpuinfo_x86 *c)
        if (c->x86 >= 6 && !cpu_has(c, X86_FEATURE_IA64))
                c->microcode = intel_get_microcode_revision();
 
-       /*
-        * The Intel SPEC_CTRL CPUID bit implies IBRS and IBPB support,
-        * and they also have a different bit for STIBP support. Also,
-        * a hypervisor might have set the individual AMD bits even on
-        * Intel CPUs, for finer-grained selection of what's available.
-        */
-       if (cpu_has(c, X86_FEATURE_SPEC_CTRL)) {
-               set_cpu_cap(c, X86_FEATURE_IBRS);
-               set_cpu_cap(c, X86_FEATURE_IBPB);
-       }
-       if (cpu_has(c, X86_FEATURE_INTEL_STIBP))
-               set_cpu_cap(c, X86_FEATURE_STIBP);
-
        /* Now if any of them are set, check the blacklist and clear the lot */
-       if ((cpu_has(c, X86_FEATURE_IBRS) || cpu_has(c, X86_FEATURE_IBPB) ||
+       if ((cpu_has(c, X86_FEATURE_SPEC_CTRL) ||
+            cpu_has(c, X86_FEATURE_INTEL_STIBP) ||
+            cpu_has(c, X86_FEATURE_IBRS) || cpu_has(c, X86_FEATURE_IBPB) ||
             cpu_has(c, X86_FEATURE_STIBP)) && bad_spectre_microcode(c)) {
                pr_warn("Intel Spectre v2 broken microcode detected; disabling Speculation Control\n");
-               clear_cpu_cap(c, X86_FEATURE_IBRS);
-               clear_cpu_cap(c, X86_FEATURE_IBPB);
-               clear_cpu_cap(c, X86_FEATURE_STIBP);
-               clear_cpu_cap(c, X86_FEATURE_SPEC_CTRL);
-               clear_cpu_cap(c, X86_FEATURE_INTEL_STIBP);
+               setup_clear_cpu_cap(X86_FEATURE_IBRS);
+               setup_clear_cpu_cap(X86_FEATURE_IBPB);
+               setup_clear_cpu_cap(X86_FEATURE_STIBP);
+               setup_clear_cpu_cap(X86_FEATURE_SPEC_CTRL);
+               setup_clear_cpu_cap(X86_FEATURE_INTEL_STIBP);
        }
 
        /*