[pve-kernel.git] / patches / kernel / 0021-xen-x86-Remove-SME-feature-in-PV-guests.patch

From aa2a95a84f2cbd92b10887f3c99c7858fae9e7e4 Mon Sep 17 00:00:00 2001
From: Tom Lendacky <thomas.lendacky@amd.com>
Date: Mon, 17 Jul 2017 16:10:29 -0500
Subject: [PATCH 021/242] xen/x86: Remove SME feature in PV guests
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CVE-2017-5754

Xen does not currently support SME for PV guests. Clear the SME CPU
capability in order to avoid any ambiguity.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Juergen Gross <jgross@suse.com>
Cc: <xen-devel@lists.xen.org>
Cc: Alexander Potapenko <glider@google.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Larry Woodman <lwoodman@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Toshimitsu Kani <toshi.kani@hpe.com>
Cc: kasan-dev@googlegroups.com
Cc: kvm@vger.kernel.org
Cc: linux-arch@vger.kernel.org
Cc: linux-doc@vger.kernel.org
Cc: linux-efi@vger.kernel.org
Cc: linux-mm@kvack.org
Link: http://lkml.kernel.org/r/3b605622a9fae5e588e5a13967120a18ec18071b.1500319216.git.thomas.lendacky@amd.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
(cherry picked from commit f2f931c6819467af5260a21c59fb787ce2863f92)
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
(cherry picked from commit 8370907399392a637a2e51b4db3368fb594db3a6)
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 arch/x86/xen/enlighten_pv.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c
index 290bc5ac9852..df1921751aa5 100644
--- a/arch/x86/xen/enlighten_pv.c
+++ b/arch/x86/xen/enlighten_pv.c
@@ -263,6 +263,7 @@ static void __init xen_init_capabilities(void)
 	setup_clear_cpu_cap(X86_FEATURE_MTRR);
 	setup_clear_cpu_cap(X86_FEATURE_ACC);
 	setup_clear_cpu_cap(X86_FEATURE_X2APIC);
+	setup_clear_cpu_cap(X86_FEATURE_SME);
 
 	/*
 	 * Xen PV would need some work to support PCID: CR3 handling as well
-- 
2.14.2
Commit	Line	Data
321d628a FG	1	From aa2a95a84f2cbd92b10887f3c99c7858fae9e7e4 Mon Sep 17 00:00:00 2001
	2	From: Tom Lendacky <thomas.lendacky@amd.com>
	3	Date: Mon, 17 Jul 2017 16:10:29 -0500
633c5ed1	4	Subject: [PATCH 021/242] xen/x86: Remove SME feature in PV guests
321d628a FG	5	MIME-Version: 1.0
	6	Content-Type: text/plain; charset=UTF-8
	7	Content-Transfer-Encoding: 8bit
	8
	9	CVE-2017-5754
	10
	11	Xen does not currently support SME for PV guests. Clear the SME CPU
	12	capability in order to avoid any ambiguity.
	13
	14	Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
	15	Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
	16	Reviewed-by: Borislav Petkov <bp@suse.de>
	17	Reviewed-by: Juergen Gross <jgross@suse.com>
	18	Cc: <xen-devel@lists.xen.org>
	19	Cc: Alexander Potapenko <glider@google.com>
	20	Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
	21	Cc: Andy Lutomirski <luto@kernel.org>
	22	Cc: Arnd Bergmann <arnd@arndb.de>
	23	Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
	24	Cc: Borislav Petkov <bp@alien8.de>
	25	Cc: Brijesh Singh <brijesh.singh@amd.com>
	26	Cc: Dave Young <dyoung@redhat.com>
	27	Cc: Dmitry Vyukov <dvyukov@google.com>
	28	Cc: Jonathan Corbet <corbet@lwn.net>
	29	Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
	30	Cc: Larry Woodman <lwoodman@redhat.com>
	31	Cc: Linus Torvalds <torvalds@linux-foundation.org>
	32	Cc: Matt Fleming <matt@codeblueprint.co.uk>
	33	Cc: Michael S. Tsirkin <mst@redhat.com>
	34	Cc: Paolo Bonzini <pbonzini@redhat.com>
	35	Cc: Peter Zijlstra <peterz@infradead.org>
	36	Cc: Radim Krčmář <rkrcmar@redhat.com>
	37	Cc: Rik van Riel <riel@redhat.com>
	38	Cc: Toshimitsu Kani <toshi.kani@hpe.com>
	39	Cc: kasan-dev@googlegroups.com
	40	Cc: kvm@vger.kernel.org
	41	Cc: linux-arch@vger.kernel.org
	42	Cc: linux-doc@vger.kernel.org
	43	Cc: linux-efi@vger.kernel.org
	44	Cc: linux-mm@kvack.org
	45	Link: http://lkml.kernel.org/r/3b605622a9fae5e588e5a13967120a18ec18071b.1500319216.git.thomas.lendacky@amd.com
	46	Signed-off-by: Ingo Molnar <mingo@kernel.org>
	47	(cherry picked from commit f2f931c6819467af5260a21c59fb787ce2863f92)
	48	Signed-off-by: Andy Whitcroft <apw@canonical.com>
	49	Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
	50	(cherry picked from commit 8370907399392a637a2e51b4db3368fb594db3a6)
	51	Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
	52	---
	53	arch/x86/xen/enlighten_pv.c \| 1 +
	54	1 file changed, 1 insertion(+)
	55
	56	diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c
	57	index 290bc5ac9852..df1921751aa5 100644
	58	--- a/arch/x86/xen/enlighten_pv.c
	59	+++ b/arch/x86/xen/enlighten_pv.c
	60	@@ -263,6 +263,7 @@ static void __init xen_init_capabilities(void)
	61	setup_clear_cpu_cap(X86_FEATURE_MTRR);
	62	setup_clear_cpu_cap(X86_FEATURE_ACC);
	63	setup_clear_cpu_cap(X86_FEATURE_X2APIC);
	64	+ setup_clear_cpu_cap(X86_FEATURE_SME);
	65
	66	/*
	67	* Xen PV would need some work to support PCID: CR3 handling as well
	68	--
69	2.14.2
70