projects / pve-kernel.git / blame
| Commit | Line | Data |
|---|---|---|
| 59d5af67 | 1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
| 321d628a FG |
2 | From: Andi Kleen <ak@linux.intel.com> |
| 3 | Date: Fri, 13 Oct 2017 14:56:44 -0700 | |
| 59d5af67 FG |
4 | Subject: [PATCH] x86/fpu: Make XSAVE check the base CPUID features before |
| 5 | enabling | |
| 321d628a FG |
6 | MIME-Version: 1.0 |
| 7 | Content-Type: text/plain; charset=UTF-8 | |
| 8 | Content-Transfer-Encoding: 8bit | |
| 9 | ||
| 10 | CVE-2017-5754 | |
| 11 | ||
| 12 | Before enabling XSAVE, not only check the XSAVE specific CPUID bits, | |
| 13 | but also the base CPUID features of the respective XSAVE feature. | |
| 14 | This allows to disable individual XSAVE states using the existing | |
| 15 | clearcpuid= option, which can be useful for performance testing | |
| 16 | and debugging, and also in general avoids inconsistencies. | |
| 17 | ||
| 18 | Signed-off-by: Andi Kleen <ak@linux.intel.com> | |
| 19 | Reviewed-by: Thomas Gleixner <tglx@linutronix.de> | |
| 20 | Cc: Linus Torvalds <torvalds@linux-foundation.org> | |
| 21 | Cc: Peter Zijlstra <peterz@infradead.org> | |
| 22 | Link: http://lkml.kernel.org/r/20171013215645.23166-5-andi@firstfloor.org | |
| 23 | Signed-off-by: Ingo Molnar <mingo@kernel.org> | |
| 24 | (cherry picked from commit ccb18db2ab9d923df07e7495123fe5fb02329713) | |
| 25 | Signed-off-by: Andy Whitcroft <apw@canonical.com> | |
| 26 | Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> | |
| 27 | (cherry picked from commit 2efda26f9ee0eeb9919772e90ca30dbe59008dc8) | |
| 28 | Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> | |
| 29 | --- | |
| 30 | arch/x86/kernel/fpu/xstate.c | 23 +++++++++++++++++++++++ | |
| 31 | 1 file changed, 23 insertions(+) | |
| 32 | ||
| 33 | diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c | |
| 34 | index c24ac1efb12d..3abe85b08234 100644 | |
| 35 | --- a/arch/x86/kernel/fpu/xstate.c | |
| 36 | +++ b/arch/x86/kernel/fpu/xstate.c | |
| 37 | @@ -15,6 +15,7 @@ | |
| 38 | #include <asm/fpu/xstate.h> | |
| 39 | ||
| 40 | #include <asm/tlbflush.h> | |
| 41 | +#include <asm/cpufeature.h> | |
| 42 | ||
| 43 | /* | |
| 44 | * Although we spell it out in here, the Processor Trace | |
| 45 | @@ -36,6 +37,19 @@ static const char *xfeature_names[] = | |
| 46 | "unknown xstate feature" , | |
| 47 | }; | |
| 48 | ||
| 49 | +static short xsave_cpuid_features[] __initdata = { | |
| 50 | + X86_FEATURE_FPU, | |
| 51 | + X86_FEATURE_XMM, | |
| 52 | + X86_FEATURE_AVX, | |
| 53 | + X86_FEATURE_MPX, | |
| 54 | + X86_FEATURE_MPX, | |
| 55 | + X86_FEATURE_AVX512F, | |
| 56 | + X86_FEATURE_AVX512F, | |
| 57 | + X86_FEATURE_AVX512F, | |
| 58 | + X86_FEATURE_INTEL_PT, | |
| 59 | + X86_FEATURE_PKU, | |
| 60 | +}; | |
| 61 | + | |
| 62 | /* | |
| 63 | * Mask of xstate features supported by the CPU and the kernel: | |
| 64 | */ | |
| 65 | @@ -702,6 +716,7 @@ void __init fpu__init_system_xstate(void) | |
| 66 | unsigned int eax, ebx, ecx, edx; | |
| 67 | static int on_boot_cpu __initdata = 1; | |
| 68 | int err; | |
| 69 | + int i; | |
| 70 | ||
| 71 | WARN_ON_FPU(!on_boot_cpu); | |
| 72 | on_boot_cpu = 0; | |
| 73 | @@ -735,6 +750,14 @@ void __init fpu__init_system_xstate(void) | |
| 74 | goto out_disable; | |
| 75 | } | |
| 76 | ||
| 77 | + /* | |
| 78 | + * Clear XSAVE features that are disabled in the normal CPUID. | |
| 79 | + */ | |
| 80 | + for (i = 0; i < ARRAY_SIZE(xsave_cpuid_features); i++) { | |
| 81 | + if (!boot_cpu_has(xsave_cpuid_features[i])) | |
| 82 | + xfeatures_mask &= ~BIT(i); | |
| 83 | + } | |
| 84 | + | |
| 85 | xfeatures_mask &= fpu__get_supported_xfeatures_mask(); | |
| 86 | ||
| 87 | /* Enable xstate instructions to be able to continue with initialization: */ | |
| 88 | -- | |
| 89 | 2.14.2 | |
| 90 |