projects / pve-kernel.git / blame
| Commit | Line | Data |
|---|---|---|
| 59d5af67 | 1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
| 321d628a FG |
2 | From: Thomas Gleixner <tglx@linutronix.de> |
| 3 | Date: Mon, 4 Dec 2017 15:07:32 +0100 | |
| 59d5af67 | 4 | Subject: [PATCH] x86/cpufeatures: Make CPU bugs sticky |
| 321d628a FG |
5 | MIME-Version: 1.0 |
| 6 | Content-Type: text/plain; charset=UTF-8 | |
| 7 | Content-Transfer-Encoding: 8bit | |
| 8 | ||
| 9 | CVE-2017-5754 | |
| 10 | ||
| 11 | There is currently no way to force CPU bug bits like CPU feature bits. That | |
| 12 | makes it impossible to set a bug bit once at boot and have it stick for all | |
| 13 | upcoming CPUs. | |
| 14 | ||
| 15 | Extend the force set/clear arrays to handle bug bits as well. | |
| 16 | ||
| 17 | Signed-off-by: Thomas Gleixner <tglx@linutronix.de> | |
| 18 | Reviewed-by: Borislav Petkov <bp@suse.de> | |
| 19 | Cc: Andy Lutomirski <luto@kernel.org> | |
| 20 | Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> | |
| 21 | Cc: Borislav Petkov <bp@alien8.de> | |
| 22 | Cc: Borislav Petkov <bpetkov@suse.de> | |
| 23 | Cc: Brian Gerst <brgerst@gmail.com> | |
| 24 | Cc: Dave Hansen <dave.hansen@intel.com> | |
| 25 | Cc: Dave Hansen <dave.hansen@linux.intel.com> | |
| 26 | Cc: David Laight <David.Laight@aculab.com> | |
| 27 | Cc: Denys Vlasenko <dvlasenk@redhat.com> | |
| 28 | Cc: Eduardo Valentin <eduval@amazon.com> | |
| 29 | Cc: Greg KH <gregkh@linuxfoundation.org> | |
| 30 | Cc: H. Peter Anvin <hpa@zytor.com> | |
| 31 | Cc: Josh Poimboeuf <jpoimboe@redhat.com> | |
| 32 | Cc: Juergen Gross <jgross@suse.com> | |
| 33 | Cc: Linus Torvalds <torvalds@linux-foundation.org> | |
| 34 | Cc: Peter Zijlstra <peterz@infradead.org> | |
| 35 | Cc: Rik van Riel <riel@redhat.com> | |
| 36 | Cc: Will Deacon <will.deacon@arm.com> | |
| 37 | Cc: aliguori@amazon.com | |
| 38 | Cc: daniel.gruss@iaik.tugraz.at | |
| 39 | Cc: hughd@google.com | |
| 40 | Cc: keescook@google.com | |
| 41 | Link: https://lkml.kernel.org/r/20171204150606.992156574@linutronix.de | |
| 42 | Signed-off-by: Ingo Molnar <mingo@kernel.org> | |
| 43 | (cherry picked from commit 6cbd2171e89b13377261d15e64384df60ecb530e) | |
| 44 | Signed-off-by: Andy Whitcroft <apw@canonical.com> | |
| 45 | Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> | |
| 46 | (cherry picked from commit aab40a666a40cd015ca4a53231bed544fc679dcb) | |
| 47 | Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> | |
| 48 | --- | |
| 49 | arch/x86/include/asm/cpufeature.h | 2 ++ | |
| 50 | arch/x86/include/asm/processor.h | 4 ++-- | |
| 51 | arch/x86/kernel/cpu/common.c | 6 +++--- | |
| 52 | 3 files changed, 7 insertions(+), 5 deletions(-) | |
| 53 | ||
| 54 | diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h | |
| 55 | index 225fd8374fae..8b9915561ed1 100644 | |
| 56 | --- a/arch/x86/include/asm/cpufeature.h | |
| 57 | +++ b/arch/x86/include/asm/cpufeature.h | |
| 58 | @@ -134,6 +134,8 @@ extern void clear_cpu_cap(struct cpuinfo_x86 *c, unsigned int bit); | |
| 59 | set_bit(bit, (unsigned long *)cpu_caps_set); \ | |
| 60 | } while (0) | |
| 61 | ||
| 62 | +#define setup_force_cpu_bug(bit) setup_force_cpu_cap(bit) | |
| 63 | + | |
| 64 | #if defined(CC_HAVE_ASM_GOTO) && defined(CONFIG_X86_FAST_FEATURE_TESTS) | |
| 65 | /* | |
| 66 | * Static testing of CPU features. Used the same as boot_cpu_has(). | |
| 67 | diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h | |
| 68 | index bccec7ed1676..59a317f8e0ec 100644 | |
| 69 | --- a/arch/x86/include/asm/processor.h | |
| 70 | +++ b/arch/x86/include/asm/processor.h | |
| 71 | @@ -162,8 +162,8 @@ extern struct cpuinfo_x86 new_cpu_data; | |
| 72 | #include <linux/thread_info.h> | |
| 73 | ||
| 74 | extern struct x86_hw_tss doublefault_tss; | |
| 75 | -extern __u32 cpu_caps_cleared[NCAPINTS]; | |
| 76 | -extern __u32 cpu_caps_set[NCAPINTS]; | |
| 77 | +extern __u32 cpu_caps_cleared[NCAPINTS + NBUGINTS]; | |
| 78 | +extern __u32 cpu_caps_set[NCAPINTS + NBUGINTS]; | |
| 79 | ||
| 80 | #ifdef CONFIG_SMP | |
| 81 | DECLARE_PER_CPU_READ_MOSTLY(struct cpuinfo_x86, cpu_info); | |
| 82 | diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c | |
| 83 | index 7992e5a8076c..fcdba90e0890 100644 | |
| 84 | --- a/arch/x86/kernel/cpu/common.c | |
| 85 | +++ b/arch/x86/kernel/cpu/common.c | |
| 86 | @@ -452,8 +452,8 @@ static const char *table_lookup_model(struct cpuinfo_x86 *c) | |
| 87 | return NULL; /* Not found */ | |
| 88 | } | |
| 89 | ||
| 90 | -__u32 cpu_caps_cleared[NCAPINTS]; | |
| 91 | -__u32 cpu_caps_set[NCAPINTS]; | |
| 92 | +__u32 cpu_caps_cleared[NCAPINTS + NBUGINTS]; | |
| 93 | +__u32 cpu_caps_set[NCAPINTS + NBUGINTS]; | |
| 94 | ||
| 95 | void load_percpu_segment(int cpu) | |
| 96 | { | |
| 97 | @@ -812,7 +812,7 @@ static void apply_forced_caps(struct cpuinfo_x86 *c) | |
| 98 | { | |
| 99 | int i; | |
| 100 | ||
| 101 | - for (i = 0; i < NCAPINTS; i++) { | |
| 102 | + for (i = 0; i < NCAPINTS + NBUGINTS; i++) { | |
| 103 | c->x86_capability[i] &= ~cpu_caps_cleared[i]; | |
| 104 | c->x86_capability[i] |= cpu_caps_set[i]; | |
| 105 | } | |
| 106 | -- | |
| 107 | 2.14.2 | |
| 108 |