patches/kernel/0068-x86-fpu-Make-XSAVE-check-the-base-CPUID-features-bef.patch

   1 From 1b88ea4170f72b4fed72e9235c88b6121f153b21 Mon Sep 17 00:00:00 2001
   2 From: Andi Kleen <ak@linux.intel.com>
   3 Date: Fri, 13 Oct 2017 14:56:44 -0700
   4 Subject: [PATCH 068/241] x86/fpu: Make XSAVE check the base CPUID features
   5  before enabling
   6 MIME-Version: 1.0
   7 Content-Type: text/plain; charset=UTF-8
   8 Content-Transfer-Encoding: 8bit
   9
  10 CVE-2017-5754
  11
  12 Before enabling XSAVE, not only check the XSAVE specific CPUID bits,
  13 but also the base CPUID features of the respective XSAVE feature.
  14 This allows to disable individual XSAVE states using the existing
  15 clearcpuid= option, which can be useful for performance testing
  16 and debugging, and also in general avoids inconsistencies.
  17
  18 Signed-off-by: Andi Kleen <ak@linux.intel.com>
  19 Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
  20 Cc: Linus Torvalds <torvalds@linux-foundation.org>
  21 Cc: Peter Zijlstra <peterz@infradead.org>
  22 Link: http://lkml.kernel.org/r/20171013215645.23166-5-andi@firstfloor.org
  23 Signed-off-by: Ingo Molnar <mingo@kernel.org>
  24 (cherry picked from commit ccb18db2ab9d923df07e7495123fe5fb02329713)
  25 Signed-off-by: Andy Whitcroft <apw@canonical.com>
  26 Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
  27 (cherry picked from commit 2efda26f9ee0eeb9919772e90ca30dbe59008dc8)
  28 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
  29 ---
  30  arch/x86/kernel/fpu/xstate.c | 23 +++++++++++++++++++++++
  31  1 file changed, 23 insertions(+)
  32
  33 diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
  34 index c24ac1efb12d..3abe85b08234 100644
  35 --- a/arch/x86/kernel/fpu/xstate.c
  36 +++ b/arch/x86/kernel/fpu/xstate.c
  37 @@ -15,6 +15,7 @@
  38  #include <asm/fpu/xstate.h>
  39
  40  #include <asm/tlbflush.h>
  41 +#include <asm/cpufeature.h>
  42
  43  /*
  44   * Although we spell it out in here, the Processor Trace
  45 @@ -36,6 +37,19 @@ static const char *xfeature_names[] =
  46         "unknown xstate feature"        ,
  47  };
  48
  49 +static short xsave_cpuid_features[] __initdata = {
  50 +       X86_FEATURE_FPU,
  51 +       X86_FEATURE_XMM,
  52 +       X86_FEATURE_AVX,
  53 +       X86_FEATURE_MPX,
  54 +       X86_FEATURE_MPX,
  55 +       X86_FEATURE_AVX512F,
  56 +       X86_FEATURE_AVX512F,
  57 +       X86_FEATURE_AVX512F,
  58 +       X86_FEATURE_INTEL_PT,
  59 +       X86_FEATURE_PKU,
  60 +};
  61 +
  62  /*
  63   * Mask of xstate features supported by the CPU and the kernel:
  64   */
  65 @@ -702,6 +716,7 @@ void __init fpu__init_system_xstate(void)
  66         unsigned int eax, ebx, ecx, edx;
  67         static int on_boot_cpu __initdata = 1;
  68         int err;
  69 +       int i;
  70
  71         WARN_ON_FPU(!on_boot_cpu);
  72         on_boot_cpu = 0;
  73 @@ -735,6 +750,14 @@ void __init fpu__init_system_xstate(void)
  74                 goto out_disable;
  75         }
  76
  77 +       /*
  78 +        * Clear XSAVE features that are disabled in the normal CPUID.
  79 +        */
  80 +       for (i = 0; i < ARRAY_SIZE(xsave_cpuid_features); i++) {
  81 +               if (!boot_cpu_has(xsave_cpuid_features[i]))
  82 +                       xfeatures_mask &= ~BIT(i);
  83 +       }
  84 +
  85         xfeatures_mask &= fpu__get_supported_xfeatures_mask();
  86
  87         /* Enable xstate instructions to be able to continue with initialization: */
  88 --
  89 2.14.2
  90