patches/kernel/0291-x86-cpu-AMD-Add-speculative-control-support-for-AMD.patch

   1 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
   2 From: Tom Lendacky <thomas.lendacky@amd.com>
   3 Date: Wed, 20 Dec 2017 10:52:54 +0000
   4 Subject: [PATCH] x86/cpu/AMD: Add speculative control support for AMD
   5 MIME-Version: 1.0
   6 Content-Type: text/plain; charset=UTF-8
   7 Content-Transfer-Encoding: 8bit
   8
   9 CVE-2017-5753
  10 CVE-2017-5715
  11
  12 Add speculative control support for AMD processors. For AMD, speculative
  13 control is indicated as follows:
  14
  15   CPUID EAX=0x00000007, ECX=0x00 return EDX[26] indicates support for
  16   both IBRS and IBPB.
  17
  18   CPUID EAX=0x80000008, ECX=0x00 return EBX[12] indicates support for
  19   just IBPB.
  20
  21 On AMD family 0x10, 0x12 and 0x16 processors where either of the above
  22 features are not supported, IBPB can be achieved by disabling
  23 indirect branch predictor support in MSR 0xc0011021[14] at boot.
  24
  25 Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
  26 Signed-off-by: Andy Whitcroft <apw@canonical.com>
  27 Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
  28 (cherry picked from commit 8c3fc9e98177daee2281ed40e3d61f9cf4eee576)
  29 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
  30 ---
  31  arch/x86/include/asm/cpufeatures.h |  1 +
  32  arch/x86/include/asm/msr-index.h   |  1 +
  33  arch/x86/kernel/cpu/amd.c          | 39 ++++++++++++++++++++++++++++++++++++++
  34  3 files changed, 41 insertions(+)
  35
  36 diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
  37 index 44be8fd069bf..a97b327137aa 100644
  38 --- a/arch/x86/include/asm/cpufeatures.h
  39 +++ b/arch/x86/include/asm/cpufeatures.h
  40 @@ -268,6 +268,7 @@
  41  #define X86_FEATURE_CLZERO             (13*32+ 0) /* CLZERO instruction */
  42  #define X86_FEATURE_IRPERF             (13*32+ 1) /* Instructions Retired Count */
  43  #define X86_FEATURE_XSAVEERPTR         (13*32+ 2) /* Always save/restore FP error pointers */
  44 +#define X86_FEATURE_IBPB               (13*32+12) /* Indirect Branch Prediction Barrier */
  45
  46  /* Thermal and Power Management Leaf, CPUID level 0x00000006 (EAX), word 14 */
  47  #define X86_FEATURE_DTHERM             (14*32+ 0) /* Digital Thermal Sensor */
  48 diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
  49 index 4e3438a00a50..954aad6c32f4 100644
  50 --- a/arch/x86/include/asm/msr-index.h
  51 +++ b/arch/x86/include/asm/msr-index.h
  52 @@ -345,6 +345,7 @@
  53  #define MSR_F15H_NB_PERF_CTR           0xc0010241
  54  #define MSR_F15H_PTSC                  0xc0010280
  55  #define MSR_F15H_IC_CFG                        0xc0011021
  56 +#define MSR_F15H_IC_CFG_DIS_IND                BIT_ULL(14)
  57
  58  /* Fam 10h MSRs */
  59  #define MSR_FAM10H_MMIO_CONF_BASE      0xc0010058
  60 diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
  61 index 99eef4a09fd9..42871c1a8da8 100644
  62 --- a/arch/x86/kernel/cpu/amd.c
  63 +++ b/arch/x86/kernel/cpu/amd.c
  64 @@ -830,6 +830,45 @@ static void init_amd(struct cpuinfo_x86 *c)
  65         /* AMD CPUs don't reset SS attributes on SYSRET, Xen does. */
  66         if (!cpu_has(c, X86_FEATURE_XENPV))
  67                 set_cpu_bug(c, X86_BUG_SYSRET_SS_ATTRS);
  68 +
  69 +       /* AMD speculative control support */
  70 +       if (cpu_has(c, X86_FEATURE_SPEC_CTRL)) {
  71 +               pr_info_once("FEATURE SPEC_CTRL Present\n");
  72 +               set_ibrs_supported();
  73 +               set_ibpb_supported();
  74 +               if (ibrs_inuse)
  75 +                       sysctl_ibrs_enabled = 1;
  76 +               if (ibpb_inuse)
  77 +                       sysctl_ibpb_enabled = 1;
  78 +       } else if (cpu_has(c, X86_FEATURE_IBPB)) {
  79 +               pr_info_once("FEATURE SPEC_CTRL Not Present\n");
  80 +               pr_info_once("FEATURE IBPB Present\n");
  81 +               set_ibpb_supported();
  82 +               if (ibpb_inuse)
  83 +                       sysctl_ibpb_enabled = 1;
  84 +       } else {
  85 +               pr_info_once("FEATURE SPEC_CTRL Not Present\n");
  86 +               pr_info_once("FEATURE IBPB Not Present\n");
  87 +               /*
  88 +                * On AMD processors that do not support the speculative
  89 +                * control features, IBPB type support can be achieved by
  90 +                * disabling indirect branch predictor support.
  91 +                */
  92 +               if (!ibpb_disabled) {
  93 +                       u64 val;
  94 +
  95 +                       switch (c->x86) {
  96 +                       case 0x10:
  97 +                       case 0x12:
  98 +                       case 0x16:
  99 +                               pr_info_once("Disabling indirect branch predictor support\n");
 100 +                               rdmsrl(MSR_F15H_IC_CFG, val);
 101 +                               val |= MSR_F15H_IC_CFG_DIS_IND;
 102 +                               wrmsrl(MSR_F15H_IC_CFG, val);
 103 +                               break;
 104 +                       }
 105 +               }
 106 +       }
 107  }
 108
 109  #ifdef CONFIG_X86_32
 110 --
 111 2.14.2
 112