a0f7ab8a6a
cherry-pick from upstream 4.14
112 lines
3.9 KiB
Diff
112 lines
3.9 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Tom Lendacky <thomas.lendacky@amd.com>
|
|
Date: Wed, 20 Dec 2017 10:52:54 +0000
|
|
Subject: [PATCH] x86/cpu/AMD: Add speculative control support for AMD
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
CVE-2017-5753
|
|
CVE-2017-5715
|
|
|
|
Add speculative control support for AMD processors. For AMD, speculative
|
|
control is indicated as follows:
|
|
|
|
CPUID EAX=0x00000007, ECX=0x00 return EDX[26] indicates support for
|
|
both IBRS and IBPB.
|
|
|
|
CPUID EAX=0x80000008, ECX=0x00 return EBX[12] indicates support for
|
|
just IBPB.
|
|
|
|
On AMD family 0x10, 0x12 and 0x16 processors where either of the above
|
|
features are not supported, IBPB can be achieved by disabling
|
|
indirect branch predictor support in MSR 0xc0011021[14] at boot.
|
|
|
|
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
|
|
Signed-off-by: Andy Whitcroft <apw@canonical.com>
|
|
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
|
|
(cherry picked from commit 8c3fc9e98177daee2281ed40e3d61f9cf4eee576)
|
|
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
|
|
---
|
|
arch/x86/include/asm/cpufeatures.h | 1 +
|
|
arch/x86/include/asm/msr-index.h | 1 +
|
|
arch/x86/kernel/cpu/amd.c | 39 ++++++++++++++++++++++++++++++++++++++
|
|
3 files changed, 41 insertions(+)
|
|
|
|
diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
|
|
index 44be8fd069bf..a97b327137aa 100644
|
|
--- a/arch/x86/include/asm/cpufeatures.h
|
|
+++ b/arch/x86/include/asm/cpufeatures.h
|
|
@@ -268,6 +268,7 @@
|
|
#define X86_FEATURE_CLZERO (13*32+ 0) /* CLZERO instruction */
|
|
#define X86_FEATURE_IRPERF (13*32+ 1) /* Instructions Retired Count */
|
|
#define X86_FEATURE_XSAVEERPTR (13*32+ 2) /* Always save/restore FP error pointers */
|
|
+#define X86_FEATURE_IBPB (13*32+12) /* Indirect Branch Prediction Barrier */
|
|
|
|
/* Thermal and Power Management Leaf, CPUID level 0x00000006 (EAX), word 14 */
|
|
#define X86_FEATURE_DTHERM (14*32+ 0) /* Digital Thermal Sensor */
|
|
diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
|
|
index 4e3438a00a50..954aad6c32f4 100644
|
|
--- a/arch/x86/include/asm/msr-index.h
|
|
+++ b/arch/x86/include/asm/msr-index.h
|
|
@@ -345,6 +345,7 @@
|
|
#define MSR_F15H_NB_PERF_CTR 0xc0010241
|
|
#define MSR_F15H_PTSC 0xc0010280
|
|
#define MSR_F15H_IC_CFG 0xc0011021
|
|
+#define MSR_F15H_IC_CFG_DIS_IND BIT_ULL(14)
|
|
|
|
/* Fam 10h MSRs */
|
|
#define MSR_FAM10H_MMIO_CONF_BASE 0xc0010058
|
|
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
|
|
index 99eef4a09fd9..42871c1a8da8 100644
|
|
--- a/arch/x86/kernel/cpu/amd.c
|
|
+++ b/arch/x86/kernel/cpu/amd.c
|
|
@@ -830,6 +830,45 @@ static void init_amd(struct cpuinfo_x86 *c)
|
|
/* AMD CPUs don't reset SS attributes on SYSRET, Xen does. */
|
|
if (!cpu_has(c, X86_FEATURE_XENPV))
|
|
set_cpu_bug(c, X86_BUG_SYSRET_SS_ATTRS);
|
|
+
|
|
+ /* AMD speculative control support */
|
|
+ if (cpu_has(c, X86_FEATURE_SPEC_CTRL)) {
|
|
+ pr_info_once("FEATURE SPEC_CTRL Present\n");
|
|
+ set_ibrs_supported();
|
|
+ set_ibpb_supported();
|
|
+ if (ibrs_inuse)
|
|
+ sysctl_ibrs_enabled = 1;
|
|
+ if (ibpb_inuse)
|
|
+ sysctl_ibpb_enabled = 1;
|
|
+ } else if (cpu_has(c, X86_FEATURE_IBPB)) {
|
|
+ pr_info_once("FEATURE SPEC_CTRL Not Present\n");
|
|
+ pr_info_once("FEATURE IBPB Present\n");
|
|
+ set_ibpb_supported();
|
|
+ if (ibpb_inuse)
|
|
+ sysctl_ibpb_enabled = 1;
|
|
+ } else {
|
|
+ pr_info_once("FEATURE SPEC_CTRL Not Present\n");
|
|
+ pr_info_once("FEATURE IBPB Not Present\n");
|
|
+ /*
|
|
+ * On AMD processors that do not support the speculative
|
|
+ * control features, IBPB type support can be achieved by
|
|
+ * disabling indirect branch predictor support.
|
|
+ */
|
|
+ if (!ibpb_disabled) {
|
|
+ u64 val;
|
|
+
|
|
+ switch (c->x86) {
|
|
+ case 0x10:
|
|
+ case 0x12:
|
|
+ case 0x16:
|
|
+ pr_info_once("Disabling indirect branch predictor support\n");
|
|
+ rdmsrl(MSR_F15H_IC_CFG, val);
|
|
+ val |= MSR_F15H_IC_CFG_DIS_IND;
|
|
+ wrmsrl(MSR_F15H_IC_CFG, val);
|
|
+ break;
|
|
+ }
|
|
+ }
|
|
+ }
|
|
}
|
|
|
|
#ifdef CONFIG_X86_32
|
|
--
|
|
2.14.2
|
|
|