From: konrad.wilk@oracle.com
To: speck@linutronix.de
Subject: [MODERATED] [patch 3/8] [PATCH v1.3.1 3/7] Linux Patch 3
Date: Thu, 12 Apr 2018 22:26:52 -0400 [thread overview]
Message-ID: <20180413022657.337127076@localhost.localdomain> (raw)
Intel CPUs expose methods to:
- detect whether memory disambiguation can be disabled via
CPUID.7.0.EDX[31]
- The SPEC_CTRL MSR(0x48), bit 2 set to disable this functionality.
With that in mind if mdd=[auto,force,boot] is selected we will
set at boot-time the SPEC_CTRL MSR to disable memory
disambiguation.
Note that this does not fix the KVM case where the SPEC_CTRL
is exposed to guests who can muck with, see patch titled:
x86/mdd/KVM: Support the combination of guest IBRS and ours.
And for the firmware (IBRS to be set), see patch titled:
x86/mdd/firmware calls: Save/Restore the MDD bit when using SPEC_CTRL
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
---
v3: Expand on the commit description
s/md_v4/mdd/
s/spec_ctrl_msr_on/spec_ctrl_priv/
s/spec_ctrl_msr_off/spec_ctrp_unpriv/
v3.1:
- Add comment about privilege level changes.
---
arch/x86/include/asm/msr-index.h | 1 +
arch/x86/include/asm/nospec-branch.h | 9 +++++++++
arch/x86/kernel/cpu/bugs.c | 17 ++++++++++++++++-
arch/x86/kernel/cpu/common.c | 3 +++
4 files changed, 29 insertions(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
index c9084dedfcfa..bf34fa975212 100644
--- a/arch/x86/include/asm/msr-index.h
+++ b/arch/x86/include/asm/msr-index.h
@@ -42,6 +42,7 @@
#define MSR_IA32_SPEC_CTRL 0x00000048 /* Speculation Control */
#define SPEC_CTRL_IBRS (1 << 0) /* Indirect Branch Restricted Speculation */
#define SPEC_CTRL_STIBP (1 << 1) /* Single Thread Indirect Branch Predictors */
+#define SPEC_CTRL_MDD (1 << 2) /* Memory Disambiguation Disable */
#define MSR_IA32_PRED_CMD 0x00000049 /* Prediction Command */
#define PRED_CMD_IBPB (1 << 0) /* Indirect Branch Prediction Barrier */
diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
index 2c098a3250eb..7c6ed8b1b19b 100644
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -223,6 +223,15 @@ enum md_mitigation {
MD_KERNEL_ON,
};
+extern enum md_mitigation md_mode;
+extern u64 spec_ctrl_priv;
+extern u64 spec_ctrl_unpriv;
+
+static inline bool mdd_at_boot(void)
+{
+ return (md_mode == MD_BOOT_ON);
+}
+
extern char __indirect_thunk_start[];
extern char __indirect_thunk_end[];
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 561cb228605a..73f76d0f5181 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -72,6 +72,9 @@ void __init check_bugs(void)
*/
if (!direct_gbpages)
set_memory_4k((unsigned long)__va(0), 1);
+
+ if (mdd_at_boot())
+ wrmsrl(MSR_IA32_SPEC_CTRL, SPEC_CTRL_MDD);
#endif
}
@@ -317,7 +320,14 @@ static void __init spectre_v2_select_mitigation(void)
#undef pr_fmt
#define pr_fmt(fmt) "MDD: " fmt
-static enum md_mitigation md_mode = MD_NONE;
+enum md_mitigation md_mode = MD_NONE;
+/* When switching from lower privilege level (cpl3) to higher (cpl0). */
+u64 spec_ctrl_priv;
+EXPORT_SYMBOL_GPL(spec_ctrl_priv);
+
+/* When switching from higher to lower privilege level. */
+u64 spec_ctrl_unpriv;
+EXPORT_SYMBOL_GPL(spec_ctrl_unpriv);
/* The kernel command line selection */
enum md_mitigation_cmd {
@@ -401,7 +411,12 @@ static void __init md_select_mitigation(void)
if (mode == MD_NONE)
setup_clear_cpu_cap(X86_FEATURE_MDD);
+ else {
+ spec_ctrl_priv &= ~SPEC_CTRL_MDD;
+ spec_ctrl_unpriv |= SPEC_CTRL_MDD;
+ }
}
+
#undef pr_fmt
#ifdef CONFIG_SYSFS
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 4cd1c95e21b2..fa81af27ad5c 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -49,6 +49,7 @@
#include <asm/microcode_intel.h>
#include <asm/intel-family.h>
#include <asm/cpu_device_id.h>
+#include <asm/nospec-branch.h>
#ifdef CONFIG_X86_LOCAL_APIC
#include <asm/uv/uv.h>
@@ -1313,6 +1314,8 @@ static void identify_cpu(struct cpuinfo_x86 *c)
#ifdef CONFIG_NUMA
numa_add_cpu(smp_processor_id());
#endif
+ if (mdd_at_boot())
+ wrmsrl(MSR_IA32_SPEC_CTRL, SPEC_CTRL_MDD);
}
/*
--
2.14.3
reply other threads:[~2018-04-18 14:15 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180413022657.337127076@localhost.localdomain \
--to=konrad.wilk@oracle.com \
--cc=speck@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.