From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <konrad.wilk@oracle.com>
Received: from aserp2120.oracle.com ([141.146.126.78])
	by Galois.linutronix.de with esmtps (TLS1.2:RSA_AES_256_CBC_SHA256:256)
	(Exim 4.80)
	(envelope-from <konrad.wilk@oracle.com>)
	id 1f8ns8-0002bg-NC
	for speck@linutronix.de; Wed, 18 Apr 2018 16:15:46 +0200
Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1])
	by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w3IEBSQe184472
	for <speck@linutronix.de>; Wed, 18 Apr 2018 14:15:37 GMT
Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234])
	by aserp2120.oracle.com with ESMTP id 2hdrxnausv-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
	for <speck@linutronix.de>; Wed, 18 Apr 2018 14:15:37 +0000
Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236])
	by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w3IEFaYS025575
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
	for <speck@linutronix.de>; Wed, 18 Apr 2018 14:15:37 GMT
Received: from abhmp0005.oracle.com (abhmp0005.oracle.com [141.146.116.11])
	by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w3IEFafM025902
	for <speck@linutronix.de>; Wed, 18 Apr 2018 14:15:36 GMT
Message-Id: <20180413022657.337127076@localhost.localdomain>
Date: Thu, 12 Apr 2018 22:26:52 -0400
From: konrad.wilk@oracle.com
Subject: [MODERATED] [patch 3/8] [PATCH v1.3.1 3/7] Linux Patch 3
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
To: speck@linutronix.de
List-ID: <speck.linutronix.de>

Intel CPUs expose methods to:
 - detect whether memory disambiguation can be disabled via
   CPUID.7.0.EDX[31]
 - The SPEC_CTRL MSR(0x48), bit 2 set to disable this functionality.

With that in mind if mdd=[auto,force,boot] is selected we will
set at boot-time the SPEC_CTRL MSR to disable memory
disambiguation.

Note that this does not fix the KVM case where the SPEC_CTRL
is exposed to guests who can muck with, see patch titled:
 x86/mdd/KVM: Support the combination of guest IBRS and ours.

And for the firmware (IBRS to be set), see patch titled:
x86/mdd/firmware calls: Save/Restore the MDD bit when using SPEC_CTRL

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
---
v3: Expand on the commit description
  s/md_v4/mdd/
  s/spec_ctrl_msr_on/spec_ctrl_priv/
  s/spec_ctrl_msr_off/spec_ctrp_unpriv/
v3.1:
 - Add comment about privilege level changes.
---
 arch/x86/include/asm/msr-index.h     |  1 +
 arch/x86/include/asm/nospec-branch.h |  9 +++++++++
 arch/x86/kernel/cpu/bugs.c           | 17 ++++++++++++++++-
 arch/x86/kernel/cpu/common.c         |  3 +++
 4 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
index c9084dedfcfa..bf34fa975212 100644
--- a/arch/x86/include/asm/msr-index.h
+++ b/arch/x86/include/asm/msr-index.h
@@ -42,6 +42,7 @@
 #define MSR_IA32_SPEC_CTRL		0x00000048 /* Speculation Control */
 #define SPEC_CTRL_IBRS			(1 << 0)   /* Indirect Branch Restricted Speculation */
 #define SPEC_CTRL_STIBP			(1 << 1)   /* Single Thread Indirect Branch Predictors */
+#define SPEC_CTRL_MDD			(1 << 2)   /* Memory Disambiguation Disable */
 
 #define MSR_IA32_PRED_CMD		0x00000049 /* Prediction Command */
 #define PRED_CMD_IBPB			(1 << 0)   /* Indirect Branch Prediction Barrier */
diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
index 2c098a3250eb..7c6ed8b1b19b 100644
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -223,6 +223,15 @@ enum md_mitigation {
 	MD_KERNEL_ON,
 };
 
+extern enum md_mitigation md_mode;
+extern u64 spec_ctrl_priv;
+extern u64 spec_ctrl_unpriv;
+
+static inline bool mdd_at_boot(void)
+{
+	return (md_mode == MD_BOOT_ON);
+}
+
 extern char __indirect_thunk_start[];
 extern char __indirect_thunk_end[];
 
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 561cb228605a..73f76d0f5181 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -72,6 +72,9 @@ void __init check_bugs(void)
 	 */
 	if (!direct_gbpages)
 		set_memory_4k((unsigned long)__va(0), 1);
+
+	if (mdd_at_boot())
+		wrmsrl(MSR_IA32_SPEC_CTRL, SPEC_CTRL_MDD);
 #endif
 }
 
@@ -317,7 +320,14 @@ static void __init spectre_v2_select_mitigation(void)
 #undef pr_fmt
 #define pr_fmt(fmt)     "MDD: " fmt
 
-static enum md_mitigation md_mode = MD_NONE;
+enum md_mitigation md_mode = MD_NONE;
+/* When switching from lower privilege level (cpl3) to higher (cpl0). */
+u64 spec_ctrl_priv;
+EXPORT_SYMBOL_GPL(spec_ctrl_priv);
+
+/* When switching from higher to lower privilege level. */
+u64 spec_ctrl_unpriv;
+EXPORT_SYMBOL_GPL(spec_ctrl_unpriv);
 
 /* The kernel command line selection */
 enum md_mitigation_cmd {
@@ -401,7 +411,12 @@ static void __init md_select_mitigation(void)
 
 	if (mode == MD_NONE)
 		setup_clear_cpu_cap(X86_FEATURE_MDD);
+	else {
+		spec_ctrl_priv &= ~SPEC_CTRL_MDD;
+		spec_ctrl_unpriv |= SPEC_CTRL_MDD;
+	}
 }
+
 #undef pr_fmt
 
 #ifdef CONFIG_SYSFS
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 4cd1c95e21b2..fa81af27ad5c 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -49,6 +49,7 @@
 #include <asm/microcode_intel.h>
 #include <asm/intel-family.h>
 #include <asm/cpu_device_id.h>
+#include <asm/nospec-branch.h>
 
 #ifdef CONFIG_X86_LOCAL_APIC
 #include <asm/uv/uv.h>
@@ -1313,6 +1314,8 @@ static void identify_cpu(struct cpuinfo_x86 *c)
 #ifdef CONFIG_NUMA
 	numa_add_cpu(smp_processor_id());
 #endif
+	if (mdd_at_boot())
+		wrmsrl(MSR_IA32_SPEC_CTRL, SPEC_CTRL_MDD);
 }
 
 /*
-- 
2.14.3