[MODERATED] [patch 3/8] [PATCH v1.3.1 3/7] Linux Patch 3

All of lore.kernel.org
 help / color / mirror / Atom feed

* [MODERATED] [patch 3/8] [PATCH v1.3.1 3/7] Linux Patch 3
@ 2018-04-13  2:26 konrad.wilk
  0 siblings, 0 replies; only message in thread
From: konrad.wilk @ 2018-04-13  2:26 UTC (permalink / raw)
  To: speck

Intel CPUs expose methods to:
 - detect whether memory disambiguation can be disabled via
   CPUID.7.0.EDX[31]
 - The SPEC_CTRL MSR(0x48), bit 2 set to disable this functionality.

With that in mind if mdd=[auto,force,boot] is selected we will
set at boot-time the SPEC_CTRL MSR to disable memory
disambiguation.

Note that this does not fix the KVM case where the SPEC_CTRL
is exposed to guests who can muck with, see patch titled:
 x86/mdd/KVM: Support the combination of guest IBRS and ours.

And for the firmware (IBRS to be set), see patch titled:
x86/mdd/firmware calls: Save/Restore the MDD bit when using SPEC_CTRL

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
---
v3: Expand on the commit description
  s/md_v4/mdd/
  s/spec_ctrl_msr_on/spec_ctrl_priv/
  s/spec_ctrl_msr_off/spec_ctrp_unpriv/
v3.1:
 - Add comment about privilege level changes.
---
 arch/x86/include/asm/msr-index.h     |  1 +
 arch/x86/include/asm/nospec-branch.h |  9 +++++++++
 arch/x86/kernel/cpu/bugs.c           | 17 ++++++++++++++++-
 arch/x86/kernel/cpu/common.c         |  3 +++
 4 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
index c9084dedfcfa..bf34fa975212 100644
--- a/arch/x86/include/asm/msr-index.h
+++ b/arch/x86/include/asm/msr-index.h
@@ -42,6 +42,7 @@
 #define MSR_IA32_SPEC_CTRL		0x00000048 /* Speculation Control */
 #define SPEC_CTRL_IBRS			(1 << 0)   /* Indirect Branch Restricted Speculation */
 #define SPEC_CTRL_STIBP			(1 << 1)   /* Single Thread Indirect Branch Predictors */
+#define SPEC_CTRL_MDD			(1 << 2)   /* Memory Disambiguation Disable */
 
 #define MSR_IA32_PRED_CMD		0x00000049 /* Prediction Command */
 #define PRED_CMD_IBPB			(1 << 0)   /* Indirect Branch Prediction Barrier */
diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
index 2c098a3250eb..7c6ed8b1b19b 100644
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -223,6 +223,15 @@ enum md_mitigation {
 	MD_KERNEL_ON,
 };
 
+extern enum md_mitigation md_mode;
+extern u64 spec_ctrl_priv;
+extern u64 spec_ctrl_unpriv;
+
+static inline bool mdd_at_boot(void)
+{
+	return (md_mode == MD_BOOT_ON);
+}
+
 extern char __indirect_thunk_start[];
 extern char __indirect_thunk_end[];
 
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 561cb228605a..73f76d0f5181 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -72,6 +72,9 @@ void __init check_bugs(void)
 	 */
 	if (!direct_gbpages)
 		set_memory_4k((unsigned long)__va(0), 1);
+
+	if (mdd_at_boot())
+		wrmsrl(MSR_IA32_SPEC_CTRL, SPEC_CTRL_MDD);
 #endif
 }
 
@@ -317,7 +320,14 @@ static void __init spectre_v2_select_mitigation(void)
 #undef pr_fmt
 #define pr_fmt(fmt)     "MDD: " fmt
 
-static enum md_mitigation md_mode = MD_NONE;
+enum md_mitigation md_mode = MD_NONE;
+/* When switching from lower privilege level (cpl3) to higher (cpl0). */
+u64 spec_ctrl_priv;
+EXPORT_SYMBOL_GPL(spec_ctrl_priv);
+
+/* When switching from higher to lower privilege level. */
+u64 spec_ctrl_unpriv;
+EXPORT_SYMBOL_GPL(spec_ctrl_unpriv);
 
 /* The kernel command line selection */
 enum md_mitigation_cmd {
@@ -401,7 +411,12 @@ static void __init md_select_mitigation(void)
 
 	if (mode == MD_NONE)
 		setup_clear_cpu_cap(X86_FEATURE_MDD);
+	else {
+		spec_ctrl_priv &= ~SPEC_CTRL_MDD;
+		spec_ctrl_unpriv |= SPEC_CTRL_MDD;
+	}
 }
+
 #undef pr_fmt
 
 #ifdef CONFIG_SYSFS
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 4cd1c95e21b2..fa81af27ad5c 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -49,6 +49,7 @@
 #include <asm/microcode_intel.h>
 #include <asm/intel-family.h>
 #include <asm/cpu_device_id.h>
+#include <asm/nospec-branch.h>
 
 #ifdef CONFIG_X86_LOCAL_APIC
 #include <asm/uv/uv.h>
@@ -1313,6 +1314,8 @@ static void identify_cpu(struct cpuinfo_x86 *c)
 #ifdef CONFIG_NUMA
 	numa_add_cpu(smp_processor_id());
 #endif
+	if (mdd_at_boot())
+		wrmsrl(MSR_IA32_SPEC_CTRL, SPEC_CTRL_MDD);
 }
 
 /*
-- 
2.14.3

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2018-04-18 14:15 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-04-13  2:26 [MODERATED] [patch 3/8] [PATCH v1.3.1 3/7] Linux Patch 3 konrad.wilk

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.