From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <konrad.wilk@oracle.com>
Received: from aserp2130.oracle.com ([141.146.126.79])
	by Galois.linutronix.de with esmtps (TLS1.2:RSA_AES_256_CBC_SHA256:256)
	(Exim 4.80)
	(envelope-from <konrad.wilk@oracle.com>)
	id 1f8ns8-0002bo-R4
	for speck@linutronix.de; Wed, 18 Apr 2018 16:15:46 +0200
Received: from pps.filterd (aserp2130.oracle.com [127.0.0.1])
	by aserp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w3IEBSeR057674
	for <speck@linutronix.de>; Wed, 18 Apr 2018 14:15:38 GMT
Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74])
	by aserp2130.oracle.com with ESMTP id 2hdrxnau4h-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
	for <speck@linutronix.de>; Wed, 18 Apr 2018 14:15:38 +0000
Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236])
	by userv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w3IEFblU006145
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
	for <speck@linutronix.de>; Wed, 18 Apr 2018 14:15:37 GMT
Received: from abhmp0010.oracle.com (abhmp0010.oracle.com [141.146.116.16])
	by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w3IEFagc025903
	for <speck@linutronix.de>; Wed, 18 Apr 2018 14:15:36 GMT
Message-Id: <20180413022657.402368163@localhost.localdomain>
Date: Thu, 12 Apr 2018 22:26:53 -0400
From: konrad.wilk@oracle.com
Subject: [MODERATED] [patch 4/8] [PATCH v1.3.1 4/7] Linux Patch 4
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
To: speck@linutronix.de
List-ID: <speck.linutronix.de>

x86/mdd/firmware calls: Save/Restore the MDD bit when using SPEC_CTRL

.. when we perform the IBRS calls for firmware calls we need
to take into account the MD bit as well. This is a bit complicated
in the assembler constructs as the value is no more a constant
but a variable.

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
---
v3: s/md_v4/mdd/
v3.1: Add spec_ctrl_firmware to use only when going to SMI.
---
 arch/x86/include/asm/nospec-branch.h | 12 ++++++++----
 arch/x86/kernel/cpu/bugs.c           |  3 +++
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
index 7c6ed8b1b19b..c3856b3f42eb 100644
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -226,6 +226,7 @@ enum md_mitigation {
 extern enum md_mitigation md_mode;
 extern u64 spec_ctrl_priv;
 extern u64 spec_ctrl_unpriv;
+extern u64 spec_ctrl_firmware;
 
 static inline bool mdd_at_boot(void)
 {
@@ -263,12 +264,13 @@ static inline void vmexit_fill_RSB(void)
 				 "movl $0, %%edx\n\t"		\
 				 "wrmsr",			\
 				 _feature)			\
-		     : : [msr] "i" (_msr), [val] "i" (_val)	\
+		     : : [msr] "i" (_msr), [val] "m" (_val)	\
 		     : "eax", "ecx", "edx", "memory")
 
 static inline void indirect_branch_prediction_barrier(void)
 {
-	alternative_msr_write(MSR_IA32_PRED_CMD, PRED_CMD_IBPB,
+	u64 val = PRED_CMD_IBPB;
+	alternative_msr_write(MSR_IA32_PRED_CMD, val,
 			      X86_FEATURE_USE_IBPB);
 }
 
@@ -281,13 +283,15 @@ static inline void indirect_branch_prediction_barrier(void)
 #define firmware_restrict_branch_speculation_start()			\
 do {									\
 	preempt_disable();						\
-	alternative_msr_write(MSR_IA32_SPEC_CTRL, SPEC_CTRL_IBRS,	\
+	alternative_msr_write(MSR_IA32_SPEC_CTRL,			\
+			      spec_ctrl_firmware,			\
 			      X86_FEATURE_USE_IBRS_FW);			\
 } while (0)
 
 #define firmware_restrict_branch_speculation_end()			\
 do {									\
-	alternative_msr_write(MSR_IA32_SPEC_CTRL, 0,			\
+	alternative_msr_write(MSR_IA32_SPEC_CTRL,			\
+			      spec_ctrl_unpriv,				\
 			      X86_FEATURE_USE_IBRS_FW);			\
 	preempt_enable();						\
 } while (0)
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 73f76d0f5181..250baf24da56 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -329,6 +329,9 @@ EXPORT_SYMBOL_GPL(spec_ctrl_priv);
 u64 spec_ctrl_unpriv;
 EXPORT_SYMBOL_GPL(spec_ctrl_unpriv);
 
+/* When switching from higher to SMI privilege level. */
+u64 spec_ctrl_firmware = SPEC_CTRL_IBRS;
+
 /* The kernel command line selection */
 enum md_mitigation_cmd {
 	MD_CMD_NONE,
-- 
2.14.3