diff options
Diffstat (limited to 'common/recipes-kernel/linux/linux-yocto-4.9.21/0018-x86-cpufeatures-Clean-up-Spectre-v2-related-CPUID-fl.patch')
| -rw-r--r-- | common/recipes-kernel/linux/linux-yocto-4.9.21/0018-x86-cpufeatures-Clean-up-Spectre-v2-related-CPUID-fl.patch | 181 |
1 files changed, 0 insertions, 181 deletions
diff --git a/common/recipes-kernel/linux/linux-yocto-4.9.21/0018-x86-cpufeatures-Clean-up-Spectre-v2-related-CPUID-fl.patch b/common/recipes-kernel/linux/linux-yocto-4.9.21/0018-x86-cpufeatures-Clean-up-Spectre-v2-related-CPUID-fl.patch deleted file mode 100644 index 09e6e0ce..00000000 --- a/common/recipes-kernel/linux/linux-yocto-4.9.21/0018-x86-cpufeatures-Clean-up-Spectre-v2-related-CPUID-fl.patch +++ /dev/null @@ -1,181 +0,0 @@ -From 9d680bb2dea42b419a94a55a4b65afb1b785b307 Mon Sep 17 00:00:00 2001 -From: David Woodhouse <dwmw@amazon.co.uk> -Date: Sat, 27 Jan 2018 16:24:32 +0000 -Subject: [PATCH 18/42] x86/cpufeatures: Clean up Spectre v2 related CPUID - flags - -(cherry picked from commit 2961298efe1ea1b6fc0d7ee8b76018fa6c0bcef2) - -We want to expose the hardware features simply in /proc/cpuinfo as "ibrs", -"ibpb" and "stibp". Since AMD has separate CPUID bits for those, use them -as the user-visible bits. - -When the Intel SPEC_CTRL bit is set which indicates both IBRS and IBPB -capability, set those (AMD) bits accordingly. Likewise if the Intel STIBP -bit is set, set the AMD STIBP that's used for the generic hardware -capability. - -Hide the rest from /proc/cpuinfo by putting "" in the comments. Including -RETPOLINE and RETPOLINE_AMD which shouldn't be visible there. There are -patches to make the sysfs vulnerabilities information non-readable by -non-root, and the same should apply to all information about which -mitigations are actually in use. Those *shouldn't* appear in /proc/cpuinfo. - -The feature bit for whether IBPB is actually used, which is needed for -ALTERNATIVEs, is renamed to X86_FEATURE_USE_IBPB. - -Originally-by: Borislav Petkov <bp@suse.de> -Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Cc: ak@linux.intel.com -Cc: dave.hansen@intel.com -Cc: karahmed@amazon.de -Cc: arjan@linux.intel.com -Cc: torvalds@linux-foundation.org -Cc: peterz@infradead.org -Cc: bp@alien8.de -Cc: pbonzini@redhat.com -Cc: tim.c.chen@linux.intel.com -Cc: gregkh@linux-foundation.org -Link: https://lkml.kernel.org/r/1517070274-12128-2-git-send-email-dwmw@amazon.co.uk -Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ---- - arch/x86/include/asm/cpufeatures.h | 18 +++++++++--------- - arch/x86/include/asm/nospec-branch.h | 2 +- - arch/x86/kernel/cpu/bugs.c | 7 +++---- - arch/x86/kernel/cpu/intel.c | 31 +++++++++++++++++++++---------- - 4 files changed, 34 insertions(+), 24 deletions(-) - -diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h -index 3901545..8eb23f5 100644 ---- a/arch/x86/include/asm/cpufeatures.h -+++ b/arch/x86/include/asm/cpufeatures.h -@@ -194,15 +194,15 @@ - #define X86_FEATURE_HW_PSTATE ( 7*32+ 8) /* AMD HW-PState */ - #define X86_FEATURE_PROC_FEEDBACK ( 7*32+ 9) /* AMD ProcFeedbackInterface */ - --#define X86_FEATURE_RETPOLINE ( 7*32+12) /* Generic Retpoline mitigation for Spectre variant 2 */ --#define X86_FEATURE_RETPOLINE_AMD ( 7*32+13) /* AMD Retpoline mitigation for Spectre variant 2 */ -+#define X86_FEATURE_RETPOLINE ( 7*32+12) /* "" Generic Retpoline mitigation for Spectre variant 2 */ -+#define X86_FEATURE_RETPOLINE_AMD ( 7*32+13) /* "" AMD Retpoline mitigation for Spectre variant 2 */ - --#define X86_FEATURE_RSB_CTXSW ( 7*32+19) /* Fill RSB on context switches */ -+#define X86_FEATURE_RSB_CTXSW ( 7*32+19) /* "" Fill RSB on context switches */ - - /* Because the ALTERNATIVE scheme is for members of the X86_FEATURE club... */ - #define X86_FEATURE_KAISER ( 7*32+31) /* CONFIG_PAGE_TABLE_ISOLATION w/o nokaiser */ - --#define X86_FEATURE_IBPB ( 7*32+21) /* Indirect Branch Prediction Barrier enabled*/ -+#define X86_FEATURE_USE_IBPB ( 7*32+21) /* "" Indirect Branch Prediction Barrier enabled */ - - /* Virtualization flags: Linux defined, word 8 */ - #define X86_FEATURE_TPR_SHADOW ( 8*32+ 0) /* Intel TPR Shadow */ -@@ -260,9 +260,9 @@ - /* AMD-defined CPU features, CPUID level 0x80000008 (ebx), word 13 */ - #define X86_FEATURE_CLZERO (13*32+0) /* CLZERO instruction */ - #define X86_FEATURE_IRPERF (13*32+1) /* Instructions Retired Count */ --#define X86_FEATURE_AMD_PRED_CMD (13*32+12) /* Prediction Command MSR (AMD) */ --#define X86_FEATURE_AMD_SPEC_CTRL (13*32+14) /* Speculation Control MSR only (AMD) */ --#define X86_FEATURE_AMD_STIBP (13*32+15) /* Single Thread Indirect Branch Predictors (AMD) */ -+#define X86_FEATURE_IBPB (13*32+12) /* Indirect Branch Prediction Barrier */ -+#define X86_FEATURE_IBRS (13*32+14) /* Indirect Branch Restricted Speculation */ -+#define X86_FEATURE_STIBP (13*32+15) /* Single Thread Indirect Branch Predictors */ - - /* Thermal and Power Management Leaf, CPUID level 0x00000006 (eax), word 14 */ - #define X86_FEATURE_DTHERM (14*32+ 0) /* Digital Thermal Sensor */ -@@ -301,8 +301,8 @@ - /* Intel-defined CPU features, CPUID level 0x00000007:0 (EDX), word 18 */ - #define X86_FEATURE_AVX512_4VNNIW (18*32+ 2) /* AVX-512 Neural Network Instructions */ - #define X86_FEATURE_AVX512_4FMAPS (18*32+ 3) /* AVX-512 Multiply Accumulation Single precision */ --#define X86_FEATURE_SPEC_CTRL (18*32+26) /* Speculation Control (IBRS + IBPB) */ --#define X86_FEATURE_STIBP (18*32+27) /* Single Thread Indirect Branch Predictors */ -+#define X86_FEATURE_SPEC_CTRL (18*32+26) /* "" Speculation Control (IBRS + IBPB) */ -+#define X86_FEATURE_INTEL_STIBP (18*32+27) /* "" Single Thread Indirect Branch Predictors */ - #define X86_FEATURE_ARCH_CAPABILITIES (18*32+29) /* IA32_ARCH_CAPABILITIES MSR (Intel) */ - - /* -diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h -index 865192a..19ecb54 100644 ---- a/arch/x86/include/asm/nospec-branch.h -+++ b/arch/x86/include/asm/nospec-branch.h -@@ -225,7 +225,7 @@ static inline void indirect_branch_prediction_barrier(void) - "movl %[val], %%eax\n\t" - "movl $0, %%edx\n\t" - "wrmsr", -- X86_FEATURE_IBPB) -+ X86_FEATURE_USE_IBPB) - : : [msr] "i" (MSR_IA32_PRED_CMD), - [val] "i" (PRED_CMD_IBPB) - : "eax", "ecx", "edx", "memory"); -diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c -index efe55c5..3a06718 100644 ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -272,9 +272,8 @@ static void __init spectre_v2_select_mitigation(void) - } - - /* Initialize Indirect Branch Prediction Barrier if supported */ -- if (boot_cpu_has(X86_FEATURE_SPEC_CTRL) || -- boot_cpu_has(X86_FEATURE_AMD_PRED_CMD)) { -- setup_force_cpu_cap(X86_FEATURE_IBPB); -+ if (boot_cpu_has(X86_FEATURE_IBPB)) { -+ setup_force_cpu_cap(X86_FEATURE_USE_IBPB); - pr_info("Enabling Indirect Branch Prediction Barrier\n"); - } - } -@@ -307,7 +306,7 @@ ssize_t cpu_show_spectre_v2(struct device *dev, - return sprintf(buf, "Not affected\n"); - - return sprintf(buf, "%s%s%s\n", spectre_v2_strings[spectre_v2_enabled], -- boot_cpu_has(X86_FEATURE_IBPB) ? ", IBPB" : "", -+ boot_cpu_has(X86_FEATURE_USE_IBPB) ? ", IBPB" : "", - spectre_v2_module_string()); - } - #endif -diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c -index 4d23d78..2e257f8 100644 ---- a/arch/x86/kernel/cpu/intel.c -+++ b/arch/x86/kernel/cpu/intel.c -@@ -140,17 +140,28 @@ static void early_init_intel(struct cpuinfo_x86 *c) - rdmsr(MSR_IA32_UCODE_REV, lower_word, c->microcode); - } - -- if ((cpu_has(c, X86_FEATURE_SPEC_CTRL) || -- cpu_has(c, X86_FEATURE_STIBP) || -- cpu_has(c, X86_FEATURE_AMD_SPEC_CTRL) || -- cpu_has(c, X86_FEATURE_AMD_PRED_CMD) || -- cpu_has(c, X86_FEATURE_AMD_STIBP)) && bad_spectre_microcode(c)) { -- pr_warn("Intel Spectre v2 broken microcode detected; disabling SPEC_CTRL\n"); -- clear_cpu_cap(c, X86_FEATURE_SPEC_CTRL); -+ /* -+ * The Intel SPEC_CTRL CPUID bit implies IBRS and IBPB support, -+ * and they also have a different bit for STIBP support. Also, -+ * a hypervisor might have set the individual AMD bits even on -+ * Intel CPUs, for finer-grained selection of what's available. -+ */ -+ if (cpu_has(c, X86_FEATURE_SPEC_CTRL)) { -+ set_cpu_cap(c, X86_FEATURE_IBRS); -+ set_cpu_cap(c, X86_FEATURE_IBPB); -+ } -+ if (cpu_has(c, X86_FEATURE_INTEL_STIBP)) -+ set_cpu_cap(c, X86_FEATURE_STIBP); -+ -+ /* Now if any of them are set, check the blacklist and clear the lot */ -+ if ((cpu_has(c, X86_FEATURE_IBRS) || cpu_has(c, X86_FEATURE_IBPB) || -+ cpu_has(c, X86_FEATURE_STIBP)) && bad_spectre_microcode(c)) { -+ pr_warn("Intel Spectre v2 broken microcode detected; disabling Speculation Control\n"); -+ clear_cpu_cap(c, X86_FEATURE_IBRS); -+ clear_cpu_cap(c, X86_FEATURE_IBPB); - clear_cpu_cap(c, X86_FEATURE_STIBP); -- clear_cpu_cap(c, X86_FEATURE_AMD_SPEC_CTRL); -- clear_cpu_cap(c, X86_FEATURE_AMD_PRED_CMD); -- clear_cpu_cap(c, X86_FEATURE_AMD_STIBP); -+ clear_cpu_cap(c, X86_FEATURE_SPEC_CTRL); -+ clear_cpu_cap(c, X86_FEATURE_INTEL_STIBP); - } - - /* --- -2.7.4 - |