Home Home > GIT Browse > openSUSE-15.0
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJiri Kosina <jkosina@suse.cz>2018-07-17 23:20:37 +0200
committerJiri Kosina <jkosina@suse.cz>2018-07-17 23:20:37 +0200
commit1347dbe5a4052ff1e9a3a9754869587eb7267a85 (patch)
tree2fa946af08cd7c018bf915e7981934b4b9bd83e9
parent7152bf92726d278330e3e8f5167b593a9ca06e96 (diff)
parent69c60e1269f650667f34889d3fb6017e67469d58 (diff)
Merge remote-tracking branch 'origin/users/jroedel/SLE11-SP4/for-next' into SLE11-SP4rpm-3.0.101-108.60
Pull speculation fixes from Joerg Roedel
-rw-r--r--patches.arch/0001-x86-ssbd-Re-evaluate-SSBD-features-after-ucode-updat.patch170
-rw-r--r--patches.suse/0001-x86-32-kaiser-Add-CPL-check-for-CR3-switch-before-ir.patch52
-rw-r--r--patches.xen/xen3-patch-2.6.2610
-rw-r--r--series.conf3
4 files changed, 230 insertions, 5 deletions
diff --git a/patches.arch/0001-x86-ssbd-Re-evaluate-SSBD-features-after-ucode-updat.patch b/patches.arch/0001-x86-ssbd-Re-evaluate-SSBD-features-after-ucode-updat.patch
new file mode 100644
index 0000000000..349eaa647e
--- /dev/null
+++ b/patches.arch/0001-x86-ssbd-Re-evaluate-SSBD-features-after-ucode-updat.patch
@@ -0,0 +1,170 @@
+From: Joerg Roedel <jroedel@suse.de>
+Date: Fri, 13 Jul 2018 09:07:03 +0200
+Subject: x86/ssbd: Re-evaluate SSBD features after ucode update
+Patch-mainline: No, SUSE specific code
+References: bsc#1087082 bsc#1100394 CVE-2018-3639
+
+Make sure we initialize SSDB support late when new microcode
+is loaded into the CPU.
+
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+---
+ arch/x86/include/asm/spec_ctrl.h | 2 ++
+ arch/x86/kernel/cpu/bugs.c | 18 ++++++++++++++----
+ arch/x86/kernel/cpu/spec_ctrl.c | 25 ++++++++++++++++++++++++-
+ arch/x86/kernel/microcode_core.c | 1 +
+ 4 files changed, 41 insertions(+), 5 deletions(-)
+
+--- a/arch/x86/include/asm/spec_ctrl.h
++++ b/arch/x86/include/asm/spec_ctrl.h
+@@ -90,8 +90,10 @@ void x86_disable_ibrs(void);
+ unsigned int x86_ibrs_enabled(void);
+ unsigned int x86_ibpb_enabled(void);
+ void x86_spec_check(void);
++void x86_spec_set_on_each_cpu(void);
+ int nospec(char *str);
+ void stuff_RSB(void);
++void ssb_select_mitigation(void);
+
+ static inline void x86_ibp_barrier(void)
+ {
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@ -29,6 +29,8 @@
+ #include <asm/nospec-branch.h>
+ #include <asm/spec-ctrl.h>
+
++static void ssb_init_cmd_line(void);
++
+ #ifdef CONFIG_X86_32
+ static int __init no_halt(char *s)
+ {
+@@ -171,7 +173,7 @@ static void __init check_config(void)
+ #endif /* CONFIG_X86_32 */
+
+ static void __init spectre_v2_select_mitigation(void);
+-static void __init ssb_select_mitigation(void);
++void ssb_select_mitigation(void);
+ static void x86_amd_ssbd_disable(void);
+
+ /*
+@@ -225,6 +227,7 @@ void __init check_bugs(void)
+ * Select proper mitigation for any exposure to the Speculative Store
+ * Bypass vulnerability.
+ */
++ ssb_init_cmd_line();
+ ssb_select_mitigation();
+
+ #ifdef CONFIG_X86_32
+@@ -510,6 +513,8 @@ enum ssb_mitigation_cmd {
+ SPEC_STORE_BYPASS_CMD_SECCOMP,
+ };
+
++static enum ssb_mitigation_cmd ssb_cmd;
++
+ static const char *ssb_strings[] = {
+ [SPEC_STORE_BYPASS_NONE] = "Vulnerable",
+ [SPEC_STORE_BYPASS_DISABLE] = "Mitigation: Speculative Store Bypass disabled",
+@@ -559,7 +564,12 @@ static enum ssb_mitigation_cmd __init ss
+ return cmd;
+ }
+
+-static enum ssb_mitigation_cmd __init __ssb_select_mitigation(void)
++static void ssb_init_cmd_line(void)
++{
++ ssb_cmd = ssb_parse_cmdline();
++}
++
++static enum ssb_mitigation_cmd __ssb_select_mitigation(void)
+ {
+ enum ssb_mitigation mode = SPEC_STORE_BYPASS_NONE;
+ enum ssb_mitigation_cmd cmd;
+@@ -567,7 +577,7 @@ static enum ssb_mitigation_cmd __init __
+ if (!boot_cpu_has(X86_FEATURE_SSBD))
+ return mode;
+
+- cmd = ssb_parse_cmdline();
++ cmd = ssb_cmd;
+ if (!x86_bug_spec_store_bypass &&
+ (cmd == SPEC_STORE_BYPASS_CMD_NONE ||
+ cmd == SPEC_STORE_BYPASS_CMD_AUTO))
+@@ -623,7 +633,7 @@ static enum ssb_mitigation_cmd __init __
+ return mode;
+ }
+
+-static void ssb_select_mitigation()
++void ssb_select_mitigation(void)
+ {
+ ssb_mode = __ssb_select_mitigation();
+
+--- a/arch/x86/kernel/cpu/spec_ctrl.c
++++ b/arch/x86/kernel/cpu/spec_ctrl.c
+@@ -7,6 +7,7 @@
+ #include <asm/msr.h>
+ #include <asm/processor.h>
+ #include <asm/spec_ctrl.h>
++#include <asm/cpu.h>
+
+ /*
+ * Keep it open for more flags in case needed.
+@@ -63,13 +64,16 @@ EXPORT_SYMBOL_GPL(stuff_RSB);
+ */
+ void x86_spec_check(void)
+ {
++ unsigned int edx;
+
+ if (ibpb_state == 0) {
+ printk_once(KERN_INFO "IBRS/IBPB: disabled\n");
+ return;
+ }
+
+- if (cpuid_edx(7) & BIT(26)) {
++ edx = cpuid_edx(7);
++
++ if (edx & BIT(26)) {
+ if (ibrs_state == -1) {
+ /* noone force-disabled IBRS */
+ ibrs_state = 1;
+@@ -80,6 +84,13 @@ void x86_spec_check(void)
+
+ setup_force_cpu_cap(X86_FEATURE_SPEC_CTRL);
+ setup_force_cpu_cap(X86_FEATURE_IBRS);
++
++ if (!boot_cpu_has(X86_FEATURE_SSBD) &&
++ (edx & BIT(31))) {
++ /* We gained SSBD support - initialize the mitigation */
++ setup_force_cpu_cap(X86_FEATURE_SSBD);
++ ssb_select_mitigation();
++ }
+ }
+
+ if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD) {
+@@ -93,6 +104,18 @@ void x86_spec_check(void)
+ }
+ EXPORT_SYMBOL_GPL(x86_spec_check);
+
++static void __x86_spec_set(void *data)
++{
++ x86_spec_ctrl_setup_ap();
++}
++
++void x86_spec_set_on_each_cpu(void)
++{
++ if (boot_cpu_has(X86_FEATURE_SSBD))
++ on_each_cpu(__x86_spec_set, NULL, 1);
++}
++EXPORT_SYMBOL_GPL(x86_spec_set_on_each_cpu);
++
+ int __init nospec(char *str)
+ {
+ /*
+--- a/arch/x86/kernel/microcode_core.c
++++ b/arch/x86/kernel/microcode_core.c
+@@ -298,6 +298,7 @@ static void microcode_check(void)
+ {
+ perf_check_microcode();
+ x86_spec_check();
++ x86_spec_set_on_each_cpu();
+ cpu_caps_sync_late();
+ }
+
diff --git a/patches.suse/0001-x86-32-kaiser-Add-CPL-check-for-CR3-switch-before-ir.patch b/patches.suse/0001-x86-32-kaiser-Add-CPL-check-for-CR3-switch-before-ir.patch
new file mode 100644
index 0000000000..bf5f119810
--- /dev/null
+++ b/patches.suse/0001-x86-32-kaiser-Add-CPL-check-for-CR3-switch-before-ir.patch
@@ -0,0 +1,52 @@
+From: Joerg Roedel <jroedel@suse.de>
+Date: Tue, 26 Jun 2018 16:29:14 +0200
+Subject: [PATCH] x86-32/kaiser: Add CPL check for CR3 switch before iret
+Patch-mainline: No, different implementation than upstream
+References: bsc#1098408
+
+In some cases we don't have our marker bit set in pt_regs
+when we return to user-space, so that me miss the switch to
+the user-cr3. This happens when the kernel starts init
+and goes to user-space for the first time.
+
+Fix it by adding an additional check whether we return to
+user-space and do not rely on the marker bit alone.
+
+The marker-bit is still required for the case that we return
+to kernel-mode with user-cr3 already set.
+
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+---
+ arch/x86/kernel/entry_32.S | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
+index 5f0dc54..ea77d9f 100644
+--- a/arch/x86/kernel/entry_32.S
++++ b/arch/x86/kernel/entry_32.S
+@@ -950,8 +950,22 @@ restore_all:
+ restore_all_notrace:
+ CHECK_AND_APPLY_ESPFIX
+ restore_nocheck:
++
++#ifdef CONFIG_VM86
++ movl PT_EFLAGS(%esp), %eax # mix EFLAGS and CS
++ movb PT_CS(%esp), %al
++ andl $(X86_EFLAGS_VM | SEGMENT_RPL_MASK), %eax
++#else
++ movl PT_CS(%esp), %eax
++ andl $SEGMENT_RPL_MASK, %eax
++#endif
++ cmpl $USER_RPL, %eax
++ jae restore_all_cr3_switch
++
+ testl $CS_FROM_USER_CR3, PT_CS(%esp)
+ jz restore_all_no_switch
++
++restore_all_cr3_switch:
+ andl $(~CS_FROM_USER_CR3), PT_CS(%esp)
+ SWITCH_TO_USER_CR3 scratch_reg=%eax
+ restore_all_no_switch:
+--
+2.12.3
+
diff --git a/patches.xen/xen3-patch-2.6.26 b/patches.xen/xen3-patch-2.6.26
index b2a6a76fc9..850ed8a235 100644
--- a/patches.xen/xen3-patch-2.6.26
+++ b/patches.xen/xen3-patch-2.6.26
@@ -705,15 +705,15 @@ Automatically created from "patches.kernel.org/patch-2.6.26" by xen-port-patches
static int __init mtrr_init(void)
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -30,6 +30,7 @@
- #include <asm/spec-ctrl.h>
+@@ -32,6 +32,7 @@
+ static void ssb_init_cmd_line(void);
#ifdef CONFIG_X86_32
+#ifndef CONFIG_XEN
static int __init no_halt(char *s)
{
WARN_ONCE(1, "\"no-hlt\" is deprecated, please use \"idle=poll\"\n");
-@@ -38,6 +39,7 @@ static int __init no_halt(char *s)
+@@ -40,6 +41,7 @@ static int __init no_halt(char *s)
}
__setup("no-hlt", no_halt);
@@ -721,7 +721,7 @@ Automatically created from "patches.kernel.org/patch-2.6.26" by xen-port-patches
static int __init no_387(char *s)
{
-@@ -93,13 +95,16 @@ static void __init check_fpu(void)
+@@ -99,13 +101,16 @@ static void __init check_fpu(void)
kernel_fpu_end();
@@ -738,7 +738,7 @@ Automatically created from "patches.kernel.org/patch-2.6.26" by xen-port-patches
if (boot_cpu_data.x86 >= 5 || paravirt_enabled())
return;
-@@ -113,6 +118,7 @@ static void __init check_hlt(void)
+@@ -119,6 +124,7 @@ static void __init check_hlt(void)
halt();
halt();
printk(KERN_CONT "OK.\n");
diff --git a/series.conf b/series.conf
index a1b101374a..21b042173f 100644
--- a/series.conf
+++ b/series.conf
@@ -25317,6 +25317,7 @@
patches.suse/0016-x86-entry-32-Add-CR3-switches-to-entry-code.patch
patches.suse/0017-KAISER-Allow-on-32-bit.patch
patches.suse/0001-x86-kaiser-Hide-tss_struct-kabi-change.patch
+ patches.suse/0001-x86-32-kaiser-Add-CPL-check-for-CR3-switch-before-ir.patch
patches.arch/x86-entry-64-don-t-use-ist-entry-for-bp-stack.patch
@@ -25355,6 +25356,8 @@
patches.arch/0001-module-retpoline-Warn-about-missing-retpoline-in-mod.patch
patches.arch/0002-x86-cpu-bugs-Make-retpoline-module-warning-condition.patch
+ patches.arch/0001-x86-ssbd-Re-evaluate-SSBD-features-after-ucode-updat.patch
+
########################################################
# xen architecture, version 3
########################################################