Home Home > GIT Browse > openSUSE-15.0
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJiri Kosina <jkosina@suse.cz>2018-06-18 14:17:58 +0200
committerJiri Kosina <jkosina@suse.cz>2018-06-18 15:27:26 +0200
commitbaa07f9df91b6684c4581228137bcabdcc4dc66c (patch)
treee6eaa78c7bfe5a8107501a832fa60b0e7e8fb2ef
parentd0f4e08f1b6e58984e9b2b451a8f240fcc44acec (diff)
- Refresh patches.suse/nospec-fix-forced-cpucaps-ordering.patch.rpm-4.4.138-94.39
- Delete patches.suse/ibrs-avoid-lfence-when-runtime-disabled.patch. Drop the lfence-avoiding optimization; it has at least two issues: - ENABLE_IBRS clobbers %rax which it shouldn't do - there is probably a place where forcing _IBRS_OFF is missed (or is too late) and therefore ENABLE_IBRS is sometimes called early during boot while it should not. Let's drop the uoptimization for now. Fixes bsc#1098009 and bsc#1098012
-rw-r--r--patches.suse/ibrs-avoid-lfence-when-runtime-disabled.patch171
-rw-r--r--patches.suse/nospec-fix-forced-cpucaps-ordering.patch6
-rw-r--r--series.conf2
3 files changed, 3 insertions, 176 deletions
diff --git a/patches.suse/ibrs-avoid-lfence-when-runtime-disabled.patch b/patches.suse/ibrs-avoid-lfence-when-runtime-disabled.patch
deleted file mode 100644
index 0fb76cb1e4..0000000000
--- a/patches.suse/ibrs-avoid-lfence-when-runtime-disabled.patch
+++ /dev/null
@@ -1,171 +0,0 @@
-From: Jiri Kosina <jkosina@suse.cz>
-Subject: x86/bugs: IBRS: make runtime disabling fully dynamic
-References: bsc#1068032
-Patch-mainline: Never, SUSE-specific
-
-Currently, if IBRS MSR is provided by ucode in SPEC_CTRL, we still call
-x86_ibrs_enabled() in ENABLE_IBRS (therefore on every kernel entry) to
-check whether IBRS has been runtime disabled (either by cmdline, or by
-detecting pre-SKL architecture).
-
-This means, that every kernel entry still contains lfence, which is there
-to prevent speculative execution of any subsequent kernel code which is
-already in the pipeline, before ibrs_enabled gets evaluated and tested in
-in-line execution.
-
-This is of course far from optimal wrt. performance.
-
-Introduce X86_FEATURE_IBRS_OFF, and make sure it's set in cases when IBRS
-is being forced-off on kernel entry (and let ALTERNATIVE patch-out the
-complete enabling codepath in case it's turned off, removing the need for
-the lfence).
-
-Signed-off-by: Jiri Kosina <jkosina@suse.cz>
----
- arch/x86/include/asm/cpufeature.h | 1
- arch/x86/include/asm/spec_ctrl.h | 44 +++-----------------------------------
- arch/x86/kernel/cpu/bugs.c | 2 -
- arch/x86/kernel/cpu/spec_ctrl.c | 16 ++++++++++++-
- 4 files changed, 20 insertions(+), 43 deletions(-)
-
---- a/arch/x86/include/asm/cpufeature.h
-+++ b/arch/x86/include/asm/cpufeature.h
-@@ -77,6 +77,7 @@
- * word 7 und we not even attempting to do a nasty kABI breakage.
- */
- #define X86_FEATURE_ZEN ( 2*32+ 4) /* "" CPU is AMD family 0x17 (Zen) */
-+#define X86_FEATURE_IBRS_OFF ( 2*32+ 5) /* "" Force-disabled IBRS usage on kernel entry */
-
- /* Other features, Linux-defined mapping, word 3 */
- /* This range is used for feature bits which conflict or are synthesized */
---- a/arch/x86/include/asm/spec_ctrl.h
-+++ b/arch/x86/include/asm/spec_ctrl.h
-@@ -16,55 +16,27 @@
- .endm
-
- .macro ENABLE_IBRS_CLOBBER
-- ALTERNATIVE "jmp .Lend_\@", "", X86_FEATURE_SPEC_CTRL
-- call x86_ibrs_enabled
-- test %eax, %eax
-- jz .Llfence_\@
-+ ALTERNATIVE "", "jmp .Lend_\@", X86_FEATURE_IBRS_OFF
-
- __ENABLE_IBRS_CLOBBER
-- jmp .Lend_\@
--
--.Llfence_\@:
-- lfence
- .Lend_\@:
- .endm
-
-
- .macro ENABLE_IBRS
-- ALTERNATIVE "jmp .Lend_\@", "", X86_FEATURE_SPEC_CTRL
--
-- pushq %rax
--
-- call x86_ibrs_enabled
-- test %eax, %eax
-- jz .Llfence_\@
-+ ALTERNATIVE "", "jmp .Lend_\@", X86_FEATURE_IBRS_OFF
-
- pushq %rcx
- pushq %rdx
- __ENABLE_IBRS_CLOBBER
- popq %rdx
- popq %rcx
--
-- jmp .Lpop_\@
--
--.Llfence_\@:
-- lfence
--
--.Lpop_\@:
-- popq %rax
--
- .Lend_\@:
- .endm
-
-
- .macro DISABLE_IBRS
-- ALTERNATIVE "jmp .Lend_\@", "", X86_FEATURE_SPEC_CTRL
--
-- pushq %rax
--
-- call x86_ibrs_enabled
-- test %eax, %eax
-- jz .Llfence_\@
-+ ALTERNATIVE "", "jmp .Lend_\@", X86_FEATURE_IBRS_OFF
-
- pushq %rcx
- pushq %rdx
-@@ -74,15 +46,6 @@
- wrmsr
- popq %rdx
- popq %rcx
--
-- jmp .Lpop_\@
--
--.Llfence_\@:
-- lfence
--
--.Lpop_\@:
-- popq %rax
--
- .Lend_\@:
- .endm
-
-@@ -95,6 +58,7 @@ void x86_disable_ibrs(void);
- unsigned int x86_ibrs_enabled(void);
- unsigned int x86_ibpb_enabled(void);
- void x86_spec_check(void);
-+void noibrs(void);
- int nospec(char *str);
-
- static inline void x86_ibp_barrier(void)
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -423,7 +423,7 @@ retpoline_auto:
-
- if (!is_skylake_era()) {
- pr_info("Retpolines enabled, force-disabling IBRS due to !SKL-era core\n");
-- ibrs_state = 0;
-+ noibrs();
- }
- }
-
---- a/arch/x86/kernel/cpu/spec_ctrl.c
-+++ b/arch/x86/kernel/cpu/spec_ctrl.c
-@@ -59,6 +59,7 @@ void x86_spec_check(void)
- if (ibrs_state == -1) {
- /* noone force-disabled IBRS */
- ibrs_state = 1;
-+ setup_clear_cpu_cap(X86_FEATURE_IBRS_OFF);
- printk_once(KERN_INFO "IBRS: initialized\n");
- }
- printk_once(KERN_INFO "IBPB: initialized\n");
-@@ -78,11 +79,22 @@ void x86_spec_check(void)
- }
- EXPORT_SYMBOL_GPL(x86_spec_check);
-
--int nospec(char *str)
-+void noibrs(void)
- {
-- setup_clear_cpu_cap(X86_FEATURE_SPEC_CTRL);
-+ setup_force_cpu_cap(X86_FEATURE_IBRS_OFF);
- ibrs_state = 0;
-+}
-+
-+static void noibpb(void)
-+{
-+ setup_clear_cpu_cap(X86_FEATURE_SPEC_CTRL);
- ibpb_state = 0;
-+}
-+
-+int nospec(char *str)
-+{
-+ noibrs();
-+ noibpb();
-
- return 0;
- }
diff --git a/patches.suse/nospec-fix-forced-cpucaps-ordering.patch b/patches.suse/nospec-fix-forced-cpucaps-ordering.patch
index e4e6486f0b..e003cc8b0f 100644
--- a/patches.suse/nospec-fix-forced-cpucaps-ordering.patch
+++ b/patches.suse/nospec-fix-forced-cpucaps-ordering.patch
@@ -18,9 +18,9 @@ Signed-off-by: Jiri Kosina <jkosina@suse.cz>
--- a/arch/x86/kernel/cpu/spec_ctrl.c
+++ b/arch/x86/kernel/cpu/spec_ctrl.c
-@@ -87,7 +87,13 @@ void noibrs(void)
+@@ -80,7 +80,13 @@ EXPORT_SYMBOL_GPL(x86_spec_check);
- static void noibpb(void)
+ int nospec(char *str)
{
+ /*
+ * Due to way how apply_forced_caps() works, we have to
@@ -29,6 +29,6 @@ Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+ */
setup_clear_cpu_cap(X86_FEATURE_SPEC_CTRL);
+ clear_bit(X86_FEATURE_SPEC_CTRL, (unsigned long *)cpu_caps_set);
+ ibrs_state = 0;
ibpb_state = 0;
- }
diff --git a/series.conf b/series.conf
index 215912a74a..9d1e5993e0 100644
--- a/series.conf
+++ b/series.conf
@@ -23643,8 +23643,6 @@
patches.arch/48-x86-bugs-rename-ssbd_no-to-ssb_no.patch
patches.kabi/fix-kvm-kabi.patch
- patches.suse/ibrs-avoid-lfence-when-runtime-disabled.patch
-
# IBRS disabling fix
patches.suse/nospec-fix-forced-cpucaps-ordering.patch
patches.suse/0001-KVM-x86-Sync-back-MSR_IA32_SPEC_CTRL-to-VCPU-data-st.patch