Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJiri Kosina <jkosina@suse.cz>2018-04-16 11:46:41 +0200
committerJiri Kosina <jkosina@suse.cz>2018-04-16 11:46:41 +0200
commit75dad8a8328b800fb66fb7053164a082ba6ea722 (patch)
treeaaf239bdaef0989377ae6a2cc694d8f9742d74d4
parentc0fbcefa1f5a20397ea86ed8665e4eda68047a61 (diff)
parentcd63dc1c65beaa497cf62d07c180af1b4303e7dd (diff)
Merge remote-tracking branch 'origin/users/bpetkov/SLE11-SP4/for-next' into SLE11-SP4
Pull x86 spectre fixes from Borislav Petkov
-rw-r--r--patches.arch/05-x86-retpoline-Add-initial-retpoline-support.patch4
-rw-r--r--patches.arch/14.1-x86-retpoline-fill-rsb-on-context-switch-for-affected-cpus.patch14
-rw-r--r--patches.suse/01-x86-feature-enable-the-x86-feature-to-control-speculation.patch9
-rw-r--r--patches.suse/33-x86-microcode-Rescan-feature-flags-upon-late-loading.patch47
4 files changed, 57 insertions, 17 deletions
diff --git a/patches.arch/05-x86-retpoline-Add-initial-retpoline-support.patch b/patches.arch/05-x86-retpoline-Add-initial-retpoline-support.patch
index faf1374d77..b7b09c202e 100644
--- a/patches.arch/05-x86-retpoline-Add-initial-retpoline-support.patch
+++ b/patches.arch/05-x86-retpoline-Add-initial-retpoline-support.patch
@@ -137,7 +137,7 @@ Add alternatives debugging output.
+++ b/arch/x86/include/asm/cpufeature.h
@@ -183,6 +183,8 @@
#define X86_FEATURE_INVPCID_SINGLE (7*32+ 8) /* Effectively INVPCID && CR4.PCIDE=1 */
- #define X86_FEATURE_SPEC_CTRL ( 7*32+19) /* Control Speculation Control */
+ #define X86_FEATURE_SPEC_CTRL ( 7*32+20) /* Control Speculation Control */
+#define X86_FEATURE_RETPOLINE ( 7*32+29) /* Generic Retpoline mitigation for Spectre variant 2 */
+#define X86_FEATURE_RETPOLINE_AMD ( 7*32+30) /* AMD Retpoline mitigation for Spectre variant 2 */
@@ -369,7 +369,7 @@ Add alternatives debugging output.
}
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
-@@ -791,6 +791,10 @@ static void __init early_identify_cpu(st
+@@ -792,6 +792,10 @@ static void __init early_identify_cpu(st
if (this_cpu->c_bsp_init)
this_cpu->c_bsp_init(c);
diff --git a/patches.arch/14.1-x86-retpoline-fill-rsb-on-context-switch-for-affected-cpus.patch b/patches.arch/14.1-x86-retpoline-fill-rsb-on-context-switch-for-affected-cpus.patch
index 52f8edde42..de4b0f4a78 100644
--- a/patches.arch/14.1-x86-retpoline-fill-rsb-on-context-switch-for-affected-cpus.patch
+++ b/patches.arch/14.1-x86-retpoline-fill-rsb-on-context-switch-for-affected-cpus.patch
@@ -58,14 +58,14 @@ Acked-by: Borislav Petkov <bp@suse.de>
--- a/arch/x86/include/asm/cpufeature.h
+++ b/arch/x86/include/asm/cpufeature.h
-@@ -187,6 +187,7 @@
- #define X86_FEATURE_RETPOLINE_AMD ( 7*32+30) /* AMD Retpoline mitigation for Spectre variant 2 */
- /* Because the ALTERNATIVE scheme is for members of the X86_FEATURE club... */
- #define X86_FEATURE_KAISER ( 7*32+31) /* CONFIG_KAISER w/o nokaiser */
-+#define X86_FEATURE_RSB_CTXSW ( 7*32+19) /* Fill RSB on context switches */
+@@ -181,6 +181,7 @@
+ #define X86_FEATURE_PTS (7*32+ 6) /* Intel Package Thermal Status */
+ #define X86_FEATURE_DTHERM (7*32+ 7) /* Digital Thermal Sensor */
+ #define X86_FEATURE_INVPCID_SINGLE (7*32+ 8) /* Effectively INVPCID && CR4.PCIDE=1 */
++#define X86_FEATURE_RSB_CTXSW ( 7*32+19) /* Fill RSB on context switches */
+ #define X86_FEATURE_SPEC_CTRL ( 7*32+20) /* Control Speculation Control */
- /* Virtualization flags: Linux defined, word 8 */
- #define X86_FEATURE_TPR_SHADOW (8*32+ 0) /* Intel TPR Shadow */
+ #define X86_FEATURE_RETPOLINE ( 7*32+29) /* Generic Retpoline mitigation for Spectre variant 2 */
--- a/arch/x86/include/asm/system.h
+++ b/arch/x86/include/asm/system.h
@@ -6,6 +6,7 @@
diff --git a/patches.suse/01-x86-feature-enable-the-x86-feature-to-control-speculation.patch b/patches.suse/01-x86-feature-enable-the-x86-feature-to-control-speculation.patch
index 357432c75e..45960f2301 100644
--- a/patches.suse/01-x86-feature-enable-the-x86-feature-to-control-speculation.patch
+++ b/patches.suse/01-x86-feature-enable-the-x86-feature-to-control-speculation.patch
@@ -12,6 +12,13 @@ IA32_SPEC_CTRL (0x48) and IA32_PRED_CMD (0x49)
IA32_SPEC_CTRL, bit0 – Indirect Branch Restricted Speculation (IBRS)
IA32_PRED_CMD, bit0 – Indirect Branch Prediction Barrier (IBPB)
+Boris: Have X86_FEATURE_SPEC_CTRL be bit 20 in the 7th word because
+X86_FEATURE_RSB_CTXSW will become bit 19 in a follow-on patch and
+that could cause trouble, see bsc#1088147.
+
+I make RSB_CTXSW be bit 19 because it is that number upstream and the
+closer we are to upstream, the better.
+
Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
---
@@ -26,7 +33,7 @@ Signed-off-by: Borislav Petkov <bp@suse.de>
#define X86_FEATURE_PTS (7*32+ 6) /* Intel Package Thermal Status */
#define X86_FEATURE_DTHERM (7*32+ 7) /* Digital Thermal Sensor */
#define X86_FEATURE_INVPCID_SINGLE (7*32+ 8) /* Effectively INVPCID && CR4.PCIDE=1 */
-+#define X86_FEATURE_SPEC_CTRL ( 7*32+19) /* Control Speculation Control */
++#define X86_FEATURE_SPEC_CTRL ( 7*32+20) /* Control Speculation Control */
/* Because the ALTERNATIVE scheme is for members of the X86_FEATURE club... */
#define X86_FEATURE_KAISER ( 7*32+31) /* CONFIG_KAISER w/o nokaiser */
diff --git a/patches.suse/33-x86-microcode-Rescan-feature-flags-upon-late-loading.patch b/patches.suse/33-x86-microcode-Rescan-feature-flags-upon-late-loading.patch
index da6a42689c..4db4efc2ce 100644
--- a/patches.suse/33-x86-microcode-Rescan-feature-flags-upon-late-loading.patch
+++ b/patches.suse/33-x86-microcode-Rescan-feature-flags-upon-late-loading.patch
@@ -5,11 +5,15 @@ References: bsc#1075994 bsc#1075091
... so that /proc/cpuinfo mirrors the proper settings.
+Also, carve it out in a separate microcode_check() which is called in
+the init path too. See bsc#1088147, where it would install new microcode
+on init and not on reload but we would still need to call it then too.
+
Signed-off-by: Borislav Petkov <bp@suse.de>
---
- arch/x86/kernel/microcode_core.c | 3 +++
- 1 file changed, 3 insertions(+)
+ arch/x86/kernel/microcode_core.c | 18 +++++++++++++-----
+ 1 file changed, 13 insertions(+), 5 deletions(-)
--- a/arch/x86/kernel/microcode_core.c
+++ b/arch/x86/kernel/microcode_core.c
@@ -22,11 +26,40 @@ Signed-off-by: Borislav Petkov <bp@suse.de>
MODULE_DESCRIPTION("Microcode Update Driver");
MODULE_AUTHOR("Tigran Aivazian <tigran@aivazian.fsnet.co.uk>");
MODULE_LICENSE("GPL");
-@@ -325,6 +327,7 @@ static ssize_t reload_store(struct sys_d
- if (!ret) {
- perf_check_microcode();
- x86_spec_check();
-+ cpu_caps_sync_late();
+@@ -292,6 +294,13 @@ static int reload_for_cpu(int cpu)
+ return err;
+ }
+
++static void microcode_check(void)
++{
++ perf_check_microcode();
++ x86_spec_check();
++ cpu_caps_sync_late();
++}
++
+ static ssize_t reload_store(struct sys_device *dev,
+ struct sysdev_attribute *attr,
+ const char *buf, size_t size)
+@@ -322,10 +331,8 @@ static ssize_t reload_store(struct sys_d
+ if (!ret)
+ ret = tmp_ret;
}
+- if (!ret) {
+- perf_check_microcode();
+- x86_spec_check();
+- }
++ if (!ret)
++ microcode_check();
mutex_unlock(&microcode_mutex);
+ put_online_cpus();
+@@ -541,7 +548,8 @@ static int __init microcode_init(void)
+
+ error = sysdev_driver_register(&cpu_sysdev_class, &mc_sysdev_driver);
+ if (!error)
+- perf_check_microcode();
++ microcode_check();
++
+ mutex_unlock(&microcode_mutex);
+ put_online_cpus();
+