Commit 49bd6ecf authored by Josh Poimboeuf's avatar Josh Poimboeuf Committed by Yang Yingliang
Browse files

x86/srso: Set CPUID feature bits independently of bug or mitigation status 

mainline inclusion
from mainline-v6.6-rc3
commit 91857ae2
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I9NZ3E

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=91857ae20303cc98ed36720d9868fcd604a2ee75



--------------------------------

Booting with mitigations=off incorrectly prevents the
X86_FEATURE_{IBPB_BRTYPE,SBPB} CPUID bits from getting set.

Also, future CPUs without X86_BUG_SRSO might still have IBPB with branch
type prediction flushing, in which case SBPB should be used instead of
IBPB.  The current code doesn't allow for that.

Also, cpu_has_ibpb_brtype_microcode() has some surprising side effects
and the setting of these feature bits really doesn't belong in the
mitigation code anyway.  Move it to earlier.

Fixes: fb3bd914 ("x86/srso: Add a Speculative RAS Overflow mitigation")
Signed-off-by: default avatarJosh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
Signed-off-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: default avatarNikolay Borisov <nik.borisov@suse.com>
Reviewed-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
Acked-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/869a1709abfe13b673bdd10c2f4332ca253a40bc.1693889988.git.jpoimboe@kernel.org


Conflicts:
	arch/x86/include/asm/processor.h
	arch/x86/kernel/cpu/amd.c
[yyl: adjust context]
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
parent 34c4be6c

arch/x86/include/asm/processor.h

+0 −2
Original line number Diff line number Diff line
@@ -839,12 +839,10 @@ extern u16 get_llc_id(unsigned int cpu); 
extern u16 amd_get_nb_id(int cpu);

extern u32 amd_get_nodes_per_socket(void);

extern void amd_clear_divider(void);

extern bool cpu_has_ibpb_brtype_microcode(void);

#else

static inline u16 amd_get_nb_id(int cpu)		{ return 0; }

static inline u32 amd_get_nodes_per_socket(void)	{ return 0; }

static inline void amd_clear_divider(void)		{ }

static inline bool cpu_has_ibpb_brtype_microcode(void)	{ return false; }

#endif



static inline uint32_t hypervisor_cpuid_base(const char *sig, uint32_t leaves)

arch/x86/kernel/cpu/amd.c

+9 −19
Original line number Diff line number Diff line
@@ -783,6 +783,15 @@ static void early_init_amd(struct cpuinfo_x86 *c) 


	if (cpu_has(c, X86_FEATURE_TOPOEXT))

		smp_num_siblings = ((cpuid_ebx(0x8000001e) >> 8) & 0xff) + 1;



	if (!cpu_has(c, X86_FEATURE_IBPB_BRTYPE)) {

		if (c->x86 == 0x17 && boot_cpu_has(X86_FEATURE_AMD_IBPB))

			setup_force_cpu_cap(X86_FEATURE_IBPB_BRTYPE);

		else if (c->x86 >= 0x19 && !wrmsrl_safe(MSR_IA32_PRED_CMD, PRED_CMD_SBPB)) {

			setup_force_cpu_cap(X86_FEATURE_IBPB_BRTYPE);

			setup_force_cpu_cap(X86_FEATURE_SBPB);

		}

	}

}



static void init_amd_k8(struct cpuinfo_x86 *c)
@@ -1326,25 +1335,6 @@ void set_dr_addr_mask(unsigned long mask, int dr) 
	}

}



bool cpu_has_ibpb_brtype_microcode(void)

{

	switch (boot_cpu_data.x86) {

	/* Zen1/2 IBPB flushes branch type predictions too. */

	case 0x17:

		return boot_cpu_has(X86_FEATURE_AMD_IBPB);

	case 0x19:

		/* Poke the MSR bit on Zen3/4 to check its presence. */

		if (!wrmsrl_safe(MSR_IA32_PRED_CMD, PRED_CMD_SBPB)) {

			setup_force_cpu_cap(X86_FEATURE_SBPB);

			return true;

		} else {

			return false;

		}

	default:

		return false;

	}

}



static void zenbleed_check_cpu(void *unused)

{

	struct cpuinfo_x86 *c = &cpu_data(smp_processor_id());

arch/x86/kernel/cpu/bugs.c

+1 −12
Original line number Diff line number Diff line
@@ -2302,26 +2302,15 @@ early_param("spec_rstack_overflow", srso_parse_cmdline); 


static void __init srso_select_mitigation(void)

{

	bool has_microcode;

	bool has_microcode = boot_cpu_has(X86_FEATURE_IBPB_BRTYPE);



	if (!boot_cpu_has_bug(X86_BUG_SRSO) || cpu_mitigations_off())

		goto pred_cmd;



	/*

	 * The first check is for the kernel running as a guest in order

	 * for guests to verify whether IBPB is a viable mitigation.

	 */

	has_microcode = boot_cpu_has(X86_FEATURE_IBPB_BRTYPE) || cpu_has_ibpb_brtype_microcode();

	if (!has_microcode) {

		pr_warn("IBPB-extending microcode not applied!\n");

		pr_warn(SRSO_NOTICE);

	} else {

		/*

		 * Enable the synthetic (even if in a real CPUID leaf)

		 * flags for guests.

		 */

		setup_force_cpu_cap(X86_FEATURE_IBPB_BRTYPE);



		/*

		 * Zen1/2 with SMT off aren't vulnerable after the right

		 * IBPB microcode has been applied.