Contents of /trunk/kernel-alx/patches-4.9/0201-4.9.102-all-fixes.patch
Parent Directory | Revision Log
Revision 3178 -
(show annotations)
(download)
Wed Aug 8 14:17:31 2018 UTC (6 years, 1 month ago) by niro
File size: 115660 byte(s)
Wed Aug 8 14:17:31 2018 UTC (6 years, 1 month ago) by niro
File size: 115660 byte(s)
-linux-4.9.102
1 | diff --git a/Documentation/ABI/testing/sysfs-devices-system-cpu b/Documentation/ABI/testing/sysfs-devices-system-cpu |
2 | index dfd56ec7a850..6d75a9c00e8a 100644 |
3 | --- a/Documentation/ABI/testing/sysfs-devices-system-cpu |
4 | +++ b/Documentation/ABI/testing/sysfs-devices-system-cpu |
5 | @@ -355,6 +355,7 @@ What: /sys/devices/system/cpu/vulnerabilities |
6 | /sys/devices/system/cpu/vulnerabilities/meltdown |
7 | /sys/devices/system/cpu/vulnerabilities/spectre_v1 |
8 | /sys/devices/system/cpu/vulnerabilities/spectre_v2 |
9 | + /sys/devices/system/cpu/vulnerabilities/spec_store_bypass |
10 | Date: January 2018 |
11 | Contact: Linux kernel mailing list <linux-kernel@vger.kernel.org> |
12 | Description: Information about CPU vulnerabilities |
13 | diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt |
14 | index 5f9e51436a99..52240a63132e 100644 |
15 | --- a/Documentation/kernel-parameters.txt |
16 | +++ b/Documentation/kernel-parameters.txt |
17 | @@ -2699,6 +2699,9 @@ bytes respectively. Such letter suffixes can also be entirely omitted. |
18 | allow data leaks with this option, which is equivalent |
19 | to spectre_v2=off. |
20 | |
21 | + nospec_store_bypass_disable |
22 | + [HW] Disable all mitigations for the Speculative Store Bypass vulnerability |
23 | + |
24 | noxsave [BUGS=X86] Disables x86 extended register state save |
25 | and restore using xsave. The kernel will fallback to |
26 | enabling legacy floating-point and sse state. |
27 | @@ -3973,6 +3976,48 @@ bytes respectively. Such letter suffixes can also be entirely omitted. |
28 | Not specifying this option is equivalent to |
29 | spectre_v2=auto. |
30 | |
31 | + spec_store_bypass_disable= |
32 | + [HW] Control Speculative Store Bypass (SSB) Disable mitigation |
33 | + (Speculative Store Bypass vulnerability) |
34 | + |
35 | + Certain CPUs are vulnerable to an exploit against a |
36 | + a common industry wide performance optimization known |
37 | + as "Speculative Store Bypass" in which recent stores |
38 | + to the same memory location may not be observed by |
39 | + later loads during speculative execution. The idea |
40 | + is that such stores are unlikely and that they can |
41 | + be detected prior to instruction retirement at the |
42 | + end of a particular speculation execution window. |
43 | + |
44 | + In vulnerable processors, the speculatively forwarded |
45 | + store can be used in a cache side channel attack, for |
46 | + example to read memory to which the attacker does not |
47 | + directly have access (e.g. inside sandboxed code). |
48 | + |
49 | + This parameter controls whether the Speculative Store |
50 | + Bypass optimization is used. |
51 | + |
52 | + on - Unconditionally disable Speculative Store Bypass |
53 | + off - Unconditionally enable Speculative Store Bypass |
54 | + auto - Kernel detects whether the CPU model contains an |
55 | + implementation of Speculative Store Bypass and |
56 | + picks the most appropriate mitigation. If the |
57 | + CPU is not vulnerable, "off" is selected. If the |
58 | + CPU is vulnerable the default mitigation is |
59 | + architecture and Kconfig dependent. See below. |
60 | + prctl - Control Speculative Store Bypass per thread |
61 | + via prctl. Speculative Store Bypass is enabled |
62 | + for a process by default. The state of the control |
63 | + is inherited on fork. |
64 | + seccomp - Same as "prctl" above, but all seccomp threads |
65 | + will disable SSB unless they explicitly opt out. |
66 | + |
67 | + Not specifying this option is equivalent to |
68 | + spec_store_bypass_disable=auto. |
69 | + |
70 | + Default mitigations: |
71 | + X86: If CONFIG_SECCOMP=y "seccomp", otherwise "prctl" |
72 | + |
73 | spia_io_base= [HW,MTD] |
74 | spia_fio_base= |
75 | spia_pedr= |
76 | diff --git a/Documentation/spec_ctrl.txt b/Documentation/spec_ctrl.txt |
77 | new file mode 100644 |
78 | index 000000000000..32f3d55c54b7 |
79 | --- /dev/null |
80 | +++ b/Documentation/spec_ctrl.txt |
81 | @@ -0,0 +1,94 @@ |
82 | +=================== |
83 | +Speculation Control |
84 | +=================== |
85 | + |
86 | +Quite some CPUs have speculation-related misfeatures which are in |
87 | +fact vulnerabilities causing data leaks in various forms even across |
88 | +privilege domains. |
89 | + |
90 | +The kernel provides mitigation for such vulnerabilities in various |
91 | +forms. Some of these mitigations are compile-time configurable and some |
92 | +can be supplied on the kernel command line. |
93 | + |
94 | +There is also a class of mitigations which are very expensive, but they can |
95 | +be restricted to a certain set of processes or tasks in controlled |
96 | +environments. The mechanism to control these mitigations is via |
97 | +:manpage:`prctl(2)`. |
98 | + |
99 | +There are two prctl options which are related to this: |
100 | + |
101 | + * PR_GET_SPECULATION_CTRL |
102 | + |
103 | + * PR_SET_SPECULATION_CTRL |
104 | + |
105 | +PR_GET_SPECULATION_CTRL |
106 | +----------------------- |
107 | + |
108 | +PR_GET_SPECULATION_CTRL returns the state of the speculation misfeature |
109 | +which is selected with arg2 of prctl(2). The return value uses bits 0-3 with |
110 | +the following meaning: |
111 | + |
112 | +==== ===================== =================================================== |
113 | +Bit Define Description |
114 | +==== ===================== =================================================== |
115 | +0 PR_SPEC_PRCTL Mitigation can be controlled per task by |
116 | + PR_SET_SPECULATION_CTRL. |
117 | +1 PR_SPEC_ENABLE The speculation feature is enabled, mitigation is |
118 | + disabled. |
119 | +2 PR_SPEC_DISABLE The speculation feature is disabled, mitigation is |
120 | + enabled. |
121 | +3 PR_SPEC_FORCE_DISABLE Same as PR_SPEC_DISABLE, but cannot be undone. A |
122 | + subsequent prctl(..., PR_SPEC_ENABLE) will fail. |
123 | +==== ===================== =================================================== |
124 | + |
125 | +If all bits are 0 the CPU is not affected by the speculation misfeature. |
126 | + |
127 | +If PR_SPEC_PRCTL is set, then the per-task control of the mitigation is |
128 | +available. If not set, prctl(PR_SET_SPECULATION_CTRL) for the speculation |
129 | +misfeature will fail. |
130 | + |
131 | +PR_SET_SPECULATION_CTRL |
132 | +----------------------- |
133 | + |
134 | +PR_SET_SPECULATION_CTRL allows to control the speculation misfeature, which |
135 | +is selected by arg2 of :manpage:`prctl(2)` per task. arg3 is used to hand |
136 | +in the control value, i.e. either PR_SPEC_ENABLE or PR_SPEC_DISABLE or |
137 | +PR_SPEC_FORCE_DISABLE. |
138 | + |
139 | +Common error codes |
140 | +------------------ |
141 | +======= ================================================================= |
142 | +Value Meaning |
143 | +======= ================================================================= |
144 | +EINVAL The prctl is not implemented by the architecture or unused |
145 | + prctl(2) arguments are not 0. |
146 | + |
147 | +ENODEV arg2 is selecting a not supported speculation misfeature. |
148 | +======= ================================================================= |
149 | + |
150 | +PR_SET_SPECULATION_CTRL error codes |
151 | +----------------------------------- |
152 | +======= ================================================================= |
153 | +Value Meaning |
154 | +======= ================================================================= |
155 | +0 Success |
156 | + |
157 | +ERANGE arg3 is incorrect, i.e. it's neither PR_SPEC_ENABLE nor |
158 | + PR_SPEC_DISABLE nor PR_SPEC_FORCE_DISABLE. |
159 | + |
160 | +ENXIO Control of the selected speculation misfeature is not possible. |
161 | + See PR_GET_SPECULATION_CTRL. |
162 | + |
163 | +EPERM Speculation was disabled with PR_SPEC_FORCE_DISABLE and caller |
164 | + tried to enable it again. |
165 | +======= ================================================================= |
166 | + |
167 | +Speculation misfeature controls |
168 | +------------------------------- |
169 | +- PR_SPEC_STORE_BYPASS: Speculative Store Bypass |
170 | + |
171 | + Invocations: |
172 | + * prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, 0, 0, 0); |
173 | + * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_ENABLE, 0, 0); |
174 | + * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0); |
175 | + * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_FORCE_DISABLE, 0, 0); |
176 | diff --git a/Makefile b/Makefile |
177 | index 7d7bda23db8f..d84c39c290f7 100644 |
178 | --- a/Makefile |
179 | +++ b/Makefile |
180 | @@ -1,6 +1,6 @@ |
181 | VERSION = 4 |
182 | PATCHLEVEL = 9 |
183 | -SUBLEVEL = 101 |
184 | +SUBLEVEL = 102 |
185 | EXTRAVERSION = |
186 | NAME = Roaring Lionus |
187 | |
188 | diff --git a/arch/arm/include/asm/assembler.h b/arch/arm/include/asm/assembler.h |
189 | index 12f99fd2e3b2..3aed4492c9a7 100644 |
190 | --- a/arch/arm/include/asm/assembler.h |
191 | +++ b/arch/arm/include/asm/assembler.h |
192 | @@ -534,4 +534,14 @@ THUMB( orr \reg , \reg , #PSR_T_BIT ) |
193 | #endif |
194 | .endm |
195 | |
196 | +#ifdef CONFIG_KPROBES |
197 | +#define _ASM_NOKPROBE(entry) \ |
198 | + .pushsection "_kprobe_blacklist", "aw" ; \ |
199 | + .balign 4 ; \ |
200 | + .long entry; \ |
201 | + .popsection |
202 | +#else |
203 | +#define _ASM_NOKPROBE(entry) |
204 | +#endif |
205 | + |
206 | #endif /* __ASM_ASSEMBLER_H__ */ |
207 | diff --git a/arch/arm/include/asm/kvm_mmu.h b/arch/arm/include/asm/kvm_mmu.h |
208 | index d10e36235438..7f66b1b3aca1 100644 |
209 | --- a/arch/arm/include/asm/kvm_mmu.h |
210 | +++ b/arch/arm/include/asm/kvm_mmu.h |
211 | @@ -223,6 +223,22 @@ static inline unsigned int kvm_get_vmid_bits(void) |
212 | return 8; |
213 | } |
214 | |
215 | +/* |
216 | + * We are not in the kvm->srcu critical section most of the time, so we take |
217 | + * the SRCU read lock here. Since we copy the data from the user page, we |
218 | + * can immediately drop the lock again. |
219 | + */ |
220 | +static inline int kvm_read_guest_lock(struct kvm *kvm, |
221 | + gpa_t gpa, void *data, unsigned long len) |
222 | +{ |
223 | + int srcu_idx = srcu_read_lock(&kvm->srcu); |
224 | + int ret = kvm_read_guest(kvm, gpa, data, len); |
225 | + |
226 | + srcu_read_unlock(&kvm->srcu, srcu_idx); |
227 | + |
228 | + return ret; |
229 | +} |
230 | + |
231 | static inline void *kvm_get_hyp_vector(void) |
232 | { |
233 | return kvm_ksym_ref(__kvm_hyp_vector); |
234 | diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c |
235 | index 1b304897aa12..aa316a7562b1 100644 |
236 | --- a/arch/arm/kernel/traps.c |
237 | +++ b/arch/arm/kernel/traps.c |
238 | @@ -19,6 +19,7 @@ |
239 | #include <linux/uaccess.h> |
240 | #include <linux/hardirq.h> |
241 | #include <linux/kdebug.h> |
242 | +#include <linux/kprobes.h> |
243 | #include <linux/module.h> |
244 | #include <linux/kexec.h> |
245 | #include <linux/bug.h> |
246 | @@ -415,7 +416,8 @@ void unregister_undef_hook(struct undef_hook *hook) |
247 | raw_spin_unlock_irqrestore(&undef_lock, flags); |
248 | } |
249 | |
250 | -static int call_undef_hook(struct pt_regs *regs, unsigned int instr) |
251 | +static nokprobe_inline |
252 | +int call_undef_hook(struct pt_regs *regs, unsigned int instr) |
253 | { |
254 | struct undef_hook *hook; |
255 | unsigned long flags; |
256 | @@ -488,6 +490,7 @@ asmlinkage void __exception do_undefinstr(struct pt_regs *regs) |
257 | |
258 | arm_notify_die("Oops - undefined instruction", regs, &info, 0, 6); |
259 | } |
260 | +NOKPROBE_SYMBOL(do_undefinstr) |
261 | |
262 | /* |
263 | * Handle FIQ similarly to NMI on x86 systems. |
264 | diff --git a/arch/arm/lib/getuser.S b/arch/arm/lib/getuser.S |
265 | index df73914e81c8..746e7801dcdf 100644 |
266 | --- a/arch/arm/lib/getuser.S |
267 | +++ b/arch/arm/lib/getuser.S |
268 | @@ -38,6 +38,7 @@ ENTRY(__get_user_1) |
269 | mov r0, #0 |
270 | ret lr |
271 | ENDPROC(__get_user_1) |
272 | +_ASM_NOKPROBE(__get_user_1) |
273 | |
274 | ENTRY(__get_user_2) |
275 | check_uaccess r0, 2, r1, r2, __get_user_bad |
276 | @@ -58,6 +59,7 @@ rb .req r0 |
277 | mov r0, #0 |
278 | ret lr |
279 | ENDPROC(__get_user_2) |
280 | +_ASM_NOKPROBE(__get_user_2) |
281 | |
282 | ENTRY(__get_user_4) |
283 | check_uaccess r0, 4, r1, r2, __get_user_bad |
284 | @@ -65,6 +67,7 @@ ENTRY(__get_user_4) |
285 | mov r0, #0 |
286 | ret lr |
287 | ENDPROC(__get_user_4) |
288 | +_ASM_NOKPROBE(__get_user_4) |
289 | |
290 | ENTRY(__get_user_8) |
291 | check_uaccess r0, 8, r1, r2, __get_user_bad8 |
292 | @@ -78,6 +81,7 @@ ENTRY(__get_user_8) |
293 | mov r0, #0 |
294 | ret lr |
295 | ENDPROC(__get_user_8) |
296 | +_ASM_NOKPROBE(__get_user_8) |
297 | |
298 | #ifdef __ARMEB__ |
299 | ENTRY(__get_user_32t_8) |
300 | @@ -91,6 +95,7 @@ ENTRY(__get_user_32t_8) |
301 | mov r0, #0 |
302 | ret lr |
303 | ENDPROC(__get_user_32t_8) |
304 | +_ASM_NOKPROBE(__get_user_32t_8) |
305 | |
306 | ENTRY(__get_user_64t_1) |
307 | check_uaccess r0, 1, r1, r2, __get_user_bad8 |
308 | @@ -98,6 +103,7 @@ ENTRY(__get_user_64t_1) |
309 | mov r0, #0 |
310 | ret lr |
311 | ENDPROC(__get_user_64t_1) |
312 | +_ASM_NOKPROBE(__get_user_64t_1) |
313 | |
314 | ENTRY(__get_user_64t_2) |
315 | check_uaccess r0, 2, r1, r2, __get_user_bad8 |
316 | @@ -114,6 +120,7 @@ rb .req r0 |
317 | mov r0, #0 |
318 | ret lr |
319 | ENDPROC(__get_user_64t_2) |
320 | +_ASM_NOKPROBE(__get_user_64t_2) |
321 | |
322 | ENTRY(__get_user_64t_4) |
323 | check_uaccess r0, 4, r1, r2, __get_user_bad8 |
324 | @@ -121,6 +128,7 @@ ENTRY(__get_user_64t_4) |
325 | mov r0, #0 |
326 | ret lr |
327 | ENDPROC(__get_user_64t_4) |
328 | +_ASM_NOKPROBE(__get_user_64t_4) |
329 | #endif |
330 | |
331 | __get_user_bad8: |
332 | @@ -131,6 +139,8 @@ __get_user_bad: |
333 | ret lr |
334 | ENDPROC(__get_user_bad) |
335 | ENDPROC(__get_user_bad8) |
336 | +_ASM_NOKPROBE(__get_user_bad) |
337 | +_ASM_NOKPROBE(__get_user_bad8) |
338 | |
339 | .pushsection __ex_table, "a" |
340 | .long 1b, __get_user_bad |
341 | diff --git a/arch/arm/probes/kprobes/opt-arm.c b/arch/arm/probes/kprobes/opt-arm.c |
342 | index bcdecc25461b..b2aa9b32bff2 100644 |
343 | --- a/arch/arm/probes/kprobes/opt-arm.c |
344 | +++ b/arch/arm/probes/kprobes/opt-arm.c |
345 | @@ -165,13 +165,14 @@ optimized_callback(struct optimized_kprobe *op, struct pt_regs *regs) |
346 | { |
347 | unsigned long flags; |
348 | struct kprobe *p = &op->kp; |
349 | - struct kprobe_ctlblk *kcb = get_kprobe_ctlblk(); |
350 | + struct kprobe_ctlblk *kcb; |
351 | |
352 | /* Save skipped registers */ |
353 | regs->ARM_pc = (unsigned long)op->kp.addr; |
354 | regs->ARM_ORIG_r0 = ~0UL; |
355 | |
356 | local_irq_save(flags); |
357 | + kcb = get_kprobe_ctlblk(); |
358 | |
359 | if (kprobe_running()) { |
360 | kprobes_inc_nmissed_count(&op->kp); |
361 | @@ -191,6 +192,7 @@ optimized_callback(struct optimized_kprobe *op, struct pt_regs *regs) |
362 | |
363 | local_irq_restore(flags); |
364 | } |
365 | +NOKPROBE_SYMBOL(optimized_callback) |
366 | |
367 | int arch_prepare_optimized_kprobe(struct optimized_kprobe *op, struct kprobe *orig) |
368 | { |
369 | diff --git a/arch/arm64/include/asm/kvm_mmu.h b/arch/arm64/include/asm/kvm_mmu.h |
370 | index 80bf33715ecb..eac73a640ea7 100644 |
371 | --- a/arch/arm64/include/asm/kvm_mmu.h |
372 | +++ b/arch/arm64/include/asm/kvm_mmu.h |
373 | @@ -313,6 +313,22 @@ static inline unsigned int kvm_get_vmid_bits(void) |
374 | return (cpuid_feature_extract_unsigned_field(reg, ID_AA64MMFR1_VMIDBITS_SHIFT) == 2) ? 16 : 8; |
375 | } |
376 | |
377 | +/* |
378 | + * We are not in the kvm->srcu critical section most of the time, so we take |
379 | + * the SRCU read lock here. Since we copy the data from the user page, we |
380 | + * can immediately drop the lock again. |
381 | + */ |
382 | +static inline int kvm_read_guest_lock(struct kvm *kvm, |
383 | + gpa_t gpa, void *data, unsigned long len) |
384 | +{ |
385 | + int srcu_idx = srcu_read_lock(&kvm->srcu); |
386 | + int ret = kvm_read_guest(kvm, gpa, data, len); |
387 | + |
388 | + srcu_read_unlock(&kvm->srcu, srcu_idx); |
389 | + |
390 | + return ret; |
391 | +} |
392 | + |
393 | #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR |
394 | #include <asm/mmu.h> |
395 | |
396 | diff --git a/arch/powerpc/kernel/setup-common.c b/arch/powerpc/kernel/setup-common.c |
397 | index f516ac508ae3..bf0f712ac0e0 100644 |
398 | --- a/arch/powerpc/kernel/setup-common.c |
399 | +++ b/arch/powerpc/kernel/setup-common.c |
400 | @@ -228,14 +228,6 @@ static int show_cpuinfo(struct seq_file *m, void *v) |
401 | unsigned short maj; |
402 | unsigned short min; |
403 | |
404 | - /* We only show online cpus: disable preempt (overzealous, I |
405 | - * knew) to prevent cpu going down. */ |
406 | - preempt_disable(); |
407 | - if (!cpu_online(cpu_id)) { |
408 | - preempt_enable(); |
409 | - return 0; |
410 | - } |
411 | - |
412 | #ifdef CONFIG_SMP |
413 | pvr = per_cpu(cpu_pvr, cpu_id); |
414 | #else |
415 | @@ -340,9 +332,6 @@ static int show_cpuinfo(struct seq_file *m, void *v) |
416 | #ifdef CONFIG_SMP |
417 | seq_printf(m, "\n"); |
418 | #endif |
419 | - |
420 | - preempt_enable(); |
421 | - |
422 | /* If this is the last cpu, print the summary */ |
423 | if (cpumask_next(cpu_id, cpu_online_mask) >= nr_cpu_ids) |
424 | show_cpuinfo_summary(m); |
425 | diff --git a/arch/powerpc/platforms/powernv/opal-nvram.c b/arch/powerpc/platforms/powernv/opal-nvram.c |
426 | index 1bceb95f422d..5584247f5029 100644 |
427 | --- a/arch/powerpc/platforms/powernv/opal-nvram.c |
428 | +++ b/arch/powerpc/platforms/powernv/opal-nvram.c |
429 | @@ -44,6 +44,10 @@ static ssize_t opal_nvram_read(char *buf, size_t count, loff_t *index) |
430 | return count; |
431 | } |
432 | |
433 | +/* |
434 | + * This can be called in the panic path with interrupts off, so use |
435 | + * mdelay in that case. |
436 | + */ |
437 | static ssize_t opal_nvram_write(char *buf, size_t count, loff_t *index) |
438 | { |
439 | s64 rc = OPAL_BUSY; |
440 | @@ -58,10 +62,16 @@ static ssize_t opal_nvram_write(char *buf, size_t count, loff_t *index) |
441 | while (rc == OPAL_BUSY || rc == OPAL_BUSY_EVENT) { |
442 | rc = opal_write_nvram(__pa(buf), count, off); |
443 | if (rc == OPAL_BUSY_EVENT) { |
444 | - msleep(OPAL_BUSY_DELAY_MS); |
445 | + if (in_interrupt() || irqs_disabled()) |
446 | + mdelay(OPAL_BUSY_DELAY_MS); |
447 | + else |
448 | + msleep(OPAL_BUSY_DELAY_MS); |
449 | opal_poll_events(NULL); |
450 | } else if (rc == OPAL_BUSY) { |
451 | - msleep(OPAL_BUSY_DELAY_MS); |
452 | + if (in_interrupt() || irqs_disabled()) |
453 | + mdelay(OPAL_BUSY_DELAY_MS); |
454 | + else |
455 | + msleep(OPAL_BUSY_DELAY_MS); |
456 | } |
457 | } |
458 | |
459 | diff --git a/arch/s390/kernel/irq.c b/arch/s390/kernel/irq.c |
460 | index 285d6561076d..7ff976737bb1 100644 |
461 | --- a/arch/s390/kernel/irq.c |
462 | +++ b/arch/s390/kernel/irq.c |
463 | @@ -173,10 +173,9 @@ void do_softirq_own_stack(void) |
464 | new -= STACK_FRAME_OVERHEAD; |
465 | ((struct stack_frame *) new)->back_chain = old; |
466 | asm volatile(" la 15,0(%0)\n" |
467 | - " basr 14,%2\n" |
468 | + " brasl 14,__do_softirq\n" |
469 | " la 15,0(%1)\n" |
470 | - : : "a" (new), "a" (old), |
471 | - "a" (__do_softirq) |
472 | + : : "a" (new), "a" (old) |
473 | : "0", "1", "2", "3", "4", "5", "14", |
474 | "cc", "memory" ); |
475 | } else { |
476 | diff --git a/arch/s390/kernel/perf_cpum_sf.c b/arch/s390/kernel/perf_cpum_sf.c |
477 | index fcc634c1479a..96e4fcad57bf 100644 |
478 | --- a/arch/s390/kernel/perf_cpum_sf.c |
479 | +++ b/arch/s390/kernel/perf_cpum_sf.c |
480 | @@ -739,6 +739,10 @@ static int __hw_perf_event_init(struct perf_event *event) |
481 | */ |
482 | rate = 0; |
483 | if (attr->freq) { |
484 | + if (!attr->sample_freq) { |
485 | + err = -EINVAL; |
486 | + goto out; |
487 | + } |
488 | rate = freq_to_sample_rate(&si, attr->sample_freq); |
489 | rate = hw_limit_rate(&si, rate); |
490 | attr->freq = 0; |
491 | diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c |
492 | index cc69e37548db..c0ad1bb27fa2 100644 |
493 | --- a/arch/x86/boot/compressed/eboot.c |
494 | +++ b/arch/x86/boot/compressed/eboot.c |
495 | @@ -330,7 +330,8 @@ __setup_efi_pci32(efi_pci_io_protocol_32 *pci, struct pci_setup_rom **__rom) |
496 | if (status != EFI_SUCCESS) |
497 | goto free_struct; |
498 | |
499 | - memcpy(rom->romdata, pci->romimage, pci->romsize); |
500 | + memcpy(rom->romdata, (void *)(unsigned long)pci->romimage, |
501 | + pci->romsize); |
502 | return status; |
503 | |
504 | free_struct: |
505 | @@ -436,7 +437,8 @@ __setup_efi_pci64(efi_pci_io_protocol_64 *pci, struct pci_setup_rom **__rom) |
506 | if (status != EFI_SUCCESS) |
507 | goto free_struct; |
508 | |
509 | - memcpy(rom->romdata, pci->romimage, pci->romsize); |
510 | + memcpy(rom->romdata, (void *)(unsigned long)pci->romimage, |
511 | + pci->romsize); |
512 | return status; |
513 | |
514 | free_struct: |
515 | diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h |
516 | index a2485311164b..c278f276c9b3 100644 |
517 | --- a/arch/x86/include/asm/cpufeatures.h |
518 | +++ b/arch/x86/include/asm/cpufeatures.h |
519 | @@ -197,6 +197,9 @@ |
520 | #define X86_FEATURE_RETPOLINE ( 7*32+12) /* "" Generic Retpoline mitigation for Spectre variant 2 */ |
521 | #define X86_FEATURE_RETPOLINE_AMD ( 7*32+13) /* "" AMD Retpoline mitigation for Spectre variant 2 */ |
522 | |
523 | +#define X86_FEATURE_MSR_SPEC_CTRL ( 7*32+16) /* "" MSR SPEC_CTRL is implemented */ |
524 | +#define X86_FEATURE_SSBD ( 7*32+17) /* Speculative Store Bypass Disable */ |
525 | + |
526 | #define X86_FEATURE_RSB_CTXSW ( 7*32+19) /* "" Fill RSB on context switches */ |
527 | |
528 | /* Because the ALTERNATIVE scheme is for members of the X86_FEATURE club... */ |
529 | @@ -204,6 +207,13 @@ |
530 | |
531 | #define X86_FEATURE_USE_IBPB ( 7*32+21) /* "" Indirect Branch Prediction Barrier enabled */ |
532 | #define X86_FEATURE_USE_IBRS_FW ( 7*32+22) /* "" Use IBRS during runtime firmware calls */ |
533 | +#define X86_FEATURE_SPEC_STORE_BYPASS_DISABLE ( 7*32+23) /* "" Disable Speculative Store Bypass. */ |
534 | +#define X86_FEATURE_LS_CFG_SSBD ( 7*32+24) /* "" AMD SSBD implementation */ |
535 | +#define X86_FEATURE_IBRS ( 7*32+25) /* Indirect Branch Restricted Speculation */ |
536 | +#define X86_FEATURE_IBPB ( 7*32+26) /* Indirect Branch Prediction Barrier */ |
537 | +#define X86_FEATURE_STIBP ( 7*32+27) /* Single Thread Indirect Branch Predictors */ |
538 | +#define X86_FEATURE_ZEN ( 7*32+28) /* "" CPU is AMD family 0x17 (Zen) */ |
539 | + |
540 | |
541 | /* Virtualization flags: Linux defined, word 8 */ |
542 | #define X86_FEATURE_TPR_SHADOW ( 8*32+ 0) /* Intel TPR Shadow */ |
543 | @@ -261,9 +271,10 @@ |
544 | /* AMD-defined CPU features, CPUID level 0x80000008 (ebx), word 13 */ |
545 | #define X86_FEATURE_CLZERO (13*32+0) /* CLZERO instruction */ |
546 | #define X86_FEATURE_IRPERF (13*32+1) /* Instructions Retired Count */ |
547 | -#define X86_FEATURE_IBPB (13*32+12) /* Indirect Branch Prediction Barrier */ |
548 | -#define X86_FEATURE_IBRS (13*32+14) /* Indirect Branch Restricted Speculation */ |
549 | -#define X86_FEATURE_STIBP (13*32+15) /* Single Thread Indirect Branch Predictors */ |
550 | +#define X86_FEATURE_AMD_IBPB (13*32+12) /* Indirect Branch Prediction Barrier */ |
551 | +#define X86_FEATURE_AMD_IBRS (13*32+14) /* Indirect Branch Restricted Speculation */ |
552 | +#define X86_FEATURE_AMD_STIBP (13*32+15) /* Single Thread Indirect Branch Predictors */ |
553 | +#define X86_FEATURE_VIRT_SSBD (13*32+25) /* Virtualized Speculative Store Bypass Disable */ |
554 | |
555 | /* Thermal and Power Management Leaf, CPUID level 0x00000006 (eax), word 14 */ |
556 | #define X86_FEATURE_DTHERM (14*32+ 0) /* Digital Thermal Sensor */ |
557 | @@ -299,6 +310,7 @@ |
558 | #define X86_FEATURE_SUCCOR (17*32+1) /* Uncorrectable error containment and recovery */ |
559 | #define X86_FEATURE_SMCA (17*32+3) /* Scalable MCA */ |
560 | |
561 | + |
562 | /* Intel-defined CPU features, CPUID level 0x00000007:0 (EDX), word 18 */ |
563 | #define X86_FEATURE_AVX512_4VNNIW (18*32+ 2) /* AVX-512 Neural Network Instructions */ |
564 | #define X86_FEATURE_AVX512_4FMAPS (18*32+ 3) /* AVX-512 Multiply Accumulation Single precision */ |
565 | @@ -306,6 +318,7 @@ |
566 | #define X86_FEATURE_SPEC_CTRL (18*32+26) /* "" Speculation Control (IBRS + IBPB) */ |
567 | #define X86_FEATURE_INTEL_STIBP (18*32+27) /* "" Single Thread Indirect Branch Predictors */ |
568 | #define X86_FEATURE_ARCH_CAPABILITIES (18*32+29) /* IA32_ARCH_CAPABILITIES MSR (Intel) */ |
569 | +#define X86_FEATURE_SPEC_CTRL_SSBD (18*32+31) /* "" Speculative Store Bypass Disable */ |
570 | |
571 | /* |
572 | * BUG word(s) |
573 | @@ -335,5 +348,6 @@ |
574 | #define X86_BUG_CPU_MELTDOWN X86_BUG(14) /* CPU is affected by meltdown attack and needs kernel page table isolation */ |
575 | #define X86_BUG_SPECTRE_V1 X86_BUG(15) /* CPU is affected by Spectre variant 1 attack with conditional branches */ |
576 | #define X86_BUG_SPECTRE_V2 X86_BUG(16) /* CPU is affected by Spectre variant 2 attack with indirect branches */ |
577 | +#define X86_BUG_SPEC_STORE_BYPASS X86_BUG(17) /* CPU is affected by speculative store bypass attack */ |
578 | |
579 | #endif /* _ASM_X86_CPUFEATURES_H */ |
580 | diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h |
581 | index 20cfeeb681c6..7598a6c26f76 100644 |
582 | --- a/arch/x86/include/asm/kvm_host.h |
583 | +++ b/arch/x86/include/asm/kvm_host.h |
584 | @@ -864,7 +864,7 @@ struct kvm_x86_ops { |
585 | int (*hardware_setup)(void); /* __init */ |
586 | void (*hardware_unsetup)(void); /* __exit */ |
587 | bool (*cpu_has_accelerated_tpr)(void); |
588 | - bool (*cpu_has_high_real_mode_segbase)(void); |
589 | + bool (*has_emulated_msr)(int index); |
590 | void (*cpuid_update)(struct kvm_vcpu *vcpu); |
591 | |
592 | int (*vm_init)(struct kvm *kvm); |
593 | diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h |
594 | index 5a295bb97103..733650874b30 100644 |
595 | --- a/arch/x86/include/asm/mmu_context.h |
596 | +++ b/arch/x86/include/asm/mmu_context.h |
597 | @@ -113,7 +113,7 @@ static inline int init_new_context(struct task_struct *tsk, |
598 | |
599 | #ifdef CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS |
600 | if (cpu_feature_enabled(X86_FEATURE_OSPKE)) { |
601 | - /* pkey 0 is the default and always allocated */ |
602 | + /* pkey 0 is the default and allocated implicitly */ |
603 | mm->context.pkey_allocation_map = 0x1; |
604 | /* -1 means unallocated or invalid */ |
605 | mm->context.execute_only_pkey = -1; |
606 | diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h |
607 | index c768bc1550a1..1ec13e253174 100644 |
608 | --- a/arch/x86/include/asm/msr-index.h |
609 | +++ b/arch/x86/include/asm/msr-index.h |
610 | @@ -40,6 +40,8 @@ |
611 | #define MSR_IA32_SPEC_CTRL 0x00000048 /* Speculation Control */ |
612 | #define SPEC_CTRL_IBRS (1 << 0) /* Indirect Branch Restricted Speculation */ |
613 | #define SPEC_CTRL_STIBP (1 << 1) /* Single Thread Indirect Branch Predictors */ |
614 | +#define SPEC_CTRL_SSBD_SHIFT 2 /* Speculative Store Bypass Disable bit */ |
615 | +#define SPEC_CTRL_SSBD (1 << SPEC_CTRL_SSBD_SHIFT) /* Speculative Store Bypass Disable */ |
616 | |
617 | #define MSR_IA32_PRED_CMD 0x00000049 /* Prediction Command */ |
618 | #define PRED_CMD_IBPB (1 << 0) /* Indirect Branch Prediction Barrier */ |
619 | @@ -61,6 +63,11 @@ |
620 | #define MSR_IA32_ARCH_CAPABILITIES 0x0000010a |
621 | #define ARCH_CAP_RDCL_NO (1 << 0) /* Not susceptible to Meltdown */ |
622 | #define ARCH_CAP_IBRS_ALL (1 << 1) /* Enhanced IBRS support */ |
623 | +#define ARCH_CAP_SSB_NO (1 << 4) /* |
624 | + * Not susceptible to Speculative Store Bypass |
625 | + * attack, so no Speculative Store Bypass |
626 | + * control required. |
627 | + */ |
628 | |
629 | #define MSR_IA32_BBL_CR_CTL 0x00000119 |
630 | #define MSR_IA32_BBL_CR_CTL3 0x0000011e |
631 | @@ -135,6 +142,7 @@ |
632 | |
633 | /* DEBUGCTLMSR bits (others vary by model): */ |
634 | #define DEBUGCTLMSR_LBR (1UL << 0) /* last branch recording */ |
635 | +#define DEBUGCTLMSR_BTF_SHIFT 1 |
636 | #define DEBUGCTLMSR_BTF (1UL << 1) /* single-step on branches */ |
637 | #define DEBUGCTLMSR_TR (1UL << 6) |
638 | #define DEBUGCTLMSR_BTS (1UL << 7) |
639 | @@ -315,6 +323,8 @@ |
640 | #define MSR_AMD64_IBSOPDATA4 0xc001103d |
641 | #define MSR_AMD64_IBS_REG_COUNT_MAX 8 /* includes MSR_AMD64_IBSBRTARGET */ |
642 | |
643 | +#define MSR_AMD64_VIRT_SPEC_CTRL 0xc001011f |
644 | + |
645 | /* Fam 17h MSRs */ |
646 | #define MSR_F17H_IRPERF 0xc00000e9 |
647 | |
648 | diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h |
649 | index f928ad9b143f..8b38df98548e 100644 |
650 | --- a/arch/x86/include/asm/nospec-branch.h |
651 | +++ b/arch/x86/include/asm/nospec-branch.h |
652 | @@ -217,6 +217,14 @@ enum spectre_v2_mitigation { |
653 | SPECTRE_V2_IBRS, |
654 | }; |
655 | |
656 | +/* The Speculative Store Bypass disable variants */ |
657 | +enum ssb_mitigation { |
658 | + SPEC_STORE_BYPASS_NONE, |
659 | + SPEC_STORE_BYPASS_DISABLE, |
660 | + SPEC_STORE_BYPASS_PRCTL, |
661 | + SPEC_STORE_BYPASS_SECCOMP, |
662 | +}; |
663 | + |
664 | extern char __indirect_thunk_start[]; |
665 | extern char __indirect_thunk_end[]; |
666 | |
667 | @@ -241,22 +249,27 @@ static inline void vmexit_fill_RSB(void) |
668 | #endif |
669 | } |
670 | |
671 | -#define alternative_msr_write(_msr, _val, _feature) \ |
672 | - asm volatile(ALTERNATIVE("", \ |
673 | - "movl %[msr], %%ecx\n\t" \ |
674 | - "movl %[val], %%eax\n\t" \ |
675 | - "movl $0, %%edx\n\t" \ |
676 | - "wrmsr", \ |
677 | - _feature) \ |
678 | - : : [msr] "i" (_msr), [val] "i" (_val) \ |
679 | - : "eax", "ecx", "edx", "memory") |
680 | +static __always_inline |
681 | +void alternative_msr_write(unsigned int msr, u64 val, unsigned int feature) |
682 | +{ |
683 | + asm volatile(ALTERNATIVE("", "wrmsr", %c[feature]) |
684 | + : : "c" (msr), |
685 | + "a" ((u32)val), |
686 | + "d" ((u32)(val >> 32)), |
687 | + [feature] "i" (feature) |
688 | + : "memory"); |
689 | +} |
690 | |
691 | static inline void indirect_branch_prediction_barrier(void) |
692 | { |
693 | - alternative_msr_write(MSR_IA32_PRED_CMD, PRED_CMD_IBPB, |
694 | - X86_FEATURE_USE_IBPB); |
695 | + u64 val = PRED_CMD_IBPB; |
696 | + |
697 | + alternative_msr_write(MSR_IA32_PRED_CMD, val, X86_FEATURE_USE_IBPB); |
698 | } |
699 | |
700 | +/* The Intel SPEC CTRL MSR base value cache */ |
701 | +extern u64 x86_spec_ctrl_base; |
702 | + |
703 | /* |
704 | * With retpoline, we must use IBRS to restrict branch prediction |
705 | * before calling into firmware. |
706 | @@ -265,14 +278,18 @@ static inline void indirect_branch_prediction_barrier(void) |
707 | */ |
708 | #define firmware_restrict_branch_speculation_start() \ |
709 | do { \ |
710 | + u64 val = x86_spec_ctrl_base | SPEC_CTRL_IBRS; \ |
711 | + \ |
712 | preempt_disable(); \ |
713 | - alternative_msr_write(MSR_IA32_SPEC_CTRL, SPEC_CTRL_IBRS, \ |
714 | + alternative_msr_write(MSR_IA32_SPEC_CTRL, val, \ |
715 | X86_FEATURE_USE_IBRS_FW); \ |
716 | } while (0) |
717 | |
718 | #define firmware_restrict_branch_speculation_end() \ |
719 | do { \ |
720 | - alternative_msr_write(MSR_IA32_SPEC_CTRL, 0, \ |
721 | + u64 val = x86_spec_ctrl_base; \ |
722 | + \ |
723 | + alternative_msr_write(MSR_IA32_SPEC_CTRL, val, \ |
724 | X86_FEATURE_USE_IBRS_FW); \ |
725 | preempt_enable(); \ |
726 | } while (0) |
727 | diff --git a/arch/x86/include/asm/pkeys.h b/arch/x86/include/asm/pkeys.h |
728 | index b3b09b98896d..c50d6dcf4a22 100644 |
729 | --- a/arch/x86/include/asm/pkeys.h |
730 | +++ b/arch/x86/include/asm/pkeys.h |
731 | @@ -1,6 +1,8 @@ |
732 | #ifndef _ASM_X86_PKEYS_H |
733 | #define _ASM_X86_PKEYS_H |
734 | |
735 | +#define ARCH_DEFAULT_PKEY 0 |
736 | + |
737 | #define arch_max_pkey() (boot_cpu_has(X86_FEATURE_OSPKE) ? 16 : 1) |
738 | |
739 | extern int arch_set_user_pkey_access(struct task_struct *tsk, int pkey, |
740 | @@ -14,7 +16,7 @@ extern int __execute_only_pkey(struct mm_struct *mm); |
741 | static inline int execute_only_pkey(struct mm_struct *mm) |
742 | { |
743 | if (!boot_cpu_has(X86_FEATURE_OSPKE)) |
744 | - return 0; |
745 | + return ARCH_DEFAULT_PKEY; |
746 | |
747 | return __execute_only_pkey(mm); |
748 | } |
749 | @@ -48,13 +50,21 @@ bool mm_pkey_is_allocated(struct mm_struct *mm, int pkey) |
750 | { |
751 | /* |
752 | * "Allocated" pkeys are those that have been returned |
753 | - * from pkey_alloc(). pkey 0 is special, and never |
754 | - * returned from pkey_alloc(). |
755 | + * from pkey_alloc() or pkey 0 which is allocated |
756 | + * implicitly when the mm is created. |
757 | */ |
758 | - if (pkey <= 0) |
759 | + if (pkey < 0) |
760 | return false; |
761 | if (pkey >= arch_max_pkey()) |
762 | return false; |
763 | + /* |
764 | + * The exec-only pkey is set in the allocation map, but |
765 | + * is not available to any of the user interfaces like |
766 | + * mprotect_pkey(). |
767 | + */ |
768 | + if (pkey == mm->context.execute_only_pkey) |
769 | + return false; |
770 | + |
771 | return mm_pkey_allocation_map(mm) & (1U << pkey); |
772 | } |
773 | |
774 | diff --git a/arch/x86/include/asm/spec-ctrl.h b/arch/x86/include/asm/spec-ctrl.h |
775 | new file mode 100644 |
776 | index 000000000000..ae7c2c5cd7f0 |
777 | --- /dev/null |
778 | +++ b/arch/x86/include/asm/spec-ctrl.h |
779 | @@ -0,0 +1,80 @@ |
780 | +/* SPDX-License-Identifier: GPL-2.0 */ |
781 | +#ifndef _ASM_X86_SPECCTRL_H_ |
782 | +#define _ASM_X86_SPECCTRL_H_ |
783 | + |
784 | +#include <linux/thread_info.h> |
785 | +#include <asm/nospec-branch.h> |
786 | + |
787 | +/* |
788 | + * On VMENTER we must preserve whatever view of the SPEC_CTRL MSR |
789 | + * the guest has, while on VMEXIT we restore the host view. This |
790 | + * would be easier if SPEC_CTRL were architecturally maskable or |
791 | + * shadowable for guests but this is not (currently) the case. |
792 | + * Takes the guest view of SPEC_CTRL MSR as a parameter and also |
793 | + * the guest's version of VIRT_SPEC_CTRL, if emulated. |
794 | + */ |
795 | +extern void x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool guest); |
796 | + |
797 | +/** |
798 | + * x86_spec_ctrl_set_guest - Set speculation control registers for the guest |
799 | + * @guest_spec_ctrl: The guest content of MSR_SPEC_CTRL |
800 | + * @guest_virt_spec_ctrl: The guest controlled bits of MSR_VIRT_SPEC_CTRL |
801 | + * (may get translated to MSR_AMD64_LS_CFG bits) |
802 | + * |
803 | + * Avoids writing to the MSR if the content/bits are the same |
804 | + */ |
805 | +static inline |
806 | +void x86_spec_ctrl_set_guest(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl) |
807 | +{ |
808 | + x86_virt_spec_ctrl(guest_spec_ctrl, guest_virt_spec_ctrl, true); |
809 | +} |
810 | + |
811 | +/** |
812 | + * x86_spec_ctrl_restore_host - Restore host speculation control registers |
813 | + * @guest_spec_ctrl: The guest content of MSR_SPEC_CTRL |
814 | + * @guest_virt_spec_ctrl: The guest controlled bits of MSR_VIRT_SPEC_CTRL |
815 | + * (may get translated to MSR_AMD64_LS_CFG bits) |
816 | + * |
817 | + * Avoids writing to the MSR if the content/bits are the same |
818 | + */ |
819 | +static inline |
820 | +void x86_spec_ctrl_restore_host(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl) |
821 | +{ |
822 | + x86_virt_spec_ctrl(guest_spec_ctrl, guest_virt_spec_ctrl, false); |
823 | +} |
824 | + |
825 | +/* AMD specific Speculative Store Bypass MSR data */ |
826 | +extern u64 x86_amd_ls_cfg_base; |
827 | +extern u64 x86_amd_ls_cfg_ssbd_mask; |
828 | + |
829 | +static inline u64 ssbd_tif_to_spec_ctrl(u64 tifn) |
830 | +{ |
831 | + BUILD_BUG_ON(TIF_SSBD < SPEC_CTRL_SSBD_SHIFT); |
832 | + return (tifn & _TIF_SSBD) >> (TIF_SSBD - SPEC_CTRL_SSBD_SHIFT); |
833 | +} |
834 | + |
835 | +static inline unsigned long ssbd_spec_ctrl_to_tif(u64 spec_ctrl) |
836 | +{ |
837 | + BUILD_BUG_ON(TIF_SSBD < SPEC_CTRL_SSBD_SHIFT); |
838 | + return (spec_ctrl & SPEC_CTRL_SSBD) << (TIF_SSBD - SPEC_CTRL_SSBD_SHIFT); |
839 | +} |
840 | + |
841 | +static inline u64 ssbd_tif_to_amd_ls_cfg(u64 tifn) |
842 | +{ |
843 | + return (tifn & _TIF_SSBD) ? x86_amd_ls_cfg_ssbd_mask : 0ULL; |
844 | +} |
845 | + |
846 | +#ifdef CONFIG_SMP |
847 | +extern void speculative_store_bypass_ht_init(void); |
848 | +#else |
849 | +static inline void speculative_store_bypass_ht_init(void) { } |
850 | +#endif |
851 | + |
852 | +extern void speculative_store_bypass_update(unsigned long tif); |
853 | + |
854 | +static inline void speculative_store_bypass_update_current(void) |
855 | +{ |
856 | + speculative_store_bypass_update(current_thread_info()->flags); |
857 | +} |
858 | + |
859 | +#endif |
860 | diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h |
861 | index 89978b9c667a..2d8788a59b4d 100644 |
862 | --- a/arch/x86/include/asm/thread_info.h |
863 | +++ b/arch/x86/include/asm/thread_info.h |
864 | @@ -83,6 +83,7 @@ struct thread_info { |
865 | #define TIF_SIGPENDING 2 /* signal pending */ |
866 | #define TIF_NEED_RESCHED 3 /* rescheduling necessary */ |
867 | #define TIF_SINGLESTEP 4 /* reenable singlestep on user return*/ |
868 | +#define TIF_SSBD 5 /* Reduced data speculation */ |
869 | #define TIF_SYSCALL_EMU 6 /* syscall emulation active */ |
870 | #define TIF_SYSCALL_AUDIT 7 /* syscall auditing active */ |
871 | #define TIF_SECCOMP 8 /* secure computing */ |
872 | @@ -104,8 +105,9 @@ struct thread_info { |
873 | #define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE) |
874 | #define _TIF_NOTIFY_RESUME (1 << TIF_NOTIFY_RESUME) |
875 | #define _TIF_SIGPENDING (1 << TIF_SIGPENDING) |
876 | -#define _TIF_SINGLESTEP (1 << TIF_SINGLESTEP) |
877 | #define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED) |
878 | +#define _TIF_SINGLESTEP (1 << TIF_SINGLESTEP) |
879 | +#define _TIF_SSBD (1 << TIF_SSBD) |
880 | #define _TIF_SYSCALL_EMU (1 << TIF_SYSCALL_EMU) |
881 | #define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT) |
882 | #define _TIF_SECCOMP (1 << TIF_SECCOMP) |
883 | @@ -139,7 +141,7 @@ struct thread_info { |
884 | |
885 | /* flags to check in __switch_to() */ |
886 | #define _TIF_WORK_CTXSW \ |
887 | - (_TIF_IO_BITMAP|_TIF_NOTSC|_TIF_BLOCKSTEP) |
888 | + (_TIF_IO_BITMAP|_TIF_NOTSC|_TIF_BLOCKSTEP|_TIF_SSBD) |
889 | |
890 | #define _TIF_WORK_CTXSW_PREV (_TIF_WORK_CTXSW|_TIF_USER_RETURN_NOTIFY) |
891 | #define _TIF_WORK_CTXSW_NEXT (_TIF_WORK_CTXSW) |
892 | diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h |
893 | index 99185a064978..686a58d793e5 100644 |
894 | --- a/arch/x86/include/asm/tlbflush.h |
895 | +++ b/arch/x86/include/asm/tlbflush.h |
896 | @@ -111,6 +111,16 @@ static inline void cr4_clear_bits(unsigned long mask) |
897 | } |
898 | } |
899 | |
900 | +static inline void cr4_toggle_bits(unsigned long mask) |
901 | +{ |
902 | + unsigned long cr4; |
903 | + |
904 | + cr4 = this_cpu_read(cpu_tlbstate.cr4); |
905 | + cr4 ^= mask; |
906 | + this_cpu_write(cpu_tlbstate.cr4, cr4); |
907 | + __write_cr4(cr4); |
908 | +} |
909 | + |
910 | /* Read the CR4 shadow. */ |
911 | static inline unsigned long cr4_read_shadow(void) |
912 | { |
913 | diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c |
914 | index c375bc672f82..4c2be99fa0fb 100644 |
915 | --- a/arch/x86/kernel/cpu/amd.c |
916 | +++ b/arch/x86/kernel/cpu/amd.c |
917 | @@ -9,6 +9,7 @@ |
918 | #include <asm/processor.h> |
919 | #include <asm/apic.h> |
920 | #include <asm/cpu.h> |
921 | +#include <asm/spec-ctrl.h> |
922 | #include <asm/smp.h> |
923 | #include <asm/pci-direct.h> |
924 | #include <asm/delay.h> |
925 | @@ -542,6 +543,26 @@ static void bsp_init_amd(struct cpuinfo_x86 *c) |
926 | rdmsrl(MSR_FAM10H_NODE_ID, value); |
927 | nodes_per_socket = ((value >> 3) & 7) + 1; |
928 | } |
929 | + |
930 | + if (c->x86 >= 0x15 && c->x86 <= 0x17) { |
931 | + unsigned int bit; |
932 | + |
933 | + switch (c->x86) { |
934 | + case 0x15: bit = 54; break; |
935 | + case 0x16: bit = 33; break; |
936 | + case 0x17: bit = 10; break; |
937 | + default: return; |
938 | + } |
939 | + /* |
940 | + * Try to cache the base value so further operations can |
941 | + * avoid RMW. If that faults, do not enable SSBD. |
942 | + */ |
943 | + if (!rdmsrl_safe(MSR_AMD64_LS_CFG, &x86_amd_ls_cfg_base)) { |
944 | + setup_force_cpu_cap(X86_FEATURE_LS_CFG_SSBD); |
945 | + setup_force_cpu_cap(X86_FEATURE_SSBD); |
946 | + x86_amd_ls_cfg_ssbd_mask = 1ULL << bit; |
947 | + } |
948 | + } |
949 | } |
950 | |
951 | static void early_init_amd(struct cpuinfo_x86 *c) |
952 | @@ -728,6 +749,17 @@ static void init_amd_bd(struct cpuinfo_x86 *c) |
953 | } |
954 | } |
955 | |
956 | +static void init_amd_zn(struct cpuinfo_x86 *c) |
957 | +{ |
958 | + set_cpu_cap(c, X86_FEATURE_ZEN); |
959 | + /* |
960 | + * Fix erratum 1076: CPB feature bit not being set in CPUID. It affects |
961 | + * all up to and including B1. |
962 | + */ |
963 | + if (c->x86_model <= 1 && c->x86_stepping <= 1) |
964 | + set_cpu_cap(c, X86_FEATURE_CPB); |
965 | +} |
966 | + |
967 | static void init_amd(struct cpuinfo_x86 *c) |
968 | { |
969 | u32 dummy; |
970 | @@ -758,6 +790,7 @@ static void init_amd(struct cpuinfo_x86 *c) |
971 | case 0x10: init_amd_gh(c); break; |
972 | case 0x12: init_amd_ln(c); break; |
973 | case 0x15: init_amd_bd(c); break; |
974 | + case 0x17: init_amd_zn(c); break; |
975 | } |
976 | |
977 | /* Enable workaround for FXSAVE leak */ |
978 | @@ -824,8 +857,9 @@ static void init_amd(struct cpuinfo_x86 *c) |
979 | if (cpu_has(c, X86_FEATURE_3DNOW) || cpu_has(c, X86_FEATURE_LM)) |
980 | set_cpu_cap(c, X86_FEATURE_3DNOWPREFETCH); |
981 | |
982 | - /* AMD CPUs don't reset SS attributes on SYSRET */ |
983 | - set_cpu_bug(c, X86_BUG_SYSRET_SS_ATTRS); |
984 | + /* AMD CPUs don't reset SS attributes on SYSRET, Xen does. */ |
985 | + if (!cpu_has(c, X86_FEATURE_XENPV)) |
986 | + set_cpu_bug(c, X86_BUG_SYSRET_SS_ATTRS); |
987 | } |
988 | |
989 | #ifdef CONFIG_X86_32 |
990 | diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c |
991 | index b8b0b6e78371..86af9b1b049d 100644 |
992 | --- a/arch/x86/kernel/cpu/bugs.c |
993 | +++ b/arch/x86/kernel/cpu/bugs.c |
994 | @@ -11,8 +11,10 @@ |
995 | #include <linux/utsname.h> |
996 | #include <linux/cpu.h> |
997 | #include <linux/module.h> |
998 | +#include <linux/nospec.h> |
999 | +#include <linux/prctl.h> |
1000 | |
1001 | -#include <asm/nospec-branch.h> |
1002 | +#include <asm/spec-ctrl.h> |
1003 | #include <asm/cmdline.h> |
1004 | #include <asm/bugs.h> |
1005 | #include <asm/processor.h> |
1006 | @@ -26,6 +28,27 @@ |
1007 | #include <asm/intel-family.h> |
1008 | |
1009 | static void __init spectre_v2_select_mitigation(void); |
1010 | +static void __init ssb_select_mitigation(void); |
1011 | + |
1012 | +/* |
1013 | + * Our boot-time value of the SPEC_CTRL MSR. We read it once so that any |
1014 | + * writes to SPEC_CTRL contain whatever reserved bits have been set. |
1015 | + */ |
1016 | +u64 __ro_after_init x86_spec_ctrl_base; |
1017 | +EXPORT_SYMBOL_GPL(x86_spec_ctrl_base); |
1018 | + |
1019 | +/* |
1020 | + * The vendor and possibly platform specific bits which can be modified in |
1021 | + * x86_spec_ctrl_base. |
1022 | + */ |
1023 | +static u64 __ro_after_init x86_spec_ctrl_mask = SPEC_CTRL_IBRS; |
1024 | + |
1025 | +/* |
1026 | + * AMD specific MSR info for Speculative Store Bypass control. |
1027 | + * x86_amd_ls_cfg_ssbd_mask is initialized in identify_boot_cpu(). |
1028 | + */ |
1029 | +u64 __ro_after_init x86_amd_ls_cfg_base; |
1030 | +u64 __ro_after_init x86_amd_ls_cfg_ssbd_mask; |
1031 | |
1032 | void __init check_bugs(void) |
1033 | { |
1034 | @@ -36,9 +59,27 @@ void __init check_bugs(void) |
1035 | print_cpu_info(&boot_cpu_data); |
1036 | } |
1037 | |
1038 | + /* |
1039 | + * Read the SPEC_CTRL MSR to account for reserved bits which may |
1040 | + * have unknown values. AMD64_LS_CFG MSR is cached in the early AMD |
1041 | + * init code as it is not enumerated and depends on the family. |
1042 | + */ |
1043 | + if (boot_cpu_has(X86_FEATURE_MSR_SPEC_CTRL)) |
1044 | + rdmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base); |
1045 | + |
1046 | + /* Allow STIBP in MSR_SPEC_CTRL if supported */ |
1047 | + if (boot_cpu_has(X86_FEATURE_STIBP)) |
1048 | + x86_spec_ctrl_mask |= SPEC_CTRL_STIBP; |
1049 | + |
1050 | /* Select the proper spectre mitigation before patching alternatives */ |
1051 | spectre_v2_select_mitigation(); |
1052 | |
1053 | + /* |
1054 | + * Select proper mitigation for any exposure to the Speculative Store |
1055 | + * Bypass vulnerability. |
1056 | + */ |
1057 | + ssb_select_mitigation(); |
1058 | + |
1059 | #ifdef CONFIG_X86_32 |
1060 | /* |
1061 | * Check whether we are able to run this kernel safely on SMP. |
1062 | @@ -92,7 +133,76 @@ static const char *spectre_v2_strings[] = { |
1063 | #undef pr_fmt |
1064 | #define pr_fmt(fmt) "Spectre V2 : " fmt |
1065 | |
1066 | -static enum spectre_v2_mitigation spectre_v2_enabled = SPECTRE_V2_NONE; |
1067 | +static enum spectre_v2_mitigation spectre_v2_enabled __ro_after_init = |
1068 | + SPECTRE_V2_NONE; |
1069 | + |
1070 | +void |
1071 | +x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool setguest) |
1072 | +{ |
1073 | + u64 msrval, guestval, hostval = x86_spec_ctrl_base; |
1074 | + struct thread_info *ti = current_thread_info(); |
1075 | + |
1076 | + /* Is MSR_SPEC_CTRL implemented ? */ |
1077 | + if (static_cpu_has(X86_FEATURE_MSR_SPEC_CTRL)) { |
1078 | + /* |
1079 | + * Restrict guest_spec_ctrl to supported values. Clear the |
1080 | + * modifiable bits in the host base value and or the |
1081 | + * modifiable bits from the guest value. |
1082 | + */ |
1083 | + guestval = hostval & ~x86_spec_ctrl_mask; |
1084 | + guestval |= guest_spec_ctrl & x86_spec_ctrl_mask; |
1085 | + |
1086 | + /* SSBD controlled in MSR_SPEC_CTRL */ |
1087 | + if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD)) |
1088 | + hostval |= ssbd_tif_to_spec_ctrl(ti->flags); |
1089 | + |
1090 | + if (hostval != guestval) { |
1091 | + msrval = setguest ? guestval : hostval; |
1092 | + wrmsrl(MSR_IA32_SPEC_CTRL, msrval); |
1093 | + } |
1094 | + } |
1095 | + |
1096 | + /* |
1097 | + * If SSBD is not handled in MSR_SPEC_CTRL on AMD, update |
1098 | + * MSR_AMD64_L2_CFG or MSR_VIRT_SPEC_CTRL if supported. |
1099 | + */ |
1100 | + if (!static_cpu_has(X86_FEATURE_LS_CFG_SSBD) && |
1101 | + !static_cpu_has(X86_FEATURE_VIRT_SSBD)) |
1102 | + return; |
1103 | + |
1104 | + /* |
1105 | + * If the host has SSBD mitigation enabled, force it in the host's |
1106 | + * virtual MSR value. If its not permanently enabled, evaluate |
1107 | + * current's TIF_SSBD thread flag. |
1108 | + */ |
1109 | + if (static_cpu_has(X86_FEATURE_SPEC_STORE_BYPASS_DISABLE)) |
1110 | + hostval = SPEC_CTRL_SSBD; |
1111 | + else |
1112 | + hostval = ssbd_tif_to_spec_ctrl(ti->flags); |
1113 | + |
1114 | + /* Sanitize the guest value */ |
1115 | + guestval = guest_virt_spec_ctrl & SPEC_CTRL_SSBD; |
1116 | + |
1117 | + if (hostval != guestval) { |
1118 | + unsigned long tif; |
1119 | + |
1120 | + tif = setguest ? ssbd_spec_ctrl_to_tif(guestval) : |
1121 | + ssbd_spec_ctrl_to_tif(hostval); |
1122 | + |
1123 | + speculative_store_bypass_update(tif); |
1124 | + } |
1125 | +} |
1126 | +EXPORT_SYMBOL_GPL(x86_virt_spec_ctrl); |
1127 | + |
1128 | +static void x86_amd_ssb_disable(void) |
1129 | +{ |
1130 | + u64 msrval = x86_amd_ls_cfg_base | x86_amd_ls_cfg_ssbd_mask; |
1131 | + |
1132 | + if (boot_cpu_has(X86_FEATURE_VIRT_SSBD)) |
1133 | + wrmsrl(MSR_AMD64_VIRT_SPEC_CTRL, SPEC_CTRL_SSBD); |
1134 | + else if (boot_cpu_has(X86_FEATURE_LS_CFG_SSBD)) |
1135 | + wrmsrl(MSR_AMD64_LS_CFG, msrval); |
1136 | +} |
1137 | |
1138 | #ifdef RETPOLINE |
1139 | static bool spectre_v2_bad_module; |
1140 | @@ -311,32 +421,289 @@ static void __init spectre_v2_select_mitigation(void) |
1141 | } |
1142 | |
1143 | #undef pr_fmt |
1144 | +#define pr_fmt(fmt) "Speculative Store Bypass: " fmt |
1145 | + |
1146 | +static enum ssb_mitigation ssb_mode __ro_after_init = SPEC_STORE_BYPASS_NONE; |
1147 | + |
1148 | +/* The kernel command line selection */ |
1149 | +enum ssb_mitigation_cmd { |
1150 | + SPEC_STORE_BYPASS_CMD_NONE, |
1151 | + SPEC_STORE_BYPASS_CMD_AUTO, |
1152 | + SPEC_STORE_BYPASS_CMD_ON, |
1153 | + SPEC_STORE_BYPASS_CMD_PRCTL, |
1154 | + SPEC_STORE_BYPASS_CMD_SECCOMP, |
1155 | +}; |
1156 | + |
1157 | +static const char *ssb_strings[] = { |
1158 | + [SPEC_STORE_BYPASS_NONE] = "Vulnerable", |
1159 | + [SPEC_STORE_BYPASS_DISABLE] = "Mitigation: Speculative Store Bypass disabled", |
1160 | + [SPEC_STORE_BYPASS_PRCTL] = "Mitigation: Speculative Store Bypass disabled via prctl", |
1161 | + [SPEC_STORE_BYPASS_SECCOMP] = "Mitigation: Speculative Store Bypass disabled via prctl and seccomp", |
1162 | +}; |
1163 | + |
1164 | +static const struct { |
1165 | + const char *option; |
1166 | + enum ssb_mitigation_cmd cmd; |
1167 | +} ssb_mitigation_options[] = { |
1168 | + { "auto", SPEC_STORE_BYPASS_CMD_AUTO }, /* Platform decides */ |
1169 | + { "on", SPEC_STORE_BYPASS_CMD_ON }, /* Disable Speculative Store Bypass */ |
1170 | + { "off", SPEC_STORE_BYPASS_CMD_NONE }, /* Don't touch Speculative Store Bypass */ |
1171 | + { "prctl", SPEC_STORE_BYPASS_CMD_PRCTL }, /* Disable Speculative Store Bypass via prctl */ |
1172 | + { "seccomp", SPEC_STORE_BYPASS_CMD_SECCOMP }, /* Disable Speculative Store Bypass via prctl and seccomp */ |
1173 | +}; |
1174 | + |
1175 | +static enum ssb_mitigation_cmd __init ssb_parse_cmdline(void) |
1176 | +{ |
1177 | + enum ssb_mitigation_cmd cmd = SPEC_STORE_BYPASS_CMD_AUTO; |
1178 | + char arg[20]; |
1179 | + int ret, i; |
1180 | + |
1181 | + if (cmdline_find_option_bool(boot_command_line, "nospec_store_bypass_disable")) { |
1182 | + return SPEC_STORE_BYPASS_CMD_NONE; |
1183 | + } else { |
1184 | + ret = cmdline_find_option(boot_command_line, "spec_store_bypass_disable", |
1185 | + arg, sizeof(arg)); |
1186 | + if (ret < 0) |
1187 | + return SPEC_STORE_BYPASS_CMD_AUTO; |
1188 | + |
1189 | + for (i = 0; i < ARRAY_SIZE(ssb_mitigation_options); i++) { |
1190 | + if (!match_option(arg, ret, ssb_mitigation_options[i].option)) |
1191 | + continue; |
1192 | + |
1193 | + cmd = ssb_mitigation_options[i].cmd; |
1194 | + break; |
1195 | + } |
1196 | + |
1197 | + if (i >= ARRAY_SIZE(ssb_mitigation_options)) { |
1198 | + pr_err("unknown option (%s). Switching to AUTO select\n", arg); |
1199 | + return SPEC_STORE_BYPASS_CMD_AUTO; |
1200 | + } |
1201 | + } |
1202 | + |
1203 | + return cmd; |
1204 | +} |
1205 | + |
1206 | +static enum ssb_mitigation __init __ssb_select_mitigation(void) |
1207 | +{ |
1208 | + enum ssb_mitigation mode = SPEC_STORE_BYPASS_NONE; |
1209 | + enum ssb_mitigation_cmd cmd; |
1210 | + |
1211 | + if (!boot_cpu_has(X86_FEATURE_SSBD)) |
1212 | + return mode; |
1213 | + |
1214 | + cmd = ssb_parse_cmdline(); |
1215 | + if (!boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS) && |
1216 | + (cmd == SPEC_STORE_BYPASS_CMD_NONE || |
1217 | + cmd == SPEC_STORE_BYPASS_CMD_AUTO)) |
1218 | + return mode; |
1219 | + |
1220 | + switch (cmd) { |
1221 | + case SPEC_STORE_BYPASS_CMD_AUTO: |
1222 | + case SPEC_STORE_BYPASS_CMD_SECCOMP: |
1223 | + /* |
1224 | + * Choose prctl+seccomp as the default mode if seccomp is |
1225 | + * enabled. |
1226 | + */ |
1227 | + if (IS_ENABLED(CONFIG_SECCOMP)) |
1228 | + mode = SPEC_STORE_BYPASS_SECCOMP; |
1229 | + else |
1230 | + mode = SPEC_STORE_BYPASS_PRCTL; |
1231 | + break; |
1232 | + case SPEC_STORE_BYPASS_CMD_ON: |
1233 | + mode = SPEC_STORE_BYPASS_DISABLE; |
1234 | + break; |
1235 | + case SPEC_STORE_BYPASS_CMD_PRCTL: |
1236 | + mode = SPEC_STORE_BYPASS_PRCTL; |
1237 | + break; |
1238 | + case SPEC_STORE_BYPASS_CMD_NONE: |
1239 | + break; |
1240 | + } |
1241 | + |
1242 | + /* |
1243 | + * We have three CPU feature flags that are in play here: |
1244 | + * - X86_BUG_SPEC_STORE_BYPASS - CPU is susceptible. |
1245 | + * - X86_FEATURE_SSBD - CPU is able to turn off speculative store bypass |
1246 | + * - X86_FEATURE_SPEC_STORE_BYPASS_DISABLE - engage the mitigation |
1247 | + */ |
1248 | + if (mode == SPEC_STORE_BYPASS_DISABLE) { |
1249 | + setup_force_cpu_cap(X86_FEATURE_SPEC_STORE_BYPASS_DISABLE); |
1250 | + /* |
1251 | + * Intel uses the SPEC CTRL MSR Bit(2) for this, while AMD uses |
1252 | + * a completely different MSR and bit dependent on family. |
1253 | + */ |
1254 | + switch (boot_cpu_data.x86_vendor) { |
1255 | + case X86_VENDOR_INTEL: |
1256 | + x86_spec_ctrl_base |= SPEC_CTRL_SSBD; |
1257 | + x86_spec_ctrl_mask |= SPEC_CTRL_SSBD; |
1258 | + wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base); |
1259 | + break; |
1260 | + case X86_VENDOR_AMD: |
1261 | + x86_amd_ssb_disable(); |
1262 | + break; |
1263 | + } |
1264 | + } |
1265 | + |
1266 | + return mode; |
1267 | +} |
1268 | + |
1269 | +static void ssb_select_mitigation(void) |
1270 | +{ |
1271 | + ssb_mode = __ssb_select_mitigation(); |
1272 | + |
1273 | + if (boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS)) |
1274 | + pr_info("%s\n", ssb_strings[ssb_mode]); |
1275 | +} |
1276 | + |
1277 | +#undef pr_fmt |
1278 | +#define pr_fmt(fmt) "Speculation prctl: " fmt |
1279 | + |
1280 | +static int ssb_prctl_set(struct task_struct *task, unsigned long ctrl) |
1281 | +{ |
1282 | + bool update; |
1283 | + |
1284 | + if (ssb_mode != SPEC_STORE_BYPASS_PRCTL && |
1285 | + ssb_mode != SPEC_STORE_BYPASS_SECCOMP) |
1286 | + return -ENXIO; |
1287 | + |
1288 | + switch (ctrl) { |
1289 | + case PR_SPEC_ENABLE: |
1290 | + /* If speculation is force disabled, enable is not allowed */ |
1291 | + if (task_spec_ssb_force_disable(task)) |
1292 | + return -EPERM; |
1293 | + task_clear_spec_ssb_disable(task); |
1294 | + update = test_and_clear_tsk_thread_flag(task, TIF_SSBD); |
1295 | + break; |
1296 | + case PR_SPEC_DISABLE: |
1297 | + task_set_spec_ssb_disable(task); |
1298 | + update = !test_and_set_tsk_thread_flag(task, TIF_SSBD); |
1299 | + break; |
1300 | + case PR_SPEC_FORCE_DISABLE: |
1301 | + task_set_spec_ssb_disable(task); |
1302 | + task_set_spec_ssb_force_disable(task); |
1303 | + update = !test_and_set_tsk_thread_flag(task, TIF_SSBD); |
1304 | + break; |
1305 | + default: |
1306 | + return -ERANGE; |
1307 | + } |
1308 | + |
1309 | + /* |
1310 | + * If being set on non-current task, delay setting the CPU |
1311 | + * mitigation until it is next scheduled. |
1312 | + */ |
1313 | + if (task == current && update) |
1314 | + speculative_store_bypass_update_current(); |
1315 | + |
1316 | + return 0; |
1317 | +} |
1318 | + |
1319 | +int arch_prctl_spec_ctrl_set(struct task_struct *task, unsigned long which, |
1320 | + unsigned long ctrl) |
1321 | +{ |
1322 | + switch (which) { |
1323 | + case PR_SPEC_STORE_BYPASS: |
1324 | + return ssb_prctl_set(task, ctrl); |
1325 | + default: |
1326 | + return -ENODEV; |
1327 | + } |
1328 | +} |
1329 | + |
1330 | +#ifdef CONFIG_SECCOMP |
1331 | +void arch_seccomp_spec_mitigate(struct task_struct *task) |
1332 | +{ |
1333 | + if (ssb_mode == SPEC_STORE_BYPASS_SECCOMP) |
1334 | + ssb_prctl_set(task, PR_SPEC_FORCE_DISABLE); |
1335 | +} |
1336 | +#endif |
1337 | + |
1338 | +static int ssb_prctl_get(struct task_struct *task) |
1339 | +{ |
1340 | + switch (ssb_mode) { |
1341 | + case SPEC_STORE_BYPASS_DISABLE: |
1342 | + return PR_SPEC_DISABLE; |
1343 | + case SPEC_STORE_BYPASS_SECCOMP: |
1344 | + case SPEC_STORE_BYPASS_PRCTL: |
1345 | + if (task_spec_ssb_force_disable(task)) |
1346 | + return PR_SPEC_PRCTL | PR_SPEC_FORCE_DISABLE; |
1347 | + if (task_spec_ssb_disable(task)) |
1348 | + return PR_SPEC_PRCTL | PR_SPEC_DISABLE; |
1349 | + return PR_SPEC_PRCTL | PR_SPEC_ENABLE; |
1350 | + default: |
1351 | + if (boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS)) |
1352 | + return PR_SPEC_ENABLE; |
1353 | + return PR_SPEC_NOT_AFFECTED; |
1354 | + } |
1355 | +} |
1356 | + |
1357 | +int arch_prctl_spec_ctrl_get(struct task_struct *task, unsigned long which) |
1358 | +{ |
1359 | + switch (which) { |
1360 | + case PR_SPEC_STORE_BYPASS: |
1361 | + return ssb_prctl_get(task); |
1362 | + default: |
1363 | + return -ENODEV; |
1364 | + } |
1365 | +} |
1366 | + |
1367 | +void x86_spec_ctrl_setup_ap(void) |
1368 | +{ |
1369 | + if (boot_cpu_has(X86_FEATURE_MSR_SPEC_CTRL)) |
1370 | + wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base); |
1371 | + |
1372 | + if (ssb_mode == SPEC_STORE_BYPASS_DISABLE) |
1373 | + x86_amd_ssb_disable(); |
1374 | +} |
1375 | |
1376 | #ifdef CONFIG_SYSFS |
1377 | -ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf) |
1378 | + |
1379 | +static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr, |
1380 | + char *buf, unsigned int bug) |
1381 | { |
1382 | - if (!boot_cpu_has_bug(X86_BUG_CPU_MELTDOWN)) |
1383 | + if (!boot_cpu_has_bug(bug)) |
1384 | return sprintf(buf, "Not affected\n"); |
1385 | - if (boot_cpu_has(X86_FEATURE_KAISER)) |
1386 | - return sprintf(buf, "Mitigation: PTI\n"); |
1387 | + |
1388 | + switch (bug) { |
1389 | + case X86_BUG_CPU_MELTDOWN: |
1390 | + if (boot_cpu_has(X86_FEATURE_KAISER)) |
1391 | + return sprintf(buf, "Mitigation: PTI\n"); |
1392 | + |
1393 | + break; |
1394 | + |
1395 | + case X86_BUG_SPECTRE_V1: |
1396 | + return sprintf(buf, "Mitigation: __user pointer sanitization\n"); |
1397 | + |
1398 | + case X86_BUG_SPECTRE_V2: |
1399 | + return sprintf(buf, "%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled], |
1400 | + boot_cpu_has(X86_FEATURE_USE_IBPB) ? ", IBPB" : "", |
1401 | + boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "", |
1402 | + spectre_v2_module_string()); |
1403 | + |
1404 | + case X86_BUG_SPEC_STORE_BYPASS: |
1405 | + return sprintf(buf, "%s\n", ssb_strings[ssb_mode]); |
1406 | + |
1407 | + default: |
1408 | + break; |
1409 | + } |
1410 | + |
1411 | return sprintf(buf, "Vulnerable\n"); |
1412 | } |
1413 | |
1414 | +ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf) |
1415 | +{ |
1416 | + return cpu_show_common(dev, attr, buf, X86_BUG_CPU_MELTDOWN); |
1417 | +} |
1418 | + |
1419 | ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, char *buf) |
1420 | { |
1421 | - if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V1)) |
1422 | - return sprintf(buf, "Not affected\n"); |
1423 | - return sprintf(buf, "Mitigation: __user pointer sanitization\n"); |
1424 | + return cpu_show_common(dev, attr, buf, X86_BUG_SPECTRE_V1); |
1425 | } |
1426 | |
1427 | ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf) |
1428 | { |
1429 | - if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) |
1430 | - return sprintf(buf, "Not affected\n"); |
1431 | + return cpu_show_common(dev, attr, buf, X86_BUG_SPECTRE_V2); |
1432 | +} |
1433 | |
1434 | - return sprintf(buf, "%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled], |
1435 | - boot_cpu_has(X86_FEATURE_USE_IBPB) ? ", IBPB" : "", |
1436 | - boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "", |
1437 | - spectre_v2_module_string()); |
1438 | +ssize_t cpu_show_spec_store_bypass(struct device *dev, struct device_attribute *attr, char *buf) |
1439 | +{ |
1440 | + return cpu_show_common(dev, attr, buf, X86_BUG_SPEC_STORE_BYPASS); |
1441 | } |
1442 | #endif |
1443 | diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c |
1444 | index 301bbd1f2373..b0fd028b2eee 100644 |
1445 | --- a/arch/x86/kernel/cpu/common.c |
1446 | +++ b/arch/x86/kernel/cpu/common.c |
1447 | @@ -725,17 +725,32 @@ static void init_speculation_control(struct cpuinfo_x86 *c) |
1448 | * and they also have a different bit for STIBP support. Also, |
1449 | * a hypervisor might have set the individual AMD bits even on |
1450 | * Intel CPUs, for finer-grained selection of what's available. |
1451 | - * |
1452 | - * We use the AMD bits in 0x8000_0008 EBX as the generic hardware |
1453 | - * features, which are visible in /proc/cpuinfo and used by the |
1454 | - * kernel. So set those accordingly from the Intel bits. |
1455 | */ |
1456 | if (cpu_has(c, X86_FEATURE_SPEC_CTRL)) { |
1457 | set_cpu_cap(c, X86_FEATURE_IBRS); |
1458 | set_cpu_cap(c, X86_FEATURE_IBPB); |
1459 | + set_cpu_cap(c, X86_FEATURE_MSR_SPEC_CTRL); |
1460 | } |
1461 | + |
1462 | if (cpu_has(c, X86_FEATURE_INTEL_STIBP)) |
1463 | set_cpu_cap(c, X86_FEATURE_STIBP); |
1464 | + |
1465 | + if (cpu_has(c, X86_FEATURE_SPEC_CTRL_SSBD) || |
1466 | + cpu_has(c, X86_FEATURE_VIRT_SSBD)) |
1467 | + set_cpu_cap(c, X86_FEATURE_SSBD); |
1468 | + |
1469 | + if (cpu_has(c, X86_FEATURE_AMD_IBRS)) { |
1470 | + set_cpu_cap(c, X86_FEATURE_IBRS); |
1471 | + set_cpu_cap(c, X86_FEATURE_MSR_SPEC_CTRL); |
1472 | + } |
1473 | + |
1474 | + if (cpu_has(c, X86_FEATURE_AMD_IBPB)) |
1475 | + set_cpu_cap(c, X86_FEATURE_IBPB); |
1476 | + |
1477 | + if (cpu_has(c, X86_FEATURE_AMD_STIBP)) { |
1478 | + set_cpu_cap(c, X86_FEATURE_STIBP); |
1479 | + set_cpu_cap(c, X86_FEATURE_MSR_SPEC_CTRL); |
1480 | + } |
1481 | } |
1482 | |
1483 | void get_cpu_cap(struct cpuinfo_x86 *c) |
1484 | @@ -879,21 +894,55 @@ static const __initconst struct x86_cpu_id cpu_no_meltdown[] = { |
1485 | {} |
1486 | }; |
1487 | |
1488 | -static bool __init cpu_vulnerable_to_meltdown(struct cpuinfo_x86 *c) |
1489 | +static const __initconst struct x86_cpu_id cpu_no_spec_store_bypass[] = { |
1490 | + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_PINEVIEW }, |
1491 | + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_LINCROFT }, |
1492 | + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_PENWELL }, |
1493 | + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_CLOVERVIEW }, |
1494 | + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_CEDARVIEW }, |
1495 | + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT1 }, |
1496 | + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_AIRMONT }, |
1497 | + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT2 }, |
1498 | + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_MERRIFIELD }, |
1499 | + { X86_VENDOR_INTEL, 6, INTEL_FAM6_CORE_YONAH }, |
1500 | + { X86_VENDOR_INTEL, 6, INTEL_FAM6_XEON_PHI_KNL }, |
1501 | + { X86_VENDOR_INTEL, 6, INTEL_FAM6_XEON_PHI_KNM }, |
1502 | + { X86_VENDOR_CENTAUR, 5, }, |
1503 | + { X86_VENDOR_INTEL, 5, }, |
1504 | + { X86_VENDOR_NSC, 5, }, |
1505 | + { X86_VENDOR_AMD, 0x12, }, |
1506 | + { X86_VENDOR_AMD, 0x11, }, |
1507 | + { X86_VENDOR_AMD, 0x10, }, |
1508 | + { X86_VENDOR_AMD, 0xf, }, |
1509 | + { X86_VENDOR_ANY, 4, }, |
1510 | + {} |
1511 | +}; |
1512 | + |
1513 | +static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c) |
1514 | { |
1515 | u64 ia32_cap = 0; |
1516 | |
1517 | - if (x86_match_cpu(cpu_no_meltdown)) |
1518 | - return false; |
1519 | - |
1520 | if (cpu_has(c, X86_FEATURE_ARCH_CAPABILITIES)) |
1521 | rdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap); |
1522 | |
1523 | + if (!x86_match_cpu(cpu_no_spec_store_bypass) && |
1524 | + !(ia32_cap & ARCH_CAP_SSB_NO)) |
1525 | + setup_force_cpu_bug(X86_BUG_SPEC_STORE_BYPASS); |
1526 | + |
1527 | + if (x86_match_cpu(cpu_no_speculation)) |
1528 | + return; |
1529 | + |
1530 | + setup_force_cpu_bug(X86_BUG_SPECTRE_V1); |
1531 | + setup_force_cpu_bug(X86_BUG_SPECTRE_V2); |
1532 | + |
1533 | + if (x86_match_cpu(cpu_no_meltdown)) |
1534 | + return; |
1535 | + |
1536 | /* Rogue Data Cache Load? No! */ |
1537 | if (ia32_cap & ARCH_CAP_RDCL_NO) |
1538 | - return false; |
1539 | + return; |
1540 | |
1541 | - return true; |
1542 | + setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN); |
1543 | } |
1544 | |
1545 | /* |
1546 | @@ -942,12 +991,7 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c) |
1547 | |
1548 | setup_force_cpu_cap(X86_FEATURE_ALWAYS); |
1549 | |
1550 | - if (!x86_match_cpu(cpu_no_speculation)) { |
1551 | - if (cpu_vulnerable_to_meltdown(c)) |
1552 | - setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN); |
1553 | - setup_force_cpu_bug(X86_BUG_SPECTRE_V1); |
1554 | - setup_force_cpu_bug(X86_BUG_SPECTRE_V2); |
1555 | - } |
1556 | + cpu_set_bug_bits(c); |
1557 | |
1558 | fpu__init_system(c); |
1559 | |
1560 | @@ -1315,6 +1359,7 @@ void identify_secondary_cpu(struct cpuinfo_x86 *c) |
1561 | #endif |
1562 | mtrr_ap_init(); |
1563 | validate_apic_and_package_id(c); |
1564 | + x86_spec_ctrl_setup_ap(); |
1565 | } |
1566 | |
1567 | struct msr_range { |
1568 | diff --git a/arch/x86/kernel/cpu/cpu.h b/arch/x86/kernel/cpu/cpu.h |
1569 | index 2584265d4745..3b19d82f7932 100644 |
1570 | --- a/arch/x86/kernel/cpu/cpu.h |
1571 | +++ b/arch/x86/kernel/cpu/cpu.h |
1572 | @@ -46,4 +46,7 @@ extern const struct cpu_dev *const __x86_cpu_dev_start[], |
1573 | |
1574 | extern void get_cpu_cap(struct cpuinfo_x86 *c); |
1575 | extern void cpu_detect_cache_sizes(struct cpuinfo_x86 *c); |
1576 | + |
1577 | +extern void x86_spec_ctrl_setup_ap(void); |
1578 | + |
1579 | #endif /* ARCH_X86_CPU_H */ |
1580 | diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c |
1581 | index 8fb1d6522f8e..93781e3f05b2 100644 |
1582 | --- a/arch/x86/kernel/cpu/intel.c |
1583 | +++ b/arch/x86/kernel/cpu/intel.c |
1584 | @@ -153,7 +153,10 @@ static void early_init_intel(struct cpuinfo_x86 *c) |
1585 | setup_clear_cpu_cap(X86_FEATURE_IBPB); |
1586 | setup_clear_cpu_cap(X86_FEATURE_STIBP); |
1587 | setup_clear_cpu_cap(X86_FEATURE_SPEC_CTRL); |
1588 | + setup_clear_cpu_cap(X86_FEATURE_MSR_SPEC_CTRL); |
1589 | setup_clear_cpu_cap(X86_FEATURE_INTEL_STIBP); |
1590 | + setup_clear_cpu_cap(X86_FEATURE_SSBD); |
1591 | + setup_clear_cpu_cap(X86_FEATURE_SPEC_CTRL_SSBD); |
1592 | } |
1593 | |
1594 | /* |
1595 | diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c |
1596 | index a55b32007785..00a9047539d7 100644 |
1597 | --- a/arch/x86/kernel/process.c |
1598 | +++ b/arch/x86/kernel/process.c |
1599 | @@ -33,6 +33,7 @@ |
1600 | #include <asm/mce.h> |
1601 | #include <asm/vm86.h> |
1602 | #include <asm/switch_to.h> |
1603 | +#include <asm/spec-ctrl.h> |
1604 | |
1605 | /* |
1606 | * per-CPU TSS segments. Threads are completely 'soft' on Linux, |
1607 | @@ -134,11 +135,6 @@ void flush_thread(void) |
1608 | fpu__clear(&tsk->thread.fpu); |
1609 | } |
1610 | |
1611 | -static void hard_disable_TSC(void) |
1612 | -{ |
1613 | - cr4_set_bits(X86_CR4_TSD); |
1614 | -} |
1615 | - |
1616 | void disable_TSC(void) |
1617 | { |
1618 | preempt_disable(); |
1619 | @@ -147,15 +143,10 @@ void disable_TSC(void) |
1620 | * Must flip the CPU state synchronously with |
1621 | * TIF_NOTSC in the current running context. |
1622 | */ |
1623 | - hard_disable_TSC(); |
1624 | + cr4_set_bits(X86_CR4_TSD); |
1625 | preempt_enable(); |
1626 | } |
1627 | |
1628 | -static void hard_enable_TSC(void) |
1629 | -{ |
1630 | - cr4_clear_bits(X86_CR4_TSD); |
1631 | -} |
1632 | - |
1633 | static void enable_TSC(void) |
1634 | { |
1635 | preempt_disable(); |
1636 | @@ -164,7 +155,7 @@ static void enable_TSC(void) |
1637 | * Must flip the CPU state synchronously with |
1638 | * TIF_NOTSC in the current running context. |
1639 | */ |
1640 | - hard_enable_TSC(); |
1641 | + cr4_clear_bits(X86_CR4_TSD); |
1642 | preempt_enable(); |
1643 | } |
1644 | |
1645 | @@ -192,48 +183,199 @@ int set_tsc_mode(unsigned int val) |
1646 | return 0; |
1647 | } |
1648 | |
1649 | -void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p, |
1650 | - struct tss_struct *tss) |
1651 | +static inline void switch_to_bitmap(struct tss_struct *tss, |
1652 | + struct thread_struct *prev, |
1653 | + struct thread_struct *next, |
1654 | + unsigned long tifp, unsigned long tifn) |
1655 | { |
1656 | - struct thread_struct *prev, *next; |
1657 | - |
1658 | - prev = &prev_p->thread; |
1659 | - next = &next_p->thread; |
1660 | - |
1661 | - if (test_tsk_thread_flag(prev_p, TIF_BLOCKSTEP) ^ |
1662 | - test_tsk_thread_flag(next_p, TIF_BLOCKSTEP)) { |
1663 | - unsigned long debugctl = get_debugctlmsr(); |
1664 | - |
1665 | - debugctl &= ~DEBUGCTLMSR_BTF; |
1666 | - if (test_tsk_thread_flag(next_p, TIF_BLOCKSTEP)) |
1667 | - debugctl |= DEBUGCTLMSR_BTF; |
1668 | - |
1669 | - update_debugctlmsr(debugctl); |
1670 | - } |
1671 | - |
1672 | - if (test_tsk_thread_flag(prev_p, TIF_NOTSC) ^ |
1673 | - test_tsk_thread_flag(next_p, TIF_NOTSC)) { |
1674 | - /* prev and next are different */ |
1675 | - if (test_tsk_thread_flag(next_p, TIF_NOTSC)) |
1676 | - hard_disable_TSC(); |
1677 | - else |
1678 | - hard_enable_TSC(); |
1679 | - } |
1680 | - |
1681 | - if (test_tsk_thread_flag(next_p, TIF_IO_BITMAP)) { |
1682 | + if (tifn & _TIF_IO_BITMAP) { |
1683 | /* |
1684 | * Copy the relevant range of the IO bitmap. |
1685 | * Normally this is 128 bytes or less: |
1686 | */ |
1687 | memcpy(tss->io_bitmap, next->io_bitmap_ptr, |
1688 | max(prev->io_bitmap_max, next->io_bitmap_max)); |
1689 | - } else if (test_tsk_thread_flag(prev_p, TIF_IO_BITMAP)) { |
1690 | + } else if (tifp & _TIF_IO_BITMAP) { |
1691 | /* |
1692 | * Clear any possible leftover bits: |
1693 | */ |
1694 | memset(tss->io_bitmap, 0xff, prev->io_bitmap_max); |
1695 | } |
1696 | +} |
1697 | + |
1698 | +#ifdef CONFIG_SMP |
1699 | + |
1700 | +struct ssb_state { |
1701 | + struct ssb_state *shared_state; |
1702 | + raw_spinlock_t lock; |
1703 | + unsigned int disable_state; |
1704 | + unsigned long local_state; |
1705 | +}; |
1706 | + |
1707 | +#define LSTATE_SSB 0 |
1708 | + |
1709 | +static DEFINE_PER_CPU(struct ssb_state, ssb_state); |
1710 | + |
1711 | +void speculative_store_bypass_ht_init(void) |
1712 | +{ |
1713 | + struct ssb_state *st = this_cpu_ptr(&ssb_state); |
1714 | + unsigned int this_cpu = smp_processor_id(); |
1715 | + unsigned int cpu; |
1716 | + |
1717 | + st->local_state = 0; |
1718 | + |
1719 | + /* |
1720 | + * Shared state setup happens once on the first bringup |
1721 | + * of the CPU. It's not destroyed on CPU hotunplug. |
1722 | + */ |
1723 | + if (st->shared_state) |
1724 | + return; |
1725 | + |
1726 | + raw_spin_lock_init(&st->lock); |
1727 | + |
1728 | + /* |
1729 | + * Go over HT siblings and check whether one of them has set up the |
1730 | + * shared state pointer already. |
1731 | + */ |
1732 | + for_each_cpu(cpu, topology_sibling_cpumask(this_cpu)) { |
1733 | + if (cpu == this_cpu) |
1734 | + continue; |
1735 | + |
1736 | + if (!per_cpu(ssb_state, cpu).shared_state) |
1737 | + continue; |
1738 | + |
1739 | + /* Link it to the state of the sibling: */ |
1740 | + st->shared_state = per_cpu(ssb_state, cpu).shared_state; |
1741 | + return; |
1742 | + } |
1743 | + |
1744 | + /* |
1745 | + * First HT sibling to come up on the core. Link shared state of |
1746 | + * the first HT sibling to itself. The siblings on the same core |
1747 | + * which come up later will see the shared state pointer and link |
1748 | + * themself to the state of this CPU. |
1749 | + */ |
1750 | + st->shared_state = st; |
1751 | +} |
1752 | + |
1753 | +/* |
1754 | + * Logic is: First HT sibling enables SSBD for both siblings in the core |
1755 | + * and last sibling to disable it, disables it for the whole core. This how |
1756 | + * MSR_SPEC_CTRL works in "hardware": |
1757 | + * |
1758 | + * CORE_SPEC_CTRL = THREAD0_SPEC_CTRL | THREAD1_SPEC_CTRL |
1759 | + */ |
1760 | +static __always_inline void amd_set_core_ssb_state(unsigned long tifn) |
1761 | +{ |
1762 | + struct ssb_state *st = this_cpu_ptr(&ssb_state); |
1763 | + u64 msr = x86_amd_ls_cfg_base; |
1764 | + |
1765 | + if (!static_cpu_has(X86_FEATURE_ZEN)) { |
1766 | + msr |= ssbd_tif_to_amd_ls_cfg(tifn); |
1767 | + wrmsrl(MSR_AMD64_LS_CFG, msr); |
1768 | + return; |
1769 | + } |
1770 | + |
1771 | + if (tifn & _TIF_SSBD) { |
1772 | + /* |
1773 | + * Since this can race with prctl(), block reentry on the |
1774 | + * same CPU. |
1775 | + */ |
1776 | + if (__test_and_set_bit(LSTATE_SSB, &st->local_state)) |
1777 | + return; |
1778 | + |
1779 | + msr |= x86_amd_ls_cfg_ssbd_mask; |
1780 | + |
1781 | + raw_spin_lock(&st->shared_state->lock); |
1782 | + /* First sibling enables SSBD: */ |
1783 | + if (!st->shared_state->disable_state) |
1784 | + wrmsrl(MSR_AMD64_LS_CFG, msr); |
1785 | + st->shared_state->disable_state++; |
1786 | + raw_spin_unlock(&st->shared_state->lock); |
1787 | + } else { |
1788 | + if (!__test_and_clear_bit(LSTATE_SSB, &st->local_state)) |
1789 | + return; |
1790 | + |
1791 | + raw_spin_lock(&st->shared_state->lock); |
1792 | + st->shared_state->disable_state--; |
1793 | + if (!st->shared_state->disable_state) |
1794 | + wrmsrl(MSR_AMD64_LS_CFG, msr); |
1795 | + raw_spin_unlock(&st->shared_state->lock); |
1796 | + } |
1797 | +} |
1798 | +#else |
1799 | +static __always_inline void amd_set_core_ssb_state(unsigned long tifn) |
1800 | +{ |
1801 | + u64 msr = x86_amd_ls_cfg_base | ssbd_tif_to_amd_ls_cfg(tifn); |
1802 | + |
1803 | + wrmsrl(MSR_AMD64_LS_CFG, msr); |
1804 | +} |
1805 | +#endif |
1806 | + |
1807 | +static __always_inline void amd_set_ssb_virt_state(unsigned long tifn) |
1808 | +{ |
1809 | + /* |
1810 | + * SSBD has the same definition in SPEC_CTRL and VIRT_SPEC_CTRL, |
1811 | + * so ssbd_tif_to_spec_ctrl() just works. |
1812 | + */ |
1813 | + wrmsrl(MSR_AMD64_VIRT_SPEC_CTRL, ssbd_tif_to_spec_ctrl(tifn)); |
1814 | +} |
1815 | + |
1816 | +static __always_inline void intel_set_ssb_state(unsigned long tifn) |
1817 | +{ |
1818 | + u64 msr = x86_spec_ctrl_base | ssbd_tif_to_spec_ctrl(tifn); |
1819 | + |
1820 | + wrmsrl(MSR_IA32_SPEC_CTRL, msr); |
1821 | +} |
1822 | + |
1823 | +static __always_inline void __speculative_store_bypass_update(unsigned long tifn) |
1824 | +{ |
1825 | + if (static_cpu_has(X86_FEATURE_VIRT_SSBD)) |
1826 | + amd_set_ssb_virt_state(tifn); |
1827 | + else if (static_cpu_has(X86_FEATURE_LS_CFG_SSBD)) |
1828 | + amd_set_core_ssb_state(tifn); |
1829 | + else |
1830 | + intel_set_ssb_state(tifn); |
1831 | +} |
1832 | + |
1833 | +void speculative_store_bypass_update(unsigned long tif) |
1834 | +{ |
1835 | + preempt_disable(); |
1836 | + __speculative_store_bypass_update(tif); |
1837 | + preempt_enable(); |
1838 | +} |
1839 | + |
1840 | +void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p, |
1841 | + struct tss_struct *tss) |
1842 | +{ |
1843 | + struct thread_struct *prev, *next; |
1844 | + unsigned long tifp, tifn; |
1845 | + |
1846 | + prev = &prev_p->thread; |
1847 | + next = &next_p->thread; |
1848 | + |
1849 | + tifn = READ_ONCE(task_thread_info(next_p)->flags); |
1850 | + tifp = READ_ONCE(task_thread_info(prev_p)->flags); |
1851 | + switch_to_bitmap(tss, prev, next, tifp, tifn); |
1852 | + |
1853 | propagate_user_return_notify(prev_p, next_p); |
1854 | + |
1855 | + if ((tifp & _TIF_BLOCKSTEP || tifn & _TIF_BLOCKSTEP) && |
1856 | + arch_has_block_step()) { |
1857 | + unsigned long debugctl, msk; |
1858 | + |
1859 | + rdmsrl(MSR_IA32_DEBUGCTLMSR, debugctl); |
1860 | + debugctl &= ~DEBUGCTLMSR_BTF; |
1861 | + msk = tifn & _TIF_BLOCKSTEP; |
1862 | + debugctl |= (msk >> TIF_BLOCKSTEP) << DEBUGCTLMSR_BTF_SHIFT; |
1863 | + wrmsrl(MSR_IA32_DEBUGCTLMSR, debugctl); |
1864 | + } |
1865 | + |
1866 | + if ((tifp ^ tifn) & _TIF_NOTSC) |
1867 | + cr4_toggle_bits(X86_CR4_TSD); |
1868 | + |
1869 | + if ((tifp ^ tifn) & _TIF_SSBD) |
1870 | + __speculative_store_bypass_update(tifn); |
1871 | } |
1872 | |
1873 | /* |
1874 | diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c |
1875 | index 83929cc47a4b..cb945146b7c8 100644 |
1876 | --- a/arch/x86/kernel/smpboot.c |
1877 | +++ b/arch/x86/kernel/smpboot.c |
1878 | @@ -75,6 +75,7 @@ |
1879 | #include <asm/i8259.h> |
1880 | #include <asm/realmode.h> |
1881 | #include <asm/misc.h> |
1882 | +#include <asm/spec-ctrl.h> |
1883 | |
1884 | /* Number of siblings per CPU package */ |
1885 | int smp_num_siblings = 1; |
1886 | @@ -229,6 +230,8 @@ static void notrace start_secondary(void *unused) |
1887 | */ |
1888 | check_tsc_sync_target(); |
1889 | |
1890 | + speculative_store_bypass_ht_init(); |
1891 | + |
1892 | /* |
1893 | * Lock vector_lock and initialize the vectors on this cpu |
1894 | * before setting the cpu online. We must set it online with |
1895 | @@ -1325,6 +1328,8 @@ void __init native_smp_prepare_cpus(unsigned int max_cpus) |
1896 | set_mtrr_aps_delayed_init(); |
1897 | |
1898 | smp_quirk_init_udelay(); |
1899 | + |
1900 | + speculative_store_bypass_ht_init(); |
1901 | } |
1902 | |
1903 | void arch_enable_nonboot_cpus_begin(void) |
1904 | diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c |
1905 | index 93f924de06cf..a69f18d4676c 100644 |
1906 | --- a/arch/x86/kvm/cpuid.c |
1907 | +++ b/arch/x86/kvm/cpuid.c |
1908 | @@ -357,7 +357,7 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function, |
1909 | |
1910 | /* cpuid 0x80000008.ebx */ |
1911 | const u32 kvm_cpuid_8000_0008_ebx_x86_features = |
1912 | - F(IBPB) | F(IBRS); |
1913 | + F(AMD_IBPB) | F(AMD_IBRS) | F(VIRT_SSBD); |
1914 | |
1915 | /* cpuid 0xC0000001.edx */ |
1916 | const u32 kvm_cpuid_C000_0001_edx_x86_features = |
1917 | @@ -382,7 +382,7 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function, |
1918 | |
1919 | /* cpuid 7.0.edx*/ |
1920 | const u32 kvm_cpuid_7_0_edx_x86_features = |
1921 | - F(SPEC_CTRL) | F(ARCH_CAPABILITIES); |
1922 | + F(SPEC_CTRL) | F(SSBD) | F(ARCH_CAPABILITIES); |
1923 | |
1924 | /* all calls to cpuid_count() should be made on the same cpu */ |
1925 | get_cpu(); |
1926 | @@ -618,13 +618,20 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function, |
1927 | g_phys_as = phys_as; |
1928 | entry->eax = g_phys_as | (virt_as << 8); |
1929 | entry->edx = 0; |
1930 | - /* IBRS and IBPB aren't necessarily present in hardware cpuid */ |
1931 | - if (boot_cpu_has(X86_FEATURE_IBPB)) |
1932 | - entry->ebx |= F(IBPB); |
1933 | - if (boot_cpu_has(X86_FEATURE_IBRS)) |
1934 | - entry->ebx |= F(IBRS); |
1935 | + /* |
1936 | + * IBRS, IBPB and VIRT_SSBD aren't necessarily present in |
1937 | + * hardware cpuid |
1938 | + */ |
1939 | + if (boot_cpu_has(X86_FEATURE_AMD_IBPB)) |
1940 | + entry->ebx |= F(AMD_IBPB); |
1941 | + if (boot_cpu_has(X86_FEATURE_AMD_IBRS)) |
1942 | + entry->ebx |= F(AMD_IBRS); |
1943 | + if (boot_cpu_has(X86_FEATURE_VIRT_SSBD)) |
1944 | + entry->ebx |= F(VIRT_SSBD); |
1945 | entry->ebx &= kvm_cpuid_8000_0008_ebx_x86_features; |
1946 | cpuid_mask(&entry->ebx, CPUID_8000_0008_EBX); |
1947 | + if (boot_cpu_has(X86_FEATURE_LS_CFG_SSBD)) |
1948 | + entry->ebx |= F(VIRT_SSBD); |
1949 | break; |
1950 | } |
1951 | case 0x80000019: |
1952 | diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h |
1953 | index d1beb7156704..c38369781239 100644 |
1954 | --- a/arch/x86/kvm/cpuid.h |
1955 | +++ b/arch/x86/kvm/cpuid.h |
1956 | @@ -165,21 +165,21 @@ static inline bool guest_cpuid_has_ibpb(struct kvm_vcpu *vcpu) |
1957 | struct kvm_cpuid_entry2 *best; |
1958 | |
1959 | best = kvm_find_cpuid_entry(vcpu, 0x80000008, 0); |
1960 | - if (best && (best->ebx & bit(X86_FEATURE_IBPB))) |
1961 | + if (best && (best->ebx & bit(X86_FEATURE_AMD_IBPB))) |
1962 | return true; |
1963 | best = kvm_find_cpuid_entry(vcpu, 7, 0); |
1964 | return best && (best->edx & bit(X86_FEATURE_SPEC_CTRL)); |
1965 | } |
1966 | |
1967 | -static inline bool guest_cpuid_has_ibrs(struct kvm_vcpu *vcpu) |
1968 | +static inline bool guest_cpuid_has_spec_ctrl(struct kvm_vcpu *vcpu) |
1969 | { |
1970 | struct kvm_cpuid_entry2 *best; |
1971 | |
1972 | best = kvm_find_cpuid_entry(vcpu, 0x80000008, 0); |
1973 | - if (best && (best->ebx & bit(X86_FEATURE_IBRS))) |
1974 | + if (best && (best->ebx & bit(X86_FEATURE_AMD_IBRS))) |
1975 | return true; |
1976 | best = kvm_find_cpuid_entry(vcpu, 7, 0); |
1977 | - return best && (best->edx & bit(X86_FEATURE_SPEC_CTRL)); |
1978 | + return best && (best->edx & (bit(X86_FEATURE_SPEC_CTRL) | bit(X86_FEATURE_SSBD))); |
1979 | } |
1980 | |
1981 | static inline bool guest_cpuid_has_arch_capabilities(struct kvm_vcpu *vcpu) |
1982 | @@ -190,6 +190,15 @@ static inline bool guest_cpuid_has_arch_capabilities(struct kvm_vcpu *vcpu) |
1983 | return best && (best->edx & bit(X86_FEATURE_ARCH_CAPABILITIES)); |
1984 | } |
1985 | |
1986 | +static inline bool guest_cpuid_has_virt_ssbd(struct kvm_vcpu *vcpu) |
1987 | +{ |
1988 | + struct kvm_cpuid_entry2 *best; |
1989 | + |
1990 | + best = kvm_find_cpuid_entry(vcpu, 0x80000008, 0); |
1991 | + return best && (best->ebx & bit(X86_FEATURE_VIRT_SSBD)); |
1992 | +} |
1993 | + |
1994 | + |
1995 | |
1996 | /* |
1997 | * NRIPS is provided through cpuidfn 0x8000000a.edx bit 3 |
1998 | diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c |
1999 | index aaa93b4b0380..a27f9e442ffc 100644 |
2000 | --- a/arch/x86/kvm/svm.c |
2001 | +++ b/arch/x86/kvm/svm.c |
2002 | @@ -45,7 +45,7 @@ |
2003 | #include <asm/kvm_para.h> |
2004 | #include <asm/irq_remapping.h> |
2005 | #include <asm/microcode.h> |
2006 | -#include <asm/nospec-branch.h> |
2007 | +#include <asm/spec-ctrl.h> |
2008 | |
2009 | #include <asm/virtext.h> |
2010 | #include "trace.h" |
2011 | @@ -185,6 +185,12 @@ struct vcpu_svm { |
2012 | } host; |
2013 | |
2014 | u64 spec_ctrl; |
2015 | + /* |
2016 | + * Contains guest-controlled bits of VIRT_SPEC_CTRL, which will be |
2017 | + * translated into the appropriate L2_CFG bits on the host to |
2018 | + * perform speculative control. |
2019 | + */ |
2020 | + u64 virt_spec_ctrl; |
2021 | |
2022 | u32 *msrpm; |
2023 | |
2024 | @@ -1561,6 +1567,7 @@ static void svm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) |
2025 | u32 eax = 1; |
2026 | |
2027 | svm->spec_ctrl = 0; |
2028 | + svm->virt_spec_ctrl = 0; |
2029 | |
2030 | if (!init_event) { |
2031 | svm->vcpu.arch.apic_base = APIC_DEFAULT_PHYS_BASE | |
2032 | @@ -3545,11 +3552,18 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) |
2033 | break; |
2034 | case MSR_IA32_SPEC_CTRL: |
2035 | if (!msr_info->host_initiated && |
2036 | - !guest_cpuid_has_ibrs(vcpu)) |
2037 | + !guest_cpuid_has_spec_ctrl(vcpu)) |
2038 | return 1; |
2039 | |
2040 | msr_info->data = svm->spec_ctrl; |
2041 | break; |
2042 | + case MSR_AMD64_VIRT_SPEC_CTRL: |
2043 | + if (!msr_info->host_initiated && |
2044 | + !guest_cpuid_has_virt_ssbd(vcpu)) |
2045 | + return 1; |
2046 | + |
2047 | + msr_info->data = svm->virt_spec_ctrl; |
2048 | + break; |
2049 | case MSR_IA32_UCODE_REV: |
2050 | msr_info->data = 0x01000065; |
2051 | break; |
2052 | @@ -3643,7 +3657,7 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr) |
2053 | break; |
2054 | case MSR_IA32_SPEC_CTRL: |
2055 | if (!msr->host_initiated && |
2056 | - !guest_cpuid_has_ibrs(vcpu)) |
2057 | + !guest_cpuid_has_spec_ctrl(vcpu)) |
2058 | return 1; |
2059 | |
2060 | /* The STIBP bit doesn't fault even if it's not advertised */ |
2061 | @@ -3684,6 +3698,16 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr) |
2062 | break; |
2063 | set_msr_interception(svm->msrpm, MSR_IA32_PRED_CMD, 0, 1); |
2064 | break; |
2065 | + case MSR_AMD64_VIRT_SPEC_CTRL: |
2066 | + if (!msr->host_initiated && |
2067 | + !guest_cpuid_has_virt_ssbd(vcpu)) |
2068 | + return 1; |
2069 | + |
2070 | + if (data & ~SPEC_CTRL_SSBD) |
2071 | + return 1; |
2072 | + |
2073 | + svm->virt_spec_ctrl = data; |
2074 | + break; |
2075 | case MSR_STAR: |
2076 | svm->vmcb->save.star = data; |
2077 | break; |
2078 | @@ -4917,8 +4941,7 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) |
2079 | * is no need to worry about the conditional branch over the wrmsr |
2080 | * being speculatively taken. |
2081 | */ |
2082 | - if (svm->spec_ctrl) |
2083 | - native_wrmsrl(MSR_IA32_SPEC_CTRL, svm->spec_ctrl); |
2084 | + x86_spec_ctrl_set_guest(svm->spec_ctrl, svm->virt_spec_ctrl); |
2085 | |
2086 | asm volatile ( |
2087 | "push %%" _ASM_BP "; \n\t" |
2088 | @@ -5012,6 +5035,18 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) |
2089 | #endif |
2090 | ); |
2091 | |
2092 | + /* Eliminate branch target predictions from guest mode */ |
2093 | + vmexit_fill_RSB(); |
2094 | + |
2095 | +#ifdef CONFIG_X86_64 |
2096 | + wrmsrl(MSR_GS_BASE, svm->host.gs_base); |
2097 | +#else |
2098 | + loadsegment(fs, svm->host.fs); |
2099 | +#ifndef CONFIG_X86_32_LAZY_GS |
2100 | + loadsegment(gs, svm->host.gs); |
2101 | +#endif |
2102 | +#endif |
2103 | + |
2104 | /* |
2105 | * We do not use IBRS in the kernel. If this vCPU has used the |
2106 | * SPEC_CTRL MSR it may have left it on; save the value and |
2107 | @@ -5030,20 +5065,7 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) |
2108 | if (unlikely(!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL))) |
2109 | svm->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL); |
2110 | |
2111 | - if (svm->spec_ctrl) |
2112 | - native_wrmsrl(MSR_IA32_SPEC_CTRL, 0); |
2113 | - |
2114 | - /* Eliminate branch target predictions from guest mode */ |
2115 | - vmexit_fill_RSB(); |
2116 | - |
2117 | -#ifdef CONFIG_X86_64 |
2118 | - wrmsrl(MSR_GS_BASE, svm->host.gs_base); |
2119 | -#else |
2120 | - loadsegment(fs, svm->host.fs); |
2121 | -#ifndef CONFIG_X86_32_LAZY_GS |
2122 | - loadsegment(gs, svm->host.gs); |
2123 | -#endif |
2124 | -#endif |
2125 | + x86_spec_ctrl_restore_host(svm->spec_ctrl, svm->virt_spec_ctrl); |
2126 | |
2127 | reload_tss(vcpu); |
2128 | |
2129 | @@ -5145,7 +5167,7 @@ static bool svm_cpu_has_accelerated_tpr(void) |
2130 | return false; |
2131 | } |
2132 | |
2133 | -static bool svm_has_high_real_mode_segbase(void) |
2134 | +static bool svm_has_emulated_msr(int index) |
2135 | { |
2136 | return true; |
2137 | } |
2138 | @@ -5462,7 +5484,7 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = { |
2139 | .hardware_enable = svm_hardware_enable, |
2140 | .hardware_disable = svm_hardware_disable, |
2141 | .cpu_has_accelerated_tpr = svm_cpu_has_accelerated_tpr, |
2142 | - .cpu_has_high_real_mode_segbase = svm_has_high_real_mode_segbase, |
2143 | + .has_emulated_msr = svm_has_emulated_msr, |
2144 | |
2145 | .vcpu_create = svm_create_vcpu, |
2146 | .vcpu_free = svm_free_vcpu, |
2147 | diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c |
2148 | index b978aeccda78..d92523afb425 100644 |
2149 | --- a/arch/x86/kvm/vmx.c |
2150 | +++ b/arch/x86/kvm/vmx.c |
2151 | @@ -50,7 +50,7 @@ |
2152 | #include <asm/apic.h> |
2153 | #include <asm/irq_remapping.h> |
2154 | #include <asm/microcode.h> |
2155 | -#include <asm/nospec-branch.h> |
2156 | +#include <asm/spec-ctrl.h> |
2157 | |
2158 | #include "trace.h" |
2159 | #include "pmu.h" |
2160 | @@ -3020,7 +3020,7 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) |
2161 | break; |
2162 | case MSR_IA32_SPEC_CTRL: |
2163 | if (!msr_info->host_initiated && |
2164 | - !guest_cpuid_has_ibrs(vcpu)) |
2165 | + !guest_cpuid_has_spec_ctrl(vcpu)) |
2166 | return 1; |
2167 | |
2168 | msr_info->data = to_vmx(vcpu)->spec_ctrl; |
2169 | @@ -3137,11 +3137,11 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) |
2170 | break; |
2171 | case MSR_IA32_SPEC_CTRL: |
2172 | if (!msr_info->host_initiated && |
2173 | - !guest_cpuid_has_ibrs(vcpu)) |
2174 | + !guest_cpuid_has_spec_ctrl(vcpu)) |
2175 | return 1; |
2176 | |
2177 | /* The STIBP bit doesn't fault even if it's not advertised */ |
2178 | - if (data & ~(SPEC_CTRL_IBRS | SPEC_CTRL_STIBP)) |
2179 | + if (data & ~(SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | SPEC_CTRL_SSBD)) |
2180 | return 1; |
2181 | |
2182 | vmx->spec_ctrl = data; |
2183 | @@ -8691,9 +8691,21 @@ static void vmx_handle_external_intr(struct kvm_vcpu *vcpu) |
2184 | } |
2185 | } |
2186 | |
2187 | -static bool vmx_has_high_real_mode_segbase(void) |
2188 | +static bool vmx_has_emulated_msr(int index) |
2189 | { |
2190 | - return enable_unrestricted_guest || emulate_invalid_guest_state; |
2191 | + switch (index) { |
2192 | + case MSR_IA32_SMBASE: |
2193 | + /* |
2194 | + * We cannot do SMM unless we can run the guest in big |
2195 | + * real mode. |
2196 | + */ |
2197 | + return enable_unrestricted_guest || emulate_invalid_guest_state; |
2198 | + case MSR_AMD64_VIRT_SPEC_CTRL: |
2199 | + /* This is AMD only. */ |
2200 | + return false; |
2201 | + default: |
2202 | + return true; |
2203 | + } |
2204 | } |
2205 | |
2206 | static bool vmx_mpx_supported(void) |
2207 | @@ -8916,10 +8928,10 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
2208 | * is no need to worry about the conditional branch over the wrmsr |
2209 | * being speculatively taken. |
2210 | */ |
2211 | - if (vmx->spec_ctrl) |
2212 | - native_wrmsrl(MSR_IA32_SPEC_CTRL, vmx->spec_ctrl); |
2213 | + x86_spec_ctrl_set_guest(vmx->spec_ctrl, 0); |
2214 | |
2215 | vmx->__launched = vmx->loaded_vmcs->launched; |
2216 | + |
2217 | asm( |
2218 | /* Store host registers */ |
2219 | "push %%" _ASM_DX "; push %%" _ASM_BP ";" |
2220 | @@ -9055,8 +9067,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
2221 | if (unlikely(!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL))) |
2222 | vmx->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL); |
2223 | |
2224 | - if (vmx->spec_ctrl) |
2225 | - native_wrmsrl(MSR_IA32_SPEC_CTRL, 0); |
2226 | + x86_spec_ctrl_restore_host(vmx->spec_ctrl, 0); |
2227 | |
2228 | /* Eliminate branch target predictions from guest mode */ |
2229 | vmexit_fill_RSB(); |
2230 | @@ -11347,7 +11358,7 @@ static struct kvm_x86_ops vmx_x86_ops __ro_after_init = { |
2231 | .hardware_enable = hardware_enable, |
2232 | .hardware_disable = hardware_disable, |
2233 | .cpu_has_accelerated_tpr = report_flexpriority, |
2234 | - .cpu_has_high_real_mode_segbase = vmx_has_high_real_mode_segbase, |
2235 | + .has_emulated_msr = vmx_has_emulated_msr, |
2236 | |
2237 | .vcpu_create = vmx_create_vcpu, |
2238 | .vcpu_free = vmx_free_vcpu, |
2239 | diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c |
2240 | index 3aaaf305420d..a0cb85f30c94 100644 |
2241 | --- a/arch/x86/kvm/x86.c |
2242 | +++ b/arch/x86/kvm/x86.c |
2243 | @@ -1002,6 +1002,7 @@ static u32 emulated_msrs[] = { |
2244 | MSR_IA32_MCG_CTL, |
2245 | MSR_IA32_MCG_EXT_CTL, |
2246 | MSR_IA32_SMBASE, |
2247 | + MSR_AMD64_VIRT_SPEC_CTRL, |
2248 | }; |
2249 | |
2250 | static unsigned num_emulated_msrs; |
2251 | @@ -2664,7 +2665,7 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext) |
2252 | * fringe case that is not enabled except via specific settings |
2253 | * of the module parameters. |
2254 | */ |
2255 | - r = kvm_x86_ops->cpu_has_high_real_mode_segbase(); |
2256 | + r = kvm_x86_ops->has_emulated_msr(MSR_IA32_SMBASE); |
2257 | break; |
2258 | case KVM_CAP_COALESCED_MMIO: |
2259 | r = KVM_COALESCED_MMIO_PAGE_OFFSET; |
2260 | @@ -4226,14 +4227,8 @@ static void kvm_init_msr_list(void) |
2261 | num_msrs_to_save = j; |
2262 | |
2263 | for (i = j = 0; i < ARRAY_SIZE(emulated_msrs); i++) { |
2264 | - switch (emulated_msrs[i]) { |
2265 | - case MSR_IA32_SMBASE: |
2266 | - if (!kvm_x86_ops->cpu_has_high_real_mode_segbase()) |
2267 | - continue; |
2268 | - break; |
2269 | - default: |
2270 | - break; |
2271 | - } |
2272 | + if (!kvm_x86_ops->has_emulated_msr(emulated_msrs[i])) |
2273 | + continue; |
2274 | |
2275 | if (j < i) |
2276 | emulated_msrs[j] = emulated_msrs[i]; |
2277 | diff --git a/arch/x86/mm/pkeys.c b/arch/x86/mm/pkeys.c |
2278 | index f88ce0e5efd9..0bbec041c003 100644 |
2279 | --- a/arch/x86/mm/pkeys.c |
2280 | +++ b/arch/x86/mm/pkeys.c |
2281 | @@ -95,26 +95,27 @@ int __arch_override_mprotect_pkey(struct vm_area_struct *vma, int prot, int pkey |
2282 | */ |
2283 | if (pkey != -1) |
2284 | return pkey; |
2285 | - /* |
2286 | - * Look for a protection-key-drive execute-only mapping |
2287 | - * which is now being given permissions that are not |
2288 | - * execute-only. Move it back to the default pkey. |
2289 | - */ |
2290 | - if (vma_is_pkey_exec_only(vma) && |
2291 | - (prot & (PROT_READ|PROT_WRITE))) { |
2292 | - return 0; |
2293 | - } |
2294 | + |
2295 | /* |
2296 | * The mapping is execute-only. Go try to get the |
2297 | * execute-only protection key. If we fail to do that, |
2298 | * fall through as if we do not have execute-only |
2299 | - * support. |
2300 | + * support in this mm. |
2301 | */ |
2302 | if (prot == PROT_EXEC) { |
2303 | pkey = execute_only_pkey(vma->vm_mm); |
2304 | if (pkey > 0) |
2305 | return pkey; |
2306 | + } else if (vma_is_pkey_exec_only(vma)) { |
2307 | + /* |
2308 | + * Protections are *not* PROT_EXEC, but the mapping |
2309 | + * is using the exec-only pkey. This mapping was |
2310 | + * PROT_EXEC and will no longer be. Move back to |
2311 | + * the default pkey. |
2312 | + */ |
2313 | + return ARCH_DEFAULT_PKEY; |
2314 | } |
2315 | + |
2316 | /* |
2317 | * This is a vanilla, non-pkey mprotect (or we failed to |
2318 | * setup execute-only), inherit the pkey from the VMA we |
2319 | diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c |
2320 | index 2bea87cc0ff2..081437b5f381 100644 |
2321 | --- a/arch/x86/xen/enlighten.c |
2322 | +++ b/arch/x86/xen/enlighten.c |
2323 | @@ -1977,10 +1977,8 @@ EXPORT_SYMBOL_GPL(xen_hvm_need_lapic); |
2324 | |
2325 | static void xen_set_cpu_features(struct cpuinfo_x86 *c) |
2326 | { |
2327 | - if (xen_pv_domain()) { |
2328 | - clear_cpu_bug(c, X86_BUG_SYSRET_SS_ATTRS); |
2329 | + if (xen_pv_domain()) |
2330 | set_cpu_cap(c, X86_FEATURE_XENPV); |
2331 | - } |
2332 | } |
2333 | |
2334 | static void xen_pin_vcpu(int cpu) |
2335 | diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c |
2336 | index 418f1b8576cf..c92f75f7ae33 100644 |
2337 | --- a/arch/x86/xen/mmu.c |
2338 | +++ b/arch/x86/xen/mmu.c |
2339 | @@ -1317,8 +1317,6 @@ void xen_flush_tlb_all(void) |
2340 | struct mmuext_op *op; |
2341 | struct multicall_space mcs; |
2342 | |
2343 | - trace_xen_mmu_flush_tlb_all(0); |
2344 | - |
2345 | preempt_disable(); |
2346 | |
2347 | mcs = xen_mc_entry(sizeof(*op)); |
2348 | @@ -1336,8 +1334,6 @@ static void xen_flush_tlb(void) |
2349 | struct mmuext_op *op; |
2350 | struct multicall_space mcs; |
2351 | |
2352 | - trace_xen_mmu_flush_tlb(0); |
2353 | - |
2354 | preempt_disable(); |
2355 | |
2356 | mcs = xen_mc_entry(sizeof(*op)); |
2357 | diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c |
2358 | index 56b6c8508a89..cbb1cc6bbdb4 100644 |
2359 | --- a/drivers/base/cpu.c |
2360 | +++ b/drivers/base/cpu.c |
2361 | @@ -519,14 +519,22 @@ ssize_t __weak cpu_show_spectre_v2(struct device *dev, |
2362 | return sprintf(buf, "Not affected\n"); |
2363 | } |
2364 | |
2365 | +ssize_t __weak cpu_show_spec_store_bypass(struct device *dev, |
2366 | + struct device_attribute *attr, char *buf) |
2367 | +{ |
2368 | + return sprintf(buf, "Not affected\n"); |
2369 | +} |
2370 | + |
2371 | static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL); |
2372 | static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL); |
2373 | static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL); |
2374 | +static DEVICE_ATTR(spec_store_bypass, 0444, cpu_show_spec_store_bypass, NULL); |
2375 | |
2376 | static struct attribute *cpu_root_vulnerabilities_attrs[] = { |
2377 | &dev_attr_meltdown.attr, |
2378 | &dev_attr_spectre_v1.attr, |
2379 | &dev_attr_spectre_v2.attr, |
2380 | + &dev_attr_spec_store_bypass.attr, |
2381 | NULL |
2382 | }; |
2383 | |
2384 | diff --git a/drivers/i2c/busses/i2c-designware-core.c b/drivers/i2c/busses/i2c-designware-core.c |
2385 | index 340e037b3224..884c1ec61ac9 100644 |
2386 | --- a/drivers/i2c/busses/i2c-designware-core.c |
2387 | +++ b/drivers/i2c/busses/i2c-designware-core.c |
2388 | @@ -507,7 +507,10 @@ static void i2c_dw_xfer_init(struct dw_i2c_dev *dev) |
2389 | i2c_dw_disable_int(dev); |
2390 | |
2391 | /* Enable the adapter */ |
2392 | - __i2c_dw_enable_and_wait(dev, true); |
2393 | + __i2c_dw_enable(dev, true); |
2394 | + |
2395 | + /* Dummy read to avoid the register getting stuck on Bay Trail */ |
2396 | + dw_readl(dev, DW_IC_ENABLE_STATUS); |
2397 | |
2398 | /* Clear and enable interrupts */ |
2399 | dw_readl(dev, DW_IC_CLR_INTR); |
2400 | diff --git a/drivers/s390/cio/qdio_setup.c b/drivers/s390/cio/qdio_setup.c |
2401 | index 48b3866a9ded..35286907c636 100644 |
2402 | --- a/drivers/s390/cio/qdio_setup.c |
2403 | +++ b/drivers/s390/cio/qdio_setup.c |
2404 | @@ -140,7 +140,7 @@ static int __qdio_allocate_qs(struct qdio_q **irq_ptr_qs, int nr_queues) |
2405 | int i; |
2406 | |
2407 | for (i = 0; i < nr_queues; i++) { |
2408 | - q = kmem_cache_alloc(qdio_q_cache, GFP_KERNEL); |
2409 | + q = kmem_cache_zalloc(qdio_q_cache, GFP_KERNEL); |
2410 | if (!q) |
2411 | return -ENOMEM; |
2412 | |
2413 | @@ -456,7 +456,6 @@ int qdio_setup_irq(struct qdio_initialize *init_data) |
2414 | { |
2415 | struct ciw *ciw; |
2416 | struct qdio_irq *irq_ptr = init_data->cdev->private->qdio_data; |
2417 | - int rc; |
2418 | |
2419 | memset(&irq_ptr->qib, 0, sizeof(irq_ptr->qib)); |
2420 | memset(&irq_ptr->siga_flag, 0, sizeof(irq_ptr->siga_flag)); |
2421 | @@ -493,16 +492,14 @@ int qdio_setup_irq(struct qdio_initialize *init_data) |
2422 | ciw = ccw_device_get_ciw(init_data->cdev, CIW_TYPE_EQUEUE); |
2423 | if (!ciw) { |
2424 | DBF_ERROR("%4x NO EQ", irq_ptr->schid.sch_no); |
2425 | - rc = -EINVAL; |
2426 | - goto out_err; |
2427 | + return -EINVAL; |
2428 | } |
2429 | irq_ptr->equeue = *ciw; |
2430 | |
2431 | ciw = ccw_device_get_ciw(init_data->cdev, CIW_TYPE_AQUEUE); |
2432 | if (!ciw) { |
2433 | DBF_ERROR("%4x NO AQ", irq_ptr->schid.sch_no); |
2434 | - rc = -EINVAL; |
2435 | - goto out_err; |
2436 | + return -EINVAL; |
2437 | } |
2438 | irq_ptr->aqueue = *ciw; |
2439 | |
2440 | @@ -510,9 +507,6 @@ int qdio_setup_irq(struct qdio_initialize *init_data) |
2441 | irq_ptr->orig_handler = init_data->cdev->handler; |
2442 | init_data->cdev->handler = qdio_int_handler; |
2443 | return 0; |
2444 | -out_err: |
2445 | - qdio_release_memory(irq_ptr); |
2446 | - return rc; |
2447 | } |
2448 | |
2449 | void qdio_print_subchannel_info(struct qdio_irq *irq_ptr, |
2450 | diff --git a/drivers/spi/spi-bcm-qspi.c b/drivers/spi/spi-bcm-qspi.c |
2451 | index 7d629b4e1ecc..adc3f56d4773 100644 |
2452 | --- a/drivers/spi/spi-bcm-qspi.c |
2453 | +++ b/drivers/spi/spi-bcm-qspi.c |
2454 | @@ -514,7 +514,7 @@ static int bcm_qspi_bspi_set_mode(struct bcm_qspi *qspi, |
2455 | |
2456 | static void bcm_qspi_enable_bspi(struct bcm_qspi *qspi) |
2457 | { |
2458 | - if (!has_bspi(qspi) || (qspi->bspi_enabled)) |
2459 | + if (!has_bspi(qspi)) |
2460 | return; |
2461 | |
2462 | qspi->bspi_enabled = 1; |
2463 | @@ -529,7 +529,7 @@ static void bcm_qspi_enable_bspi(struct bcm_qspi *qspi) |
2464 | |
2465 | static void bcm_qspi_disable_bspi(struct bcm_qspi *qspi) |
2466 | { |
2467 | - if (!has_bspi(qspi) || (!qspi->bspi_enabled)) |
2468 | + if (!has_bspi(qspi)) |
2469 | return; |
2470 | |
2471 | qspi->bspi_enabled = 0; |
2472 | @@ -543,16 +543,19 @@ static void bcm_qspi_disable_bspi(struct bcm_qspi *qspi) |
2473 | |
2474 | static void bcm_qspi_chip_select(struct bcm_qspi *qspi, int cs) |
2475 | { |
2476 | - u32 data = 0; |
2477 | + u32 rd = 0; |
2478 | + u32 wr = 0; |
2479 | |
2480 | - if (qspi->curr_cs == cs) |
2481 | - return; |
2482 | if (qspi->base[CHIP_SELECT]) { |
2483 | - data = bcm_qspi_read(qspi, CHIP_SELECT, 0); |
2484 | - data = (data & ~0xff) | (1 << cs); |
2485 | - bcm_qspi_write(qspi, CHIP_SELECT, 0, data); |
2486 | + rd = bcm_qspi_read(qspi, CHIP_SELECT, 0); |
2487 | + wr = (rd & ~0xff) | (1 << cs); |
2488 | + if (rd == wr) |
2489 | + return; |
2490 | + bcm_qspi_write(qspi, CHIP_SELECT, 0, wr); |
2491 | usleep_range(10, 20); |
2492 | } |
2493 | + |
2494 | + dev_dbg(&qspi->pdev->dev, "using cs:%d\n", cs); |
2495 | qspi->curr_cs = cs; |
2496 | } |
2497 | |
2498 | @@ -770,8 +773,13 @@ static int write_to_hw(struct bcm_qspi *qspi, struct spi_device *spi) |
2499 | dev_dbg(&qspi->pdev->dev, "WR %04x\n", val); |
2500 | } |
2501 | mspi_cdram = MSPI_CDRAM_CONT_BIT; |
2502 | - mspi_cdram |= (~(1 << spi->chip_select) & |
2503 | - MSPI_CDRAM_PCS); |
2504 | + |
2505 | + if (has_bspi(qspi)) |
2506 | + mspi_cdram &= ~1; |
2507 | + else |
2508 | + mspi_cdram |= (~(1 << spi->chip_select) & |
2509 | + MSPI_CDRAM_PCS); |
2510 | + |
2511 | mspi_cdram |= ((tp.trans->bits_per_word <= 8) ? 0 : |
2512 | MSPI_CDRAM_BITSE_BIT); |
2513 | |
2514 | diff --git a/drivers/spi/spi-pxa2xx.h b/drivers/spi/spi-pxa2xx.h |
2515 | index ce31b8199bb3..b8e004d1467b 100644 |
2516 | --- a/drivers/spi/spi-pxa2xx.h |
2517 | +++ b/drivers/spi/spi-pxa2xx.h |
2518 | @@ -38,7 +38,7 @@ struct driver_data { |
2519 | |
2520 | /* SSP register addresses */ |
2521 | void __iomem *ioaddr; |
2522 | - u32 ssdr_physical; |
2523 | + phys_addr_t ssdr_physical; |
2524 | |
2525 | /* SSP masks*/ |
2526 | u32 dma_cr1; |
2527 | diff --git a/drivers/usb/usbip/stub.h b/drivers/usb/usbip/stub.h |
2528 | index 910f027773aa..84c0599b45b7 100644 |
2529 | --- a/drivers/usb/usbip/stub.h |
2530 | +++ b/drivers/usb/usbip/stub.h |
2531 | @@ -87,6 +87,7 @@ struct bus_id_priv { |
2532 | struct stub_device *sdev; |
2533 | struct usb_device *udev; |
2534 | char shutdown_busid; |
2535 | + spinlock_t busid_lock; |
2536 | }; |
2537 | |
2538 | /* stub_priv is allocated from stub_priv_cache */ |
2539 | @@ -97,6 +98,7 @@ extern struct usb_device_driver stub_driver; |
2540 | |
2541 | /* stub_main.c */ |
2542 | struct bus_id_priv *get_busid_priv(const char *busid); |
2543 | +void put_busid_priv(struct bus_id_priv *bid); |
2544 | int del_match_busid(char *busid); |
2545 | void stub_device_cleanup_urbs(struct stub_device *sdev); |
2546 | |
2547 | diff --git a/drivers/usb/usbip/stub_dev.c b/drivers/usb/usbip/stub_dev.c |
2548 | index 3550224f4d69..8e629b6a6f3f 100644 |
2549 | --- a/drivers/usb/usbip/stub_dev.c |
2550 | +++ b/drivers/usb/usbip/stub_dev.c |
2551 | @@ -314,9 +314,9 @@ static int stub_probe(struct usb_device *udev) |
2552 | struct stub_device *sdev = NULL; |
2553 | const char *udev_busid = dev_name(&udev->dev); |
2554 | struct bus_id_priv *busid_priv; |
2555 | - int rc; |
2556 | + int rc = 0; |
2557 | |
2558 | - dev_dbg(&udev->dev, "Enter\n"); |
2559 | + dev_dbg(&udev->dev, "Enter probe\n"); |
2560 | |
2561 | /* check we should claim or not by busid_table */ |
2562 | busid_priv = get_busid_priv(udev_busid); |
2563 | @@ -331,13 +331,15 @@ static int stub_probe(struct usb_device *udev) |
2564 | * other matched drivers by the driver core. |
2565 | * See driver_probe_device() in driver/base/dd.c |
2566 | */ |
2567 | - return -ENODEV; |
2568 | + rc = -ENODEV; |
2569 | + goto call_put_busid_priv; |
2570 | } |
2571 | |
2572 | if (udev->descriptor.bDeviceClass == USB_CLASS_HUB) { |
2573 | dev_dbg(&udev->dev, "%s is a usb hub device... skip!\n", |
2574 | udev_busid); |
2575 | - return -ENODEV; |
2576 | + rc = -ENODEV; |
2577 | + goto call_put_busid_priv; |
2578 | } |
2579 | |
2580 | if (!strcmp(udev->bus->bus_name, "vhci_hcd")) { |
2581 | @@ -345,13 +347,16 @@ static int stub_probe(struct usb_device *udev) |
2582 | "%s is attached on vhci_hcd... skip!\n", |
2583 | udev_busid); |
2584 | |
2585 | - return -ENODEV; |
2586 | + rc = -ENODEV; |
2587 | + goto call_put_busid_priv; |
2588 | } |
2589 | |
2590 | /* ok, this is my device */ |
2591 | sdev = stub_device_alloc(udev); |
2592 | - if (!sdev) |
2593 | - return -ENOMEM; |
2594 | + if (!sdev) { |
2595 | + rc = -ENOMEM; |
2596 | + goto call_put_busid_priv; |
2597 | + } |
2598 | |
2599 | dev_info(&udev->dev, |
2600 | "usbip-host: register new device (bus %u dev %u)\n", |
2601 | @@ -383,7 +388,9 @@ static int stub_probe(struct usb_device *udev) |
2602 | } |
2603 | busid_priv->status = STUB_BUSID_ALLOC; |
2604 | |
2605 | - return 0; |
2606 | + rc = 0; |
2607 | + goto call_put_busid_priv; |
2608 | + |
2609 | err_files: |
2610 | usb_hub_release_port(udev->parent, udev->portnum, |
2611 | (struct usb_dev_state *) udev); |
2612 | @@ -393,6 +400,9 @@ static int stub_probe(struct usb_device *udev) |
2613 | |
2614 | busid_priv->sdev = NULL; |
2615 | stub_device_free(sdev); |
2616 | + |
2617 | +call_put_busid_priv: |
2618 | + put_busid_priv(busid_priv); |
2619 | return rc; |
2620 | } |
2621 | |
2622 | @@ -418,7 +428,7 @@ static void stub_disconnect(struct usb_device *udev) |
2623 | struct bus_id_priv *busid_priv; |
2624 | int rc; |
2625 | |
2626 | - dev_dbg(&udev->dev, "Enter\n"); |
2627 | + dev_dbg(&udev->dev, "Enter disconnect\n"); |
2628 | |
2629 | busid_priv = get_busid_priv(udev_busid); |
2630 | if (!busid_priv) { |
2631 | @@ -431,7 +441,7 @@ static void stub_disconnect(struct usb_device *udev) |
2632 | /* get stub_device */ |
2633 | if (!sdev) { |
2634 | dev_err(&udev->dev, "could not get device"); |
2635 | - return; |
2636 | + goto call_put_busid_priv; |
2637 | } |
2638 | |
2639 | dev_set_drvdata(&udev->dev, NULL); |
2640 | @@ -446,12 +456,12 @@ static void stub_disconnect(struct usb_device *udev) |
2641 | (struct usb_dev_state *) udev); |
2642 | if (rc) { |
2643 | dev_dbg(&udev->dev, "unable to release port\n"); |
2644 | - return; |
2645 | + goto call_put_busid_priv; |
2646 | } |
2647 | |
2648 | /* If usb reset is called from event handler */ |
2649 | if (usbip_in_eh(current)) |
2650 | - return; |
2651 | + goto call_put_busid_priv; |
2652 | |
2653 | /* shutdown the current connection */ |
2654 | shutdown_busid(busid_priv); |
2655 | @@ -462,12 +472,11 @@ static void stub_disconnect(struct usb_device *udev) |
2656 | busid_priv->sdev = NULL; |
2657 | stub_device_free(sdev); |
2658 | |
2659 | - if (busid_priv->status == STUB_BUSID_ALLOC) { |
2660 | + if (busid_priv->status == STUB_BUSID_ALLOC) |
2661 | busid_priv->status = STUB_BUSID_ADDED; |
2662 | - } else { |
2663 | - busid_priv->status = STUB_BUSID_OTHER; |
2664 | - del_match_busid((char *)udev_busid); |
2665 | - } |
2666 | + |
2667 | +call_put_busid_priv: |
2668 | + put_busid_priv(busid_priv); |
2669 | } |
2670 | |
2671 | #ifdef CONFIG_PM |
2672 | diff --git a/drivers/usb/usbip/stub_main.c b/drivers/usb/usbip/stub_main.c |
2673 | index f761e02e75c9..fa90496ca7a8 100644 |
2674 | --- a/drivers/usb/usbip/stub_main.c |
2675 | +++ b/drivers/usb/usbip/stub_main.c |
2676 | @@ -28,6 +28,7 @@ |
2677 | #define DRIVER_DESC "USB/IP Host Driver" |
2678 | |
2679 | struct kmem_cache *stub_priv_cache; |
2680 | + |
2681 | /* |
2682 | * busid_tables defines matching busids that usbip can grab. A user can change |
2683 | * dynamically what device is locally used and what device is exported to a |
2684 | @@ -39,6 +40,8 @@ static spinlock_t busid_table_lock; |
2685 | |
2686 | static void init_busid_table(void) |
2687 | { |
2688 | + int i; |
2689 | + |
2690 | /* |
2691 | * This also sets the bus_table[i].status to |
2692 | * STUB_BUSID_OTHER, which is 0. |
2693 | @@ -46,6 +49,9 @@ static void init_busid_table(void) |
2694 | memset(busid_table, 0, sizeof(busid_table)); |
2695 | |
2696 | spin_lock_init(&busid_table_lock); |
2697 | + |
2698 | + for (i = 0; i < MAX_BUSID; i++) |
2699 | + spin_lock_init(&busid_table[i].busid_lock); |
2700 | } |
2701 | |
2702 | /* |
2703 | @@ -57,15 +63,20 @@ static int get_busid_idx(const char *busid) |
2704 | int i; |
2705 | int idx = -1; |
2706 | |
2707 | - for (i = 0; i < MAX_BUSID; i++) |
2708 | + for (i = 0; i < MAX_BUSID; i++) { |
2709 | + spin_lock(&busid_table[i].busid_lock); |
2710 | if (busid_table[i].name[0]) |
2711 | if (!strncmp(busid_table[i].name, busid, BUSID_SIZE)) { |
2712 | idx = i; |
2713 | + spin_unlock(&busid_table[i].busid_lock); |
2714 | break; |
2715 | } |
2716 | + spin_unlock(&busid_table[i].busid_lock); |
2717 | + } |
2718 | return idx; |
2719 | } |
2720 | |
2721 | +/* Returns holding busid_lock. Should call put_busid_priv() to unlock */ |
2722 | struct bus_id_priv *get_busid_priv(const char *busid) |
2723 | { |
2724 | int idx; |
2725 | @@ -73,13 +84,22 @@ struct bus_id_priv *get_busid_priv(const char *busid) |
2726 | |
2727 | spin_lock(&busid_table_lock); |
2728 | idx = get_busid_idx(busid); |
2729 | - if (idx >= 0) |
2730 | + if (idx >= 0) { |
2731 | bid = &(busid_table[idx]); |
2732 | + /* get busid_lock before returning */ |
2733 | + spin_lock(&bid->busid_lock); |
2734 | + } |
2735 | spin_unlock(&busid_table_lock); |
2736 | |
2737 | return bid; |
2738 | } |
2739 | |
2740 | +void put_busid_priv(struct bus_id_priv *bid) |
2741 | +{ |
2742 | + if (bid) |
2743 | + spin_unlock(&bid->busid_lock); |
2744 | +} |
2745 | + |
2746 | static int add_match_busid(char *busid) |
2747 | { |
2748 | int i; |
2749 | @@ -92,15 +112,19 @@ static int add_match_busid(char *busid) |
2750 | goto out; |
2751 | } |
2752 | |
2753 | - for (i = 0; i < MAX_BUSID; i++) |
2754 | + for (i = 0; i < MAX_BUSID; i++) { |
2755 | + spin_lock(&busid_table[i].busid_lock); |
2756 | if (!busid_table[i].name[0]) { |
2757 | strlcpy(busid_table[i].name, busid, BUSID_SIZE); |
2758 | if ((busid_table[i].status != STUB_BUSID_ALLOC) && |
2759 | (busid_table[i].status != STUB_BUSID_REMOV)) |
2760 | busid_table[i].status = STUB_BUSID_ADDED; |
2761 | ret = 0; |
2762 | + spin_unlock(&busid_table[i].busid_lock); |
2763 | break; |
2764 | } |
2765 | + spin_unlock(&busid_table[i].busid_lock); |
2766 | + } |
2767 | |
2768 | out: |
2769 | spin_unlock(&busid_table_lock); |
2770 | @@ -121,6 +145,8 @@ int del_match_busid(char *busid) |
2771 | /* found */ |
2772 | ret = 0; |
2773 | |
2774 | + spin_lock(&busid_table[idx].busid_lock); |
2775 | + |
2776 | if (busid_table[idx].status == STUB_BUSID_OTHER) |
2777 | memset(busid_table[idx].name, 0, BUSID_SIZE); |
2778 | |
2779 | @@ -128,6 +154,7 @@ int del_match_busid(char *busid) |
2780 | (busid_table[idx].status != STUB_BUSID_ADDED)) |
2781 | busid_table[idx].status = STUB_BUSID_REMOV; |
2782 | |
2783 | + spin_unlock(&busid_table[idx].busid_lock); |
2784 | out: |
2785 | spin_unlock(&busid_table_lock); |
2786 | |
2787 | @@ -140,9 +167,12 @@ static ssize_t show_match_busid(struct device_driver *drv, char *buf) |
2788 | char *out = buf; |
2789 | |
2790 | spin_lock(&busid_table_lock); |
2791 | - for (i = 0; i < MAX_BUSID; i++) |
2792 | + for (i = 0; i < MAX_BUSID; i++) { |
2793 | + spin_lock(&busid_table[i].busid_lock); |
2794 | if (busid_table[i].name[0]) |
2795 | out += sprintf(out, "%s ", busid_table[i].name); |
2796 | + spin_unlock(&busid_table[i].busid_lock); |
2797 | + } |
2798 | spin_unlock(&busid_table_lock); |
2799 | out += sprintf(out, "\n"); |
2800 | |
2801 | @@ -184,6 +214,51 @@ static ssize_t store_match_busid(struct device_driver *dev, const char *buf, |
2802 | static DRIVER_ATTR(match_busid, S_IRUSR | S_IWUSR, show_match_busid, |
2803 | store_match_busid); |
2804 | |
2805 | +static int do_rebind(char *busid, struct bus_id_priv *busid_priv) |
2806 | +{ |
2807 | + int ret; |
2808 | + |
2809 | + /* device_attach() callers should hold parent lock for USB */ |
2810 | + if (busid_priv->udev->dev.parent) |
2811 | + device_lock(busid_priv->udev->dev.parent); |
2812 | + ret = device_attach(&busid_priv->udev->dev); |
2813 | + if (busid_priv->udev->dev.parent) |
2814 | + device_unlock(busid_priv->udev->dev.parent); |
2815 | + if (ret < 0) { |
2816 | + dev_err(&busid_priv->udev->dev, "rebind failed\n"); |
2817 | + return ret; |
2818 | + } |
2819 | + return 0; |
2820 | +} |
2821 | + |
2822 | +static void stub_device_rebind(void) |
2823 | +{ |
2824 | +#if IS_MODULE(CONFIG_USBIP_HOST) |
2825 | + struct bus_id_priv *busid_priv; |
2826 | + int i; |
2827 | + |
2828 | + /* update status to STUB_BUSID_OTHER so probe ignores the device */ |
2829 | + spin_lock(&busid_table_lock); |
2830 | + for (i = 0; i < MAX_BUSID; i++) { |
2831 | + if (busid_table[i].name[0] && |
2832 | + busid_table[i].shutdown_busid) { |
2833 | + busid_priv = &(busid_table[i]); |
2834 | + busid_priv->status = STUB_BUSID_OTHER; |
2835 | + } |
2836 | + } |
2837 | + spin_unlock(&busid_table_lock); |
2838 | + |
2839 | + /* now run rebind - no need to hold locks. driver files are removed */ |
2840 | + for (i = 0; i < MAX_BUSID; i++) { |
2841 | + if (busid_table[i].name[0] && |
2842 | + busid_table[i].shutdown_busid) { |
2843 | + busid_priv = &(busid_table[i]); |
2844 | + do_rebind(busid_table[i].name, busid_priv); |
2845 | + } |
2846 | + } |
2847 | +#endif |
2848 | +} |
2849 | + |
2850 | static ssize_t rebind_store(struct device_driver *dev, const char *buf, |
2851 | size_t count) |
2852 | { |
2853 | @@ -201,16 +276,17 @@ static ssize_t rebind_store(struct device_driver *dev, const char *buf, |
2854 | if (!bid) |
2855 | return -ENODEV; |
2856 | |
2857 | - /* device_attach() callers should hold parent lock for USB */ |
2858 | - if (bid->udev->dev.parent) |
2859 | - device_lock(bid->udev->dev.parent); |
2860 | - ret = device_attach(&bid->udev->dev); |
2861 | - if (bid->udev->dev.parent) |
2862 | - device_unlock(bid->udev->dev.parent); |
2863 | - if (ret < 0) { |
2864 | - dev_err(&bid->udev->dev, "rebind failed\n"); |
2865 | + /* mark the device for deletion so probe ignores it during rescan */ |
2866 | + bid->status = STUB_BUSID_OTHER; |
2867 | + /* release the busid lock */ |
2868 | + put_busid_priv(bid); |
2869 | + |
2870 | + ret = do_rebind((char *) buf, bid); |
2871 | + if (ret < 0) |
2872 | return ret; |
2873 | - } |
2874 | + |
2875 | + /* delete device from busid_table */ |
2876 | + del_match_busid((char *) buf); |
2877 | |
2878 | return count; |
2879 | } |
2880 | @@ -333,6 +409,9 @@ static void __exit usbip_host_exit(void) |
2881 | */ |
2882 | usb_deregister_device_driver(&stub_driver); |
2883 | |
2884 | + /* initiate scan to attach devices */ |
2885 | + stub_device_rebind(); |
2886 | + |
2887 | kmem_cache_destroy(stub_priv_cache); |
2888 | } |
2889 | |
2890 | diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c |
2891 | index f6ba165d3f81..409b12392474 100644 |
2892 | --- a/fs/btrfs/ctree.c |
2893 | +++ b/fs/btrfs/ctree.c |
2894 | @@ -2486,10 +2486,8 @@ read_block_for_search(struct btrfs_trans_handle *trans, |
2895 | if (p->reada != READA_NONE) |
2896 | reada_for_search(root, p, level, slot, key->objectid); |
2897 | |
2898 | - btrfs_release_path(p); |
2899 | - |
2900 | ret = -EAGAIN; |
2901 | - tmp = read_tree_block(root, blocknr, 0); |
2902 | + tmp = read_tree_block(root, blocknr, gen); |
2903 | if (!IS_ERR(tmp)) { |
2904 | /* |
2905 | * If the read above didn't mark this buffer up to date, |
2906 | @@ -2503,6 +2501,8 @@ read_block_for_search(struct btrfs_trans_handle *trans, |
2907 | } else { |
2908 | ret = PTR_ERR(tmp); |
2909 | } |
2910 | + |
2911 | + btrfs_release_path(p); |
2912 | return ret; |
2913 | } |
2914 | |
2915 | diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c |
2916 | index 52401732cddc..c65350e5119c 100644 |
2917 | --- a/fs/btrfs/tree-log.c |
2918 | +++ b/fs/btrfs/tree-log.c |
2919 | @@ -4614,6 +4614,7 @@ static int btrfs_log_inode(struct btrfs_trans_handle *trans, |
2920 | struct extent_map_tree *em_tree = &BTRFS_I(inode)->extent_tree; |
2921 | u64 logged_isize = 0; |
2922 | bool need_log_inode_item = true; |
2923 | + bool xattrs_logged = false; |
2924 | |
2925 | path = btrfs_alloc_path(); |
2926 | if (!path) |
2927 | @@ -4918,6 +4919,7 @@ static int btrfs_log_inode(struct btrfs_trans_handle *trans, |
2928 | err = btrfs_log_all_xattrs(trans, root, inode, path, dst_path); |
2929 | if (err) |
2930 | goto out_unlock; |
2931 | + xattrs_logged = true; |
2932 | if (max_key.type >= BTRFS_EXTENT_DATA_KEY && !fast_search) { |
2933 | btrfs_release_path(path); |
2934 | btrfs_release_path(dst_path); |
2935 | @@ -4930,6 +4932,11 @@ static int btrfs_log_inode(struct btrfs_trans_handle *trans, |
2936 | btrfs_release_path(dst_path); |
2937 | if (need_log_inode_item) { |
2938 | err = log_inode_item(trans, log, dst_path, inode); |
2939 | + if (!err && !xattrs_logged) { |
2940 | + err = btrfs_log_all_xattrs(trans, root, inode, path, |
2941 | + dst_path); |
2942 | + btrfs_release_path(path); |
2943 | + } |
2944 | if (err) |
2945 | goto out_unlock; |
2946 | } |
2947 | diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c |
2948 | index 4730ba2cc049..c2495cde26f6 100644 |
2949 | --- a/fs/btrfs/volumes.c |
2950 | +++ b/fs/btrfs/volumes.c |
2951 | @@ -3966,6 +3966,15 @@ int btrfs_resume_balance_async(struct btrfs_fs_info *fs_info) |
2952 | return 0; |
2953 | } |
2954 | |
2955 | + /* |
2956 | + * A ro->rw remount sequence should continue with the paused balance |
2957 | + * regardless of who pauses it, system or the user as of now, so set |
2958 | + * the resume flag. |
2959 | + */ |
2960 | + spin_lock(&fs_info->balance_lock); |
2961 | + fs_info->balance_ctl->flags |= BTRFS_BALANCE_RESUME; |
2962 | + spin_unlock(&fs_info->balance_lock); |
2963 | + |
2964 | tsk = kthread_run(balance_kthread, fs_info, "btrfs-balance"); |
2965 | return PTR_ERR_OR_ZERO(tsk); |
2966 | } |
2967 | diff --git a/fs/proc/array.c b/fs/proc/array.c |
2968 | index 794b52a6c20d..94f83e74db24 100644 |
2969 | --- a/fs/proc/array.c |
2970 | +++ b/fs/proc/array.c |
2971 | @@ -80,6 +80,7 @@ |
2972 | #include <linux/delayacct.h> |
2973 | #include <linux/seq_file.h> |
2974 | #include <linux/pid_namespace.h> |
2975 | +#include <linux/prctl.h> |
2976 | #include <linux/ptrace.h> |
2977 | #include <linux/tracehook.h> |
2978 | #include <linux/string_helpers.h> |
2979 | @@ -345,8 +346,32 @@ static inline void task_seccomp(struct seq_file *m, struct task_struct *p) |
2980 | { |
2981 | #ifdef CONFIG_SECCOMP |
2982 | seq_put_decimal_ull(m, "Seccomp:\t", p->seccomp.mode); |
2983 | - seq_putc(m, '\n'); |
2984 | #endif |
2985 | + seq_printf(m, "\nSpeculation_Store_Bypass:\t"); |
2986 | + switch (arch_prctl_spec_ctrl_get(p, PR_SPEC_STORE_BYPASS)) { |
2987 | + case -EINVAL: |
2988 | + seq_printf(m, "unknown"); |
2989 | + break; |
2990 | + case PR_SPEC_NOT_AFFECTED: |
2991 | + seq_printf(m, "not vulnerable"); |
2992 | + break; |
2993 | + case PR_SPEC_PRCTL | PR_SPEC_FORCE_DISABLE: |
2994 | + seq_printf(m, "thread force mitigated"); |
2995 | + break; |
2996 | + case PR_SPEC_PRCTL | PR_SPEC_DISABLE: |
2997 | + seq_printf(m, "thread mitigated"); |
2998 | + break; |
2999 | + case PR_SPEC_PRCTL | PR_SPEC_ENABLE: |
3000 | + seq_printf(m, "thread vulnerable"); |
3001 | + break; |
3002 | + case PR_SPEC_DISABLE: |
3003 | + seq_printf(m, "globally mitigated"); |
3004 | + break; |
3005 | + default: |
3006 | + seq_printf(m, "vulnerable"); |
3007 | + break; |
3008 | + } |
3009 | + seq_putc(m, '\n'); |
3010 | } |
3011 | |
3012 | static inline void task_context_switch_counts(struct seq_file *m, |
3013 | diff --git a/include/linux/cpu.h b/include/linux/cpu.h |
3014 | index 2f475ad89a0d..917829b27350 100644 |
3015 | --- a/include/linux/cpu.h |
3016 | +++ b/include/linux/cpu.h |
3017 | @@ -50,6 +50,8 @@ extern ssize_t cpu_show_spectre_v1(struct device *dev, |
3018 | struct device_attribute *attr, char *buf); |
3019 | extern ssize_t cpu_show_spectre_v2(struct device *dev, |
3020 | struct device_attribute *attr, char *buf); |
3021 | +extern ssize_t cpu_show_spec_store_bypass(struct device *dev, |
3022 | + struct device_attribute *attr, char *buf); |
3023 | |
3024 | extern __printf(4, 5) |
3025 | struct device *cpu_device_create(struct device *parent, void *drvdata, |
3026 | diff --git a/include/linux/efi.h b/include/linux/efi.h |
3027 | index cba7177cbec7..80b1b8faf503 100644 |
3028 | --- a/include/linux/efi.h |
3029 | +++ b/include/linux/efi.h |
3030 | @@ -380,8 +380,8 @@ typedef struct { |
3031 | u32 attributes; |
3032 | u32 get_bar_attributes; |
3033 | u32 set_bar_attributes; |
3034 | - uint64_t romsize; |
3035 | - void *romimage; |
3036 | + u64 romsize; |
3037 | + u32 romimage; |
3038 | } efi_pci_io_protocol_32; |
3039 | |
3040 | typedef struct { |
3041 | @@ -400,8 +400,8 @@ typedef struct { |
3042 | u64 attributes; |
3043 | u64 get_bar_attributes; |
3044 | u64 set_bar_attributes; |
3045 | - uint64_t romsize; |
3046 | - void *romimage; |
3047 | + u64 romsize; |
3048 | + u64 romimage; |
3049 | } efi_pci_io_protocol_64; |
3050 | |
3051 | typedef struct { |
3052 | diff --git a/include/linux/nospec.h b/include/linux/nospec.h |
3053 | index e791ebc65c9c..0c5ef54fd416 100644 |
3054 | --- a/include/linux/nospec.h |
3055 | +++ b/include/linux/nospec.h |
3056 | @@ -7,6 +7,8 @@ |
3057 | #define _LINUX_NOSPEC_H |
3058 | #include <asm/barrier.h> |
3059 | |
3060 | +struct task_struct; |
3061 | + |
3062 | /** |
3063 | * array_index_mask_nospec() - generate a ~0 mask when index < size, 0 otherwise |
3064 | * @index: array element index |
3065 | @@ -55,4 +57,12 @@ static inline unsigned long array_index_mask_nospec(unsigned long index, |
3066 | \ |
3067 | (typeof(_i)) (_i & _mask); \ |
3068 | }) |
3069 | + |
3070 | +/* Speculation control prctl */ |
3071 | +int arch_prctl_spec_ctrl_get(struct task_struct *task, unsigned long which); |
3072 | +int arch_prctl_spec_ctrl_set(struct task_struct *task, unsigned long which, |
3073 | + unsigned long ctrl); |
3074 | +/* Speculation control for seccomp enforced mitigation */ |
3075 | +void arch_seccomp_spec_mitigate(struct task_struct *task); |
3076 | + |
3077 | #endif /* _LINUX_NOSPEC_H */ |
3078 | diff --git a/include/linux/sched.h b/include/linux/sched.h |
3079 | index c549c8c9245c..5ebef8c86c26 100644 |
3080 | --- a/include/linux/sched.h |
3081 | +++ b/include/linux/sched.h |
3082 | @@ -2354,6 +2354,8 @@ static inline void memalloc_noio_restore(unsigned int flags) |
3083 | #define PFA_SPREAD_PAGE 1 /* Spread page cache over cpuset */ |
3084 | #define PFA_SPREAD_SLAB 2 /* Spread some slab caches over cpuset */ |
3085 | #define PFA_LMK_WAITING 3 /* Lowmemorykiller is waiting */ |
3086 | +#define PFA_SPEC_SSB_DISABLE 4 /* Speculative Store Bypass disabled */ |
3087 | +#define PFA_SPEC_SSB_FORCE_DISABLE 5 /* Speculative Store Bypass force disabled*/ |
3088 | |
3089 | |
3090 | #define TASK_PFA_TEST(name, func) \ |
3091 | @@ -2380,6 +2382,13 @@ TASK_PFA_CLEAR(SPREAD_SLAB, spread_slab) |
3092 | TASK_PFA_TEST(LMK_WAITING, lmk_waiting) |
3093 | TASK_PFA_SET(LMK_WAITING, lmk_waiting) |
3094 | |
3095 | +TASK_PFA_TEST(SPEC_SSB_DISABLE, spec_ssb_disable) |
3096 | +TASK_PFA_SET(SPEC_SSB_DISABLE, spec_ssb_disable) |
3097 | +TASK_PFA_CLEAR(SPEC_SSB_DISABLE, spec_ssb_disable) |
3098 | + |
3099 | +TASK_PFA_TEST(SPEC_SSB_FORCE_DISABLE, spec_ssb_force_disable) |
3100 | +TASK_PFA_SET(SPEC_SSB_FORCE_DISABLE, spec_ssb_force_disable) |
3101 | + |
3102 | /* |
3103 | * task->jobctl flags |
3104 | */ |
3105 | diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h |
3106 | index ecc296c137cd..50c460a956f1 100644 |
3107 | --- a/include/linux/seccomp.h |
3108 | +++ b/include/linux/seccomp.h |
3109 | @@ -3,7 +3,8 @@ |
3110 | |
3111 | #include <uapi/linux/seccomp.h> |
3112 | |
3113 | -#define SECCOMP_FILTER_FLAG_MASK (SECCOMP_FILTER_FLAG_TSYNC) |
3114 | +#define SECCOMP_FILTER_FLAG_MASK (SECCOMP_FILTER_FLAG_TSYNC | \ |
3115 | + SECCOMP_FILTER_FLAG_SPEC_ALLOW) |
3116 | |
3117 | #ifdef CONFIG_SECCOMP |
3118 | |
3119 | diff --git a/include/linux/signal.h b/include/linux/signal.h |
3120 | index b63f63eaa39c..5308304993be 100644 |
3121 | --- a/include/linux/signal.h |
3122 | +++ b/include/linux/signal.h |
3123 | @@ -97,6 +97,23 @@ static inline int sigisemptyset(sigset_t *set) |
3124 | } |
3125 | } |
3126 | |
3127 | +static inline int sigequalsets(const sigset_t *set1, const sigset_t *set2) |
3128 | +{ |
3129 | + switch (_NSIG_WORDS) { |
3130 | + case 4: |
3131 | + return (set1->sig[3] == set2->sig[3]) && |
3132 | + (set1->sig[2] == set2->sig[2]) && |
3133 | + (set1->sig[1] == set2->sig[1]) && |
3134 | + (set1->sig[0] == set2->sig[0]); |
3135 | + case 2: |
3136 | + return (set1->sig[1] == set2->sig[1]) && |
3137 | + (set1->sig[0] == set2->sig[0]); |
3138 | + case 1: |
3139 | + return set1->sig[0] == set2->sig[0]; |
3140 | + } |
3141 | + return 0; |
3142 | +} |
3143 | + |
3144 | #define sigmask(sig) (1UL << ((sig) - 1)) |
3145 | |
3146 | #ifndef __HAVE_ARCH_SIG_SETOPS |
3147 | diff --git a/include/trace/events/xen.h b/include/trace/events/xen.h |
3148 | index bce990f5a35d..d6be935caa50 100644 |
3149 | --- a/include/trace/events/xen.h |
3150 | +++ b/include/trace/events/xen.h |
3151 | @@ -377,22 +377,6 @@ DECLARE_EVENT_CLASS(xen_mmu_pgd, |
3152 | DEFINE_XEN_MMU_PGD_EVENT(xen_mmu_pgd_pin); |
3153 | DEFINE_XEN_MMU_PGD_EVENT(xen_mmu_pgd_unpin); |
3154 | |
3155 | -TRACE_EVENT(xen_mmu_flush_tlb_all, |
3156 | - TP_PROTO(int x), |
3157 | - TP_ARGS(x), |
3158 | - TP_STRUCT__entry(__array(char, x, 0)), |
3159 | - TP_fast_assign((void)x), |
3160 | - TP_printk("%s", "") |
3161 | - ); |
3162 | - |
3163 | -TRACE_EVENT(xen_mmu_flush_tlb, |
3164 | - TP_PROTO(int x), |
3165 | - TP_ARGS(x), |
3166 | - TP_STRUCT__entry(__array(char, x, 0)), |
3167 | - TP_fast_assign((void)x), |
3168 | - TP_printk("%s", "") |
3169 | - ); |
3170 | - |
3171 | TRACE_EVENT(xen_mmu_flush_tlb_single, |
3172 | TP_PROTO(unsigned long addr), |
3173 | TP_ARGS(addr), |
3174 | diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h |
3175 | index a8d0759a9e40..64776b72e1eb 100644 |
3176 | --- a/include/uapi/linux/prctl.h |
3177 | +++ b/include/uapi/linux/prctl.h |
3178 | @@ -197,4 +197,16 @@ struct prctl_mm_map { |
3179 | # define PR_CAP_AMBIENT_LOWER 3 |
3180 | # define PR_CAP_AMBIENT_CLEAR_ALL 4 |
3181 | |
3182 | +/* Per task speculation control */ |
3183 | +#define PR_GET_SPECULATION_CTRL 52 |
3184 | +#define PR_SET_SPECULATION_CTRL 53 |
3185 | +/* Speculation control variants */ |
3186 | +# define PR_SPEC_STORE_BYPASS 0 |
3187 | +/* Return and control values for PR_SET/GET_SPECULATION_CTRL */ |
3188 | +# define PR_SPEC_NOT_AFFECTED 0 |
3189 | +# define PR_SPEC_PRCTL (1UL << 0) |
3190 | +# define PR_SPEC_ENABLE (1UL << 1) |
3191 | +# define PR_SPEC_DISABLE (1UL << 2) |
3192 | +# define PR_SPEC_FORCE_DISABLE (1UL << 3) |
3193 | + |
3194 | #endif /* _LINUX_PRCTL_H */ |
3195 | diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/seccomp.h |
3196 | index 0f238a43ff1e..e4acb615792b 100644 |
3197 | --- a/include/uapi/linux/seccomp.h |
3198 | +++ b/include/uapi/linux/seccomp.h |
3199 | @@ -15,7 +15,9 @@ |
3200 | #define SECCOMP_SET_MODE_FILTER 1 |
3201 | |
3202 | /* Valid flags for SECCOMP_SET_MODE_FILTER */ |
3203 | -#define SECCOMP_FILTER_FLAG_TSYNC 1 |
3204 | +#define SECCOMP_FILTER_FLAG_TSYNC (1UL << 0) |
3205 | +/* In v4.14+ SECCOMP_FILTER_FLAG_LOG is (1UL << 1) */ |
3206 | +#define SECCOMP_FILTER_FLAG_SPEC_ALLOW (1UL << 2) |
3207 | |
3208 | /* |
3209 | * All BPF programs must return a 32-bit value. |
3210 | diff --git a/kernel/seccomp.c b/kernel/seccomp.c |
3211 | index af182a6df25b..3975856d476c 100644 |
3212 | --- a/kernel/seccomp.c |
3213 | +++ b/kernel/seccomp.c |
3214 | @@ -16,6 +16,8 @@ |
3215 | #include <linux/atomic.h> |
3216 | #include <linux/audit.h> |
3217 | #include <linux/compat.h> |
3218 | +#include <linux/nospec.h> |
3219 | +#include <linux/prctl.h> |
3220 | #include <linux/sched.h> |
3221 | #include <linux/seccomp.h> |
3222 | #include <linux/slab.h> |
3223 | @@ -214,8 +216,11 @@ static inline bool seccomp_may_assign_mode(unsigned long seccomp_mode) |
3224 | return true; |
3225 | } |
3226 | |
3227 | +void __weak arch_seccomp_spec_mitigate(struct task_struct *task) { } |
3228 | + |
3229 | static inline void seccomp_assign_mode(struct task_struct *task, |
3230 | - unsigned long seccomp_mode) |
3231 | + unsigned long seccomp_mode, |
3232 | + unsigned long flags) |
3233 | { |
3234 | assert_spin_locked(&task->sighand->siglock); |
3235 | |
3236 | @@ -225,6 +230,9 @@ static inline void seccomp_assign_mode(struct task_struct *task, |
3237 | * filter) is set. |
3238 | */ |
3239 | smp_mb__before_atomic(); |
3240 | + /* Assume default seccomp processes want spec flaw mitigation. */ |
3241 | + if ((flags & SECCOMP_FILTER_FLAG_SPEC_ALLOW) == 0) |
3242 | + arch_seccomp_spec_mitigate(task); |
3243 | set_tsk_thread_flag(task, TIF_SECCOMP); |
3244 | } |
3245 | |
3246 | @@ -292,7 +300,7 @@ static inline pid_t seccomp_can_sync_threads(void) |
3247 | * without dropping the locks. |
3248 | * |
3249 | */ |
3250 | -static inline void seccomp_sync_threads(void) |
3251 | +static inline void seccomp_sync_threads(unsigned long flags) |
3252 | { |
3253 | struct task_struct *thread, *caller; |
3254 | |
3255 | @@ -333,7 +341,8 @@ static inline void seccomp_sync_threads(void) |
3256 | * allow one thread to transition the other. |
3257 | */ |
3258 | if (thread->seccomp.mode == SECCOMP_MODE_DISABLED) |
3259 | - seccomp_assign_mode(thread, SECCOMP_MODE_FILTER); |
3260 | + seccomp_assign_mode(thread, SECCOMP_MODE_FILTER, |
3261 | + flags); |
3262 | } |
3263 | } |
3264 | |
3265 | @@ -452,7 +461,7 @@ static long seccomp_attach_filter(unsigned int flags, |
3266 | |
3267 | /* Now that the new filter is in place, synchronize to all threads. */ |
3268 | if (flags & SECCOMP_FILTER_FLAG_TSYNC) |
3269 | - seccomp_sync_threads(); |
3270 | + seccomp_sync_threads(flags); |
3271 | |
3272 | return 0; |
3273 | } |
3274 | @@ -712,7 +721,7 @@ static long seccomp_set_mode_strict(void) |
3275 | #ifdef TIF_NOTSC |
3276 | disable_TSC(); |
3277 | #endif |
3278 | - seccomp_assign_mode(current, seccomp_mode); |
3279 | + seccomp_assign_mode(current, seccomp_mode, 0); |
3280 | ret = 0; |
3281 | |
3282 | out: |
3283 | @@ -770,7 +779,7 @@ static long seccomp_set_mode_filter(unsigned int flags, |
3284 | /* Do not free the successfully attached filter. */ |
3285 | prepared = NULL; |
3286 | |
3287 | - seccomp_assign_mode(current, seccomp_mode); |
3288 | + seccomp_assign_mode(current, seccomp_mode, flags); |
3289 | out: |
3290 | spin_unlock_irq(¤t->sighand->siglock); |
3291 | if (flags & SECCOMP_FILTER_FLAG_TSYNC) |
3292 | diff --git a/kernel/signal.c b/kernel/signal.c |
3293 | index 7ebe236a5364..17428fec19b0 100644 |
3294 | --- a/kernel/signal.c |
3295 | +++ b/kernel/signal.c |
3296 | @@ -2495,6 +2495,13 @@ void __set_current_blocked(const sigset_t *newset) |
3297 | { |
3298 | struct task_struct *tsk = current; |
3299 | |
3300 | + /* |
3301 | + * In case the signal mask hasn't changed, there is nothing we need |
3302 | + * to do. The current->blocked shouldn't be modified by other task. |
3303 | + */ |
3304 | + if (sigequalsets(&tsk->blocked, newset)) |
3305 | + return; |
3306 | + |
3307 | spin_lock_irq(&tsk->sighand->siglock); |
3308 | __set_task_blocked(tsk, newset); |
3309 | spin_unlock_irq(&tsk->sighand->siglock); |
3310 | diff --git a/kernel/sys.c b/kernel/sys.c |
3311 | index 89d5be418157..143cd63f1d47 100644 |
3312 | --- a/kernel/sys.c |
3313 | +++ b/kernel/sys.c |
3314 | @@ -53,6 +53,8 @@ |
3315 | #include <linux/uidgid.h> |
3316 | #include <linux/cred.h> |
3317 | |
3318 | +#include <linux/nospec.h> |
3319 | + |
3320 | #include <linux/kmsg_dump.h> |
3321 | /* Move somewhere else to avoid recompiling? */ |
3322 | #include <generated/utsrelease.h> |
3323 | @@ -2072,6 +2074,17 @@ static int prctl_get_tid_address(struct task_struct *me, int __user **tid_addr) |
3324 | } |
3325 | #endif |
3326 | |
3327 | +int __weak arch_prctl_spec_ctrl_get(struct task_struct *t, unsigned long which) |
3328 | +{ |
3329 | + return -EINVAL; |
3330 | +} |
3331 | + |
3332 | +int __weak arch_prctl_spec_ctrl_set(struct task_struct *t, unsigned long which, |
3333 | + unsigned long ctrl) |
3334 | +{ |
3335 | + return -EINVAL; |
3336 | +} |
3337 | + |
3338 | SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, |
3339 | unsigned long, arg4, unsigned long, arg5) |
3340 | { |
3341 | @@ -2270,6 +2283,16 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, |
3342 | case PR_GET_FP_MODE: |
3343 | error = GET_FP_MODE(me); |
3344 | break; |
3345 | + case PR_GET_SPECULATION_CTRL: |
3346 | + if (arg3 || arg4 || arg5) |
3347 | + return -EINVAL; |
3348 | + error = arch_prctl_spec_ctrl_get(me, arg2); |
3349 | + break; |
3350 | + case PR_SET_SPECULATION_CTRL: |
3351 | + if (arg4 || arg5) |
3352 | + return -EINVAL; |
3353 | + error = arch_prctl_spec_ctrl_set(me, arg2, arg3); |
3354 | + break; |
3355 | default: |
3356 | error = -EINVAL; |
3357 | break; |
3358 | diff --git a/kernel/time/tick-broadcast.c b/kernel/time/tick-broadcast.c |
3359 | index d2a20e83ebae..22d7454b387b 100644 |
3360 | --- a/kernel/time/tick-broadcast.c |
3361 | +++ b/kernel/time/tick-broadcast.c |
3362 | @@ -610,6 +610,14 @@ static void tick_handle_oneshot_broadcast(struct clock_event_device *dev) |
3363 | now = ktime_get(); |
3364 | /* Find all expired events */ |
3365 | for_each_cpu(cpu, tick_broadcast_oneshot_mask) { |
3366 | + /* |
3367 | + * Required for !SMP because for_each_cpu() reports |
3368 | + * unconditionally CPU0 as set on UP kernels. |
3369 | + */ |
3370 | + if (!IS_ENABLED(CONFIG_SMP) && |
3371 | + cpumask_empty(tick_broadcast_oneshot_mask)) |
3372 | + break; |
3373 | + |
3374 | td = &per_cpu(tick_cpu_device, cpu); |
3375 | if (td->evtdev->next_event.tv64 <= now.tv64) { |
3376 | cpumask_set_cpu(cpu, tmpmask); |
3377 | diff --git a/mm/Kconfig b/mm/Kconfig |
3378 | index 86e3e0e74d20..ea074a9d4958 100644 |
3379 | --- a/mm/Kconfig |
3380 | +++ b/mm/Kconfig |
3381 | @@ -666,6 +666,7 @@ config DEFERRED_STRUCT_PAGE_INIT |
3382 | depends on ARCH_SUPPORTS_DEFERRED_STRUCT_PAGE_INIT |
3383 | depends on NO_BOOTMEM && MEMORY_HOTPLUG |
3384 | depends on !FLATMEM |
3385 | + depends on !NEED_PER_CPU_KM |
3386 | help |
3387 | Ordinarily all struct pages are initialised during early boot in a |
3388 | single thread. On very large machines this can take a considerable |
3389 | diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c |
3390 | index fa3ef25441e5..762f31fb5b67 100644 |
3391 | --- a/net/netfilter/nf_tables_api.c |
3392 | +++ b/net/netfilter/nf_tables_api.c |
3393 | @@ -2200,41 +2200,46 @@ static int nf_tables_newrule(struct net *net, struct sock *nlsk, |
3394 | } |
3395 | |
3396 | if (nlh->nlmsg_flags & NLM_F_REPLACE) { |
3397 | - if (nft_is_active_next(net, old_rule)) { |
3398 | - trans = nft_trans_rule_add(&ctx, NFT_MSG_DELRULE, |
3399 | - old_rule); |
3400 | - if (trans == NULL) { |
3401 | - err = -ENOMEM; |
3402 | - goto err2; |
3403 | - } |
3404 | - nft_deactivate_next(net, old_rule); |
3405 | - chain->use--; |
3406 | - list_add_tail_rcu(&rule->list, &old_rule->list); |
3407 | - } else { |
3408 | + if (!nft_is_active_next(net, old_rule)) { |
3409 | err = -ENOENT; |
3410 | goto err2; |
3411 | } |
3412 | - } else if (nlh->nlmsg_flags & NLM_F_APPEND) |
3413 | - if (old_rule) |
3414 | - list_add_rcu(&rule->list, &old_rule->list); |
3415 | - else |
3416 | - list_add_tail_rcu(&rule->list, &chain->rules); |
3417 | - else { |
3418 | - if (old_rule) |
3419 | - list_add_tail_rcu(&rule->list, &old_rule->list); |
3420 | - else |
3421 | - list_add_rcu(&rule->list, &chain->rules); |
3422 | - } |
3423 | + trans = nft_trans_rule_add(&ctx, NFT_MSG_DELRULE, |
3424 | + old_rule); |
3425 | + if (trans == NULL) { |
3426 | + err = -ENOMEM; |
3427 | + goto err2; |
3428 | + } |
3429 | + nft_deactivate_next(net, old_rule); |
3430 | + chain->use--; |
3431 | |
3432 | - if (nft_trans_rule_add(&ctx, NFT_MSG_NEWRULE, rule) == NULL) { |
3433 | - err = -ENOMEM; |
3434 | - goto err3; |
3435 | + if (nft_trans_rule_add(&ctx, NFT_MSG_NEWRULE, rule) == NULL) { |
3436 | + err = -ENOMEM; |
3437 | + goto err2; |
3438 | + } |
3439 | + |
3440 | + list_add_tail_rcu(&rule->list, &old_rule->list); |
3441 | + } else { |
3442 | + if (nft_trans_rule_add(&ctx, NFT_MSG_NEWRULE, rule) == NULL) { |
3443 | + err = -ENOMEM; |
3444 | + goto err2; |
3445 | + } |
3446 | + |
3447 | + if (nlh->nlmsg_flags & NLM_F_APPEND) { |
3448 | + if (old_rule) |
3449 | + list_add_rcu(&rule->list, &old_rule->list); |
3450 | + else |
3451 | + list_add_tail_rcu(&rule->list, &chain->rules); |
3452 | + } else { |
3453 | + if (old_rule) |
3454 | + list_add_tail_rcu(&rule->list, &old_rule->list); |
3455 | + else |
3456 | + list_add_rcu(&rule->list, &chain->rules); |
3457 | + } |
3458 | } |
3459 | chain->use++; |
3460 | return 0; |
3461 | |
3462 | -err3: |
3463 | - list_del_rcu(&rule->list); |
3464 | err2: |
3465 | nf_tables_rule_destroy(&ctx, rule); |
3466 | err1: |
3467 | diff --git a/sound/core/control_compat.c b/sound/core/control_compat.c |
3468 | index 1fa70766ffab..84ee29c3b1a0 100644 |
3469 | --- a/sound/core/control_compat.c |
3470 | +++ b/sound/core/control_compat.c |
3471 | @@ -400,8 +400,7 @@ static int snd_ctl_elem_add_compat(struct snd_ctl_file *file, |
3472 | if (copy_from_user(&data->id, &data32->id, sizeof(data->id)) || |
3473 | copy_from_user(&data->type, &data32->type, 3 * sizeof(u32))) |
3474 | goto error; |
3475 | - if (get_user(data->owner, &data32->owner) || |
3476 | - get_user(data->type, &data32->type)) |
3477 | + if (get_user(data->owner, &data32->owner)) |
3478 | goto error; |
3479 | switch (data->type) { |
3480 | case SNDRV_CTL_ELEM_TYPE_BOOLEAN: |
3481 | diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c |
3482 | index 7d3f88d90eec..4e9112001306 100644 |
3483 | --- a/sound/pci/hda/hda_intel.c |
3484 | +++ b/sound/pci/hda/hda_intel.c |
3485 | @@ -2061,6 +2061,8 @@ static struct snd_pci_quirk power_save_blacklist[] = { |
3486 | SND_PCI_QUIRK(0x1849, 0x0c0c, "Asrock B85M-ITX", 0), |
3487 | /* https://bugzilla.redhat.com/show_bug.cgi?id=1525104 */ |
3488 | SND_PCI_QUIRK(0x1043, 0x8733, "Asus Prime X370-Pro", 0), |
3489 | + /* https://bugzilla.redhat.com/show_bug.cgi?id=1572975 */ |
3490 | + SND_PCI_QUIRK(0x17aa, 0x36a7, "Lenovo C50 All in one", 0), |
3491 | /* https://bugzilla.kernel.org/show_bug.cgi?id=198611 */ |
3492 | SND_PCI_QUIRK(0x17aa, 0x2227, "Lenovo X1 Carbon 3rd Gen", 0), |
3493 | {} |
3494 | diff --git a/sound/usb/mixer.c b/sound/usb/mixer.c |
3495 | index dedf8eb4570e..db8404e31fae 100644 |
3496 | --- a/sound/usb/mixer.c |
3497 | +++ b/sound/usb/mixer.c |
3498 | @@ -905,6 +905,14 @@ static void volume_control_quirks(struct usb_mixer_elem_info *cval, |
3499 | } |
3500 | break; |
3501 | |
3502 | + case USB_ID(0x0d8c, 0x0103): |
3503 | + if (!strcmp(kctl->id.name, "PCM Playback Volume")) { |
3504 | + usb_audio_info(chip, |
3505 | + "set volume quirk for CM102-A+/102S+\n"); |
3506 | + cval->min = -256; |
3507 | + } |
3508 | + break; |
3509 | + |
3510 | case USB_ID(0x0471, 0x0101): |
3511 | case USB_ID(0x0471, 0x0104): |
3512 | case USB_ID(0x0471, 0x0105): |
3513 | diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c |
3514 | index f68998149351..d5be7b5ff899 100644 |
3515 | --- a/tools/testing/selftests/seccomp/seccomp_bpf.c |
3516 | +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c |
3517 | @@ -1692,7 +1692,11 @@ TEST_F_SIGNAL(TRACE_syscall, kill_after_ptrace, SIGSYS) |
3518 | #endif |
3519 | |
3520 | #ifndef SECCOMP_FILTER_FLAG_TSYNC |
3521 | -#define SECCOMP_FILTER_FLAG_TSYNC 1 |
3522 | +#define SECCOMP_FILTER_FLAG_TSYNC (1UL << 0) |
3523 | +#endif |
3524 | + |
3525 | +#ifndef SECCOMP_FILTER_FLAG_SPEC_ALLOW |
3526 | +#define SECCOMP_FILTER_FLAG_SPEC_ALLOW (1UL << 2) |
3527 | #endif |
3528 | |
3529 | #ifndef seccomp |
3530 | @@ -1791,6 +1795,78 @@ TEST(seccomp_syscall_mode_lock) |
3531 | } |
3532 | } |
3533 | |
3534 | +/* |
3535 | + * Test detection of known and unknown filter flags. Userspace needs to be able |
3536 | + * to check if a filter flag is supported by the current kernel and a good way |
3537 | + * of doing that is by attempting to enter filter mode, with the flag bit in |
3538 | + * question set, and a NULL pointer for the _args_ parameter. EFAULT indicates |
3539 | + * that the flag is valid and EINVAL indicates that the flag is invalid. |
3540 | + */ |
3541 | +TEST(detect_seccomp_filter_flags) |
3542 | +{ |
3543 | + unsigned int flags[] = { SECCOMP_FILTER_FLAG_TSYNC, |
3544 | + SECCOMP_FILTER_FLAG_SPEC_ALLOW }; |
3545 | + unsigned int flag, all_flags; |
3546 | + int i; |
3547 | + long ret; |
3548 | + |
3549 | + /* Test detection of known-good filter flags */ |
3550 | + for (i = 0, all_flags = 0; i < ARRAY_SIZE(flags); i++) { |
3551 | + int bits = 0; |
3552 | + |
3553 | + flag = flags[i]; |
3554 | + /* Make sure the flag is a single bit! */ |
3555 | + while (flag) { |
3556 | + if (flag & 0x1) |
3557 | + bits ++; |
3558 | + flag >>= 1; |
3559 | + } |
3560 | + ASSERT_EQ(1, bits); |
3561 | + flag = flags[i]; |
3562 | + |
3563 | + ret = seccomp(SECCOMP_SET_MODE_FILTER, flag, NULL); |
3564 | + ASSERT_NE(ENOSYS, errno) { |
3565 | + TH_LOG("Kernel does not support seccomp syscall!"); |
3566 | + } |
3567 | + EXPECT_EQ(-1, ret); |
3568 | + EXPECT_EQ(EFAULT, errno) { |
3569 | + TH_LOG("Failed to detect that a known-good filter flag (0x%X) is supported!", |
3570 | + flag); |
3571 | + } |
3572 | + |
3573 | + all_flags |= flag; |
3574 | + } |
3575 | + |
3576 | + /* Test detection of all known-good filter flags */ |
3577 | + ret = seccomp(SECCOMP_SET_MODE_FILTER, all_flags, NULL); |
3578 | + EXPECT_EQ(-1, ret); |
3579 | + EXPECT_EQ(EFAULT, errno) { |
3580 | + TH_LOG("Failed to detect that all known-good filter flags (0x%X) are supported!", |
3581 | + all_flags); |
3582 | + } |
3583 | + |
3584 | + /* Test detection of an unknown filter flag */ |
3585 | + flag = -1; |
3586 | + ret = seccomp(SECCOMP_SET_MODE_FILTER, flag, NULL); |
3587 | + EXPECT_EQ(-1, ret); |
3588 | + EXPECT_EQ(EINVAL, errno) { |
3589 | + TH_LOG("Failed to detect that an unknown filter flag (0x%X) is unsupported!", |
3590 | + flag); |
3591 | + } |
3592 | + |
3593 | + /* |
3594 | + * Test detection of an unknown filter flag that may simply need to be |
3595 | + * added to this test |
3596 | + */ |
3597 | + flag = flags[ARRAY_SIZE(flags) - 1] << 1; |
3598 | + ret = seccomp(SECCOMP_SET_MODE_FILTER, flag, NULL); |
3599 | + EXPECT_EQ(-1, ret); |
3600 | + EXPECT_EQ(EINVAL, errno) { |
3601 | + TH_LOG("Failed to detect that an unknown filter flag (0x%X) is unsupported! Does a new flag need to be added to this test?", |
3602 | + flag); |
3603 | + } |
3604 | +} |
3605 | + |
3606 | TEST(TSYNC_first) |
3607 | { |
3608 | struct sock_filter filter[] = { |
3609 | diff --git a/virt/kvm/arm/vgic/vgic-its.c b/virt/kvm/arm/vgic/vgic-its.c |
3610 | index 31f562507915..1ebbf233de9a 100644 |
3611 | --- a/virt/kvm/arm/vgic/vgic-its.c |
3612 | +++ b/virt/kvm/arm/vgic/vgic-its.c |
3613 | @@ -208,8 +208,8 @@ static int update_lpi_config(struct kvm *kvm, struct vgic_irq *irq, |
3614 | u8 prop; |
3615 | int ret; |
3616 | |
3617 | - ret = kvm_read_guest(kvm, propbase + irq->intid - GIC_LPI_OFFSET, |
3618 | - &prop, 1); |
3619 | + ret = kvm_read_guest_lock(kvm, propbase + irq->intid - GIC_LPI_OFFSET, |
3620 | + &prop, 1); |
3621 | |
3622 | if (ret) |
3623 | return ret; |
3624 | @@ -339,8 +339,9 @@ static int its_sync_lpi_pending_table(struct kvm_vcpu *vcpu) |
3625 | * this very same byte in the last iteration. Reuse that. |
3626 | */ |
3627 | if (byte_offset != last_byte_offset) { |
3628 | - ret = kvm_read_guest(vcpu->kvm, pendbase + byte_offset, |
3629 | - &pendmask, 1); |
3630 | + ret = kvm_read_guest_lock(vcpu->kvm, |
3631 | + pendbase + byte_offset, |
3632 | + &pendmask, 1); |
3633 | if (ret) { |
3634 | kfree(intids); |
3635 | return ret; |
3636 | @@ -628,7 +629,7 @@ static bool vgic_its_check_id(struct vgic_its *its, u64 baser, int id) |
3637 | return false; |
3638 | |
3639 | /* Each 1st level entry is represented by a 64-bit value. */ |
3640 | - if (kvm_read_guest(its->dev->kvm, |
3641 | + if (kvm_read_guest_lock(its->dev->kvm, |
3642 | BASER_ADDRESS(baser) + index * sizeof(indirect_ptr), |
3643 | &indirect_ptr, sizeof(indirect_ptr))) |
3644 | return false; |
3645 | @@ -1152,8 +1153,8 @@ static void vgic_its_process_commands(struct kvm *kvm, struct vgic_its *its) |
3646 | cbaser = CBASER_ADDRESS(its->cbaser); |
3647 | |
3648 | while (its->cwriter != its->creadr) { |
3649 | - int ret = kvm_read_guest(kvm, cbaser + its->creadr, |
3650 | - cmd_buf, ITS_CMD_SIZE); |
3651 | + int ret = kvm_read_guest_lock(kvm, cbaser + its->creadr, |
3652 | + cmd_buf, ITS_CMD_SIZE); |
3653 | /* |
3654 | * If kvm_read_guest() fails, this could be due to the guest |
3655 | * programming a bogus value in CBASER or something else going |