This is a note to let you know that I've just added the patch titled
x86/srso: Tie SBPB bit setting to microcode patch detection
to the 5.10-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
x86-srso-tie-sbpb-bit-setting-to-microcode-patch-detection.patch
and it can be found in the queue-5.10 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 5a15d8348881e9371afdf9f5357a135489496955 Mon Sep 17 00:00:00 2001
From: "Borislav Petkov (AMD)" <bp@xxxxxxxxx>
Date: Mon, 7 Aug 2023 10:46:04 +0200
Subject: x86/srso: Tie SBPB bit setting to microcode patch detection
From: Borislav Petkov (AMD) <bp@xxxxxxxxx>
commit 5a15d8348881e9371afdf9f5357a135489496955 upstream.
The SBPB bit in MSR_IA32_PRED_CMD is supported only after a microcode
patch has been applied so set X86_FEATURE_SBPB only then. Otherwise,
guests would attempt to set that bit and #GP on the MSR write.
While at it, make SMT detection more robust as some guests - depending
on how and what CPUID leafs their report - lead to cpu_smt_control
getting set to CPU_SMT_NOT_SUPPORTED but SRSO_NO should be set for any
guest incarnation where one simply cannot do SMT, for whatever reason.
Fixes: fb3bd914b3ec ("x86/srso: Add a Speculative RAS Overflow mitigation")
Reported-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
Reported-by: Salvatore Bonaccorso <carnil@xxxxxxxxxx>
Signed-off-by: Borislav Petkov (AMD) <bp@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
arch/x86/kernel/cpu/amd.c | 19 ++++++++++++-------
arch/x86/kernel/cpu/bugs.c | 7 +++----
2 files changed, 15 insertions(+), 11 deletions(-)
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
@@ -1284,16 +1284,21 @@ void set_dr_addr_mask(unsigned long mask
bool cpu_has_ibpb_brtype_microcode(void)
{
- u8 fam = boot_cpu_data.x86;
-
+ switch (boot_cpu_data.x86) {
/* Zen1/2 IBPB flushes branch type predictions too. */
- if (fam == 0x17)
+ case 0x17:
return boot_cpu_has(X86_FEATURE_AMD_IBPB);
- /* Poke the MSR bit on Zen3/4 to check its presence. */
- else if (fam == 0x19)
- return !wrmsrl_safe(MSR_IA32_PRED_CMD, PRED_CMD_SBPB);
- else
+ case 0x19:
+ /* Poke the MSR bit on Zen3/4 to check its presence. */
+ if (!wrmsrl_safe(MSR_IA32_PRED_CMD, PRED_CMD_SBPB)) {
+ setup_force_cpu_cap(X86_FEATURE_SBPB);
+ return true;
+ } else {
+ return false;
+ }
+ default:
return false;
+ }
}
static void zenbleed_check_cpu(void *unused)
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -2313,14 +2313,13 @@ static void __init srso_select_mitigatio
* flags for guests.
*/
setup_force_cpu_cap(X86_FEATURE_IBPB_BRTYPE);
- setup_force_cpu_cap(X86_FEATURE_SBPB);
/*
* Zen1/2 with SMT off aren't vulnerable after the right
* IBPB microcode has been applied.
*/
if ((boot_cpu_data.x86 < 0x19) &&
- (cpu_smt_control == CPU_SMT_DISABLED))
+ (!cpu_smt_possible() || (cpu_smt_control == CPU_SMT_DISABLED)))
setup_force_cpu_cap(X86_FEATURE_SRSO_NO);
}
@@ -2393,8 +2392,8 @@ static void __init srso_select_mitigatio
pr_info("%s%s\n", srso_strings[srso_mitigation], (has_microcode ? "" : ", no microcode"));
pred_cmd:
- if (boot_cpu_has(X86_FEATURE_SRSO_NO) ||
- srso_cmd == SRSO_CMD_OFF)
+ if ((boot_cpu_has(X86_FEATURE_SRSO_NO) || srso_cmd == SRSO_CMD_OFF) &&
+ boot_cpu_has(X86_FEATURE_SBPB))
x86_pred_cmd = PRED_CMD_SBPB;
}
Patches currently in stable-queue which might be from bp@xxxxxxxxx are
queue-5.10/x86-cpu-switch-to-arch_cpu_finalize_init.patch
queue-5.10/x86-srso-add-ibpb_brtype-support.patch
queue-5.10/x86-cpu-kvm-add-support-for-cpuid_80000021_eax.patch
queue-5.10/x86-srso-tie-sbpb-bit-setting-to-microcode-patch-detection.patch
queue-5.10/x86-bugs-increase-the-x86-bugs-vector-size-to-two-u32s.patch
queue-5.10/x86-srso-add-ibpb-on-vmexit.patch
queue-5.10/x86-xen-fix-secondary-processors-fpu-initialization.patch
queue-5.10/x86-srso-add-ibpb.patch
queue-5.10/x86-srso-fix-return-thunks-in-generated-code.patch
queue-5.10/x86-srso-add-a-speculative-ras-overflow-mitigation.patch
queue-5.10/x86-srso-add-srso_no-support.patch
