From: Greg Kroah-Hartman Date: Wed, 15 Aug 2018 12:40:22 +0000 (+0200) Subject: 4.18: add git commit ids to patches X-Git-Tag: v4.18.1~4 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5d542e9e844414a2e76a3d12030feb608762c862;p=thirdparty%2Fkernel%2Fstable-queue.git 4.18: add git commit ids to patches --- diff --git a/queue-4.18/cpu-hotplug-boot-ht-siblings-at-least-once.patch b/queue-4.18/cpu-hotplug-boot-ht-siblings-at-least-once.patch index 1e5ffdeda40..02d91b89471 100644 --- a/queue-4.18/cpu-hotplug-boot-ht-siblings-at-least-once.patch +++ b/queue-4.18/cpu-hotplug-boot-ht-siblings-at-least-once.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 0cc3cd21657be04cb0559fe8063f2130493f92cf Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Fri, 29 Jun 2018 16:05:48 +0200 Subject: cpu/hotplug: Boot HT siblings at least once From: Thomas Gleixner +commit 0cc3cd21657be04cb0559fe8063f2130493f92cf upstream. + Due to the way Machine Check Exceptions work on X86 hyperthreads it's required to boot up _all_ logical cores at least once in order to set the CR4.MCE bit. @@ -18,6 +20,7 @@ Reported-by: Dave Hansen Signed-off-by: Thomas Gleixner Tested-by: Tony Luck Signed-off-by: Greg Kroah-Hartman + --- kernel/cpu.c | 72 +++++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 48 insertions(+), 24 deletions(-) diff --git a/queue-4.18/cpu-hotplug-detect-smt-disabled-by-bios.patch b/queue-4.18/cpu-hotplug-detect-smt-disabled-by-bios.patch index 6d9c631c278..ceb12bf0316 100644 --- a/queue-4.18/cpu-hotplug-detect-smt-disabled-by-bios.patch +++ b/queue-4.18/cpu-hotplug-detect-smt-disabled-by-bios.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 73d5e2b472640b1fcdb61ae8be389912ef211bda Mon Sep 17 00:00:00 2001 From: Josh Poimboeuf Date: Tue, 24 Jul 2018 18:17:40 +0200 Subject: cpu/hotplug: detect SMT disabled by BIOS From: Josh Poimboeuf +commit 73d5e2b472640b1fcdb61ae8be389912ef211bda upstream. + If SMT is disabled in BIOS, the CPU code doesn't properly detect it. The /sys/devices/system/cpu/smt/control file shows 'on', and the 'l1tf' vulnerabilities file shows SMT as vulnerable. @@ -20,6 +22,7 @@ Fixes: f048c399e0f7 ("x86/topology: Provide topology_smt_supported()") Signed-off-by: Josh Poimboeuf Signed-off-by: Peter Zijlstra Signed-off-by: Greg Kroah-Hartman + --- kernel/cpu.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/queue-4.18/cpu-hotplug-expose-smt-control-init-function.patch b/queue-4.18/cpu-hotplug-expose-smt-control-init-function.patch index 0270cb51be5..d500078099d 100644 --- a/queue-4.18/cpu-hotplug-expose-smt-control-init-function.patch +++ b/queue-4.18/cpu-hotplug-expose-smt-control-init-function.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 8e1b706b6e819bed215c0db16345568864660393 Mon Sep 17 00:00:00 2001 From: Jiri Kosina Date: Fri, 13 Jul 2018 16:23:23 +0200 Subject: cpu/hotplug: Expose SMT control init function From: Jiri Kosina +commit 8e1b706b6e819bed215c0db16345568864660393 upstream. + The L1TF mitigation will gain a commend line parameter which allows to set a combination of hypervisor mitigation and SMT control. @@ -20,6 +22,7 @@ Reviewed-by: Greg Kroah-Hartman Reviewed-by: Josh Poimboeuf Link: https://lkml.kernel.org/r/20180713142323.039715135@linutronix.de Signed-off-by: Greg Kroah-Hartman + --- include/linux/cpu.h | 2 ++ kernel/cpu.c | 16 +++++++++++++--- diff --git a/queue-4.18/cpu-hotplug-fix-smt-supported-evaluation.patch b/queue-4.18/cpu-hotplug-fix-smt-supported-evaluation.patch index 96f714aa001..4de04fc1780 100644 --- a/queue-4.18/cpu-hotplug-fix-smt-supported-evaluation.patch +++ b/queue-4.18/cpu-hotplug-fix-smt-supported-evaluation.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From bc2d8d262cba5736332cbc866acb11b1c5748aa9 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Tue, 7 Aug 2018 08:19:57 +0200 Subject: cpu/hotplug: Fix SMT supported evaluation From: Thomas Gleixner +commit bc2d8d262cba5736332cbc866acb11b1c5748aa9 upstream. + Josh reported that the late SMT evaluation in cpu_smt_state_init() sets cpu_smt_control to CPU_SMT_NOT_SUPPORTED in case that 'nosmt' was supplied on the kernel command line as it cannot differentiate between SMT disabled @@ -24,6 +26,7 @@ Fixes: 73d5e2b47264 ("cpu/hotplug: detect SMT disabled by BIOS") Reported-by: Josh Poimboeuf Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- arch/x86/kernel/cpu/bugs.c | 2 +- include/linux/cpu.h | 2 ++ diff --git a/queue-4.18/cpu-hotplug-make-bringup-teardown-of-smp-threads-symmetric.patch b/queue-4.18/cpu-hotplug-make-bringup-teardown-of-smp-threads-symmetric.patch index f8f59233fe1..4e62c51232f 100644 --- a/queue-4.18/cpu-hotplug-make-bringup-teardown-of-smp-threads-symmetric.patch +++ b/queue-4.18/cpu-hotplug-make-bringup-teardown-of-smp-threads-symmetric.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From c4de65696d865c225fda3b9913b31284ea65ea96 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Tue, 29 May 2018 19:05:25 +0200 Subject: cpu/hotplug: Make bringup/teardown of smp threads symmetric From: Thomas Gleixner +commit c4de65696d865c225fda3b9913b31284ea65ea96 upstream. + The asymmetry caused a warning to trigger if the bootup was stopped in state CPUHP_AP_ONLINE_IDLE. The warning no longer triggers as kthread_park() can now be invoked on already or still parked threads. But there is still no @@ -14,6 +16,7 @@ Signed-off-by: Thomas Gleixner Reviewed-by: Konrad Rzeszutek Wilk Acked-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman + --- kernel/cpu.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/queue-4.18/cpu-hotplug-online-siblings-when-smt-control-is-turned-on.patch b/queue-4.18/cpu-hotplug-online-siblings-when-smt-control-is-turned-on.patch index b1c018dc1e8..d2c98aeb96c 100644 --- a/queue-4.18/cpu-hotplug-online-siblings-when-smt-control-is-turned-on.patch +++ b/queue-4.18/cpu-hotplug-online-siblings-when-smt-control-is-turned-on.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 215af5499d9e2b55f111d2431ea20218115f29b3 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Sat, 7 Jul 2018 11:40:18 +0200 Subject: cpu/hotplug: Online siblings when SMT control is turned on From: Thomas Gleixner +commit 215af5499d9e2b55f111d2431ea20218115f29b3 upstream. + Writing 'off' to /sys/devices/system/cpu/smt/control offlines all SMT siblings. Writing 'on' merily enables the abilify to online them, but does not online them automatically. @@ -13,6 +15,7 @@ Make 'on' more useful by onlining all offline siblings. Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- kernel/cpu.c | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/queue-4.18/cpu-hotplug-provide-knobs-to-control-smt.patch b/queue-4.18/cpu-hotplug-provide-knobs-to-control-smt.patch index 935d1e11deb..2b23b578678 100644 --- a/queue-4.18/cpu-hotplug-provide-knobs-to-control-smt.patch +++ b/queue-4.18/cpu-hotplug-provide-knobs-to-control-smt.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 05736e4ac13c08a4a9b1ef2de26dd31a32cbee57 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Tue, 29 May 2018 17:48:27 +0200 Subject: cpu/hotplug: Provide knobs to control SMT From: Thomas Gleixner +commit 05736e4ac13c08a4a9b1ef2de26dd31a32cbee57 upstream. + Provide a command line and a sysfs knob to control SMT. The command line options are: @@ -48,6 +50,7 @@ Signed-off-by: Thomas Gleixner Reviewed-by: Konrad Rzeszutek Wilk Acked-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman + --- Documentation/ABI/testing/sysfs-devices-system-cpu | 20 ++ Documentation/admin-guide/kernel-parameters.txt | 8 diff --git a/queue-4.18/cpu-hotplug-set-cpu_smt_not_supported-early.patch b/queue-4.18/cpu-hotplug-set-cpu_smt_not_supported-early.patch index 63d02fda491..725445bbb4f 100644 --- a/queue-4.18/cpu-hotplug-set-cpu_smt_not_supported-early.patch +++ b/queue-4.18/cpu-hotplug-set-cpu_smt_not_supported-early.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From fee0aede6f4739c87179eca76136f83210953b86 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Fri, 13 Jul 2018 16:23:24 +0200 Subject: cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early From: Thomas Gleixner +commit fee0aede6f4739c87179eca76136f83210953b86 upstream. + The CPU_SMT_NOT_SUPPORTED state is set (if the processor does not support SMT) when the sysfs SMT control file is initialized. @@ -20,6 +22,7 @@ Reviewed-by: Greg Kroah-Hartman Reviewed-by: Josh Poimboeuf Link: https://lkml.kernel.org/r/20180713142323.121795971@linutronix.de Signed-off-by: Greg Kroah-Hartman + --- arch/x86/kernel/cpu/bugs.c | 6 ++++++ include/linux/cpu.h | 2 ++ diff --git a/queue-4.18/cpu-hotplug-split-do_cpu_down.patch b/queue-4.18/cpu-hotplug-split-do_cpu_down.patch index ca93e138a1c..a8b765563c3 100644 --- a/queue-4.18/cpu-hotplug-split-do_cpu_down.patch +++ b/queue-4.18/cpu-hotplug-split-do_cpu_down.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From cc1fe215e1efa406b03aa4389e6269b61342dec5 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Tue, 29 May 2018 17:49:05 +0200 Subject: cpu/hotplug: Split do_cpu_down() From: Thomas Gleixner +commit cc1fe215e1efa406b03aa4389e6269b61342dec5 upstream. + Split out the inner workings of do_cpu_down() to allow reuse of that function for the upcoming SMT disabling mechanism. @@ -14,6 +16,7 @@ Signed-off-by: Thomas Gleixner Reviewed-by: Konrad Rzeszutek Wilk Acked-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman + --- kernel/cpu.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/queue-4.18/documentation-add-section-about-cpu-vulnerabilities.patch b/queue-4.18/documentation-add-section-about-cpu-vulnerabilities.patch index 96bb1d4f9bb..2e01ca2d2ff 100644 --- a/queue-4.18/documentation-add-section-about-cpu-vulnerabilities.patch +++ b/queue-4.18/documentation-add-section-about-cpu-vulnerabilities.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 3ec8ce5d866ec6a08a9cfab82b62acf4a830b35f Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Fri, 13 Jul 2018 16:23:26 +0200 Subject: Documentation: Add section about CPU vulnerabilities From: Thomas Gleixner +commit 3ec8ce5d866ec6a08a9cfab82b62acf4a830b35f upstream. + Add documentation for the L1TF vulnerability and the mitigation mechanisms: - Explain the problem and risks @@ -18,11 +20,11 @@ Reviewed-by: Josh Poimboeuf Acked-by: Linus Torvalds Link: https://lkml.kernel.org/r/20180713142323.287429944@linutronix.de Signed-off-by: Greg Kroah-Hartman + --- Documentation/admin-guide/index.rst | 9 Documentation/admin-guide/l1tf.rst | 591 ++++++++++++++++++++++++++++++++++++ 2 files changed, 600 insertions(+) - create mode 100644 Documentation/admin-guide/l1tf.rst --- a/Documentation/admin-guide/index.rst +++ b/Documentation/admin-guide/index.rst diff --git a/queue-4.18/documentation-l1tf-fix-typos.patch b/queue-4.18/documentation-l1tf-fix-typos.patch index 51ff1ae4a08..f938f33e6fe 100644 --- a/queue-4.18/documentation-l1tf-fix-typos.patch +++ b/queue-4.18/documentation-l1tf-fix-typos.patch @@ -1,15 +1,18 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 1949f9f49792d65dba2090edddbe36a5f02e3ba3 Mon Sep 17 00:00:00 2001 From: Tony Luck Date: Thu, 19 Jul 2018 13:49:58 -0700 Subject: Documentation/l1tf: Fix typos From: Tony Luck +commit 1949f9f49792d65dba2090edddbe36a5f02e3ba3 upstream. + Fix spelling and other typos Signed-off-by: Tony Luck Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- Documentation/admin-guide/l1tf.rst | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/queue-4.18/documentation-l1tf-remove-yonah-processors-from-not-vulnerable-list.patch b/queue-4.18/documentation-l1tf-remove-yonah-processors-from-not-vulnerable-list.patch index 2106205aa3c..f74b670a9a9 100644 --- a/queue-4.18/documentation-l1tf-remove-yonah-processors-from-not-vulnerable-list.patch +++ b/queue-4.18/documentation-l1tf-remove-yonah-processors-from-not-vulnerable-list.patch @@ -1,16 +1,19 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 58331136136935c631c2b5f06daf4c3006416e91 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Sun, 5 Aug 2018 17:06:12 +0200 Subject: Documentation/l1tf: Remove Yonah processors from not vulnerable list From: Thomas Gleixner +commit 58331136136935c631c2b5f06daf4c3006416e91 upstream. + Dave reported, that it's not confirmed that Yonah processors are unaffected. Remove them from the list. Reported-by: ave Hansen Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- Documentation/admin-guide/l1tf.rst | 2 -- 1 file changed, 2 deletions(-) diff --git a/queue-4.18/kvm-vmx-tell-the-nested-hypervisor-to-skip-l1d-flush-on-vmentry.patch b/queue-4.18/kvm-vmx-tell-the-nested-hypervisor-to-skip-l1d-flush-on-vmentry.patch index 2d3a75e43ae..64e18f079aa 100644 --- a/queue-4.18/kvm-vmx-tell-the-nested-hypervisor-to-skip-l1d-flush-on-vmentry.patch +++ b/queue-4.18/kvm-vmx-tell-the-nested-hypervisor-to-skip-l1d-flush-on-vmentry.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 5b76a3cff011df2dcb6186c965a2e4d809a05ad4 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Sun, 5 Aug 2018 16:07:47 +0200 Subject: KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry From: Paolo Bonzini +commit 5b76a3cff011df2dcb6186c965a2e4d809a05ad4 upstream. + When nested virtualization is in use, VMENTER operations from the nested hypervisor into the nested guest will always be processed by the bare metal hypervisor, and KVM's "conditional cache flushes" mode in particular does a @@ -16,6 +18,7 @@ Add the relevant Documentation. Signed-off-by: Paolo Bonzini Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- Documentation/admin-guide/l1tf.rst | 21 +++++++++++++++++++++ arch/x86/include/asm/kvm_host.h | 1 + diff --git a/queue-4.18/revert-x86-apic-ignore-secondary-threads-if-nosmt-force.patch b/queue-4.18/revert-x86-apic-ignore-secondary-threads-if-nosmt-force.patch index 0231c5a3e5b..6c773236857 100644 --- a/queue-4.18/revert-x86-apic-ignore-secondary-threads-if-nosmt-force.patch +++ b/queue-4.18/revert-x86-apic-ignore-secondary-threads-if-nosmt-force.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 506a66f374891ff08e064a058c446b336c5ac760 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Fri, 29 Jun 2018 16:05:47 +0200 Subject: Revert "x86/apic: Ignore secondary threads if nosmt=force" From: Thomas Gleixner +commit 506a66f374891ff08e064a058c446b336c5ac760 upstream. + Dave Hansen reported, that it's outright dangerous to keep SMT siblings disabled completely so they are stuck in the BIOS and wait for SIPI. @@ -59,6 +61,7 @@ Reported-by: Dave Hansen Signed-off-by: Thomas Gleixner Tested-by: Tony Luck Signed-off-by: Greg Kroah-Hartman + --- Documentation/admin-guide/kernel-parameters.txt | 8 ++------ arch/x86/include/asm/apic.h | 2 -- diff --git a/queue-4.18/sched-smt-update-sched_smt_present-at-runtime.patch b/queue-4.18/sched-smt-update-sched_smt_present-at-runtime.patch index 6e1248d80f1..06b8ca95cca 100644 --- a/queue-4.18/sched-smt-update-sched_smt_present-at-runtime.patch +++ b/queue-4.18/sched-smt-update-sched_smt_present-at-runtime.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From ba2591a5993eabcc8e874e30f361d8ffbb10d6d4 Mon Sep 17 00:00:00 2001 From: Peter Zijlstra Date: Tue, 29 May 2018 16:43:46 +0200 Subject: sched/smt: Update sched_smt_present at runtime From: Peter Zijlstra +commit ba2591a5993eabcc8e874e30f361d8ffbb10d6d4 upstream. + The static key sched_smt_present is only updated at boot time when SMT siblings have been detected. Booting with maxcpus=1 and bringing the siblings online after boot rebuilds the scheduling domains correctly but @@ -17,6 +19,7 @@ Signed-off-by: Thomas Gleixner Reviewed-by: Konrad Rzeszutek Wilk Acked-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman + --- kernel/sched/core.c | 30 ++++++++++++------------------ kernel/sched/fair.c | 1 + diff --git a/queue-4.18/tools-headers-synchronise-x86-cpufeatures.h-for-l1tf-additions.patch b/queue-4.18/tools-headers-synchronise-x86-cpufeatures.h-for-l1tf-additions.patch index 6e1f6223428..b5785514039 100644 --- a/queue-4.18/tools-headers-synchronise-x86-cpufeatures.h-for-l1tf-additions.patch +++ b/queue-4.18/tools-headers-synchronise-x86-cpufeatures.h-for-l1tf-additions.patch @@ -1,12 +1,15 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From e24f14b0ff985f3e09e573ba1134bfdf42987e05 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 8 Aug 2018 11:00:16 +0100 Subject: tools headers: Synchronise x86 cpufeatures.h for L1TF additions From: David Woodhouse +commit e24f14b0ff985f3e09e573ba1134bfdf42987e05 upstream. + Signed-off-by: David Woodhouse Signed-off-by: Greg Kroah-Hartman + --- tools/arch/x86/include/asm/cpufeatures.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/queue-4.18/x86-apic-ignore-secondary-threads-if-nosmt-force.patch b/queue-4.18/x86-apic-ignore-secondary-threads-if-nosmt-force.patch index d20c5683aea..8bbd3e2e15b 100644 --- a/queue-4.18/x86-apic-ignore-secondary-threads-if-nosmt-force.patch +++ b/queue-4.18/x86-apic-ignore-secondary-threads-if-nosmt-force.patch @@ -1,10 +1,15 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 2207def700f902f169fc237b717252c326f9e464 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Tue, 5 Jun 2018 14:00:11 +0200 Subject: x86/apic: Ignore secondary threads if nosmt=force +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit From: Thomas Gleixner +commit 2207def700f902f169fc237b717252c326f9e464 upstream. + nosmt on the kernel command line merely prevents the onlining of the secondary SMT siblings. @@ -57,6 +62,7 @@ Signed-off-by: Thomas Gleixner Reviewed-by: Konrad Rzeszutek Wilk Acked-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman + --- arch/x86/include/asm/apic.h | 2 ++ arch/x86/kernel/acpi/boot.c | 3 ++- diff --git a/queue-4.18/x86-bugs-kvm-introduce-boot-time-control-of-l1tf-mitigations.patch b/queue-4.18/x86-bugs-kvm-introduce-boot-time-control-of-l1tf-mitigations.patch index 9e0839965dd..d736fa862c8 100644 --- a/queue-4.18/x86-bugs-kvm-introduce-boot-time-control-of-l1tf-mitigations.patch +++ b/queue-4.18/x86-bugs-kvm-introduce-boot-time-control-of-l1tf-mitigations.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From d90a7a0ec83fb86622cd7dae23255d3c50a99ec8 Mon Sep 17 00:00:00 2001 From: Jiri Kosina Date: Fri, 13 Jul 2018 16:23:25 +0200 Subject: x86/bugs, kvm: Introduce boot-time control of L1TF mitigations From: Jiri Kosina +commit d90a7a0ec83fb86622cd7dae23255d3c50a99ec8 upstream. + Introduce the 'l1tf=' kernel command line option to allow for boot-time switching of mitigation that is used on processors affected by L1TF. @@ -77,6 +79,7 @@ Reviewed-by: Greg Kroah-Hartman Reviewed-by: Josh Poimboeuf Link: https://lkml.kernel.org/r/20180713142323.202758176@linutronix.de Signed-off-by: Greg Kroah-Hartman + --- Documentation/ABI/testing/sysfs-devices-system-cpu | 4 + Documentation/admin-guide/kernel-parameters.txt | 68 +++++++++++++++++++-- diff --git a/queue-4.18/x86-bugs-move-the-l1tf-function-and-define-pr_fmt-properly.patch b/queue-4.18/x86-bugs-move-the-l1tf-function-and-define-pr_fmt-properly.patch index 43ca7be6ed4..4d66fa2d85a 100644 --- a/queue-4.18/x86-bugs-move-the-l1tf-function-and-define-pr_fmt-properly.patch +++ b/queue-4.18/x86-bugs-move-the-l1tf-function-and-define-pr_fmt-properly.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 56563f53d3066afa9e63d6c997bf67e76a8b05c0 Mon Sep 17 00:00:00 2001 From: Konrad Rzeszutek Wilk Date: Wed, 20 Jun 2018 16:42:57 -0400 Subject: x86/bugs: Move the l1tf function and define pr_fmt properly From: Konrad Rzeszutek Wilk +commit 56563f53d3066afa9e63d6c997bf67e76a8b05c0 upstream. + The pr_warn in l1tf_select_mitigation would have used the prior pr_fmt which was defined as "Spectre V2 : ". @@ -14,6 +16,7 @@ Fixes: 17dbca119312 ("x86/speculation/l1tf: Add sysfs reporting for l1tf") Signed-off-by: Konrad Rzeszutek Wilk Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- arch/x86/kernel/cpu/bugs.c | 55 +++++++++++++++++++++++---------------------- 1 file changed, 29 insertions(+), 26 deletions(-) diff --git a/queue-4.18/x86-cpu-amd-do-not-check-cpuid-max-ext-level-before-parsing-smp-info.patch b/queue-4.18/x86-cpu-amd-do-not-check-cpuid-max-ext-level-before-parsing-smp-info.patch index bfc325ff0a7..93397bd20e3 100644 --- a/queue-4.18/x86-cpu-amd-do-not-check-cpuid-max-ext-level-before-parsing-smp-info.patch +++ b/queue-4.18/x86-cpu-amd-do-not-check-cpuid-max-ext-level-before-parsing-smp-info.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 119bff8a9c9bb00116a844ec68be7bc4b1c768f5 Mon Sep 17 00:00:00 2001 From: Borislav Petkov Date: Fri, 15 Jun 2018 20:48:39 +0200 Subject: x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info From: Borislav Petkov +commit 119bff8a9c9bb00116a844ec68be7bc4b1c768f5 upstream. + Old code used to check whether CPUID ext max level is >= 0x80000008 because that last leaf contains the number of cores of the physical CPU. The three functions called there now do not depend on that leaf anymore so the check @@ -14,6 +16,7 @@ Signed-off-by: Borislav Petkov Signed-off-by: Thomas Gleixner Acked-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman + --- arch/x86/kernel/cpu/amd.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/queue-4.18/x86-cpu-amd-evaluate-smp_num_siblings-early.patch b/queue-4.18/x86-cpu-amd-evaluate-smp_num_siblings-early.patch index fb7ed832947..b768470961b 100644 --- a/queue-4.18/x86-cpu-amd-evaluate-smp_num_siblings-early.patch +++ b/queue-4.18/x86-cpu-amd-evaluate-smp_num_siblings-early.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 1e1d7e25fd759eddf96d8ab39d0a90a1979b2d8c Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Wed, 6 Jun 2018 00:57:38 +0200 Subject: x86/cpu/AMD: Evaluate smp_num_siblings early From: Thomas Gleixner +commit 1e1d7e25fd759eddf96d8ab39d0a90a1979b2d8c upstream. + To support force disabling of SMT it's required to know the number of thread siblings early. amd_get_topology() cannot be called before the APIC driver is selected, so split out the part which initializes @@ -13,6 +15,7 @@ smp_num_siblings and invoke it from amd_early_init(). Signed-off-by: Thomas Gleixner Acked-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman + --- arch/x86/kernel/cpu/amd.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/queue-4.18/x86-cpu-amd-move-topoext-reenablement-before-reading-smp_num_siblings.patch b/queue-4.18/x86-cpu-amd-move-topoext-reenablement-before-reading-smp_num_siblings.patch index d5b12ffb090..b871446686c 100644 --- a/queue-4.18/x86-cpu-amd-move-topoext-reenablement-before-reading-smp_num_siblings.patch +++ b/queue-4.18/x86-cpu-amd-move-topoext-reenablement-before-reading-smp_num_siblings.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 7ce2f0393ea2396142b7faf6ee9b1f3676d08a5f Mon Sep 17 00:00:00 2001 From: Borislav Petkov Date: Fri, 22 Jun 2018 11:34:11 +0200 Subject: x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings From: Borislav Petkov +commit 7ce2f0393ea2396142b7faf6ee9b1f3676d08a5f upstream. + The TOPOEXT reenablement is a workaround for broken BIOSen which didn't enable the CPUID bit. amd_get_topology_early(), however, relies on that bit being set so that it can read out the CPUID leaf and set @@ -16,6 +18,7 @@ amd_get_topology_early(). Signed-off-by: Borislav Petkov Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- arch/x86/kernel/cpu/amd.c | 37 +++++++++++++++++-------------------- 1 file changed, 17 insertions(+), 20 deletions(-) diff --git a/queue-4.18/x86-cpu-amd-remove-the-pointless-detect_ht-call.patch b/queue-4.18/x86-cpu-amd-remove-the-pointless-detect_ht-call.patch index 6b6f6c0b26e..466ae711207 100644 --- a/queue-4.18/x86-cpu-amd-remove-the-pointless-detect_ht-call.patch +++ b/queue-4.18/x86-cpu-amd-remove-the-pointless-detect_ht-call.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 44ca36de56d1bf196dca2eb67cd753a46961ffe6 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Wed, 6 Jun 2018 00:47:10 +0200 Subject: x86/cpu/AMD: Remove the pointless detect_ht() call From: Thomas Gleixner +commit 44ca36de56d1bf196dca2eb67cd753a46961ffe6 upstream. + Real 32bit AMD CPUs do not have SMT and the only value of the call was to reach the magic printout which got removed. @@ -12,6 +14,7 @@ Signed-off-by: Thomas Gleixner Reviewed-by: Konrad Rzeszutek Wilk Acked-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman + --- arch/x86/kernel/cpu/amd.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/queue-4.18/x86-cpu-common-provide-detect_ht_early.patch b/queue-4.18/x86-cpu-common-provide-detect_ht_early.patch index af3b5dd942c..796861d7d46 100644 --- a/queue-4.18/x86-cpu-common-provide-detect_ht_early.patch +++ b/queue-4.18/x86-cpu-common-provide-detect_ht_early.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 545401f4448a807b963ff17b575e0a393e68b523 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Wed, 6 Jun 2018 00:53:57 +0200 Subject: x86/cpu/common: Provide detect_ht_early() From: Thomas Gleixner +commit 545401f4448a807b963ff17b575e0a393e68b523 upstream. + To support force disabling of SMT it's required to know the number of thread siblings early. detect_ht() cannot be called before the APIC driver is selected, so split out the part which initializes smp_num_siblings. @@ -13,6 +15,7 @@ Signed-off-by: Thomas Gleixner Reviewed-by: Konrad Rzeszutek Wilk Acked-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman + --- arch/x86/kernel/cpu/common.c | 24 ++++++++++++++---------- arch/x86/kernel/cpu/cpu.h | 1 + diff --git a/queue-4.18/x86-cpu-intel-evaluate-smp_num_siblings-early.patch b/queue-4.18/x86-cpu-intel-evaluate-smp_num_siblings-early.patch index 1e09f96db6c..51c76901cdc 100644 --- a/queue-4.18/x86-cpu-intel-evaluate-smp_num_siblings-early.patch +++ b/queue-4.18/x86-cpu-intel-evaluate-smp_num_siblings-early.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 1910ad5624968f93be48e8e265513c54d66b897c Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Wed, 6 Jun 2018 01:00:55 +0200 Subject: x86/cpu/intel: Evaluate smp_num_siblings early From: Thomas Gleixner +commit 1910ad5624968f93be48e8e265513c54d66b897c upstream. + Make use of the new early detection function to initialize smp_num_siblings on the boot cpu before the MP-Table or ACPI/MADT scan happens. That's required for force disabling SMT. @@ -13,6 +15,7 @@ Signed-off-by: Thomas Gleixner Reviewed-by: Konrad Rzeszutek Wilk Acked-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman + --- arch/x86/kernel/cpu/intel.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/queue-4.18/x86-cpu-remove-the-pointless-cpu-printout.patch b/queue-4.18/x86-cpu-remove-the-pointless-cpu-printout.patch index cd5deb56482..09a1bde73fe 100644 --- a/queue-4.18/x86-cpu-remove-the-pointless-cpu-printout.patch +++ b/queue-4.18/x86-cpu-remove-the-pointless-cpu-printout.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 55e6d279abd92cfd7576bba031e7589be8475edb Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Wed, 6 Jun 2018 00:36:15 +0200 Subject: x86/cpu: Remove the pointless CPU printout From: Thomas Gleixner +commit 55e6d279abd92cfd7576bba031e7589be8475edb upstream. + The value of this printout is dubious at best and there is no point in having it in two different places along with convoluted ways to reach it. @@ -14,6 +16,7 @@ Signed-off-by: Thomas Gleixner Reviewed-by: Konrad Rzeszutek Wilk Acked-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman + --- arch/x86/kernel/cpu/common.c | 20 +++++--------------- arch/x86/kernel/cpu/topology.c | 10 ---------- diff --git a/queue-4.18/x86-cpu-topology-provide-detect_extended_topology_early.patch b/queue-4.18/x86-cpu-topology-provide-detect_extended_topology_early.patch index ccc56d8e05d..265cae94806 100644 --- a/queue-4.18/x86-cpu-topology-provide-detect_extended_topology_early.patch +++ b/queue-4.18/x86-cpu-topology-provide-detect_extended_topology_early.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 95f3d39ccf7aaea79d1ffdac1c887c2e100ec1b6 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Wed, 6 Jun 2018 00:55:39 +0200 Subject: x86/cpu/topology: Provide detect_extended_topology_early() From: Thomas Gleixner +commit 95f3d39ccf7aaea79d1ffdac1c887c2e100ec1b6 upstream. + To support force disabling of SMT it's required to know the number of thread siblings early. detect_extended_topology() cannot be called before the APIC driver is selected, so split out the part which initializes @@ -14,6 +16,7 @@ Signed-off-by: Thomas Gleixner Reviewed-by: Konrad Rzeszutek Wilk Acked-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman + --- arch/x86/kernel/cpu/cpu.h | 1 + arch/x86/kernel/cpu/topology.c | 31 ++++++++++++++++++++++--------- diff --git a/queue-4.18/x86-cpufeatures-add-detection-of-l1d-cache-flush-support.patch b/queue-4.18/x86-cpufeatures-add-detection-of-l1d-cache-flush-support.patch index 08254a0ba63..d6e37ab9029 100644 --- a/queue-4.18/x86-cpufeatures-add-detection-of-l1d-cache-flush-support.patch +++ b/queue-4.18/x86-cpufeatures-add-detection-of-l1d-cache-flush-support.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 11e34e64e4103955fc4568750914c75d65ea87ee Mon Sep 17 00:00:00 2001 From: Konrad Rzeszutek Wilk Date: Wed, 20 Jun 2018 16:42:58 -0400 Subject: x86/cpufeatures: Add detection of L1D cache flush support. From: Konrad Rzeszutek Wilk +commit 11e34e64e4103955fc4568750914c75d65ea87ee upstream. + 336996-Speculative-Execution-Side-Channel-Mitigations.pdf defines a new MSR (IA32_FLUSH_CMD) which is detected by CPUID.7.EDX[28]=1 bit being set. @@ -17,6 +19,7 @@ A copy of this document is available at Signed-off-by: Konrad Rzeszutek Wilk Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- arch/x86/include/asm/cpufeatures.h | 1 + 1 file changed, 1 insertion(+) diff --git a/queue-4.18/x86-don-t-include-linux-irq.h-from-asm-hardirq.h.patch b/queue-4.18/x86-don-t-include-linux-irq.h-from-asm-hardirq.h.patch index 14831d6dc7b..d90588e8ea3 100644 --- a/queue-4.18/x86-don-t-include-linux-irq.h-from-asm-hardirq.h.patch +++ b/queue-4.18/x86-don-t-include-linux-irq.h-from-asm-hardirq.h.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 447ae316670230d7d29430e2cbf1f5db4f49d14c Mon Sep 17 00:00:00 2001 From: Nicolai Stange Date: Sun, 29 Jul 2018 12:15:33 +0200 Subject: x86: Don't include linux/irq.h from asm/hardirq.h From: Nicolai Stange +commit 447ae316670230d7d29430e2cbf1f5db4f49d14c upstream. + The next patch in this series will have to make the definition of irq_cpustat_t available to entering_irq(). @@ -65,6 +67,7 @@ at all. Signed-off-by: Nicolai Stange Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- arch/x86/include/asm/dmi.h | 2 +- arch/x86/include/asm/hardirq.h | 1 - diff --git a/queue-4.18/x86-irq-demote-irq_cpustat_t-__softirq_pending-to-u16.patch b/queue-4.18/x86-irq-demote-irq_cpustat_t-__softirq_pending-to-u16.patch index 86bcff340d5..ed10112e90d 100644 --- a/queue-4.18/x86-irq-demote-irq_cpustat_t-__softirq_pending-to-u16.patch +++ b/queue-4.18/x86-irq-demote-irq_cpustat_t-__softirq_pending-to-u16.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 9aee5f8a7e30330d0a8f4c626dc924ca5590aba5 Mon Sep 17 00:00:00 2001 From: Nicolai Stange Date: Fri, 27 Jul 2018 12:46:29 +0200 Subject: x86/irq: Demote irq_cpustat_t::__softirq_pending to u16 From: Nicolai Stange +commit 9aee5f8a7e30330d0a8f4c626dc924ca5590aba5 upstream. + An upcoming patch will extend KVM's L1TF mitigation in conditional mode to also cover interrupts after VMEXITs. For tracking those, stores to a new per-cpu flag from interrupt handlers will become necessary. @@ -21,6 +23,7 @@ Signed-off-by: Nicolai Stange Signed-off-by: Thomas Gleixner Reviewed-by: Paolo Bonzini Signed-off-by: Greg Kroah-Hartman + --- arch/x86/include/asm/hardirq.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/queue-4.18/x86-irq-let-interrupt-handlers-set-kvm_cpu_l1tf_flush_l1d.patch b/queue-4.18/x86-irq-let-interrupt-handlers-set-kvm_cpu_l1tf_flush_l1d.patch index 6fde640a0e2..6ffc6abac68 100644 --- a/queue-4.18/x86-irq-let-interrupt-handlers-set-kvm_cpu_l1tf_flush_l1d.patch +++ b/queue-4.18/x86-irq-let-interrupt-handlers-set-kvm_cpu_l1tf_flush_l1d.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From ffcba43ff66c7dab34ec700debd491d2a4d319b4 Mon Sep 17 00:00:00 2001 From: Nicolai Stange Date: Sun, 29 Jul 2018 13:06:04 +0200 Subject: x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d From: Nicolai Stange +commit ffcba43ff66c7dab34ec700debd491d2a4d319b4 upstream. + The last missing piece to having vmx_l1d_flush() take interrupts after VMEXIT into account is to set the kvm_cpu_l1tf_flush_l1d per-cpu flag on irq entry. @@ -17,6 +19,7 @@ Suggested-by: Paolo Bonzini Signed-off-by: Nicolai Stange Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- arch/x86/include/asm/apic.h | 3 +++ arch/x86/kernel/smp.c | 1 + diff --git a/queue-4.18/x86-kvm-add-static-key-for-flush-always.patch b/queue-4.18/x86-kvm-add-static-key-for-flush-always.patch index 45de96d39d7..456ffe2a9c3 100644 --- a/queue-4.18/x86-kvm-add-static-key-for-flush-always.patch +++ b/queue-4.18/x86-kvm-add-static-key-for-flush-always.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 4c6523ec59fe895ea352a650218a6be0653910b1 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Fri, 13 Jul 2018 16:23:20 +0200 Subject: x86/kvm: Add static key for flush always From: Thomas Gleixner +commit 4c6523ec59fe895ea352a650218a6be0653910b1 upstream. + Avoid the conditional in the L1D flush control path. Signed-off-by: Thomas Gleixner @@ -13,6 +15,7 @@ Reviewed-by: Greg Kroah-Hartman Reviewed-by: Josh Poimboeuf Link: https://lkml.kernel.org/r/20180713142322.790914912@linutronix.de Signed-off-by: Greg Kroah-Hartman + --- arch/x86/kvm/vmx.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/queue-4.18/x86-kvm-allow-runtime-control-of-l1d-flush.patch b/queue-4.18/x86-kvm-allow-runtime-control-of-l1d-flush.patch index 7722830e0df..49df2cbc0f0 100644 --- a/queue-4.18/x86-kvm-allow-runtime-control-of-l1d-flush.patch +++ b/queue-4.18/x86-kvm-allow-runtime-control-of-l1d-flush.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 895ae47f9918833c3a880fbccd41e0692b37e7d9 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Fri, 13 Jul 2018 16:23:22 +0200 Subject: x86/kvm: Allow runtime control of L1D flush From: Thomas Gleixner +commit 895ae47f9918833c3a880fbccd41e0692b37e7d9 upstream. + All mitigation modes can be switched at run time with a static key now: - Use sysfs_streq() instead of strcmp() to handle the trailing new line @@ -18,6 +20,7 @@ Reviewed-by: Greg Kroah-Hartman Reviewed-by: Josh Poimboeuf Link: https://lkml.kernel.org/r/20180713142322.954525119@linutronix.de Signed-off-by: Greg Kroah-Hartman + --- arch/x86/kernel/cpu/bugs.c | 2 +- arch/x86/kvm/vmx.c | 13 ++++++++----- diff --git a/queue-4.18/x86-kvm-drop-l1tf-msr-list-approach.patch b/queue-4.18/x86-kvm-drop-l1tf-msr-list-approach.patch index 1d60a7281ad..2c40a700f5b 100644 --- a/queue-4.18/x86-kvm-drop-l1tf-msr-list-approach.patch +++ b/queue-4.18/x86-kvm-drop-l1tf-msr-list-approach.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 2f055947ae5e2741fb2dc5bba1033c417ccf4faa Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Fri, 13 Jul 2018 16:23:17 +0200 Subject: x86/kvm: Drop L1TF MSR list approach From: Thomas Gleixner +commit 2f055947ae5e2741fb2dc5bba1033c417ccf4faa upstream. + The VMX module parameter to control the L1D flush should become writeable. @@ -29,6 +31,7 @@ Reviewed-by: Greg Kroah-Hartman Reviewed-by: Josh Poimboeuf Link: https://lkml.kernel.org/r/20180713142322.516940445@linutronix.de Signed-off-by: Greg Kroah-Hartman + --- arch/x86/kvm/vmx.c | 43 +++++++------------------------------------ 1 file changed, 7 insertions(+), 36 deletions(-) diff --git a/queue-4.18/x86-kvm-move-l1tf-setup-function.patch b/queue-4.18/x86-kvm-move-l1tf-setup-function.patch index ee17d7692e5..cdc90438fa0 100644 --- a/queue-4.18/x86-kvm-move-l1tf-setup-function.patch +++ b/queue-4.18/x86-kvm-move-l1tf-setup-function.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 7db92e165ac814487264632ab2624e832f20ae38 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Fri, 13 Jul 2018 16:23:19 +0200 Subject: x86/kvm: Move l1tf setup function From: Thomas Gleixner +commit 7db92e165ac814487264632ab2624e832f20ae38 upstream. + In preparation of allowing run time control for L1D flushing, move the setup code to the module parameter handler. @@ -21,6 +23,7 @@ Reviewed-by: Greg Kroah-Hartman Reviewed-by: Josh Poimboeuf Link: https://lkml.kernel.org/r/20180713142322.694063239@linutronix.de Signed-off-by: Greg Kroah-Hartman + --- arch/x86/kvm/vmx.c | 125 +++++++++++++++++++++++++++++++++-------------------- 1 file changed, 78 insertions(+), 47 deletions(-) diff --git a/queue-4.18/x86-kvm-serialize-l1d-flush-parameter-setter.patch b/queue-4.18/x86-kvm-serialize-l1d-flush-parameter-setter.patch index af2b6de79f1..5c7fed56642 100644 --- a/queue-4.18/x86-kvm-serialize-l1d-flush-parameter-setter.patch +++ b/queue-4.18/x86-kvm-serialize-l1d-flush-parameter-setter.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From dd4bfa739a72508b75760b393d129ed7b431daab Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Fri, 13 Jul 2018 16:23:21 +0200 Subject: x86/kvm: Serialize L1D flush parameter setter From: Thomas Gleixner +commit dd4bfa739a72508b75760b393d129ed7b431daab upstream. + Writes to the parameter files are not serialized at the sysfs core level, so local serialization is required. @@ -14,6 +16,7 @@ Reviewed-by: Greg Kroah-Hartman Reviewed-by: Josh Poimboeuf Link: https://lkml.kernel.org/r/20180713142322.873642605@linutronix.de Signed-off-by: Greg Kroah-Hartman + --- arch/x86/kvm/vmx.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/queue-4.18/x86-kvm-vmx-add-find_msr-helper-function.patch b/queue-4.18/x86-kvm-vmx-add-find_msr-helper-function.patch index edb3e43f295..370d6307f90 100644 --- a/queue-4.18/x86-kvm-vmx-add-find_msr-helper-function.patch +++ b/queue-4.18/x86-kvm-vmx-add-find_msr-helper-function.patch @@ -1,15 +1,18 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From ca83b4a7f2d068da79a029d323024aa45decb250 Mon Sep 17 00:00:00 2001 From: Konrad Rzeszutek Wilk Date: Wed, 20 Jun 2018 20:11:39 -0400 Subject: x86/KVM/VMX: Add find_msr() helper function From: Konrad Rzeszutek Wilk +commit ca83b4a7f2d068da79a029d323024aa45decb250 upstream. + .. to help find the MSR on either the guest or host MSR list. Signed-off-by: Konrad Rzeszutek Wilk Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- arch/x86/kvm/vmx.c | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/queue-4.18/x86-kvm-vmx-add-l1d-flush-algorithm.patch b/queue-4.18/x86-kvm-vmx-add-l1d-flush-algorithm.patch index 3c7dd07f925..04ff7e5b559 100644 --- a/queue-4.18/x86-kvm-vmx-add-l1d-flush-algorithm.patch +++ b/queue-4.18/x86-kvm-vmx-add-l1d-flush-algorithm.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From a47dd5f06714c844b33f3b5f517b6f3e81ce57b5 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Mon, 2 Jul 2018 12:47:38 +0200 Subject: x86/KVM/VMX: Add L1D flush algorithm From: Paolo Bonzini +commit a47dd5f06714c844b33f3b5f517b6f3e81ce57b5 upstream. + To mitigate the L1 Terminal Fault vulnerability it's required to flush L1D on VMENTER to prevent rogue guests from snooping host memory. @@ -21,6 +23,7 @@ Signed-off-by: Paolo Bonzini Signed-off-by: Konrad Rzeszutek Wilk Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- arch/x86/kvm/vmx.c | 71 +++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 66 insertions(+), 5 deletions(-) diff --git a/queue-4.18/x86-kvm-vmx-add-l1d-flush-logic.patch b/queue-4.18/x86-kvm-vmx-add-l1d-flush-logic.patch index 76f6ab7744b..9d184c07b8b 100644 --- a/queue-4.18/x86-kvm-vmx-add-l1d-flush-logic.patch +++ b/queue-4.18/x86-kvm-vmx-add-l1d-flush-logic.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From c595ceee45707f00f64f61c54fb64ef0cc0b4e85 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Mon, 2 Jul 2018 13:07:14 +0200 Subject: x86/KVM/VMX: Add L1D flush logic From: Paolo Bonzini +commit c595ceee45707f00f64f61c54fb64ef0cc0b4e85 upstream. + Add the logic for flushing L1D on VMENTER. The flush depends on the static key being enabled and the new l1tf_flush_l1d flag being set. @@ -37,6 +39,7 @@ Signed-off-by: Paolo Bonzini Signed-off-by: Konrad Rzeszutek Wilk Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- arch/x86/include/asm/kvm_host.h | 4 ++++ arch/x86/kvm/mmu.c | 1 + diff --git a/queue-4.18/x86-kvm-vmx-add-l1d-msr-based-flush.patch b/queue-4.18/x86-kvm-vmx-add-l1d-msr-based-flush.patch index 55a56f5fcc6..bcd745d74ce 100644 --- a/queue-4.18/x86-kvm-vmx-add-l1d-msr-based-flush.patch +++ b/queue-4.18/x86-kvm-vmx-add-l1d-msr-based-flush.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 3fa045be4c720146b18a19cea7a767dc6ad5df94 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Mon, 2 Jul 2018 13:03:48 +0200 Subject: x86/KVM/VMX: Add L1D MSR based flush From: Paolo Bonzini +commit 3fa045be4c720146b18a19cea7a767dc6ad5df94 upstream. + 336996-Speculative-Execution-Side-Channel-Mitigations.pdf defines a new MSR (IA32_FLUSH_CMD aka 0x10B) which has similar write-only semantics to other MSRs defined in the document. @@ -28,6 +30,7 @@ Signed-off-by: Paolo Bonzini Signed-off-by: Konrad Rzeszutek Wilk Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- arch/x86/include/asm/msr-index.h | 6 ++++++ arch/x86/kvm/vmx.c | 15 +++++++++++---- diff --git a/queue-4.18/x86-kvm-vmx-add-module-argument-for-l1tf-mitigation.patch b/queue-4.18/x86-kvm-vmx-add-module-argument-for-l1tf-mitigation.patch index 4a151560b9a..e958b9d3f90 100644 --- a/queue-4.18/x86-kvm-vmx-add-module-argument-for-l1tf-mitigation.patch +++ b/queue-4.18/x86-kvm-vmx-add-module-argument-for-l1tf-mitigation.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From a399477e52c17e148746d3ce9a483f681c2aa9a0 Mon Sep 17 00:00:00 2001 From: Konrad Rzeszutek Wilk Date: Mon, 2 Jul 2018 12:29:30 +0200 Subject: x86/KVM/VMX: Add module argument for L1TF mitigation From: Konrad Rzeszutek Wilk +commit a399477e52c17e148746d3ce9a483f681c2aa9a0 upstream. + Add a mitigation mode parameter "vmentry_l1d_flush" for CVE-2018-3620, aka L1 terminal fault. The valid arguments are: @@ -21,6 +23,7 @@ interesting information into L1D which might exploited. Signed-off-by: Konrad Rzeszutek Wilk Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- Documentation/admin-guide/kernel-parameters.txt | 12 ++++ arch/x86/kvm/vmx.c | 59 ++++++++++++++++++++++++ diff --git a/queue-4.18/x86-kvm-vmx-don-t-set-l1tf_flush_l1d-from-vmx_handle_external_intr.patch b/queue-4.18/x86-kvm-vmx-don-t-set-l1tf_flush_l1d-from-vmx_handle_external_intr.patch index 73d1009a2ec..66e1665d1bf 100644 --- a/queue-4.18/x86-kvm-vmx-don-t-set-l1tf_flush_l1d-from-vmx_handle_external_intr.patch +++ b/queue-4.18/x86-kvm-vmx-don-t-set-l1tf_flush_l1d-from-vmx_handle_external_intr.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 18b57ce2eb8c8b9a24174a89250cf5f57c76ecdc Mon Sep 17 00:00:00 2001 From: Nicolai Stange Date: Sun, 22 Jul 2018 13:38:18 +0200 Subject: x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr() From: Nicolai Stange +commit 18b57ce2eb8c8b9a24174a89250cf5f57c76ecdc upstream. + For VMEXITs caused by external interrupts, vmx_handle_external_intr() indirectly calls into the interrupt handlers through the host's IDT. @@ -20,6 +22,7 @@ anymore. Drop it. Signed-off-by: Nicolai Stange Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- arch/x86/kvm/vmx.c | 1 - 1 file changed, 1 deletion(-) diff --git a/queue-4.18/x86-kvm-vmx-don-t-set-l1tf_flush_l1d-to-true-from-vmx_l1d_flush.patch b/queue-4.18/x86-kvm-vmx-don-t-set-l1tf_flush_l1d-to-true-from-vmx_l1d_flush.patch index e1109961294..91cfb62f34c 100644 --- a/queue-4.18/x86-kvm-vmx-don-t-set-l1tf_flush_l1d-to-true-from-vmx_l1d_flush.patch +++ b/queue-4.18/x86-kvm-vmx-don-t-set-l1tf_flush_l1d-to-true-from-vmx_l1d_flush.patch @@ -1,16 +1,19 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 379fd0c7e6a391e5565336a646f19f218fb98c6c Mon Sep 17 00:00:00 2001 From: Nicolai Stange Date: Sat, 21 Jul 2018 22:16:56 +0200 Subject: x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush() From: Nicolai Stange +commit 379fd0c7e6a391e5565336a646f19f218fb98c6c upstream. + vmx_l1d_flush() gets invoked only if l1tf_flush_l1d is true. There's no point in setting l1tf_flush_l1d to true from there again. Signed-off-by: Nicolai Stange Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- arch/x86/kvm/vmx.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/queue-4.18/x86-kvm-vmx-extend-add_atomic_switch_msr-to-allow-vmenter-only-msrs.patch b/queue-4.18/x86-kvm-vmx-extend-add_atomic_switch_msr-to-allow-vmenter-only-msrs.patch index e2315d52ecb..c1fe6319419 100644 --- a/queue-4.18/x86-kvm-vmx-extend-add_atomic_switch_msr-to-allow-vmenter-only-msrs.patch +++ b/queue-4.18/x86-kvm-vmx-extend-add_atomic_switch_msr-to-allow-vmenter-only-msrs.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 989e3992d2eca32c3f1404f2bc91acda3aa122d8 Mon Sep 17 00:00:00 2001 From: Konrad Rzeszutek Wilk Date: Wed, 20 Jun 2018 22:01:22 -0400 Subject: x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs From: Konrad Rzeszutek Wilk +commit 989e3992d2eca32c3f1404f2bc91acda3aa122d8 upstream. + The IA32_FLUSH_CMD MSR needs only to be written on VMENTER. Extend add_atomic_switch_msr() with an entry_only parameter to allow storing the MSR only in the guest (ENTRY) MSR array. @@ -12,6 +14,7 @@ MSR only in the guest (ENTRY) MSR array. Signed-off-by: Konrad Rzeszutek Wilk Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- arch/x86/kvm/vmx.c | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/queue-4.18/x86-kvm-vmx-initialize-the-vmx_l1d_flush_pages-content.patch b/queue-4.18/x86-kvm-vmx-initialize-the-vmx_l1d_flush_pages-content.patch index d6c05acb227..31820131af9 100644 --- a/queue-4.18/x86-kvm-vmx-initialize-the-vmx_l1d_flush_pages-content.patch +++ b/queue-4.18/x86-kvm-vmx-initialize-the-vmx_l1d_flush_pages-content.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 288d152c23dcf3c09da46c5c481903ca10ebfef7 Mon Sep 17 00:00:00 2001 From: Nicolai Stange Date: Wed, 18 Jul 2018 19:07:38 +0200 Subject: x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content From: Nicolai Stange +commit 288d152c23dcf3c09da46c5c481903ca10ebfef7 upstream. + The slow path in vmx_l1d_flush() reads from vmx_l1d_flush_pages in order to evict the L1d cache. @@ -25,6 +27,7 @@ Fixes: a47dd5f06714 ("x86/KVM/VMX: Add L1D flush algorithm") Signed-off-by: Nicolai Stange Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- arch/x86/kvm/vmx.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/queue-4.18/x86-kvm-vmx-introduce-per-host-cpu-analogue-of-l1tf_flush_l1d.patch b/queue-4.18/x86-kvm-vmx-introduce-per-host-cpu-analogue-of-l1tf_flush_l1d.patch index 6691aa93914..f6291869674 100644 --- a/queue-4.18/x86-kvm-vmx-introduce-per-host-cpu-analogue-of-l1tf_flush_l1d.patch +++ b/queue-4.18/x86-kvm-vmx-introduce-per-host-cpu-analogue-of-l1tf_flush_l1d.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 45b575c00d8e72d69d75dd8c112f044b7b01b069 Mon Sep 17 00:00:00 2001 From: Nicolai Stange Date: Fri, 27 Jul 2018 13:22:16 +0200 Subject: x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d From: Nicolai Stange +commit 45b575c00d8e72d69d75dd8c112f044b7b01b069 upstream. + Part of the L1TF mitigation for vmx includes flushing the L1D cache upon VMENTRY. @@ -48,6 +50,7 @@ Signed-off-by: Nicolai Stange Signed-off-by: Thomas Gleixner Reviewed-by: Paolo Bonzini Signed-off-by: Greg Kroah-Hartman + --- arch/x86/include/asm/hardirq.h | 23 +++++++++++++++++++++++ arch/x86/kvm/vmx.c | 17 +++++++++++++---- diff --git a/queue-4.18/x86-kvm-vmx-move-the-l1tf_flush_l1d-test-to-vmx_l1d_flush.patch b/queue-4.18/x86-kvm-vmx-move-the-l1tf_flush_l1d-test-to-vmx_l1d_flush.patch index 9a3b5f7057d..a6d4e6f58c6 100644 --- a/queue-4.18/x86-kvm-vmx-move-the-l1tf_flush_l1d-test-to-vmx_l1d_flush.patch +++ b/queue-4.18/x86-kvm-vmx-move-the-l1tf_flush_l1d-test-to-vmx_l1d_flush.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 5b6ccc6c3b1a477fbac9ec97a0b4c1c48e765209 Mon Sep 17 00:00:00 2001 From: Nicolai Stange Date: Sat, 21 Jul 2018 22:35:28 +0200 Subject: x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() From: Nicolai Stange +commit 5b6ccc6c3b1a477fbac9ec97a0b4c1c48e765209 upstream. + Currently, vmx_vcpu_run() checks if l1tf_flush_l1d is set and invokes vmx_l1d_flush() if so. @@ -22,6 +24,7 @@ Notes: Signed-off-by: Nicolai Stange Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- arch/x86/kvm/vmx.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/queue-4.18/x86-kvm-vmx-replace-vmx_l1d_flush_always-with-vmx_l1d_flush_cond.patch b/queue-4.18/x86-kvm-vmx-replace-vmx_l1d_flush_always-with-vmx_l1d_flush_cond.patch index 57d85398a4e..8e55d83ceb4 100644 --- a/queue-4.18/x86-kvm-vmx-replace-vmx_l1d_flush_always-with-vmx_l1d_flush_cond.patch +++ b/queue-4.18/x86-kvm-vmx-replace-vmx_l1d_flush_always-with-vmx_l1d_flush_cond.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 427362a142441f08051369db6fbe7f61c73b3dca Mon Sep 17 00:00:00 2001 From: Nicolai Stange Date: Sat, 21 Jul 2018 22:25:00 +0200 Subject: x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' From: Nicolai Stange +commit 427362a142441f08051369db6fbe7f61c73b3dca upstream. + The vmx_l1d_flush_always static key is only ever evaluated if vmx_l1d_should_flush is enabled. In that case however, there are only two L1d flushing modes possible: "always" and "conditional". @@ -20,6 +22,7 @@ There is no change in functionality. Signed-off-by: Nicolai Stange Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- arch/x86/kvm/vmx.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/queue-4.18/x86-kvm-vmx-separate-the-vmx-autoload-guest-host-number-accounting.patch b/queue-4.18/x86-kvm-vmx-separate-the-vmx-autoload-guest-host-number-accounting.patch index 01266ca4f1d..3128de73d17 100644 --- a/queue-4.18/x86-kvm-vmx-separate-the-vmx-autoload-guest-host-number-accounting.patch +++ b/queue-4.18/x86-kvm-vmx-separate-the-vmx-autoload-guest-host-number-accounting.patch @@ -1,16 +1,19 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 3190709335dd31fe1aeeebfe4ffb6c7624ef971f Mon Sep 17 00:00:00 2001 From: Konrad Rzeszutek Wilk Date: Wed, 20 Jun 2018 22:00:47 -0400 Subject: x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting From: Konrad Rzeszutek Wilk +commit 3190709335dd31fe1aeeebfe4ffb6c7624ef971f upstream. + This allows to load a different number of MSRs depending on the context: VMEXIT or VMENTER. Signed-off-by: Konrad Rzeszutek Wilk Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- arch/x86/kvm/vmx.c | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/queue-4.18/x86-kvm-vmx-split-the-vmx-msr-load-structures-to-have-an-host-guest-numbers.patch b/queue-4.18/x86-kvm-vmx-split-the-vmx-msr-load-structures-to-have-an-host-guest-numbers.patch index d5e56043537..57faa8edba8 100644 --- a/queue-4.18/x86-kvm-vmx-split-the-vmx-msr-load-structures-to-have-an-host-guest-numbers.patch +++ b/queue-4.18/x86-kvm-vmx-split-the-vmx-msr-load-structures-to-have-an-host-guest-numbers.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 33966dd6b2d2c352fae55412db2ea8cfff5df13a Mon Sep 17 00:00:00 2001 From: Konrad Rzeszutek Wilk Date: Wed, 20 Jun 2018 13:58:37 -0400 Subject: x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers From: Konrad Rzeszutek Wilk +commit 33966dd6b2d2c352fae55412db2ea8cfff5df13a upstream. + There is no semantic change but this change allows an unbalanced amount of MSRs to be loaded on VMEXIT and VMENTER, i.e. the number of MSRs to save or restore on VMEXIT or VMENTER may be different. @@ -12,6 +14,7 @@ restore on VMEXIT or VMENTER may be different. Signed-off-by: Konrad Rzeszutek Wilk Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- arch/x86/kvm/vmx.c | 65 ++++++++++++++++++++++++++++------------------------- 1 file changed, 35 insertions(+), 30 deletions(-) diff --git a/queue-4.18/x86-kvm-vmx-use-msr-save-list-for-ia32_flush_cmd-if-required.patch b/queue-4.18/x86-kvm-vmx-use-msr-save-list-for-ia32_flush_cmd-if-required.patch index 507139d041e..566d8d7e2fd 100644 --- a/queue-4.18/x86-kvm-vmx-use-msr-save-list-for-ia32_flush_cmd-if-required.patch +++ b/queue-4.18/x86-kvm-vmx-use-msr-save-list-for-ia32_flush_cmd-if-required.patch @@ -1,16 +1,19 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 390d975e0c4e60ce70d4157e0dd91ede37824603 Mon Sep 17 00:00:00 2001 From: Konrad Rzeszutek Wilk Date: Thu, 28 Jun 2018 17:10:36 -0400 Subject: x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required From: Konrad Rzeszutek Wilk +commit 390d975e0c4e60ce70d4157e0dd91ede37824603 upstream. + If the L1D flush module parameter is set to 'always' and the IA32_FLUSH_CMD MSR is available, optimize the VMENTER code with the MSR save list. Signed-off-by: Konrad Rzeszutek Wilk Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- arch/x86/kvm/vmx.c | 42 +++++++++++++++++++++++++++++++++++++----- 1 file changed, 37 insertions(+), 5 deletions(-) diff --git a/queue-4.18/x86-kvm-warn-user-if-kvm-is-loaded-smt-and-l1tf-cpu-bug-being-present.patch b/queue-4.18/x86-kvm-warn-user-if-kvm-is-loaded-smt-and-l1tf-cpu-bug-being-present.patch index 37e833c2b5f..48a0e181157 100644 --- a/queue-4.18/x86-kvm-warn-user-if-kvm-is-loaded-smt-and-l1tf-cpu-bug-being-present.patch +++ b/queue-4.18/x86-kvm-warn-user-if-kvm-is-loaded-smt-and-l1tf-cpu-bug-being-present.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 26acfb666a473d960f0fd971fe68f3e3ad16c70b Mon Sep 17 00:00:00 2001 From: Konrad Rzeszutek Wilk Date: Wed, 20 Jun 2018 11:29:53 -0400 Subject: x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present From: Konrad Rzeszutek Wilk +commit 26acfb666a473d960f0fd971fe68f3e3ad16c70b upstream. + If the L1TF CPU bug is present we allow the KVM module to be loaded as the major of users that use Linux and KVM have trusted guests and do not want a broken setup. @@ -24,6 +26,7 @@ on sibling threads. Signed-off-by: Konrad Rzeszutek Wilk Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- Documentation/admin-guide/kernel-parameters.txt | 6 ++++++ arch/x86/kvm/vmx.c | 13 +++++++++++++ diff --git a/queue-4.18/x86-l1tf-handle-ept-disabled-state-proper.patch b/queue-4.18/x86-l1tf-handle-ept-disabled-state-proper.patch index 442ce11fad6..438dff663c4 100644 --- a/queue-4.18/x86-l1tf-handle-ept-disabled-state-proper.patch +++ b/queue-4.18/x86-l1tf-handle-ept-disabled-state-proper.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From a7b9020b06ec6d7c3f3b0d4ef1a9eba12654f4f7 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Fri, 13 Jul 2018 16:23:18 +0200 Subject: x86/l1tf: Handle EPT disabled state proper From: Thomas Gleixner +commit a7b9020b06ec6d7c3f3b0d4ef1a9eba12654f4f7 upstream. + If Extended Page Tables (EPT) are disabled or not supported, no L1D flushing is required. The setup function can just avoid setting up the L1D flush for the EPT=n case. @@ -19,6 +21,7 @@ Reviewed-by: Greg Kroah-Hartman Reviewed-by: Josh Poimboeuf Link: https://lkml.kernel.org/r/20180713142322.612160168@linutronix.de Signed-off-by: Greg Kroah-Hartman + --- arch/x86/include/asm/vmx.h | 1 arch/x86/kernel/cpu/bugs.c | 9 ++-- diff --git a/queue-4.18/x86-litf-introduce-vmx-status-variable.patch b/queue-4.18/x86-litf-introduce-vmx-status-variable.patch index 089ce3bb14c..6a5342ff14b 100644 --- a/queue-4.18/x86-litf-introduce-vmx-status-variable.patch +++ b/queue-4.18/x86-litf-introduce-vmx-status-variable.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 72c6d2db64fa18c996ece8f06e499509e6c9a37e Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Fri, 13 Jul 2018 16:23:16 +0200 Subject: x86/litf: Introduce vmx status variable From: Thomas Gleixner +commit 72c6d2db64fa18c996ece8f06e499509e6c9a37e upstream. + Store the effective mitigation of VMX in a status variable and use it to report the VMX state in the l1tf sysfs file. @@ -14,6 +16,7 @@ Reviewed-by: Greg Kroah-Hartman Reviewed-by: Josh Poimboeuf Link: https://lkml.kernel.org/r/20180713142322.433098358@linutronix.de Signed-off-by: Greg Kroah-Hartman + --- arch/x86/include/asm/vmx.h | 9 +++++++++ arch/x86/kernel/cpu/bugs.c | 36 ++++++++++++++++++++++++++++++++++-- diff --git a/queue-4.18/x86-microcode-allow-late-microcode-loading-with-smt-disabled.patch b/queue-4.18/x86-microcode-allow-late-microcode-loading-with-smt-disabled.patch index 31ee6d24c33..27ceac2f347 100644 --- a/queue-4.18/x86-microcode-allow-late-microcode-loading-with-smt-disabled.patch +++ b/queue-4.18/x86-microcode-allow-late-microcode-loading-with-smt-disabled.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 07d981ad4cf1e78361c6db1c28ee5ba105f96cc1 Mon Sep 17 00:00:00 2001 From: Josh Poimboeuf Date: Fri, 10 Aug 2018 08:31:10 +0100 Subject: x86/microcode: Allow late microcode loading with SMT disabled From: Josh Poimboeuf +commit 07d981ad4cf1e78361c6db1c28ee5ba105f96cc1 upstream. + The kernel unnecessarily prevents late microcode loading when SMT is disabled. It should be safe to allow it if all the primary threads are online. @@ -13,6 +15,7 @@ Signed-off-by: Josh Poimboeuf Acked-by: Borislav Petkov Signed-off-by: David Woodhouse Signed-off-by: Greg Kroah-Hartman + --- arch/x86/kernel/cpu/microcode/core.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/queue-4.18/x86-mm-kmmio-make-the-tracer-robust-against-l1tf.patch b/queue-4.18/x86-mm-kmmio-make-the-tracer-robust-against-l1tf.patch index 64a03f74b6a..f87e79c648d 100644 --- a/queue-4.18/x86-mm-kmmio-make-the-tracer-robust-against-l1tf.patch +++ b/queue-4.18/x86-mm-kmmio-make-the-tracer-robust-against-l1tf.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 1063711b57393c1999248cccb57bebfaf16739e7 Mon Sep 17 00:00:00 2001 From: Andi Kleen Date: Tue, 7 Aug 2018 15:09:38 -0700 Subject: x86/mm/kmmio: Make the tracer robust against L1TF From: Andi Kleen +commit 1063711b57393c1999248cccb57bebfaf16739e7 upstream. + The mmio tracer sets io mapping PTEs and PMDs to non present when enabled without inverting the address bits, which makes the PTE entry vulnerable for L1TF. @@ -19,6 +21,7 @@ consistency sake it's better to get rid of the open coded PTE manipulation. Signed-off-by: Andi Kleen Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- arch/x86/mm/kmmio.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/queue-4.18/x86-mm-pat-make-set_memory_np-l1tf-safe.patch b/queue-4.18/x86-mm-pat-make-set_memory_np-l1tf-safe.patch index 1b5c9f00fbb..2c616483951 100644 --- a/queue-4.18/x86-mm-pat-make-set_memory_np-l1tf-safe.patch +++ b/queue-4.18/x86-mm-pat-make-set_memory_np-l1tf-safe.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 958f79b9ee55dfaf00c8106ed1c22a2919e0028b Mon Sep 17 00:00:00 2001 From: Andi Kleen Date: Tue, 7 Aug 2018 15:09:39 -0700 Subject: x86/mm/pat: Make set_memory_np() L1TF safe From: Andi Kleen +commit 958f79b9ee55dfaf00c8106ed1c22a2919e0028b upstream. + set_memory_np() is used to mark kernel mappings not present, but it has it's own open coded mechanism which does not have the L1TF protection of inverting the address bits. @@ -17,6 +19,7 @@ Passes the CPA self test. Signed-off-by: Andi Kleen Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- arch/x86/mm/pageattr.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/queue-4.18/x86-smp-provide-topology_is_primary_thread.patch b/queue-4.18/x86-smp-provide-topology_is_primary_thread.patch index 2f30c7a233a..8826851dcbd 100644 --- a/queue-4.18/x86-smp-provide-topology_is_primary_thread.patch +++ b/queue-4.18/x86-smp-provide-topology_is_primary_thread.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 6a4d2657e048f096c7ffcad254010bd94891c8c0 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Tue, 29 May 2018 17:50:22 +0200 Subject: x86/smp: Provide topology_is_primary_thread() From: Thomas Gleixner +commit 6a4d2657e048f096c7ffcad254010bd94891c8c0 upstream. + If the CPU is supporting SMT then the primary thread can be found by checking the lower APIC ID bits for zero. smp_num_siblings is used to build the mask for the APIC ID bits which need to be taken into account. @@ -19,6 +21,7 @@ Signed-off-by: Thomas Gleixner Reviewed-by: Konrad Rzeszutek Wilk Acked-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman + --- arch/x86/include/asm/apic.h | 6 ++++++ arch/x86/include/asm/topology.h | 4 +++- diff --git a/queue-4.18/x86-speculation-l1tf-add-sysfs-reporting-for-l1tf.patch b/queue-4.18/x86-speculation-l1tf-add-sysfs-reporting-for-l1tf.patch index 40fb1c50479..ed7ca978538 100644 --- a/queue-4.18/x86-speculation-l1tf-add-sysfs-reporting-for-l1tf.patch +++ b/queue-4.18/x86-speculation-l1tf-add-sysfs-reporting-for-l1tf.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 17dbca119312b4e8173d4e25ff64262119fcef38 Mon Sep 17 00:00:00 2001 From: Andi Kleen Date: Wed, 13 Jun 2018 15:48:26 -0700 Subject: x86/speculation/l1tf: Add sysfs reporting for l1tf From: Andi Kleen +commit 17dbca119312b4e8173d4e25ff64262119fcef38 upstream. + L1TF core kernel workarounds are cheap and normally always enabled, However they still should be reported in sysfs if the system is vulnerable or mitigated. Add the necessary CPU feature/bug bits. @@ -32,6 +34,7 @@ Signed-off-by: Thomas Gleixner Reviewed-by: Josh Poimboeuf Acked-by: Dave Hansen Signed-off-by: Greg Kroah-Hartman + --- arch/x86/include/asm/cpufeatures.h | 2 + arch/x86/include/asm/processor.h | 5 ++++ diff --git a/queue-4.18/x86-speculation-l1tf-change-order-of-offset-type-in-swap-entry.patch b/queue-4.18/x86-speculation-l1tf-change-order-of-offset-type-in-swap-entry.patch index 01d9750d906..5f9554782cb 100644 --- a/queue-4.18/x86-speculation-l1tf-change-order-of-offset-type-in-swap-entry.patch +++ b/queue-4.18/x86-speculation-l1tf-change-order-of-offset-type-in-swap-entry.patch @@ -1,11 +1,11 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From bcd11afa7adad8d720e7ba5ef58bdcd9775cf45f Mon Sep 17 00:00:00 2001 From: Linus Torvalds Date: Wed, 13 Jun 2018 15:48:22 -0700 Subject: x86/speculation/l1tf: Change order of offset/type in swap entry From: Linus Torvalds -commit 50896e180c6aa3a9c61a26ced99e15d602666a4c upstream. +commit bcd11afa7adad8d720e7ba5ef58bdcd9775cf45f upstream. If pages are swapped out, the swap entry is stored in the corresponding PTE, which has the Present bit cleared. CPUs vulnerable to L1TF speculate @@ -48,6 +48,7 @@ Acked-by: Michal Hocko Acked-by: Vlastimil Babka Acked-by: Dave Hansen Signed-off-by: Greg Kroah-Hartman + --- arch/x86/include/asm/pgtable_64.h | 31 ++++++++++++++++++++----------- 1 file changed, 20 insertions(+), 11 deletions(-) diff --git a/queue-4.18/x86-speculation-l1tf-disallow-non-privileged-high-mmio-prot_none-mappings.patch b/queue-4.18/x86-speculation-l1tf-disallow-non-privileged-high-mmio-prot_none-mappings.patch index 2f884bd2e1b..3fd4548f0a2 100644 --- a/queue-4.18/x86-speculation-l1tf-disallow-non-privileged-high-mmio-prot_none-mappings.patch +++ b/queue-4.18/x86-speculation-l1tf-disallow-non-privileged-high-mmio-prot_none-mappings.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 42e4089c7890725fcd329999252dc489b72f2921 Mon Sep 17 00:00:00 2001 From: Andi Kleen Date: Wed, 13 Jun 2018 15:48:27 -0700 Subject: x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings From: Andi Kleen +commit 42e4089c7890725fcd329999252dc489b72f2921 upstream. + For L1TF PROT_NONE mappings are protected by inverting the PFN in the page table entry. This sets the high bits in the CPU's address space, thus making sure to point to not point an unmapped entry to valid cached memory. @@ -38,6 +40,7 @@ Signed-off-by: Thomas Gleixner Reviewed-by: Josh Poimboeuf Acked-by: Dave Hansen Signed-off-by: Greg Kroah-Hartman + --- arch/x86/include/asm/pgtable.h | 8 ++++++ arch/x86/mm/mmap.c | 21 +++++++++++++++++ diff --git a/queue-4.18/x86-speculation-l1tf-extend-64bit-swap-file-size-limit.patch b/queue-4.18/x86-speculation-l1tf-extend-64bit-swap-file-size-limit.patch index bbc0ff16335..f387e45d627 100644 --- a/queue-4.18/x86-speculation-l1tf-extend-64bit-swap-file-size-limit.patch +++ b/queue-4.18/x86-speculation-l1tf-extend-64bit-swap-file-size-limit.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 1a7ed1ba4bba6c075d5ad61bb75e3fbc870840d6 Mon Sep 17 00:00:00 2001 From: Vlastimil Babka Date: Thu, 21 Jun 2018 12:36:29 +0200 Subject: x86/speculation/l1tf: Extend 64bit swap file size limit From: Vlastimil Babka +commit 1a7ed1ba4bba6c075d5ad61bb75e3fbc870840d6 upstream. + The previous patch has limited swap file size so that large offsets cannot clear bits above MAX_PA/2 in the pte and interfere with L1TF mitigation. @@ -18,6 +20,7 @@ Fixes: 377eeaa8e11f ("x86/speculation/l1tf: Limit swap file size to MAX_PA/2") Signed-off-by: Vlastimil Babka Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- arch/x86/mm/init.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/queue-4.18/x86-speculation-l1tf-fix-up-pte-pfn-conversion-for-pae.patch b/queue-4.18/x86-speculation-l1tf-fix-up-pte-pfn-conversion-for-pae.patch index d083964ed0e..30b1e68856f 100644 --- a/queue-4.18/x86-speculation-l1tf-fix-up-pte-pfn-conversion-for-pae.patch +++ b/queue-4.18/x86-speculation-l1tf-fix-up-pte-pfn-conversion-for-pae.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From e14d7dfb41f5807a0c1c26a13f2b8ef16af24935 Mon Sep 17 00:00:00 2001 From: Michal Hocko Date: Wed, 27 Jun 2018 17:46:50 +0200 Subject: x86/speculation/l1tf: Fix up pte->pfn conversion for PAE From: Michal Hocko +commit e14d7dfb41f5807a0c1c26a13f2b8ef16af24935 upstream. + Jan has noticed that pte_pfn and co. resp. pfn_pte are incorrect for CONFIG_PAE because phys_addr_t is wider than unsigned long and so the pte_val reps. shift left would get truncated. Fix this up by using proper @@ -16,6 +18,7 @@ Signed-off-by: Michal Hocko Signed-off-by: Thomas Gleixner Acked-by: Vlastimil Babka Signed-off-by: Greg Kroah-Hartman + --- arch/x86/include/asm/pgtable.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/queue-4.18/x86-speculation-l1tf-increase-32bit-pae-__physical_page_shift.patch b/queue-4.18/x86-speculation-l1tf-increase-32bit-pae-__physical_page_shift.patch index 309f596335c..9c1ce5dab04 100644 --- a/queue-4.18/x86-speculation-l1tf-increase-32bit-pae-__physical_page_shift.patch +++ b/queue-4.18/x86-speculation-l1tf-increase-32bit-pae-__physical_page_shift.patch @@ -1,4 +1,4 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 50896e180c6aa3a9c61a26ced99e15d602666a4c Mon Sep 17 00:00:00 2001 From: Andi Kleen Date: Wed, 13 Jun 2018 15:48:21 -0700 Subject: x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT @@ -56,6 +56,7 @@ Reviewed-by: Josh Poimboeuf Acked-by: Michal Hocko Acked-by: Dave Hansen Signed-off-by: Greg Kroah-Hartman + --- arch/x86/include/asm/page_32_types.h | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/queue-4.18/x86-speculation-l1tf-invert-all-not-present-mappings.patch b/queue-4.18/x86-speculation-l1tf-invert-all-not-present-mappings.patch index ffcf1c293a9..da675efb598 100644 --- a/queue-4.18/x86-speculation-l1tf-invert-all-not-present-mappings.patch +++ b/queue-4.18/x86-speculation-l1tf-invert-all-not-present-mappings.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From f22cc87f6c1f771b57c407555cfefd811cdd9507 Mon Sep 17 00:00:00 2001 From: Andi Kleen Date: Tue, 7 Aug 2018 15:09:36 -0700 Subject: x86/speculation/l1tf: Invert all not present mappings From: Andi Kleen +commit f22cc87f6c1f771b57c407555cfefd811cdd9507 upstream. + For kernel mappings PAGE_PROTNONE is not necessarily set for a non present mapping, but the inversion logic explicitely checks for !PRESENT and PROT_NONE. @@ -15,6 +17,7 @@ present mappings. Signed-off-by: Andi Kleen Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- arch/x86/include/asm/pgtable-invert.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/queue-4.18/x86-speculation-l1tf-limit-swap-file-size-to-max_pa-2.patch b/queue-4.18/x86-speculation-l1tf-limit-swap-file-size-to-max_pa-2.patch index 014c0e5cebe..99e31ef69cb 100644 --- a/queue-4.18/x86-speculation-l1tf-limit-swap-file-size-to-max_pa-2.patch +++ b/queue-4.18/x86-speculation-l1tf-limit-swap-file-size-to-max_pa-2.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 377eeaa8e11fe815b1d07c81c4a0e2843a8c15eb Mon Sep 17 00:00:00 2001 From: Andi Kleen Date: Wed, 13 Jun 2018 15:48:28 -0700 Subject: x86/speculation/l1tf: Limit swap file size to MAX_PA/2 From: Andi Kleen +commit 377eeaa8e11fe815b1d07c81c4a0e2843a8c15eb upstream. + For the L1TF workaround its necessary to limit the swap file size to below MAX_PA/2, so that the higher bits of the swap offset inverted never point to valid memory. @@ -26,6 +28,7 @@ Reviewed-by: Josh Poimboeuf Acked-by: Michal Hocko Acked-by: Dave Hansen Signed-off-by: Greg Kroah-Hartman + --- arch/x86/mm/init.c | 15 +++++++++++++++ include/linux/swapfile.h | 2 ++ diff --git a/queue-4.18/x86-speculation-l1tf-make-pmd-pud_mknotpresent-invert.patch b/queue-4.18/x86-speculation-l1tf-make-pmd-pud_mknotpresent-invert.patch index 42d6bcd1b91..1cdd935b113 100644 --- a/queue-4.18/x86-speculation-l1tf-make-pmd-pud_mknotpresent-invert.patch +++ b/queue-4.18/x86-speculation-l1tf-make-pmd-pud_mknotpresent-invert.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 0768f91530ff46683e0b372df14fd79fe8d156e5 Mon Sep 17 00:00:00 2001 From: Andi Kleen Date: Tue, 7 Aug 2018 15:09:37 -0700 Subject: x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert From: Andi Kleen +commit 0768f91530ff46683e0b372df14fd79fe8d156e5 upstream. + Some cases in THP like: - MADV_FREE - mprotect @@ -20,6 +22,7 @@ this. Signed-off-by: Andi Kleen Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- arch/x86/include/asm/pgtable.h | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/queue-4.18/x86-speculation-l1tf-make-sure-the-first-page-is-always-reserved.patch b/queue-4.18/x86-speculation-l1tf-make-sure-the-first-page-is-always-reserved.patch index 664e068dc33..66007c75474 100644 --- a/queue-4.18/x86-speculation-l1tf-make-sure-the-first-page-is-always-reserved.patch +++ b/queue-4.18/x86-speculation-l1tf-make-sure-the-first-page-is-always-reserved.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 10a70416e1f067f6c4efda6ffd8ea96002ac4223 Mon Sep 17 00:00:00 2001 From: Andi Kleen Date: Wed, 13 Jun 2018 15:48:25 -0700 Subject: x86/speculation/l1tf: Make sure the first page is always reserved From: Andi Kleen +commit 10a70416e1f067f6c4efda6ffd8ea96002ac4223 upstream. + The L1TF workaround doesn't make any attempt to mitigate speculate accesses to the first physical page for zeroed PTEs. Normally it only contains some data from the early real mode BIOS. @@ -19,6 +21,7 @@ Signed-off-by: Thomas Gleixner Reviewed-by: Josh Poimboeuf Acked-by: Dave Hansen Signed-off-by: Greg Kroah-Hartman + --- arch/x86/kernel/setup.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/queue-4.18/x86-speculation-l1tf-protect-pae-swap-entries-against-l1tf.patch b/queue-4.18/x86-speculation-l1tf-protect-pae-swap-entries-against-l1tf.patch index 05906f82769..3fbfc08904a 100644 --- a/queue-4.18/x86-speculation-l1tf-protect-pae-swap-entries-against-l1tf.patch +++ b/queue-4.18/x86-speculation-l1tf-protect-pae-swap-entries-against-l1tf.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 0d0f6249058834ffe1ceaad0bb31464af66f6e7a Mon Sep 17 00:00:00 2001 From: Vlastimil Babka Date: Fri, 22 Jun 2018 17:39:33 +0200 Subject: x86/speculation/l1tf: Protect PAE swap entries against L1TF From: Vlastimil Babka +commit 0d0f6249058834ffe1ceaad0bb31464af66f6e7a upstream. + The PAE 3-level paging code currently doesn't mitigate L1TF by flipping the offset bits, and uses the high PTE word, thus bits 32-36 for type, 37-63 for offset. The lower word is zeroed, thus systems with less than 4GB memory are @@ -21,6 +23,7 @@ Signed-off-by: Vlastimil Babka Signed-off-by: Thomas Gleixner Acked-by: Michal Hocko Signed-off-by: Greg Kroah-Hartman + --- arch/x86/include/asm/pgtable-3level.h | 35 ++++++++++++++++++++++++++++++++-- arch/x86/mm/init.c | 2 - diff --git a/queue-4.18/x86-speculation-l1tf-protect-prot_none-ptes-against-speculation.patch b/queue-4.18/x86-speculation-l1tf-protect-prot_none-ptes-against-speculation.patch index d17d221e701..63b38e7948a 100644 --- a/queue-4.18/x86-speculation-l1tf-protect-prot_none-ptes-against-speculation.patch +++ b/queue-4.18/x86-speculation-l1tf-protect-prot_none-ptes-against-speculation.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 6b28baca9b1f0d4a42b865da7a05b1c81424bd5c Mon Sep 17 00:00:00 2001 From: Andi Kleen Date: Wed, 13 Jun 2018 15:48:24 -0700 Subject: x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation From: Andi Kleen +commit 6b28baca9b1f0d4a42b865da7a05b1c81424bd5c upstream. + When PTEs are set to PROT_NONE the kernel just clears the Present bit and preserves the PFN, which creates attack surface for L1TF speculation speculation attacks. @@ -64,6 +66,7 @@ Acked-by: Michal Hocko Acked-by: Vlastimil Babka Acked-by: Dave Hansen Signed-off-by: Greg Kroah-Hartman + --- arch/x86/include/asm/pgtable-2level.h | 17 +++++++++++++ arch/x86/include/asm/pgtable-3level.h | 2 + @@ -71,7 +74,6 @@ Signed-off-by: Greg Kroah-Hartman arch/x86/include/asm/pgtable.h | 44 +++++++++++++++++++++++----------- arch/x86/include/asm/pgtable_64.h | 2 + 5 files changed, 84 insertions(+), 13 deletions(-) - create mode 100644 arch/x86/include/asm/pgtable-invert.h --- a/arch/x86/include/asm/pgtable-2level.h +++ b/arch/x86/include/asm/pgtable-2level.h diff --git a/queue-4.18/x86-speculation-l1tf-protect-swap-entries-against-l1tf.patch b/queue-4.18/x86-speculation-l1tf-protect-swap-entries-against-l1tf.patch index 9ee67e46894..b793d711364 100644 --- a/queue-4.18/x86-speculation-l1tf-protect-swap-entries-against-l1tf.patch +++ b/queue-4.18/x86-speculation-l1tf-protect-swap-entries-against-l1tf.patch @@ -1,11 +1,11 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 2f22b4cd45b67b3496f4aa4c7180a1271c6452f6 Mon Sep 17 00:00:00 2001 From: Linus Torvalds Date: Wed, 13 Jun 2018 15:48:23 -0700 Subject: x86/speculation/l1tf: Protect swap entries against L1TF From: Linus Torvalds -commit bcd11afa7adad8d720e7ba5ef58bdcd9775cf45f upstream. +commit 2f22b4cd45b67b3496f4aa4c7180a1271c6452f6 upstream. With L1 terminal fault the CPU speculates into unmapped PTEs, and resulting side effects allow to read the memory the PTE is pointing too, if its @@ -38,6 +38,7 @@ Acked-by: Michal Hocko Acked-by: Vlastimil Babka Acked-by: Dave Hansen Signed-off-by: Greg Kroah-Hartman + --- arch/x86/include/asm/pgtable_64.h | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/queue-4.18/x86-speculation-l1tf-unbreak-__have_arch_pfn_modify_allowed-architectures.patch b/queue-4.18/x86-speculation-l1tf-unbreak-__have_arch_pfn_modify_allowed-architectures.patch index 73fda5ed2d3..9f18c32d403 100644 --- a/queue-4.18/x86-speculation-l1tf-unbreak-__have_arch_pfn_modify_allowed-architectures.patch +++ b/queue-4.18/x86-speculation-l1tf-unbreak-__have_arch_pfn_modify_allowed-architectures.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 6c26fcd2abfe0a56bbd95271fce02df2896cfd24 Mon Sep 17 00:00:00 2001 From: Jiri Kosina Date: Sat, 14 Jul 2018 21:56:13 +0200 Subject: x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures From: Jiri Kosina +commit 6c26fcd2abfe0a56bbd95271fce02df2896cfd24 upstream. + pfn_modify_allowed() and arch_has_pfn_modify_check() are outside of the !__ASSEMBLY__ section in include/asm-generic/pgtable.h, which confuses assembler on archs that don't have __HAVE_ARCH_PFN_MODIFY_ALLOWED (e.g. @@ -24,6 +26,7 @@ Fixes: 42e4089c7890 ("x86/speculation/l1tf: Disallow non privileged high MMIO PR Signed-off-by: Jiri Kosina Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- include/asm-generic/pgtable.h | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/queue-4.18/x86-speculation-simplify-sysfs-report-of-vmx-l1tf-vulnerability.patch b/queue-4.18/x86-speculation-simplify-sysfs-report-of-vmx-l1tf-vulnerability.patch index cb153e51950..c9651166b61 100644 --- a/queue-4.18/x86-speculation-simplify-sysfs-report-of-vmx-l1tf-vulnerability.patch +++ b/queue-4.18/x86-speculation-simplify-sysfs-report-of-vmx-l1tf-vulnerability.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From ea156d192f5257a5bf393d33910d3b481bf8a401 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Sun, 5 Aug 2018 16:07:45 +0200 Subject: x86/speculation: Simplify sysfs report of VMX L1TF vulnerability From: Paolo Bonzini +commit ea156d192f5257a5bf393d33910d3b481bf8a401 upstream. + Three changes to the content of the sysfs file: - If EPT is disabled, L1TF cannot be exploited even across threads on the @@ -19,6 +21,7 @@ Three changes to the content of the sysfs file: Signed-off-by: Paolo Bonzini Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- arch/x86/kernel/cpu/bugs.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/queue-4.18/x86-speculation-use-arch_capabilities-to-skip-l1d-flush-on-vmentry.patch b/queue-4.18/x86-speculation-use-arch_capabilities-to-skip-l1d-flush-on-vmentry.patch index 9487326e63b..a687790425b 100644 --- a/queue-4.18/x86-speculation-use-arch_capabilities-to-skip-l1d-flush-on-vmentry.patch +++ b/queue-4.18/x86-speculation-use-arch_capabilities-to-skip-l1d-flush-on-vmentry.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From 8e0b2b916662e09dd4d09e5271cdf214c6b80e62 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Sun, 5 Aug 2018 16:07:46 +0200 Subject: x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry From: Paolo Bonzini +commit 8e0b2b916662e09dd4d09e5271cdf214c6b80e62 upstream. + Bit 3 of ARCH_CAPABILITIES tells a hypervisor that L1D flush on vmentry is not needed. Add a new value to enum vmx_l1d_flush_state, which is used either if there is no L1TF bug at all, or if bit 3 is set in ARCH_CAPABILITIES. @@ -12,6 +14,7 @@ either if there is no L1TF bug at all, or if bit 3 is set in ARCH_CAPABILITIES. Signed-off-by: Paolo Bonzini Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman + --- arch/x86/include/asm/msr-index.h | 1 + arch/x86/include/asm/vmx.h | 1 + diff --git a/queue-4.18/x86-topology-provide-topology_smt_supported.patch b/queue-4.18/x86-topology-provide-topology_smt_supported.patch index 6bb5e702a6d..a6f5c4b0e73 100644 --- a/queue-4.18/x86-topology-provide-topology_smt_supported.patch +++ b/queue-4.18/x86-topology-provide-topology_smt_supported.patch @@ -1,10 +1,12 @@ -From foo@baz Tue Aug 14 13:33:03 CEST 2018 +From f048c399e0f7490ab7296bc2c255d37eb14a9675 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Thu, 21 Jun 2018 10:37:20 +0200 Subject: x86/topology: Provide topology_smt_supported() From: Thomas Gleixner +commit f048c399e0f7490ab7296bc2c255d37eb14a9675 upstream. + Provide information whether SMT is supoorted by the CPUs. Preparatory patch for SMT control mechanism. @@ -12,6 +14,7 @@ Suggested-by: Dave Hansen Signed-off-by: Thomas Gleixner Acked-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman + --- arch/x86/include/asm/topology.h | 2 ++ arch/x86/kernel/smpboot.c | 8 ++++++++