From: Greg Kroah-Hartman Date: Mon, 1 Jul 2019 15:38:31 +0000 (+0200) Subject: 4.4-stable patches X-Git-Tag: v5.1.16~27 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d5fa8bd2e84e6bf6736366ac7150fa1edef84c77;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: cpu-speculation-warn-on-unsupported-mitigations-parameter.patch x86-speculation-allow-guests-to-use-ssbd-even-if-host-does-not.patch --- diff --git a/queue-4.4/cpu-speculation-warn-on-unsupported-mitigations-parameter.patch b/queue-4.4/cpu-speculation-warn-on-unsupported-mitigations-parameter.patch new file mode 100644 index 00000000000..b6c0634efed --- /dev/null +++ b/queue-4.4/cpu-speculation-warn-on-unsupported-mitigations-parameter.patch @@ -0,0 +1,47 @@ +From 1bf72720281770162c87990697eae1ba2f1d917a Mon Sep 17 00:00:00 2001 +From: Geert Uytterhoeven +Date: Thu, 16 May 2019 09:09:35 +0200 +Subject: cpu/speculation: Warn on unsupported mitigations= parameter + +From: Geert Uytterhoeven + +commit 1bf72720281770162c87990697eae1ba2f1d917a upstream. + +Currently, if the user specifies an unsupported mitigation strategy on the +kernel command line, it will be ignored silently. The code will fall back +to the default strategy, possibly leaving the system more vulnerable than +expected. + +This may happen due to e.g. a simple typo, or, for a stable kernel release, +because not all mitigation strategies have been backported. + +Inform the user by printing a message. + +Fixes: 98af8452945c5565 ("cpu/speculation: Add 'mitigations=' cmdline option") +Signed-off-by: Geert Uytterhoeven +Signed-off-by: Thomas Gleixner +Acked-by: Josh Poimboeuf +Cc: Peter Zijlstra +Cc: Jiri Kosina +Cc: Greg Kroah-Hartman +Cc: Ben Hutchings +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/20190516070935.22546-1-geert@linux-m68k.org +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/cpu.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/kernel/cpu.c ++++ b/kernel/cpu.c +@@ -851,6 +851,9 @@ static int __init mitigations_parse_cmdl + cpu_mitigations = CPU_MITIGATIONS_OFF; + else if (!strcmp(arg, "auto")) + cpu_mitigations = CPU_MITIGATIONS_AUTO; ++ else ++ pr_crit("Unsupported mitigations=%s, system may still be vulnerable\n", ++ arg); + + return 0; + } diff --git a/queue-4.4/series b/queue-4.4/series index ef4e6cf78b5..db75f7fdd58 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -35,3 +35,5 @@ perf-help-remove-needless-use-of-strncpy.patch net-9p-include-trans_common.h-to-fix-missing-prototy.patch kvm-x86-fix-scan-ioapic-use-before-initialization.patch ovl-modify-ovl_permission-to-do-checks-on-two-inodes.patch +x86-speculation-allow-guests-to-use-ssbd-even-if-host-does-not.patch +cpu-speculation-warn-on-unsupported-mitigations-parameter.patch diff --git a/queue-4.4/x86-speculation-allow-guests-to-use-ssbd-even-if-host-does-not.patch b/queue-4.4/x86-speculation-allow-guests-to-use-ssbd-even-if-host-does-not.patch new file mode 100644 index 00000000000..a4860bdabd6 --- /dev/null +++ b/queue-4.4/x86-speculation-allow-guests-to-use-ssbd-even-if-host-does-not.patch @@ -0,0 +1,70 @@ +From c1f7fec1eb6a2c86d01bc22afce772c743451d88 Mon Sep 17 00:00:00 2001 +From: Alejandro Jimenez +Date: Mon, 10 Jun 2019 13:20:10 -0400 +Subject: x86/speculation: Allow guests to use SSBD even if host does not + +From: Alejandro Jimenez + +commit c1f7fec1eb6a2c86d01bc22afce772c743451d88 upstream. + +The bits set in x86_spec_ctrl_mask are used to calculate the guest's value +of SPEC_CTRL that is written to the MSR before VMENTRY, and control which +mitigations the guest can enable. In the case of SSBD, unless the host has +enabled SSBD always on mode (by passing "spec_store_bypass_disable=on" in +the kernel parameters), the SSBD bit is not set in the mask and the guest +can not properly enable the SSBD always on mitigation mode. + +This has been confirmed by running the SSBD PoC on a guest using the SSBD +always on mitigation mode (booted with kernel parameter +"spec_store_bypass_disable=on"), and verifying that the guest is vulnerable +unless the host is also using SSBD always on mode. In addition, the guest +OS incorrectly reports the SSB vulnerability as mitigated. + +Always set the SSBD bit in x86_spec_ctrl_mask when the host CPU supports +it, allowing the guest to use SSBD whether or not the host has chosen to +enable the mitigation in any of its modes. + +Fixes: be6fcb5478e9 ("x86/bugs: Rework spec_ctrl base and mask logic") +Signed-off-by: Alejandro Jimenez +Signed-off-by: Thomas Gleixner +Reviewed-by: Liam Merwick +Reviewed-by: Mark Kanda +Reviewed-by: Paolo Bonzini +Cc: bp@alien8.de +Cc: rkrcmar@redhat.com +Cc: kvm@vger.kernel.org +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/1560187210-11054-1-git-send-email-alejandro.j.jimenez@oracle.com +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/cpu/bugs.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +--- a/arch/x86/kernel/cpu/bugs.c ++++ b/arch/x86/kernel/cpu/bugs.c +@@ -807,6 +807,16 @@ static enum ssb_mitigation __init __ssb_ + } + + /* ++ * If SSBD is controlled by the SPEC_CTRL MSR, then set the proper ++ * bit in the mask to allow guests to use the mitigation even in the ++ * case where the host does not enable it. ++ */ ++ if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD) || ++ static_cpu_has(X86_FEATURE_AMD_SSBD)) { ++ x86_spec_ctrl_mask |= SPEC_CTRL_SSBD; ++ } ++ ++ /* + * We have three CPU feature flags that are in play here: + * - X86_BUG_SPEC_STORE_BYPASS - CPU is susceptible. + * - X86_FEATURE_SSBD - CPU is able to turn off speculative store bypass +@@ -823,7 +833,6 @@ static enum ssb_mitigation __init __ssb_ + x86_amd_ssb_disable(); + } else { + x86_spec_ctrl_base |= SPEC_CTRL_SSBD; +- x86_spec_ctrl_mask |= SPEC_CTRL_SSBD; + wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base); + } + }