Commits · b2f8503b5c0cf999421283ffb4eed1435c30cd5d · Kirill Smelkov / linux

05 Feb, 2018 40 commits

x86/cpufeatures: Add X86_BUG_CPU_INSECURE · b2f8503b

Thomas Gleixner authored Dec 04, 2017

CVE-2017-5715 (Spectre v2 retpoline)

Many x86 CPUs leak information to user space due to missing isolation of
user space and kernel space page tables. There are many well documented
ways to exploit that.

The upcoming software migitation of isolating the user and kernel space
page tables needs a misfeature flag so code can be made runtime
conditional.

Add the BUG bits which indicates that the CPU is affected and add a feature
bit which indicates that the software migitation is enabled.

Assume for now that _ALL_ x86 CPUs are affected by this. Exceptions can be
made later.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: David Laight <David.Laight@aculab.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Eduardo Valentin <eduval@amazon.com>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Will Deacon <will.deacon@arm.com>
Cc: aliguori@amazon.com
Cc: daniel.gruss@iaik.tugraz.at
Cc: hughd@google.com
Cc: keescook@google.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
(backported from commit a89f040f)
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

b2f8503b

x86/cpufeatures: Make CPU bugs sticky · f6b86fdb

Thomas Gleixner authored Dec 04, 2017

CVE-2017-5715 (Spectre v2 retpoline)

commit 6cbd2171 upstream.

There is currently no way to force CPU bug bits like CPU feature bits. That
makes it impossible to set a bug bit once at boot and have it stick for all
upcoming CPUs.

Extend the force set/clear arrays to handle bug bits as well.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Borislav Petkov <bp@suse.de>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Borislav Petkov <bpetkov@suse.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: David Laight <David.Laight@aculab.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Eduardo Valentin <eduval@amazon.com>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rik van Riel <riel@redhat.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: aliguori@amazon.com
Cc: daniel.gruss@iaik.tugraz.at
Cc: hughd@google.com
Cc: keescook@google.com
Link: https://lkml.kernel.org/r/20171204150606.992156574@linutronix.deSigned-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

(cherry picked from commit 65b28590)
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

f6b86fdb

x86/cpu: Factor out application of forced CPU caps · 64352cab

Andy Lutomirski authored Jan 18, 2017

CVE-2017-5715 (Spectre v2 retpoline)

commit 8bf1ebca upstream.

There are multiple call sites that apply forced CPU caps.  Factor
them into a helper.
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Reviewed-by: Borislav Petkov <bp@suse.de>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Fenghua Yu <fenghua.yu@intel.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matthew Whitehead <tedheadster@gmail.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rik van Riel <riel@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Yu-cheng Yu <yu-cheng.yu@intel.com>
Link: http://lkml.kernel.org/r/623ff7555488122143e4417de09b18be2085ad06.1484705016.git.luto@kernel.orgSigned-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

(cherry picked from commit 18b849b1)
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

64352cab

x86/cpuid: Provide get_scattered_cpuid_leaf() · 32e37049

He Chen authored Jan 17, 2018

CVE-2017-5715 (Spectre v2 retpoline)

Sparse populated CPUID leafs are collected in a software provided leaf to
avoid bloat of the x86_capability array, but there is no way to rebuild the
real leafs (e.g. for KVM CPUID enumeration) other than rereading the CPUID
leaf from the CPU. While this is possible it is problematic as it does not
take software disabled features into account. If a feature is disabled on
the host it should not be exposed to a guest either.

Add get_scattered_cpuid_leaf() which rebuilds the leaf from the scattered
cpuid table information and the active CPU features.

[ tglx: Rewrote changelog ]
Signed-off-by: He Chen <he.chen@linux.intel.com>
Reviewed-by: Borislav Petkov <bp@suse.de>
Cc: Luwei Kang <luwei.kang@intel.com>
Cc: kvm@vger.kernel.org
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: Piotr Luc <Piotr.Luc@intel.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Link: http://lkml.kernel.org/r/1478856336-9388-3-git-send-email-he.chen@linux.intel.comSigned-off-by: Thomas Gleixner <tglx@linutronix.de>
(backported from commit 47bdf337)
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Acked-by: Khalid Elmously <khalid.elmously@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
(backported from commit 36c867e8)
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

32e37049

Revert "bpf: prevent speculative execution in eBPF interpreter" · 88948f5a

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit ac92d827.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

88948f5a

Revert "x86, bpf, jit: prevent speculative execution when JIT is enabled" · 543389c8

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit 87f0ff16.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

543389c8

Revert "uvcvideo: prevent speculative execution" · e65a01ee

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit ffafbf6a.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

e65a01ee

Revert "carl9170: prevent speculative execution" · 51e5d1f4

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit 5f922fcb.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

51e5d1f4

Revert "qla2xxx: prevent speculative execution" · 4088d9b0

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit fa24f391.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

4088d9b0

Revert "Thermal/int340x: prevent speculative execution" · dcb7193a

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit 1c050491.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

dcb7193a

Revert "userns: prevent speculative execution" · e4045ad9

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit 9c852c53.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

e4045ad9

Revert "ipv6: prevent speculative execution" · 56129021

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit 904c6712.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

56129021

Revert "fs: prevent speculative execution" · bf1e0110

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit 905b2bac.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

bf1e0110

Revert "net: mpls: prevent speculative execution" · 46e9d09f

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit 021a73b4.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

46e9d09f

Revert "udf: prevent speculative execution" · b1b82c9d

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit eccbd5ac.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

b1b82c9d

Revert "x86/feature: Enable the x86 feature to control Speculation" · 8c58e2a2

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit 6d289c83.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

8c58e2a2

Revert "x86/feature: Report presence of IBPB and IBRS control" · 48103c87

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit 7de295e2.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

48103c87

Revert "x86/enter: MACROS to set/clear IBRS and set IBPB" · cadfe559

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit f011884a.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

cadfe559

Revert "x86/enter: Use IBRS on syscall and interrupts" · b42e547c

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit 0e2f6c3e.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

b42e547c

Revert "x86/idle: Disable IBRS entering idle and enable it on wakeup" · 10e23462

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit e231ae74.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

10e23462

Revert "x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup" · 2870f7d2

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit 92e0b0d6.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

2870f7d2

Revert "x86/mm: Set IBPB upon context switch" · 6720aabf

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit 49bb7a3c.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

6720aabf

Revert "x86/mm: Only set IBPB when the new thread cannot ptrace current thread" · 260de686

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit b0c3e8bd.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

260de686

Revert "x86/entry: Stuff RSB for entry to kernel for non-SMEP platform" · a6fa5ed0

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit 47a07600.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

a6fa5ed0

Revert "x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm" · 30fd5229

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit 70be2dd8.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

30fd5229

Revert "x86/kvm: Set IBPB when switching VM" · ac0d4eae

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit 30907f82.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

ac0d4eae

Revert "x86/kvm: Toggle IBRS on VM entry and exit" · ceea78e2

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit e233ec08.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

ceea78e2

Revert "x86/kvm: Pad RSB on VM transition" · 55600a10

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit ba5013cf.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

55600a10

Revert "x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature" · b3685465

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit 5e7fa023.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

b3685465

Revert "x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control" · 1089af8d

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit ff2699c9.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

1089af8d

Revert "x86/syscall: Clear unused extra registers on syscall entrance" · 6f3f333c

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit 0f76330e.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

6f3f333c

Revert "x86/syscall: Clear unused extra registers on 32-bit compatible syscall entrance" · b1c038b1

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit 70df98e2.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

b1c038b1

Revert "x86/entry: Use retpoline for syscall's indirect calls" · 684a6a68

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit f3fd3c0a.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

684a6a68

Revert "x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR" · b4385abd

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit 44c314e1.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

b4385abd

Revert "x86/cpu/AMD: Add speculative control support for AMD" · 688d5160

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit 0c42069d.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

688d5160

Revert "x86/microcode: Extend post microcode reload to support IBPB feature" · a9a8b5fa

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit 88b00371.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

a9a8b5fa

Revert "KVM: SVM: Do not intercept new speculative control MSRs" · b094e69c

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit 750beb6c.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

b094e69c

Revert "x86/svm: Set IBRS value on VM entry and exit" · 4347e8cd

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit d3d0f0a2.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

4347e8cd

Revert "x86/svm: Set IBPB when running a different VCPU" · 7dc92117

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit 8c36ea34.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

7dc92117

Revert "KVM: x86: Add speculative control CPUID support for guests" · ef09993f

Andy Whitcroft authored Jan 31, 2018

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit 8339cae2.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

ef09993f