mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2026-04-03 12:05:13 +02:00
aed15fc08f
Commit 7b306dfa32 upstream.
An SNP cache coherency vulnerability requires a cache line eviction
mitigation when validating memory after a page state change to private.
The specific mitigation is to touch the first and last byte of each 4K
page that is being validated. There is no need to perform the mitigation
when performing a page state change to shared and rescinding validation.
CPUID bit Fn8000001F_EBX[31] defines the COHERENCY_SFW_NO CPUID bit that,
when set, indicates that the software mitigation for this vulnerability is
not needed.
Implement the mitigation and invoke it when validating memory (making it
private) and the COHERENCY_SFW_NO bit is not set, indicating the SNP guest
is vulnerable.
Co-developed-by: Michael Roth <michael.roth@amd.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
133 lines
3.0 KiB
C
133 lines
3.0 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
#include <linux/types.h>
|
|
#include "bitops.h"
|
|
|
|
#include <asm/processor-flags.h>
|
|
#include <asm/required-features.h>
|
|
#include <asm/msr-index.h>
|
|
#include "cpuflags.h"
|
|
|
|
struct cpu_features cpu;
|
|
u32 cpu_vendor[3];
|
|
|
|
static bool loaded_flags;
|
|
|
|
static int has_fpu(void)
|
|
{
|
|
u16 fcw = -1, fsw = -1;
|
|
unsigned long cr0;
|
|
|
|
asm volatile("mov %%cr0,%0" : "=r" (cr0));
|
|
if (cr0 & (X86_CR0_EM|X86_CR0_TS)) {
|
|
cr0 &= ~(X86_CR0_EM|X86_CR0_TS);
|
|
asm volatile("mov %0,%%cr0" : : "r" (cr0));
|
|
}
|
|
|
|
asm volatile("fninit ; fnstsw %0 ; fnstcw %1"
|
|
: "+m" (fsw), "+m" (fcw));
|
|
|
|
return fsw == 0 && (fcw & 0x103f) == 0x003f;
|
|
}
|
|
|
|
/*
|
|
* For building the 16-bit code we want to explicitly specify 32-bit
|
|
* push/pop operations, rather than just saying 'pushf' or 'popf' and
|
|
* letting the compiler choose. But this is also included from the
|
|
* compressed/ directory where it may be 64-bit code, and thus needs
|
|
* to be 'pushfq' or 'popfq' in that case.
|
|
*/
|
|
#ifdef __x86_64__
|
|
#define PUSHF "pushfq"
|
|
#define POPF "popfq"
|
|
#else
|
|
#define PUSHF "pushfl"
|
|
#define POPF "popfl"
|
|
#endif
|
|
|
|
int has_eflag(unsigned long mask)
|
|
{
|
|
unsigned long f0, f1;
|
|
|
|
asm volatile(PUSHF " \n\t"
|
|
PUSHF " \n\t"
|
|
"pop %0 \n\t"
|
|
"mov %0,%1 \n\t"
|
|
"xor %2,%1 \n\t"
|
|
"push %1 \n\t"
|
|
POPF " \n\t"
|
|
PUSHF " \n\t"
|
|
"pop %1 \n\t"
|
|
POPF
|
|
: "=&r" (f0), "=&r" (f1)
|
|
: "ri" (mask));
|
|
|
|
return !!((f0^f1) & mask);
|
|
}
|
|
|
|
void cpuid_count(u32 id, u32 count, u32 *a, u32 *b, u32 *c, u32 *d)
|
|
{
|
|
asm volatile("cpuid"
|
|
: "=a" (*a), "=b" (*b), "=c" (*c), "=d" (*d)
|
|
: "0" (id), "2" (count)
|
|
);
|
|
}
|
|
|
|
#define cpuid(id, a, b, c, d) cpuid_count(id, 0, a, b, c, d)
|
|
|
|
void get_cpuflags(void)
|
|
{
|
|
u32 max_intel_level, max_amd_level;
|
|
u32 tfms;
|
|
u32 ignored;
|
|
|
|
if (loaded_flags)
|
|
return;
|
|
loaded_flags = true;
|
|
|
|
if (has_fpu())
|
|
set_bit(X86_FEATURE_FPU, cpu.flags);
|
|
|
|
if (has_eflag(X86_EFLAGS_ID)) {
|
|
cpuid(0x0, &max_intel_level, &cpu_vendor[0], &cpu_vendor[2],
|
|
&cpu_vendor[1]);
|
|
|
|
if (max_intel_level >= 0x00000001 &&
|
|
max_intel_level <= 0x0000ffff) {
|
|
cpuid(0x1, &tfms, &ignored, &cpu.flags[4],
|
|
&cpu.flags[0]);
|
|
cpu.level = (tfms >> 8) & 15;
|
|
cpu.family = cpu.level;
|
|
cpu.model = (tfms >> 4) & 15;
|
|
if (cpu.level >= 6)
|
|
cpu.model += ((tfms >> 16) & 0xf) << 4;
|
|
}
|
|
|
|
if (max_intel_level >= 0x00000007) {
|
|
cpuid_count(0x00000007, 0, &ignored, &ignored,
|
|
&cpu.flags[16], &ignored);
|
|
}
|
|
|
|
cpuid(0x80000000, &max_amd_level, &ignored, &ignored,
|
|
&ignored);
|
|
|
|
if (max_amd_level >= 0x80000001 &&
|
|
max_amd_level <= 0x8000ffff) {
|
|
cpuid(0x80000001, &ignored, &ignored, &cpu.flags[6],
|
|
&cpu.flags[1]);
|
|
}
|
|
|
|
if (max_amd_level >= 0x8000001f) {
|
|
u32 ebx;
|
|
|
|
/*
|
|
* The X86_FEATURE_COHERENCY_SFW_NO feature bit is in
|
|
* the virtualization flags entry (word 8) and set by
|
|
* scattered.c, so the bit needs to be explicitly set.
|
|
*/
|
|
cpuid(0x8000001f, &ignored, &ebx, &ignored, &ignored);
|
|
if (ebx & BIT(31))
|
|
set_bit(X86_FEATURE_COHERENCY_SFW_NO, cpu.flags);
|
|
}
|
|
}
|
|
}
|