Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

+2

arch/x86/include/asm/cpufeatures.h

··· 316 316 #define X86_FEATURE_VPCLMULQDQ (16*32+10) /* Carry-Less Multiplication Double Quadword */ 317 317 #define X86_FEATURE_AVX512_VNNI (16*32+11) /* Vector Neural Network Instructions */ 318 318 #define X86_FEATURE_AVX512_BITALG (16*32+12) /* Support for VPOPCNT[B,W] and VPSHUF-BITQMB instructions */ 319 + #define X86_FEATURE_TME (16*32+13) /* Intel Total Memory Encryption */ 319 320 #define X86_FEATURE_AVX512_VPOPCNTDQ (16*32+14) /* POPCNT for vectors of DW/QW */ 320 321 #define X86_FEATURE_LA57 (16*32+16) /* 5-level page tables */ 321 322 #define X86_FEATURE_RDPID (16*32+22) /* RDPID instruction */ ··· 329 328 /* Intel-defined CPU features, CPUID level 0x00000007:0 (EDX), word 18 */ 330 329 #define X86_FEATURE_AVX512_4VNNIW (18*32+ 2) /* AVX-512 Neural Network Instructions */ 331 330 #define X86_FEATURE_AVX512_4FMAPS (18*32+ 3) /* AVX-512 Multiply Accumulation Single precision */ 331 + #define X86_FEATURE_PCONFIG (18*32+18) /* Intel PCONFIG */ 332 332 #define X86_FEATURE_SPEC_CTRL (18*32+26) /* "" Speculation Control (IBRS + IBPB) */ 333 333 #define X86_FEATURE_INTEL_STIBP (18*32+27) /* "" Single Thread Indirect Branch Predictors */ 334 334 #define X86_FEATURE_ARCH_CAPABILITIES (18*32+29) /* IA32_ARCH_CAPABILITIES MSR (Intel) */

+1

arch/x86/include/asm/microcode.h

··· 39 39 40 40 enum ucode_state { 41 41 UCODE_OK = 0, 42 + UCODE_NEW, 42 43 UCODE_UPDATED, 43 44 UCODE_NFOUND, 44 45 UCODE_ERROR,

+4 -1

arch/x86/include/asm/nospec-branch.h

··· 183 183 * otherwise we'll run out of registers. We don't care about CET 184 184 * here, anyway. 185 185 */ 186 - # define CALL_NOSPEC ALTERNATIVE("call *%[thunk_target]\n", \ 186 + # define CALL_NOSPEC \ 187 + ALTERNATIVE( \ 188 + ANNOTATE_RETPOLINE_SAFE \ 189 + "call *%[thunk_target]\n", \ 187 190 " jmp 904f;\n" \ 188 191 " .align 16\n" \ 189 192 "901: call 903f;\n" \

+1 -2

arch/x86/kernel/cpu/intel.c

··· 105 105 /* 106 106 * Early microcode releases for the Spectre v2 mitigation were broken. 107 107 * Information taken from; 108 - * - https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/microcode-update-guidance.pdf 108 + * - https://newsroom.intel.com/wp-content/uploads/sites/11/2018/03/microcode-update-guidance.pdf 109 109 * - https://kb.vmware.com/s/article/52345 110 110 * - Microcode revisions observed in the wild 111 111 * - Release note from 20180108 microcode release ··· 123 123 { INTEL_FAM6_KABYLAKE_MOBILE, 0x09, 0x80 }, 124 124 { INTEL_FAM6_SKYLAKE_X, 0x03, 0x0100013e }, 125 125 { INTEL_FAM6_SKYLAKE_X, 0x04, 0x0200003c }, 126 - { INTEL_FAM6_SKYLAKE_DESKTOP, 0x03, 0xc2 }, 127 126 { INTEL_FAM6_BROADWELL_CORE, 0x04, 0x28 }, 128 127 { INTEL_FAM6_BROADWELL_GT3E, 0x01, 0x1b }, 129 128 { INTEL_FAM6_BROADWELL_XEON_D, 0x02, 0x14 },

+22 -14

arch/x86/kernel/cpu/microcode/amd.c

··· 339 339 return -EINVAL; 340 340 341 341 ret = load_microcode_amd(true, x86_family(cpuid_1_eax), desc.data, desc.size); 342 - if (ret != UCODE_OK) 342 + if (ret > UCODE_UPDATED) 343 343 return -EINVAL; 344 344 345 345 return 0; ··· 683 683 static enum ucode_state 684 684 load_microcode_amd(bool save, u8 family, const u8 *data, size_t size) 685 685 { 686 + struct ucode_patch *p; 686 687 enum ucode_state ret; 687 688 688 689 /* free old equiv table */ 689 690 free_equiv_cpu_table(); 690 691 691 692 ret = __load_microcode_amd(family, data, size); 692 - 693 - if (ret != UCODE_OK) 693 + if (ret != UCODE_OK) { 694 694 cleanup(); 695 - 696 - #ifdef CONFIG_X86_32 697 - /* save BSP's matching patch for early load */ 698 - if (save) { 699 - struct ucode_patch *p = find_patch(0); 700 - if (p) { 701 - memset(amd_ucode_patch, 0, PATCH_MAX_SIZE); 702 - memcpy(amd_ucode_patch, p->data, min_t(u32, ksize(p->data), 703 - PATCH_MAX_SIZE)); 704 - } 695 + return ret; 705 696 } 706 - #endif 697 + 698 + p = find_patch(0); 699 + if (!p) { 700 + return ret; 701 + } else { 702 + if (boot_cpu_data.microcode == p->patch_id) 703 + return ret; 704 + 705 + ret = UCODE_NEW; 706 + } 707 + 708 + /* save BSP's matching patch for early load */ 709 + if (!save) 710 + return ret; 711 + 712 + memset(amd_ucode_patch, 0, PATCH_MAX_SIZE); 713 + memcpy(amd_ucode_patch, p->data, min_t(u32, ksize(p->data), PATCH_MAX_SIZE)); 714 + 707 715 return ret; 708 716 } 709 717

+44 -32

arch/x86/kernel/cpu/microcode/core.c

··· 517 517 return -EINVAL; 518 518 } 519 519 520 - static atomic_t late_cpus; 520 + static atomic_t late_cpus_in; 521 + static atomic_t late_cpus_out; 522 + 523 + static int __wait_for_cpus(atomic_t *t, long long timeout) 524 + { 525 + int all_cpus = num_online_cpus(); 526 + 527 + atomic_inc(t); 528 + 529 + while (atomic_read(t) < all_cpus) { 530 + if (timeout < SPINUNIT) { 531 + pr_err("Timeout while waiting for CPUs rendezvous, remaining: %d\n", 532 + all_cpus - atomic_read(t)); 533 + return 1; 534 + } 535 + 536 + ndelay(SPINUNIT); 537 + timeout -= SPINUNIT; 538 + 539 + touch_nmi_watchdog(); 540 + } 541 + return 0; 542 + } 521 543 522 544 /* 523 545 * Returns: ··· 549 527 */ 550 528 static int __reload_late(void *info) 551 529 { 552 - unsigned int timeout = NSEC_PER_SEC; 553 - int all_cpus = num_online_cpus(); 554 530 int cpu = smp_processor_id(); 555 531 enum ucode_state err; 556 532 int ret = 0; 557 - 558 - atomic_dec(&late_cpus); 559 533 560 534 /* 561 535 * Wait for all CPUs to arrive. A load will not be attempted unless all 562 536 * CPUs show up. 563 537 * */ 564 - while (atomic_read(&late_cpus)) { 565 - if (timeout < SPINUNIT) { 566 - pr_err("Timeout while waiting for CPUs rendezvous, remaining: %d\n", 567 - atomic_read(&late_cpus)); 568 - return -1; 569 - } 570 - 571 - ndelay(SPINUNIT); 572 - timeout -= SPINUNIT; 573 - 574 - touch_nmi_watchdog(); 575 - } 538 + if (__wait_for_cpus(&late_cpus_in, NSEC_PER_SEC)) 539 + return -1; 576 540 577 541 spin_lock(&update_lock); 578 542 apply_microcode_local(&err); ··· 566 558 567 559 if (err > UCODE_NFOUND) { 568 560 pr_warn("Error reloading microcode on CPU %d\n", cpu); 569 - ret = -1; 570 - } else if (err == UCODE_UPDATED) { 561 + return -1; 562 + /* siblings return UCODE_OK because their engine got updated already */ 563 + } else if (err == UCODE_UPDATED || err == UCODE_OK) { 571 564 ret = 1; 565 + } else { 566 + return ret; 572 567 } 573 568 574 - atomic_inc(&late_cpus); 575 - 576 - while (atomic_read(&late_cpus) != all_cpus) 577 - cpu_relax(); 569 + /* 570 + * Increase the wait timeout to a safe value here since we're 571 + * serializing the microcode update and that could take a while on a 572 + * large number of CPUs. And that is fine as the *actual* timeout will 573 + * be determined by the last CPU finished updating and thus cut short. 574 + */ 575 + if (__wait_for_cpus(&late_cpus_out, NSEC_PER_SEC * num_online_cpus())) 576 + panic("Timeout during microcode update!\n"); 578 577 579 578 return ret; 580 579 } ··· 594 579 { 595 580 int ret; 596 581 597 - atomic_set(&late_cpus, num_online_cpus()); 582 + atomic_set(&late_cpus_in, 0); 583 + atomic_set(&late_cpus_out, 0); 598 584 599 585 ret = stop_machine_cpuslocked(__reload_late, NULL, cpu_online_mask); 600 - if (ret < 0) 601 - return ret; 602 - else if (ret > 0) 586 + if (ret > 0) 603 587 microcode_check(); 604 588 605 589 return ret; ··· 621 607 return size; 622 608 623 609 tmp_ret = microcode_ops->request_microcode_fw(bsp, &microcode_pdev->dev, true); 624 - if (tmp_ret != UCODE_OK) 610 + if (tmp_ret != UCODE_NEW) 625 611 return size; 626 612 627 613 get_online_cpus(); ··· 705 691 if (system_state != SYSTEM_RUNNING) 706 692 return UCODE_NFOUND; 707 693 708 - ustate = microcode_ops->request_microcode_fw(cpu, &microcode_pdev->dev, 709 - refresh_fw); 710 - 711 - if (ustate == UCODE_OK) { 694 + ustate = microcode_ops->request_microcode_fw(cpu, &microcode_pdev->dev, refresh_fw); 695 + if (ustate == UCODE_NEW) { 712 696 pr_debug("CPU%d updated upon init\n", cpu); 713 697 apply_microcode_on_target(cpu); 714 698 }

+3 -1

arch/x86/kernel/cpu/microcode/intel.c

··· 862 862 unsigned int leftover = size; 863 863 unsigned int curr_mc_size = 0, new_mc_size = 0; 864 864 unsigned int csig, cpf; 865 + enum ucode_state ret = UCODE_OK; 865 866 866 867 while (leftover) { 867 868 struct microcode_header_intel mc_header; ··· 904 903 new_mc = mc; 905 904 new_mc_size = mc_size; 906 905 mc = NULL; /* trigger new vmalloc */ 906 + ret = UCODE_NEW; 907 907 } 908 908 909 909 ucode_ptr += mc_size; ··· 934 932 pr_debug("CPU%d found a matching microcode update with version 0x%x (current=0x%x)\n", 935 933 cpu, new_rev, uci->cpu_sig.rev); 936 934 937 - return UCODE_OK; 935 + return ret; 938 936 } 939 937 940 938 static int get_ucode_fw(void *to, const void *from, size_t n)

+2 -1

arch/x86/kernel/vm86_32.c

··· 727 727 return; 728 728 729 729 check_vip: 730 - if (VEFLAGS & X86_EFLAGS_VIP) { 730 + if ((VEFLAGS & (X86_EFLAGS_VIP | X86_EFLAGS_VIF)) == 731 + (X86_EFLAGS_VIP | X86_EFLAGS_VIF)) { 731 732 save_v86_state(regs, VM86_STI); 732 733 return; 733 734 }

+2 -1

kernel/jump_label.c

··· 373 373 if (kernel_text_address(entry->code)) 374 374 arch_jump_label_transform(entry, jump_label_type(entry)); 375 375 else 376 - WARN_ONCE(1, "can't patch jump_label at %pS", (void *)entry->code); 376 + WARN_ONCE(1, "can't patch jump_label at %pS", 377 + (void *)(unsigned long)entry->code); 377 378 } 378 379 } 379 380 }

+28 -4

tools/testing/selftests/x86/entry_from_vm86.c

··· 95 95 "int3\n\t" 96 96 "vmcode_int80:\n\t" 97 97 "int $0x80\n\t" 98 + "vmcode_popf_hlt:\n\t" 99 + "push %ax\n\t" 100 + "popf\n\t" 101 + "hlt\n\t" 98 102 "vmcode_umip:\n\t" 99 103 /* addressing via displacements */ 100 104 "smsw (2052)\n\t" ··· 128 124 129 125 extern unsigned char vmcode[], end_vmcode[]; 130 126 extern unsigned char vmcode_bound[], vmcode_sysenter[], vmcode_syscall[], 131 - vmcode_sti[], vmcode_int3[], vmcode_int80[], vmcode_umip[], 132 - vmcode_umip_str[], vmcode_umip_sldt[]; 127 + vmcode_sti[], vmcode_int3[], vmcode_int80[], vmcode_popf_hlt[], 128 + vmcode_umip[], vmcode_umip_str[], vmcode_umip_sldt[]; 133 129 134 130 /* Returns false if the test was skipped. */ 135 131 static bool do_test(struct vm86plus_struct *v86, unsigned long eip, ··· 179 175 (VM86_TYPE(ret) == rettype && VM86_ARG(ret) == retarg)) { 180 176 printf("[OK]\tReturned correctly\n"); 181 177 } else { 182 - printf("[FAIL]\tIncorrect return reason\n"); 178 + printf("[FAIL]\tIncorrect return reason (started at eip = 0x%lx, ended at eip = 0x%lx)\n", eip, v86->regs.eip); 183 179 nerrs++; 184 180 } 185 181 ··· 268 264 v86.regs.ds = load_addr / 16; 269 265 v86.regs.es = load_addr / 16; 270 266 267 + /* Use the end of the page as our stack. */ 268 + v86.regs.esp = 4096; 269 + 271 270 assert((v86.regs.cs & 3) == 0); /* Looks like RPL = 0 */ 272 271 273 272 /* #BR -- should deliver SIG??? */ ··· 302 295 v86.regs.eflags &= ~X86_EFLAGS_IF; 303 296 do_test(&v86, vmcode_sti - vmcode, VM86_STI, 0, "STI with VIP set"); 304 297 298 + /* POPF with VIP set but IF clear: should not trap */ 299 + v86.regs.eflags = X86_EFLAGS_VIP; 300 + v86.regs.eax = 0; 301 + do_test(&v86, vmcode_popf_hlt - vmcode, VM86_UNKNOWN, 0, "POPF with VIP set and IF clear"); 302 + 303 + /* POPF with VIP set and IF set: should trap */ 304 + v86.regs.eflags = X86_EFLAGS_VIP; 305 + v86.regs.eax = X86_EFLAGS_IF; 306 + do_test(&v86, vmcode_popf_hlt - vmcode, VM86_STI, 0, "POPF with VIP and IF set"); 307 + 308 + /* POPF with VIP clear and IF set: should not trap */ 309 + v86.regs.eflags = 0; 310 + v86.regs.eax = X86_EFLAGS_IF; 311 + do_test(&v86, vmcode_popf_hlt - vmcode, VM86_UNKNOWN, 0, "POPF with VIP clear and IF set"); 312 + 313 + v86.regs.eflags = 0; 314 + 305 315 /* INT3 -- should cause #BP */ 306 316 do_test(&v86, vmcode_int3 - vmcode, VM86_TRAP, 3, "INT3"); 307 317 ··· 342 318 clearhandler(SIGSEGV); 343 319 344 320 /* Make sure nothing explodes if we fork. */ 345 - if (fork() > 0) 321 + if (fork() == 0) 346 322 return 0; 347 323 348 324 return (nerrs == 0 ? 0 : 1);

Configure Feed

Configure Feed