From patchwork Thu Nov 17 09:19:18 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Suleiman Souhlal <suleiman@google.com>
X-Patchwork-Id: 13046358
Return-Path: <kvm-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 50BACC433FE
	for <kvm@archiver.kernel.org>; Thu, 17 Nov 2022 09:20:02 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S239816AbiKQJUB (ORCPT <rfc822;kvm@archiver.kernel.org>);
        Thu, 17 Nov 2022 04:20:01 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44482 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S239815AbiKQJT7 (ORCPT <rfc822;kvm@vger.kernel.org>);
        Thu, 17 Nov 2022 04:19:59 -0500
Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com
 [IPv6:2607:f8b0:4864:20::114a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B4048AF0B0
        for <kvm@vger.kernel.org>; Thu, 17 Nov 2022 01:19:57 -0800 (PST)
Received: by mail-yw1-x114a.google.com with SMTP id
 00721157ae682-391842a55d6so5625987b3.0
        for <kvm@vger.kernel.org>; Thu, 17 Nov 2022 01:19:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=cc:to:from:subject:mime-version:message-id:date:from:to:cc:subject
         :date:message-id:reply-to;
        bh=ACYDPcuAUxUGlMNofZDyVmunW6qXPunSo4acvIqCYtg=;
        b=iW3mvCX5nq7+oa3xMp0QpEHPi4xWRWMH+u4pu7cFAcdgonhPnHDBiGQ8deYhRy8bza
         wZfhLna3K1ZOyk0JCiy16dfyjKd3fZVBAo9q7LdYHLmW+Lz1wCZ9wHvf4dwXDDj0Ig8D
         KT9gLcPxvcc7coyTMlj2pjhuLEctbrMU/O3KqypK4htpNoE4r6QaP7WD9kfRFx9qzz11
         h2dZdcymbVsfaAnq1xw9OmaiHYaVCw+QTnjF3C7BVLgdY47A30KvTveYaFqBitlpyrVj
         RYR7KBwGFOJBH9kBjBquzWdpQSPCQ0jNHWq192AesOoknXss4MVMcnlFBLZ6W7e3QbPH
         OfJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:from:subject:mime-version:message-id:date:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=ACYDPcuAUxUGlMNofZDyVmunW6qXPunSo4acvIqCYtg=;
        b=tjtC4qE0ooadf4TxL6fW60w0wQnI58P6sMBR6zgEL0iEgmacKfhInonK9wHDoBmY/0
         YM9PwsOTEdPNKq2PqxpOVro9oZ8tiIHudjKq1QPO9P4pi+OdjVf/m6Of0qaxr9DMbh1u
         WquMH7bFIBAdnm+no/YWPh1d7P19HlcwPs0T8ogiNPPkua/tnK9eaxQ9kahMZS1btJmX
         p7M1Rwbg46us7WYwOyDcAZE9n71jszWjEX04U5bITKgJLZVhNdAxwjJCL/CbQvNGCoWi
         Whx2Qd+G1PTbGDYLxlqGmaVG0lEzngtWDWX8kC4mkdi6mMTacvmmAPt3z7G3+r8XVYhf
         FfWg==
X-Gm-Message-State: ANoB5pmSnmuAFWwkLzoEx5kLIe8JIHzGxUQG7CZo3u/pIukogi9xTUcy
        JY7VSCeNFlJlZHSENUgC4JaO450cFwbgqw==
X-Google-Smtp-Source: 
 AA0mqf6wTCJbKpovoDP1hLRmgpkF4nOH/oNEcSfcLZ462mhRJedDGEQSPaLDVxjGeg0bUuldcegXWZbmkcNA5A==
X-Received: from suleiman1.tok.corp.google.com
 ([2401:fa00:8f:203:416e:f3c7:7f1d:6e])
 (user=suleiman job=sendgmr) by 2002:a5b:2c6:0:b0:6be:99e7:c5f0 with SMTP id
 h6-20020a5b02c6000000b006be99e7c5f0mr1310537ybp.248.1668676797009; Thu, 17
 Nov 2022 01:19:57 -0800 (PST)
Date: Thu, 17 Nov 2022 18:19:18 +0900
Message-Id: <20221117091952.1940850-1-suleiman@google.com>
Mime-Version: 1.0
X-Mailer: git-send-email 2.38.1.431.g37b22c650d-goog
Subject: [PATCH 4.19 00/34] Intel RETBleed mitigations for 4.19.
From: Suleiman Souhlal <suleiman@google.com>
To: stable@vger.kernel.org
Cc: x86@kernel.org, kvm@vger.kernel.org, bp@alien8.de,
        pbonzini@redhat.com, peterz@infradead.org, jpoimboe@kernel.org,
        cascardo@canonical.com, surajjs@amazon.com, ssouhlal@FreeBSD.org,
        suleiman@google.com
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org

This series backports the mitigations for RETBleed for Intel CPUs to
the 4.19 kernel.

It's based on the 5.4 [1] and 4.14 [2] backports.

Tested on Skylake Chromebook.

[1] https://lore.kernel.org/stable/20221003131038.12645-1-cascardo@canonical.com/
[2] https://lore.kernel.org/kvm/20221027204801.13146-1-surajjs@amazon.com/

Alexandre Chartre (2):
  x86/bugs: Report AMD retbleed vulnerability
  x86/bugs: Add AMD retbleed= boot parameter

Andrew Cooper (1):
  x86/cpu/amd: Enumerate BTC_NO

Daniel Sneddon (1):
  x86/speculation: Add RSB VM Exit protections

Ingo Molnar (1):
  x86/cpufeature: Fix various quality problems in the
    <asm/cpu_device_hd.h> header

Josh Poimboeuf (8):
  x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
  x86/speculation: Fix firmware entry SPEC_CTRL handling
  x86/speculation: Fix SPEC_CTRL write on SMT state change
  x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit
  x86/speculation: Remove x86_spec_ctrl_mask
  KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
  KVM: VMX: Fix IBRS handling after vmexit
  x86/speculation: Fill RSB on vmexit for IBRS

Kan Liang (1):
  x86/cpufeature: Add facility to check for min microcode revisions

Mark Gross (1):
  x86/cpu: Add a steppings field to struct x86_cpu_id

Nathan Chancellor (1):
  x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current

Pawan Gupta (4):
  x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS
  x86/bugs: Add Cannon lake to RETBleed affected CPU list
  x86/speculation: Disable RRSBA behavior
  x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS
    parts

Peter Zijlstra (10):
  x86/cpufeatures: Move RETPOLINE flags to word 11
  x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value
  x86/entry: Remove skip_r11rcx
  x86/entry: Add kernel IBRS implementation
  x86/bugs: Optimize SPEC_CTRL MSR writes
  x86/bugs: Split spectre_v2_select_mitigation() and
    spectre_v2_user_select_mitigation()
  x86/bugs: Report Intel retbleed vulnerability
  intel_idle: Disable IBRS during long idle
  x86/speculation: Change FILL_RETURN_BUFFER to work with objtool
  x86/common: Stamp out the stepping madness

Suleiman Souhlal (2):
  Revert "x86/speculation: Add RSB VM Exit protections"
  Revert "x86/cpu: Add a steppings field to struct x86_cpu_id"

Thomas Gleixner (2):
  x86/devicetable: Move x86 specific macro out of generic code
  x86/cpu: Add consistent CPU match macros

 .../admin-guide/kernel-parameters.txt         |  13 +
 arch/x86/entry/calling.h                      |  68 +++-
 arch/x86/entry/entry_32.S                     |   2 -
 arch/x86/entry/entry_64.S                     |  34 +-
 arch/x86/entry/entry_64_compat.S              |  11 +-
 arch/x86/include/asm/cpu_device_id.h          | 168 +++++++-
 arch/x86/include/asm/cpufeatures.h            |  18 +-
 arch/x86/include/asm/intel-family.h           |   6 +
 arch/x86/include/asm/msr-index.h              |  10 +
 arch/x86/include/asm/nospec-branch.h          |  53 ++-
 arch/x86/kernel/cpu/amd.c                     |  21 +-
 arch/x86/kernel/cpu/bugs.c                    | 368 ++++++++++++++----
 arch/x86/kernel/cpu/common.c                  |  60 +--
 arch/x86/kernel/cpu/match.c                   |  44 ++-
 arch/x86/kernel/cpu/scattered.c               |   1 +
 arch/x86/kernel/process.c                     |   2 +-
 arch/x86/kvm/svm.c                            |   1 +
 arch/x86/kvm/vmx.c                            |  53 ++-
 arch/x86/kvm/x86.c                            |   4 +-
 drivers/base/cpu.c                            |   8 +
 drivers/cpufreq/acpi-cpufreq.c                |   1 +
 drivers/cpufreq/amd_freq_sensitivity.c        |   1 +
 drivers/idle/intel_idle.c                     |  43 +-
 include/linux/cpu.h                           |   2 +
 include/linux/kvm_host.h                      |   2 +-
 include/linux/mod_devicetable.h               |   4 +-
 tools/arch/x86/include/asm/cpufeatures.h      |   1 +
 27 files changed, 813 insertions(+), 186 deletions(-)