Ubuntu
linux package

~apw/ubuntu/+source/linux/+git/pti:pti/xenial-speculation-control-intel

  1. Git
  2. lp:~apw/ubuntu/+source/linux/+git/pti
  3. pti/xenial-speculation-control-intel
Last commit made on 2018-02-09
Get this branch:
git clone -b pti/xenial-speculation-control-intel https://git.launchpad.net/~apw/ubuntu/+source/linux/+git/pti
Only Andy Whitcroft can upload to this branch. If you are Andy Whitcroft please log in for upload directions.

Branch merges

Branch information

Name:
pti/xenial-speculation-control-intel
Repository:
lp:~apw/ubuntu/+source/linux/+git/pti

Recent commits

05c5179... by Andy Whitcroft

UBUNTU: SAUCE: turn off IBPB when full retpoline is present

CVE-2017-5715 (Spectre v2 Intel)

When we have full retpoline enabled then we do not actually require IBPB
flushes when entering the kernel. Add a new use_ibpb bit to represent
when we have retpoline enabled. Further split the enable bit into two
0x1 representing whether entry IBPB is enabled and 0x10 representing
whether kernel flushes for userspace/VMs etc are applied.

Signed-off-by: Andy Whitcroft <email address hidden>

eea38fe... by Stefan Bader

UBUNTU: SAUCE: Fix spec_ctrl support in KVM

CVE-2017-5715 (Spectre v2 Intel)

Initial change was missing code to correctly mask EDX bits of cpuid
level 7.0.

Fixes: 8339cae ("KVM: x86: Add speculative control CPUID support for guests")
Signed-off-by: Stefan Bader <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Acked-by: Khalid Elmously <email address hidden>
Signed-off-by: Kleber Sacilotto de Souza <email address hidden>
Signed-off-by: Andy Whitcroft <email address hidden>

e2bd177... by Tom Lendacky

KVM: x86: Add speculative control CPUID support for guests

CVE-2017-5715 (Spectre v2 Intel)

Provide the guest with the speculative control CPUID related values.

Signed-off-by: Paolo Bonzini <email address hidden>
Signed-off-by: Tom Lendacky <email address hidden>
Signed-off-by: Andy Whitcroft <email address hidden>
(backported from commit cbfe052b7e811a2854162b210f242d3e815cbc17)
Signed-off-by: Andy Whitcroft <email address hidden>

cb6ddc7... by Tom Lendacky

x86/svm: Set IBPB when running a different VCPU

CVE-2017-5715 (Spectre v2 Intel)

Set IBPB (Indirect Branch Prediction Barrier) when the current CPU is
going to run a VCPU different from what was previously run.

Signed-off-by: Paolo Bonzini <email address hidden>
Signed-off-by: Tom Lendacky <email address hidden>
Signed-off-by: Andy Whitcroft <email address hidden>
(backported from commit bb6edde44a0529ec52618c97a281719d968aaeab)
Signed-off-by: Andy Whitcroft <email address hidden>

c357e20... by Tom Lendacky

x86/svm: Set IBRS value on VM entry and exit

CVE-2017-5715 (Spectre v2 Intel)

Set/restore the guests IBRS value on VM entry. On VM exit back to the
kernel save the guest IBRS value and then set IBRS to 1.

Signed-off-by: Paolo Bonzini <email address hidden>
Signed-off-by: Tom Lendacky <email address hidden>
Signed-off-by: Andy Whitcroft <email address hidden>
(backported from commit ae47b6df435ae255747a9aa1a5520bd9ef01005f)
Signed-off-by: Andy Whitcroft <email address hidden>

aed551e... by Tom Lendacky

KVM: SVM: Do not intercept new speculative control MSRs

CVE-2017-5715 (Spectre v2 Intel)

Allow guest access to the speculative control MSRs without being
intercepted.

Signed-off-by: Paolo Bonzini <email address hidden>
Signed-off-by: Tom Lendacky <email address hidden>
Signed-off-by: Andy Whitcroft <email address hidden>
(cherry picked from commit 68c2587c0680813d57af0a4073fa22a95a15e980)
Signed-off-by: Andy Whitcroft <email address hidden>

b09e02a... by Tom Lendacky

x86/microcode: Extend post microcode reload to support IBPB feature

CVE-2017-5715 (Spectre v2 Intel)

Add an IBPB feature check to the speculative control update check after
a microcode reload.

Signed-off-by: Tom Lendacky <email address hidden>
Signed-off-by: Andy Whitcroft <email address hidden>
(backported from commit 073bee2caa42ddde1134cb87c955b4cad7b7d38b)
Signed-off-by: Andy Whitcroft <email address hidden>

ac303b9... by Tom Lendacky

x86/cpu/AMD: Add speculative control support for AMD

CVE-2017-5715 (Spectre v2 Intel)

Add speculative control support for AMD processors. For AMD, speculative
control is indicated as follows:

  CPUID EAX=0x00000007, ECX=0x00 return EDX[26] indicates support for
  both IBRS and IBPB.

  CPUID EAX=0x80000008, ECX=0x00 return EBX[12] indicates support for
  just IBPB.

On AMD family 0x10, 0x12 and 0x16 processors where either of the above
features are not supported, IBPB can be achieved by disabling
indirect branch predictor support in MSR 0xc0011021[14] at boot.

Signed-off-by: Tom Lendacky <email address hidden>
Signed-off-by: Andy Whitcroft <email address hidden>
(backported from commit 38994a3e1a9288622cb170bc89d037ca8f2b0fb6)
Signed-off-by: Andy Whitcroft <email address hidden>

0b068d7... by Borislav Petkov <email address hidden>

x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR

CVE-2017-5715 (Spectre v2 Intel)

The kernel accesses IC_CFG MSR (0xc0011021) on AMD because it
checks whether the way access filter is enabled on some F15h
models, and, if so, disables it.

kvm doesn't handle that MSR access and complains about it, which
can get really noisy in dmesg when one starts kvm guests all the
time for testing. And it is useless anyway - guest kernel
shouldn't be doing such changes anyway so tell it that that
filter is disabled.

Signed-off-by: Borislav Petkov <email address hidden>
Reviewed-by: Paolo Bonzini <email address hidden>
Cc: Andy Lutomirski <email address hidden>
Cc: Borislav Petkov <email address hidden>
Cc: Brian Gerst <email address hidden>
Cc: Denys Vlasenko <email address hidden>
Cc: H. Peter Anvin <email address hidden>
Cc: Linus Torvalds <email address hidden>
Cc: Peter Zijlstra <email address hidden>
Cc: Thomas Gleixner <email address hidden>
Link: http://<email address hidden>
Signed-off-by: Ingo Molnar <email address hidden>
(cherry picked from commit ae8b787543d872cf89a7f9ef8aa302f3ef9bcbd7)
Signed-off-by: Andy Whitcroft <email address hidden>

dc008d4... by Tim Chen <email address hidden>

x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control

CVE-2017-5715 (Spectre v2 Intel)

Signed-off-by: Tim Chen <email address hidden>
Signed-off-by: Andy Whitcroft <email address hidden>
(backported from commit 33e16ee8bd43aa4f065e17abbe9ed66457327b84)
Signed-off-by: Andy Whitcroft <email address hidden>