pve-kernel-lowlatency-qoup/patches/kernel/0034-KVM-Add-GDS_NO-support-to-KVM.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Daniel Sneddon <daniel.sneddon@linux.intel.com>
Date: Wed, 12 Jul 2023 19:43:14 -0700
Subject: [PATCH] KVM: Add GDS_NO support to KVM

Gather Data Sampling (GDS) is a transient execution attack using
gather instructions from the AVX2 and AVX512 extensions. This attack
allows malicious code to infer data that was previously stored in
vector registers. Systems that are not vulnerable to GDS will set the
GDS_NO bit of the IA32_ARCH_CAPABILITIES MSR. This is useful for VM
guests that may think they are on vulnerable systems that are, in
fact, not affected. Guests that are running on affected hosts where
the mitigation is enabled are protected as if they were running
on an unaffected system.

On all hosts that are not affected or that are mitigated, set the
GDS_NO bit.

Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>

(cherry picked from commit 81ac7e5d741742d650b4ed6186c4826c1a0631a7)
CVE-2022-40982
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
(cherry picked from commit cd25885269804c59063c52ef587bde0d8fe17131)
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
 arch/x86/kernel/cpu/bugs.c | 7 +++++++
 arch/x86/kvm/x86.c         | 7 ++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 819a8aa0c706..63ec50ef7d7c 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -673,6 +673,13 @@ static const char * const gds_strings[] = {
 	[GDS_MITIGATION_HYPERVISOR]	= "Unknown: Dependent on hypervisor status",
 };
 
+bool gds_ucode_mitigated(void)
+{
+	return (gds_mitigation == GDS_MITIGATION_FULL ||
+		gds_mitigation == GDS_MITIGATION_FULL_LOCKED);
+}
+EXPORT_SYMBOL_GPL(gds_ucode_mitigated);
+
 void update_gds_msr(void)
 {
 	u64 mcu_ctrl_after;
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 1c5775d51495..7d8b14f8807e 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -310,6 +310,8 @@ u64 __read_mostly host_xcr0;
 
 static struct kmem_cache *x86_emulator_cache;
 
+extern bool gds_ucode_mitigated(void);
+
 /*
  * When called, it means the previous get/set msr reached an invalid msr.
  * Return true if we want to ignore/silent this failed msr access.
@@ -1598,7 +1600,7 @@ static unsigned int num_msr_based_features;
 	 ARCH_CAP_SKIP_VMENTRY_L1DFLUSH | ARCH_CAP_SSB_NO | ARCH_CAP_MDS_NO | \
 	 ARCH_CAP_PSCHANGE_MC_NO | ARCH_CAP_TSX_CTRL_MSR | ARCH_CAP_TAA_NO | \
 	 ARCH_CAP_SBDR_SSDP_NO | ARCH_CAP_FBSDP_NO | ARCH_CAP_PSDP_NO | \
-	 ARCH_CAP_FB_CLEAR | ARCH_CAP_RRSBA | ARCH_CAP_PBRSB_NO)
+	 ARCH_CAP_FB_CLEAR | ARCH_CAP_RRSBA | ARCH_CAP_PBRSB_NO | ARCH_CAP_GDS_NO)
 
 static u64 kvm_get_arch_capabilities(void)
 {
@@ -1655,6 +1657,9 @@ static u64 kvm_get_arch_capabilities(void)
 		 */
 	}
 
+	if (!boot_cpu_has_bug(X86_BUG_GDS) || gds_ucode_mitigated())
+		data |= ARCH_CAP_GDS_NO;
+
 	return data;
 }
add fixes for downfall by cherry-picking the relevant commits from launchpad/lunar [0]. (relevant commits are based on k.o/stable commits for this) minimally tested by booting my (ryzen) machine with this kernel and skimming through dmesg after boot. [0] git://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/lunar Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com> 2023-08-11 19:02:32 +03:00			`From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001`
			`From: Daniel Sneddon <daniel.sneddon@linux.intel.com>`
			`Date: Wed, 12 Jul 2023 19:43:14 -0700`
			`Subject: [PATCH] KVM: Add GDS_NO support to KVM`

			`Gather Data Sampling (GDS) is a transient execution attack using`
			`gather instructions from the AVX2 and AVX512 extensions. This attack`
			`allows malicious code to infer data that was previously stored in`
			`vector registers. Systems that are not vulnerable to GDS will set the`
			`GDS_NO bit of the IA32_ARCH_CAPABILITIES MSR. This is useful for VM`
			`guests that may think they are on vulnerable systems that are, in`
			`fact, not affected. Guests that are running on affected hosts where`
			`the mitigation is enabled are protected as if they were running`
			`on an unaffected system.`

			`On all hosts that are not affected or that are mitigated, set the`
			`GDS_NO bit.`

			`Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>`
			`Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>`
			`Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>`

			`(cherry picked from commit 81ac7e5d741742d650b4ed6186c4826c1a0631a7)`
			`CVE-2022-40982`
			`Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>`
			`Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>`
			`Acked-by: Stefan Bader <stefan.bader@canonical.com>`
			`Signed-off-by: Stefan Bader <stefan.bader@canonical.com>`
			`(cherry picked from commit cd25885269804c59063c52ef587bde0d8fe17131)`
			`Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>`
			`---`
			`arch/x86/kernel/cpu/bugs.c \| 7 +++++++`
			`arch/x86/kvm/x86.c \| 7 ++++++-`
			`2 files changed, 13 insertions(+), 1 deletion(-)`

			`diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c`
			`index 819a8aa0c706..63ec50ef7d7c 100644`
			`--- a/arch/x86/kernel/cpu/bugs.c`
			`+++ b/arch/x86/kernel/cpu/bugs.c`
			`@@ -673,6 +673,13 @@ static const char * const gds_strings[] = {`
			`[GDS_MITIGATION_HYPERVISOR] = "Unknown: Dependent on hypervisor status",`
			`};`

			`+bool gds_ucode_mitigated(void)`
			`+{`
			`+ return (gds_mitigation == GDS_MITIGATION_FULL \|\|`
			`+ gds_mitigation == GDS_MITIGATION_FULL_LOCKED);`
			`+}`
			`+EXPORT_SYMBOL_GPL(gds_ucode_mitigated);`
			`+`
			`void update_gds_msr(void)`
			`{`
			`u64 mcu_ctrl_after;`
			`diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c`
			`index 1c5775d51495..7d8b14f8807e 100644`
			`--- a/arch/x86/kvm/x86.c`
			`+++ b/arch/x86/kvm/x86.c`
			`@@ -310,6 +310,8 @@ u64 __read_mostly host_xcr0;`

			`static struct kmem_cache *x86_emulator_cache;`

			`+extern bool gds_ucode_mitigated(void);`
			`+`
			`/*`
			`* When called, it means the previous get/set msr reached an invalid msr.`
			`* Return true if we want to ignore/silent this failed msr access.`
			`@@ -1598,7 +1600,7 @@ static unsigned int num_msr_based_features;`
			`ARCH_CAP_SKIP_VMENTRY_L1DFLUSH \| ARCH_CAP_SSB_NO \| ARCH_CAP_MDS_NO \| \`
			`ARCH_CAP_PSCHANGE_MC_NO \| ARCH_CAP_TSX_CTRL_MSR \| ARCH_CAP_TAA_NO \| \`
			`ARCH_CAP_SBDR_SSDP_NO \| ARCH_CAP_FBSDP_NO \| ARCH_CAP_PSDP_NO \| \`
			`- ARCH_CAP_FB_CLEAR \| ARCH_CAP_RRSBA \| ARCH_CAP_PBRSB_NO)`
			`+ ARCH_CAP_FB_CLEAR \| ARCH_CAP_RRSBA \| ARCH_CAP_PBRSB_NO \| ARCH_CAP_GDS_NO)`

			`static u64 kvm_get_arch_capabilities(void)`
			`{`
			`@@ -1655,6 +1657,9 @@ static u64 kvm_get_arch_capabilities(void)`
			`*/`
			`}`

			`+ if (!boot_cpu_has_bug(X86_BUG_GDS) \|\| gds_ucode_mitigated())`
			`+ data \|= ARCH_CAP_GDS_NO;`
			`+`
			`return data;`
			`}`