pve-kernel-qoup/patches/kernel/0296-KVM-x86-Add-speculative-control-CPUID-support-for-gu.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tom Lendacky <thomas.lendacky@amd.com>
Date: Wed, 20 Dec 2017 10:55:47 +0000
Subject: [PATCH] KVM: x86: Add speculative control CPUID support for guests
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CVE-2017-5753
CVE-2017-5715

Provide the guest with the speculative control CPUID related values.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
(cherry picked from commit db7641e5f41cd517c4181ce90c4f9ecc93af4b2b)
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 arch/x86/kvm/cpuid.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index 19adbb418443..f64502d21a89 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -70,6 +70,7 @@ u64 kvm_supported_xcr0(void)
 /* These are scattered features in cpufeatures.h. */
 #define KVM_CPUID_BIT_AVX512_4VNNIW     2
 #define KVM_CPUID_BIT_AVX512_4FMAPS     3
+#define KVM_CPUID_BIT_SPEC_CTRL		26
 #define KF(x) bit(KVM_CPUID_BIT_##x)
 
 int kvm_update_cpuid(struct kvm_vcpu *vcpu)
@@ -387,7 +388,12 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
 
 	/* cpuid 7.0.edx*/
 	const u32 kvm_cpuid_7_0_edx_x86_features =
-		KF(AVX512_4VNNIW) | KF(AVX512_4FMAPS);
+		KF(AVX512_4VNNIW) | KF(AVX512_4FMAPS) |
+		KF(SPEC_CTRL);
+
+	/* cpuid 0x80000008.0.ebx */
+	const u32 kvm_cpuid_80000008_0_ebx_x86_features =
+		F(IBPB);
 
 	/* all calls to cpuid_count() should be made on the same cpu */
 	get_cpu();
@@ -622,7 +628,9 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
 		if (!g_phys_as)
 			g_phys_as = phys_as;
 		entry->eax = g_phys_as | (virt_as << 8);
-		entry->ebx = entry->edx = 0;
+		entry->ebx &= kvm_cpuid_80000008_0_ebx_x86_features;
+		cpuid_mask(&entry->ebx, CPUID_8000_0008_EBX);
+		entry->edx = 0;
 		break;
 	}
 	case 0x80000019:
-- 
2.14.2
KPTI/Spectre: add more fixes * initial IBRS/IBPB/SPEC_CTRL support * regression fixes for KPTI * additional hardening against Spectre based on Ubuntu-4.13.0-29.32 and mainline 4.14 2018-01-15 14:34:50 +03:00			`From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001`
			`From: Tom Lendacky <thomas.lendacky@amd.com>`
			`Date: Wed, 20 Dec 2017 10:55:47 +0000`
			`Subject: [PATCH] KVM: x86: Add speculative control CPUID support for guests`
			`MIME-Version: 1.0`
			`Content-Type: text/plain; charset=UTF-8`
			`Content-Transfer-Encoding: 8bit`

			`CVE-2017-5753`
			`CVE-2017-5715`

			`Provide the guest with the speculative control CPUID related values.`

			`Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>`
			`Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>`
			`Signed-off-by: Andy Whitcroft <apw@canonical.com>`
			`Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>`
			`(cherry picked from commit db7641e5f41cd517c4181ce90c4f9ecc93af4b2b)`
			`Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>`
			`---`
			`arch/x86/kvm/cpuid.c \| 12 ++++++++++--`
			`1 file changed, 10 insertions(+), 2 deletions(-)`

			`diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c`
			`index 19adbb418443..f64502d21a89 100644`
			`--- a/arch/x86/kvm/cpuid.c`
			`+++ b/arch/x86/kvm/cpuid.c`
			`@@ -70,6 +70,7 @@ u64 kvm_supported_xcr0(void)`
			`/* These are scattered features in cpufeatures.h. */`
			`#define KVM_CPUID_BIT_AVX512_4VNNIW 2`
			`#define KVM_CPUID_BIT_AVX512_4FMAPS 3`
			`+#define KVM_CPUID_BIT_SPEC_CTRL 26`
			`#define KF(x) bit(KVM_CPUID_BIT_##x)`

			`int kvm_update_cpuid(struct kvm_vcpu *vcpu)`
			`@@ -387,7 +388,12 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,`

			`/* cpuid 7.0.edx*/`
			`const u32 kvm_cpuid_7_0_edx_x86_features =`
			`- KF(AVX512_4VNNIW) \| KF(AVX512_4FMAPS);`
			`+ KF(AVX512_4VNNIW) \| KF(AVX512_4FMAPS) \|`
			`+ KF(SPEC_CTRL);`
			`+`
			`+ /* cpuid 0x80000008.0.ebx */`
			`+ const u32 kvm_cpuid_80000008_0_ebx_x86_features =`
			`+ F(IBPB);`

			`/* all calls to cpuid_count() should be made on the same cpu */`
			`get_cpu();`
			`@@ -622,7 +628,9 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,`
			`if (!g_phys_as)`
			`g_phys_as = phys_as;`
			`entry->eax = g_phys_as \| (virt_as << 8);`
			`- entry->ebx = entry->edx = 0;`
			`+ entry->ebx &= kvm_cpuid_80000008_0_ebx_x86_features;`
			`+ cpuid_mask(&entry->ebx, CPUID_8000_0008_EBX);`
			`+ entry->edx = 0;`
			`break;`
			`}`
			`case 0x80000019:`
			`--`
			`2.14.2`