x86/vmscape: Enable the mitigation

		/sys/devices/system/cpu/vulnerabilities/srbds

		/sys/devices/system/cpu/vulnerabilities/tsa

		/sys/devices/system/cpu/vulnerabilities/tsx_async_abort

		/sys/devices/system/cpu/vulnerabilities/vmscape

Date:		January 2018

Contact:	Linux kernel mailing list <linux-kernel@vger.kernel.org>

Description:	Information about CPU vulnerabilities

					       srbds=off [X86,INTEL]

					       ssbd=force-off [ARM64]

					       tsx_async_abort=off [X86]

					       vmscape=off [X86]

				Exceptions:

					       This does not have any effect on

	vmpoff=		[KNL,S390] Perform z/VM CP command after power off.

			Format: <command>

	vmscape=	[X86] Controls mitigation for VMscape attacks.

			VMscape attacks can leak information from a userspace

			hypervisor to a guest via speculative side-channels.

			off		- disable the mitigation

			ibpb		- use Indirect Branch Prediction Barrier

					  (IBPB) mitigation (default)

			force		- force vulnerability detection even on

					  unaffected processors

	vsyscall=	[X86-64,EARLY]

			Controls the behavior of vsyscalls (i.e. calls to

			fixed addresses of 0xffffffffff600x00 from legacy

	  security vulnerability on AMD CPUs which can lead to forwarding of

	  invalid info to subsequent instructions and thus can affect their

	  timing and thereby cause a leakage.

config MITIGATION_VMSCAPE

	bool "Mitigate VMSCAPE"

	depends on KVM

	default y

	help

	  Enable mitigation for VMSCAPE attacks. VMSCAPE is a hardware security

	  vulnerability on Intel and AMD CPUs that may allow a guest to do

	  Spectre v2 style attacks on userspace hypervisor.

endif

config ARCH_HAS_ADD_PAGES

static void __init its_apply_mitigation(void);

static void __init tsa_select_mitigation(void);

static void __init tsa_apply_mitigation(void);

static void __init vmscape_select_mitigation(void);

static void __init vmscape_update_mitigation(void);

static void __init vmscape_apply_mitigation(void);

/* The base value of the SPEC_CTRL MSR without task-specific bits set */

u64 x86_spec_ctrl_base;

	its_select_mitigation();

	bhi_select_mitigation();

	tsa_select_mitigation();

	vmscape_select_mitigation();

	/*

	 * After mitigations are selected, some may need to update their

	bhi_update_mitigation();

	/* srso_update_mitigation() depends on retbleed_update_mitigation(). */

	srso_update_mitigation();

	vmscape_update_mitigation();

	spectre_v1_apply_mitigation();

	spectre_v2_apply_mitigation();

	its_apply_mitigation();

	bhi_apply_mitigation();

	tsa_apply_mitigation();

	vmscape_apply_mitigation();

}

/*

	}

}

#undef pr_fmt

#define pr_fmt(fmt)	"VMSCAPE: " fmt

enum vmscape_mitigations {

	VMSCAPE_MITIGATION_NONE,

	VMSCAPE_MITIGATION_AUTO,

	VMSCAPE_MITIGATION_IBPB_EXIT_TO_USER,

	VMSCAPE_MITIGATION_IBPB_ON_VMEXIT,

};

static const char * const vmscape_strings[] = {

	[VMSCAPE_MITIGATION_NONE]		= "Vulnerable",

	/* [VMSCAPE_MITIGATION_AUTO] */

	[VMSCAPE_MITIGATION_IBPB_EXIT_TO_USER]	= "Mitigation: IBPB before exit to userspace",

	[VMSCAPE_MITIGATION_IBPB_ON_VMEXIT]	= "Mitigation: IBPB on VMEXIT",

};

static enum vmscape_mitigations vmscape_mitigation __ro_after_init =

	IS_ENABLED(CONFIG_MITIGATION_VMSCAPE) ? VMSCAPE_MITIGATION_AUTO : VMSCAPE_MITIGATION_NONE;

static int __init vmscape_parse_cmdline(char *str)

{

	if (!str)

		return -EINVAL;

	if (!strcmp(str, "off")) {

		vmscape_mitigation = VMSCAPE_MITIGATION_NONE;

	} else if (!strcmp(str, "ibpb")) {

		vmscape_mitigation = VMSCAPE_MITIGATION_IBPB_EXIT_TO_USER;

	} else if (!strcmp(str, "force")) {

		setup_force_cpu_bug(X86_BUG_VMSCAPE);

		vmscape_mitigation = VMSCAPE_MITIGATION_AUTO;

	} else {

		pr_err("Ignoring unknown vmscape=%s option.\n", str);

	}

	return 0;

}

early_param("vmscape", vmscape_parse_cmdline);

static void __init vmscape_select_mitigation(void)

{

	if (cpu_mitigations_off() ||

	    !boot_cpu_has_bug(X86_BUG_VMSCAPE) ||

	    !boot_cpu_has(X86_FEATURE_IBPB)) {

		vmscape_mitigation = VMSCAPE_MITIGATION_NONE;

		return;

	}

	if (vmscape_mitigation == VMSCAPE_MITIGATION_AUTO)

		vmscape_mitigation = VMSCAPE_MITIGATION_IBPB_EXIT_TO_USER;

}

static void __init vmscape_update_mitigation(void)

{

	if (!boot_cpu_has_bug(X86_BUG_VMSCAPE))

		return;

	if (retbleed_mitigation == RETBLEED_MITIGATION_IBPB ||

	    srso_mitigation == SRSO_MITIGATION_IBPB_ON_VMEXIT)

		vmscape_mitigation = VMSCAPE_MITIGATION_IBPB_ON_VMEXIT;

	pr_info("%s\n", vmscape_strings[vmscape_mitigation]);

}

static void __init vmscape_apply_mitigation(void)

{

	if (vmscape_mitigation == VMSCAPE_MITIGATION_IBPB_EXIT_TO_USER)

		setup_force_cpu_cap(X86_FEATURE_IBPB_EXIT_TO_USER);

}

#undef pr_fmt

#define pr_fmt(fmt) fmt

	return sysfs_emit(buf, "%s\n", tsa_strings[tsa_mitigation]);

}

static ssize_t vmscape_show_state(char *buf)

{

	return sysfs_emit(buf, "%s\n", vmscape_strings[vmscape_mitigation]);

}

static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr,

			       char *buf, unsigned int bug)

{

	case X86_BUG_TSA:

		return tsa_show_state(buf);

	case X86_BUG_VMSCAPE:

		return vmscape_show_state(buf);

	default:

		break;

	}

{

	return cpu_show_common(dev, attr, buf, X86_BUG_TSA);

}

ssize_t cpu_show_vmscape(struct device *dev, struct device_attribute *attr, char *buf)

{

	return cpu_show_common(dev, attr, buf, X86_BUG_VMSCAPE);

}

#endif

void __warn_thunk(void)

CPU_SHOW_VULN_FALLBACK(old_microcode);

CPU_SHOW_VULN_FALLBACK(indirect_target_selection);

CPU_SHOW_VULN_FALLBACK(tsa);

CPU_SHOW_VULN_FALLBACK(vmscape);

static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL);

static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL);

static DEVICE_ATTR(old_microcode, 0444, cpu_show_old_microcode, NULL);

static DEVICE_ATTR(indirect_target_selection, 0444, cpu_show_indirect_target_selection, NULL);

static DEVICE_ATTR(tsa, 0444, cpu_show_tsa, NULL);

static DEVICE_ATTR(vmscape, 0444, cpu_show_vmscape, NULL);

static struct attribute *cpu_root_vulnerabilities_attrs[] = {

	&dev_attr_meltdown.attr,

	&dev_attr_old_microcode.attr,

	&dev_attr_indirect_target_selection.attr,

	&dev_attr_tsa.attr,

	&dev_attr_vmscape.attr,

	NULL

};