Commit 8d561baa authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'x86_urgent_for_v6.17_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 

Pull x86 fixes from Borislav Petkov:

 - Remove a transitional asm/cpuid.h header which was added only as a
   fallback during cpuid helpers reorg

 - Initialize reserved fields in the SVSM page validation calls
   structure to zero in order to allow for future structure extensions

 - Have the sev-guest driver's buffers used in encryption operations be
   in linear mapping space as the encryption operation can be offloaded
   to an accelerator

 - Have a read-only MSR write when in an AMD SNP guest trap to the
   hypervisor as it is usually done. This makes the guest user
   experience better by simply raising a #GP instead of terminating said
   guest

 - Do not output AVX512 elapsed time for kernel threads because the data
   is wrong and fix a NULL pointer dereferencing in the process

 - Adjust the SRSO mitigation selection to the new attack vectors

* tag 'x86_urgent_for_v6.17_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/cpuid: Remove transitional <asm/cpuid.h> header
  x86/sev: Ensure SVSM reserved fields in a page validation entry are initialized to zero
  virt: sev-guest: Satisfy linear mapping requirement in get_derived_key()
  x86/sev: Improve handling of writes to intercepted TSC MSRs
  x86/fpu: Fix NULL dereference in avx512_status()
  x86/bugs: Select best SRSO mitigation
parents 0a9ee9ce ed6c4b65

Documentation/admin-guide/hw-vuln/attack_vector_controls.rst

+1 −1
Original line number Diff line number Diff line
@@ -214,7 +214,7 @@ Spectre_v1 X 
Spectre_v2            X                           X

Spectre_v2_user                      X                           X            *       (Note 1)

SRBDS                 X              X            X              X

SRSO                  X                           X

SRSO                  X              X            X              X

SSB                                                                                   (Note 4)

TAA                   X              X            X              X            *       (Note 2)

TSA                   X              X            X              X

arch/x86/boot/startup/sev-shared.c

+1 −0
Original line number Diff line number Diff line
@@ -785,6 +785,7 @@ static void __head svsm_pval_4k_page(unsigned long paddr, bool validate) 
	pc->entry[0].page_size = RMP_PG_SIZE_4K;

	pc->entry[0].action    = validate;

	pc->entry[0].ignore_cf = 0;

	pc->entry[0].rsvd      = 0;

	pc->entry[0].pfn       = paddr >> PAGE_SHIFT;



	/* Protocol 0, Call ID 1 */

arch/x86/coco/sev/core.c

+2 −0
Original line number Diff line number Diff line
@@ -227,6 +227,7 @@ static u64 svsm_build_ca_from_pfn_range(u64 pfn, u64 pfn_end, bool action, 
		pe->page_size = RMP_PG_SIZE_4K;

		pe->action    = action;

		pe->ignore_cf = 0;

		pe->rsvd      = 0;

		pe->pfn       = pfn;



		pe++;
@@ -257,6 +258,7 @@ static int svsm_build_ca_from_psc_desc(struct snp_psc_desc *desc, unsigned int d 
		pe->page_size = e->pagesize ? RMP_PG_SIZE_2M : RMP_PG_SIZE_4K;

		pe->action    = e->operation == SNP_PAGE_STATE_PRIVATE;

		pe->ignore_cf = 0;

		pe->rsvd      = 0;

		pe->pfn       = e->gfn;



		pe++;

arch/x86/coco/sev/vc-handle.c

+16 −15
Original line number Diff line number Diff line
@@ -371,29 +371,30 @@ static enum es_result __vc_handle_msr_caa(struct pt_regs *regs, bool write) 
 * executing with Secure TSC enabled, so special handling is required for

 * accesses of MSR_IA32_TSC and MSR_AMD64_GUEST_TSC_FREQ.

 */

static enum es_result __vc_handle_secure_tsc_msrs(struct pt_regs *regs, bool write)

static enum es_result __vc_handle_secure_tsc_msrs(struct es_em_ctxt *ctxt, bool write)

{

	struct pt_regs *regs = ctxt->regs;

	u64 tsc;



	/*

	 * GUEST_TSC_FREQ should not be intercepted when Secure TSC is enabled.

	 * Terminate the SNP guest when the interception is enabled.

	 * Writing to MSR_IA32_TSC can cause subsequent reads of the TSC to

	 * return undefined values, and GUEST_TSC_FREQ is read-only. Generate

	 * a #GP on all writes.

	 */

	if (regs->cx == MSR_AMD64_GUEST_TSC_FREQ)

		return ES_VMM_ERROR;

	if (write) {

		ctxt->fi.vector = X86_TRAP_GP;

		ctxt->fi.error_code = 0;

		return ES_EXCEPTION;

	}



	/*

	 * Writes: Writing to MSR_IA32_TSC can cause subsequent reads of the TSC

	 *         to return undefined values, so ignore all writes.

	 *

	 * Reads: Reads of MSR_IA32_TSC should return the current TSC value, use

	 *        the value returned by rdtsc_ordered().

	 * GUEST_TSC_FREQ read should not be intercepted when Secure TSC is

	 * enabled. Terminate the guest if a read is attempted.

	 */

	if (write) {

		WARN_ONCE(1, "TSC MSR writes are verboten!\n");

		return ES_OK;

	}

	if (regs->cx == MSR_AMD64_GUEST_TSC_FREQ)

		return ES_VMM_ERROR;



	/* Reads of MSR_IA32_TSC should return the current TSC value. */

	tsc = rdtsc_ordered();

	regs->ax = lower_32_bits(tsc);

	regs->dx = upper_32_bits(tsc);
@@ -416,7 +417,7 @@ static enum es_result vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *ctxt) 
	case MSR_IA32_TSC:

	case MSR_AMD64_GUEST_TSC_FREQ:

		if (sev_status & MSR_AMD64_SNP_SECURE_TSC)

			return __vc_handle_secure_tsc_msrs(regs, write);

			return __vc_handle_secure_tsc_msrs(ctxt, write);

		break;

	default:

		break;

arch/x86/include/asm/cpuid.h

deleted100644 → 0
+0 −8
Original line number Diff line number Diff line 
/* SPDX-License-Identifier: GPL-2.0 */



#ifndef _ASM_X86_CPUID_H

#define _ASM_X86_CPUID_H



#include <asm/cpuid/api.h>



#endif /* _ASM_X86_CPUID_H */