From: Alejandro Jimenez Date: Wed, 20 Mar 2019 16:55:38 +0000 (-0400) Subject: kvm/speculation: Allow KVM guests to use SSBD even if host does not X-Git-Tag: v4.1.12-124.31.3~118 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=c3c2643d5c8cb4ef4f5121edbb0ba81bbc59ce09;p=users%2Fjedix%2Flinux-maple.git kvm/speculation: Allow KVM guests to use SSBD even if host does not The bits set in x86_spec_ctrl_mask are used to determine the allowed value that is written to SPEC_CTRL MSR before VMENTRY, and controls which mitigations the guest can enable. In the case of SSBD, unless the host has enabled SSBD always on (which sets SSBD bit on x86_spec_ctrl_mask), the guest is unable to use the SSBD mitigation. This was confirmed by running the SSBD PoC and verifying that guests are always vulnerable regardless of their own SSBD setting, unless the host has booted with "spec_store_bypass_disable=on". Set the SSBD bit in x86_spec_ctrl_mask when the host CPU supports it, whether or not the host has chosen to enable the mitigation in any of its modes. Orabug: 29423804 Signed-off-by: Alejandro Jimenez Reviewed-by: Boris Ostrovsky Signed-off-by: Brian Maly --- diff --git a/arch/x86/kernel/cpu/bugs_64.c b/arch/x86/kernel/cpu/bugs_64.c index 097b5c4f2457..d6f796c37540 100644 --- a/arch/x86/kernel/cpu/bugs_64.c +++ b/arch/x86/kernel/cpu/bugs_64.c @@ -1040,6 +1040,17 @@ static void __init ssb_init(void) * - X86_FEATURE_SSBD - CPU is able to turn off speculative store bypass * - X86_FEATURE_SPEC_STORE_BYPASS_DISABLE - engage the mitigation */ + + /* + * If SSBD is controlled by the SPEC_CTRL MSR, then set the proper + * bit in the mask to allow guests to use the mitigation even in the + * case where the host does not. + */ + if (boot_cpu_has(X86_FEATURE_SSBD) || + boot_cpu_has(X86_FEATURE_AMD_SSBD)) { + x86_spec_ctrl_mask |= SPEC_CTRL_SSBD; + } + if (ssb_mode == SPEC_STORE_BYPASS_DISABLE) setup_force_cpu_cap(X86_FEATURE_SPEC_STORE_BYPASS_DISABLE); @@ -1051,7 +1062,6 @@ static void __init ssb_init(void) switch (boot_cpu_data.x86_vendor) { case X86_VENDOR_INTEL: x86_spec_ctrl_base |= SPEC_CTRL_SSBD; - x86_spec_ctrl_mask |= SPEC_CTRL_SSBD; x86_spec_ctrl_priv |= SPEC_CTRL_SSBD; x86_spec_ctrl_set(SPEC_CTRL_INITIAL);