From f0fc0e8cc1d25ebfa6258a421b48fea48cdb690d Mon Sep 17 00:00:00 2001
From: Andi Kleen <ak@linux.intel.com>
Date: Thu, 28 Mar 2019 13:57:16 -0400
Subject: [PATCH] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests

commit 6c4dbbd14730c43f4ed808a9c42ca41625925c22 upstream

X86_FEATURE_MD_CLEAR is a new CPUID bit which is set when microcode
provides the mechanism to invoke a flush of various exploitable CPU buffers
by invoking the VERW instruction.

Hand it through to guests so they can adjust their mitigations.

This also requires corresponding qemu changes, which are available
separately.

[ tglx: Massaged changelog ]

Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
Reviewed-by: Jon Masters <jcm@redhat.com>
Tested-by: Jon Masters <jcm@redhat.com>

(cherry picked from commit 0908473b20312b30f2600e4b16027d6c7facef4a)

Orabug: 29526900
CVE: CVE-2018-12126
CVE: CVE-2018-12130
CVE: CVE-2018-12127

Signed-off-by: Kanth Ghatraju <kanth.ghatraju@oracle.com>
Reviewed-by: Mihai Carabas <mihai.carabas@oracle.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>

Conflicts:
	arch/x86/kvm/cpuid.c
Different initial content of cpuid bits.
---
 arch/x86/kvm/cpuid.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index 58bfdbd02a61..93e6df26dbd9 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -66,6 +66,7 @@ u64 kvm_supported_xcr0(void)
 
 
 /* CPUID[eax=0x80000008].ebx */
+#define KVM_CPUID_BIT_MD_CLEAR		10
 #define KVM_CPUID_BIT_IBPB_SUPPORT	12
 #define KVM_CPUID_BIT_VIRT_SSBD		25
 
@@ -368,7 +369,7 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
 		F(XSAVEOPT) | F(XSAVEC) | F(XGETBV1) | f_xsaves;
 
 	const u32 kvm_cpuid_7_0_edx_x86_features = KF(IBRS) | KF(STIBP) |
-		KF(IA32_ARCH_CAPS) | KF(SSBD);
+		KF(IA32_ARCH_CAPS) | KF(SSBD) | KF(MD_CLEAR);
 
 	/* cpuid 0x80000008.ebx */
 	const u32 kvm_cpuid_80000008_ebx_x86_features =
@@ -453,6 +454,8 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
 				entry->edx &= ~(1u << KVM_CPUID_BIT_STIBP);
 			if ( !boot_cpu_has(X86_FEATURE_SSBD) )
 				entry->edx &= ~(1u << KVM_CPUID_BIT_SSBD);
+			if ( !boot_cpu_has(X86_FEATURE_MD_CLEAR) )
+                                entry->edx &= ~(1u << KVM_CPUID_BIT_MD_CLEAR);
 		} else {
 			entry->ebx = 0;
 			entry->edx = 0;
-- 
2.50.1