From patchwork Sat Feb 25 00:20:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 61469 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp1229975wrd; Fri, 24 Feb 2023 16:28:37 -0800 (PST) X-Google-Smtp-Source: AK7set93y1BEVbtGZyvtUeFB6uc7O0SgytZtwvul7qtFfYJHbOWh3i3GMAe5fBvH5mXPv6kVNqYd X-Received: by 2002:a17:906:c2d6:b0:8aa:33c4:87d5 with SMTP id ch22-20020a170906c2d600b008aa33c487d5mr22425158ejb.10.1677284917350; Fri, 24 Feb 2023 16:28:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1677284917; cv=none; d=google.com; s=arc-20160816; b=GdMRTOCg+Xd788m62Pvnuojt+ylDed+qwEKO9/D7nwSfB4tEkEWifrP5y4TNWvJv71 r7wa+Vyspa9O4RmTJLwKVCQFM15D145J1DRNYVWwjg/6PCB12SQXW6q8csGy5gIkmJoG tAtEuFySxkL55oGA1w7exUbNSBRpHZewPG/OlCS8bueqOaowBpHAHN6+HZCMFXkogUee TyBMXqip8V8IGh1bYySGburcVZlHRBVCm8+CmODH5dHBGZeKt0JebRKwX7cefUOKnd+b AULKkPf3kHU3pSBc8BY3nQkehju1mlfvCJ7e+sorAWaIXoAsagPnDHCcDiBQYVoykbzC CaIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=X7PAPL/STovbCmJD9AH2lbf9CjEajQmm8ljOsvBs+uE=; b=mBTMzFDU4NUeg2W9Zl+BOsT3wlKwk9oRfff/volZmhjTpSY0T7yTZgYeebs9+ULuss yBObayrBzBd+tAMxcsWqVp+e6Eta5OKDmnnOIZy8Jg3IjjFMzkLHhPJyYiWrB2ER50RO SlLngxkRuTIqYfC7sqEqklpbcu/11edvJq984AfVT3r98+7Jw3XptpLDwNDJXBpuY1Gj BwPMX7dyPY2Wl1YjogPFGpWOqy34ipH4IYoJJwFl+bbyEaZ2Si8ZrVGY23Z0KOidETHg KD7F+P9kHHUJlxPB64sLPtIL7kKzLsjg/sb3meB3n1NPp8/BADAQIo+j1X6qUzc6Gsxq Q4Dg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=De9a7roH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id jy18-20020a170907763200b008ce81ce3521si454004ejc.334.2023.02.24.16.28.14; Fri, 24 Feb 2023 16:28:37 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=De9a7roH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229602AbjBYAUd (ORCPT + 99 others); Fri, 24 Feb 2023 19:20:33 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39816 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229456AbjBYAUb (ORCPT ); Fri, 24 Feb 2023 19:20:31 -0500 Received: from mail.skyhub.de (mail.skyhub.de [IPv6:2a01:4f8:190:11c2::b:1457]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 785016F009; Fri, 24 Feb 2023 16:20:30 -0800 (PST) Received: from zn.tnic (p5de8e9fe.dip0.t-ipconnect.de [93.232.233.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id C2F971EC0543; Sat, 25 Feb 2023 01:20:28 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1677284428; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=X7PAPL/STovbCmJD9AH2lbf9CjEajQmm8ljOsvBs+uE=; b=De9a7roHnFHHeYNZTfamL+Jp8O3FZ1mA7hCeuPeeFf8V4DpWpy3Zk4o3A4wm+vlMNcByXt 88ERf57XlocQRI40fn9rolXPa4iR74uE4op/P3e6RUQxZmd4Ghs2u/F1ZiD9qaLtKqrW0r AEY9fBnMq/qBCLGmghyZajZ0MiL/CJk= Date: Sat, 25 Feb 2023 01:20:24 +0100 From: Borislav Petkov To: Josh Poimboeuf Cc: Kim Phillips , x86@kernel.org, Boris Ostrovsky , Dave Hansen , "H. Peter Anvin" , Ingo Molnar , Joao Martins , Jonathan Corbet , Konrad Rzeszutek Wilk , Paolo Bonzini , Sean Christopherson , Thomas Gleixner , David Woodhouse , Greg Kroah-Hartman , Juergen Gross , Peter Zijlstra , Tony Luck , Tom Lendacky , Alexey Kardashevskiy , kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] x86/CPU/AMD: Make sure EFER[AIBRSE] is set Message-ID: References: <20230124163319.2277355-1-kim.phillips@amd.com> <20230124163319.2277355-8-kim.phillips@amd.com> <20230224185257.o3mcmloei5zqu7wa@treble> <20230225000931.wrednfun4jifkqau@treble> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20230225000931.wrednfun4jifkqau@treble> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1758760709797500317?= X-GMAIL-MSGID: =?utf-8?q?1758760709797500317?= On Fri, Feb 24, 2023 at 04:09:31PM -0800, Josh Poimboeuf wrote: > Ah, I had to stare it that for a bit to figure out how it works. Yeah, it is a bit "hidden". :) > setup_real_mode() reads MSR_EFER from the boot CPU and stores it in > trampoline_header->efer. Then the other CPUs read that stored value in > startup_32() and write it into their MSR. Exactly. > Yeah, I think that would be good. Otherwise it's rather magical. Yap, see below. > That EFER MSR is a surprising place to put that bit. That MSR is very important on AMD. Consider it AMD's CR4. :-) Thx. Reported-by: Josh Poimboeuf Signed-off-by: Borislav Petkov (AMD) --- From: "Borislav Petkov (AMD)" Date: Sat, 25 Feb 2023 01:11:31 +0100 Subject: [PATCH] x86/CPU/AMD: Make sure EFER[AIBRSE] is set The AutoIBRS bit gets set only on the BSP as part of determining which mitigation to enable on AMD. Setting on the APs relies on the circumstance that the APs get booted through the trampoline and EFER - the MSR which contains that bit - gets replicated on every AP from the BSP. However, this can change in the future and considering the security implications of this bit not being set on every CPU, make sure it is set by verifying EFER later in the boot process and on every AP. Reported-by: Josh Poimboeuf Signed-off-by: Borislav Petkov (AMD) Link: https://lore.kernel.org/r/20230224185257.o3mcmloei5zqu7wa@treble --- arch/x86/kernel/cpu/amd.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c index 380753b14cab..de624c1442c2 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c @@ -996,6 +996,16 @@ static void init_amd(struct cpuinfo_x86 *c) msr_set_bit(MSR_K7_HWCR, MSR_K7_HWCR_IRPERF_EN_BIT); check_null_seg_clears_base(c); + + /* + * Make sure EFER[AIBRSE - Automatic IBRS Enable] is set. The APs are brought up + * using the trampoline code and as part of it, EFER gets prepared there in order + * to be replicated onto them. Regardless, set it here again, if not set, to protect + * against any future refactoring/code reorganization which might miss setting + * this important bit. + */ + if (cpu_has(c, X86_FEATURE_AUTOIBRS)) + msr_set_bit(MSR_EFER, _EFER_AUTOIBRS); } #ifdef CONFIG_X86_32