From: Borislav Petkov <bp@alien8.de>
To: Josh Poimboeuf <jpoimboe@kernel.org>
Cc: Kim Phillips <kim.phillips@amd.com>,
x86@kernel.org, Boris Ostrovsky <boris.ostrovsky@oracle.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
Joao Martins <joao.m.martins@oracle.com>,
Jonathan Corbet <corbet@lwn.net>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Sean Christopherson <seanjc@google.com>,
Thomas Gleixner <tglx@linutronix.de>,
David Woodhouse <dwmw@amazon.co.uk>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Juergen Gross <jgross@suse.com>,
Peter Zijlstra <peterz@infradead.org>,
Tony Luck <tony.luck@intel.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Alexey Kardashevskiy <aik@amd.com>,
kvm@vger.kernel.org, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH] x86/CPU/AMD: Make sure EFER[AIBRSE] is set
Date: Sat, 25 Feb 2023 01:20:24 +0100 [thread overview]
Message-ID: <Y/lUSC5x2ZkTIGu4@zn.tnic> (raw)
In-Reply-To: <20230225000931.wrednfun4jifkqau@treble>
On Fri, Feb 24, 2023 at 04:09:31PM -0800, Josh Poimboeuf wrote:
> Ah, I had to stare it that for a bit to figure out how it works.
Yeah, it is a bit "hidden". :)
> setup_real_mode() reads MSR_EFER from the boot CPU and stores it in
> trampoline_header->efer. Then the other CPUs read that stored value in
> startup_32() and write it into their MSR.
Exactly.
> Yeah, I think that would be good. Otherwise it's rather magical.
Yap, see below.
> That EFER MSR is a surprising place to put that bit.
That MSR is very important on AMD. Consider it AMD's CR4. :-)
Thx.
---
From: "Borislav Petkov (AMD)" <bp@alien8.de>
Date: Sat, 25 Feb 2023 01:11:31 +0100
Subject: [PATCH] x86/CPU/AMD: Make sure EFER[AIBRSE] is set
The AutoIBRS bit gets set only on the BSP as part of determining which
mitigation to enable on AMD. Setting on the APs relies on the
circumstance that the APs get booted through the trampoline and EFER
- the MSR which contains that bit - gets replicated on every AP from the
BSP.
However, this can change in the future and considering the security
implications of this bit not being set on every CPU, make sure it is set
by verifying EFER later in the boot process and on every AP.
Reported-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/20230224185257.o3mcmloei5zqu7wa@treble
---
arch/x86/kernel/cpu/amd.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
index 380753b14cab..de624c1442c2 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
@@ -996,6 +996,16 @@ static void init_amd(struct cpuinfo_x86 *c)
msr_set_bit(MSR_K7_HWCR, MSR_K7_HWCR_IRPERF_EN_BIT);
check_null_seg_clears_base(c);
+
+ /*
+ * Make sure EFER[AIBRSE - Automatic IBRS Enable] is set. The APs are brought up
+ * using the trampoline code and as part of it, EFER gets prepared there in order
+ * to be replicated onto them. Regardless, set it here again, if not set, to protect
+ * against any future refactoring/code reorganization which might miss setting
+ * this important bit.
+ */
+ if (cpu_has(c, X86_FEATURE_AUTOIBRS))
+ msr_set_bit(MSR_EFER, _EFER_AUTOIBRS);
}
#ifdef CONFIG_X86_32
--
2.35.1
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
next prev parent reply other threads:[~2023-02-25 0:20 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-24 16:33 [PATCH v9 0/8] x86/cpu, kvm: Support AMD Automatic IBRS Kim Phillips
2023-01-24 16:33 ` [PATCH v9 1/8] x86/cpu, kvm: Add support for CPUID_80000021_EAX Kim Phillips
2023-01-26 10:12 ` [tip: x86/cpu] " tip-bot2 for Kim Phillips
2023-01-24 16:33 ` [PATCH v9 2/8] KVM: x86: Move open-coded cpuid leaf 0x80000021 EAX bit propagation code Kim Phillips
2023-01-26 10:12 ` [tip: x86/cpu] KVM: x86: Move open-coded CPUID " tip-bot2 for Kim Phillips
2023-01-24 16:33 ` [PATCH v9 3/8] x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature Kim Phillips
2023-01-26 10:12 ` [tip: x86/cpu] " tip-bot2 for Kim Phillips
2023-01-24 16:33 ` [PATCH v9 4/8] x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf Kim Phillips
2023-01-24 21:32 ` Sean Christopherson
2023-01-25 12:09 ` Borislav Petkov
2023-01-26 10:12 ` [tip: x86/cpu] " tip-bot2 for Kim Phillips
2023-01-24 16:33 ` [PATCH v9 5/8] x86/cpu, kvm: Add the Null Selector Clears Base feature Kim Phillips
2023-01-26 10:12 ` [tip: x86/cpu] " tip-bot2 for Kim Phillips
2023-01-24 16:33 ` [PATCH v9 6/8] x86/cpu, kvm: Add the SMM_CTL MSR not present feature Kim Phillips
2023-01-26 10:12 ` [tip: x86/cpu] " tip-bot2 for Kim Phillips
2023-01-24 16:33 ` [PATCH v9 7/8] x86/cpu: Support AMD Automatic IBRS Kim Phillips
2023-01-26 10:12 ` [tip: x86/cpu] " tip-bot2 for Kim Phillips
2023-02-24 18:52 ` [PATCH v9 7/8] " Josh Poimboeuf
2023-02-24 21:08 ` Borislav Petkov
2023-02-24 21:35 ` Josh Poimboeuf
2023-02-24 21:59 ` Borislav Petkov
2023-02-24 22:03 ` Luck, Tony
2023-02-24 22:12 ` Borislav Petkov
2023-02-24 23:30 ` pawan.kumar.gupta
2023-03-10 10:23 ` [tip: x86/misc] MAINTAINERS: Add x86 hardware vulnerabilities section tip-bot2 for Josh Poimboeuf
2023-02-24 22:51 ` [PATCH v9 7/8] x86/cpu: Support AMD Automatic IBRS Borislav Petkov
2023-02-24 23:23 ` Borislav Petkov
2023-02-25 0:09 ` Josh Poimboeuf
2023-02-25 0:20 ` Borislav Petkov [this message]
2023-02-25 0:52 ` [PATCH] x86/CPU/AMD: Make sure EFER[AIBRSE] is set Pawan Gupta
2023-02-25 1:32 ` Josh Poimboeuf
2023-02-25 12:21 ` Borislav Petkov
2023-02-25 17:28 ` Josh Poimboeuf
2023-02-25 22:56 ` Borislav Petkov
2023-02-25 23:43 ` Josh Poimboeuf
2023-02-26 11:18 ` Borislav Petkov
2023-02-26 17:27 ` Josh Poimboeuf
2023-02-26 18:44 ` Borislav Petkov
2023-02-27 15:25 ` Dave Hansen
2023-02-27 15:40 ` Borislav Petkov
2023-02-27 16:39 ` Dave Hansen
2023-03-10 16:22 ` [PATCH -v2] " Borislav Petkov
2023-03-13 15:42 ` Dave Hansen
2023-03-16 11:04 ` [tip: x86/cpu] " tip-bot2 for Borislav Petkov (AMD)
2023-01-24 16:33 ` [PATCH v9 8/8] KVM: x86: Propagate the AMD Automatic IBRS feature to the guest Kim Phillips
2023-01-26 10:12 ` [tip: x86/cpu] " tip-bot2 for Kim Phillips
2023-01-24 21:37 ` [PATCH v9 0/8] x86/cpu, kvm: Support AMD Automatic IBRS Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y/lUSC5x2ZkTIGu4@zn.tnic \
--to=bp@alien8.de \
--cc=aik@amd.com \
--cc=boris.ostrovsky@oracle.com \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=dwmw@amazon.co.uk \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=jgross@suse.com \
--cc=joao.m.martins@oracle.com \
--cc=jpoimboe@kernel.org \
--cc=kim.phillips@amd.com \
--cc=konrad.wilk@oracle.com \
--cc=kvm@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).