Re: [PATCH v1 1/2] x86/retpoline: Add a function to clear the RETPOLINE_AMD feature

On 1/9/2018 5:43 PM, Thomas Gleixner wrote: > On Tue, 9 Jan 2018, Tom Lendacky wrote: >> On 1/9/2018 5:09 PM, Thomas Gleixner wrote: >>> On Tue, 9 Jan 2018, Tom Lendacky wrote: >>>> On 1/9/2018 4:46 PM, Thomas Gleixner wrote: >>>>> Urgh. That's an awf

Re: AMD EPYC microcode update bug?

On 1/9/2018 5:06 PM, Gabriel C wrote: > 2018-01-09 23:47 GMT+01:00 Tom Lendacky <thomas.lenda...@amd.com>: >> On 1/9/2018 4:28 PM, Gabriel C wrote: >>> Hello , >>> >>> I'm testing an EPYC system right now with 2 EPYC 7281 16-Core Processors. >

Re: AMD EPYC microcode update bug?

On 1/9/2018 5:06 PM, Gabriel C wrote: > 2018-01-09 23:47 GMT+01:00 Tom Lendacky : >> On 1/9/2018 4:28 PM, Gabriel C wrote: >>> Hello , >>> >>> I'm testing an EPYC system right now with 2 EPYC 7281 16-Core Processors. >>> >>> I'm on 4.15.

Re: [PATCH v1 1/2] x86/retpoline: Add a function to clear the RETPOLINE_AMD feature

On 1/9/2018 5:09 PM, Thomas Gleixner wrote: > On Tue, 9 Jan 2018, Tom Lendacky wrote: >> On 1/9/2018 4:46 PM, Thomas Gleixner wrote: >>> Urgh. That's an awful hack. why not do the obvious? >> >> My first attempt was very similar to your chang

Re: [PATCH v1 1/2] x86/retpoline: Add a function to clear the RETPOLINE_AMD feature

On 1/9/2018 5:09 PM, Thomas Gleixner wrote: > On Tue, 9 Jan 2018, Tom Lendacky wrote: >> On 1/9/2018 4:46 PM, Thomas Gleixner wrote: >>> Urgh. That's an awful hack. why not do the obvious? >> >> My first attempt was very similar to your chang

Re: [PATCH v1 1/2] x86/retpoline: Add a function to clear the RETPOLINE_AMD feature

On 1/9/2018 4:46 PM, Thomas Gleixner wrote: > On Tue, 9 Jan 2018, Tom Lendacky wrote: >> For AMD hardware, the RETPOLINE_AMD feature is dependent on LFENCE being >> a serializing instruction. Create a function to allow RETPOLINE_AMD to >> be cleared if it cannot be d

Re: [PATCH v1 1/2] x86/retpoline: Add a function to clear the RETPOLINE_AMD feature

On 1/9/2018 4:46 PM, Thomas Gleixner wrote: > On Tue, 9 Jan 2018, Tom Lendacky wrote: >> For AMD hardware, the RETPOLINE_AMD feature is dependent on LFENCE being >> a serializing instruction. Create a function to allow RETPOLINE_AMD to >> be cleared if it cannot be d

Re: AMD EPYC microcode update bug?

On 1/9/2018 4:28 PM, Gabriel C wrote: > Hello , > > I'm testing an EPYC system right now with 2 EPYC 7281 16-Core Processors. > > I'm on 4.15.0-rc7 and tested an update to microcode_amd_fam17h.bin. > > First run was made by using the early microcode option with dracut[1] > so loading from a

Re: AMD EPYC microcode update bug?

On 1/9/2018 4:28 PM, Gabriel C wrote: > Hello , > > I'm testing an EPYC system right now with 2 EPYC 7281 16-Core Processors. > > I'm on 4.15.0-rc7 and tested an update to microcode_amd_fam17h.bin. > > First run was made by using the early microcode option with dracut[1] > so loading from a

[PATCH v1 2/2] x86/cpu/AMD: Clear RETPOLINE_AMD if LFENCE is not serializing

if the MSR write to make LFENCE serializing is not successful. Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> --- arch/x86/kernel/cpu/amd.c |4 1 file changed, 4 insertions(+) diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c index ea831c8..8a0076b 100644 --- a/ar

[PATCH v1 2/2] x86/cpu/AMD: Clear RETPOLINE_AMD if LFENCE is not serializing

if the MSR write to make LFENCE serializing is not successful. Signed-off-by: Tom Lendacky --- arch/x86/kernel/cpu/amd.c |4 1 file changed, 4 insertions(+) diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c index ea831c8..8a0076b 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch

[PATCH v1 1/2] x86/retpoline: Add a function to clear the RETPOLINE_AMD feature

. Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> --- arch/x86/include/asm/nospec-branch.h |1 + arch/x86/kernel/cpu/bugs.c | 10 ++ 2 files changed, 11 insertions(+) diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h index 8

[PATCH v1 1/2] x86/retpoline: Add a function to clear the RETPOLINE_AMD feature

. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/nospec-branch.h |1 + arch/x86/kernel/cpu/bugs.c | 10 ++ 2 files changed, 11 insertions(+) diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h index 8ddf851..5785684 100644

[PATCH v1 0/2] x86/retpoline: Clear RETPOLINE_AMD if LFENCE is not serializing

can not be determined to be serializing call the new function to clear the RETPOLINE_AMD feature. This patch series is based on tip:x86/pti. --- Tom Lendacky (2): x86/retpoline: Add a function to clear the RETPOLINE_AMD feature x86/cpu/AMD: Clear RETPOLINE_AMD if LFENCE

[PATCH v1 0/2] x86/retpoline: Clear RETPOLINE_AMD if LFENCE is not serializing

can not be determined to be serializing call the new function to clear the RETPOLINE_AMD feature. This patch series is based on tip:x86/pti. --- Tom Lendacky (2): x86/retpoline: Add a function to clear the RETPOLINE_AMD feature x86/cpu/AMD: Clear RETPOLINE_AMD if LFENCE

[tip:x86/pti] x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC

Commit-ID: 9c6a73c75864ad9fa49e5fa6513e4c4071c0e29f Gitweb: https://git.kernel.org/tip/9c6a73c75864ad9fa49e5fa6513e4c4071c0e29f Author: Tom Lendacky <thomas.lenda...@amd.com> AuthorDate: Mon, 8 Jan 2018 16:09:32 -0600 Committer: Thomas Gleixner <t...@linutronix.de> CommitDate

[tip:x86/pti] x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC

Commit-ID: 9c6a73c75864ad9fa49e5fa6513e4c4071c0e29f Gitweb: https://git.kernel.org/tip/9c6a73c75864ad9fa49e5fa6513e4c4071c0e29f Author: Tom Lendacky AuthorDate: Mon, 8 Jan 2018 16:09:32 -0600 Committer: Thomas Gleixner CommitDate: Tue, 9 Jan 2018 01:43:11 +0100 x86/cpu/AMD: Use

[tip:x86/pti] x86/cpu/AMD: Make LFENCE a serializing instruction

Commit-ID: e4d0e84e490790798691aaa0f2e598637f1867ec Gitweb: https://git.kernel.org/tip/e4d0e84e490790798691aaa0f2e598637f1867ec Author: Tom Lendacky <thomas.lenda...@amd.com> AuthorDate: Mon, 8 Jan 2018 16:09:21 -0600 Committer: Thomas Gleixner <t...@linutronix.de> CommitDate

[tip:x86/pti] x86/cpu/AMD: Make LFENCE a serializing instruction

Commit-ID: e4d0e84e490790798691aaa0f2e598637f1867ec Gitweb: https://git.kernel.org/tip/e4d0e84e490790798691aaa0f2e598637f1867ec Author: Tom Lendacky AuthorDate: Mon, 8 Jan 2018 16:09:21 -0600 Committer: Thomas Gleixner CommitDate: Tue, 9 Jan 2018 01:43:10 +0100 x86/cpu/AMD: Make

Re: [PATCH v2 4/5] x86/mm: Prepare sme_encrypt_kernel() for PAGE aligned encryption

On 1/7/2018 12:25 PM, Borislav Petkov wrote: > On Thu, Dec 21, 2017 at 04:03:21PM -0600, Tom Lendacky wrote: >> @@ -568,17 +578,57 @@ static void __init sme_populate_pgd_large(struct >> sme_populate_pgd_data *ppd) >> native_set_pud(pud_p, pud); >>

Re: [PATCH v2 4/5] x86/mm: Prepare sme_encrypt_kernel() for PAGE aligned encryption

On 1/7/2018 12:25 PM, Borislav Petkov wrote: > On Thu, Dec 21, 2017 at 04:03:21PM -0600, Tom Lendacky wrote: >> @@ -568,17 +578,57 @@ static void __init sme_populate_pgd_large(struct >> sme_populate_pgd_data *ppd) >> native_set_pud(pud_p, pud); >>

Re: [PATCH v2 3/5] x86/mm: Centralize PMD flags in sme_encrypt_kernel()

On 1/7/2018 10:28 AM, Borislav Petkov wrote: > On Thu, Dec 21, 2017 at 04:03:12PM -0600, Tom Lendacky wrote: >> In preparation for encrypting more than just the kernel during early >> boot processing, centralize the use of the PMD flag settings based >> on the type of mappi

Re: [PATCH v2 3/5] x86/mm: Centralize PMD flags in sme_encrypt_kernel()

On 1/7/2018 10:28 AM, Borislav Petkov wrote: > On Thu, Dec 21, 2017 at 04:03:12PM -0600, Tom Lendacky wrote: >> In preparation for encrypting more than just the kernel during early >> boot processing, centralize the use of the PMD flag settings based >> on the type of mappi

[PATCH v2 2/2] x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC

is set, then set the LFENCE_RDTSC feature, otherwise set the MFENCE_RDTSC feature. Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> --- arch/x86/include/asm/msr-index.h |1 + arch/x86/kernel/cpu/amd.c| 17 +++-- 2 files changed, 16 insertions(+), 2 del

[PATCH v2 2/2] x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC

is set, then set the LFENCE_RDTSC feature, otherwise set the MFENCE_RDTSC feature. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/msr-index.h |1 + arch/x86/kernel/cpu/amd.c| 17 +++-- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/arch/x86

[PATCH v2 0/2] x86/cpu/AMD: Make LFENCE a serializing instruction on AMD

to the cc since this will impact nospec_barrier(), which will require an alternative_2 to add an MFENCE instruction with an MFENCE_RDTSC check Tom Lendacky (2): x86/cpu/AMD: Make LFENCE a serializing instruction x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC arch/x86

[PATCH v2 1/2] x86/cpu/AMD: Make LFENCE a serializing instruction

. Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> --- arch/x86/include/asm/msr-index.h |2 ++ arch/x86/kernel/cpu/amd.c| 10 ++ 2 files changed, 12 insertions(+) diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index ab02261..1e7d710

[PATCH v2 0/2] x86/cpu/AMD: Make LFENCE a serializing instruction on AMD

to the cc since this will impact nospec_barrier(), which will require an alternative_2 to add an MFENCE instruction with an MFENCE_RDTSC check Tom Lendacky (2): x86/cpu/AMD: Make LFENCE a serializing instruction x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC arch/x86

[PATCH v2 1/2] x86/cpu/AMD: Make LFENCE a serializing instruction

. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/msr-index.h |2 ++ arch/x86/kernel/cpu/amd.c| 10 ++ 2 files changed, 12 insertions(+) diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index ab02261..1e7d710 100644 --- a/arch/x86/include/asm

Re: [tip:x86/pti] x86/cpu/AMD: Use LFENCE_RDTSC instead of MFENCE_RDTSC

On 1/8/2018 11:01 AM, Paolo Bonzini wrote: > On 08/01/2018 17:48, Dr. David Alan Gilbert wrote: >>> If your hypervisor is lying to you about the primary family, then all >>> bets are off.  I don't expect there will be any production systems doing >>> this. >> It's not that an unusual thing to do

Re: [tip:x86/pti] x86/cpu/AMD: Use LFENCE_RDTSC instead of MFENCE_RDTSC

On 1/8/2018 11:01 AM, Paolo Bonzini wrote: > On 08/01/2018 17:48, Dr. David Alan Gilbert wrote: >>> If your hypervisor is lying to you about the primary family, then all >>> bets are off.  I don't expect there will be any production systems doing >>> this. >> It's not that an unusual thing to do

Re: [tip:x86/pti] x86/cpu/AMD: Use LFENCE_RDTSC instead of MFENCE_RDTSC

On 1/8/2018 9:15 AM, Thomas Gleixner wrote: > On Mon, 8 Jan 2018, Tom Lendacky wrote: >> On 1/8/2018 5:10 AM, Thomas Gleixner wrote: >>>>> Second thoughts on that. As pointed out by someone in one of the insane >>>>> long threads: >>>>

Re: [tip:x86/pti] x86/cpu/AMD: Use LFENCE_RDTSC instead of MFENCE_RDTSC

On 1/8/2018 9:15 AM, Thomas Gleixner wrote: > On Mon, 8 Jan 2018, Tom Lendacky wrote: >> On 1/8/2018 5:10 AM, Thomas Gleixner wrote: >>>>> Second thoughts on that. As pointed out by someone in one of the insane >>>>> long threads: >>>>

Re: [tip:x86/pti] x86/cpu/AMD: Use LFENCE_RDTSC instead of MFENCE_RDTSC

On 1/8/2018 5:10 AM, Thomas Gleixner wrote: > On Mon, 8 Jan 2018, Andrew Cooper wrote: > >> On 08/01/18 10:08, Thomas Gleixner wrote: >>> On Sat, 6 Jan 2018, tip-bot for Tom Lendacky wrote: >>> >>>> Commit-ID: 0bf17c102177d5da9363bf8b1e4704b9996d5079 >

Re: [tip:x86/pti] x86/cpu/AMD: Use LFENCE_RDTSC instead of MFENCE_RDTSC

On 1/8/2018 5:10 AM, Thomas Gleixner wrote: > On Mon, 8 Jan 2018, Andrew Cooper wrote: > >> On 08/01/18 10:08, Thomas Gleixner wrote: >>> On Sat, 6 Jan 2018, tip-bot for Tom Lendacky wrote: >>> >>>> Commit-ID: 0bf17c102177d5da9363bf8b1e4704b9996d5079 >

Re: [PATCH v5 02/12] x86/retpoline: Add initial retpoline support

On 1/6/2018 3:21 PM, Woodhouse, David wrote: > On Sat, 2018-01-06 at 21:16 +, Andrew Cooper wrote: >> On 06/01/18 11:49, David Woodhouse wrote: >>> diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c >>> index 372ba3f..40e6e54 100644 >>> --- a/arch/x86/kernel/cpu/common.c

Re: [PATCH v5 02/12] x86/retpoline: Add initial retpoline support

On 1/6/2018 3:21 PM, Woodhouse, David wrote: > On Sat, 2018-01-06 at 21:16 +, Andrew Cooper wrote: >> On 06/01/18 11:49, David Woodhouse wrote: >>> diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c >>> index 372ba3f..40e6e54 100644 >>> --- a/arch/x86/kernel/cpu/common.c

[tip:x86/pti] x86/msr: Remove now unused definition of MFENCE_RDTSC feature

Commit-ID: eeab3eee2fa4a8e8eb52e2abf034f14f1d010e0d Gitweb: https://git.kernel.org/tip/eeab3eee2fa4a8e8eb52e2abf034f14f1d010e0d Author: Tom Lendacky <thomas.lenda...@amd.com> AuthorDate: Fri, 5 Jan 2018 10:08:05 -0600 Committer: Thomas Gleixner <t...@linutronix.de> CommitDate

[tip:x86/pti] x86/msr: Remove now unused definition of MFENCE_RDTSC feature

Commit-ID: eeab3eee2fa4a8e8eb52e2abf034f14f1d010e0d Gitweb: https://git.kernel.org/tip/eeab3eee2fa4a8e8eb52e2abf034f14f1d010e0d Author: Tom Lendacky AuthorDate: Fri, 5 Jan 2018 10:08:05 -0600 Committer: Thomas Gleixner CommitDate: Sat, 6 Jan 2018 21:57:41 +0100 x86/msr: Remove now

[tip:x86/pti] x86/cpu/AMD: Make LFENCE a serializing instruction

Commit-ID: 0592b0bce1694957fed178fc52f4b11576714b07 Gitweb: https://git.kernel.org/tip/0592b0bce1694957fed178fc52f4b11576714b07 Author: Tom Lendacky <thomas.lenda...@amd.com> AuthorDate: Fri, 5 Jan 2018 10:07:46 -0600 Committer: Thomas Gleixner <t...@linutronix.de> CommitDate

[tip:x86/pti] x86/cpu/AMD: Make LFENCE a serializing instruction

Commit-ID: 0592b0bce1694957fed178fc52f4b11576714b07 Gitweb: https://git.kernel.org/tip/0592b0bce1694957fed178fc52f4b11576714b07 Author: Tom Lendacky AuthorDate: Fri, 5 Jan 2018 10:07:46 -0600 Committer: Thomas Gleixner CommitDate: Sat, 6 Jan 2018 21:57:40 +0100 x86/cpu/AMD: Make

[tip:x86/pti] x86/cpu/AMD: Use LFENCE_RDTSC instead of MFENCE_RDTSC

Commit-ID: 0bf17c102177d5da9363bf8b1e4704b9996d5079 Gitweb: https://git.kernel.org/tip/0bf17c102177d5da9363bf8b1e4704b9996d5079 Author: Tom Lendacky <thomas.lenda...@amd.com> AuthorDate: Fri, 5 Jan 2018 10:07:56 -0600 Committer: Thomas Gleixner <t...@linutronix.de> CommitDate

[tip:x86/pti] x86/cpu/AMD: Use LFENCE_RDTSC instead of MFENCE_RDTSC

Commit-ID: 0bf17c102177d5da9363bf8b1e4704b9996d5079 Gitweb: https://git.kernel.org/tip/0bf17c102177d5da9363bf8b1e4704b9996d5079 Author: Tom Lendacky AuthorDate: Fri, 5 Jan 2018 10:07:56 -0600 Committer: Thomas Gleixner CommitDate: Sat, 6 Jan 2018 21:57:40 +0100 x86/cpu/AMD: Use

Re: [PATCH v1 1/3] x86/cpu/AMD: Make LFENCE a serializing instruction

On 1/5/2018 10:35 AM, Brian Gerst wrote: > On Fri, Jan 5, 2018 at 11:07 AM, Tom Lendacky <thomas.lenda...@amd.com> wrote: >> To aid in speculation control, make LFENCE a serializing instruction. >> This is done by setting bit 1 of MSR 0xc0011029 (DE_CFG). Some families >

Re: [PATCH v1 1/3] x86/cpu/AMD: Make LFENCE a serializing instruction

On 1/5/2018 10:35 AM, Brian Gerst wrote: > On Fri, Jan 5, 2018 at 11:07 AM, Tom Lendacky wrote: >> To aid in speculation control, make LFENCE a serializing instruction. >> This is done by setting bit 1 of MSR 0xc0011029 (DE_CFG). Some families >> that support LFENCE

[PATCH v1 3/3] x86/msr: Remove now unused definition of MFENCE_RDTSC feature

With the switch to using LFENCE_RDTSC on AMD platforms there is no longer a need for the MFENCE_RDTSC feature. Remove its usage and definition. Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> --- arch/x86/include/asm/cpufeatures.h |2 +- arch/x86/include/asm/msr.h

[PATCH v1 3/3] x86/msr: Remove now unused definition of MFENCE_RDTSC feature

With the switch to using LFENCE_RDTSC on AMD platforms there is no longer a need for the MFENCE_RDTSC feature. Remove its usage and definition. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/cpufeatures.h |2 +- arch/x86/include/asm/msr.h |3 +-- 2 files changed, 2

[PATCH v1 2/3] x86/cpu/AMD: Use LFENCE_RDTSC instead of MFENCE_RDTSC

With LFENCE now a serializing instruction, set the LFENCE_RDTSC feature since the LFENCE instruction has less overhead than the MFENCE instruction. Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> --- arch/x86/kernel/cpu/amd.c |4 ++-- 1 file changed, 2 insertions(+), 2 del

[PATCH v1 1/3] x86/cpu/AMD: Make LFENCE a serializing instruction

To aid in speculation control, make LFENCE a serializing instruction. This is done by setting bit 1 of MSR 0xc0011029 (DE_CFG). Some families that support LFENCE do not have this MSR. For these families, the LFENCE instruction is already serializing. Signed-off-by: Tom Lendacky <thomas.le

[PATCH v1 2/3] x86/cpu/AMD: Use LFENCE_RDTSC instead of MFENCE_RDTSC

With LFENCE now a serializing instruction, set the LFENCE_RDTSC feature since the LFENCE instruction has less overhead than the MFENCE instruction. Signed-off-by: Tom Lendacky --- arch/x86/kernel/cpu/amd.c |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/x86

[PATCH v1 1/3] x86/cpu/AMD: Make LFENCE a serializing instruction

To aid in speculation control, make LFENCE a serializing instruction. This is done by setting bit 1 of MSR 0xc0011029 (DE_CFG). Some families that support LFENCE do not have this MSR. For these families, the LFENCE instruction is already serializing. Signed-off-by: Tom Lendacky --- arch/x86

[PATCH v1 0/3] x86/cpu/AMD: Make LFENCE a serializing instruction on AMD

on tip:x86/pti. --- Tom Lendacky (3): x86/cpu/AMD: Make LFENCE a serializing instruction x86/cpu/AMD: Use LFENCE_RDTSC instead of MFENCE_RDTSC x86/msr: Remove now unused definition of MFENCE_RDTSC feature arch/x86/include/asm/cpufeatures.h |2 +- arch/x86/include/asm/msr

[PATCH v1 0/3] x86/cpu/AMD: Make LFENCE a serializing instruction on AMD

on tip:x86/pti. --- Tom Lendacky (3): x86/cpu/AMD: Make LFENCE a serializing instruction x86/cpu/AMD: Use LFENCE_RDTSC instead of MFENCE_RDTSC x86/msr: Remove now unused definition of MFENCE_RDTSC feature arch/x86/include/asm/cpufeatures.h |2 +- arch/x86/include/asm/msr

Re: [PATCH 1/7] x86/feature: Detect the x86 feature to control Speculation

On 1/5/2018 5:14 AM, David Woodhouse wrote: > On Thu, 2018-01-04 at 09:56 -0800, Tim Chen wrote: >> cpuid ax=0x7, return rdx bit 26 to indicate presence of this feature >> IA32_SPEC_CTRL (0x48) and IA32_PRED_CMD (0x49) >> IA32_SPEC_CTRL, bit0 – Indirect Branch Restricted Speculation (IBRS) >>

Re: [PATCH 1/7] x86/feature: Detect the x86 feature to control Speculation

On 1/5/2018 5:14 AM, David Woodhouse wrote: > On Thu, 2018-01-04 at 09:56 -0800, Tim Chen wrote: >> cpuid ax=0x7, return rdx bit 26 to indicate presence of this feature >> IA32_SPEC_CTRL (0x48) and IA32_PRED_CMD (0x49) >> IA32_SPEC_CTRL, bit0 – Indirect Branch Restricted Speculation (IBRS) >>

Re: [PATCH] x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN

On 1/5/2018 8:10 AM, Thomas Gleixner wrote: > Use the name associated with the attack which needs page table isolation > for mitigation. > > Signed-off-by: Thomas Gleixner > --- > arch/x86/include/asm/cpufeatures.h |2 +- > arch/x86/mm/pti.c |6

Re: [PATCH] x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN

On 1/5/2018 8:10 AM, Thomas Gleixner wrote: > Use the name associated with the attack which needs page table isolation > for mitigation. > > Signed-off-by: Thomas Gleixner > --- > arch/x86/include/asm/cpufeatures.h |2 +- > arch/x86/mm/pti.c |6 +++--- > 2 files

Re: Avoid speculative indirect calls in kernel

On 1/4/2018 5:47 PM, Tom Lendacky wrote: > On 1/4/2018 2:05 PM, David Woodhouse wrote: >> On Thu, 2018-01-04 at 14:00 -0600, Tom Lendacky wrote: >>> Yes, lfence is sufficient.  As long as the target is in the register >>> before the lfence and we jump through th

Re: Avoid speculative indirect calls in kernel

On 1/4/2018 5:47 PM, Tom Lendacky wrote: > On 1/4/2018 2:05 PM, David Woodhouse wrote: >> On Thu, 2018-01-04 at 14:00 -0600, Tom Lendacky wrote: >>> Yes, lfence is sufficient.  As long as the target is in the register >>> before the lfence and we jump through th

Re: Avoid speculative indirect calls in kernel

On 1/4/2018 2:05 PM, David Woodhouse wrote: > On Thu, 2018-01-04 at 14:00 -0600, Tom Lendacky wrote: >> Yes, lfence is sufficient.  As long as the target is in the register >> before the lfence and we jump through the register all is good, i.e.: > > Thanks.

Re: Avoid speculative indirect calls in kernel

On 1/4/2018 2:05 PM, David Woodhouse wrote: > On Thu, 2018-01-04 at 14:00 -0600, Tom Lendacky wrote: >> Yes, lfence is sufficient.  As long as the target is in the register >> before the lfence and we jump through the register all is good, i.e.: > > Thanks.

Re: Avoid speculative indirect calls in kernel

On 1/4/2018 10:15 AM, David Woodhouse wrote: > On Thu, 2018-01-04 at 15:29 +, Woodhouse, David wrote: >> >>> With the GCC -mindirect-branch=thunk-external support, and microcode, >>> Xen will make a boot-time choice between using Retpoline, Lfence (which >>> is the better AMD option, and

Re: Avoid speculative indirect calls in kernel

On 1/4/2018 10:15 AM, David Woodhouse wrote: > On Thu, 2018-01-04 at 15:29 +, Woodhouse, David wrote: >> >>> With the GCC -mindirect-branch=thunk-external support, and microcode, >>> Xen will make a boot-time choice between using Retpoline, Lfence (which >>> is the better AMD option, and

[tip:x86/pti] x86/cpu, x86/pti: Do not enable PTI on AMD processors

Commit-ID: 694d99d40972f12e59a3696effee8a376b79d7c8 Gitweb: https://git.kernel.org/tip/694d99d40972f12e59a3696effee8a376b79d7c8 Author: Tom Lendacky <thomas.lenda...@amd.com> AuthorDate: Tue, 26 Dec 2017 23:43:54 -0600 Committer: Thomas Gleixner <t...@linutronix.de> Commit

[tip:x86/pti] x86/cpu, x86/pti: Do not enable PTI on AMD processors

Commit-ID: 694d99d40972f12e59a3696effee8a376b79d7c8 Gitweb: https://git.kernel.org/tip/694d99d40972f12e59a3696effee8a376b79d7c8 Author: Tom Lendacky AuthorDate: Tue, 26 Dec 2017 23:43:54 -0600 Committer: Thomas Gleixner CommitDate: Wed, 3 Jan 2018 15:57:59 +0100 x86/cpu, x86/pti: Do

Re: [PATCH] x86/cpu, x86/pti: Do not enable PTI on AMD processors

On 12/27/2017 2:48 AM, Dave Hansen wrote: > On 12/26/2017 09:43 PM, Tom Lendacky wrote: >> --- a/arch/x86/kernel/cpu/common.c >> +++ b/arch/x86/kernel/cpu/common.c >> @@ -923,8 +923,8 @@ static void __init early_identify_cpu(struct cpuinfo_x86 >> *c) >&

Re: [PATCH] x86/cpu, x86/pti: Do not enable PTI on AMD processors

On 12/27/2017 2:48 AM, Dave Hansen wrote: > On 12/26/2017 09:43 PM, Tom Lendacky wrote: >> --- a/arch/x86/kernel/cpu/common.c >> +++ b/arch/x86/kernel/cpu/common.c >> @@ -923,8 +923,8 @@ static void __init early_identify_cpu(struct cpuinfo_x86 >> *c) >&

[PATCH] x86/cpu, x86/pti: Do not enable PTI on AMD processors

that access would result in a page fault. Disable page table isolation by default on AMD processors by not setting the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI is set. Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> --- arch/x86/kernel/cpu/common.c |4 +

[PATCH] x86/cpu, x86/pti: Do not enable PTI on AMD processors

that access would result in a page fault. Disable page table isolation by default on AMD processors by not setting the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI is set. Signed-off-by: Tom Lendacky --- arch/x86/kernel/cpu/common.c |4 ++-- 1 file changed, 2 insertions

[PATCH v2 4/5] x86/mm: Prepare sme_encrypt_kernel() for PAGE aligned encryption

by creating PTE page tables for the start and end portion of the address range that fall outside of the 2MB alignment. This results in, at most, two extra pages to hold the PTE entries for each mapping of a range. Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> --- arch/x86/mm/mem_enc

[PATCH v2 4/5] x86/mm: Prepare sme_encrypt_kernel() for PAGE aligned encryption

by creating PTE page tables for the start and end portion of the address range that fall outside of the 2MB alignment. This results in, at most, two extra pages to hold the PTE entries for each mapping of a range. Signed-off-by: Tom Lendacky --- arch/x86/mm/mem_encrypt.c | 124

[PATCH v2 5/5] x86/mm: Encrypt the initrd earlier for BSP microcode update

microcode updates work. Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> --- arch/x86/include/asm/mem_encrypt.h |4 +- arch/x86/kernel/head64.c |4 +- arch/x86/kernel/setup.c| 10 - arch/x86/mm/mem_encrypt.c

[PATCH v2 5/5] x86/mm: Encrypt the initrd earlier for BSP microcode update

microcode updates work. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/mem_encrypt.h |4 +- arch/x86/kernel/head64.c |4 +- arch/x86/kernel/setup.c| 10 - arch/x86/mm/mem_encrypt.c | 66 arch/x86/mm

[PATCH v2 1/5] x86/mm: Cleanup register saving in mem_encrypt_boot.S

pops at the end. Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> --- arch/x86/mm/mem_encrypt_boot.S | 20 ++-- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/arch/x86/mm/mem_encrypt_boot.S b/arch/x86/mm/mem_encrypt_boot.S index 730e6d5..de36884

[PATCH v2 0/5] x86: SME: BSP/SME microcode update fix

mapped and the pagetable flags to be used. - Consolidate PMD/PTE mapping code to reduce duplication. Tom Lendacky (5): x86/mm: Cleanup register saving in mem_encrypt_boot.S x86/mm: Use a struct to reduce parameters for SME PGD mapping x86/mm: Centralize PMD flags

[PATCH v2 1/5] x86/mm: Cleanup register saving in mem_encrypt_boot.S

pops at the end. Signed-off-by: Tom Lendacky --- arch/x86/mm/mem_encrypt_boot.S | 20 ++-- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/arch/x86/mm/mem_encrypt_boot.S b/arch/x86/mm/mem_encrypt_boot.S index 730e6d5..de36884 100644 --- a/arch/x86/mm

[PATCH v2 0/5] x86: SME: BSP/SME microcode update fix

mapped and the pagetable flags to be used. - Consolidate PMD/PTE mapping code to reduce duplication. Tom Lendacky (5): x86/mm: Cleanup register saving in mem_encrypt_boot.S x86/mm: Use a struct to reduce parameters for SME PGD mapping x86/mm: Centralize PMD flags

[PATCH v2 3/5] x86/mm: Centralize PMD flags in sme_encrypt_kernel()

the caller to adjust. Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> --- arch/x86/mm/mem_encrypt.c | 131 ++--- 1 file changed, 77 insertions(+), 54 deletions(-) diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c index 5a20696..9

[PATCH v2 3/5] x86/mm: Centralize PMD flags in sme_encrypt_kernel()

the caller to adjust. Signed-off-by: Tom Lendacky --- arch/x86/mm/mem_encrypt.c | 131 ++--- 1 file changed, 77 insertions(+), 54 deletions(-) diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c index 5a20696..9b180f8 100644 --- a/arch/x86/mm

[PATCH v2 2/5] x86/mm: Use a struct to reduce parameters for SME PGD mapping

In preparation for follow-on patches, combine the PGD mapping parameters into a struct to reduce the number of function arguments and allow for direct updating of the next pagetable mapping area pointer. Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> --- arch/x86/mm/mem_encrypt.c

[PATCH v2 2/5] x86/mm: Use a struct to reduce parameters for SME PGD mapping

In preparation for follow-on patches, combine the PGD mapping parameters into a struct to reduce the number of function arguments and allow for direct updating of the next pagetable mapping area pointer. Signed-off-by: Tom Lendacky --- arch/x86/mm/mem_encrypt.c | 90

Re: [PATCH v1 3/3] x86/mm: Encrypt the initrd earlier for BSP microcode update

On 12/21/2017 8:49 AM, Borislav Petkov wrote: > On Thu, Dec 07, 2017 at 05:34:10PM -0600, Tom Lendacky wrote: >> Currently the BSP microcode update code examines the initrd very early >> in the boot process. If SME is active, the initrd is treated as being >> encrypte

Re: [PATCH v1 3/3] x86/mm: Encrypt the initrd earlier for BSP microcode update

On 12/21/2017 8:49 AM, Borislav Petkov wrote: > On Thu, Dec 07, 2017 at 05:34:10PM -0600, Tom Lendacky wrote: >> Currently the BSP microcode update code examines the initrd very early >> in the boot process. If SME is active, the initrd is treated as being >> encrypte

Re: [PATCH v1 2/3] x86/mm: Prepare sme_encrypt_kernel() for PAGE aligned encryption

On 12/21/2017 6:58 AM, Borislav Petkov wrote: > On Thu, Dec 07, 2017 at 05:34:02PM -0600, Tom Lendacky wrote: >> In preparation for encrypting more than just the kernel, the encryption >> support in sme_encrypt_kernel() needs to support 4KB page aligned >> encryption instead o

Re: [PATCH v1 2/3] x86/mm: Prepare sme_encrypt_kernel() for PAGE aligned encryption

On 12/21/2017 6:58 AM, Borislav Petkov wrote: > On Thu, Dec 07, 2017 at 05:34:02PM -0600, Tom Lendacky wrote: >> In preparation for encrypting more than just the kernel, the encryption >> support in sme_encrypt_kernel() needs to support 4KB page aligned >> encryption instead o

Re: [PATCH v1 1/3] x86/mm: Centralize PMD flags in sme_encrypt_kernel()

On 12/20/2017 1:13 PM, Borislav Petkov wrote: > On Thu, Dec 07, 2017 at 05:33:52PM -0600, Tom Lendacky wrote: >> In preparation for encrypting more than just the kernel during early >> boot processing, centralize the use of the PMD flag settings based >> on the type of mappi

Re: [PATCH v1 1/3] x86/mm: Centralize PMD flags in sme_encrypt_kernel()

On 12/20/2017 1:13 PM, Borislav Petkov wrote: > On Thu, Dec 07, 2017 at 05:33:52PM -0600, Tom Lendacky wrote: >> In preparation for encrypting more than just the kernel during early >> boot processing, centralize the use of the PMD flag settings based >> on the type of mappi

[tip:x86/urgent] x86/mm: Unbreak modules that use the DMA API

Commit-ID: 9d5f38ba6c82359b7cec31fb27fb78ecc02f3946 Gitweb: https://git.kernel.org/tip/9d5f38ba6c82359b7cec31fb27fb78ecc02f3946 Author: Tom Lendacky <thomas.lenda...@amd.com> AuthorDate: Fri, 15 Dec 2017 10:20:12 -0600 Committer: Thomas Gleixner <t...@linutronix.de> CommitD

[tip:x86/urgent] x86/mm: Unbreak modules that use the DMA API

Commit-ID: 9d5f38ba6c82359b7cec31fb27fb78ecc02f3946 Gitweb: https://git.kernel.org/tip/9d5f38ba6c82359b7cec31fb27fb78ecc02f3946 Author: Tom Lendacky AuthorDate: Fri, 15 Dec 2017 10:20:12 -0600 Committer: Thomas Gleixner CommitDate: Mon, 18 Dec 2017 13:06:13 +0100 x86/mm: Unbreak

[PATCH] x86/mm: Unbreak modules that use the DMA API

hange the sme_active() and sev_active() functions from EXPORT_SYMBOL_GPL to EXPORT_SYMBOL. Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> --- arch/x86/mm/mem_encrypt.c |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encryp

[PATCH] x86/mm: Unbreak modules that use the DMA API

hange the sme_active() and sev_active() functions from EXPORT_SYMBOL_GPL to EXPORT_SYMBOL. Signed-off-by: Tom Lendacky --- arch/x86/mm/mem_encrypt.c |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c index d9a9e9f..391b134 1006

Re: [PATCH] x86/mm: Rewrite sme_populate_pgd() in a more sensible way

On 12/4/2017 12:50 PM, Kirill A. Shutemov wrote: On Mon, Dec 04, 2017 at 12:33:01PM -0600, Tom Lendacky wrote: On 12/4/2017 10:34 AM, Kirill A. Shutemov wrote: On Mon, Dec 04, 2017 at 04:00:26PM +, Tom Lendacky wrote: On 12/4/2017 8:57 AM, Kirill A. Shutemov wrote: On Mon, Dec 04, 2017

Re: [PATCH] x86/mm: Rewrite sme_populate_pgd() in a more sensible way

On 12/4/2017 12:50 PM, Kirill A. Shutemov wrote: On Mon, Dec 04, 2017 at 12:33:01PM -0600, Tom Lendacky wrote: On 12/4/2017 10:34 AM, Kirill A. Shutemov wrote: On Mon, Dec 04, 2017 at 04:00:26PM +, Tom Lendacky wrote: On 12/4/2017 8:57 AM, Kirill A. Shutemov wrote: On Mon, Dec 04, 2017

Re: [PATCH] x86/mm: Rewrite sme_populate_pgd() in a more sensible way

On 12/4/2017 11:39 AM, Kirill A. Shutemov wrote: On Mon, Dec 04, 2017 at 04:34:45PM +, Kirill A. Shutemov wrote: On Mon, Dec 04, 2017 at 04:00:26PM +, Tom Lendacky wrote: On 12/4/2017 8:57 AM, Kirill A. Shutemov wrote: On Mon, Dec 04, 2017 at 08:19:11AM -0600, Tom Lendacky wrote

Re: [PATCH] x86/mm: Rewrite sme_populate_pgd() in a more sensible way

On 12/4/2017 11:39 AM, Kirill A. Shutemov wrote: On Mon, Dec 04, 2017 at 04:34:45PM +, Kirill A. Shutemov wrote: On Mon, Dec 04, 2017 at 04:00:26PM +, Tom Lendacky wrote: On 12/4/2017 8:57 AM, Kirill A. Shutemov wrote: On Mon, Dec 04, 2017 at 08:19:11AM -0600, Tom Lendacky wrote

[PATCH v1 3/3] x86/mm: Encrypt the initrd earlier for BSP microcode update

microcode updates work. Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> --- arch/x86/include/asm/mem_encrypt.h |4 +- arch/x86/kernel/head64.c |4 +- arch/x86/kernel/setup.c| 10 -- arch/x86/mm/mem_encrypt.c

[PATCH v1 3/3] x86/mm: Encrypt the initrd earlier for BSP microcode update

microcode updates work. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/mem_encrypt.h |4 +- arch/x86/kernel/head64.c |4 +- arch/x86/kernel/setup.c| 10 -- arch/x86/mm/mem_encrypt.c | 62 +++- arch/x86/mm

[PATCH v1 0/3] x86: SME: BSP/SME microcode update fix

encrypted. This patch series is based on tip/master. --- Tom Lendacky (3): x86/mm: Centralize PMD flags in sme_encrypt_kernel() x86/mm: Prepare sme_encrypt_kernel() for PAGE aligned encryption x86/mm: Encrypt the initrd earlier for BSP microcode update arch/x86/include/asm

[PATCH v1 2/3] x86/mm: Prepare sme_encrypt_kernel() for PAGE aligned encryption

by creating PTE page tables for the start and end portion of the address range that fall outside of the 2MB alignment. This results in, at most, two extra pages to hold the PTE entries for each mapping of a range. Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> --- arch/x86/mm/mem_enc

[PATCH v1 0/3] x86: SME: BSP/SME microcode update fix

encrypted. This patch series is based on tip/master. --- Tom Lendacky (3): x86/mm: Centralize PMD flags in sme_encrypt_kernel() x86/mm: Prepare sme_encrypt_kernel() for PAGE aligned encryption x86/mm: Encrypt the initrd earlier for BSP microcode update arch/x86/include/asm

<    3   4   5   6   7   8   9   10   11   12   >