[PATCH RFC 7/7] x86: cpu: update blacklist spec features for late loading

Thu, 02 Jul 2020 08:22:57 -0700 

If we have loaded a broken microcode at boot time, all the
speculation features will be blacklisted. Created a new
function for Intel CPUs to verify if we have a broken microcode
loaded or not and whitelist/blacklist features as needed.

This has to be done before get_cpu_cap because it uses these
black/white lists.

Signed-off-by: Mihai Carabas <mihai.cara...@oracle.com>
---
 arch/x86/include/asm/microcode_intel.h |  1 +
 arch/x86/kernel/cpu/intel.c            | 28 ++++++++++++++++++++++++++++
 arch/x86/kernel/cpu/microcode/intel.c  |  5 ++++-
 3 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/arch/x86/include/asm/microcode_intel.h 
b/arch/x86/include/asm/microcode_intel.h
index d85a07d..74c87cc 100644
--- a/arch/x86/include/asm/microcode_intel.h
+++ b/arch/x86/include/asm/microcode_intel.h
@@ -74,6 +74,7 @@ static inline u32 intel_get_microcode_revision(void)
 extern void show_ucode_info_early(void);
 extern int __init save_microcode_in_initrd_intel(void);
 void reload_ucode_intel(void);
+void check_intel_bad_spectre_microcode(struct cpuinfo_x86 *c);
 #else
 static inline __init void load_ucode_intel_bsp(void) {}
 static inline void load_ucode_intel_ap(void) {}
diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
index c25a67a..286168e 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -170,6 +170,34 @@ static bool bad_spectre_microcode(struct cpuinfo_x86 *c)
        return false;
 }
 
+/*
+ * check_intel_bad_spectre_microcode verifies if a valid microcode was
+ * loaded and whitelist/blacklist the features related to speculation control.
+ */
+void check_intel_bad_spectre_microcode(struct cpuinfo_x86 *c)
+{
+       int i;
+       unsigned int features[] = {
+               X86_FEATURE_IBRS,
+               X86_FEATURE_IBPB,
+               X86_FEATURE_STIBP,
+               X86_FEATURE_SPEC_CTRL,
+               X86_FEATURE_MSR_SPEC_CTRL,
+               X86_FEATURE_INTEL_STIBP,
+               X86_FEATURE_SSBD,
+               X86_FEATURE_SPEC_CTRL_SSBD
+       };
+
+       if (bad_spectre_microcode(c)) {
+               for (i = 0; i < ARRAY_SIZE(features); i++)
+                       set_bit(features[i], (unsigned long *)cpu_caps_cleared);
+       } else {
+               for (i = 0; i < ARRAY_SIZE(features); i++)
+                       clear_bit(features[i],
+                                 (unsigned long *)cpu_caps_cleared);
+       }
+}
+
 static void early_init_intel(struct cpuinfo_x86 *c)
 {
        u64 misc_enable;
diff --git a/arch/x86/kernel/cpu/microcode/intel.c 
b/arch/x86/kernel/cpu/microcode/intel.c
index 2ef4338..73a5a52 100644
--- a/arch/x86/kernel/cpu/microcode/intel.c
+++ b/arch/x86/kernel/cpu/microcode/intel.c
@@ -854,8 +854,11 @@ static enum ucode_state apply_microcode_intel(int cpu)
        c->microcode     = rev;
 
        /* Update boot_cpu_data's revision too, if we're on the BSP: */
-       if (bsp)
+       if (bsp) {
                boot_cpu_data.microcode = rev;
+               /* Whitelist/blacklist speculation control features. */
+               check_intel_bad_spectre_microcode(c);
+       }
 
        return ret;
 }
-- 
1.8.3.1

Reply via email to