From patchwork Wed May 30 11:38:12 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Juerg Haefliger <juerg.haefliger@canonical.com>
X-Patchwork-Id: 922731
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 40wpWY1WXRz9s1w;
	Wed, 30 May 2018 21:38:33 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fNzQw-0006E6-HO; Wed, 30 May 2018 11:38:26 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <juerg.haefliger@canonical.com>)
	id 1fNzQs-0006Ct-9m
	for kernel-team@lists.ubuntu.com; Wed, 30 May 2018 11:38:22 +0000
Received: from mail-wr0-f200.google.com ([209.85.128.200])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <juerg.haefliger@canonical.com>)
	id 1fNzQs-0006S5-2A
	for kernel-team@lists.ubuntu.com; Wed, 30 May 2018 11:38:22 +0000
Received: by mail-wr0-f200.google.com with SMTP id j14-v6so1108268wro.7
	for <kernel-team@lists.ubuntu.com>;
	Wed, 30 May 2018 04:38:22 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references;
	bh=aC6Ap1V3T7dw2wIISsW1kmPL9V+h5RcqyMixm/N5VGM=;
	b=Ij54QgXJlJ7qujfrF/jCbrJnyyu+56EJeShU/O1gnmS04FVVW81k2hfdE/I2LX6tNQ
	NzVMj9OoXirEfyR1s5neRgACEe5ILWFwy3up7x2htEng86a6XwiRkuW5s3mEKpsKC7e8
	Hu1WI7Un7Rx9m8kOhk35Pfw8GmO9943sMNjguuMVl56GLZDEURAK622ayS50ByVQbe0t
	TMyIgsoZTUjQFXf2skfZa0XVa5zDfTIznnnZzrLmzNeptoP8RAP3ieviJJYYMnLkS67L
	G6HBFIgq56v0tNVSjyRyYYOSPMBBbe/4yRpYBQEqr41pRfilC0qRyhOuhO71nYwQgKmD
	F6Cw==
X-Gm-Message-State: ALKqPwcWqIrij1LpIKIqzhaAQGwzGg9ctaqtksB8QQY6izNqlpizGhLD
	i0AMH/Za8MxIwaXth5Me2ehVrXsP53otHsXrx0CWMyM05C84wI06k37cTKJfgNmIm1rlKGJvB1v
	6OT6+aWeDeBOscm8TOCZOPhpqHXQJxvYS9OUq+kbnnw==
X-Received: by 2002:aa7:d84a:: with SMTP id
	f10-v6mr3100544eds.204.1527680301601;
	Wed, 30 May 2018 04:38:21 -0700 (PDT)
X-Google-Smtp-Source: 
 ADUXVKJhOgjTGA4r7NjJzsmJ7mZrqIjcau6CloIzRYJKhYHFlwW429PN4hW9QTDWhhOcffeIxYnPAw==
X-Received: by 2002:aa7:d84a:: with SMTP id
	f10-v6mr3100532eds.204.1527680301428;
	Wed, 30 May 2018 04:38:21 -0700 (PDT)
Received: from localhost.localdomain ([81.221.205.149])
	by smtp.gmail.com with ESMTPSA id
	g1-v6sm9265853edi.41.2018.05.30.04.38.20
	for <kernel-team@lists.ubuntu.com>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 30 May 2018 04:38:20 -0700 (PDT)
From: Juerg Haefliger <juerg.haefliger@canonical.com>
X-Google-Original-From: Juerg Haefliger <juergh@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Xenial][PATCH 1/6] KVM: x86: remove magic number with enum
	cpuid_leafs
Date: Wed, 30 May 2018 13:38:12 +0200
Message-Id: <20180530113817.14784-2-juergh@canonical.com>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <20180530113817.14784-1-juergh@canonical.com>
References: <20180530113817.14784-1-juergh@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Huaitong Han <huaitong.han@intel.com>

CVE-2018-3639 (x86)

This patch removes magic number with enum cpuid_leafs.

Signed-off-by: Huaitong Han <huaitong.han@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(backported from commit e0b18ef7189075676ac432954d7920eaa30d8e3e)
[juergh:- Context adjustments.]
Signed-off-by: Juerg Haefliger <juergh@canonical.com>
---
 arch/x86/kvm/cpuid.c | 44 ++++++++++++++++++++++----------------------
 1 file changed, 22 insertions(+), 22 deletions(-)

diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index eae50e438ae5..5031f591e4bc 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -306,7 +306,7 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
 	unsigned f_xsaves = kvm_x86_ops->xsaves_supported() ? F(XSAVES) : 0;
 
 	/* cpuid 1.edx */
-	const u32 kvm_supported_word0_x86_features =
+	const u32 kvm_cpuid_1_edx_x86_features =
 		F(FPU) | F(VME) | F(DE) | F(PSE) |
 		F(TSC) | F(MSR) | F(PAE) | F(MCE) |
 		F(CX8) | F(APIC) | 0 /* Reserved */ | F(SEP) |
@@ -316,7 +316,7 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
 		F(FXSR) | F(XMM) | F(XMM2) | F(SELFSNOOP) |
 		0 /* HTT, TM, Reserved, PBE */;
 	/* cpuid 0x80000001.edx */
-	const u32 kvm_supported_word1_x86_features =
+	const u32 kvm_cpuid_8000_0001_edx_x86_features =
 		F(FPU) | F(VME) | F(DE) | F(PSE) |
 		F(TSC) | F(MSR) | F(PAE) | F(MCE) |
 		F(CX8) | F(APIC) | 0 /* Reserved */ | F(SYSCALL) |
@@ -326,7 +326,7 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
 		F(FXSR) | F(FXSR_OPT) | f_gbpages | f_rdtscp |
 		0 /* Reserved */ | f_lm | F(3DNOWEXT) | F(3DNOW);
 	/* cpuid 1.ecx */
-	const u32 kvm_supported_word4_x86_features =
+	const u32 kvm_cpuid_1_ecx_x86_features =
 		/* NOTE: MONITOR (and MWAIT) are emulated as NOP,
 		 * but *not* advertised to guests via CPUID ! */
 		F(XMM3) | F(PCLMULQDQ) | 0 /* DTES64, MONITOR */ |
@@ -338,20 +338,20 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
 		0 /* Reserved*/ | F(AES) | F(XSAVE) | 0 /* OSXSAVE */ | F(AVX) |
 		F(F16C) | F(RDRAND);
 	/* cpuid 0x80000001.ecx */
-	const u32 kvm_supported_word6_x86_features =
+	const u32 kvm_cpuid_8000_0001_ecx_x86_features =
 		F(LAHF_LM) | F(CMP_LEGACY) | 0 /*SVM*/ | 0 /* ExtApicSpace */ |
 		F(CR8_LEGACY) | F(ABM) | F(SSE4A) | F(MISALIGNSSE) |
 		F(3DNOWPREFETCH) | F(OSVW) | 0 /* IBS */ | F(XOP) |
 		0 /* SKINIT, WDT, LWP */ | F(FMA4) | F(TBM);
 
 	/* cpuid 0xC0000001.edx */
-	const u32 kvm_supported_word5_x86_features =
+	const u32 kvm_cpuid_C000_0001_edx_x86_features =
 		F(XSTORE) | F(XSTORE_EN) | F(XCRYPT) | F(XCRYPT_EN) |
 		F(ACE2) | F(ACE2_EN) | F(PHE) | F(PHE_EN) |
 		F(PMM) | F(PMM_EN);
 
 	/* cpuid 7.0.ebx */
-	const u32 kvm_supported_word9_x86_features =
+	const u32 kvm_cpuid_7_0_ebx_x86_features =
 		F(FSGSBASE) | F(BMI1) | F(HLE) | F(AVX2) | F(SMEP) |
 		F(BMI2) | F(ERMS) | f_invpcid | F(RTM) | f_mpx | F(RDSEED) |
 		F(ADX) | F(SMAP) | F(AVX512F) | F(AVX512PF) | F(AVX512ER) |
@@ -362,7 +362,7 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
 		F(SPEC_CTRL) | F(SPEC_CTRL_SSBD);
 
 	/* cpuid 0xD.1.eax */
-	const u32 kvm_supported_word10_x86_features =
+	const u32 kvm_cpuid_D_1_eax_x86_features =
 		F(XSAVEOPT) | F(XSAVEC) | F(XGETBV1) | f_xsaves;
 
 	/* cpuid 0x80000008.0.ebx */
@@ -385,10 +385,10 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
 		entry->eax = min(entry->eax, (u32)0xd);
 		break;
 	case 1:
-		entry->edx &= kvm_supported_word0_x86_features;
-		cpuid_mask(&entry->edx, 0);
-		entry->ecx &= kvm_supported_word4_x86_features;
-		cpuid_mask(&entry->ecx, 4);
+		entry->edx &= kvm_cpuid_1_edx_x86_features;
+		cpuid_mask(&entry->edx, CPUID_1_EDX);
+		entry->ecx &= kvm_cpuid_1_ecx_x86_features;
+		cpuid_mask(&entry->ecx, CPUID_1_ECX);
 		/* we support x2apic emulation even if host does not support
 		 * it since we emulate x2apic in software */
 		entry->ecx |= F(X2APIC);
@@ -442,12 +442,12 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
 		entry->flags |= KVM_CPUID_FLAG_SIGNIFCANT_INDEX;
 		/* Mask ebx against host capability word 9 */
 		if (index == 0) {
-			entry->ebx &= kvm_supported_word9_x86_features;
-			cpuid_mask(&entry->ebx, 9);
+			entry->ebx &= kvm_cpuid_7_0_ebx_x86_features;
+			cpuid_mask(&entry->ebx, CPUID_7_0_EBX);
 			// TSC_ADJUST is emulated
 			entry->ebx |= F(TSC_ADJUST);
 			entry->edx &= kvm_supported_7_0_edx_x86_features;
-			cpuid_mask(&entry->edx, 16);
+			cpuid_mask(&entry->edx, CPUID_7_EDX);
 		} else {
 			entry->ebx = 0;
 			entry->edx = 0;
@@ -526,8 +526,8 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
 
 			do_cpuid_1_ent(&entry[i], function, idx);
 			if (idx == 1) {
-				entry[i].eax &= kvm_supported_word10_x86_features;
-				cpuid_mask(&entry[i].eax, 10);
+				entry[i].eax &= kvm_cpuid_D_1_eax_x86_features;
+				cpuid_mask(&entry[i].eax, CPUID_D_1_EAX);
 				entry[i].ebx = 0;
 				if (entry[i].eax & (F(XSAVES)|F(XSAVEC)))
 					entry[i].ebx =
@@ -577,10 +577,10 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
 		entry->eax = min(entry->eax, 0x8000001a);
 		break;
 	case 0x80000001:
-		entry->edx &= kvm_supported_word1_x86_features;
-		cpuid_mask(&entry->edx, 1);
-		entry->ecx &= kvm_supported_word6_x86_features;
-		cpuid_mask(&entry->ecx, 6);
+		entry->edx &= kvm_cpuid_8000_0001_edx_x86_features;
+		cpuid_mask(&entry->edx, CPUID_8000_0001_EDX);
+		entry->ecx &= kvm_cpuid_8000_0001_ecx_x86_features;
+		cpuid_mask(&entry->ecx, CPUID_8000_0001_ECX);
 		break;
 	case 0x80000007: /* Advanced power management */
 		/* invariant TSC is CPUID.80000007H:EDX[8] */
@@ -627,8 +627,8 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
 		entry->eax = min(entry->eax, 0xC0000004);
 		break;
 	case 0xC0000001:
-		entry->edx &= kvm_supported_word5_x86_features;
-		cpuid_mask(&entry->edx, 5);
+		entry->edx &= kvm_cpuid_C000_0001_edx_x86_features;
+		cpuid_mask(&entry->edx, CPUID_C000_0001_EDX);
 		break;
 	case 3: /* Processor serial number */
 	case 5: /* MONITOR/MWAIT */

From patchwork Wed May 30 11:38:13 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Juerg Haefliger <juerg.haefliger@canonical.com>
X-Patchwork-Id: 922732
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 40wpWb5NNnz9s1b;
	Wed, 30 May 2018 21:38:35 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fNzQy-0006F1-MD; Wed, 30 May 2018 11:38:28 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <juerg.haefliger@canonical.com>)
	id 1fNzQu-0006DC-3c
	for kernel-team@lists.ubuntu.com; Wed, 30 May 2018 11:38:24 +0000
Received: from mail-wr0-f199.google.com ([209.85.128.199])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <juerg.haefliger@canonical.com>)
	id 1fNzQt-0006S9-86
	for kernel-team@lists.ubuntu.com; Wed, 30 May 2018 11:38:23 +0000
Received: by mail-wr0-f199.google.com with SMTP id c9-v6so12632408wrm.14
	for <kernel-team@lists.ubuntu.com>;
	Wed, 30 May 2018 04:38:23 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references;
	bh=++DTyLwW9QPvB3ssL3QQCQq388fJUBP2DRKuqiBrays=;
	b=IbVNcCbEr2/ghP1B5GZVwRA4HaC66kJ6+Dv1EY5+NkxJUhC2FFd6s+/Mg7oGpxjoVF
	7NBFOOpzxr2oY4fRT9j4B5x/Ltw8wkjSvZTlLYZgtiI6mwtaNuKaNJ4Gd5jgSTQzFz7V
	DZwolofMxrK8QnZP3BqHMVcj5p/DwxdsAbtTFHSJdtC++HIOTzO8FSCqAAfg9m7FJZ5g
	NqZd/Du6g3bw3UTDJY5ZP11G89z+Sf+wkIn5yoX6p2BF4CmMibwN+ChBo5Ygn00GNXht
	lj4xxWvRW6Z3MGPHY/kdFdx8wn98mP6c9DFAVXWGI3yycOsWOEEk8SDS3bYQwaxpjrhc
	7IjA==
X-Gm-Message-State: ALKqPwck5umRZJ0+Mmaaxpz517sJxBg0A+Pxq57vqPXE4QFSXIoyCFY5
	pmShZ8rKsWcw+ta5h3vbrEJknBtZjs+xVrohwfj8klUDLV24b9VsmtntfFsHapT+T5kMdm3TEbA
	X5H+LoAqHcNtGemYB++hD7ZPDGUFVwkinm2jTtaPxAA==
X-Received: by 2002:a50:af64:: with SMTP id
	g91-v6mr3116314edd.57.1527680302745;
	Wed, 30 May 2018 04:38:22 -0700 (PDT)
X-Google-Smtp-Source: 
 ADUXVKJX0wqFzfTkcgpJ5nyEd1yzMzg1yYMApdwfTjpPeiwsnnVKvDBMvDb+JIbjG+zsYQphcRjNBg==
X-Received: by 2002:a50:af64:: with SMTP id
	g91-v6mr3116304edd.57.1527680302538;
	Wed, 30 May 2018 04:38:22 -0700 (PDT)
Received: from localhost.localdomain ([81.221.205.149])
	by smtp.gmail.com with ESMTPSA id
	g1-v6sm9265853edi.41.2018.05.30.04.38.21
	for <kernel-team@lists.ubuntu.com>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 30 May 2018 04:38:21 -0700 (PDT)
From: Juerg Haefliger <juerg.haefliger@canonical.com>
X-Google-Original-From: Juerg Haefliger <juergh@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Xenial][PATCH 2/6] UBUNTU: SAUCE: x86/cpufeatures: Move
	CPUID_7_EDX CPUID bits to word 18
Date: Wed, 30 May 2018 13:38:13 +0200
Message-Id: <20180530113817.14784-3-juergh@canonical.com>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <20180530113817.14784-1-juergh@canonical.com>
References: <20180530113817.14784-1-juergh@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

CVE-2018-3639 (x86)

It's ok to have holes in CPU feature bits array, so move the CPUID_7_EDX
bits from word 16 to word 18 to match upstream. Primarily to avoid
confusion and conflicts with future backports/cherry-picks.

Fixes: e8e6c1d5c153 ("x86/cpufeatures: Add CPUID_7_EDX CPUID leaf")
Signed-off-by: Juerg Haefliger <juergh@canonical.com>
---
 arch/x86/include/asm/cpufeature.h        | 10 ++++++++--
 arch/x86/include/asm/cpufeatures.h       | 12 ++++++------
 arch/x86/include/asm/disabled-features.h |  2 ++
 arch/x86/include/asm/required-features.h |  2 ++
 4 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h
index b28546a6005e..27d03fa990e0 100644
--- a/arch/x86/include/asm/cpufeature.h
+++ b/arch/x86/include/asm/cpufeature.h
@@ -26,6 +26,8 @@ enum cpuid_leafs
 	CPUID_8000_0008_EBX,
 	CPUID_6_EAX,
 	CPUID_8000_000A_EDX,
+	CPUID_7_ECX,
+	CPUID_8000_0007_EBX,
 	CPUID_7_EDX,
 };
 
@@ -65,7 +67,9 @@ extern const char * const x86_bug_flags[NBUGINTS*32];
 	   (((bit)>>5)==13 && (1UL<<((bit)&31) & REQUIRED_MASK13)) ||	\
 	   (((bit)>>5)==14 && (1UL<<((bit)&31) & REQUIRED_MASK14)) ||	\
 	   (((bit)>>5)==15 && (1UL<<((bit)&31) & REQUIRED_MASK15)) ||	\
-	   (((bit)>>5)==16 && (1UL<<((bit)&31) & REQUIRED_MASK16)) )
+	   (((bit)>>5)==16 && (1UL<<((bit)&31) & REQUIRED_MASK16)) ||	\
+	   (((bit)>>5)==17 && (1UL<<((bit)&31) & REQUIRED_MASK17)) ||	\
+	   (((bit)>>5)==18 && (1UL<<((bit)&31) & REQUIRED_MASK18)) )
 
 #define DISABLED_MASK_BIT_SET(bit)					\
 	 ( (((bit)>>5)==0  && (1UL<<((bit)&31) & DISABLED_MASK0 )) ||	\
@@ -84,7 +88,9 @@ extern const char * const x86_bug_flags[NBUGINTS*32];
 	   (((bit)>>5)==13 && (1UL<<((bit)&31) & DISABLED_MASK13)) ||	\
 	   (((bit)>>5)==14 && (1UL<<((bit)&31) & DISABLED_MASK14)) ||	\
 	   (((bit)>>5)==15 && (1UL<<((bit)&31) & DISABLED_MASK15)) ||	\
-	   (((bit)>>5)==16 && (1UL<<((bit)&31) & DISABLED_MASK16)) )
+	   (((bit)>>5)==16 && (1UL<<((bit)&31) & DISABLED_MASK16)) ||	\
+	   (((bit)>>5)==17 && (1UL<<((bit)&31) & DISABLED_MASK17)) ||	\
+	   (((bit)>>5)==18 && (1UL<<((bit)&31) & DISABLED_MASK18)) )
 
 #define cpu_has(c, bit)							\
 	(__builtin_constant_p(bit) && REQUIRED_MASK_BIT_SET(bit) ? 1 :	\
diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index 8db6b345e199..60062f510648 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -12,7 +12,7 @@
 /*
  * Defines x86 CPU feature bits
  */
-#define NCAPINTS	17	/* N 32-bit words worth of info */
+#define NCAPINTS	19	/* N 32-bit words worth of info */
 #define NBUGINTS	1	/* N 32-bit bug flags */
 
 /*
@@ -297,11 +297,11 @@
 #define X86_FEATURE_PFTHRESHOLD (15*32+12) /* pause filter threshold */
 #define X86_FEATURE_AVIC	(15*32+13) /* Virtual Interrupt Controller */
 
-/* Intel-defined CPU features, CPUID level 0x00000007:0 (EDX), word 16 */
-#define X86_FEATURE_SPEC_CTRL		(16*32+26) /* "" Speculation Control (IBRS + IBPB) */
-#define X86_FEATURE_INTEL_STIBP		(16*32+27) /* "" Single Thread Indirect Branch Predictors */
-#define X86_FEATURE_ARCH_CAPABILITIES	(16*32+29) /* IA32_ARCH_CAPABILITIES MSR (Intel) */
-#define X86_FEATURE_SPEC_CTRL_SSBD	(16*32+31) /* "" Speculative Store Bypass Disable */
+/* Intel-defined CPU features, CPUID level 0x00000007:0 (EDX), word 18 */
+#define X86_FEATURE_SPEC_CTRL		(18*32+26) /* "" Speculation Control (IBRS + IBPB) */
+#define X86_FEATURE_INTEL_STIBP		(18*32+27) /* "" Single Thread Indirect Branch Predictors */
+#define X86_FEATURE_ARCH_CAPABILITIES	(18*32+29) /* IA32_ARCH_CAPABILITIES MSR (Intel) */
+#define X86_FEATURE_SPEC_CTRL_SSBD	(18*32+31) /* "" Speculative Store Bypass Disable */
 
 /*
  * BUG word(s)
diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/asm/disabled-features.h
index d1865655c975..c06553e2bae4 100644
--- a/arch/x86/include/asm/disabled-features.h
+++ b/arch/x86/include/asm/disabled-features.h
@@ -56,5 +56,7 @@
 #define DISABLED_MASK14	0
 #define DISABLED_MASK15	0
 #define DISABLED_MASK16	0
+#define DISABLED_MASK17	0
+#define DISABLED_MASK18	0
 
 #endif /* _ASM_X86_DISABLED_FEATURES_H */
diff --git a/arch/x86/include/asm/required-features.h b/arch/x86/include/asm/required-features.h
index 4916144e3c42..4660863b6f6b 100644
--- a/arch/x86/include/asm/required-features.h
+++ b/arch/x86/include/asm/required-features.h
@@ -99,5 +99,7 @@
 #define REQUIRED_MASK14	0
 #define REQUIRED_MASK15	0
 #define REQUIRED_MASK16	0
+#define REQUIRED_MASK17	0
+#define REQUIRED_MASK18	0
 
 #endif /* _ASM_X86_REQUIRED_FEATURES_H */

From patchwork Wed May 30 11:38:14 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Juerg Haefliger <juerg.haefliger@canonical.com>
X-Patchwork-Id: 922734
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 40wpWc5WkKz9s23;
	Wed, 30 May 2018 21:38:36 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fNzQz-0006Fj-SU; Wed, 30 May 2018 11:38:29 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <juerg.haefliger@canonical.com>)
	id 1fNzQu-0006DD-A6
	for kernel-team@lists.ubuntu.com; Wed, 30 May 2018 11:38:24 +0000
Received: from mail-wm0-f72.google.com ([74.125.82.72])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <juerg.haefliger@canonical.com>)
	id 1fNzQu-0006SC-2D
	for kernel-team@lists.ubuntu.com; Wed, 30 May 2018 11:38:24 +0000
Received: by mail-wm0-f72.google.com with SMTP id f65-v6so5735285wmd.2
	for <kernel-team@lists.ubuntu.com>;
	Wed, 30 May 2018 04:38:24 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references;
	bh=MB8M+QEQb8G6OvNEuQ13vnrGfgkoJZfe1z9ROv1+i2k=;
	b=lq9QZDMxCEmBlWL46ZhPv4JkTn68mcT2ItRY9XO29fx3Jlr9/iQjzFmPvzkTDrBe4q
	NkI6HSWJbDdsSfeAFjizjlHjuxgsz7qoA839mBLRDmqAjJ70AYMDwvy0FZNZHmUKbcm2
	+lqfTKzV0p70I2AjJaWgpV/Hbpy1D4ORi/mJa5rUVGbaLjgSzh1jaJ2gOKoqf/92yIh1
	YmGsP/EBcgsNdQGJTeqTnoIg/wyJwD6a3OjmhR8gemO8Hv5h/tamvHGbQ+P5ISsHUxlW
	Tkts6qZLjkZzse0owY4qgIsswmnOCfgCJOClDF0WE/lzfipVMMy/B7d4DfeNvSiljUQ0
	kW9Q==
X-Gm-Message-State: ALKqPwcpm0A4Uv3Y4xi/kz0vQe39grvXfP9gmHWqT/hW9cljmzbeKWiu
	0OVhPSrGSNQpVgcLvZjtMLgGeI4l4p9m/JiGFbWidzPjrBPpyKwgoItKf4Vo41G0RqDg77Q+adP
	nOY/wRxI75WoZm/Z9mTQj3Xc/u80ePejweF6gkuNJKw==
X-Received: by 2002:a50:97e1:: with SMTP id
	f30-v6mr3082570edb.256.1527680303653;
	Wed, 30 May 2018 04:38:23 -0700 (PDT)
X-Google-Smtp-Source: 
 ADUXVKLDBjScPYWCLnLYWahUux/dSeH1dKnyxtbd8pwd4IU/pFobi1rdrIOpr47vgStCS4DfTNRMtA==
X-Received: by 2002:a50:97e1:: with SMTP id
	f30-v6mr3082563edb.256.1527680303536;
	Wed, 30 May 2018 04:38:23 -0700 (PDT)
Received: from localhost.localdomain ([81.221.205.149])
	by smtp.gmail.com with ESMTPSA id
	g1-v6sm9265853edi.41.2018.05.30.04.38.22
	for <kernel-team@lists.ubuntu.com>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 30 May 2018 04:38:22 -0700 (PDT)
From: Juerg Haefliger <juerg.haefliger@canonical.com>
X-Google-Original-From: Juerg Haefliger <juergh@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Xenial][PATCH 3/6] UBUNTU: SAUCE: x86: Remove double include
Date: Wed, 30 May 2018 13:38:14 +0200
Message-Id: <20180530113817.14784-4-juergh@canonical.com>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <20180530113817.14784-1-juergh@canonical.com>
References: <20180530113817.14784-1-juergh@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

CVE-2018-3639 (x86)

Fixes: f3b21b13cecf ("UBUNTU: SAUCE: x86/bugs: Honour SPEC_CTRL default")
Signed-off-by: Juerg Haefliger <juergh@canonical.com>
---
 arch/x86/include/asm/mwait.h | 1 -
 1 file changed, 1 deletion(-)

diff --git a/arch/x86/include/asm/mwait.h b/arch/x86/include/asm/mwait.h
index 196f98393b34..9821763b02cf 100644
--- a/arch/x86/include/asm/mwait.h
+++ b/arch/x86/include/asm/mwait.h
@@ -5,7 +5,6 @@
 
 #include <asm/cpufeature.h>
 #include <asm/spec_ctrl.h>
-#include <asm/spec-ctrl.h>
 #include <asm/microcode.h>
 
 #define MWAIT_SUBSTATE_MASK		0xf

From patchwork Wed May 30 11:38:15 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Juerg Haefliger <juerg.haefliger@canonical.com>
X-Patchwork-Id: 922735
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 40wpWf0KTvz9s1b;
	Wed, 30 May 2018 21:38:38 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fNzR0-0006Fw-6v; Wed, 30 May 2018 11:38:30 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <juerg.haefliger@canonical.com>)
	id 1fNzQv-0006Dd-89
	for kernel-team@lists.ubuntu.com; Wed, 30 May 2018 11:38:25 +0000
Received: from mail-wr0-f200.google.com ([209.85.128.200])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <juerg.haefliger@canonical.com>)
	id 1fNzQv-0006SG-0O
	for kernel-team@lists.ubuntu.com; Wed, 30 May 2018 11:38:25 +0000
Received: by mail-wr0-f200.google.com with SMTP id 3-v6so14939562wry.0
	for <kernel-team@lists.ubuntu.com>;
	Wed, 30 May 2018 04:38:25 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references;
	bh=IxUk90qJCnEUFw6JyHsYkqmwBxJlBYAYWj4xyk6nNlg=;
	b=fP89fJxJTiJRTMt2hapRqHuAQvnNP2uMgS+BVMy9yJnTEEYOL96RCSQn5F1SD0Emvd
	wGj5GSDw7JlwMPp8RgnPRQLZQFTufs5i6qQ82UzVqG8kVapd6MrsPvRtAm7I15I38phv
	vDzVV88NRwZ8L3cOv5BG1mIhVEAeA0ceXVJH+hbbJ+xHhkSUl3VPmezw/a8SGst8RQrk
	z2DQhfxgXdiBVqNVTzLa3RJjChITTLI0/VbEgyRiBs+1QTzuknGH9okuvy0nTphE52DV
	i1lS2AkIZegLHhzta7d58Vss7UfkoS8ULxwUGLk3joYK9rpFNFb2amxhNe6tEomR3eio
	tzCw==
X-Gm-Message-State: ALKqPwf/4lfxfOmEGxr6JBtxAGiyy9Eem0CtY0YwgMiKjGm+2aDTrdS8
	xl1800Kg58+loDaJstEQEDW+KyiIgtqAIZl5jzc2MjcVc8EV5GnoB/WS4serTXy9noyV/gbsFMN
	jV5ok9nQZnpdZpJqGl9s+BhTh8ZJS/E6BZkr716vodA==
X-Received: by 2002:a50:9063:: with SMTP id
	z32-v6mr3103999edz.79.1527680304586;
	Wed, 30 May 2018 04:38:24 -0700 (PDT)
X-Google-Smtp-Source: 
 ADUXVKJRKTaK8P97jFpW5hBEBIIcLxhhUBHVTeS8j4DX6/A1+rah034z0iS6BqLgb23SqpnPPzxxMg==
X-Received: by 2002:a50:9063:: with SMTP id
	z32-v6mr3103992edz.79.1527680304445;
	Wed, 30 May 2018 04:38:24 -0700 (PDT)
Received: from localhost.localdomain ([81.221.205.149])
	by smtp.gmail.com with ESMTPSA id
	g1-v6sm9265853edi.41.2018.05.30.04.38.23
	for <kernel-team@lists.ubuntu.com>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 30 May 2018 04:38:23 -0700 (PDT)
From: Juerg Haefliger <juerg.haefliger@canonical.com>
X-Google-Original-From: Juerg Haefliger <juergh@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Xenial][PATCH 4/6] UBUNTU: SAUCE: proc: Remove empty line in
	/proc/$pid/status
Date: Wed, 30 May 2018 13:38:15 +0200
Message-Id: <20180530113817.14784-5-juergh@canonical.com>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <20180530113817.14784-1-juergh@canonical.com>
References: <20180530113817.14784-1-juergh@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

CVE-2018-3639 (x86)

Fixes: c2f3edf414c2 ("UBUNTU: SAUCE: proc: Provide details on speculation flaw mitigations")
Signed-off-by: Juerg Haefliger <juergh@canonical.com>
---
 fs/proc/array.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/proc/array.c b/fs/proc/array.c
index 8930b068199d..93c664097cb9 100644
--- a/fs/proc/array.c
+++ b/fs/proc/array.c
@@ -334,7 +334,7 @@ static inline void task_seccomp(struct seq_file *m, struct task_struct *p)
 #ifdef CONFIG_SECCOMP
 	seq_printf(m, "Seccomp:\t%d\n", p->seccomp.mode);
 #endif
-	seq_printf(m, "\nSpeculation_Store_Bypass:\t");
+	seq_printf(m, "Speculation_Store_Bypass:\t");
 	switch (arch_prctl_spec_ctrl_get(p, PR_SPEC_STORE_BYPASS)) {
 	case -EINVAL:
 		seq_printf(m, "unknown");

From patchwork Wed May 30 11:38:16 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Juerg Haefliger <juerg.haefliger@canonical.com>
X-Patchwork-Id: 922733
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 40wpWc69KJz9s2S;
	Wed, 30 May 2018 21:38:36 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fNzR0-0006GD-EW; Wed, 30 May 2018 11:38:30 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <juerg.haefliger@canonical.com>)
	id 1fNzQw-0006Dp-2A
	for kernel-team@lists.ubuntu.com; Wed, 30 May 2018 11:38:26 +0000
Received: from mail-wm0-f71.google.com ([74.125.82.71])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <juerg.haefliger@canonical.com>)
	id 1fNzQv-0006SK-R0
	for kernel-team@lists.ubuntu.com; Wed, 30 May 2018 11:38:25 +0000
Received: by mail-wm0-f71.google.com with SMTP id a16-v6so12833087wmg.9
	for <kernel-team@lists.ubuntu.com>;
	Wed, 30 May 2018 04:38:25 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references;
	bh=pZWjnv56RTuNhzzZmpyq55DrgJRa6W7kL4vJF4oImqQ=;
	b=e0qGwtZYbwQkFhsrR8DaIRrhokj5WZmXHmZ8MDgZM2MPnVnuzoA19cLXsgA0HwKt7E
	8IO7PmnaYU0rpl81mKtkPoN6RVOD0KFUHIzIrQKyOzBZgppUS6hXuHE75u8/MCTFlPd5
	fMHyBwL7KtCiPxXr/gL9B63yvbRqeW0IvQ6JLkRvMBwCMlumkABGUk/y9ik7WgAAH2py
	uVCZKru8AgHZVR2bckeBAVDY7Y+C4I84GddE5ZTojLfkpCoTQaX3LAZtsTcNsVQkMYQd
	8AQ6fYRdkl05BvuJWkzgczJFtF416E7vTkSpCh5h2JY5VPUG0ZyA3VJsQdv4mTxZIuS1
	oLvQ==
X-Gm-Message-State: ALKqPweiK61S2OS+oj33YdU+1Q3IOx7YyoPOq6SDP1zHzZFYqZIlzJJe
	ZKkRMgEOVZjdU7icaEesWH0UI/eDdfnMH66YlOAcwYoZzcFD7i+pOHoNmSgqFjkwm7OGHH4ViCz
	5HRDER3R5cHe372f2F77QptyVGPFbmsVEqRUAE7kBwg==
X-Received: by 2002:a50:b7ed:: with SMTP id
	i42-v6mr3097006ede.284.1527680305420;
	Wed, 30 May 2018 04:38:25 -0700 (PDT)
X-Google-Smtp-Source: 
 ADUXVKK6r0TgiO4ZoJNhP0oSOY+WUAnQZwP0vev1r4sPWSYf7Om44kwkkm0qScRIzD84nBnkUoaPLw==
X-Received: by 2002:a50:b7ed:: with SMTP id
	i42-v6mr3097001ede.284.1527680305317;
	Wed, 30 May 2018 04:38:25 -0700 (PDT)
Received: from localhost.localdomain ([81.221.205.149])
	by smtp.gmail.com with ESMTPSA id
	g1-v6sm9265853edi.41.2018.05.30.04.38.24
	for <kernel-team@lists.ubuntu.com>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 30 May 2018 04:38:24 -0700 (PDT)
From: Juerg Haefliger <juerg.haefliger@canonical.com>
X-Google-Original-From: Juerg Haefliger <juergh@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Xenial][PATCH 5/6] UBUNTU: SAUCE: x86/pti: Evaluate
	X86_BUG_CPU_MELTDOWN when pti=auto
Date: Wed, 30 May 2018 13:38:16 +0200
Message-Id: <20180530113817.14784-6-juergh@canonical.com>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <20180530113817.14784-1-juergh@canonical.com>
References: <20180530113817.14784-1-juergh@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

CVE-2018-3639 (x86)

Commit f93e1bcdb1dd ("x86/pti: Do not enable PTI on CPUs which are not
vulnerable to Meltdown") introduced a smarter detection of CPUs that
are not affected by Meltdown. Make use of that when pti=auto which also
matches Linus' tree.

While at it, remove the unused variable 'enable'.

Signed-off-by: Juerg Haefliger <juergh@canonical.com>
---
 arch/x86/mm/kaiser.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/arch/x86/mm/kaiser.c b/arch/x86/mm/kaiser.c
index 7a72e32e4806..5a2d27a880e9 100644
--- a/arch/x86/mm/kaiser.c
+++ b/arch/x86/mm/kaiser.c
@@ -278,7 +278,6 @@ static void __init kaiser_init_all_pgds(void)
 
 void __init kaiser_check_boottime_disable(void)
 {
-	bool enable = true;
 	char arg[5];
 	int ret;
 
@@ -301,13 +300,11 @@ void __init kaiser_check_boottime_disable(void)
 		goto disable;
 
 skip:
-	if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD)
+	if (!boot_cpu_has_bug(X86_BUG_CPU_MELTDOWN))
 		goto disable;
 
 enable:
-	if (enable)
-		setup_force_cpu_cap(X86_FEATURE_KAISER);
-
+	setup_force_cpu_cap(X86_FEATURE_KAISER);
 	return;
 
 disable:

From patchwork Wed May 30 11:38:17 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Juerg Haefliger <juerg.haefliger@canonical.com>
X-Patchwork-Id: 922736
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 40wpWj3ZSxz9s1b;
	Wed, 30 May 2018 21:38:41 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fNzR4-0006Jg-Vm; Wed, 30 May 2018 11:38:35 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <juerg.haefliger@canonical.com>)
	id 1fNzQx-0006EX-Aa
	for kernel-team@lists.ubuntu.com; Wed, 30 May 2018 11:38:27 +0000
Received: from mail-wm0-f72.google.com ([74.125.82.72])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <juerg.haefliger@canonical.com>)
	id 1fNzQw-0006SP-Vk
	for kernel-team@lists.ubuntu.com; Wed, 30 May 2018 11:38:26 +0000
Received: by mail-wm0-f72.google.com with SMTP id a7-v6so546650wmg.0
	for <kernel-team@lists.ubuntu.com>;
	Wed, 30 May 2018 04:38:26 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references;
	bh=I/90fbrkQP4p9XJmKyg+lXqk8VG+O+DWUJgGfH/Et3g=;
	b=ftN8BQhRVcD1e+CvH8LVoYTGTHqi5PZhZxRLd39Tld5Odfh79WLs39RgX6XZWQw4A1
	aXrw82AkIWzvwio81HjeI11aHqnATEQ3mre7EX0IBNEYzJ7Ntk01CLnhCRRVya6jvcZy
	8TXZst+SMAPGZTlnhQLZzB8NsDqO5idx82YoqFktyt5u1cY+H8Axwec6I6EtyJwR6lOP
	723hAdr90EptZ/BwLIyLX8sEqTnYS7liCT+JEDY/7tBGtvvPOLzPFXwPmRLL+Uo3MBsC
	qfQKL18f8eQ6vbPlWjZCgxZHlz7fkQ1ySKzHhZVB1hqJQZVJTLa9AsDt9FU024Hz1pFu
	y4Ng==
X-Gm-Message-State: ALKqPwd/0ZJHFNPyjFYyYD4DqMuSpGIx+EUAx1IFYUuX1bcUx3koCCLC
	oCouxHi0cOLnX+ET8LiCaSPSbpxdo63t4xJv2aIAoRTWLgA5DOEbVIKJYQPpkI0pCmHYOe7lsDT
	VTQxs2qUWScCtlSD1AGxgQEHhTbnJNRO9sL8Wztp9iA==
X-Received: by 2002:a50:d1c5:: with SMTP id
	i5-v6mr3132028edg.231.1527680306519;
	Wed, 30 May 2018 04:38:26 -0700 (PDT)
X-Google-Smtp-Source: 
 ADUXVKIjwnjHSgZ/wdwCheDgJoUARmeClksI299rjKSgb4FOZmUz1czblkWtinKLd90rFk+CxTGfQA==
X-Received: by 2002:a50:d1c5:: with SMTP id
	i5-v6mr3132018edg.231.1527680306356;
	Wed, 30 May 2018 04:38:26 -0700 (PDT)
Received: from localhost.localdomain ([81.221.205.149])
	by smtp.gmail.com with ESMTPSA id
	g1-v6sm9265853edi.41.2018.05.30.04.38.25
	for <kernel-team@lists.ubuntu.com>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 30 May 2018 04:38:25 -0700 (PDT)
From: Juerg Haefliger <juerg.haefliger@canonical.com>
X-Google-Original-From: Juerg Haefliger <juergh@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Xenial][PATCH 6/6] UBUNTU: SAUCE: x86/speculation: Query
	individual feature flags when reloading microcode
Date: Wed, 30 May 2018 13:38:17 +0200
Message-Id: <20180530113817.14784-7-juergh@canonical.com>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <20180530113817.14784-1-juergh@canonical.com>
References: <20180530113817.14784-1-juergh@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

CVE-2018-3639 (x86)

We now have individual feature flags for IBRS and IBPB, so query them when
reloading microcode. Just like we do on boot (in
arch/x86/kernel/cpu/common.c).

Signed-off-by: Juerg Haefliger <juergh@canonical.com>
---
 arch/x86/kernel/cpu/microcode/core.c | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c
index 55d4f5cc353b..63e3db171945 100644
--- a/arch/x86/kernel/cpu/microcode/core.c
+++ b/arch/x86/kernel/cpu/microcode/core.c
@@ -439,22 +439,26 @@ static ssize_t reload_store(struct device *dev,
 	if (!ret)
 		perf_check_microcode();
 
-	if (boot_cpu_has(X86_FEATURE_SPEC_CTRL)) {
-		printk_once(KERN_INFO "FEATURE SPEC_CTRL Present\n");
+	/* Initialize Indirect Branch Prediction Barrier if supported */
+	if (boot_cpu_has(X86_FEATURE_IBPB)) {
+		setup_force_cpu_cap(X86_FEATURE_USE_IBPB);
+		pr_info("Enabling Indirect Branch Prediction Barrier\n");
+
 		mutex_lock(&spec_ctrl_mutex);
-		set_ibrs_supported();
 		set_ibpb_supported();
-		if (ibrs_inuse)
-			sysctl_ibrs_enabled = 1;
 		if (ibpb_inuse)
 			sysctl_ibpb_enabled = 1;
 		mutex_unlock(&spec_ctrl_mutex);
-	} else if (boot_cpu_has(X86_FEATURE_IBPB)) {
-		printk_once(KERN_INFO "FEATURE IBPB Present\n");
+	}
+
+	/* Initialize Indirect Branch Restricted Speculation if supported */
+	if (boot_cpu_has(X86_FEATURE_IBRS)) {
+		pr_info("Enabling Indirect Branch Restricted Speculation\n");
+
 		mutex_lock(&spec_ctrl_mutex);
-		set_ibpb_supported();
-		if (ibpb_inuse)
-			sysctl_ibpb_enabled = 1;
+		set_ibrs_supported();
+		if (ibrs_inuse)
+			sysctl_ibrs_enabled = 1;
 		mutex_unlock(&spec_ctrl_mutex);
 	}