From: Jan Beulich <jbeulich@suse.com>
Date: Mon, 16 Apr 2018 12:09:55 +0000 (+0200)
Subject: x86: suppress BTI mitigations around S3 suspend/resume
X-Git-Tag: archive/raspbian/4.11.1-1+rpi1~1^2~66^2~182
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=710a8ebf2bc111a34bba04d1c85b6d07ed3d9389;p=xen.git

x86: suppress BTI mitigations around S3 suspend/resume

NMI and #MC can occur at any time after S3 resume, yet the MSR_SPEC_CTRL
may become available only once we're reloaded microcode. Make
SPEC_CTRL_ENTRY_FROM_INTR_IST and DO_SPEC_CTRL_EXIT_TO_XEN no-ops for
the critical period of time.

Also set the MSR back to its intended value.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
Release-acked-by: Juergen Gross <jgross@suse.com>
---

diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c
index cb06f842cd..44de9c71d0 100644
--- a/xen/arch/x86/acpi/power.c
+++ b/xen/arch/x86/acpi/power.c
@@ -28,6 +28,7 @@
 #include <asm/tboot.h>
 #include <asm/apic.h>
 #include <asm/io_apic.h>
+#include <asm/spec_ctrl.h>
 #include <acpi/cpufreq/cpufreq.h>
 
 uint32_t system_reset_counter = 1;
@@ -163,6 +164,7 @@ static int enter_state(u32 state)
 {
     unsigned long flags;
     int error;
+    struct cpu_info *ci;
     unsigned long cr4;
 
     if ( (state <= ACPI_STATE_S0) || (state > ACPI_S_STATES_MAX) )
@@ -210,6 +212,10 @@ static int enter_state(u32 state)
     else
         error = 0;
 
+    ci = get_cpu_info();
+    ci->use_shadow_spec_ctrl = 0;
+    ci->bti_ist_info = 0;
+
     ACPI_FLUSH_CPU_CACHE();
 
     switch ( state )
@@ -248,6 +254,11 @@ static int enter_state(u32 state)
 
     microcode_resume_cpu(0);
 
+    ci->bti_ist_info = default_bti_ist_info;
+    asm volatile (ALTERNATIVE("", "wrmsr", X86_FEATURE_XEN_IBRS_SET)
+                  :: "a" (SPEC_CTRL_IBRS), "c" (MSR_SPEC_CTRL), "d" (0)
+                  : "memory");
+
  done:
     spin_debug_enable();
     local_irq_restore(flags);