From: Jan Beulich <jbeulich@suse.com>
Date: Fri, 18 May 2018 10:08:25 +0000 (+0200)
Subject: x86: suppress BTI mitigations around S3 suspend/resume
X-Git-Tag: archive/raspbian/4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7+rpi1^2~22
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=a110459b79c4cd3197526e45aa8cfb835a9251fd;p=xen.git

x86: suppress BTI mitigations around S3 suspend/resume

NMI and #MC can occur at any time after S3 resume, yet the MSR_SPEC_CTRL
may become available only once we're reloaded microcode. Make
SPEC_CTRL_ENTRY_FROM_INTR_IST and DO_SPEC_CTRL_EXIT_TO_XEN no-ops for
the critical period of time.

Also set the MSR back to its intended value.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>

x86: Use spec_ctrl_{enter,exit}_idle() in the S3/S5 path

The main purpose of this patch is to avoid opencoding the recovery logic at
the end, but also has the positive side effect of relaxing the SPEC_CTRL
mitigations when working to shut the final CPU down.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
master commit: 710a8ebf2bc111a34bba04d1c85b6d07ed3d9389
master date: 2018-04-16 14:09:55 +0200
master commit: ef3ab46493f650b7e5cca2b2578a99ca0cbff195
master date: 2018-04-19 10:55:59 +0100

(cherry picked from commit 7f2959f8f6d0ad9fc92fe020ae6ad9a5708dd45e)


Gbp-Pq: Name x86-suppress-bti-mitigations-around-s3-s.patch
---

diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c
index 9abca61cd6..6fc32e8694 100644
--- a/xen/arch/x86/acpi/power.c
+++ b/xen/arch/x86/acpi/power.c
@@ -29,6 +29,7 @@
 #include <asm/tboot.h>
 #include <asm/apic.h>
 #include <asm/io_apic.h>
+#include <asm/spec_ctrl.h>
 #include <acpi/cpufreq/cpufreq.h>
 
 uint32_t system_reset_counter = 1;
@@ -164,6 +165,7 @@ static int enter_state(u32 state)
 {
     unsigned long flags;
     int error;
+    struct cpu_info *ci;
     unsigned long cr4;
 
     if ( (state <= ACPI_STATE_S0) || (state > ACPI_S_STATES_MAX) )
@@ -211,6 +213,11 @@ static int enter_state(u32 state)
     else
         error = 0;
 
+    ci = get_cpu_info();
+    spec_ctrl_enter_idle(ci);
+    /* Avoid NMI/#MC using MSR_SPEC_CTRL until we've reloaded microcode. */
+    ci->bti_ist_info = 0;
+
     ACPI_FLUSH_CPU_CACHE();
 
     switch ( state )
@@ -249,6 +256,10 @@ static int enter_state(u32 state)
 
     microcode_resume_cpu(0);
 
+    /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */
+    ci->bti_ist_info = default_bti_ist_info;
+    spec_ctrl_exit_idle(ci);
+
  done:
     spin_debug_enable();
     local_irq_restore(flags);