Merge tag 'x86-urgent-2023-09-01' of git://git.kernel.org/pub/scm/linux/kernel/git...

[tomoyo/tomoyo-test1.git] / arch / x86 / kernel / cpu / common.c

diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 90b8c5e..382d4e6 100644 (file)
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -587,27 +587,43 @@ __noendbr void ibt_restore(u64 save)
 
 static __always_inline void setup_cet(struct cpuinfo_x86 *c)
 {
-       u64 msr = CET_ENDBR_EN;
+       bool user_shstk, kernel_ibt;
 
-       if (!HAS_KERNEL_IBT ||
-           !cpu_feature_enabled(X86_FEATURE_IBT))
+       if (!IS_ENABLED(CONFIG_X86_CET))
                return;
 
-       wrmsrl(MSR_IA32_S_CET, msr);
+       kernel_ibt = HAS_KERNEL_IBT && cpu_feature_enabled(X86_FEATURE_IBT);
+       user_shstk = cpu_feature_enabled(X86_FEATURE_SHSTK) &&
+                    IS_ENABLED(CONFIG_X86_USER_SHADOW_STACK);
+
+       if (!kernel_ibt && !user_shstk)
+               return;
+
+       if (user_shstk)
+               set_cpu_cap(c, X86_FEATURE_USER_SHSTK);
+
+       if (kernel_ibt)
+               wrmsrl(MSR_IA32_S_CET, CET_ENDBR_EN);
+       else
+               wrmsrl(MSR_IA32_S_CET, 0);
+
        cr4_set_bits(X86_CR4_CET);
 
-       if (!ibt_selftest()) {
+       if (kernel_ibt && ibt_selftest()) {
                pr_err("IBT selftest: Failed!\n");
                wrmsrl(MSR_IA32_S_CET, 0);
                setup_clear_cpu_cap(X86_FEATURE_IBT);
-               return;
        }
 }
 
 __noendbr void cet_disable(void)
 {
-       if (cpu_feature_enabled(X86_FEATURE_IBT))
-               wrmsrl(MSR_IA32_S_CET, 0);
+       if (!(cpu_feature_enabled(X86_FEATURE_IBT) ||
+             cpu_feature_enabled(X86_FEATURE_SHSTK)))
+               return;
+
+       wrmsrl(MSR_IA32_S_CET, 0);
+       wrmsrl(MSR_IA32_U_CET, 0);
 }
 
 /*
@@ -1264,11 +1280,11 @@ static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = {
        VULNBL_INTEL_STEPPINGS(BROADWELL_G,     X86_STEPPING_ANY,               SRBDS),
        VULNBL_INTEL_STEPPINGS(BROADWELL_X,     X86_STEPPING_ANY,               MMIO),
        VULNBL_INTEL_STEPPINGS(BROADWELL,       X86_STEPPING_ANY,               SRBDS),
-       VULNBL_INTEL_STEPPINGS(SKYLAKE_L,       X86_STEPPING_ANY,               SRBDS | MMIO | RETBLEED),
        VULNBL_INTEL_STEPPINGS(SKYLAKE_X,       X86_STEPPING_ANY,               MMIO | RETBLEED | GDS),
-       VULNBL_INTEL_STEPPINGS(SKYLAKE,         X86_STEPPING_ANY,               SRBDS | MMIO | RETBLEED),
-       VULNBL_INTEL_STEPPINGS(KABYLAKE_L,      X86_STEPPING_ANY,               SRBDS | MMIO | RETBLEED | GDS),
-       VULNBL_INTEL_STEPPINGS(KABYLAKE,        X86_STEPPING_ANY,               SRBDS | MMIO | RETBLEED | GDS),
+       VULNBL_INTEL_STEPPINGS(SKYLAKE_L,       X86_STEPPING_ANY,               MMIO | RETBLEED | GDS | SRBDS),
+       VULNBL_INTEL_STEPPINGS(SKYLAKE,         X86_STEPPING_ANY,               MMIO | RETBLEED | GDS | SRBDS),
+       VULNBL_INTEL_STEPPINGS(KABYLAKE_L,      X86_STEPPING_ANY,               MMIO | RETBLEED | GDS | SRBDS),
+       VULNBL_INTEL_STEPPINGS(KABYLAKE,        X86_STEPPING_ANY,               MMIO | RETBLEED | GDS | SRBDS),
        VULNBL_INTEL_STEPPINGS(CANNONLAKE_L,    X86_STEPPING_ANY,               RETBLEED),
        VULNBL_INTEL_STEPPINGS(ICELAKE_L,       X86_STEPPING_ANY,               MMIO | MMIO_SBDS | RETBLEED | GDS),
        VULNBL_INTEL_STEPPINGS(ICELAKE_D,       X86_STEPPING_ANY,               MMIO | GDS),
@@ -1491,6 +1507,9 @@ static void __init cpu_parse_early_param(void)
        if (cmdline_find_option_bool(boot_command_line, "noxsaves"))
                setup_clear_cpu_cap(X86_FEATURE_XSAVES);
 
+       if (cmdline_find_option_bool(boot_command_line, "nousershstk"))
+               setup_clear_cpu_cap(X86_FEATURE_USER_SHSTK);
+
        arglen = cmdline_find_option(boot_command_line, "clearcpuid", arg, sizeof(arg));
        if (arglen <= 0)
                return;